pafish.exe - Paranoid Fish is paranoid

info
MZ
PE
resources
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	pafish.exe
size	394688 (0x605c0)
md5	4957d5d48a4045e74ebe498cbb15c7db

type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	8
TimeDateStamp	0x52c40a85
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x30f
Magic	0x10b
LinkerVersion	2.21
SizeOfCode	0x6800
SizeOfInitializedData	0x5fe00
SizeOfUninitializedData	0xc00
AddressOfEntryPoint	0x126c
BaseOfCode	0x1000
BaseOfData	0x8000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	1.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x67000
SizeOfHeaders	0x400
CheckSum	0x6b2f6
Subsystem	3
DllCharacteristics	0
SizeOfStackReserve	0x200000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x6744	0x6800	R-X CODE IDATA
.data	0x8000	0x28	0x200	RW- IDATA
.rdata	0x9000	0x12c0	0x1400	R-- IDATA
.bss	0xb000	0xa10	0	RW- UDATA
.idata	0xc000	0x80c	0xa00	RW- IDATA
.CRT	0xd000	0x18	0x200	RW- IDATA
.tls	0xe000	0x20	0x200	RW- IDATA
.rsrc	0xf000	0x57150	0x57200	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xc000	0x80c
RESOURCE	0xf000	0x57150
EXCEPTION	0	0
SECURITY	0x60200	0x3c0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0xe000	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0xc188	0x124
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x40e019	0x40e01c	0x40b008	0x40d004	0	0

show previews

type	name	size
ICON	#1	270376
ICON	#2	67624
ICON	#3	9640
ICON	#4	4264
ICON	#5	2440
ICON	#6	1128
GROUP_ICON	A	90
VERSION	#1	648

module_name	hint	function_name
ADVAPI32.DLL	245	GetUserNameA
ADVAPI32.DLL	413	RegOpenKeyExA
ADVAPI32.DLL	423	RegQueryValueExA
KERNEL32.dll	78	CheckRemoteDebuggerPresent
KERNEL32.dll	82	CloseHandle
KERNEL32.dll	135	CreateFileA
KERNEL32.dll	207	DeleteCriticalSection
KERNEL32.dll	212	DeleteFileW
KERNEL32.dll	219	DeviceIoControl
KERNEL32.dll	236	EnterCriticalSection
KERNEL32.dll	279	ExitProcess
KERNEL32.dll	446	GetCurrentProcess
KERNEL32.dll	481	GetFileAttributesA
KERNEL32.dll	510	GetLastError
KERNEL32.dll	527	GetModuleFileNameA
KERNEL32.dll	529	GetModuleHandleA
KERNEL32.dll	577	GetProcAddress
KERNEL32.dll	608	GetStdHandle
KERNEL32.dll	671	GetVersionExA
KERNEL32.dll	734	InitializeCriticalSection
KERNEL32.dll	744	InterlockedExchange
KERNEL32.dll	763	IsDBCSLeadByteEx
KERNEL32.dll	764	IsDebuggerPresent
KERNEL32.dll	814	LeaveCriticalSection
KERNEL32.dll	860	MultiByteToWideChar
KERNEL32.dll	892	OutputDebugStringA
KERNEL32.dll	1046	SetConsoleTextAttribute
KERNEL32.dll	1091	SetLastError
KERNEL32.dll	1140	SetUnhandledExceptionFilter
KERNEL32.dll	1152	Sleep
KERNEL32.dll	1173	TlsGetValue
KERNEL32.dll	1213	VirtualProtect
KERNEL32.dll	1215	VirtualQuery
KERNEL32.dll	1247	WideCharToMultiByte
msvcrt.dll	55	__getmainargs
msvcrt.dll	65	__mb_cur_max
msvcrt.dll	77	__p__environ
msvcrt.dll	79	__p__fmode
msvcrt.dll	99	__set_app_type
msvcrt.dll	147	_cexit
msvcrt.dll	182	_errno
msvcrt.dll	200	_filbuf
msvcrt.dll	266	_iob
msvcrt.dll	383	_onexit
msvcrt.dll	426	_setmode
msvcrt.dll	583	abort
msvcrt.dll	590	atexit
msvcrt.dll	592	atoi
msvcrt.dll	595	calloc
msvcrt.dll	607	fclose
msvcrt.dll	610	fflush
msvcrt.dll	618	fopen
msvcrt.dll	620	fputc
msvcrt.dll	621	fputs
msvcrt.dll	625	free
msvcrt.dll	633	fwrite
msvcrt.dll	637	getenv
msvcrt.dll	671	localeconv
msvcrt.dll	676	malloc
msvcrt.dll	689	printf
msvcrt.dll	692	puts
msvcrt.dll	704	setlocale
msvcrt.dll	706	signal
msvcrt.dll	714	strchr
msvcrt.dll	728	strstr
msvcrt.dll	743	toupper
msvcrt.dll	748	vfprintf
msvcrt.dll	761	wcslen
USER32.dll	247	GetCursorPos

StringTable 040904E4

CompanyName
FileVersion
FileDescription	Paranoid Fish is paranoid
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName	Paranoid Fish
ProductVersion

VS_FIXEDFILEINFO

FileVersion	0.3.0.1
ProductVersion	0.3.0.1
StrucVersion	0x10000
FileFlagsMask	0
FileFlags	0
FileOS	0
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=Pafish

serial: 3786BBFF6430128C4AAAD9D6E1AFE22D

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:86:bb:ff:64:30:12:8c:4a:aa:d9:d6:e1:af:e2:2d
        Signature Algorithm: sha1WithRSA
        Issuer: CN=Pafish
        Validity
            Not Before: Feb 23 18:22:17 2013 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=Pafish
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:bf:51:c7:53:a0:88:e2:e3:7f:8a:a9:15:f1:09:
                    78:d5:83:e1:22:8a:f7:e6:ab:2f:69:63:df:6c:fa:
                    07:0f:8c:9a:15:b4:43:f8:7e:ad:df:93:7f:73:20:
                    8c:dc:06:f9:c4:06:1a:dd:d6:cb:c4:0b:dc:70:e8:
                    1d:87:27:6f:43:5a:60:2c:4b:b1:2b:e7:f0:d0:2d:
                    b6:85:3f:48:ed:11:ab:2f:7d:e7:66:01:42:32:4d:
                    11:1f:73:c7:53:9c:41:16:f1:ed:08:2e:74:8b:a7:
                    dc:e4:09:02:36:31:0b:1d:4e:52:a3:69:88:bb:47:
                    a5:a9:78:9f:66:49:5a:02:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            2.5.29.1: 
                09..M.dK.w.rT.g.hn....0.1.0..U....Pafish..7...d0..J......-
    Signature Algorithm: sha1WithRSA
         82:b2:1c:1d:02:a8:0e:ae:ad:fc:35:c1:46:f7:a4:f6:84:c3:
         cb:57:39:5f:4d:06:cb:1a:b8:e3:5c:aa:e6:db:63:ab:11:1b:
         60:da:56:40:cb:82:70:a2:35:6e:ee:67:61:bd:48:83:35:e2:
         a7:c1:97:77:5a:37:38:76:0a:da:77:e7:ab:f7:2a:83:c2:2f:
         1f:65:8e:7c:5e:ef:19:cd:8b:c5:ad:aa:a2:33:01:8d:85:81:
         d1:12:64:a3:79:fb:b2:dc:0d:c2:7a:4b:e2:68:22:e4:55:22:
         32:2a:a4:a7:8e:10:b1:28:58:e8:e2:17:30:48:3b:49:99:3f:
         61:bf

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

8f ac 6a 6f f8 28 04 f7 bc 5b e7 ed be 09 3d f0 |..jo.(...[....=.| a6 5b 81 e8 |.[.. |

2
- 37:86:BB:FF:64:30:12:8C:4A:AA:D9:D6:E1:AF:E2:2D
- RSA-SHA1-2: nil
- CN: Pafish
- 2013-02-23 18:22:17 UTC: 2039-12-31 23:59:59 UTC
- CN: Pafish
- #5
  - rsaEncryption: nil
  - BF:51:C7:53:A0:88:E2:E3:7F:8A:A9:15:F1:09:78:D5:
    83:E1:22:8A:F7:E6:AB:2F:69:63:DF:6C:FA:07:0F:8C:
    9A:15:B4:43:F8:7E:AD:DF:93:7F:73:20:8C:DC:06:F9:
    C4:06:1A:DD:D6:CB:C4:0B:DC:70:E8:1D:87:27:6F:43:
    5A:60:2C:4B:B1:2B:E7:F0:D0:2D:B6:85:3F:48:ED:11:
    AB:2F:7D:E7:66:01:42:32:4D:11:1F:73:C7:53:9C:41:
    16:F1:ED:08:2E:74:8B:A7:DC:E4:09:02:36:31:0B:1D:
    4E:52:A3:69:88:BB:47:A5:A9:78:9F:66:49:5A:02:55: 0x010001
- X509v3 extensions
  - basicConstraints: true, true
  - 2.5.29.1
    - 64 4b ae 77 bc 72 54 da 67 b5 68 6e 8b 19 |dK.w.rT.g.hn.. |
      - CN: Pafish
      - 37 86 bb ff 64 30 12 8c 4a aa d9 d6 e1 af e2 2d |7...d0..J......-|

RSA-SHA1-2:

82 b2 1c 1d 02 a8 0e ae  ad fc 35 c1 46 f7 a4 f6  |..........5.F...|
84 c3 cb 57 39 5f 4d 06  cb 1a b8 e3 5c aa e6 db  |...W9_M.....\...|
63 ab 11 1b 60 da 56 40  cb 82 70 a2 35 6e ee 67  |c...`.V@..p.5n.g|
61 bd 48 83 35 e2 a7 c1  97 77 5a 37 38 76 0a da  |a.H.5....wZ78v..|
77 e7 ab f7 2a 83 c2 2f  1f 65 8e 7c 5e ef 19 cd  |w...*../.e.|^...|
8b c5 ad aa a2 33 01 8d  85 81 d1 12 64 a3 79 fb  |.....3......d.y.|
b2 dc 0d c2 7a 4b e2 68  22 e4 55 22 32 2a a4 a7  |....zK.h".U"2*..|
8e 10 b1 28 58 e8 e2 17  30 48 3b 49 99 3f 61 bf  |...(X...0H;I.?a.|

#0
- CN: Pafish
- 37:86:BB:FF:64:30:12:8C:4A:AA:D9:D6:E1:AF:E2:2D
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

1a d3 56 24 5e 72 3d db  98 e6 bf 9d 92 51 db f1  |..V$^r=......Q..|
e5 60 ef fe                                       |.`..            |

rsaEncryption:

0c 16 7a 2d 1b 21 22 65  a2 23 cc fa 42 c6 9b 79  |..z-.!"e.#..B..y|
1d 4d 8f 32 db 55 ce 02  48 93 1f f7 14 bd e6 de  |.M.2.U..H.......|
97 8a 2a f4 f7 4b 71 b9  83 e5 a9 de d1 1a 0c 7b  |..*..Kq........{|
c6 53 2b 9e da 46 46 24  8d 12 76 b9 61 cb d4 97  |.S+..FF$..v.a...|
c5 e3 5e 4a db 0b 95 93  9c f1 e4 65 78 86 98 e8  |..^J.......ex...|
08 a3 61 17 d8 59 09 16  17 4b 9a 64 70 38 48 de  |..a..Y...K.dp8H.|
21 53 c5 e5 7c 84 3a 36  84 e6 5a eb e5 53 ad ae  |!S..|.:6..Z..S..|
83 e0 79 d8 4d c4 93 2c  62 9e 7a 17 64 36 13 3f  |..y.M..,b.z.d6.?|