filenameWinCon.SFX
size75264 (0x12600)
md593471c3d5990a0677499ef6fbdacd0e6
typePE32 executable (console) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xe0

Rich Header

lib idversiontimes used
147307299
1081
149210225
131307291
1323072942
146307291
148307291
145307291

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections5
TimeDateStamp0x4fd34d61
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x103
Magic0x10b
LinkerVersion9.0
SizeOfCode0xf200
SizeOfInitializedData0xd400
SizeOfUninitializedData0
AddressOfEntryPoint0xba74
BaseOfCode0x1000
BaseOfData0x11000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.0
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x20000
SizeOfHeaders0x400
CheckSum0
Subsystem3
DllCharacteristics0x8500
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ 6.0 - 8.0

Sections

namevavsizeraw sizeflags
.text0x10000xf1b50xf200R-X CODE
.rdata0x110000xd050xe00R-- IDATA
.data0x120000xa5680x200RW- IDATA
.CRT0x1d0000x140x200R-- IDATA
.rsrc0x1e0000x1da80x1e00R-- IDATA

Data Directory

typevasize
EXPORT0x11c800x33
IMPORT0x115ac0x64
RESOURCE0x1e0000x1da8
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG0x111400x1c
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x110000x138
Delay_IAT00
CLR_Header00
typenamesizecp
STRING#188680
STRING#1891500
STRING#2061860
STRING#2073720
STRING#2082280
STRING#2091640
STRING#2101540
STRING#214600
STRING#2152820
STRING#2164040
STRING#2173880
STRING#2181780
STRING#2191560
STRING#2201600
STRING#2213520
STRING#222820
STRING#224840
STRING#2252000
STRING#2263480
STRING#2273080
STRING#2281380
STRING#2292320
STRING#2311380
STRING#2321800
MANIFEST#112240
idlangstring
30021033_Yes_No
30041033_Yes_No_All
30081033_Yes_No_All_nEver_Rename_Quit
30101033_Continue_Quit
30141033 RAR SFX archive
32861033 ERROR: Bad archive %s
32881033Enter password (will not be echoed)
32901033Enter password
32941033 for
32981033Write error in the file %s
33001033Read error in the file %s
33021033Seek error in the file %s
33041033Cannot close the file %s
33061033Not enough memory
33081033Corrupt archive - use 'Repair' command
33101033Program aborted
33121033 Cannot rename %s to %s
33141033 Cannot find volume %s
33161033 User break
33241033 Insert disk with %s
33261033 Testing archive %s
33281033 Extracting from %s
33381033 %s is not RAR archive
33401033 %s is not first volume
33441033 Cannot create %s
33461033 Cannot open %s
33481033 Unknown method in %s
33541033 OK
33561033 Done
34201033 %s: encrypted
34281033 %-20s - CRC failed
34301033 Testing archive %s
34321033 Extracting from %s
34341033 %s - use current password ?
34361033 Creating %-56s
34381033 Skipping %-56s
34401033 Testing %-56s
34421033 Extracting %-56s
34441033 ... %-56s
34461033 Cannot create directory %s
34481033 ------ Printing %s
34501033 Encrypted file: CRC failed in %s (password incorrect ?)
34521033 No files to extract
34541033 All OK
34561033 Total errors: %ld
34581033 %s already exists. Overwrite it ?
34601033 Overwrite %s ?
34621033 Enter new name:
34641033 The archive header is corrupt
34661033 %s - the file header is corrupt
34681033 The comment header is corrupt
34841033 The archive comment is corrupt
34861033 Press 'Enter' to continue or 'Q' to quit:
34881033 The file comment is corrupt
35021033 -------- %2d %s %d, archive %s
35061033Solid
35081033SFX
35101033volume
35121033Volume
35141033archive
35161033Archive
35181033 Recovery record is present
35201033 Lock is present
35221033 Pathname/Comment
35241033 Name
35261033 Size Packed Ratio Date Time Attr CRC Meth Ver
35281033 Host OS Solid
35421033 Comment:
35441033Yes
35461033No
35481033 0 files
35701033 Unexpected end of archive
35961033 ERROR: %s group and owner data are corrupt
35981033 WARNING: Cannot set %s owner and group
36021033 WARNING: Cannot create link %s
36041033 WARNING: Symbolic link %s already exists
36061033 Cannot create %s. Retry ?
36121033 %-20s : packed data CRC failed in volume %s
36141033 %s is read-only
36181033 WARNING: Cannot set %s security data
36201033 ERROR: %s security data are corrupt
36241033 ERROR: %s stream data are corrupt
36281033 ERROR: Invalid file name %s
36461033 WARNING: Attempting to correct the invalid file name
36481033 WARNING: You need to start extraction from a previous volume to unpack %s
36501033 ERROR: Unknown option: %s
36921033 <Commands>
36941033 -x Extract from archive (default)
36961033 -t Test archive files
36981033 -v Verbosely list contents of archive
module_namehintordfunction_name
SHLWAPI.dll367wvnsprintfA
KERNEL32.dll447GetCurrentDirectoryW
KERNEL32.dll514GetLastError
KERNEL32.dll1202Sleep
KERNEL32.dll82CloseHandle
KERNEL32.dll448GetCurrentProcess
KERNEL32.dll1130SetFileTime
KERNEL32.dll867MoveFileW
KERNEL32.dll343FlushFileBuffers
KERNEL32.dll1126SetFilePointer
KERNEL32.dll1107SetEndOfFile
KERNEL32.dll499GetFileType
KERNEL32.dll136CreateFileA
KERNEL32.dll143CreateFileW
KERNEL32.dll960ReadFile
KERNEL32.dll1317WriteFile
KERNEL32.dll466GetDriveTypeA
KERNEL32.dll485GetFileAttributesA
KERNEL32.dll490GetFileAttributesW
KERNEL32.dll1118SetFileAttributesA
KERNEL32.dll1121SetFileAttributesW
KERNEL32.dll211DeleteFileA
KERNEL32.dll214DeleteFileW
KERNEL32.dll124CreateDirectoryA
KERNEL32.dll129CreateDirectoryW
KERNEL32.dll302FindClose
KERNEL32.dll323FindNextFileA
KERNEL32.dll306FindFirstFileA
KERNEL32.dll612GetStdHandle
KERNEL32.dll313FindFirstFileW
KERNEL32.dll676GetVersionExW
KERNEL32.dll871MultiByteToWideChar
KERNEL32.dll390GetCommandLineA
KERNEL32.dll1112SetErrorMode
KERNEL32.dll532GetModuleFileNameW
KERNEL32.dll715HeapAlloc
KERNEL32.dll586GetProcessHeap
KERNEL32.dll719HeapFree
KERNEL32.dll722HeapReAlloc
KERNEL32.dll97CompareStringA
KERNEL32.dll281ExitProcess
KERNEL32.dll354FreeLibrary
KERNEL32.dll581GetProcAddress
KERNEL32.dll831LoadLibraryW
KERNEL32.dll449GetCurrentProcessId
KERNEL32.dll536GetModuleHandleW
KERNEL32.dll838LocalFileTimeToFileTime
KERNEL32.dll1213SystemTimeToFileTime
KERNEL32.dll293FileTimeToSystemTime
KERNEL32.dll292FileTimeToLocalFileTime
KERNEL32.dll631GetSystemTime
KERNEL32.dll1297WideCharToMultiByte
KERNEL32.dll100CompareStringW
KERNEL32.dll766IsDBCSLeadByte
KERNEL32.dll370GetCPInfo
KERNEL32.dll428GetConsoleMode
KERNEL32.dll1085SetConsoleMode
KERNEL32.dll958ReadConsoleW
KERNEL32.dll325FindNextFileW
USER32.dll506LoadStringW
USER32.dll54CharToOemBuffA
USER32.dll57CharUpperA
USER32.dll821wvsprintfW
USER32.dll60CharUpperW
USER32.dll55CharToOemBuffW
USER32.dll820wvsprintfA
USER32.dll53CharToOemA
USER32.dll546OemToCharBuffA
USER32.dll545OemToCharA
ADVAPI32.dll682SetFileSecurityW
ADVAPI32.dll407LookupPrivilegeValueW
ADVAPI32.dll503OpenProcessToken
ADVAPI32.dll681SetFileSecurityA
ADVAPI32.dll31AdjustTokenPrivileges
ordentry_vafunction_name
module_nameWINRAR.SFX
flags0
timestamp2012-06-09 13:19:29
version0.0
ordinal_base1
nFunctions0
nNames0
Names(0)0
Functions(0)0
NameOrdinals(0)0
offsetsizetypecomment
075264EXE06/09/2012 13:19:29#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] can't find file_offset of VA 0x0