filenamemgv.exe
size185856 (0x2d600)
md5ac14821e6d3dc75376e38ec2b423e524
typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
mimetypeapplication/x-dosexec
clamavscan pending
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x50
blocks_in_file2
num_relocs0
header_paragraphs4
min_extra_paragraphs0xf
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0x1a
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x200

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections0xa
TimeDateStamp0x47389ec9
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x30e
Magic0x10b
LinkerVersion5.0
SizeOfCode0x3d000
SizeOfInitializedData0xd000
SizeOfUninitializedData0
AddressOfEntryPoint0x84001
BaseOfCode0x1000
BaseOfData0x3e000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x88000
SizeOfHeaders0x600
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x2000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

Aspack v2.12b (Alexey Solodovnikov)

This file is packed with ASPack. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
.text0x10000x3d0000x1c400RW- IDATA
.data0x3e0000xd0000x3a00RW- IDATA
.tls0x4b0000x10000x200RW- IDATA
.rdata0x4c0000x10000x200RW- IDATA
.idata0x4d0000x80000x1a00RW- IDATA
.edata0x550000x20000x1200RW- IDATA
.rsrc0x570000x280000x8000RW- IDATA
.reloc0x7f0000x50000RW- IDATA
.aspack0x840000x30000x2200RW- IDATA
.adata0x870000x10000RW- IDATA

Data Directory

typevasize
EXPORT0x550000x10ff
IMPORT0x84fac0xe20
RESOURCE0x570000x27a00
EXCEPTION00
SECURITY00
BASERELOC0x84f548
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS0x84f3c0x18
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
00x100000

TLS

raw
start		raw
end		indexcallbkszero
fill		flags
0x44b0000x44b09c0x44ac700x44c01000
typenamesizecp
ICON#17440
ICON#22960
STRING#40961720
RCDATADVCLAL160
RCDATATFORM_DOCTOR26980
RCDATATFORM_FIRST953160
RCDATATFORM_MAIN535070
RCDATATFORM_PRINT42880
RCDATATFR_CONFIRM7460
RCDATATIMPORTFORM18230
RCDATATLINKVISITSFORM12590
GROUP_ICONMAINICON340
idlangstring
655200
35 4e a5 75 a4 9e b3 ae  0f d0 4d ef d0 39 e4 71  |5N.u......M..9.q|
30 f8 61 e2 03 54 c7 2b  ee 0b 7d bd d3 f6 e9 f7  |0.a..T.+..}.....|
d4 00 55 cb 3e fc d3 ae  54 16 f8 9c 5f f3 8f ee  |..U.>...T..._...|
9a c4 fe a2 7e 0b 02 60  a5 12 df 55 6c df e6 ff  |....~..`...Ul...|
e5 49 df e7 c7 81 87 99  64 ee 9a b7 82 b2 50 f8  |.I......d.....P.|
1b 05 85 ae c2 3d 49 4e  c1 46 bd 3e a4 23 dc 6d  |.....=IN.F.>.#.m|
d7 fc 40 ea 58 72 71 80  2f 00 f6 f1 e2 fa 2a b8  |..@.Xrq./.....*.|
b9 5e af af 6f b0 02 b5  15 2e 10 02 ba 95 b3 3c  |.^..o..........<|
bf 4b 6a b7 bb 5b e8 6e  4f 6a 27 d5 1d ea 2a d3  |.Kj..[.nOj'...*.|
e2 3c 4b 3c 3c 36 43 c5  40 e4 84 fc 91 38 2a 5c  |.
module_namehintordfunction_name
kernel32.dllGetProcAddress
kernel32.dllGetModuleHandleA
kernel32.dllLoadLibraryA
vcl60.bpl__fastcall Consts::initialization()

@Consts@initialization$qqrv

vcl60.bpl__fastcall Graphics::initialization()

@Graphics@initialization$qqrv

vcl60.bpl__fastcall Printers::initialization()

@Printers@initialization$qqrv

vcl60.bpl__fastcall Stdctrls::initialization()

@Stdctrls@initialization$qqrv

vcl60.bpl__fastcall Extctrls::initialization()

@Extctrls@initialization$qqrv

vcl60.bpl__fastcall Dialogs::initialization()

@Dialogs@initialization$qqrv

vcl60.bpl__fastcall Clipbrd::initialization()

@Clipbrd@initialization$qqrv

vcl60.bpl__fastcall Stdactns::initialization()

@Stdactns@initialization$qqrv

vcl60.bpl__fastcall Winhelpviewer::initialization()

@Winhelpviewer@initialization$qqrv

vcl60.bpl__fastcall Actnlist::initialization()

@Actnlist@initialization$qqrv

vcl60.bpl__fastcall Forms::initialization()

@Forms@initialization$qqrv

vcl60.bpl__fastcall Imglist::initialization()

@Imglist@initialization$qqrv

vcl60.bpl__fastcall Menus::initialization()

@Menus@initialization$qqrv

vcl60.bpl__fastcall Controls::initialization()

@Controls@initialization$qqrv

vcl60.bpl__fastcall Buttons::initialization()

@Buttons@initialization$qqrv

vcl60.bpl__fastcall Toolwin::initialization()

@Toolwin@initialization$qqrv

vcl60.bpl__fastcall Comstrs::initialization()

@Comstrs@initialization$qqrv

vcl60.bpl__fastcall Extdlgs::initialization()

@Extdlgs@initialization$qqrv

vcl60.bpl__fastcall Extactns::initialization()

@Extactns@initialization$qqrv

vcl60.bpl__fastcall Listactns::initialization()

@Listactns@initialization$qqrv

vcl60.bpl__fastcall Comctrls::initialization()

@Comctrls@initialization$qqrv

vcl60.bpl__fastcall Mask::initialization()

@Mask@initialization$qqrv

vcl60.bpl__fastcall Grids::initialization()

@Grids@initialization$qqrv

rtl60.bpl__fastcall System::initialization()

@System@initialization$qqrv

rtl60.bpl__fastcall Types::initialization()

@Types@initialization$qqrv

rtl60.bpl__fastcall Sysconst::initialization()

@Sysconst@initialization$qqrv

rtl60.bpl__fastcall Sysutils::initialization()

@Sysutils@initialization$qqrv

rtl60.bpl__fastcall Varutils::initialization()

@Varutils@initialization$qqrv

rtl60.bpl__fastcall Variants::initialization()

@Variants@initialization$qqrv

rtl60.bpl__fastcall Rtlconsts::initialization()

@Rtlconsts@initialization$qqrv

rtl60.bpl__fastcall Typinfo::initialization()

@Typinfo@initialization$qqrv

rtl60.bpl__fastcall Activex::initialization()

@Activex@initialization$qqrv

rtl60.bpl__fastcall Classes::initialization()

@Classes@initialization$qqrv

rtl60.bpl__fastcall Math::initialization()

@Math@initialization$qqrv

rtl60.bpl__fastcall Contnrs::initialization()

@Contnrs@initialization$qqrv

rtl60.bpl__fastcall Dateutils::initialization()

@Dateutils@initialization$qqrv

rtl60.bpl__fastcall Inifiles::initialization()

@Inifiles@initialization$qqrv

rtl60.bpl__fastcall Registry::initialization()

@Registry@initialization$qqrv

rtl60.bpl__fastcall Strutils::initialization()

@Strutils@initialization$qqrv

rtl60.bpl__fastcall Maskutils::initialization()

@Maskutils@initialization$qqrv

rtl60.bpl__fastcall Helpintfs::initialization()

@Helpintfs@initialization$qqrv

rtl60.bpl__fastcall Flatsb::initialization()

@Flatsb@initialization$qqrv

rtl60.bpl__fastcall Mapi::initialization()

@Mapi@initialization$qqrv

rtl60.bpl__fastcall Multimon::initialization()

@Multimon@initialization$qqrv

vclx60.bpl__fastcall Checklst::initialization()

@Checklst@initialization$qqrv

bcbsmp60.bpl__linkproc__ Ccalendr::Finalize

@@Ccalendr@Finalize

bcbsmp60.bpl__linkproc__ Cgauges::Finalize

@@Cgauges@Finalize

bcbsmp60.bpl__tpdsc__ Cspin::TCSpinEdit

@$xp$16Cspin@TCSpinEdit

borlndmm.dll2
gdi32.dllCreateHalftonePalette
shell32.dllShellExecuteA
user32.dllGetDC
cc3260mt.dlloperator delete(void *)

@$bdele$qpv

ordentry_vafunction_name
10x1451__GetExceptDLLinfo
20x3400@$xp$16Cspin@TCSpinEdit
30x39b4@Cspin@TCSpinEdit@Dispatch$qqrpv
40x3a04@$xp$18Cspin@TCSpinButton
50x3df0@Cspin@TCSpinButton@Dispatch$qqrpv
60x3e24@Cspin@TCSpinButton@$bdtr$qqrv
70x4438@@Main_ext@Initialize
80x4450@@Main_ext@Finalize
90x8cb4@$xp$16Cspin@TCSpinEdit
100x9264@Cspin@TCSpinEdit@Dispatch$qqrpv
110x92b4@$xp$18Cspin@TCSpinButton
120x969c@Cspin@TCSpinButton@Dispatch$qqrpv
130x96d0@Cspin@TCSpinButton@$bdtr$qqrv
140x992c@@Main@Initialize
150x993c@@Main@Finalize
160xba70@$xp$16Cspin@TCSpinEdit
170xc024@Cspin@TCSpinEdit@Dispatch$qqrpv
180xc074@$xp$18Cspin@TCSpinButton
190xc460@Cspin@TCSpinButton@Dispatch$qqrpv
200xc494@Cspin@TCSpinButton@$bdtr$qqrv
210xc540@@Patients@Initialize
220xc558@@Patients@Finalize
230xd698@$xp$16Cspin@TCSpinEdit
240xdc4c@Cspin@TCSpinEdit@Dispatch$qqrpv
250xdc9c@$xp$18Cspin@TCSpinButton
260xe088@Cspin@TCSpinButton@Dispatch$qqrpv
270xe0bc@Cspin@TCSpinButton@$bdtr$qqrv
280xe658@$xp$16Cspin@TCSpinEdit
290xec10@Cspin@TCSpinEdit@Dispatch$qqrpv
300xec60@$xp$18Cspin@TCSpinButton
310xf050@Cspin@TCSpinButton@Dispatch$qqrpv
320xf084@Cspin@TCSpinButton@$bdtr$qqrv
330xf0dc@@Unitt_first@Initialize
340xf0ec@@Unitt_first@Finalize
350x102bc@$xp$16Cspin@TCSpinEdit
360x10874@Cspin@TCSpinEdit@Dispatch$qqrpv
370x108c4@$xp$18Cspin@TCSpinButton
380x10cb4@Cspin@TCSpinButton@Dispatch$qqrpv
390x10ce8@Cspin@TCSpinButton@$bdtr$qqrv
400x10d84@@Unit_doctor@Initialize
410x10d94@@Unit_doctor@Finalize
420x12578@$xp$16Cspin@TCSpinEdit
430x12b30@Cspin@TCSpinEdit@Dispatch$qqrpv
440x12b80@$xp$18Cspin@TCSpinButton
450x12f6c@Cspin@TCSpinButton@Dispatch$qqrpv
460x12fa0@Cspin@TCSpinButton@$bdtr$qqrv
470x12ff8@@Unit_print@Initialize
480x13008@@Unit_print@Finalize
490x156a8@@Uimportdialog@Initialize
500x156b8@@Uimportdialog@Finalize
510x16204@$xp$16Cspin@TCSpinEdit
520x167bc@Cspin@TCSpinEdit@Dispatch$qqrpv
530x1680c@$xp$18Cspin@TCSpinButton
540x16bf8@Cspin@TCSpinButton@Dispatch$qqrpv
550x16c2c@Cspin@TCSpinButton@$bdtr$qqrv
560x16c84@@Formimport@Initialize
570x16c94@@Formimport@Finalize
580x1705c@@Frame_confirm@Initialize
590x1706c@@Frame_confirm@Finalize
600x18f9c@$xp$16Cspin@TCSpinEdit
610x19558@Cspin@TCSpinEdit@Dispatch$qqrpv
620x195a8@$xp$18Cspin@TCSpinButton
630x1999c@Cspin@TCSpinButton@Dispatch$qqrpv
640x199d0@Cspin@TCSpinButton@$bdtr$qqrv
650x19a28@@Import_from_egv@Initialize
660x19a38@@Import_from_egv@Finalize
670x1a870@$xp$16Cspin@TCSpinEdit
680x1ae34@Cspin@TCSpinEdit@Dispatch$qqrpv
690x1ae84@$xp$18Cspin@TCSpinButton
700x1b280@Cspin@TCSpinButton@Dispatch$qqrpv
710x1b2b4@Cspin@TCSpinButton@$bdtr$qqrv
720x1b30c@@Import_from_information@Initialize
730x1b31c@@Import_from_information@Finalize
740x1ba9c@$xp$16Cspin@TCSpinEdit
750x1c058@Cspin@TCSpinEdit@Dispatch$qqrpv
760x1c0a8@$xp$18Cspin@TCSpinButton
770x1c49c@Cspin@TCSpinButton@Dispatch$qqrpv
780x1c4d0@Cspin@TCSpinButton@$bdtr$qqrv
790x1c528@@Import_from_mgv@Initialize
800x1c538@@Import_from_mgv@Finalize
810x27740@$xp$16Cspin@TCSpinEdit
820x27cf8@Cspin@TCSpinEdit@Dispatch$qqrpv
830x27d48@$xp$18Cspin@TCSpinButton
840x28138@Cspin@TCSpinButton@Dispatch$qqrpv
850x2816c@Cspin@TCSpinButton@$bdtr$qqrv
860x281c4@@Make_mgv_file@Initialize
870x281d4@@Make_mgv_file@Finalize
880x2848c@@Ulinkvisitsform@Initialize
890x2849c@@Ulinkvisitsform@Finalize
900x3e098___CPPdebugHook
910x3eed0@Cspin@TCSpinEdit@
920x3f03c@Cspin@TCSpinButton@
930x40e64@Cspin@TCSpinEdit@
940x40fd0@Cspin@TCSpinButton@
950x41a3c@Cspin@TCSpinEdit@
960x41ba8@Cspin@TCSpinButton@
970x42468@Cspin@TCSpinEdit@
980x425d4@Cspin@TCSpinButton@
990x42b24@Cspin@TCSpinEdit@
1000x42c90@Cspin@TCSpinButton@
1010x43770@Cspin@TCSpinEdit@
1020x438dc@Cspin@TCSpinButton@
1030x45118@Cspin@TCSpinEdit@
1040x45284@Cspin@TCSpinButton@
1050x46fdc@Cspin@TCSpinEdit@
1060x47148@Cspin@TCSpinButton@
1070x47d90@Cspin@TCSpinEdit@
1080x47efc@Cspin@TCSpinButton@
1090x48584@Cspin@TCSpinEdit@
1100x486f0@Cspin@TCSpinButton@
1110x48af8@Cspin@TCSpinEdit@
1120x48c64@Cspin@TCSpinButton@
1130x4962c@Cspin@TCSpinEdit@
1140x49798@Cspin@TCSpinButton@
1150x4ad18_Form_main
1160x4ad48_Form_first
1170x4ad50_Form_doctor
1180x4ad58_Form_print
1190x4ad68_ImportForm
1200x4ad70_Fr_confirm
1210x4ad88_LinkVisitsForm
module_namemgv.exe
flags0
timestamp0
version0.0
ordinal_base1
nFunctions121
nNames121
Names(121)0x5520c
Functions(121)0x55028
NameOrdinals(121)0x553f0
offsetsizetypecomment
0185856EXE11/12/2007 18:43:21#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[!] string size(40042) > stringtable size(172). truncated to 170
[!] cannot convert "\xA5u\xA4\x9E\xB3\xAE\x0F\xD0M\xEF\xD09\xE4q0\xF8"... to UTF-16
[?] can't find file_offset of VA 0x6f72c
[?] can't find file_offset of VA 0x7c830
[?] can't find file_offset of VA 0x7d8f0
[?] can't find file_offset of VA 0x7dbdc
[?] can't find file_offset of VA 0x7e2fc
[?] can't find file_offset of VA 0x4ac70
[?] can't find file_offset of VA 0x0