filename | 0a1b83fb3b4a410394e49556f725897f313e18d4.exe | |
---|---|---|
size | 195232 (0x2faa0) | |
md5 | 5a0134377829c3c19072e87c3c7c846d | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x2ed18 | 0x50 | |
RESOURCE | 0 | 0 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0x2f200 | 0x8a0 | |
BASERELOC | 0x34000 | 0xdc | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0x2ed9c | 0x34 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 67 | CloseHandle | |
KERNEL32.dll | 641 | GetWindowsDirectoryW | |
KERNEL32.dll | 1191 | lstrcatW | |
KERNEL32.dll | 127 | CreateFileW | |
KERNEL32.dll | 1109 | VirtualAllocEx | |
KERNEL32.dll | 502 | GetModuleHandleA | |
KERNEL32.dll | 544 | GetProcAddress | |
USER32.dll | 470 | LoadIconA | |
ADVAPI32.dll | 606 | RegOpenKeyW | |
ADVAPI32.dll | 554 | RegCloseKey |
Signers (1)
issuer: /CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
serial: -13A7F42387FB1364BB28282652BAB1BF
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: (Negative)13:a7:f4:23:87:fb:13:64:bb:28:28:26:52:ba:b1:bf Signature Algorithm: sha1WithRSA Issuer: CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552 Validity Not Before: Jul 13 07:49:44 2012 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:d3:3c:a5:27:9f:61:1d:2b:79:59:31:fa:58:ee: 12:8b:f5:d9:73:e3:e1:21:26:a6:ef:6d:26:42:cf: e7:a1:48:01:43:e0:d7:91:cd:08:1c:37:b3:34:4c: f7:85:2c:63:18:26:e4:b5:1a:25:f9:42:79:66:bd: 0f:63:07:a1:f2:0e:49:73:97:41:a4:47:a6:7b:e4: 86:ac:9e:0c:ce:36:a5:69:18:75:69:2d:21:7b:d0: 72:11:88:18:26:36:a7:b0:66:c1:7b:03:ce:38:50: da:6f:ef:13:d9:3d:52:2d:41:e0:9b:d2:b8:e8:c8: 92:4a:9a:5c:e4:2c:69:b0:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: Code Signing 2.5.29.1: 0....Kx..d.l*.ty....d...0..1..0....U.....341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552...X..x...D....ENA Signature Algorithm: sha1WithRSA 26:98:88:14:a6:cb:43:ee:ea:85:a7:08:14:26:8c:e7:79:9a: 62:d3:8c:6d:ed:fd:77:0e:88:d1:de:91:7a:9b:8b:c8:5f:3c: fb:46:31:86:a9:12:8e:76:ab:9a:9d:d5:9b:04:3f:6e:f1:17: a7:15:15:20:0f:e3:72:57:b7:a3:09:f1:fe:5d:e0:b8:c8:08: 4a:ab:6b:53:31:29:9c:97:29:21:ea:dd:00:72:6a:b1:55:0e: ae:04:2b:88:17:2a:84:bc:c6:cc:be:01:a3:fa:b7:e9:7f:d7: aa:c0:c8:0d:db:b3:b1:cf:a1:dd:fb:98:07:52:e7:8b:f8:a9: e0:e5
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
08 af 88 2d 95 c7 c8 25 0d 56 75 d9 75 50 38 0a |...-...%.Vu.uP8.| db b3 2e 46 |...F |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- -26127397218301705095700697259792052671
- RSA-SHA1-2: nil
- CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
- 2012-07-13 07:49:44 UTC: 2039-12-31 23:59:59 UTC
- CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
- #5
- rsaEncryption: nil
- D3:3C:A5:27:9F:61:1D:2B:79:59:31:FA:58:EE:12:8B:
F5:D9:73:E3:E1:21:26:A6:EF:6D:26:42:CF:E7:A1:48:
01:43:E0:D7:91:CD:08:1C:37:B3:34:4C:F7:85:2C:63:
18:26:E4:B5:1A:25:F9:42:79:66:BD:0F:63:07:A1:F2:
0E:49:73:97:41:A4:47:A6:7B:E4:86:AC:9E:0C:CE:36:
A5:69:18:75:69:2D:21:7B:D0:72:11:88:18:26:36:A7:
B0:66:C1:7B:03:CE:38:50:DA:6F:EF:13:D9:3D:52:2D:
41:E0:9B:D2:B8:E8:C8:92:4A:9A:5C:E4:2C:69:B0:CD: 0x010001
- #6
- extendedKeyUsage: codeSigning
- 2.5.29.1
4b 78 ad e9 64 86 6c 2a 8b 74 79 93 dc c3 84 64 |Kx..d.l*.ty....d|
- CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
ec 58 0b dc 78 04 ec 9b 44 d7 d7 d9 ad 45 4e 41 |.X..x...D....ENA|
- RSA-SHA1-2:
26 98 88 14 a6 cb 43 ee ea 85 a7 08 14 26 8c e7 |&.....C......&..| 79 9a 62 d3 8c 6d ed fd 77 0e 88 d1 de 91 7a 9b |y.b..m..w.....z.| 8b c8 5f 3c fb 46 31 86 a9 12 8e 76 ab 9a 9d d5 |.._<.F1....v....| 9b 04 3f 6e f1 17 a7 15 15 20 0f e3 72 57 b7 a3 |..?n..... ..rW..| 09 f1 fe 5d e0 b8 c8 08 4a ab 6b 53 31 29 9c 97 |...]....J.kS1)..| 29 21 ea dd 00 72 6a b1 55 0e ae 04 2b 88 17 2a |)!...rj.U...+..*| 84 bc c6 cc be 01 a3 fa b7 e9 7f d7 aa c0 c8 0d |................| db b3 b1 cf a1 dd fb 98 07 52 e7 8b f8 a9 e0 e5 |.........R......|
- 2
- 1
- #0
- CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
- -26127397218301705095700697259792052671
- SHA1: nil
- #2
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
07 b4 0f d3 72 0c d8 c5 31 19 e1 d0 57 32 7e 31 |....r...1...W2~1| fa 9c f0 fc |.... |
- 1.3.6.1.4.1.311.2.1.12:
00 33 00 34 00 31 00 32 00 33 00 35 00 32 00 32 |.3.4.1.2.3.5.2.2| 00 31 00 33 00 34 00 31 00 32 00 32 00 38 00 39 |.1.3.4.1.2.2.8.9| 00 36 00 36 00 32 00 39 00 32 00 34 00 36 00 35 |.6.6.2.9.2.4.6.5| 00 39 00 39 00 39 00 34 00 39 00 32 00 34 00 34 |.9.9.9.4.9.2.4.4| 00 37 00 33 00 39 00 38 00 36 00 39 00 35 00 38 |.7.3.9.8.6.9.5.8| 00 34 00 34 00 37 00 32 00 37 00 39 00 37 00 39 |.4.4.7.2.7.9.7.9| 00 32 00 32 00 33 00 39 00 32 00 39 00 34 00 33 |.2.2.3.9.2.9.4.3| 00 33 00 39 00 31 00 34 00 31 00 37 00 34 00 31 |.3.9.1.4.1.7.4.1| 00 36 00 39 00 34 00 36 00 31 00 38 00 35 00 33 |.6.9.4.6.1.8.5.3| 00 32 00 39 00 33 00 35 00 35 00 39 00 33 00 32 |.2.9.3.5.5.9.3.2| 00 34 00 39 00 31 00 33 00 37 00 35 00 36 00 34 |.4.9.1.3.7.5.6.4| 00 35 00 32 00 36 00 38 00 38 00 39 00 32 00 36 |.5.2.6.8.8.9.2.6| 00 33 00 31 00 32 00 39 00 32 00 33 00 36 00 37 |.3.1.2.9.2.3.6.7| 00 35 00 34 00 33 00 37 00 32 00 33 00 32 00 36 |.5.4.3.7.2.3.2.6| 00 31 00 34 00 32 00 32 00 31 00 33 00 36 00 31 |.1.4.2.2.1.3.6.1| 00 36 00 34 00 39 00 36 00 33 00 36 00 37 00 35 |.6.4.9.6.3.6.7.5| 00 32 00 31 00 36 00 31 00 31 00 35 00 36 00 37 |.2.1.6.1.1.5.6.7| 00 35 00 32 00 34 00 31 00 33 00 34 00 38 00 39 |.5.2.4.1.3.4.8.9| 00 34 00 33 00 36 00 35 00 35 00 32 00 33 00 34 |.4.3.6.5.5.2.3.4| 00 31 00 32 00 33 00 35 00 32 00 32 00 31 00 33 |.1.2.3.5.2.2.1.3| 00 34 00 31 00 32 00 32 00 38 00 39 00 36 00 36 |.4.1.2.2.8.9.6.6| 00 32 00 39 00 32 00 34 00 36 00 35 00 39 00 39 |.2.9.2.4.6.5.9.9| 00 39 00 34 00 39 00 32 00 34 00 34 00 37 00 33 |.9.4.9.2.4.4.7.3| 00 39 00 38 00 36 00 39 00 35 00 38 00 34 00 34 |.9.8.6.9.5.8.4.4| 00 37 00 32 00 37 00 39 00 37 00 39 00 32 00 32 |.7.2.7.9.7.9.2.2| 00 33 00 39 00 32 00 39 00 34 00 33 00 33 00 39 |.3.9.2.9.4.3.3.9| 00 31 00 34 00 31 00 37 00 34 00 31 00 36 00 39 |.1.4.1.7.4.1.6.9| 00 34 00 36 00 31 00 38 00 35 00 33 00 32 00 39 |.4.6.1.8.5.3.2.9| 00 33 00 35 00 35 00 39 00 33 00 32 00 34 00 39 |.3.5.5.9.3.2.4.9| 00 31 00 33 00 37 00 35 00 36 00 34 00 35 00 32 |.1.3.7.5.6.4.5.2| 00 36 00 38 00 38 00 39 00 32 00 36 00 33 00 31 |.6.8.8.9.2.6.3.1| 00 32 00 39 00 32 00 33 00 36 00 37 00 35 00 34 |.2.9.2.3.6.7.5.4| 00 33 00 37 00 32 00 33 00 32 00 36 00 31 00 34 |.3.7.2.3.2.6.1.4| 00 32 00 32 00 31 00 33 00 36 00 31 00 36 00 34 |.2.2.1.3.6.1.6.4| 00 39 00 36 00 33 00 36 00 37 00 35 00 32 00 31 |.9.6.3.6.7.5.2.1| 00 36 00 31 00 31 00 35 00 36 00 37 00 35 00 32 |.6.1.1.5.6.7.5.2| 00 34 00 31 00 33 00 34 00 38 00 39 00 34 00 33 |.4.1.3.4.8.9.4.3| 00 36 00 35 00 35 00 32 |.6.5.5.2 |
- rsaEncryption:
11 e2 94 b6 69 84 85 93 90 74 7a 76 b7 33 7b f5 |....i....tzv.3{.| 9a 20 c8 37 65 c7 88 3c 1b 74 39 ab 9f 91 1e cf |. .7e..<.t9.....| 70 4e df ef fe 79 40 7a 1a 86 50 ef 02 c1 85 1b |pN...y@z..P.....| 41 57 38 c3 21 4a 65 d5 17 e9 29 88 ab c1 2e 12 |AW8.!Je...).....| f0 56 6c 63 9f cd a6 99 23 36 83 ca b1 ac 26 74 |.Vlc....#6....&t| 39 e3 b1 76 98 82 bd f6 ca 86 a8 55 d6 04 51 54 |9..v.......U..QT| 9b df 82 b1 61 d6 4f 5d c7 c3 26 3c 2c d9 88 08 |....a.O]..&<,...| 73 e4 36 fe b4 15 3f e3 82 a9 09 42 eb c0 ae 10 |s.6...?....B....|
- #0
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK