4015d2a177b7741e35801e19dd24e3ab2e77dcac5533b9f56ec2b56af4421483

Sharing

Copy URL Twitter E-mail

General

Target

4015d2a177b7741e35801e19dd24e3ab2e77dcac5533b9f56ec2b56af4421483
Size

4.5MB
MD5

cd7e76d7542f3b32c0ec6b5c797c9041
SHA1

c2918e913c7f2750292f3d31e04c37efad0d3f8a
SHA256

4015d2a177b7741e35801e19dd24e3ab2e77dcac5533b9f56ec2b56af4421483
SHA512

c29a534b47ac54f0d72ed3c88bb1ccf236a284d29ce79b4a249389ad648883a653d622a6342bb8e1a37f1417eded8c92b9afc36cee53484d5486a604577fa401
SSDEEP

98304:6U5jQp3CiEdsFEGvhg+bDgsQBnLnqPf1l55A4jyXh/7kD:6UJQvj/mMEDqH55561kD

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinRAR/Default.SFX
unpack001/WinRAR/Default32.SFX
unpack001/WinRAR/WinCon.SFX
unpack001/WinRAR/WinCon32.SFX
unpack001/WinRAR/Zip.SFX
unpack001/WinRAR/Zip32.SFX

Files

4015d2a177b7741e35801e19dd24e3ab2e77dcac5533b9f56ec2b56af4421483
.zip
WinRAR/7zxa.dll
.dll windows:4 windows x64 arch:x64

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

Actual PE Digest

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen

msvcrt

__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_purecall
memset
strlen
_initterm
malloc
__CxxFrameHandler
_CxxThrowException
memmove
memcpy
memcmp
free
_onexit

kernel32

GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
IsProcessorFeaturePresent
GetLargePageMinimum
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/Default.SFX
.exe windows:5 windows x64 arch:x64

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/Default32.SFX
.exe windows:5 windows x86 arch:x86

99ee65c2db82c04251a5c24f214c8892

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA
FindNextFileA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/Descript.ion
WinRAR/Rar.exe
.exe windows:5 windows x64 arch:x64

43abd757e2af547c27f3aa862031733e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:62:2c:fa:a1:3e:8a:14:d9:54:5d:4f:ac:76:f8:25:08:a7:3f:c0:e6:a5:aa:d5:37:af:59:65:34:ee:75:3b
Signer

Actual PE Digest

f9:62:2c:fa:a1:3e:8a:14:d9:54:5d:4f:ac:76:f8:25:08:a7:3f:c0:e6:a5:aa:d5:37:af:59:65:34:ee:75:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb

Imports

kernel32

SetConsoleCtrlHandler
GetCurrentProcess
DeviceIoControl
FindClose
SetFileTime
CloseHandle
BackupRead
BackupSeek
RemoveDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileTime
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
GetVolumeInformationW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
SetErrorMode
FreeLibrary
LoadLibraryExW
ExpandEnvironmentStringsW
CompareStringA
GetLocaleInfoW
FormatMessageW
SetThreadPriority
SetThreadExecutionState
CreateEventW
LoadLibraryW
GetSystemDirectoryW
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
Sleep
GetLastError
LocalFree
WriteConsoleW
ReadConsoleW
SetConsoleMode
GetConsoleMode
WriteFile
GetStdHandle
GetFileType
GetCommandLineW
GetModuleHandleW
GetProcAddress
GetFileInformationByHandle
GetCurrentThread
SetLastError
FindFirstFileExA
HeapReAlloc
SetStdHandle
GetConsoleCP
LCMapStringW
GetStringTypeW
HeapAlloc
HeapFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetACP

user32

ExitWindowsEx
LoadStringW
CharLowerW
CharToOemBuffW
CharToOemBuffA
OemToCharBuffA
OemToCharA
CharToOemA
CharUpperW
OemToCharBuffW
MessageBeep

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorLength
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

powrprof

SetSuspendState

Sections

.text
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/RarExt.dll
.dll windows:6 windows x64 arch:x64

8a98c04d7afaa78e693918bc54dffff1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:57:d0:77:d0:08:6a:52:7a:a0:46:6b:fa:e2:cb:1b:f8:54:6f:72:d8:10:63:dd:6b:82:0a:6a:2b:60:d6:2a
Signer

Actual PE Digest

87:57:d0:77:d0:08:6a:52:7a:a0:46:6b:fa:e2:cb:1b:f8:54:6f:72:d8:10:63:dd:6b:82:0a:6a:2b:60:d6:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rarext\build\64\Release\rarext.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetCurrentProcess
Sleep
SetThreadExecutionState
GetSystemDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetCPInfo
IsDBCSLeadByte
GetLocaleInfoW
GetNumberFormatW
GetTempPathW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
RtlUnwind
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
FindResourceW
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleExW
FoldStringW
GetVersionExW
FindNextFileW
ReadFile
FindFirstFileW
FindClose
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
GetDiskFreeSpaceExW
LoadLibraryExW
GetDriveTypeW
CreateDirectoryW
GetFileType
GetFileTime
FlushFileBuffers
GetStdHandle
SetLastError
FreeLibrary
GetFileSize
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
CreateFileW
SetEndOfFile
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
SetFilePointer
SetFileTime
WriteFile
GetEnvironmentStringsW

user32

SetDlgItemTextW
SendMessageW
GetParent
SetWindowTextW
GetDC
ShowWindow
GetDlgItem
InvalidateRect
ReleaseDC
MonitorFromPoint
InsertMenuItemW
DestroyWindow
EqualRect
SetWindowLongPtrW
CreatePopupMenu
GetMonitorInfoW
SendDlgItemMessageW
GetSysColor
AppendMenuW
LoadImageW
GetCursorPos
BeginPaint
EndPaint
CopyImage
EnumDisplayMonitors
CreateWindowExW
MapWindowPoints
LoadCursorW
SetCursor
CharUpperW
CharLowerW
OemToCharBuffA
LoadStringW
SetWindowLongW
SetMenuItemInfoW
GetWindowLongW
GetClassNameW
GetWindow
GetSystemMetrics
SetWindowPos
GetWindowLongPtrW
GetClientRect
GetWindowRect
OemToCharA

gdi32

SetPixel
GetPixel
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteDC
GetObjectW
SetTextColor
DeleteObject
LineTo
MoveToEx
CreatePen
CreateFontW
GetTextMetricsW
GetTextFaceW
SelectObject
TextOutW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
DragQueryFileW

ole32

CoTaskMemFree
ReleaseStgMedium
CoSetProxyBlanket
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHStrDupW

comctl32

ord8
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

GradientFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/RarExt32.dll
.dll windows:6 windows x86 arch:x86

4eb3553032fd2dda22781f0450317fea

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:8e:da:f0:7c:a1:dd:33:98:f5:76:a1:08:ea:42:f2:dc:8c:b9:5e:c7:e4:eb:d3:e6:f2:45:64:a1:77:f9:da
Signer

Actual PE Digest

c0:8e:da:f0:7c:a1:dd:33:98:f5:76:a1:08:ea:42:f2:dc:8c:b9:5e:c7:e4:eb:d3:e6:f2:45:64:a1:77:f9:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rarext\build\32\Release\rarext.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetCurrentProcess
Sleep
SetThreadExecutionState
GetSystemDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetCPInfo
IsDBCSLeadByte
GetLocaleInfoW
GetNumberFormatW
GetTempPathW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
DecodePointer
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
FindResourceW
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleExW
FoldStringW
ReadFile
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
GetDiskFreeSpaceExW
LoadLibraryExW
GetDriveTypeW
CreateDirectoryW
GetFileType
GetFileTime
FlushFileBuffers
GetStdHandle
SetLastError
FreeLibrary
GetFileSize
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
CreateFileW
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
SetFilePointer
SetFileTime
WriteFile
GetEnvironmentStringsW

user32

ShowWindow
GetParent
SendMessageW
GetDC
SetDlgItemTextW
GetDlgItem
InvalidateRect
SetWindowTextW
ReleaseDC
MonitorFromPoint
InsertMenuItemW
DestroyWindow
EqualRect
CreatePopupMenu
GetMonitorInfoW
SendDlgItemMessageW
GetSysColor
AppendMenuW
LoadImageW
GetCursorPos
BeginPaint
EndPaint
CopyImage
EnumDisplayMonitors
CreateWindowExW
MapWindowPoints
LoadCursorW
SetCursor
CharUpperW
CharLowerW
OemToCharBuffA
LoadStringW
SetWindowLongW
SetMenuItemInfoW
GetClassNameW
GetWindow
GetSystemMetrics
SetWindowPos
GetWindowLongW
GetClientRect
GetWindowRect
OemToCharA

gdi32

SetPixel
GetPixel
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteDC
GetObjectW
TextOutW
SetTextColor
DeleteObject
MoveToEx
CreatePen
CreateFontW
GetTextMetricsW
GetTextFaceW
SelectObject
LineTo

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoSetProxyBlanket
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

SHStrDupW

comctl32

ord8
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

GradientFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/RarExtInstaller.exe
.exe windows:6 windows x64 arch:x64

4acc6343a45ffc561d0fa260d16b3c8e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:b6:11:60:54:36:8b:d7:eb:a6:9d:90:65:db:01:c9:b7:f5:97:3f:95:0a:34:df:38:5a:e6:a4:53:dd:f0:6c
Signer

Actual PE Digest

38:b6:11:60:54:36:8b:d7:eb:a6:9d:90:65:db:01:c9:b7:f5:97:3f:95:0a:34:df:38:5a:e6:a4:53:dd:f0:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\rarext\Installer\x64\Release\RarExtInstaller.pdb

Imports

kernel32

CompareStringEx
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
WaitForSingleObject
CreateEventW
SetEvent
FormatMessageW
WriteConsoleW
CreateFileW
CloseHandle
GetConsoleMode
GetConsoleOutputCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers

user32

MessageBoxW

shell32

SHChangeNotify

shlwapi

SHCreateStreamOnFileEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx

oleaut32

SysAllocString
SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/RarExtLogo.altform-unplated_targetsize-32.png
.png
WinRAR/RarExtLogo.altform-unplated_targetsize-48.png
.png
WinRAR/RarExtLogo.altform-unplated_targetsize-64.png
.png
WinRAR/RarExtPackage.msix
.appx
AppxBlockMap.xml
.xml
AppxManifest.xml
AppxSignature.p7x
RarExtLogo.altform-unplated_targetsize-32.png
.png
RarExtLogo.altform-unplated_targetsize-48.png
.png
RarExtLogo.altform-unplated_targetsize-64.png
.png
Square150x150Logo.png
.png
StoreLogo.png
.png
[Content_Types].xml
.xml
WinRAR/RarFiles.lst
WinRAR/Resources.pri
WinRAR/UnRAR.exe
.exe windows:5 windows x64 arch:x64

7d1e440af537908e3c09fa351258d1f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:60:5a:3f:85:17:5a:f1:f3:6e:ce:ba:6e:00:52:d8:ca:6a:6f:84:fb:4b:03:dd:61:b4:6d:78:b0:98:b7:b2
Signer

Actual PE Digest

b3:60:5a:3f:85:17:5a:f1:f3:6e:ce:ba:6e:00:52:d8:ca:6a:6f:84:fb:4b:03:dd:61:b4:6d:78:b0:98:b7:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\rar\build\unrar64\Release\UnRAR.pdb

Imports

kernel32

GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
GetVolumeInformationW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
SetErrorMode
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
SetConsoleCtrlHandler
SetThreadPriority
SetThreadExecutionState
CreateEventW
LoadLibraryW
GetSystemDirectoryW
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FormatMessageW
Sleep
SetLastError
GetLastError
LocalFree
WriteConsoleW
ReadConsoleW
SetConsoleMode
GetConsoleMode
WriteFile
GetStdHandle
GetFileType
GetCurrentThread
GetCommandLineW
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
SetStdHandle
GetConsoleCP
HeapAlloc
HeapFree
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetACP
GetStringTypeW

user32

LoadStringW
CharLowerW
CharToOemA
OemToCharBuffA
OemToCharA
ExitWindowsEx
MessageBeep
CharToOemBuffW
CharUpperW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

powrprof

SetSuspendState

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/WinCon.SFX
.exe windows:5 windows x64 arch:x64

5e557ce4896422d307cbd87c113a3c45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\rar\build\sfxcon64\Release\sfxcon.pdb

Imports

kernel32

GetFileType
GetStdHandle
WriteFile
GetConsoleMode
SetConsoleMode
ReadConsoleW
WriteConsoleW
LocalFree
GetLastError
SetLastError
Sleep
FormatMessageW
SetConsoleCtrlHandler
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
FoldStringW
SetErrorMode
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
LCMapStringW
HeapFree
HeapAlloc
GetConsoleCP
SetStdHandle
GetStringTypeW
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/WinCon32.SFX
.exe windows:5 windows x86 arch:x86

624f00013c1c565988c0a52d012fd6d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\rar\build\sfxcon32\Release\sfxcon.pdb

Imports

kernel32

GetFileType
GetStdHandle
WriteFile
GetConsoleMode
SetConsoleMode
ReadConsoleW
WriteConsoleW
LocalFree
GetLastError
SetLastError
Sleep
FormatMessageW
SetConsoleCtrlHandler
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
FoldStringW
SetErrorMode
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
LCMapStringW
HeapFree
HeapAlloc
GetConsoleCP
SetStdHandle
GetStringTypeW
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/WinRAR.exe
.exe windows:6 windows x64 arch:x64

e68fe2e4fe4b72ddbc24bfd21ac99075

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:b4:bc:13:fb:0c:ef:23:46:98:67:7d:f8:c9:41:5e:ab:35:11:18:b8:34:0d:49:02:ac:cf:ab:1b:ca:2c:4a
Signer

Actual PE Digest

28:b4:bc:13:fb:0c:ef:23:46:98:67:7d:f8:c9:41:5e:ab:35:11:18:b8:34:0d:49:02:ac:cf:ab:1b:ca:2c:4a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\build\winrar64\Release\WinRAR.pdb

Imports

kernel32

HeapAlloc
HeapFree
DosDateTimeToFileTime
SetLastError
CreateHardLinkW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
GetProcessHeap
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
GetDiskFreeSpaceW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetCompressedFileSizeW
GetLocalTime
GetFileInformationByHandle
LocalFree
DeleteFileW
RemoveDirectoryW
DeviceIoControl
BackupRead
BackupSeek
GetLongPathNameW
GetShortPathNameW
GetStdHandle
FlushFileBuffers
GetFileType
GetFileTime
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
ExpandEnvironmentStringsW
CompareStringA
CreateEventW
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemDirectoryW
SetThreadExecutionState
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
GetTempPathW
SetEnvironmentVariableW
GlobalMemoryStatusEx
LockResource
GetDateFormatW
GetTimeFormatW
SuspendThread
ResumeThread
HeapCreate
GetSystemTimeAsFileTime
Beep
FindNextChangeNotification
SetErrorMode
GetThreadPriority
GetPriorityClass
CompareFileTime
WaitForMultipleObjects
MulDiv
OutputDebugStringA
GetEnvironmentVariableW
HeapSize
WriteConsoleW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindFirstFileExW
SetStdHandle
LCMapStringW
HeapReAlloc
GetFileSizeEx
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LocalFileTimeToFileTime
LoadLibraryW
FreeLibrary
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
CreateFileW
MoveFileW
GetTickCount
HeapDestroy
GetCPInfoExW
GetOEMCP
GetACP
GetCurrentProcessId
GetCurrentProcess
Sleep
RtlUnwind
GetVolumeInformationW
GetDriveTypeW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
CreateMutexW
ReleaseMutex
GetLastError
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
CopyFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
WaitForSingleObject
CloseHandle
GetCommandLineW
GetPhysicallyInstalledSystemMemory
FindFirstFileW
GetStartupInfoW
FindClose

user32

MessageBoxW
GetForegroundWindow
keybd_event
FlashWindowEx
CreateIcon
EnumWindows
SetForegroundWindow
IsCharAlphaW
CopyRect
RegisterClassExW
GetSysColor
ValidateRect
DrawIconEx
LoadImageW
SystemParametersInfoW
GetSystemMenu
MessageBoxIndirectW
CharLowerW
ExitWindowsEx
LoadStringW
SetProcessDefaultLayout
OemToCharBuffW
CharToOemBuffW
OemToCharBuffA
OemToCharA
GetComboBoxInfo
RedrawWindow
MessageBeep
CharToOemA
EmptyClipboard
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FillRect
GetLastActivePopup
GetMenuItemID
SetMenu
LoadMenuW
LoadAcceleratorsW
SendInput
IsChild
RegisterClassW
PostQuitMessage
GetClipboardData
LoadIconW
CreateDialogParamW
PostThreadMessageW
FindWindowExW
SetScrollRange
SetScrollPos
ScrollWindowEx
SendMessageW
DefWindowProcW
CreateWindowExW
DestroyWindow
SetFocus
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
DialogBoxParamW
IsDialogMessageW
GetIconInfo
CreateIconIndirect
FindWindowW
RemovePropW
GetPropW
SetPropW
CopyImage
GetMenuState
EnumDisplayMonitors
TranslateAcceleratorW
CreateDialogIndirectParamW
PeekMessageW
GetScrollInfo
EnableMenuItem
CheckMenuItem
GetFocus
MoveWindow
EndPaint
EndDialog
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
GetParent
DestroyIcon
ShowWindow
UpdateWindow
GetDlgItemTextW
CheckDlgButton
OpenClipboard
CloseClipboard
SetClipboardData
BringWindowToTop
FlashWindow
BeginPaint
AppendMenuW
GetMenuItemCount
DrawMenuBar
SetWindowLongPtrW
ScreenToClient
ClientToScreen
CallWindowProcW
PtInRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DeleteMenu
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
GetMenu
IsWindow
WaitForInputIdle
LoadCursorW
GetWindowThreadProcessId
WindowFromPoint
GetCursorPos
SetCursor
GetKeyState
RegisterClipboardFormatW
GetWindow
GetDesktopWindow
GetWindowLongPtrW
IntersectRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
IsIconic
IsWindowEnabled
CharToOemBuffA
GetClassNameW
EnumChildWindows
InvalidateRect
PostMessageW
GetWindowDC
KillTimer
SetTimer
CharUpperW

gdi32

SetTextColor
MoveToEx
TextOutW
GetTextExtentPoint32W
GetObjectW
SetBkColor
ExtTextOutW
CreateBitmap
GetDeviceCaps
LineTo
SetMapMode
StretchBlt
DPtoLP
GetPixel
CreateDIBSection
CreateSolidBrush
Rectangle
SetPixel
TextOutA
CreatePen
GetTextFaceW
GetTextMetricsW
CreateFontW
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetMapMode
BitBlt
CreateCompatibleBitmap

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

shell32

FindExecutableW
DragFinish
Shell_NotifyIconW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
ord100
SHGetFolderPathW
SHAddToRecentDocs
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteExW
DragAcceptFiles
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetFileInfoW

ole32

RegisterDragDrop
OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
OleSetClipboard
DoDragDrop
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
RevokeDragDrop

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantCopy

shlwapi

StrCmpLogicalW
SHAutoComplete

powrprof

SetSuspendState

comctl32

ImageList_ReplaceIcon
ImageList_Create
CreateStatusWindowW
ord381
PropertySheetW
InitCommonControlsEx

uxtheme

IsThemeActive
IsAppThemed

gdiplus

GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapSetPixel

msimg32

GradientFill

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/Zip.SFX
.exe windows:5 windows x64 arch:x64

e8a30656287fe831c9782204ed10cd68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
GetCurrentProcessId
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/Zip32.SFX
.exe windows:5 windows x86 arch:x86

10b73c5f7fc148e21f974da703236659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
GetCurrentProcessId
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

VariantClear
SysFreeString
SysAllocString

gdiplus

GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR/rarnew.dat
.rar
WinRAR/zipnew.dat

Sharing

General

Malware Config

Signatures

Files

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 23KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 57KB

.pdata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 864B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 53KB - Virtual size: 56KB

.reloc Size: 2KB - Virtual size: 2KB

99ee65c2db82c04251a5c24f214c8892

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 53KB

.didat Size: 512B - Virtual size: 424B

.rsrc Size: 53KB - Virtual size: 56KB

.reloc Size: 11KB - Virtual size: 10KB

43abd757e2af547c27f3aa862031733e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 23KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 57KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 864B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 53KB - Virtual size: 56KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 53KB

.didat
Size: 512B - Virtual size: 424B

.rsrc
Size: 53KB - Virtual size: 56KB

.reloc
Size: 11KB - Virtual size: 10KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f9:62:2c:fa:a1:3e:8a:14:d9:54:5d:4f:ac:76:f8:25:08:a7:3f:c0:e6:a5:aa:d5:37:af:59:65:34:ee:75:3b
Signer

.text
Size: 571KB - Virtual size: 570KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 13KB - Virtual size: 80KB

.pdata
Size: 20KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 21KB - Virtual size: 24KB

.reloc
Size: 3KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

87:57:d0:77:d0:08:6a:52:7a:a0:46:6b:fa:e2:cb:1b:f8:54:6f:72:d8:10:63:dd:6b:82:0a:6a:2b:60:d6:2a
Signer

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 4KB - Virtual size: 63KB

.pdata
Size: 23KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 102KB - Virtual size: 104KB