| filename | dll.exe#vxv | |
|---|---|---|
| size | 293264 (0x47990) | |
| md5 | a522164108e0507df20adb9d551ed153 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xc8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 - v1.22 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0xf000 | 0 | RWX UDATA | |
| UPX1 | 0x10000 | 0x4000 | 0x3a00 | RWX IDATA | |
| .rsrc | 0x14000 | 0x2000 | 0x1200 | RW- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x14f38 | 0xd4 | |
| RESOURCE | 0x14000 | 0xf38 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0x47418 | 0x578 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| type | name | size | cp | |
|---|---|---|---|---|
| AVI | #1 | 8192 | 0 | |
| BITMAP | #24 | 224 | 0 | |
| ICON | #1 | 744 | 0 | |
| ICON | #2 | 296 | 0 | |
| GROUP_ICON | #1 | 34 | 1200 | |
| VERSION | #1 | 528 | 1200 | |
| MANIFEST | #1 | 1768 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| KERNEL32.DLL | ExitProcess | ||
| MSVBVM60.DLL | 100 |
StringTable 080904B0
| FileDescription | |
| FileVersion | 2.3.1.3 |
| InternalName | |
| LegalCopyright | Copyright (C) 2016 |
| OriginalFilename | |
| ProductVersion | 2.3.1.3 |
VS_FIXEDFILEINFO
| FileVersion | 2.3.1.3 |
| ProductVersion | 2.3.1.3 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=2016_X002/OU=SAGE/O=SAGE/L=City
serial: 3C2DC251
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1009631825 (0x3c2dc251)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2016_X002, OU=SAGE, O=SAGE, L=City
Validity
Not Before: Aug 30 12:26:10 2016 GMT
Not After : Aug 29 12:26:10 2021 GMT
Subject: CN=2016_X002, OU=SAGE, O=SAGE, L=City
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:99:9d:cd:0b:f0:c6:86:d0:ef:e0:b5:2b:0a:fd:
37:8f:63:15:b3:e4:2e:72:70:f1:f2:2f:0e:54:92:
7f:7f:be:34:b7:4f:bf:21:ea:7b:59:0c:17:bf:21:
70:8c:6b:a9:dd:2e:d1:b2:cd:8c:a4:73:b3:de:88:
77:99:b4:95:95:20:3a:5e:16:f8:fe:42:0e:04:91:
e5:39:de:5a:87:a0:48:a3:36:9e:1e:b8:af:7a:ee:
68:fd:20:e5:41:2b:23:60:2c:27:06:b8:72:5c:f4:
bd:88:6d:fd:e4:47:84:c1:20:f6:d9:ee:12:c8:cf:
35:5a:6a:9b:71:d0:65:b5:7c:43:f3:8f:56:0b:77:
99:72:08:b4:d2:63:c7:02:2f:ae:a8:98:73:fd:38:
ea:82:a0:b0:2e:a9:6c:a9:f3:f1:d5:53:9e:a2:e8:
a6:83:e2:1d:1b:bf:3d:d6:c9:db:d5:ff:50:2d:4d:
cc:a3:ea:3d:5c:9e:b0:9c:69:ad:55:bf:9c:4f:15:
23:28:f4:b5:e0:20:ee:71:0b:c6:c0:24:ad:dc:64:
ab:b2:88:aa:4f:69:74:6d:0a:2b:4a:df:44:58:ba:
2a:12:b0:5a:ad:78:67:75:43:1e:bd:fe:d2:3a:30:
de:90:ea:03:8e:45:49:d8:34:ab:df:82:4f:8c:a7:
6e:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
27:38:0a:10:05:92:21:69:c6:74:0e:0a:ad:96:45:1c:b2:de:
7b:6d:86:76:1f:92:7a:0f:6e:81:18:35:13:97:06:b8:03:57:
1e:1d:12:3c:f8:e5:fb:9c:c6:97:d7:58:a2:cb:79:dd:dd:36:
11:32:00:d5:43:e8:8c:1d:94:bd:4e:00:be:34:bf:fc:e7:a8:
1a:c1:db:97:75:b5:9a:eb:10:d6:9a:b4:7a:81:90:c1:34:4f:
d3:94:c9:c7:de:d5:d1:28:f5:2e:17:ed:c5:b9:4b:4c:48:b0:
88:b2:9e:7d:23:cf:af:63:72:e4:ff:26:5e:9e:47:bb:e8:25:
d5:fc:d9:64:f8:df:68:32:e3:c3:06:59:df:3e:63:1f:20:21:
96:23:bf:fa:7a:0f:d8:c1:4a:1f:c6:03:fa:95:74:e0:d6:be:
16:dc:3a:eb:7d:1d:22:67:a8:18:47:50:b4:80:ab:68:f8:d0:
ed:e0:fe:03:64:d1:6f:53:9c:bb:9e:d6:d8:a2:4b:a4:b5:d3:
aa:37:35:c4:b5:0c:c0:40:33:d8:b7:39:b3:8a:48:1e:de:09:
30:cb:15:9f:26:4f:f2:ff:a5:02:77:fc:3a:34:2a:db:4d:74:
17:68:d4:12:9c:95:78:24:65:1b:d9:20:85:48:18:18:68:07:
a9:2b:af:bb
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
46 d5 2b c2 8c 2e de fe 45 54 5e 74 1f 73 b7 2a |F.+.....ET^t.s.*| b1 13 96 10 |.... |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 0x3C2DC251
- RSA-SHA256: nil
- #2
- CN: 2016_X002
- OU: SAGE
- O: SAGE
- L: City
- 2016-08-30 12:26:10 UTC: 2021-08-29 12:26:10 UTC
- #4
- CN: 2016_X002
- OU: SAGE
- O: SAGE
- L: City
- #5
- rsaEncryption: nil
- 99:9D:CD:0B:F0:C6:86:D0:EF:E0:B5:2B:0A:FD:37:8F:
63:15:B3:E4:2E:72:70:F1:F2:2F:0E:54:92:7F:7F:BE:
34:B7:4F:BF:21:EA:7B:59:0C:17:BF:21:70:8C:6B:A9:
DD:2E:D1:B2:CD:8C:A4:73:B3:DE:88:77:99:B4:95:95:
20:3A:5E:16:F8:FE:42:0E:04:91:E5:39:DE:5A:87:A0:
48:A3:36:9E:1E:B8:AF:7A:EE:68:FD:20:E5:41:2B:23:
60:2C:27:06:B8:72:5C:F4:BD:88:6D:FD:E4:47:84:C1:
20:F6:D9:EE:12:C8:CF:35:5A:6A:9B:71:D0:65:B5:7C:
43:F3:8F:56:0B:77:99:72:08:B4:D2:63:C7:02:2F:AE:
A8:98:73:FD:38:EA:82:A0:B0:2E:A9:6C:A9:F3:F1:D5:
53:9E:A2:E8:A6:83:E2:1D:1B:BF:3D:D6:C9:DB:D5:FF:
50:2D:4D:CC:A3:EA:3D:5C:9E:B0:9C:69:AD:55:BF:9C:
4F:15:23:28:F4:B5:E0:20:EE:71:0B:C6:C0:24:AD:DC:
64:AB:B2:88:AA:4F:69:74:6D:0A:2B:4A:DF:44:58:BA:
2A:12:B0:5A:AD:78:67:75:43:1E:BD:FE:D2:3A:30:DE:
90:EA:03:8E:45:49:D8:34:AB:DF:82:4F:8C:A7:6E:27: 0x010001
- keyUsage: 0xc0
- RSA-SHA256:
27 38 0a 10 05 92 21 69 c6 74 0e 0a ad 96 45 1c |'8....!i.t....E.| b2 de 7b 6d 86 76 1f 92 7a 0f 6e 81 18 35 13 97 |..{m.v..z.n..5..| 06 b8 03 57 1e 1d 12 3c f8 e5 fb 9c c6 97 d7 58 |...W...<.......X| a2 cb 79 dd dd 36 11 32 00 d5 43 e8 8c 1d 94 bd |..y..6.2..C.....| 4e 00 be 34 bf fc e7 a8 1a c1 db 97 75 b5 9a eb |N..4........u...| 10 d6 9a b4 7a 81 90 c1 34 4f d3 94 c9 c7 de d5 |....z...4O......| d1 28 f5 2e 17 ed c5 b9 4b 4c 48 b0 88 b2 9e 7d |.(......KLH....}| 23 cf af 63 72 e4 ff 26 5e 9e 47 bb e8 25 d5 fc |#..cr..&^.G..%..| d9 64 f8 df 68 32 e3 c3 06 59 df 3e 63 1f 20 21 |.d..h2...Y.>c. !| 96 23 bf fa 7a 0f d8 c1 4a 1f c6 03 fa 95 74 e0 |.#..z...J.....t.| d6 be 16 dc 3a eb 7d 1d 22 67 a8 18 47 50 b4 80 |....:.}."g..GP..| ab 68 f8 d0 ed e0 fe 03 64 d1 6f 53 9c bb 9e d6 |.h......d.oS....| d8 a2 4b a4 b5 d3 aa 37 35 c4 b5 0c c0 40 33 d8 |..K....75....@3.| b7 39 b3 8a 48 1e de 09 30 cb 15 9f 26 4f f2 ff |.9..H...0...&O..| a5 02 77 fc 3a 34 2a db 4d 74 17 68 d4 12 9c 95 |..w.:4*.Mt.h....| 78 24 65 1b d9 20 85 48 18 18 68 07 a9 2b af bb |x$e.. .H..h..+..|
- 2
- 1
- unnamed
- #0
- CN: 2016_X002
- OU: SAGE
- O: SAGE
- L: City
- 0x3C2DC251
- #0
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
ec 39 54 ae 20 4a 22 2a 50 d1 a0 3e 87 84 e1 a2 |.9T. J"*P..>....| 13 ce dd 96 |.... |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
02 4b 47 e6 0c 51 02 fa 65 36 48 6c 19 ef 31 7a |.KG..Q..e6Hl..1z| d0 e7 8d 55 0c 2a a6 fc 56 a8 6b 3d 3e b0 ed d1 |...U.*..V.k=>...| 94 1f d0 c3 77 b4 91 2c 19 3a 32 2c a7 c9 51 fb |....w..,.:2,..Q.| 22 ea a2 7f 72 9b 4b f2 2d 56 27 65 39 47 17 7e |"...r.K.-V'e9G.~| 14 c4 30 0d b5 f6 09 fe 4b 34 6f 9d 10 fc f5 25 |..0.....K4o....%| 42 f3 e0 b3 e4 0a db bf 0d ba b6 9a 54 12 aa 21 |B...........T..!| 19 0c fb de 3c 20 e3 4d 46 ad c5 7e ee 14 00 52 |....< .MF..~...R| fb a7 e5 50 18 5d 96 35 20 39 60 ec 25 6c 8d 8f |...P.].5 9`.%l..| 44 bc e2 16 fc ac 9a 42 42 73 d1 da 97 ab cb bd |D......BBs......| a8 f8 4a 51 9c ab ea 1e 0a 3e c0 b3 f9 41 3e f8 |..JQ.....>...A>.| c2 0f b4 3b 17 a1 ce eb 68 02 9e 5f 22 53 d1 19 |...;....h.._"S..| c2 89 70 21 0c 37 3c 39 96 7d 80 33 a0 a8 b1 83 |..p!.7<9.}.3....| 45 f6 36 e4 b2 fc 2f ed cd 61 f6 2b 4a bb 59 6d |E.6.../..a.+J.Ym| 1d 1e 2e 9f 3f a4 55 a6 bd 99 5a b9 b1 d5 a2 e1 |....?.U...Z.....| 51 38 f3 a8 45 6b fc 3d 31 ae 3c bf 72 de 2c aa |Q8..Ek.=1.<.r.,.| 53 76 3f 5d f5 24 9e 26 18 a4 f3 8d e9 a5 72 a7 |Sv?].$.&......r.|
- unnamed
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0xe1f8
[?] ignoring invalid PEdump::BITMAPINFOHEADER