filenameef45.fcb
size162416 (0x27a70)
md585c0e28cc724f839016fba5b73d2a206
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xc8

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
00000040: 5d fb c7 da 19 9a a9 89  19 9a a9 89 19 9a a9 89  |]...............|
00000050: 9a 86 a7 89 18 9a a9 89  70 85 a0 89 1c 9a a9 89  |........p.......|
00000060: f0 85 a4 89 18 9a a9 89  72 69 63 68 19 9a a9 89  |........rich....|
00000070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080: 00 00 00 00 00 00 00 00                           |........        |

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0xfef368
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x50f
Magic0x10b
LinkerVersion9.0
SizeOfCode0xa000
SizeOfInitializedData0x2000
SizeOfUninitializedData0
AddressOfEntryPoint0x15a0
BaseOfCode0x1000
BaseOfData0xb000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x1000
OperatingSystemVersion4.0
ImageVersion1.0
SubsystemVersion4.256
Reserved10
SizeOfImage0xf000
SizeOfHeaders0x1000
CheckSum0x155a4
Subsystem2
DllCharacteristics4
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual Basic v5.0

Sections

namevavsizeraw sizeflags
.text0x10000x9c150xa000R-X CODE
.data0xb0000x21000x1000RW- IDATA
.rsrcp0xe0000x89b0x600R-- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0xa5c40x24
RESOURCE0xe0000x700
EXCEPTION00
SECURITY0x20000x3200
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR0x24000x9090
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x10000x383
Delay_IAT00
CLR_Header00
typenamesizecpr
ICON#3000130412000
ICON#300014813107724390913
ICON#3000113421085190196608
ICON#300016568012147483776
ICON#3000174412000
ICON#30001314577601441848
ICON#30001059316304
ICON#300016472509877229336221990038596
ICON#300015242611050332416
ICON#300010655361
ICON#30001517741762259985111881
ICON#300013000321474838240
ICON#3000113107200196630937611534336
ICON#300013936190922487495447387413661
ICON#300011342108519065680
ICON#30001214748368801342108519
ICON#3000120819151123899161623394062723
ICON#300011342108519065680
ICON#3000116750681833945208083900958844
ICON#3000113893949673940356442223499388
ICON#3000101490636812288
ICON#3000124874956673874135422643739691
ICON#30001314543405938024324973807635587
ICON#3000172745980262180
ICON#30001000
ICON#3000178865794316654999694121416775
ICON#300011342108519065536
ICON#30001656801033248
ICON#3000120447232378011648035913728
ICON#3000329612000
GROUP_ICON#14812000
#36880#154812000
module_namehintordfunction_name
MSVBVM60.DLL__vbaVarSub
MSVBVM60.DLL4__vbaStrI2
MSVBVM60.DLL2_CIcos
MSVBVM60.DLL1_adj_fptan
MSVBVM60.DLL3__vbaVarMove
MSVBVM60.DLL3__vbaAryMove
MSVBVM60.DLL4__vbaFreeVar
MSVBVM60.DLL3__vbaLateIdCall
MSVBVM60.DLL3__vbaStrVarMove
MSVBVM60.DLL3__vbaLineInputStr
MSVBVM60.DLL3__vbaLenBstr
MSVBVM60.DLL4__vbaFreeVarList
MSVBVM60.DLL1_adj_fdiv_m64
MSVBVM60.DLL3__vbaFreeObjList
MSVBVM60.DLL135_adj_fprem1
MSVBVM60.DLL3__vbaStrCat
MSVBVM60.DLL4__vbaSetSystemError
MSVBVM60.DLL135__vbaHresultCheckObj
MSVBVM60.DLL3__vbaLenVar
MSVBVM60.DLL1_adj_fdiv_m32
MSVBVM60.DLL3__vbaAryVar
MSVBVM60.DLL3__vbaAryDestruct
MSVBVM60.DLL3__vbaVarForInit
MSVBVM60.DLL3__vbaObjSet
MSVBVM60.DLL595
MSVBVM60.DLL135_adj_fdiv_m16i
MSVBVM60.DLL3__vbaObjSetAddref
MSVBVM60.DLL4_adj_fdivr_m16i
MSVBVM60.DLL1_CIsin
MSVBVM60.DLL631
MSVBVM60.DLL3__vbaChkstk
MSVBVM60.DLL526
MSVBVM60.DLL4__vbaFileClose
MSVBVM60.DLLEVENT_SINK_AddRef
MSVBVM60.DLL3__vbaGenerateBoundsError
MSVBVM60.DLL3__vbaGet3
MSVBVM60.DLL3__vbaVarTstEq
MSVBVM60.DLL3__vbaI2I4
MSVBVM60.DLLDllFunctionCall
MSVBVM60.DLL135_adj_fpatan
MSVBVM60.DLL4__vbaLateIdCallLd
MSVBVM60.DLL3__vbaRedim
MSVBVM60.DLLEVENT_SINK_Release
MSVBVM60.DLL4__vbaUI1I2
MSVBVM60.DLL4_CIsqrt
MSVBVM60.DLLEVENT_SINK_QueryInterface
MSVBVM60.DLL3__vbaUI1I4
MSVBVM60.DLL3__vbaExceptHandler
MSVBVM60.DLL711
MSVBVM60.DLL3__vbaStrToUnicode
MSVBVM60.DLL712
MSVBVM60.DLL3__vbaPrintFile
MSVBVM60.DLL606
MSVBVM60.DLL135_adj_fprem
MSVBVM60.DLL4_adj_fdivr_m64
MSVBVM60.DLL3__vbaFPException
MSVBVM60.DLL717
MSVBVM60.DLL3__vbaStrVarVal
MSVBVM60.DLL3__vbaVarCat
MSVBVM60.DLL644
MSVBVM60.DLL1_CIlog
MSVBVM60.DLL3__vbaErrorOverflow
MSVBVM60.DLL3__vbaFileOpen
MSVBVM60.DLL4__vbaVar2Vec
MSVBVM60.DLL3__vbaInStr
MSVBVM60.DLL3__vbaNew2
MSVBVM60.DLL648
MSVBVM60.DLL571
MSVBVM60.DLL1_adj_fdiv_m32i
MSVBVM60.DLL1_adj_fdivr_m32i
MSVBVM60.DLL4__vbaStrCopy
MSVBVM60.DLL3__vbaFreeStrList
MSVBVM60.DLL4_adj_fdivr_m32
MSVBVM60.DLL1_adj_fdiv_r
MSVBVM60.DLL578
MSVBVM60.DLL100
MSVBVM60.DLL3__vbaVarTstNe
MSVBVM60.DLL3__vbaI4Var
MSVBVM60.DLL4__vbaAryLock
MSVBVM60.DLL3__vbaVarAdd
MSVBVM60.DLL3__vbaStrToAnsi
MSVBVM60.DLL3__vbaVarDup
MSVBVM60.DLL3__vbaVarCopy
MSVBVM60.DLL1_CIatan
MSVBVM60.DLL3__vbaAryCopy
MSVBVM60.DLL3__vbaUI1Str
MSVBVM60.DLL4__vbaStrMove
MSVBVM60.DLL3__vbaStrVarCopy
MSVBVM60.DLL1_allmul
MSVBVM60.DLL1_CItan
MSVBVM60.DLL546
MSVBVM60.DLL4__vbaAryUnlock
MSVBVM60.DLL3__vbaVarForNext
MSVBVM60.DLL1_CIexp
MSVBVM60.DLL3__vbaFreeObj
MSVBVM60.DLL3__vbaFreeStr

No certificates in

undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass
No certificates in
undefined method `type' for nil:NilClass

Cannot call to_der on

undefined method `type' for nil:NilClass
offsetsizetypecomment
050688EXE07/13/1970 09:14:16#
15c115HTM#
c600111728BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 162416 bytes (159 KiB)



Errors: 1
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[!] PEdump::IMAGE_RESOURCE_DIRECTORY: 36865 entries in directory, but got EOF on 14128-th.
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49216
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49464
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49912
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49472
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 114704
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49169
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49284
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49278
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49200
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 114703
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 53200
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 114647
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49232
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 48906
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49153
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49304
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49406
[?] too many errors getting resource data, stopped on 194 of 14128
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49376
[?] too many errors getting resource data, stopped on 0 of 1
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49416
[?] too many errors getting resource data, stopped on 2 of 3
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 49416
[?] too many errors getting resource data, stopped on 1 of 3
[?] can't find file_offset of VA 0xe7b4
[?] can't find file_offset of VA 0x420034
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x2e0031
[?] can't find file_offset of VA 0x4b0
[?] can't find file_offset of VA 0xf34ac318
[?] can't find file_offset of VA 0x67000000
[?] can't find file_offset of VA 0x4ffef367
[?] can't find file_offset of VA 0x530052
[?] can't find file_offset of VA 0x800000c8
[?] can't find file_offset of VA 0x75328000
[?] can't find file_offset of VA 0x442bf34a
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0xe803177c
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x7ce8e883
[?] can't find file_offset of VA 0x7d65c052
[?] can't find file_offset of VA 0x4b000
[?] can't find file_offset of VA 0x4ac31894
[?] can't find file_offset of VA 0xa74fe8a0
[?] can't find file_offset of VA 0x6e0049
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x177c7394
[?] can't find file_offset of VA 0x0
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too small length 1
[!] PEdump::WIN_CERTIFICATE: too small length 0
[!] PEdump::WIN_CERTIFICATE: too big length 6816183
[!] PEdump::WIN_CERTIFICATE: too big length 3271032896
[!] PEdump::WIN_CERTIFICATE: too big length 1501298688
[!] PEdump::WIN_CERTIFICATE: too big length 1003225152
[!] PEdump::WIN_CERTIFICATE: too big length 3407890