filename | pafish.exe | |
---|---|---|
size | 394688 (0x605c0) | |
md5 | 4957d5d48a4045e74ebe498cbb15c7db | |
type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x40e019 | 0x40e01c | 0x40b008 | 0x40d004 | 0 | 0 |
type | name | size | cp | |
---|---|---|---|---|
ICON | #1 | 270376 | 0 | |
ICON | #2 | 67624 | 0 | |
ICON | #3 | 9640 | 0 | |
ICON | #4 | 4264 | 0 | |
ICON | #5 | 2440 | 0 | |
ICON | #6 | 1128 | 0 | |
GROUP_ICON | A | 90 | 0 | |
VERSION | #1 | 648 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
ADVAPI32.DLL | 245 | GetUserNameA | |
ADVAPI32.DLL | 413 | RegOpenKeyExA | |
ADVAPI32.DLL | 423 | RegQueryValueExA | |
KERNEL32.dll | 78 | CheckRemoteDebuggerPresent | |
KERNEL32.dll | 82 | CloseHandle | |
KERNEL32.dll | 135 | CreateFileA | |
KERNEL32.dll | 207 | DeleteCriticalSection | |
KERNEL32.dll | 212 | DeleteFileW | |
KERNEL32.dll | 219 | DeviceIoControl | |
KERNEL32.dll | 236 | EnterCriticalSection | |
KERNEL32.dll | 279 | ExitProcess | |
KERNEL32.dll | 446 | GetCurrentProcess | |
KERNEL32.dll | 481 | GetFileAttributesA | |
KERNEL32.dll | 510 | GetLastError | |
KERNEL32.dll | 527 | GetModuleFileNameA | |
KERNEL32.dll | 529 | GetModuleHandleA | |
KERNEL32.dll | 577 | GetProcAddress | |
KERNEL32.dll | 608 | GetStdHandle | |
KERNEL32.dll | 671 | GetVersionExA | |
KERNEL32.dll | 734 | InitializeCriticalSection | |
KERNEL32.dll | 744 | InterlockedExchange | |
KERNEL32.dll | 763 | IsDBCSLeadByteEx | |
KERNEL32.dll | 764 | IsDebuggerPresent | |
KERNEL32.dll | 814 | LeaveCriticalSection | |
KERNEL32.dll | 860 | MultiByteToWideChar | |
KERNEL32.dll | 892 | OutputDebugStringA | |
KERNEL32.dll | 1046 | SetConsoleTextAttribute | |
KERNEL32.dll | 1091 | SetLastError | |
KERNEL32.dll | 1140 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 1152 | Sleep | |
KERNEL32.dll | 1173 | TlsGetValue | |
KERNEL32.dll | 1213 | VirtualProtect | |
KERNEL32.dll | 1215 | VirtualQuery | |
KERNEL32.dll | 1247 | WideCharToMultiByte | |
msvcrt.dll | 55 | __getmainargs | |
msvcrt.dll | 65 | __mb_cur_max | |
msvcrt.dll | 77 | __p__environ | |
msvcrt.dll | 79 | __p__fmode | |
msvcrt.dll | 99 | __set_app_type | |
msvcrt.dll | 147 | _cexit | |
msvcrt.dll | 182 | _errno | |
msvcrt.dll | 200 | _filbuf | |
msvcrt.dll | 266 | _iob | |
msvcrt.dll | 383 | _onexit | |
msvcrt.dll | 426 | _setmode | |
msvcrt.dll | 583 | abort | |
msvcrt.dll | 590 | atexit | |
msvcrt.dll | 592 | atoi | |
msvcrt.dll | 595 | calloc | |
msvcrt.dll | 607 | fclose | |
msvcrt.dll | 610 | fflush | |
msvcrt.dll | 618 | fopen | |
msvcrt.dll | 620 | fputc | |
msvcrt.dll | 621 | fputs | |
msvcrt.dll | 625 | free | |
msvcrt.dll | 633 | fwrite | |
msvcrt.dll | 637 | getenv | |
msvcrt.dll | 671 | localeconv | |
msvcrt.dll | 676 | malloc | |
msvcrt.dll | 689 | printf | |
msvcrt.dll | 692 | puts | |
msvcrt.dll | 704 | setlocale | |
msvcrt.dll | 706 | signal | |
msvcrt.dll | 714 | strchr | |
msvcrt.dll | 728 | strstr | |
msvcrt.dll | 743 | toupper | |
msvcrt.dll | 748 | vfprintf | |
msvcrt.dll | 761 | wcslen | |
USER32.dll | 247 | GetCursorPos |
StringTable 040904E4
CompanyName | |
FileVersion | |
FileDescription | Paranoid Fish is paranoid |
InternalName | |
LegalCopyright | |
LegalTrademarks | |
OriginalFilename | |
ProductName | Paranoid Fish |
ProductVersion |
VS_FIXEDFILEINFO
FileVersion | 0.3.0.1 |
ProductVersion | 0.3.0.1 |
StrucVersion | 0x10000 |
FileFlagsMask | 0 |
FileFlags | 0 |
FileOS | 0 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /CN=Pafish
serial: 3786BBFF6430128C4AAAD9D6E1AFE22D
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: 37:86:bb:ff:64:30:12:8c:4a:aa:d9:d6:e1:af:e2:2d Signature Algorithm: sha1WithRSA Issuer: CN=Pafish Validity Not Before: Feb 23 18:22:17 2013 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=Pafish Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:bf:51:c7:53:a0:88:e2:e3:7f:8a:a9:15:f1:09: 78:d5:83:e1:22:8a:f7:e6:ab:2f:69:63:df:6c:fa: 07:0f:8c:9a:15:b4:43:f8:7e:ad:df:93:7f:73:20: 8c:dc:06:f9:c4:06:1a:dd:d6:cb:c4:0b:dc:70:e8: 1d:87:27:6f:43:5a:60:2c:4b:b1:2b:e7:f0:d0:2d: b6:85:3f:48:ed:11:ab:2f:7d:e7:66:01:42:32:4d: 11:1f:73:c7:53:9c:41:16:f1:ed:08:2e:74:8b:a7: dc:e4:09:02:36:31:0b:1d:4e:52:a3:69:88:bb:47: a5:a9:78:9f:66:49:5a:02:55 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE 2.5.29.1: 09..M.dK.w.rT.g.hn....0.1.0..U....Pafish..7...d0..J......- Signature Algorithm: sha1WithRSA 82:b2:1c:1d:02:a8:0e:ae:ad:fc:35:c1:46:f7:a4:f6:84:c3: cb:57:39:5f:4d:06:cb:1a:b8:e3:5c:aa:e6:db:63:ab:11:1b: 60:da:56:40:cb:82:70:a2:35:6e:ee:67:61:bd:48:83:35:e2: a7:c1:97:77:5a:37:38:76:0a:da:77:e7:ab:f7:2a:83:c2:2f: 1f:65:8e:7c:5e:ef:19:cd:8b:c5:ad:aa:a2:33:01:8d:85:81: d1:12:64:a3:79:fb:b2:dc:0d:c2:7a:4b:e2:68:22:e4:55:22: 32:2a:a4:a7:8e:10:b1:28:58:e8:e2:17:30:48:3b:49:99:3f: 61:bf
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
8f ac 6a 6f f8 28 04 f7 bc 5b e7 ed be 09 3d f0 |..jo.(...[....=.| a6 5b 81 e8 |.[.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 37:86:BB:FF:64:30:12:8C:4A:AA:D9:D6:E1:AF:E2:2D
- RSA-SHA1-2: nil
- CN: Pafish
- 2013-02-23 18:22:17 UTC: 2039-12-31 23:59:59 UTC
- CN: Pafish
- #5
- rsaEncryption: nil
- BF:51:C7:53:A0:88:E2:E3:7F:8A:A9:15:F1:09:78:D5:
83:E1:22:8A:F7:E6:AB:2F:69:63:DF:6C:FA:07:0F:8C:
9A:15:B4:43:F8:7E:AD:DF:93:7F:73:20:8C:DC:06:F9:
C4:06:1A:DD:D6:CB:C4:0B:DC:70:E8:1D:87:27:6F:43:
5A:60:2C:4B:B1:2B:E7:F0:D0:2D:B6:85:3F:48:ED:11:
AB:2F:7D:E7:66:01:42:32:4D:11:1F:73:C7:53:9C:41:
16:F1:ED:08:2E:74:8B:A7:DC:E4:09:02:36:31:0B:1D:
4E:52:A3:69:88:BB:47:A5:A9:78:9F:66:49:5A:02:55: 0x010001
- X509v3 extensions
- basicConstraints: true, true
- 2.5.29.1
64 4b ae 77 bc 72 54 da 67 b5 68 6e 8b 19 |dK.w.rT.g.hn.. |
- CN: Pafish
37 86 bb ff 64 30 12 8c 4a aa d9 d6 e1 af e2 2d |7...d0..J......-|
- RSA-SHA1-2:
82 b2 1c 1d 02 a8 0e ae ad fc 35 c1 46 f7 a4 f6 |..........5.F...| 84 c3 cb 57 39 5f 4d 06 cb 1a b8 e3 5c aa e6 db |...W9_M.....\...| 63 ab 11 1b 60 da 56 40 cb 82 70 a2 35 6e ee 67 |c...`.V@..p.5n.g| 61 bd 48 83 35 e2 a7 c1 97 77 5a 37 38 76 0a da |a.H.5....wZ78v..| 77 e7 ab f7 2a 83 c2 2f 1f 65 8e 7c 5e ef 19 cd |w...*../.e.|^...| 8b c5 ad aa a2 33 01 8d 85 81 d1 12 64 a3 79 fb |.....3......d.y.| b2 dc 0d c2 7a 4b e2 68 22 e4 55 22 32 2a a4 a7 |....zK.h".U"2*..| 8e 10 b1 28 58 e8 e2 17 30 48 3b 49 99 3f 61 bf |...(X...0H;I.?a.|
- 2
- 1
- #0
- CN: Pafish
- 37:86:BB:FF:64:30:12:8C:4A:AA:D9:D6:E1:AF:E2:2D
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
1a d3 56 24 5e 72 3d db 98 e6 bf 9d 92 51 db f1 |..V$^r=......Q..| e5 60 ef fe |.`.. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
0c 16 7a 2d 1b 21 22 65 a2 23 cc fa 42 c6 9b 79 |..z-.!"e.#..B..y| 1d 4d 8f 32 db 55 ce 02 48 93 1f f7 14 bd e6 de |.M.2.U..H.......| 97 8a 2a f4 f7 4b 71 b9 83 e5 a9 de d1 1a 0c 7b |..*..Kq........{| c6 53 2b 9e da 46 46 24 8d 12 76 b9 61 cb d4 97 |.S+..FF$..v.a...| c5 e3 5e 4a db 0b 95 93 9c f1 e4 65 78 86 98 e8 |..^J.......ex...| 08 a3 61 17 d8 59 09 16 17 4b 9a 64 70 38 48 de |..a..Y...K.dp8H.| 21 53 c5 e5 7c 84 3a 36 84 e6 5a eb e5 53 ad ae |!S..|.:6..Z..S..| 83 e0 79 d8 4d c4 93 2c 62 9e 7a 17 64 36 13 3f |..y.M..,b.z.d6.?|
- #0
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0xb008