D:\Projects\CursorFX\Release\CursorFX.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3New Compre...er.zip
windows7-x64
1New Compre...er.zip
windows10-2004-x64
1Stardock C...FX.exe
windows7-x64
1Stardock C...FX.exe
windows10-2004-x64
3Stardock C...ig.exe
windows7-x64
1Stardock C...ig.exe
windows10-2004-x64
3Stardock C...Me.txt
windows7-x64
1Stardock C...Me.txt
windows10-2004-x64
1Stardock C...up.exe
windows7-x64
7Stardock C...up.exe
windows10-2004-x64
7winrar-x64-701.exe
windows7-x64
1winrar-x64-701.exe
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
New Compressed (zipped) Folder.zip
Resource
win7-20240903-en
windows7-x64
0 signatures
1800 seconds
Behavioral task
behavioral2
Sample
New Compressed (zipped) Folder.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral3
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFX.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
1800 seconds
Behavioral task
behavioral4
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFX.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral5
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFXConfig.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
1800 seconds
Behavioral task
behavioral6
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFXConfig.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral7
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/Read_Me.txt
Resource
win7-20240903-en
windows7-x64
0 signatures
1800 seconds
Behavioral task
behavioral8
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/Read_Me.txt
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral9
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Stardock CursorFX v4.03 Setup.exe
Resource
win7-20240708-en
windows7-x64
8 signatures
1800 seconds
Behavioral task
behavioral10
Sample
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Stardock CursorFX v4.03 Setup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
8 signatures
1800 seconds
Behavioral task
behavioral11
Sample
winrar-x64-701.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
1800 seconds
Behavioral task
behavioral12
Sample
winrar-x64-701.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
1800 seconds
General
-
Target
New Compressed (zipped) Folder.zip
-
Size
23.3MB
-
MD5
d8355a1a67e8ea413a7fcecf0166eece
-
SHA1
ad168f25348937cfc97b744ab3cdf226155ff8e5
-
SHA256
847a40ca8a3e2616ca25561a74f0cd27b4d9d7bb8f3f8399b747a85ca369b611
-
SHA512
68299e63d8f27c030e15eb34ab66edc251678eae71c51a36c31f19176833058957685d13de4c1abccbca00a8ad4e4b74aea9dfb3358df6f75d022b1738b0abc6
-
SSDEEP
393216:QwjLLgYjdm8j4dWY0QqAMdm2n/WzoU32t9obT2s0ghmfE+SeK069/T72O63eoh5H:Q+LVjEK4dhwm2OzoU2/oD3hmwen69/TU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFX.exe unpack001/Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFXConfig.exe
Files
-
New Compressed (zipped) Folder.zip.zip
-
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFX.exe.exe windows:6 windows x86 arch:x86
57ff2c3861a9dd448e266a3a5e56a830
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
winmm
PlaySoundW
shlwapi
PathRemoveBlanksW
PathStripPathW
PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
ColorRGBToHLS
ColorHLSToRGB
PathFileExistsW
PathGetArgsW
comctl32
ord380
_TrackMouseEvent
zlib1
inflate
inflateEnd
inflateInit_
inflateReset
crc32
uncompress
kernel32
GetModuleFileNameW
GetProcAddress
LoadLibraryW
SetProcessWorkingSetSize
GetConsoleDisplayMode
GetCurrentThreadId
GetModuleHandleW
OutputDebugStringW
GetVersionExW
GetModuleFileNameA
CreateFileW
FreeLibrary
GetModuleHandleExA
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
ReadFile
lstrcatW
MultiByteToWideChar
GetUserDefaultLangID
CreateDirectoryW
lstrcpynW
GetPrivateProfileSectionW
GetLastError
ReleaseMutex
WaitForSingleObject
IsBadReadPtr
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalFree
WriteFile
lstrcpyA
DeleteFileW
GetTempFileNameW
RemoveDirectoryW
GetTempPathW
WideCharToMultiByte
LoadLibraryExW
GetPrivateProfileStringW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
HeapAlloc
UnmapViewOfFile
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
IsProcessorFeaturePresent
GetModuleHandleExW
QueueUserWorkItem
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
RaiseException
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
CompareStringW
LCMapStringW
GetFileType
HeapReAlloc
DecodePointer
MapViewOfFile
CreateFileMappingW
GetThreadPriority
SetThreadPriority
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetCurrentThread
SetStdHandle
GetCurrentProcessId
GetCurrentProcess
CopyFileW
lstrlenW
lstrcpyW
lstrcmpiW
lstrcmpW
Sleep
OpenMutexW
CreateMutexW
CloseHandle
GetLongPathNameW
GetCommandLineW
GetStringTypeW
HeapSize
UnregisterWaitEx
RtlUnwind
ExitThread
ExitProcess
GetStdHandle
UnregisterWait
HeapFree
SetEndOfFile
EncodePointer
WriteConsoleW
user32
OffsetRect
UnionRect
SetRectEmpty
SetCursor
RemovePropW
GetPropW
RedrawWindow
ReleaseCapture
SetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
CallWindowProcW
IntersectRect
SetRect
GetClientRect
DestroyWindow
LoadImageW
MessageBoxA
SetForegroundWindow
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetCursorInfo
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
EqualRect
CreateIconIndirect
DestroyIcon
SetSystemCursor
LoadCursorW
GetClassNameW
SetWindowLongW
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
GetCursorPos
GetWindowRect
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
KillTimer
SetWindowPos
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
UnregisterHotKey
RegisterHotKey
CloseDesktop
OpenInputDesktop
SetTimer
ShowWindow
EnumWindows
FindWindowW
GetWindowLongW
MessageBoxW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
LoadStringW
EnumDisplayMonitors
IsRectEmpty
BeginPaint
EndPaint
SetWindowRgn
CopyRect
InflateRect
GetIconInfo
GetActiveWindow
BeginDeferWindowPos
gdi32
GetObjectW
BitBlt
SetTextColor
SelectObject
CombineRgn
DeleteDC
CreateRectRgn
CreateDIBSection
GetDeviceCaps
DeleteObject
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
ExtCreateRegion
SetBkColor
advapi32
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
shell32
ShellExecuteExW
Shell_NotifyIconW
SHGetFolderPathW
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
gdiplus
GdiplusStartup
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipImageRotateFlip
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
imagehlp
ImageGetCertificateHeader
ImageGetCertificateData
crypt32
CertFreeCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
Sections
.text Size: 467KB - Virtual size: 468KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 110KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 42KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/CursorFXConfig.exe.exe windows:6 windows x86 arch:x86
aa00abd0f424c65eca31073c4d2e455a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Projects\CursorFX\Release\CursorFXConfig.pdb
Imports
shlwapi
PathIsDirectoryW
ColorRGBToHLS
ColorHLSToRGB
PathStripPathW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveExtensionW
winmm
PlaySoundW
kernel32
GetModuleFileNameA
FreeLibrary
GetModuleHandleExA
ExitProcess
LockResource
LoadResource
lstrlenW
lstrcatW
lstrcpyW
lstrcmpiW
lstrcmpW
SetProcessWorkingSetSize
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetTickCount64
CreateThread
GetCurrentProcess
OpenMutexW
CreateMutexW
WaitForSingleObject
CloseHandle
ReadFile
WriteConsoleW
HeapSize
ReadConsoleW
FlushFileBuffers
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
GetFileSize
FindNextFileW
FindResourceW
FindNextChangeNotification
FindFirstFileW
FindFirstChangeNotificationW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCommandLineW
ExitThread
RtlUnwind
IsValidCodePage
GetFileType
GetFileSizeEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FormatMessageW
GetModuleFileNameW
GetStdHandle
HeapFree
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
HeapReAlloc
Sleep
lstrcpynW
GetPrivateProfileSectionW
MultiByteToWideChar
GetLocaleInfoW
GetUserDefaultLangID
GetCurrentThreadId
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalFree
OutputDebugStringW
GetLastError
ReleaseMutex
IsBadReadPtr
WriteFile
lstrcpyA
GetTempFileNameW
RemoveDirectoryW
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryExW
WideCharToMultiByte
GetPrivateProfileStringW
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetStringTypeW
FindFirstFileExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
InterlockedPushEntrySList
CopyFileW
RaiseException
QueueUserWorkItem
GetModuleHandleExW
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
HeapAlloc
user32
MessageBoxW
wsprintfW
SendMessageW
PostMessageW
PostQuitMessage
ShowWindow
SetWindowPos
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
FindWindowW
LoadImageW
FindWindowExW
SetWindowLongW
GetWindowLongW
SetRect
AdjustWindowRectEx
GetWindowTextW
SetWindowTextW
InvalidateRect
DefWindowProcW
GetSystemMetrics
DrawTextW
FillRect
CopyRect
InflateRect
UnionRect
OffsetRect
DestroyWindow
GetClientRect
GetWindowRect
IntersectRect
CallWindowProcW
RegisterClassExW
CreateWindowExW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetKeyState
SetFocus
ReleaseCapture
RedrawWindow
GetPropW
RemovePropW
SetCursor
GetCursorPos
SetRectEmpty
IsRectEmpty
EqualRect
LoadCursorW
GetMonitorInfoW
EnumDisplayMonitors
BeginPaint
EndPaint
SetWindowRgn
GetActiveWindow
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
KillTimer
SetTimer
SetCapture
gdi32
GetDeviceCaps
CreateFontIndirectW
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
ExtCreateRegion
GetCharABCWidthsW
SelectObject
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
CreateDIBSection
GetObjectW
CreateRectRgn
advapi32
RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
shell32
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
imagehlp
ImageGetCertificateHeader
ImageGetCertificateData
crypt32
CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext
zlib1
uncompress
inflate
inflateEnd
inflateInit_
inflateReset
crc32
comctl32
_TrackMouseEvent
Sections
.text Size: 642KB - Virtual size: 644KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 137KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 16KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 261KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 34KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Crack/Read_Me.txt
-
Stardock CursorFX 4.03 Multilingual [PeskTop.com]/Stardock CursorFX v4.03/Stardock CursorFX v4.03 Setup.exe.exe windows:5 windows x86 arch:x86
d619eda1a774da262071361b928bb2e4
Code Sign
0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before08/04/2019, 00:00 UTCNot After20/04/2022, 23:59 UTCSubjectCN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00 UTCNot After09/12/2023, 23:59 UTCSubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00 UTCNot After11/01/2031, 23:59 UTCSubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00 UTCNot After22/03/2029, 23:59 UTCSubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
05:9e:f4:60:8e:8c:f0:25:b3:cd:c5:91:f9:c9:7d:39:21:33:63:b1:0d:64:96:34:56:79:aa:c8:85:ae:b1:00Signer
Actual PE Digest05:9e:f4:60:8e:8c:f0:25:b3:cd:c5:91:f9:c9:7d:39:21:33:63:b1:0d:64:96:34:56:79:aa:c8:85:ae:b1:00Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
lstrcpyA
lstrcatA
lstrlenA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
_lclose
GetModuleFileNameA
_lread
_llseek
_lopen
_lwrite
_lcreat
CreateDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceA
GetFileAttributesA
CompareStringA
DeleteFileA
GetTempPathA
GetCurrentDirectoryA
CloseHandle
GetExitCodeProcess
GetLastError
LocalFree
GetCurrentProcess
MoveFileExA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
RtlUnwind
HeapSize
Sleep
RemoveDirectoryA
FreeLibrary
IsValidCodePage
GetOEMCP
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
user32
TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
LoadCursorA
SetCursor
MessageBoxA
MsgWaitForMultipleObjects
advapi32
GetTokenInformation
OpenProcessToken
shell32
ShellExecuteExA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
winrar-x64-701.exe.exe windows:6 windows x64 arch:x64
39da3cace27ab9503fa46001ce968ea6
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00 UTCNot After28/04/2036, 23:59 UTCSubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before08/08/2023, 00:00 UTCNot After07/08/2026, 23:59 UTCSubjectSERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00 UTCNot After13/10/2034, 23:59 UTCSubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00 UTCNot After22/03/2037, 23:59 UTCSubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00 UTCNot After09/11/2031, 23:59 UTCSubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d1:d4:c8:14:12:24:32:bd:c4:95:b0:bc:a3:04:97:ee:93:9e:e1:70:3c:22:e5:40:01:ce:1b:48:03:be:a6:c5Signer
Actual PE Digestd1:d4:c8:14:12:24:32:bd:c4:95:b0:bc:a3:04:97:ee:93:9e:e1:70:3c:22:e5:40:01:ce:1b:48:03:be:a6:c5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb
Imports
kernel32
GetLastError
FormatMessageW
LocalFree
SetLastError
CreateHardLinkW
SetFileTime
GetCurrentProcess
CloseHandle
CreateFileW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
GetLongPathNameW
GetShortPathNameW
MoveFileW
GetStdHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
SetThreadExecutionState
CompareStringW
AllocConsole
AttachConsole
WriteConsoleW
Sleep
FreeConsole
ExitProcess
GetSystemDirectoryW
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
SetThreadPriority
SetEvent
ResetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GlobalAlloc
SizeofResource
LoadResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GetDateFormatW
GetTimeFormatW
GlobalMemoryStatusEx
GetLocaleInfoW
GetNumberFormatW
GetCommandLineW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableW
GetLocalTime
GetTickCount
CreateFileMappingW
MoveFileExW
GetTempPathW
GetExitCodeProcess
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
oleaut32
SysAllocString
SysFreeString
VariantClear
gdiplus
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 152KB - Virtual size: 156KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ