filenameout.exe
size776192 (0xbd800)
md596fca1be228dafa4c5a8822022fd5d82
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xd8

Rich Header

lib idversiontimes used
149307299
10404
1473072933
1313072927
13230729130
148307291
145307291

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections4
TimeDateStamp0x4a5bc622
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x102
Magic0x10b
LinkerVersion9.0
SizeOfCode0x52e00
SizeOfInitializedData0x6a600
SizeOfUninitializedData0
AddressOfEntryPoint0x9768
BaseOfCode0x1000
BaseOfData0x52000
ImageBase0x1000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion6.1
ImageVersion6.1
SubsystemVersion6.1
Reserved10
SizeOfImage0xc0000
SizeOfHeaders0x400
CheckSum0xcd612
Subsystem2
DllCharacteristics0x8140
SizeOfStackReserve0x40000
SizeOfStackCommit0x2000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.text0x10000x52c810RWX CODE
.data0x540000x40c00RW- IDATA
.rsrc0x590000x627900RW- IDATA
.hdata0xbfb240x70000x6400RWX CODE IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x51adc0x154
RESOURCE0x590000x62790
EXCEPTION00
SECURITY00
BASERELOC0xbc0000x3b24
DEBUG0x53c240x38
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x301600x40
Bound_IAT0x2700x154
IAT0x10000x630
Delay_IAT0x51a5c0x40
CLR_Header00
typenamesizecpr
#1843465535
#026247612475284820
#17744233203302411605043893763178460
#590091703780718684976431769497966
#3876017122072322999705510126607
#409634406400
#65542331363723117066982462740
#786432193827895019385888621938855020
#2621444227380735362387865568728459
#00640
#334556334556340364544
#36454400872415232
#770048147783679923320985791583348813
#3430762162470786703439965184
#196960343996518412751810891750344141
#4096201129188520113354932011366924
#20199147983601403417352
#195253969454410993811429761051830835023
#16576111
#1920168494185238334213977037121685024032
#403344232654890334533441551131156150
#1633970222177966022426292385292365587458
#124753382513112280599098113111917
#12475338294942405131118955007941
#124753343113112014605651713111885
#1247533438310713435058051405204239
#12475337875121801342177280
#12475337704542464671938561539711488
#12475338800016908512
#1247533767590091339456435712
#124753343062540175360268435456
#124753374124326962972425393296259176
#12475338715126554265542
#1247533790167787520201326592
#1247533890671088763591503872131084
#124753386721684551702621448192
#1247533533104857640960
#1247533679104857600
#36406560892299809421750738492299033993
#39679376751089444026962818573909091315
#146492620713589380791075395624278190081
#389601126493666917429989560223698683899
#3909091315334253260911706748042528
#1744896521#1281909609429454999238926036474294921596
#1744896521#230529164482381430288365901281776
#390909131524675883517503219203321955671
offsetsizetypecomment
026624EXE07/13/2009 23:41:22#
15c115HTM#
643c027569PNG(256 x 256)#
736c84657PNG(750 x 400)#
749005454PNG(938 x 500)#
75e506855PNG(1125 x 600)#
779184069PNG(190 x 50)#
789004372PNG(238 x 63)#
79a184523PNG(285 x 75)#
7abc82995PNG(190 x 50)#
7b7803105PNG(238 x 63)#
7c3a83128PNG(285 x 75)#
7cfe04215PNG(385 x 50)#
7e0584561PNG(482 x 63)#
7f2304718PNG(578 x 75)#
804a03040PNG(385 x 50)#
810803121PNG(482 x 63)#
81cb83222PNG(578 x 75)#
829504656PNG(190 x 151)#
83b804877PNG(238 x 188)#
84e905159PNG(285 x 227)#
862b83256PNG(190 x 151)#
86f703396PNG(238 x 188)#
87cb83578PNG(285 x 227)#
88ab84918PNG(385 x 151)#
89df05201PNG(482 x 188)#
8b2485560PNG(578 x 227)#
8c8003380PNG(385 x 151)#
8d5383792PNG(482 x 188)#
8e4083830PNG(578 x 227)#
8f3003749PNG(68 x 16)#
901a83969PNG(88 x 21)#
911304164PNG(104 x 25)#
921783774PNG(68 x 16)#
930384003PNG(88 x 21)#
93fe04204PNG(104 x 25)#
950504427PNG(136 x 27)#
961a04856PNG(172 x 34)#
974985178PNG(204 x 41)#
988d84955PNG(292 x 27)#
99c385592PNG(364 x 34)#
9b2106209PNG(440 x 41)#
9ca584189PNG(136 x 27)#
9dab84595PNG(172 x 34)#
9ecb04981PNG(204 x 41)#
a00284706PNG(136 x 59)#
a12905512PNG(172 x 73)#
a28186595PNG(204 x 89)#
a41e04126PNG(136 x 27)#
a52004529PNG(172 x 34)#
a63b84932PNG(204 x 41)#
a77003097PNG(385 x 62)#
a83203232PNG(481 x 77)#
a8fc03349PNG(578 x 93)#
a9cd83023PNG(73 x 91)#
aa8a83056PNG(92 x 113)#
ab4983168PNG(110 x 137)#
ac0f82965PNG(190 x 27)#
acc903012PNG(238 x 33)#
ad8583066PNG(285 x 41)#
ae4583496PNG(296 x 242)#
af2003871PNG(454 x 303)#
b01204243PNG(545 x 363)#
b11b83653PNG(296 x 308)#
b20004117PNG(454 x 385)#
b30184586PNG(545 x 461)#
b42083827PNG(363 x 342)#
b51004246PNG(454 x 428)#
b61984766PNG(545 x 513)#
b74382921PNG(34 x 27)#
b7fa82957PNG(43 x 33)#
b8b382993PNG(51 x 41)#
b96e916663BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 776192 bytes (758 KiB)



Errors: 1
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 16
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 232
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 262492
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 339472
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 65558
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 8208
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 32
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 403360
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 72
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 80
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 1600
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 132
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 344080
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 364560
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 24964
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 262
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 65811
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 342
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 11216
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 3432
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 29095
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 378889
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 51234
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 1342
[?] too many errors getting resource data, stopped on 30 of 47359
[!] PEdump::IMAGE_RESOURCE_DIRECTORY: loop3 detected at file pos 39225
[?] too many errors getting resource data, stopped on 426 of 65535
[?] can't find file_offset of VA 0x905a4d
[?] can't find file_offset of VA 0x4550
[?] can't find file_offset of VA 0xef840fc0
[?] can't find file_offset of VA 0x6c5f0242
[?] can't find file_offset of VA 0x35ff0105
[?] can't find file_offset of VA 0x40c0
[?] can't find file_offset of VA 0x17c5
[?] can't find file_offset of VA 0x7381fe3d
[?] can't find file_offset of VA 0x16a0100
[?] can't find file_offset of VA 0xb8
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x2f
[?] can't find file_offset of VA 0xfffad0b5
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0xeba1f0e
[?] can't find file_offset of VA 0x77e6f671
[?] can't find file_offset of VA 0xa0d0d2e
[?] can't find file_offset of VA 0x20656220
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x75722065
[?] can't find file_offset of VA 0x1
[?] can't find file_offset of VA 0x85fffff9
[?] can't find file_offset of VA 0xc9124c
[?] can't find file_offset of VA 0xc8126d
[?] can't find file_offset of VA 0x4c6a45
[?] can't find file_offset of VA 0xb9000189
[?] can't find file_offset of VA 0x4c686369
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x4a5bc622
[?] can't find file_offset of VA 0x10200e0
[?] can't find file_offset of VA 0xa6000005
[?] can't find file_offset of VA 0xf9e9fc5d
[?] can't find file_offset of VA 0x1000
[?] can't find file_offset of VA 0x1000600
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0xcd612
[?] can't find file_offset of VA 0x2000
[?] can't find file_offset of VA 0x0
[?] can't find file_offset of VA 0x107e89fc
[?] can't find file_offset of VA 0x5300025a
[?] can't find file_offset of VA 0xff25d3ff
[?] can't find file_offset of VA 0x2bc06ff6
[?] can't find file_offset of VA 0xca5e836
[?] can't find file_offset of VA 0x47e8920
[?] can't find file_offset of VA 0x15df77ec
[?] can't find file_offset of VA 0xffeb3fe8
[?] can't find file_offset of VA 0x51adc
[?] can't find file_offset of VA 0x9768
[?] can't find EntryPoint RVA (0x9768) file offset
[?] can't find file_offset of VA 0x9768
[?] can't find EntryPoint RVA (0x9768) file offset
[?] can't find file_offset of VA 0x51adc
[?] can't find file_offset of VA 0x9768
[?] can't find EntryPoint RVA (0x9768) file offset
[?] can't find file_offset of VA 0x51adc
[?] can't find file_offset of VA 0x59000
[?] can't find file_offset of VA 0xbc000
[?] can't find file_offset of VA 0x53c24
[?] can't find file_offset of VA 0x30160
[?] can't find file_offset of VA 0x270
[?] can't find file_offset of VA 0x1000
[?] can't find file_offset of VA 0x51a5c
[?] can't find file_offset of VA 0x51adc