filename | Dpicker.exe | |
---|---|---|
size | 3087872 (0x2f1e00) | |
md5 | 563902dd19af19065718433640efa47a | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | scan pending | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x50 |
blocks_in_file | 2 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0xf |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0x1a |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x100 |
DOS stub
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0:
PE Header
Packer / Compiler
This file is packed with ASPack. Analysis will be incomplete without unpacking. |
Sections
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x6ac000 | 0x6ac040 | 0x696c10 | 0x6ad010 | 0 | 0 |
id | lang | string |
---|---|---|
65088 | 0 | 02 fb b5 7d ce 81 7e 64 f7 7d b3 39 02 cc 62 c6 |...}..~d.}.9..b.| 19 df a5 f6 9a 6f bc ef ef 7b 61 1d 50 f1 23 88 |.....o...{a.P.#.| 08 9a 09 65 d9 ff 83 44 13 15 16 1c ec 13 0b e8 |...e...D........| dd 8e 7f 13 b6 74 c4 4f 07 0b 7f b9 9e f4 3d 30 |.....t.O......=0| b1 fa 8f 49 12 1e ff f9 61 a0 37 48 52 11 9b e5 |...I....a.7HR...| aa 67 8e b9 59 2f 5f 51 79 0e e7 df |.g..Y/_Qy... | |
65104 | 0 | 6c 84 c9 c7 0d 6e 1d 9d ca 3a bb fe 8b b4 fc e6 |l....n...:......| 7d 7e cb cc 3b 3e b5 6c 8c ae 80 cf 8f fc f7 48 |}~..;>.l.......H| 8b b0 b2 43 06 8b 00 01 b2 1f 59 c9 14 21 0a dd |...C......Y..!..| 6b f5 3e 7f b7 34 8e 9d e3 e4 ca 61 bf 51 fc 67 |k.>..4.....a.Q.g| dc 77 d6 d9 47 0a 1e 4a 77 f5 d1 db 16 34 7e e4 |.w..G..Jw....4~.| 7e 59 b5 ff d7 7d b5 f6 e6 61 d8 c9 ab 57 fe 0c |~Y...}...a...W..| 12 ca 3e 21 e6 48 a3 bb cf 25 99 0b 14 a5 77 ff |..>!.H...%....w.| 25 da 74 79 01 e3 2a ac 4b 8e 64 1f 5d 43 bf 02 |%.ty..*.K.d.]C..| 08 c7 ba 4a 0a 9c 0e a3 f1 49 11 73 f5 e3 c7 c5 |...J.....I.s....| cb 1d 63 71 12 59 d4 fc ab ff a1 4c 3e 6a 38 78 |..cq.Y.....L>j8x| fa 52 f5 7f e0 66 09 b3 3a 13 24 50 b1 7f e7 76 |.R...f..:.$P...v| 7d 4a 92 16 e1 85 7a b6 3b 74 a4 a2 f3 f6 10 f8 |}J....z.;t......| 71 f9 c6 4f 71 b1 4f 60 d2 39 b2 13 ec 92 34 26 |q..Oq.O`.9....4&| 8a b4 28 b8 ea 45 20 11 92 c7 bd bf f5 bf f2 a1 |..(..E .........| 0f 11 9b 93 e2 ee ef da 1f 92 97 ef ef d3 67 0d |..............g.| 22 d0 44 9b 89 66 b1 44 46 cd 07 19 67 20 a7 35 |".D..f.DF...g .5| 70 62 d0 f1 eb b0 76 12 4c 58 86 f2 93 f3 ff 59 |pb....v.LX.....Y| 4d 0e ef c5 e5 fc 42 3f 3c 53 a4 df a4 1e 63 22 |M.....B? |
module_name | hint | ord | function_name |
---|---|---|---|
kernel32.dll | GetProcAddress | ||
kernel32.dll | GetModuleHandleA | ||
kernel32.dll | LoadLibraryA | ||
oleaut32.dll | SysFreeString | ||
advapi32.dll | RegQueryValueExW | ||
user32.dll | MessageBoxA | ||
user32.dll | SetClassLongW | ||
gdi32.dll | UnrealizeObject | ||
version.dll | VerQueryValueW | ||
advapi32.dll | RegUnLoadKeyW | ||
oleaut32.dll | SafeArrayPtrOfIndex | ||
oleaut32.dll | GetErrorInfo | ||
ole32.dll | OleUninitialize | ||
comctl32.dll | InitializeFlatSB | ||
user32.dll | EnumDisplayMonitors | ||
msvcrt.dll | memset | ||
shell32.dll | Shell_NotifyIconW | ||
winspool.drv | OpenPrinterW | ||
winspool.drv | GetDefaultPrinterW |
ord | entry_va | function_name | |
---|---|---|---|
1 | 0x65190 | TMethodImplementationIntercept |
StringTable 040904E4
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
VS_FIXEDFILEINFO
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 4 |
FileType | 1 |
FileSubtype | 0 |
Scanning the drive for archives: 1 file, 3087872 bytes (3016 KiB) Errors: 1
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x2eadb4
[?] can't find file_offset of VA 0x2eb254
[?] can't find file_offset of VA 0x2eb6ec
[?] can't find file_offset of VA 0x2ebb88
[?] can't find file_offset of VA 0x2ebe34
[?] can't find file_offset of VA 0x2ec284
[?] can't find file_offset of VA 0x2ec324
[?] can't find file_offset of VA 0x2ec408
[?] can't find file_offset of VA 0x2ec744
[?] can't find file_offset of VA 0x2ecb5c
[?] can't find file_offset of VA 0x2eceac
[?] can't find file_offset of VA 0x2ed370
[?] can't find file_offset of VA 0x2ed5ec
[?] can't find file_offset of VA 0x2eda08
[?] can't find file_offset of VA 0x2edeb8
[?] can't find file_offset of VA 0x2ee374
[?] can't find file_offset of VA 0x2ee708
[?] can't find file_offset of VA 0x2eeaa8
[?] can't find file_offset of VA 0x2eeec4
[?] can't find file_offset of VA 0x2eefb8
[?] can't find file_offset of VA 0x2ef07c
[?] can't find file_offset of VA 0x2ef2e4
[?] can't find file_offset of VA 0x2ef718
[?] can't find file_offset of VA 0x2efa78
[?] can't find file_offset of VA 0x2efd64
[!] string size(128516) > stringtable size(92). truncated to 90
[!] cannot convert "\xB5}\xCE\x81~d\xF7}\xB39\x02\xCCb\xC6\x19\xDF"... to UTF-16
[!] string size(67800) > stringtable size(1496). truncated to 1494
[!] cannot convert "\xC9\xC7\rn\x1D\x9D\xCA:\xBB\xFE\x8B\xB4\xFC\xE6}~"... to UTF-16
[?] can't find file_offset of VA 0x2f0080
[?] can't find file_offset of VA 0x2f0090
[?] can't find file_offset of VA 0x2f0788
[?] can't find file_offset of VA 0x2f078c
[?] can't find file_offset of VA 0x2f0e44
[?] can't find file_offset of VA 0x2f0e58
[?] can't find file_offset of VA 0x2f0e6c
[?] can't find file_offset of VA 0x2f0e80
[?] can't find file_offset of VA 0x2f0e94
[?] can't find file_offset of VA 0x2f0ea8
[?] can't find file_offset of VA 0x2f0ebc
[?] can't find file_offset of VA 0x0