filename | ajK0i?image=IMG0540250-JPG | |
---|---|---|
size | 337272 (0x52578) | |
md5 | 99e5fab56f9b0985bd6e7d171a63c26c | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xb8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0xe9a4 | 0xf000 | R-X CODE | |
.data | 0x10000 | 0x4878 | 0x1000 | RW- IDATA | |
.rsrc | 0x15000 | 0x4053c | 0x41000 | R-- IDATA |
Data Directory
id | lang | string |
---|---|---|
34981 | 1033 | Manijeh Ardene |
module_name | hint | ord | function_name |
---|---|---|---|
MSVBVM60.DLL | _CIcos | ||
MSVBVM60.DLL | _adj_fptan | ||
MSVBVM60.DLL | __vbaFreeVar | ||
MSVBVM60.DLL | __vbaLenBstr | ||
MSVBVM60.DLL | __vbaEnd | ||
MSVBVM60.DLL | _adj_fdiv_m64 | ||
MSVBVM60.DLL | _adj_fprem1 | ||
MSVBVM60.DLL | __vbaStrCat | ||
MSVBVM60.DLL | __vbaHresultCheckObj | ||
MSVBVM60.DLL | _adj_fdiv_m32 | ||
MSVBVM60.DLL | 594 | ||
MSVBVM60.DLL | __vbaStrLike | ||
MSVBVM60.DLL | _adj_fdiv_m16i | ||
MSVBVM60.DLL | _adj_fdivr_m16i | ||
MSVBVM60.DLL | _CIsin | ||
MSVBVM60.DLL | 631 | ||
MSVBVM60.DLL | 525 | ||
MSVBVM60.DLL | __vbaChkstk | ||
MSVBVM60.DLL | EVENT_SINK_AddRef | ||
MSVBVM60.DLL | DllFunctionCall | ||
MSVBVM60.DLL | _adj_fpatan | ||
MSVBVM60.DLL | EVENT_SINK_Release | ||
MSVBVM60.DLL | __vbaUI1I2 | ||
MSVBVM60.DLL | _CIsqrt | ||
MSVBVM60.DLL | EVENT_SINK_QueryInterface | ||
MSVBVM60.DLL | __vbaExceptHandler | ||
MSVBVM60.DLL | 712 | ||
MSVBVM60.DLL | _adj_fprem | ||
MSVBVM60.DLL | _adj_fdivr_m64 | ||
MSVBVM60.DLL | __vbaFPException | ||
MSVBVM60.DLL | 537 | ||
MSVBVM60.DLL | _CIlog | ||
MSVBVM60.DLL | __vbaErrorOverflow | ||
MSVBVM60.DLL | __vbaNew2 | ||
MSVBVM60.DLL | __vbaInStr | ||
MSVBVM60.DLL | _adj_fdiv_m32i | ||
MSVBVM60.DLL | _adj_fdivr_m32i | ||
MSVBVM60.DLL | __vbaStrCopy | ||
MSVBVM60.DLL | __vbaFreeStrList | ||
MSVBVM60.DLL | _adj_fdivr_m32 | ||
MSVBVM60.DLL | _adj_fdiv_r | ||
MSVBVM60.DLL | 100 | ||
MSVBVM60.DLL | 616 | ||
MSVBVM60.DLL | __vbaFpI4 | ||
MSVBVM60.DLL | _CIatan | ||
MSVBVM60.DLL | 618 | ||
MSVBVM60.DLL | __vbaStrMove | ||
MSVBVM60.DLL | _allmul | ||
MSVBVM60.DLL | _CItan | ||
MSVBVM60.DLL | _CIexp | ||
MSVBVM60.DLL | __vbaFreeObj | ||
MSVBVM60.DLL | __vbaFreeStr | ||
MSVBVM60.DLL | 581 |
StringTable 040904B0
Comments | marlyn auro lucky |
CompanyName | eloisa nora roel |
FileDescription | spafford bram fima |
ProductName | carlina bethena |
FileVersion | 28.47.0041 |
ProductVersion | 28.47.0041 |
InternalName | rana |
OriginalFilename | rana.exe |
VS_FIXEDFILEINFO
FileVersion | 28.47.0.41 |
ProductVersion | 28.47.0.41 |
StrucVersion | 0x10000 |
FileFlagsMask | 0 |
FileFlags | 0 |
FileOS | 4 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /C=GF/ST=SD/L=FD/O=Internet Widgits Pty Ltd
serial: 01
Certificates (1)
Certificate: Data: Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GF, ST=SD, L=FD, O=Internet Widgits Pty Ltd Validity Not Before: Mar 16 21:00:10 2013 GMT Not After : Mar 16 21:00:10 2015 GMT Subject: C=GG, ST=DD, L=FG, O=Internet Widgits Pty Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b5:60:59:68:5e:b6:7c:5d:ee:8f:14:f6:56:f7: fd:a0:95:f4:84:36:68:26:f1:86:e0:a3:d9:d2:c0: 18:44:c3:9d:16:84:cf:f5:2f:4d:1f:10:2d:39:52: 17:61:cd:6c:1c:fb:70:f6:1e:1d:30:b3:a9:39:a7: 89:3c:55:ec:8a:ea:d4:61:cd:23:1f:f4:67:23:d5: dd:22:5f:8f:f2:5d:f9:78:a8:ff:1f:02:68:bd:fb: 11:cb:5a:de:f0:d9:37:61:61:3f:af:40:bc:14:9d: 7f:b5:7d:09:2d:86:54:c6:b7:32:b4:5d:de:58:56: 30:2f:58:20:49:df:03:1b:59:88:a6:a7:0a:10:a5: e0:6a:03:e1:f4:47:57:d0:64:3b:f5:0e:cb:2e:34: cb:8e:9c:ea:82:b6:10:78:26:d1:da:69:a0:3d:43: 5f:11:e9:5b:8e:e3:d2:a0:ae:34:0f:90:0a:c0:3e: 0e:cc:62:41:3d:86:ff:77:70:8e:de:0e:d0:d1:ea: dd:dc:90:de:76:2d:8f:f4:3f:46:00:46:bc:4f:84: 57:ba:b4:be:44:7d:e7:d1:87:af:eb:b1:2c:c9:50: ba:6b:22:84:6c:af:ac:c2:fa:fc:45:1d:66:8f:5c: 80:c5:0e:04:fc:b6:97:1b:72:5a:5f:c2:90:56:83: 67:39 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption a1:2e:6d:28:fa:82:f8:64:7b:df:a1:f1:cd:f8:a7:63:fd:20: e1:05:08:73:01:cb:15:56:ec:51:92:12:c0:ad:f4:b3:99:b8: 6e:61:04:8b:7d:5a:1d:53:e7:87:9d:98:54:ed:6e:88:14:d8: 13:d5:a2:8b:55:64:c6:46:1a:66:16:1f:39:d2:20:6d:51:06: 8f:cb:d0:cf:10:7e:de:bd:4b:67:e0:fc:69:e1:bf:d2:2f:5b: 8a:21:ca:45:7c:af:fe:1a:1d:35:a5:3c:80:0c:d8:83:92:33: df:b5:85:3b:27:b1:df:81:92:da:a8:3c:a7:ce:b6:b6:ee:5a: df:22:be:a6:bf:85:a4:83:80:76:16:d1:03:65:11:17:cd:fa: 78:0b:28:69:03:78:03:d0:89:86:0e:a4:19:aa:ee:f2:16:f7: a3:a4:dc:b3:de:21:53:3a:36:cc:9d:5d:bf:67:3b:56:da:bb: d4:bc:90:f3:29:b7:76:34:ba:b5:0c:d3:3f:b9:09:d9:81:1a: 76:cb:79:37:bd:c6:68:12:c6:f7:53:35:03:5d:06:d4:53:9a: 5c:44:3d:b1:b1:02:f2:81:65:7b:b5:49:9f:83:45:c5:c5:7a: d7:db:68:c3:34:d4:24:73:68:8e:f5:4d:e3:97:6e:86:42:49: ba:15:20:41
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
8a 06 f7 39 c7 9c 9b c3 c0 5d 49 dd 3e a7 46 ef |...9.....]I.>.F.| 7d 8c 36 6b |}.6k |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 1
- RSA-SHA1: nil
- #1
- C: GF
- ST: SD
- L: FD
- O: Internet Widgits Pty Ltd
- 2013-03-16 21:00:10 UTC: 2015-03-16 21:00:10 UTC
- #3
- C: GG
- ST: DD
- L: FG
- O: Internet Widgits Pty Ltd
- #4
- rsaEncryption: nil
- B5:60:59:68:5E:B6:7C:5D:EE:8F:14:F6:56:F7:FD:A0:
95:F4:84:36:68:26:F1:86:E0:A3:D9:D2:C0:18:44:C3:
9D:16:84:CF:F5:2F:4D:1F:10:2D:39:52:17:61:CD:6C:
1C:FB:70:F6:1E:1D:30:B3:A9:39:A7:89:3C:55:EC:8A:
EA:D4:61:CD:23:1F:F4:67:23:D5:DD:22:5F:8F:F2:5D:
F9:78:A8:FF:1F:02:68:BD:FB:11:CB:5A:DE:F0:D9:37:
61:61:3F:AF:40:BC:14:9D:7F:B5:7D:09:2D:86:54:C6:
B7:32:B4:5D:DE:58:56:30:2F:58:20:49:DF:03:1B:59:
88:A6:A7:0A:10:A5:E0:6A:03:E1:F4:47:57:D0:64:3B:
F5:0E:CB:2E:34:CB:8E:9C:EA:82:B6:10:78:26:D1:DA:
69:A0:3D:43:5F:11:E9:5B:8E:E3:D2:A0:AE:34:0F:90:
0A:C0:3E:0E:CC:62:41:3D:86:FF:77:70:8E:DE:0E:D0:
D1:EA:DD:DC:90:DE:76:2D:8F:F4:3F:46:00:46:BC:4F:
84:57:BA:B4:BE:44:7D:E7:D1:87:AF:EB:B1:2C:C9:50:
BA:6B:22:84:6C:AF:AC:C2:FA:FC:45:1D:66:8F:5C:80:
C5:0E:04:FC:B6:97:1B:72:5A:5F:C2:90:56:83:67:39: 0x010001
- RSA-SHA1:
a1 2e 6d 28 fa 82 f8 64 7b df a1 f1 cd f8 a7 63 |..m(...d{......c| fd 20 e1 05 08 73 01 cb 15 56 ec 51 92 12 c0 ad |. ...s...V.Q....| f4 b3 99 b8 6e 61 04 8b 7d 5a 1d 53 e7 87 9d 98 |....na..}Z.S....| 54 ed 6e 88 14 d8 13 d5 a2 8b 55 64 c6 46 1a 66 |T.n.......Ud.F.f| 16 1f 39 d2 20 6d 51 06 8f cb d0 cf 10 7e de bd |..9. mQ......~..| 4b 67 e0 fc 69 e1 bf d2 2f 5b 8a 21 ca 45 7c af |Kg..i.../[.!.E|.| fe 1a 1d 35 a5 3c 80 0c d8 83 92 33 df b5 85 3b |...5.<.....3...;| 27 b1 df 81 92 da a8 3c a7 ce b6 b6 ee 5a df 22 |'......<.....Z."| be a6 bf 85 a4 83 80 76 16 d1 03 65 11 17 cd fa |.......v...e....| 78 0b 28 69 03 78 03 d0 89 86 0e a4 19 aa ee f2 |x.(i.x..........| 16 f7 a3 a4 dc b3 de 21 53 3a 36 cc 9d 5d bf 67 |.......!S:6..].g| 3b 56 da bb d4 bc 90 f3 29 b7 76 34 ba b5 0c d3 |;V......).v4....| 3f b9 09 d9 81 1a 76 cb 79 37 bd c6 68 12 c6 f7 |?.....v.y7..h...| 53 35 03 5d 06 d4 53 9a 5c 44 3d b1 b1 02 f2 81 |S5.]..S.\D=.....| 65 7b b5 49 9f 83 45 c5 c5 7a d7 db 68 c3 34 d4 |e{.I..E..z..h.4.| 24 73 68 8e f5 4d e3 97 6e 86 42 49 ba 15 20 41 |$sh..M..n.BI.. A|
- 1
- 1
- unnamed
- #0
- C: GF
- ST: SD
- L: FD
- O: Internet Widgits Pty Ltd
- 1
- #0
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
df f8 a8 f9 b9 4a 4e f9 7c d0 e5 0a 09 90 7c 3b |.....JN.|.....|;| 7f 9d 91 bc |.... |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
4e ab 4f f6 de 75 83 a0 b4 54 ce f3 c4 10 0e b8 |N.O..u...T......| 25 c9 56 52 8e f5 3a 66 6a ad c4 b1 47 de 98 7f |%.VR..:fj...G...| 68 39 32 09 63 20 6d 11 59 78 c4 72 92 44 59 14 |h92.c m.Yx.r.DY.| 69 7c d9 d4 61 ab 55 e7 02 17 db ae cd 5d 3d 11 |i|..a.U......]=.| 55 11 ae 3c 47 10 b8 5f 8a 5c 65 8d ba b5 23 82 |U..
B.| c4 90 62 f4 b8 00 bd 50 a0 1f 33 68 64 41 3a 6b |..b....P..3hdA:k| 15 33 d5 a3 d3 8d a6 2f 12 ed 98 78 de 82 3b 51 |.3...../...x..;Q| f0 a5 cc bb 6f 5a 14 04 37 fa ad f6 93 2a 1c 1d |....oZ..7....*..| f2 a9 91 88 5f 38 28 80 ce f4 d3 5c 34 5b 51 aa |...._8(....\4[Q.| f0 5a b2 1d 68 f1 14 95 2d 41 7a 74 3f b3 86 0c |.Z..h...-Azt?...|
- unnamed
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0x228