ajK0i?image=IMG0540250-JPG - rana.exe

info
MZ
PE
resources
strings
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	ajK0i?image=IMG0540250-JPG
size	337272 (0x52578)
md5	99e5fab56f9b0985bd6e7d171a63c26c

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xb8

Rich Header

lib id	version	times used
14	7299	1
9	8041	10
13	8169	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x515caf9f
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	6.0
SizeOfCode	0xf000
SizeOfInitializedData	0x42000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x13d0
BaseOfCode	0x1000
BaseOfData	0x10000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x1000
OperatingSystemVersion	4.0
ImageVersion	28.47
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x56000
SizeOfHeaders	0x1000
CheckSum	0x5fbaa
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual Basic v5.0/v6.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xe9a4	0xf000	R-X CODE
.data	0x10000	0x4878	0x1000	RW- IDATA
.rsrc	0x15000	0x4053c	0x41000	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xf5e4	0x28
RESOURCE	0x15000	0x4053c
EXCEPTION	0	0
SECURITY	0x52000	0x578
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0x228	0x20
IAT	0x1000	0xd8
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
CURSOR	#1	820	1252
CURSOR	#2	308	1252
CURSOR	#3	308	1252
CURSOR	#4	820	1252
CURSOR	#5	308	1252
CURSOR	#6	820	1252
CURSOR	#7	308	1252
CURSOR	#8	820	1252
CURSOR	#9	820	1252
CURSOR	#10	308	1252
CURSOR	#11	820	1252
CURSOR	#12	308	1252
CURSOR	#13	820	1252
CURSOR	#14	308	1252
CURSOR	#15	308	1252
CURSOR	#16	820	1252
CURSOR	#17	308	1252
CURSOR	#18	820	1252
CURSOR	#19	308	1252
CURSOR	#20	820	1252
CURSOR	#21	820	1252
CURSOR	#22	308	1252
CURSOR	#23	820	1252
CURSOR	#24	308	1252
CURSOR	#25	820	1252
CURSOR	#26	308	1252
CURSOR	#27	820	1252
CURSOR	#28	308	1252
CURSOR	#29	820	1252
CURSOR	#30	748	1252
BITMAP	#7592	14880	1252
BITMAP	#7593	14880	1252
BITMAP	#7594	2120	1252
ICON	#1	16936	1252
ICON	#2	2064	1252
ICON	#3	1128	1252
ICON	#4	38056	1252
ICON	#5	13032	1252
ICON	#6	4264	1252
ICON	#7	67624	1252
ICON	#8	9640	1252
ICON	#9	21640	1252
ICON	#30001	304	1252
ICON	#30002	744	1252
ICON	#30003	296	1252
STRING	#2187	60	1252
GROUP_CURSOR	#29696	36	1252
GROUP_CURSOR	#29697	36	1252
GROUP_CURSOR	#29698	36	1252
GROUP_CURSOR	#29699	36	1252
GROUP_CURSOR	#29700	36	1252
GROUP_CURSOR	#29701	36	1252
GROUP_CURSOR	#29702	36	1252
GROUP_CURSOR	#29703	36	1252
GROUP_CURSOR	#29704	36	1252
GROUP_CURSOR	#29705	36	1252
GROUP_CURSOR	#29706	36	1252
GROUP_CURSOR	#29707	36	1252
GROUP_CURSOR	#29708	36	1252
GROUP_CURSOR	#29709	36	1252
GROUP_CURSOR	#29710	36	1252
GROUP_ICON	#1	132	1252
VERSION	#1	712	1252
HTML	#6349	33791	1252

id	lang	string
34981	1033	Manijeh Ardene

module_name	ord	function_name
MSVBVM60.DLL		_CIcos
MSVBVM60.DLL		_adj_fptan
MSVBVM60.DLL		__vbaFreeVar
MSVBVM60.DLL		__vbaLenBstr
MSVBVM60.DLL		__vbaEnd
MSVBVM60.DLL		_adj_fdiv_m64
MSVBVM60.DLL		_adj_fprem1
MSVBVM60.DLL		__vbaStrCat
MSVBVM60.DLL		__vbaHresultCheckObj
MSVBVM60.DLL		_adj_fdiv_m32
MSVBVM60.DLL	594
MSVBVM60.DLL		__vbaStrLike
MSVBVM60.DLL		_adj_fdiv_m16i
MSVBVM60.DLL		_adj_fdivr_m16i
MSVBVM60.DLL		_CIsin
MSVBVM60.DLL	631
MSVBVM60.DLL	525
MSVBVM60.DLL		__vbaChkstk
MSVBVM60.DLL		EVENT_SINK_AddRef
MSVBVM60.DLL		DllFunctionCall
MSVBVM60.DLL		_adj_fpatan
MSVBVM60.DLL		EVENT_SINK_Release
MSVBVM60.DLL		__vbaUI1I2
MSVBVM60.DLL		_CIsqrt
MSVBVM60.DLL		EVENT_SINK_QueryInterface
MSVBVM60.DLL		__vbaExceptHandler
MSVBVM60.DLL	712
MSVBVM60.DLL		_adj_fprem
MSVBVM60.DLL		_adj_fdivr_m64
MSVBVM60.DLL		__vbaFPException
MSVBVM60.DLL	537
MSVBVM60.DLL		_CIlog
MSVBVM60.DLL		__vbaErrorOverflow
MSVBVM60.DLL		__vbaNew2
MSVBVM60.DLL		__vbaInStr
MSVBVM60.DLL		_adj_fdiv_m32i
MSVBVM60.DLL		_adj_fdivr_m32i
MSVBVM60.DLL		__vbaStrCopy
MSVBVM60.DLL		__vbaFreeStrList
MSVBVM60.DLL		_adj_fdivr_m32
MSVBVM60.DLL		_adj_fdiv_r
MSVBVM60.DLL	100
MSVBVM60.DLL	616
MSVBVM60.DLL		__vbaFpI4
MSVBVM60.DLL		_CIatan
MSVBVM60.DLL	618
MSVBVM60.DLL		__vbaStrMove
MSVBVM60.DLL		_allmul
MSVBVM60.DLL		_CItan
MSVBVM60.DLL		_CIexp
MSVBVM60.DLL		__vbaFreeObj
MSVBVM60.DLL		__vbaFreeStr
MSVBVM60.DLL	581

StringTable 040904B0

Comments	marlyn auro lucky
CompanyName	eloisa nora roel
FileDescription	spafford bram fima
ProductName	carlina bethena
FileVersion	28.47.0041
ProductVersion	28.47.0041
InternalName	rana
OriginalFilename	rana.exe

VS_FIXEDFILEINFO

FileVersion	28.47.0.41
ProductVersion	28.47.0.41
StrucVersion	0x10000
FileFlagsMask	0
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=GF/ST=SD/L=FD/O=Internet Widgits Pty Ltd

serial: 01

Certificates (1)

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GF, ST=SD, L=FD, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Mar 16 21:00:10 2013 GMT
            Not After : Mar 16 21:00:10 2015 GMT
        Subject: C=GG, ST=DD, L=FG, O=Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:60:59:68:5e:b6:7c:5d:ee:8f:14:f6:56:f7:
                    fd:a0:95:f4:84:36:68:26:f1:86:e0:a3:d9:d2:c0:
                    18:44:c3:9d:16:84:cf:f5:2f:4d:1f:10:2d:39:52:
                    17:61:cd:6c:1c:fb:70:f6:1e:1d:30:b3:a9:39:a7:
                    89:3c:55:ec:8a:ea:d4:61:cd:23:1f:f4:67:23:d5:
                    dd:22:5f:8f:f2:5d:f9:78:a8:ff:1f:02:68:bd:fb:
                    11:cb:5a:de:f0:d9:37:61:61:3f:af:40:bc:14:9d:
                    7f:b5:7d:09:2d:86:54:c6:b7:32:b4:5d:de:58:56:
                    30:2f:58:20:49:df:03:1b:59:88:a6:a7:0a:10:a5:
                    e0:6a:03:e1:f4:47:57:d0:64:3b:f5:0e:cb:2e:34:
                    cb:8e:9c:ea:82:b6:10:78:26:d1:da:69:a0:3d:43:
                    5f:11:e9:5b:8e:e3:d2:a0:ae:34:0f:90:0a:c0:3e:
                    0e:cc:62:41:3d:86:ff:77:70:8e:de:0e:d0:d1:ea:
                    dd:dc:90:de:76:2d:8f:f4:3f:46:00:46:bc:4f:84:
                    57:ba:b4:be:44:7d:e7:d1:87:af:eb:b1:2c:c9:50:
                    ba:6b:22:84:6c:af:ac:c2:fa:fc:45:1d:66:8f:5c:
                    80:c5:0e:04:fc:b6:97:1b:72:5a:5f:c2:90:56:83:
                    67:39
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         a1:2e:6d:28:fa:82:f8:64:7b:df:a1:f1:cd:f8:a7:63:fd:20:
         e1:05:08:73:01:cb:15:56:ec:51:92:12:c0:ad:f4:b3:99:b8:
         6e:61:04:8b:7d:5a:1d:53:e7:87:9d:98:54:ed:6e:88:14:d8:
         13:d5:a2:8b:55:64:c6:46:1a:66:16:1f:39:d2:20:6d:51:06:
         8f:cb:d0:cf:10:7e:de:bd:4b:67:e0:fc:69:e1:bf:d2:2f:5b:
         8a:21:ca:45:7c:af:fe:1a:1d:35:a5:3c:80:0c:d8:83:92:33:
         df:b5:85:3b:27:b1:df:81:92:da:a8:3c:a7:ce:b6:b6:ee:5a:
         df:22:be:a6:bf:85:a4:83:80:76:16:d1:03:65:11:17:cd:fa:
         78:0b:28:69:03:78:03:d0:89:86:0e:a4:19:aa:ee:f2:16:f7:
         a3:a4:dc:b3:de:21:53:3a:36:cc:9d:5d:bf:67:3b:56:da:bb:
         d4:bc:90:f3:29:b7:76:34:ba:b5:0c:d3:3f:b9:09:d9:81:1a:
         76:cb:79:37:bd:c6:68:12:c6:f7:53:35:03:5d:06:d4:53:9a:
         5c:44:3d:b1:b1:02:f2:81:65:7b:b5:49:9f:83:45:c5:c5:7a:
         d7:db:68:c3:34:d4:24:73:68:8e:f5:4d:e3:97:6e:86:42:49:
         ba:15:20:41

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

8a 06 f7 39 c7 9c 9b c3 c0 5d 49 dd 3e a7 46 ef |...9.....]I.>.F.| 7d 8c 36 6b |}.6k |

1
- RSA-SHA1: nil
- #1
  - C: GF
  - ST: SD
  - L: FD
  - O: Internet Widgits Pty Ltd
- 2013-03-16 21:00:10 UTC: 2015-03-16 21:00:10 UTC
- #3
  - C: GG
  - ST: DD
  - L: FG
  - O: Internet Widgits Pty Ltd
- #4
  - rsaEncryption: nil
  - B5:60:59:68:5E:B6:7C:5D:EE:8F:14:F6:56:F7:FD:A0:
    95:F4:84:36:68:26:F1:86:E0:A3:D9:D2:C0:18:44:C3:
    9D:16:84:CF:F5:2F:4D:1F:10:2D:39:52:17:61:CD:6C:
    1C:FB:70:F6:1E:1D:30:B3:A9:39:A7:89:3C:55:EC:8A:
    EA:D4:61:CD:23:1F:F4:67:23:D5:DD:22:5F:8F:F2:5D:
    F9:78:A8:FF:1F:02:68:BD:FB:11:CB:5A:DE:F0:D9:37:
    61:61:3F:AF:40:BC:14:9D:7F:B5:7D:09:2D:86:54:C6:
    B7:32:B4:5D:DE:58:56:30:2F:58:20:49:DF:03:1B:59:
    88:A6:A7:0A:10:A5:E0:6A:03:E1:F4:47:57:D0:64:3B:
    F5:0E:CB:2E:34:CB:8E:9C:EA:82:B6:10:78:26:D1:DA:
    69:A0:3D:43:5F:11:E9:5B:8E:E3:D2:A0:AE:34:0F:90:
    0A:C0:3E:0E:CC:62:41:3D:86:FF:77:70:8E:DE:0E:D0:
    D1:EA:DD:DC:90:DE:76:2D:8F:F4:3F:46:00:46:BC:4F:
    84:57:BA:B4:BE:44:7D:E7:D1:87:AF:EB:B1:2C:C9:50:
    BA:6B:22:84:6C:AF:AC:C2:FA:FC:45:1D:66:8F:5C:80:
    C5:0E:04:FC:B6:97:1B:72:5A:5F:C2:90:56:83:67:39: 0x010001

RSA-SHA1:

a1 2e 6d 28 fa 82 f8 64  7b df a1 f1 cd f8 a7 63  |..m(...d{......c|
fd 20 e1 05 08 73 01 cb  15 56 ec 51 92 12 c0 ad  |. ...s...V.Q....|
f4 b3 99 b8 6e 61 04 8b  7d 5a 1d 53 e7 87 9d 98  |....na..}Z.S....|
54 ed 6e 88 14 d8 13 d5  a2 8b 55 64 c6 46 1a 66  |T.n.......Ud.F.f|
16 1f 39 d2 20 6d 51 06  8f cb d0 cf 10 7e de bd  |..9. mQ......~..|
4b 67 e0 fc 69 e1 bf d2  2f 5b 8a 21 ca 45 7c af  |Kg..i.../[.!.E|.|
fe 1a 1d 35 a5 3c 80 0c  d8 83 92 33 df b5 85 3b  |...5.<.....3...;|
27 b1 df 81 92 da a8 3c  a7 ce b6 b6 ee 5a df 22  |'......<.....Z."|
be a6 bf 85 a4 83 80 76  16 d1 03 65 11 17 cd fa  |.......v...e....|
78 0b 28 69 03 78 03 d0  89 86 0e a4 19 aa ee f2  |x.(i.x..........|
16 f7 a3 a4 dc b3 de 21  53 3a 36 cc 9d 5d bf 67  |.......!S:6..].g|
3b 56 da bb d4 bc 90 f3  29 b7 76 34 ba b5 0c d3  |;V......).v4....|
3f b9 09 d9 81 1a 76 cb  79 37 bd c6 68 12 c6 f7  |?.....v.y7..h...|
53 35 03 5d 06 d4 53 9a  5c 44 3d b1 b1 02 f2 81  |S5.]..S.\D=.....|
65 7b b5 49 9f 83 45 c5  c5 7a d7 db 68 c3 34 d4  |e{.I..E..z..h.4.|
24 73 68 8e f5 4d e3 97  6e 86 42 49 ba 15 20 41  |$sh..M..n.BI.. A|

unnamed
- #0
  - C: GF
  - ST: SD
  - L: FD
  - O: Internet Widgits Pty Ltd
- 1
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

df f8 a8 f9 b9 4a 4e f9  7c d0 e5 0a 09 90 7c 3b  |.....JN.|.....|;|
7f 9d 91 bc                                       |....            |

rsaEncryption:

4e ab 4f f6 de 75 83 a0  b4 54 ce f3 c4 10 0e b8  |N.O..u...T......|
25 c9 56 52 8e f5 3a 66  6a ad c4 b1 47 de 98 7f  |%.VR..:fj...G...|
68 39 32 09 63 20 6d 11  59 78 c4 72 92 44 59 14  |h92.c m.Yx.r.DY.|
69 7c d9 d4 61 ab 55 e7  02 17 db ae cd 5d 3d 11  |i|..a.U......]=.|
55 11 ae 3c 47 10 b8 5f  8a 5c 65 8d ba b5 23 82  |U..B.|
c4 90 62 f4 b8 00 bd 50  a0 1f 33 68 64 41 3a 6b  |..b....P..3hdA:k|
15 33 d5 a3 d3 8d a6 2f  12 ed 98 78 de 82 3b 51  |.3...../...x..;Q|
f0 a5 cc bb 6f 5a 14 04  37 fa ad f6 93 2a 1c 1d  |....oZ..7....*..|
f2 a9 91 88 5f 38 28 80  ce f4 d3 5c 34 5b 51 aa  |...._8(....\4[Q.|
f0 5a b2 1d 68 f1 14 95  2d 41 7a 74 3f b3 86 0c  |.Z..h...-Azt?...|