filenamesetup.exe
size1065961 (0x1043e9)
md5284df216214e1ff69de2126ec825bb9f
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavscan pending
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x118

Rich Header

lib idversiontimes used
2414011613
24340116141
2424011624
199411182
2592412322
2602412319
2612412344
1313072910
147307295
10266
2612421549
256242151
255242101
258242151

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections6
TimeDateStamp0x5e7c7dc7
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x102
Magic0x10b
LinkerVersion14.0
SizeOfCode0x30600
SizeOfInitializedData0x3e200
SizeOfUninitializedData0
AddressOfEntryPoint0x1e1f9
BaseOfCode0x1000
BaseOfData0x32000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.1
ImageVersion0.0
SubsystemVersion5.1
Reserved10
SizeOfImage0x73000
SizeOfHeaders0x400
CheckSum0
Subsystem2
DllCharacteristics0x8140
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

namevavsizeraw sizeflags
.text0x10000x305810x30600R-X CODE
.rdata0x320000xa3320xa400R-- IDATA
.data0x3d0000x238b00x1200RW- IDATA
.gfids0x610000xe80x200R-- IDATA
.rsrc0x620000xdfd00xe000R-- IDATA
.reloc0x700000x210c0x2200R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT0x3b5400x34
IMPORT0x3b5740x3c
RESOURCE0x620000xdfd0
EXCEPTION00
SECURITY00
BASERELOC0x700000x210c
DEBUG0x397d00x54
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x342180x40
Bound_IAT00
IAT0x320000x260
Delay_IAT0x3aaec0x120
CLR_Header00
typenamesizecp
PNG#10128850
PNG#10255450
ICON#113840
ICON#222160
ICON#337520
ICON#411280
ICON#542640
ICON#696400
ICON#7157290
DIALOGASKNEXTVOL6460
DIALOGGETPASSWORD13140
DIALOGLICENSEDLG2360
DIALOGRENAMEDLG3020
DIALOGREPLACEFILEDLG8240
DIALOGSTARTDLG5940
STRING#74820
STRING#84600
STRING#94400
STRING#103260
STRING#1110940
STRING#123580
STRING#133380
STRING#142660
STRING#151880
STRING#162140
GROUP_ICON#1001040
MANIFEST#118750
idlangstring
1001033Select destination folder
1011033Extracting %s
1021033Skipping %s
1031033Unexpected end of archive
1041033The file "%s" header is corrupt
1051033Corrupt header is found
1061033Main archive header is corrupt
1101033The archive comment header is corrupt
1111033The archive comment is corrupt
1121033Not enough memory
1131033Unknown method in %s
1141033Cannot open %s
1201033Cannot create %s
1211033Cannot create folder %s
1221033Checksum error in the encrypted file %s. Corrupt file or wrong password.
1231033Checksum error in %s
1241033Packed data checksum error in %s
1311033Write error in the file %s
1321033Read error in the file %s
1331033File close error
1341033The required volume is absent
1401033The archive is either in unknown format or damaged
1411033Extracting from %s
1421033Next volume
1431033The archive header is corrupt
1441033Close
1501033Error
1511033Errors encountered while performing the operation Look at the information window for more details
1521033bytes
1531033modified on
1541033folder is not accessible
1601033Some files could not be created. Please close all applications, reboot Windows and restart this installation
1611033Some installation files are corrupt. Please download a fresh copy and retry the installation
1621033All files
1701033<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
1711033<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
1721033<li>Use <b>Browse</b> button to select the destination
1731033folder from the folders tree. It can be also entered
1741033manually.</li><br><br>
1751033<li>If the destination folder does not exist, it will be
1761033created automatically before extraction.</li></ul>
1801033The archive is corrupt
1851033Extracting files to %s folder
1861033Extracting files to temporary folder
1901033Extract
1911033Extraction progress
1951033Total path and file name length must not exceed %d characters
2001033Unknown encryption method in %s
2011033The specified password is incorrect.
2021033Incorrect password for %s
2101033Cannot copy %s to %s.
2201033Cannot create symbolic link %s
2211033Cannot create hard link %s
2221033You need to unpack the link target first
2251033You may need to run this self-extracting archive as administrator
2301033Pause
2311033Continue
2401033Security warning
2411033Please remove %s from folder %s. It is unsecure to run %s until it is done.
module_namehintordfunction_name
KERNEL32.dll514GetLastError
KERNEL32.dll1139SetLastError
KERNEL32.dll350FormatMessageW
KERNEL32.dll448GetCurrentProcess
KERNEL32.dll221DeviceIoControl
KERNEL32.dll1130SetFileTime
KERNEL32.dll82CloseHandle
KERNEL32.dll129CreateDirectoryW
KERNEL32.dll1027RemoveDirectoryW
KERNEL32.dll143CreateFileW
KERNEL32.dll214DeleteFileW
KERNEL32.dll147CreateHardLinkW
KERNEL32.dll609GetShortPathNameW
KERNEL32.dll527GetLongPathNameW
KERNEL32.dll867MoveFileW
KERNEL32.dll499GetFileType
KERNEL32.dll612GetStdHandle
KERNEL32.dll1317WriteFile
KERNEL32.dll960ReadFile
KERNEL32.dll343FlushFileBuffers
KERNEL32.dll1107SetEndOfFile
KERNEL32.dll1126SetFilePointer
KERNEL32.dll1121SetFileAttributesW
KERNEL32.dll490GetFileAttributesW
KERNEL32.dll302FindClose
KERNEL32.dll313FindFirstFileW
KERNEL32.dll325FindNextFileW
KERNEL32.dll676GetVersionExW
KERNEL32.dll447GetCurrentDirectoryW
KERNEL32.dll507GetFullPathNameW
KERNEL32.dll348FoldStringW
KERNEL32.dll532GetModuleFileNameW
KERNEL32.dll536GetModuleHandleW
KERNEL32.dll334FindResourceW
KERNEL32.dll354FreeLibrary
KERNEL32.dll581GetProcAddress
KERNEL32.dll449GetCurrentProcessId
KERNEL32.dll281ExitProcess
KERNEL32.dll1171SetThreadExecutionState
KERNEL32.dll1202Sleep
KERNEL32.dll831LoadLibraryW
KERNEL32.dll624GetSystemDirectoryW
KERNEL32.dll100CompareStringW
KERNEL32.dll16AllocConsole
KERNEL32.dll351FreeConsole
KERNEL32.dll23AttachConsole
KERNEL32.dll1316WriteConsoleW
KERNEL32.dll582GetProcessAffinityMask
KERNEL32.dll181CreateThread
KERNEL32.dll1177SetThreadPriority
KERNEL32.dll738InitializeCriticalSection
KERNEL32.dll238EnterCriticalSection
KERNEL32.dll825LeaveCriticalSection
KERNEL32.dll209DeleteCriticalSection
KERNEL32.dll1113SetEvent
KERNEL32.dll1039ResetEvent
KERNEL32.dll1022ReleaseSemaphore
KERNEL32.dll1273WaitForSingleObject
KERNEL32.dll133CreateEventW
KERNEL32.dll174CreateSemaphoreW
KERNEL32.dll631GetSystemTime
KERNEL32.dll1214SystemTimeToTzSpecificLocalTime
KERNEL32.dll1232TzSpecificLocalTimeToSystemTime
KERNEL32.dll1213SystemTimeToFileTime
KERNEL32.dll292FileTimeToLocalFileTime
KERNEL32.dll838LocalFileTimeToFileTime
KERNEL32.dll293FileTimeToSystemTime
KERNEL32.dll370GetCPInfo
KERNEL32.dll766IsDBCSLeadByte
KERNEL32.dll871MultiByteToWideChar
KERNEL32.dll1297WideCharToMultiByte
KERNEL32.dll691GlobalAlloc
KERNEL32.dll852LockResource
KERNEL32.dll702GlobalLock
KERNEL32.dll709GlobalUnlock
KERNEL32.dll698GlobalFree
KERNEL32.dll833LoadResource
KERNEL32.dll1201SizeofResource
KERNEL32.dll1101SetCurrentDirectoryW
KERNEL32.dll479GetExitCodeProcess
KERNEL32.dll515GetLocalTime
KERNEL32.dll659GetTickCount
KERNEL32.dll855MapViewOfFile
KERNEL32.dll1238UnmapViewOfFile
KERNEL32.dll140CreateFileMappingW
KERNEL32.dll889OpenFileMappingW
KERNEL32.dll391GetCommandLineW
KERNEL32.dll1111SetEnvironmentVariableW
KERNEL32.dll285ExpandEnvironmentStringsW
KERNEL32.dll645GetTempPathW
KERNEL32.dll864MoveFileExW
KERNEL32.dll518GetLocaleInfoW
KERNEL32.dll663GetTimeFormatW
KERNEL32.dll456GetDateFormatW
KERNEL32.dll563GetNumberFormatW
KERNEL32.dll1127SetFilePointerEx
KERNEL32.dll428GetConsoleMode
KERNEL32.dll410GetConsoleCP
KERNEL32.dll724HeapSize
KERNEL32.dll1159SetStdHandle
KERNEL32.dll586GetProcessHeap
KERNEL32.dll945RaiseException
KERNEL32.dll627GetSystemInfo
KERNEL32.dll1263VirtualProtect
KERNEL32.dll1265VirtualQuery
KERNEL32.dll829LoadLibraryExA
KERNEL32.dll772IsProcessorFeaturePresent
KERNEL32.dll768IsDebuggerPresent
KERNEL32.dll1235UnhandledExceptionFilter
KERNEL32.dll1189SetUnhandledExceptionFilter
KERNEL32.dll611GetStartupInfoW
KERNEL32.dll935QueryPerformanceCounter
KERNEL32.dll453GetCurrentThreadId
KERNEL32.dll633GetSystemTimeAsFileTime
KERNEL32.dll743InitializeSListHead
KERNEL32.dll1216TerminateProcess
KERNEL32.dll1048RtlUnwind
KERNEL32.dll234EncodePointer
KERNEL32.dll739InitializeCriticalSectionAndSpinCount
KERNEL32.dll1221TlsAlloc
KERNEL32.dll1223TlsGetValue
KERNEL32.dll1224TlsSetValue
KERNEL32.dll1222TlsFree
KERNEL32.dll830LoadLibraryExW
KERNEL32.dll936QueryPerformanceFrequency
KERNEL32.dll535GetModuleHandleExW
KERNEL32.dll531GetModuleFileNameA
KERNEL32.dll360GetACP
KERNEL32.dll719HeapFree
KERNEL32.dll715HeapAlloc
KERNEL32.dll722HeapReAlloc
KERNEL32.dll617GetStringTypeW
KERNEL32.dll813LCMapStringW
KERNEL32.dll307FindFirstFileExA
KERNEL32.dll323FindNextFileA
KERNEL32.dll778IsValidCodePage
KERNEL32.dll567GetOEMCP
KERNEL32.dll390GetCommandLineA
KERNEL32.dll474GetEnvironmentStringsW
KERNEL32.dll353FreeEnvironmentStringsW
KERNEL32.dll202DecodePointer
gdiplus.dll628GdiplusShutdown
gdiplus.dll629GdiplusStartup
gdiplus.dll95GdipCreateHBITMAPFromBitmap
gdiplus.dll82GdipCreateBitmapFromStreamICM
gdiplus.dll81GdipCreateBitmapFromStream
gdiplus.dll152GdipDisposeImage
gdiplus.dll54GdipCloneImage
gdiplus.dll237GdipFree
gdiplus.dll33GdipAlloc
ordentry_vafunction_name
module_namesfxrar.exe
flags0
timestamp2020-03-26 10:02:47
version0.0
ordinal_base1
nFunctions0
nNames0
Names(0)0
Functions(0)0
NameOrdinals(0)0
offsetsizetypecomment
0312320EXE03/26/2020 10:02:47#
15c115HTM#
3c8502885PNG(93 x 302)#
3d3985545PNG(186 x 604)#
440b815729PNG(256 x 256)#
4c400753641BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 1065961 bytes (1041 KiB)


--
Type = Rar5
Offset = 312320
Physical Size = 753641
Solid = -
Blocks = 3
Encrypted = -
Multivolume = -
Volumes = 1
Comment = Silent=1
Overwrite=1
Path="C:/crtref/"
Setup=MMHfyN1KUsTJOBvBjzGlbdHS9oVV2j.vbe
Update=U

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2020-12-08 12:05:21 ....A       898712       752697  9rgZVeNcpNbOK5vGmyvU.exe
2020-12-08 12:05:02 ....A          142          142  MMHfyN1KUsTJOBvBjzGlbdHS9oVV2j.vbe
2020-12-08 12:05:02 ....A          422          375  qJinAgXQ4XD9SKHPndOH6nHwmTlPZ3.bat
------------------- ----- ------------ ------------  ------------------------
2020-12-08 12:05:21             899276       753214  3 files
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x0