0a1b83fb3b4a410394e49556f725897f313e18d4.exe

info
MZ
PE
imports
foremost
signature
hexdump
disasm
log
discuss
donate

filename	0a1b83fb3b4a410394e49556f725897f313e18d4.exe
size	195232 (0x2faa0)
md5	5a0134377829c3c19072e87c3c7c846d

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	8
TimeDateStamp	0x5001ebf9
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10e
Magic	0x10b
LinkerVersion	2.50
SizeOfCode	0x23800
SizeOfInitializedData	0xb600
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1480
BaseOfCode	0x1000
BaseOfData	0x25000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x35000
SizeOfHeaders	0x400
CheckSum	0x3ac60
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x236ca	0x23800	R-X CODE
.data	0x25000	0xa000	0xa000	RW- IDATA
.data6	0x2f000	0x3e8	0x400	RW- IDATA
.data5	0x30000	0x3e8	0x400	RW- IDATA
.data4	0x31000	0x3e8	0x400	RW- IDATA
.data3	0x32000	0x3e8	0x400	RW- IDATA
.data2	0x33000	0x3e8	0x400	RW- IDATA
.reloc	0x34000	0xdc	0x200	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x2ed18	0x50
RESOURCE	0	0
EXCEPTION	0	0
SECURITY	0x2f200	0x8a0
BASERELOC	0x34000	0xdc
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x2ed9c	0x34
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
KERNEL32.dll	67	CloseHandle
KERNEL32.dll	641	GetWindowsDirectoryW
KERNEL32.dll	1191	lstrcatW
KERNEL32.dll	127	CreateFileW
KERNEL32.dll	1109	VirtualAllocEx
KERNEL32.dll	502	GetModuleHandleA
KERNEL32.dll	544	GetProcAddress
USER32.dll	470	LoadIconA
ADVAPI32.dll	606	RegOpenKeyW
ADVAPI32.dll	554	RegCloseKey

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552

serial: -13A7F42387FB1364BB28282652BAB1BF

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)13:a7:f4:23:87:fb:13:64:bb:28:28:26:52:ba:b1:bf
        Signature Algorithm: sha1WithRSA
        Issuer: CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
        Validity
            Not Before: Jul 13 07:49:44 2012 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:d3:3c:a5:27:9f:61:1d:2b:79:59:31:fa:58:ee:
                    12:8b:f5:d9:73:e3:e1:21:26:a6:ef:6d:26:42:cf:
                    e7:a1:48:01:43:e0:d7:91:cd:08:1c:37:b3:34:4c:
                    f7:85:2c:63:18:26:e4:b5:1a:25:f9:42:79:66:bd:
                    0f:63:07:a1:f2:0e:49:73:97:41:a4:47:a6:7b:e4:
                    86:ac:9e:0c:ce:36:a5:69:18:75:69:2d:21:7b:d0:
                    72:11:88:18:26:36:a7:b0:66:c1:7b:03:ce:38:50:
                    da:6f:ef:13:d9:3d:52:2d:41:e0:9b:d2:b8:e8:c8:
                    92:4a:9a:5c:e4:2c:69:b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            2.5.29.1: 
                0....Kx..d.l*.ty....d...0..1..0....U.....341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552...X..x...D....ENA
    Signature Algorithm: sha1WithRSA
         26:98:88:14:a6:cb:43:ee:ea:85:a7:08:14:26:8c:e7:79:9a:
         62:d3:8c:6d:ed:fd:77:0e:88:d1:de:91:7a:9b:8b:c8:5f:3c:
         fb:46:31:86:a9:12:8e:76:ab:9a:9d:d5:9b:04:3f:6e:f1:17:
         a7:15:15:20:0f:e3:72:57:b7:a3:09:f1:fe:5d:e0:b8:c8:08:
         4a:ab:6b:53:31:29:9c:97:29:21:ea:dd:00:72:6a:b1:55:0e:
         ae:04:2b:88:17:2a:84:bc:c6:cc:be:01:a3:fa:b7:e9:7f:d7:
         aa:c0:c8:0d:db:b3:b1:cf:a1:dd:fb:98:07:52:e7:8b:f8:a9:
         e0:e5

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

08 af 88 2d 95 c7 c8 25 0d 56 75 d9 75 50 38 0a |...-...%.Vu.uP8.| db b3 2e 46 |...F |

#2
- 2
  - -26127397218301705095700697259792052671
  - RSA-SHA1-2: nil
  - CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
  - 2012-07-13 07:49:44 UTC: 2039-12-31 23:59:59 UTC
  - CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
  - #5
    - rsaEncryption: nil
    - D3:3C:A5:27:9F:61:1D:2B:79:59:31:FA:58:EE:12:8B:
      F5:D9:73:E3:E1:21:26:A6:EF:6D:26:42:CF:E7:A1:48:
      01:43:E0:D7:91:CD:08:1C:37:B3:34:4C:F7:85:2C:63:
      18:26:E4:B5:1A:25:F9:42:79:66:BD:0F:63:07:A1:F2:
      0E:49:73:97:41:A4:47:A6:7B:E4:86:AC:9E:0C:CE:36:
      A5:69:18:75:69:2D:21:7B:D0:72:11:88:18:26:36:A7:
      B0:66:C1:7B:03:CE:38:50:DA:6F:EF:13:D9:3D:52:2D:
      41:E0:9B:D2:B8:E8:C8:92:4A:9A:5C:E4:2C:69:B0:CD: 0x010001
  - #6
    - extendedKeyUsage: codeSigning
    - 2.5.29.1
      - 4b 78 ad e9 64 86 6c 2a 8b 74 79 93 dc c3 84 64 |Kx..d.l*.ty....d|
        CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
        ec 58 0b dc 78 04 ec 9b 44 d7 d7 d9 ad 45 4e 41 |.X..x...D....ENA|
- RSA-SHA1-2:
```
26 98 88 14 a6 cb 43 ee  ea 85 a7 08 14 26 8c e7  |&.....C......&..|
79 9a 62 d3 8c 6d ed fd  77 0e 88 d1 de 91 7a 9b  |y.b..m..w.....z.|
8b c8 5f 3c fb 46 31 86  a9 12 8e 76 ab 9a 9d d5  |.._<.F1....v....|
9b 04 3f 6e f1 17 a7 15  15 20 0f e3 72 57 b7 a3  |..?n..... ..rW..|
09 f1 fe 5d e0 b8 c8 08  4a ab 6b 53 31 29 9c 97  |...]....J.kS1)..|
29 21 ea dd 00 72 6a b1  55 0e ae 04 2b 88 17 2a  |)!...rj.U...+..*|
84 bc c6 cc be 01 a3 fa  b7 e9 7f d7 aa c0 c8 0d  |................|
db b3 b1 cf a1 dd fb 98  07 52 e7 8b f8 a9 e0 e5  |.........R......|
```

#0
- CN: 341235221341228966292465999492447398695844727979223929433914174169461853293559324913756452688926312923675437232614221361649636752161156752413489436552
- -26127397218301705095700697259792052671
SHA1: nil

contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

07 b4 0f d3 72 0c d8 c5  31 19 e1 d0 57 32 7e 31  |....r...1...W2~1|
fa 9c f0 fc                                       |....            |

1.3.6.1.4.1.311.2.1.12:

00 33 00 34 00 31 00 32  00 33 00 35 00 32 00 32  |.3.4.1.2.3.5.2.2|
00 31 00 33 00 34 00 31  00 32 00 32 00 38 00 39  |.1.3.4.1.2.2.8.9|
00 36 00 36 00 32 00 39  00 32 00 34 00 36 00 35  |.6.6.2.9.2.4.6.5|
00 39 00 39 00 39 00 34  00 39 00 32 00 34 00 34  |.9.9.9.4.9.2.4.4|
00 37 00 33 00 39 00 38  00 36 00 39 00 35 00 38  |.7.3.9.8.6.9.5.8|
00 34 00 34 00 37 00 32  00 37 00 39 00 37 00 39  |.4.4.7.2.7.9.7.9|
00 32 00 32 00 33 00 39  00 32 00 39 00 34 00 33  |.2.2.3.9.2.9.4.3|
00 33 00 39 00 31 00 34  00 31 00 37 00 34 00 31  |.3.9.1.4.1.7.4.1|
00 36 00 39 00 34 00 36  00 31 00 38 00 35 00 33  |.6.9.4.6.1.8.5.3|
00 32 00 39 00 33 00 35  00 35 00 39 00 33 00 32  |.2.9.3.5.5.9.3.2|
00 34 00 39 00 31 00 33  00 37 00 35 00 36 00 34  |.4.9.1.3.7.5.6.4|
00 35 00 32 00 36 00 38  00 38 00 39 00 32 00 36  |.5.2.6.8.8.9.2.6|
00 33 00 31 00 32 00 39  00 32 00 33 00 36 00 37  |.3.1.2.9.2.3.6.7|
00 35 00 34 00 33 00 37  00 32 00 33 00 32 00 36  |.5.4.3.7.2.3.2.6|
00 31 00 34 00 32 00 32  00 31 00 33 00 36 00 31  |.1.4.2.2.1.3.6.1|
00 36 00 34 00 39 00 36  00 33 00 36 00 37 00 35  |.6.4.9.6.3.6.7.5|
00 32 00 31 00 36 00 31  00 31 00 35 00 36 00 37  |.2.1.6.1.1.5.6.7|
00 35 00 32 00 34 00 31  00 33 00 34 00 38 00 39  |.5.2.4.1.3.4.8.9|
00 34 00 33 00 36 00 35  00 35 00 32 00 33 00 34  |.4.3.6.5.5.2.3.4|
00 31 00 32 00 33 00 35  00 32 00 32 00 31 00 33  |.1.2.3.5.2.2.1.3|
00 34 00 31 00 32 00 32  00 38 00 39 00 36 00 36  |.4.1.2.2.8.9.6.6|
00 32 00 39 00 32 00 34  00 36 00 35 00 39 00 39  |.2.9.2.4.6.5.9.9|
00 39 00 34 00 39 00 32  00 34 00 34 00 37 00 33  |.9.4.9.2.4.4.7.3|
00 39 00 38 00 36 00 39  00 35 00 38 00 34 00 34  |.9.8.6.9.5.8.4.4|
00 37 00 32 00 37 00 39  00 37 00 39 00 32 00 32  |.7.2.7.9.7.9.2.2|
00 33 00 39 00 32 00 39  00 34 00 33 00 33 00 39  |.3.9.2.9.4.3.3.9|
00 31 00 34 00 31 00 37  00 34 00 31 00 36 00 39  |.1.4.1.7.4.1.6.9|
00 34 00 36 00 31 00 38  00 35 00 33 00 32 00 39  |.4.6.1.8.5.3.2.9|
00 33 00 35 00 35 00 39  00 33 00 32 00 34 00 39  |.3.5.5.9.3.2.4.9|
00 31 00 33 00 37 00 35  00 36 00 34 00 35 00 32  |.1.3.7.5.6.4.5.2|
00 36 00 38 00 38 00 39  00 32 00 36 00 33 00 31  |.6.8.8.9.2.6.3.1|
00 32 00 39 00 32 00 33  00 36 00 37 00 35 00 34  |.2.9.2.3.6.7.5.4|
00 33 00 37 00 32 00 33  00 32 00 36 00 31 00 34  |.3.7.2.3.2.6.1.4|
00 32 00 32 00 31 00 33  00 36 00 31 00 36 00 34  |.2.2.1.3.6.1.6.4|
00 39 00 36 00 33 00 36  00 37 00 35 00 32 00 31  |.9.6.3.6.7.5.2.1|
00 36 00 31 00 31 00 35  00 36 00 37 00 35 00 32  |.6.1.1.5.6.7.5.2|
00 34 00 31 00 33 00 34  00 38 00 39 00 34 00 33  |.4.1.3.4.8.9.4.3|
00 36 00 35 00 35 00 32                           |.6.5.5.2        |

rsaEncryption:

11 e2 94 b6 69 84 85 93  90 74 7a 76 b7 33 7b f5  |....i....tzv.3{.|
9a 20 c8 37 65 c7 88 3c  1b 74 39 ab 9f 91 1e cf  |. .7e..<.t9.....|
70 4e df ef fe 79 40 7a  1a 86 50 ef 02 c1 85 1b  |pN...y@z..P.....|
41 57 38 c3 21 4a 65 d5  17 e9 29 88 ab c1 2e 12  |AW8.!Je...).....|
f0 56 6c 63 9f cd a6 99  23 36 83 ca b1 ac 26 74  |.Vlc....#6....&t|
39 e3 b1 76 98 82 bd f6  ca 86 a8 55 d6 04 51 54  |9..v.......U..QT|
9b df 82 b1 61 d6 4f 5d  c7 c3 26 3c 2c d9 88 08  |....a.O]..&<,...|
73 e4 36 fe b4 15 3f e3  82 a9 09 42 eb c0 ae 10  |s.6...?....B....|

show previews

offset	size	type	comment
0	193024	EXE	07/14/2012 22:00:25	#
15c1	15	HTM		#
2f200	2208	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK