Sample details: d7b363d081c721e8ed3e0fc2f85e94c0 --

Hashes
MD5: d7b363d081c721e8ed3e0fc2f85e94c0
SHA1: 8021e12fd67baa70243647500b5d2c13c3c82d4d
SHA256: f8d6f84a58efe58abd02ec33a5726a1528932b94f9c5ae31af30ad41c1eaf752
SSDEEP: 12288:gutrzh9xOXoRYEDJyeAObcmg6dB/bEbUzaJuakRHq9Tm7:gutr5OYRYdS4DmbEbhkRKVS
Details
File Type: PE32
Yara Hits
YRP/WinRAR_SFX | YRP/winrar_sfx | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Parent Files
a6d4af95dc75905e37676aa62f16dcf0
Source
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.rsrc
v	N+D$
t4SSVW
t!h #A
zuFh$#A
P9]pu4
P9]pu6
w5SSSS
 u<h$$A
t<SSSS
WSSSSh
8]st!h
@Wh(%A
<*t*<?t
t0h<%A
t*j\@P
(<\u$8F
j Y+L$
HtFHt8Ht*Ht
(SVWj 
@SVWjg
jt"Ht'Ht
HtEHt7
uMhL#A
SSSh4&A
Ht^Ht:HtQHu'
SWj<_W3
SSh<'A
HtiHt=
t,SSSj
tFhh'A
?vNj@_+
F,;F$s7
t	FAA;t$
t	AA@f
QQSVWh
SVWj@3
;F$s6;F
SeRestorePrivilege
SeSecurityPrivilege
%.*s(%d)%s
rtmp%d
YNANRC
bad allocation
&nbsp;
<style>body{font-family:"Arial";font-size:12;}</style>
</html>
utf-8"></head>
<head><meta http-equiv="content-type" content="text/html; charset=
<html>
</style>
<style>
RarHtmlClassName
__rar_
?*<>|"
*messages***
RarSFX
SHAutoComplete
shlwapi.dll
%s %s %s
REPLACEFILEDLG
RENAMEDLG
GETPASSWORD1
ASKNEXTVOL
Software\WinRAR SFX
STATIC
Install
%s%s%d
ProgramFilesDir
Software\Microsoft\Windows\CurrentVersion
%s.%d.tmp
Delete
Silent
Overwrite
TempMode
License
Presetup
Shortcut
SavePath
Update
LICENSEDLG
RichEdit
winrarsfxmappingfile.tmp
-el -s2 "-d%s" "-p%s" "-sp%s"
__tmp_rar_sfx_access_check_%u
STARTDLG
sfxname
sfxcmd
Z2fQ`InitCommonControlsEx
COMCTL32.DLL
riched20.dll
riched32.dll
COMCTL32.dll
GetCurrentDirectoryA
SetLastError
GetLastError
CloseHandle
GetCurrentProcess
SetFileTime
MoveFileA
SetFilePointer
SetEndOfFile
GetFileType
CreateFileA
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
DosDateTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
KERNEL32.DLL
OemToCharBuffA
EnableWindow
GetDlgItem
ShowWindow
MessageBoxA
IsWindow
CopyRect
GetClientRect
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DefWindowProcA
GetWindowLongA
SetWindowLongA
RegisterClassExA
LoadCursorA
SetWindowTextA
UpdateWindow
CreateWindowExA
MapWindowPoints
GetParent
GetWindowRect
CharUpperA
GetWindow
GetSystemMetrics
GetWindowTextA
SetWindowPos
LoadStringA
CharToOemBuffA
wvsprintfA
FindWindowExA
GetClassNameA
ReleaseDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
USER32.dll
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
GetDeviceCaps
DeleteObject
GDI32.dll
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
COMDLG32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoA
SHFileOperationA
ShellExecuteExA
SHChangeNotify
SHELL32.dll
CoCreateInstance
CLSIDFromString
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
ole32.dll
OLEAUT32.dll
WINRAR.SFX
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
FFF))EE	FFFF))))))
 (08@P`p
33!D	3
WwS7'u
gwS37%w`	
gwS3	3
WwR"'P
Wwgu"'P
g33WwQ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
  version="1.0.0.0"
  processorArchitecture="*"
  name="WinRAR SFX"
  type="win32"/>
<description>WinRAR SFX module</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
  <security>
    <requestedPrivileges>
      <requestedExecutionLevel level="asInvoker"            
      uiAccess="false"/>
    </requestedPrivileges>
  </security>
</trustInfo>
<dependency>
  <dependentAssembly>
    <assemblyIdentity
      type="win32"
      name="Microsoft.Windows.Common-Controls"
      version="6.0.0.0"
      processorArchitecture="*"
      publicKeyToken="6595b64144ccf1df"
      language="*"/>
  </dependentAssembly>
</dependency>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application>
    <!--The ID below indicates application support for Windows Vista -->
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
    <!--The ID below indicates application support for Windows 7 -->
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
  </application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
    <dpiAware>true</dpiAware>
  </asmv3:windowsSettings>
</asmv3:application>
</assembly>
CMT	AL
instll.bat
/_,/j=
curl.exe
g&|se]g
Ad^+5"!;
;A#o7S7s
HWjL%W
+2{OfH
rAe:i]mg
'R8%uEj
o7<+4p
Mm	1G[
xi3 bf^
1	0zFJe
N_YwRE
>ABPNZ
 Z;,DQK
)2Tkt-
xl%cX;
y|(=&Q|
PwItJ|
>U'tq0\
W_(:>"7
=!?yLN
AraJOj
HqcQP*,-9
TSMdt1
gwT`uOjA
}(lLr}@g|
{~a8}S
.7D:|-
klPi8K
w7ZWw0
Za8{=4=^
'^<GSk
i}D&Y2m
=L\s,Y
#lO^Pb
g}!^|m{
g^=ic#
B&j8_9u
%}S:P ~e
XDzX;<
i[O!_[
nog2c|
jE*ebN
#Y{E%q"
wpVKsd
yjRsXt5#J
&QN4g7u
m		MVC
;@.-PD!
8&n#f0
(= \+X`w
ot3x5<dA
8.}wDq
><8le+
?h~16%
=/nG=&
/dLOiK
%%zG"_P
?%|FX?
rvt1=(
$+.54ls
3@xbG8L
-zU}',
Ysw@a+
N5#QH,
}w#$/r+
<GlGc8W
{A\{7@'x
chPVEK
iCz4?K
ivq5=E
etH%MH?
2w{YV$
|1h)ip
JFwv!p
sgH>p<
R4SqYD
`moRW,o
RYIu&T
rqv9sy
/Cu!?0
O`='V[
SO\rkp
Ln3"F?
?,Lqcm
M$c"71
y.A#N2
7!o]`-
y/~cr<
#vW=.e
hfW4<s
DZhgzfR
^rZ@/tc
{.u ep
0qg![c
5nAXmi
3O eoO
Jo	diISh
{U|v'9
=HlZ9Dt
eh~FHka
]%kV^aR
a/)kO#
 `"nD;S#
U-dS=T
f[z\gY
=12Xhni
Z"~bc_(N
U*ceNO
a.ijGc
nkdaK^S3
TLI/VW
}qq1nu
y=QRq"g
A@W6g(
LxF8up0
O^]k/x
dXzIgU
a=mr$e
	$5EY[lW
AV*%p:
$mQziz%
5?wn>3
i{&*:_P
gZT?,1N
Sb(H*{
~*Z[`i
\L3:z 
JD+&LC
"T~d<"	
ysZw'1~d
b/\nB%
@Ks#+9
8 $iHc
YY3@W)
WBx4 W
Iv 7Q:0
+;*9A:
{uJBlq7^
cheZ	g]y
0zA%Ce
{[]Q/<
6,DBcj!q
:-gTk(x
:>:0mN
(ri-kA
0'4c3N
k9|t0x^
*zWBb:
L]00%]
a'T/-};K
?UF^xt
f73\5*
u_jk~u
V]6%_,
^J\'u,.
D^`-@D
.r:ezR
<t2C8<2_
h94Xkv-W
|I)|mO
'`Q)10
%"^,XE
 ]uQ/G
NS1	W]Cm
e}FVVF
CCC_<XI
URH]89+
DH>1Ew
)c5p"Z
'iWKxu
y0>zd];
kB]6^*
KD$R1)
9J#bgi
Hkg\K&x
l6-x=`
+W6o^yv
[z?x,cc
yD}g%q
]t~o^Xsd
;xWlw 
<[8v4I
*k3\QhS
=XXt_:Xb
aq-6=E
J;yZ\a
w)^JW~m
rGx[op
`;<2,uU"X
n!5YzH
80RSwK
Lt3v_\L
8tmrAu
N`UlZ.
a[;+&5V
|z;O{H
NlPj>	a
9^8?'cV
d9p9P8>
o@@D!L
 "YBZg
movtu 
KVm=6-0
oiqvES
`@r_4+
@>*"3!
6x8Ud0C
d{n@j9
:3 {` 
X(MY4C
Bh$f,H
#y[0i`\>C
Az	!J+
^F'}5h
?qY{4:L
	l/1YK
"V'z-);M
dVbb}c
+t\)'exh
f)^d|Z-
"]ghb+
u9WyM;o!
bp1:b9
*StC.J
g0Z?5JG
ewxv8T
,v:iL	
oW18^:
6W3)9N
h4chsy
.*nxHM%
O'N6+?
&liBFE
r1&Nk=
-&&6q}
%Ie$4}
[dWg~o
4uVEct
"e5XYh
B1DpqN
yD3soc
tQ"/iQ?
qR].Z_
%#s<ea6HF}[
Xk<b0p
< GEdY
 lEXDo
Q*	(|7
T(s<+-
i!-Y1g
0+?-`AF%
<eiO$+!!o
H1@hdI
MvRA"+CT
gAt%Q&
C0 +iB+
[HgSat
CU$Z3m
e sv>1
S+AdRK
Ju\`N3
!	,~Qf~
??,5"}
<xdT}&
	B%n@4
<rg&K	
K|{4O)
-{2W=#,
$7U	0z
bO2]P-
7S|f6|
l\^Yhkw&(
C	oWR0
gQ.'{N
aH$66p
Zg1fF+
]7}"r 
D(Rg'g
BZ6l%O
]/At^<
v"Ruz5
YJ30*CZ
D6,`)`t
!eF!EF
{z_ouG
.IJe}.(
WR|15"E
(+dyUg
i=`WS"
tMI.Sg
)&Tp+@
mP%6'x
\D\Rb[N
T6RAX|
7 )4OO
T	%kB~
xskkja
vpwczo
qw4pYG
4##8~rn
"cd1eT
YgeDeR
d]M;.<&
qNV"$ 
S+ (aY g
M)p]b3A
KwYZ^c6%
X4V3Ou#
ilF\&/!I
|	,$Re
6TwDo`
$v(d\v
2v{o'Wt
G$zn4,
D~*O9kl
a2^n^Z
i8N;>f%
3Sz{>Nc
[?Gujj
s)~8|T
DNzlWo?
:|_Wci
[&+[o:
XxbbcI
J"*!^8[
5yV)aB
"]BhwR
v/#h`E
cZ0?-kI
VJ.C(0
fLaI@M#S
]fg'#w3
>MOd**
x5<ze=.W7
tz]JMM
r6teV1
Q?R?S?'~
t3(tht
~4:d:t:
8)T.:E+
defrg.exe
d4mf(%8
TKT9Ke
5N0r;T
v=+(}YSp`
J+tfhw
/]>FQL
+*)X9U@h
XDP/P.
;'Kh3p
ppT&:I
instsrv.exe
@rD@9F
.O)#sg
	l0|y$
)dhGT]
N+J}=T+
c3%@U3
rDi?Q4
&/R^<s
12s;28
hk:OLu
  'r'Z
rh'Tv[
}5Jo|o
&7fpu#|l
@cJ="\|
V.a^|7v
wn;agj*
3p0uur
{:$^sU'	V
xY@*@#
_([lE6
q%ro( 
rM*1_Tx$
+jv14T
Z&F{OQ
,jcSE(
=XjQP'i
IkcB.O]
I-3&iK-Gf
U6r3,0
o`$IQ u3
ME#	C"(I^<
U3L]?)
Rd<A3B
Storchk.exe
rFBK	,
<"4}u*
eE4W BOI
gn[fto4j-
6u/_*s
.P)mNv
'9L5Iv
2`pW!pG
D,)h+'
-ucydie
HI3F%}
3h&?BkzsyR
t/8^,Z
_8},~c
hoca9}
/ )4+{
J[/_oM[
,b3Gt1
g|sbfMA8
bEyH$/*
:UoF* m{ 
<wMSGJS
?w`56u
Q*yK"0r
_H_}QN
QY%q:5 =^
	-vf?Xx
fjxlXS
 .B9Sg
.U\c?s
|H8=Ej
o(BGg;
+LgpYq
]hdAzf
o@#\/I
8SmM-=
lWmkRT
qtwE'&
l|xFvH?Q
pM13d^Og
WxM1'	
CJ.${q
AV+U8r
C9x|_>t
7Tcl2F
`u_:`	q(
SE2m%YR
I&YBQT
jP5 2JY
-(axjt
!]R"A@
RT#!>b
/	Yd4u
-KS}]z
%8_9MQ
rFq	t;T
d"Z:Ug
+yH?(|
/W(1cui
	VaU#c
4.3BB_#
a3LHGC
r2.'CIn
89eO"V\
oN`6xEb
*Edw&]
bx[3w\~i
SuCL`]
f$DA#z,
rf}px5
b<I8',
ZR6YK0
^{2*~S
,MohmV
Qp#]::
<0G/7,
`{NGh(
sD3'FSlkI
a:kFYp
8YpP!C
P{4xm~
*6U2%6
H:F `$
 !Ol<+
"G;QuCjmkaVR^
al*OI-g
xY`<ee
++'fq99:
[*O8	n
:tjF]O
jl9j z
-hW4:G4C
x^:;+kV
{zb#:'V
FF`i.D4
:;xEBCL7
R),jh?>
b.^_)3
a!dOLBE3/A
Ul,'F;^`Dm
Y^D5?V
S=h/%C
& 5'$Bu
lKCdqw
?P)<zMa2>S{
{qk0:Dz
`xf-H^kR
e3&Pu&S42-
fmc3kCUx~
VL*uiV
5v]smM
0?i$Bo
k^ m`+
sBzR#^
vbK-+{0
v% 0M`&O
k823F:
ns8E;5._
OU!2)06
D[~H]>N
wGDYt}
L=uM8%
}3oojW;m
0xC&0:
i4Z9Vn
4Sol{|
QzW9'A
Nl	5Av
3Rt1;A
jOD)V:z
-v2!7&
d}q*DQ
|g]_+.
EDoFrX
zC5F/%
18,R3B
{>.?(W
sN;a]A
,_B$ap
Yl5"kc	
jae4]0
2g5FLq
z-o-5B
S)CJ>I hP
"H!A4#
1%13191
NW\VD^r~}
I<M>"f
$ETBz[NP
P4#:EJ
ij$1 )
aq{hEbUp
l?v\m\
 p)~+<1Q
\W?R+hW
EPDC)`
/ZFPET 
-H>Br)
q"~|u)
	XXrB;
\YuBrhK
Iu2ZI-L
/BK{%]%
c;s8vw
Us^ G#
[v%q'wG
T;v'	;h
"X%&kI
\'<[$^
tr.QR5
.6!4&<
_l`w&Y
~p@yGs
kq-/q5
QWSd|Hi9
[7%kJP
_:Rl7><
R',Cxh
gGLExw
MV4wnP
Z^Q:M1
isz4[)
D$*>LQ?
xdq!Gl5