filenamePEview9small.exe
size34304 (0x8600)
md5b01bbfb9fbcc5bade27fe87816badab7
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x6c
blocks_in_file1
num_relocs0
header_paragraphs2
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0
checksum0
ip0x11
cs0
reloc_table_offset0x40
overlay_number0
reserved00x336e695700000000
oem_id0x2032
oem_info0x7250
reserved20x6172676f
reserved30xa0d216d
reserved40xba09b424
reserved50x21cd0100
reserved60x21cd4cb4
lfanew0x60

DOS stub

00000000: 57 69 6e 33 32 20 50 72  6f 67 72 61 6d 21 0d 0a  |Win32 Program!..|
00000010: 24 b4 09 ba 00 01 cd 21  b4 4c cd 21 60 00 00 00  |$......!.L.!`...|
00000020: 47 6f 4c 69 6e 6b 2c 20  47 6f 41 73 6d 20 77 77  |GoLink, GoAsm ww|
00000030: 77 2e 47 6f 44 65 76 54  6f 6f 6c 2e 63 6f 6d 00  |w.GoDevTool.com.|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x4dd1b0d7
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion0.38
SizeOfCode0x7000
SizeOfInitializedData0x2000
SizeOfUninitializedData0xf000
AddressOfEntryPoint0x16ae0
BaseOfCode0x10000
BaseOfData0x17000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x19000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x10000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX Modified >> *$igBy Ahmed18

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000xf0000RWX UDATA
UPX10x100000x70000x6e00RWX IDATA
.rsrc0x170000x20000x1600RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x183d80x1dc
RESOURCE0x170000x13d8
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#141360
BITMAP#26160
ICON#116400
ICON#27440
ICON#32960
MENU#112700
DIALOG#18060
DIALOG#21840
DIALOG#34460
STRING#312300
STRING#410920
STRING#11620
STRING#121360
ACCELERATORS#1560
GROUP_ICON#1480
VERSION#17400
MANIFEST#15370
idlangstring
324105
00 20 06 19 92 a6 24 18  dc 2f 8c 4d 9e 43 26 e4  |. ....$../.M.C&.|
52 c0 f6 27 97 9c a0 96  24 d1 e9 74 2b 36 a4 03  |R..'....$..t+6..|
f2 1c 22 e8 28 69 62 93  ad 9b 64 bc 63 32 0c f0  |..".(ib...d.c2..|
ec 73 87 52 63 34 50 4d  42 3a c0 81 52 f0 9b 9c  |.s.Rc4PMB:..R...|
0b 64 83 e9 28 57 d9 6b  45 30 35 34 1d 8d 09 ed  |.d..(W.kE054....|
80 f8 5e 03 3e 01 5b 15  f0 34 64 40 8a 33 aa d4  |..^.>.[..4d@.3..|
75 45 83 0e c1 06 6b 0a  78 58 f1 27 af 18 1c ba  |uE....k.xX.'....|
9c 66 57 4b e4 9b 03 c8  a6 3a 4a e4 3f e4 3e e4  |.fWK.....:J.?.>.|
be 99 40 3e 98 e3 01 04  74 25 eb 3a a9 44 46 b8  |..@>....t%.:.DF.|
73 e3 a5 df 61 8e 59 1f  76 f0 05 1d 28 61 c4 e3  |s...a.Y.v...(a..|
f6 c3 52 89 f2 8e 03 15  01 bf dc 61 41 6c 4b b9  |..R........aAlK.|
20 00 78 db 46 cc 55 ca  47 f0 05 56 82 5d 6c 06  | .x.F.U.G..V.]l.|
c5 88 c7 79 78 3f 3f 64  3b bc 31 ac 63 13 2a 8d  |...yx??d;.1.c.*.|
14 03 b2 04 1f e8 bf 56  aa 15 02 42 54 0b 92 5e  |.......V...BT..^|
60 f7 81 ff a0 11 72 ee  4d 81 e9 50 ce 8a 70 e4  |`.....r.M..P..p.|
76 c1 e6 3e 35 e0 33 3b  99 6e ec 11 16 b7 3b 5e  |v..>5.3;.n....;^|
77 44 57 4f 5f 50 fc 9b  ad 99 39 4b 41 9a 77 2c  |wDWO_P....9KA.w,|
c7 07 20 2d 3e 20 18 65  ae 00 fc ff 5f 92 cd 25  |.. -> .e...._..%|
61 86 c7 50 2c 68 2c 21  96 44 27 02 c0 12 19 22  |a..P,h,!.D'...."|
65 4a 8d 07 3b 16 86 7f  07 eb 68 be 6c 90 46 3b  |eJ..;.....h.l.F;|
05 a1 2c be 47 1e 12 3b  05 0a be 58 19 12 9a 84  |..,.G..;...X....|
16 96 41 4e 73 54 10 01  b4 18 6f e8 d6 de bb b7  |..ANsT....o.....|
20 be ab a3 d7 13 39 c6  74 0c d7 eb f0 0a f1 de  | .....9.t.......|
54 c0 ff eb 08 2b 24 6b  01 c8 94 ed 75 57 24 ab  |T....+$k....uW$.|
d8 f8 39 92 ef be 78 83  11 15 8d 34 12 cf 51 f0  |..9...x....4..Q.|
59 5d e8 34 33 b5 32 ef  c4 21 7b 68 67 40 69 84  |Y].43.2..!{hg@i.|
66 9e 49 2e e4 90 d1 e2  02 8c 10 6b b2 86 42 90  |f.I........k..B.|
a1 68 9d d4 ae 74 26 9d  6c 0f 5b 4c 21 1f ea 21  |.h...t&.l.[L!..!|
d0 ac 6c 99 ea d3 0c e0  08 cd 76 fc 42 04 af 0b  |..l.......v.B...|
1c 7b 61 3d 4b 84 d6 74  6d 37 08 d4 c0 92 3c 93  |.{a=K..tm7....<.|
3e f8 33 60 2e 39 19 a8  22 0a 80 de ed 0a 19 2e  |>.3`.9..".......|
a1 08 04 39 c2 77 5d 59  ef 6c 56 9f 3d b4 e8 f8  |...9.w]Y.lV.=...|
24 09 30 97 bd 27 18 cf  a9 61 2d d1 46 9f 40 e2  |$.0..'...a-.F.@.|
f8 13 26 5c 1b 36 72 60  32 55 3b 9e 3d 20 96 ff  |..&\.6r`2U;.= ..|
a0 61 10 a1 10 a5 a2 99  c3 15 8a 74 7c 4b 0e 3b  |.a.........t|K.;|
a4 c2 42 7b 6c 0c 9d 5b  b6 c1 74 66 06 02 6b 07  |..B{l..[..tf..k.|
06 01 9d 30 67 ba 40 69  40 7a c2 72 2c f0 65 85  |...0g.@i@z.r,.e.|
84 a9 3d 39 8b 55 04 6b  57 2a 5a 7b ea 3a 8c d4  |..=9.U.kW*Z{.:..|
c9 58 7d 65 2d c2 90 50  89 6b 3d 1c f9 e0 bf f4  |.X}e-..P.k=.....|
74 c4 4a a3 57 89 b1 77  c6 8e c2 a3 0c 0a 10 6c  |t.J.W..w.......l|
27 b3 d6 d0 5a e5 37 f1  10 6a ef 6f 08 7e 49 c7  |'...Z.7..j.o.~I.|
66 57 56 51 af 1d 8b 57  f4 ad 11 2c 45 9e 16 85  |fWVQ...W...,E...|
09 f8 52 59 b6 f8 05 08  fc 19 ef 10 eb e2 ec 01  |..RY............|
d7 0d bb 77 0c 6a 6c 3b  59 67 9a 6d 76 73 06 61  |...w.jl;Yg.mvs.a|
0d 14 76 07 28 58 47 ae  30 34 0a 5c a1 5b df 2d  |..v.(XG.04.\.[.-|
6c 59 5e 62 03 17 10 41  65 94 c9 b1 90 aa 30 43  |lY^b...Ae.....0C|
64 e7 96 5c 6e 7c 4c e5  60 e5 9d 23 65 6e ab 06  |d..\n|L.`..#en..|
0b f5 19 14 09 b7 a9 5b  db b5 47 44 31 50 5d 48  |.......[..GD1P]H|
c0 04 e9 32 c8 76 f7 f7  c2 c2 80 78 ee 8b 08 08  |...2.v.....x....|
cd 76 ec 33 0c d8 89 07  eb d0 37 04 25 87 7d 5b  |.v.3......7.%.}[|
2b c5 5c 13 38 bd 42 75  a8 dd 1b c0 f6 5a 1f 07  |+.\.8.Bu.....Z..|
01 c1 99 eb 9f f3 90 8e  61 db 98 58 c3 eb 1a 20  |........a..X... |
47 b4 94 64 c4 6c 4e 96  5e e0 17 8d 24 ed f2 f7  |G..d.lN.^...$...|
f1 07 b9 49 64 fb 20 b0  59 26 b9 22 d0 29 fd b4  |...Id. .Y&.".)..|
94 19 83 0e ea 88 63 4c  f0 4d ef e7 a1 84 3c 9c  |......cL.M....<.|
e4 e4 07 62 85 c8 e0 22  eb 37 43 16 ec bb f7 82  |...b...".7C.....|
5f ce c7 16 50 ba 8c 6d  c5 13 62 46 97 e7 d0 36  |_...P..m..bF...6|
98 c8 90 ec da 5d f0 af  33 5e 28 c0 70 89 21 07  |.....]..3^(.p.!.|
04 93 3b 04 4b c3 cc 41  c0 39 57 f6 3b f7 46 bc  |..;.K..A.9W.;.F.|
75 06 05 aa 03 eb ea 88  e6 90 57 fe c2 46 74 05  |u.........W..Ft.|
4b 13 1e ab 0a 0d 16 b6  9a 87 67 ef 5a 8e 0f 16  |K.........g.Z...|
03 41 74 17 28 da 7f 0c  bd c3 4a aa 9f 2d 84 04  |.At.(.....J..-..|
0a 89 f0 eb f1 63 30 06  c4 47 af 8f 33 0d 96 28  |.....c0..G..3..(|
75 9f f5 75 4e e9 76 fe  96 07 e5 6d b6 90 ae 36  |u..uN.v....m...6|
0f 23 33 ab 52 cc 8a 9f  28 69 68 62 42 c1 10 d5  |.#3.R...(ihbB...|
ee 46 21 dd 77 4b 2f 48  5f 6c b8 f8 e4 46 07 80  |.F!.wK/H_l...F..|
59 2d 61 7e e1 85 7c 67  cb 83 34 10 7b 0e 0e e1  |Y-a~..|g..4.{...|
c6 8c 00 6a 3b 0c 94 75  6c 21 df 47 eb 6e b8 00  |...j;..ul!.G.n..|
2e 0d 24 6c ac c1 34 ce  37 a9 db 44 72 fa 24 4c  |..$l..4.7..Dr.$L|
8c 51 ef 07 8d 74 b0 e0  48 94 35 c0 ba 4a 09 e3  |.Q...t..H.5..J..|
26 3e 51 1c 08 41 68 39  d1 72 84 5c 08 48 74 c1  |&>Q..Ah9.r.\.Ht.|
06 f6 cf bf 1c 74 84 26  c2 86 4a ba 89 17 ae 95  |.....t.&..J.....|
b6 c0 c1 74 49 60 4d 0a  64 d0 8a 4c 9e 15 0c df  |...tI`M.d..L....|
81 c0 d2 70 36 18 44 fd  32 c7 92 05 de dd 01 df  |...p6.D.2.......|
10 60 b4 a1 4a bc 20 f0  40 a9 40 06 3b 0e 4d 61  |.`..J. .@.@.;.Ma|
04 47 3e 5b 68 75 c4 72  32 b6 52 cd ca c0 2e ae  |.G>[hu.r2.R.....|
4b b1 09 19 6b 02 4f 24  42 28 bc f4 c0 02        |K...k.O$B(....  |
484105
18 ca c2 03 0d 30 1b 81  81 cc 52 6d d4 a1 2f ec  |.....0....Rm../.|
19 35 fe 4a 39 c8 72 2f  57 66 84 8b 39 07 b6 13  |.5.J9.r/Wf..9...|
d9 91 72 32 25 38 87 0e  60 5f c0 34 af 00 23 c5  |..r2%8..`_.4..#.|
6c 4e f8 16 c1 42 53 89  fa 29 da b6 6f a8 57 16  |lN...BS..)..o.W.|
fb 67 4c 37 0c 66 03 04  0e 0b 0b 34 02 4a 2e 35  |.gL7.f.....4.J.5|
b3 37 c1 87 ed 6a 08 60  78 1f 09 79 0c 25 bf db  |.7...j.`x..y.%..|
e8 5c 02 3c 61 ec dd 06  62 24 72 0e eb d4 d0 a1  |.\...7.....|
00 be ac d4 25 bb be c5  63 77 c4 e8 0c 8b 1a 88  |....%...cw......|
65 be cd 0e 24 62 c6 e1  23 75 1c 03 05 6e dc 56  |e...$b..#u...n.V|
31 ba 1d bd fc 73 41 0f  20 ec ed 4c f6 be d6 d4  |1....sA. ..L....|
1a 08 3e 26 be e1 13 bb  25 5e 67 34 89 74 01 16  |..>&....%^g4.t..|
0f be c2 20 c6 be e9 71  0a 10 09 4f 91 2b 4a c0  |... ...q...O.+J.|
1a 57 77 01 78 67 41 35  88 eb 01 de b5 c6 df db  |.Ww.xgA5........|
6e 63 7c 04 64 44 21 01  cf 89 23 57 89 f7 ca 0b  |nc|.dD!...#W....|
07 c2 ae 07 c9 4a de 0c  8c 40 eb 69 64 33 05 44  |.....J...@.id3.D|
48 ab c6 1c 37 28 83 7b  0f 88 93 6f 29 f7 64 81  |H...7(.{...o).d.|
61 34 74 87 e2 e2 8a 78  9b d6 1e 99 e4 ec 77 0c  |a4t....x......w.|
2d 78 3d 29 30 42 c2 0d  e6 08 09 1b f3 eb 14 4e  |-x=)0B.........N|
ad 9b ee ee eb c3 29 18  eb bd 09 8b 1a eb 85 80  |......).........|
20 87 cd da 37 fc 0d 86  0b 44 07 b6 f7 b3 a8 5f  | ...7....D....._|
c3 57 be 07 5b ba 2a ed  84 96 88 49 bd c8 a5 85  |.W..[.*....I....|
55 56 5b 55 82 53 c1 cf  09 86 51 7c 09 f3 4e 45  |UV[U.S....Q|..NE|
57 e5 f8 00 74 71 b8 bc  bc 75 4a 2f 04 0f 74 2a  |W...tq...uJ/..t*|
12 74 25 18 77 0d f0 07  16 48 c2 3a 4a be a8 e5  |.t%.w....H.:J...|
dc 40 5c 88 6c 80 e6 f8  3f e6 d7 eb 3d 84 3b 8a  |.@\.l...?...=.;.|
53 5a c4 33 f7 d2 56 1f  14 0d f4 21 d0 dd b8 aa  |SZ.3..V....!....|
b7 aa c5 24 70 ce 24 b7  8a 13 a8 0e ee 51 4e 74  |...$p.$......QNt|
77 87 ec 86 ee c7 be 44  a0 74 49 9c 0e b0 20 fd  |w......D.tI... .|
16 32 d9 aa aa 57 37 1b  b8 24 3b 8b 1c 80 5b 48  |.2...W7..$;...[H|
56 0c 52 78 00 f8 03 89  f9 5f 29 f9 eb 8b 58 32  |V.Rx....._)...X2|
2d d4 df bd 90 ba 07 06  12 9c 36 47 83 33 fc 33  |-.........6G.3.3|
fe 64 ce a5 89 b7 80 4d  d6 72 e1 e1 19 68 4b 7c  |.d.....M.r...hK||
d5 9c 75 d7 eb 9b c2 19  c1 10 ad 5d 2e c1 10 1c  |..u........]....|
3f 9a b5 d1 e1 6e 9b 04  0e 83 d1 e0 44 b7 df 6c  |?....n......D..l|
c5 13 1d 68 82 4f 89 1d  06 4b a2 99 4c d7 64 b7  |...h.O...K..L.d.|
a2 ad 1e 82 13 b2 af 83  a7 e2 ad 06 a1 74 05 52  |.............t.R|
b3 83 c2 06 12 6c 71 e8  b9 25 0a 46 42 67 92 cf  |.....lq..%.FBg..|
8e 38 e9 e6 f2 e8 e6 58  e6 0d ab 9e 98 5a ef a4  |.8.....X.....Z..|
a0 82 f1 35 c1 40 2b 6a  07 dc 81 1a 09 23 5f e7  |...5.@+j.....#_.|
02 64 73 24 38 71 ca f4  e6 f3 e6 59 28 91 ad 7e  |.ds$8q.....Y(..~|
c2 05 22 a1 0d 0d 87 75  1e 80 3c 8c 92 d0 67 2f  |.."....u..<...g/|
12 50 8c 36 24 d9 f4 76  2b e2 03 02 08 ce ef 59  |.P.6$..v+......Y|
96 27 e7 7a 26 e7 21 18  64 42 5a 03 52 5b 40 46  |.'.z&.!.dBZ.R[@F|
38 b2 1e e7 1c e7 23 fc  bc 88 27 bc 75 2a 16 a1  |8.....#...'.u*..|
8c a0 4c 02 4c 24 18 c3  ef 78 09 70 58 74 10 7c  |..L.L$...x.pXt.||
76 1e 80 60 05 2f 6b fb  99 dd 81 13 d0 c3 80 27  |v..`./k........'|
84 33 c5 b0 21 f1 f4 8c  33 84 6b c0 3b 3d f2 60  |.3..!...3.k.;=.`|
49 0e a9 3b 94 33 98 ca  2e 32 73 9c 79 e1 3b 91  |I..;.3...2s.y.;.|
81 e4 e4 a8 ac 78 7e 84  78 c8 b5 d5 b8 05 df 1a  |.....x~.x.......|
10 ba 7c 78 80 7c 9e 51  14 a8 e7 a7 e7 95 3c e1  |..|x.|.Q......<.|
79 a1 e7 a0 6f 2c e7 84  e4 e4 b2 8f b0 b4 92 27  |y...o,.........'|
67 5f 46 c8 8f fc b0 e7  cf 49 fe 64 13 20 20 ba  |g_F......I.d.  .|
0c 79 61 e9 60 3d f9 b1  92 e9 03 36 e9 34 e9 8c  |.ya.`=.....6.4..|
8f 85 8c 93 cc 9d 18 97  c8 c9 61 ab b3 b8 bc 64  |..........a....d|
b6 57 0c 56 87 b8 10 3b  6a 26 c8 f0 8b 15 14 f0  |.W.V...;j&......|
2b e4 f9 04 8f 45 9d fb  e8 79 e4 43 12 bd 16 15  |+....E...y.C....|
e6 0b d4 21                                       |...!            |
1604105
c0 24 22 25 3b de 25 9a  cd 20 04 7a 03 c7 40 48  |.$"%;.%.. .z..@H|
8f 20 d8 fe dd f5 fe c5  6b 38 cd 76 0a 16 10 b7  |. ......k8.v....|
b5 a3 f5 17 63 fd 72 08  39 03 81 80 8c 9c 70 eb  |....c.r.9.....p.|
df 51 1b c9 c8 be 9e bc  34 59 2c 02 75 0b        |.Q......4Y,.u.  |
1764105
54 c9 cb 0d 4e 2a 19 d0  61 04 48 83 06 04 58 ba  |T...N*..a.H...X.|
ee 05 03 02 76 6a 42 9e  d0 6c c4 e9 c3 50 78 e9  |....vjB..l...Px.|
52 dc 2c d1 60 08 23 eb  3e bb 0c 22 d2 50 1d 71  |R.,.`.#.>..".P.q|
a1 7c a4 c0 54 b4 4d 08  03 46 10 93 4b 58 02 7d  |.|..T.M..F..KX.}|
7b c8 87 1c 06 99 cc 07  85 c1 72 84 b3 30 c7 7d  |{.........r..0.}|
4e 5f de b7 57 80 0b 79  97 2d 57 01 90 0d f1 63  |N_..W..y.-W....c|
3a 6c 9c a1 54 af 3d 5c  b2 4c f2 10 0f c8 7e 71  |:l..T.=\.L....~q|
02 1e 1e e2 41 d6 50 33  fc 7e 71 1c 3f 97 cd 49  |....A.P3.~q.?..I|
ea 00 6c b2 60 b2 4d 8b                           |..l.`.M.        |
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
ADVAPI32.dllRegCloseKey
COMCTL32.dllMenuHelp
COMDLG32.dllChooseFontA
GDI32.dllBitBlt
SHELL32.dllDragFinish
USER32.dllGetDC

StringTable 040904E4

CompanyNameWayne J. Radburn
FileDescriptionPE/COFF File Viewer
FileVersion0.9.9.0
InternalNamePEview
LegalCopyrightCopyright© 1997-2011 Wayne J. Radburn
OriginalFilenamePEview.exe
ProductNamePEview
ProductVersion0.9.9.0

VS_FIXEDFILEINFO

FileVersion0.9.9.0
ProductVersion0.9.9.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS4
FileType1
FileSubtype0
offsetsizetypecomment
034304EXE05/16/2011 23:18:47#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(16384) > stringtable size(1230). truncated to 1228
[!] cannot convert "\x06\x19\x92\xA6$\x18\xDC/\x8CM\x9EC&\xE4R\xC0"... to UTF-16
[!] string size(103472) > stringtable size(1092). truncated to 1090
[!] cannot convert "\xC2\x03\r0\e\x81\x81\xCCRm\xD4\xA1/\xEC\x195"... to UTF-16
[!] string size(18816) > stringtable size(62). truncated to 60
[!] cannot convert "\"%;\xDE%\x9A\xCD \x04z\x03\xC7@H\x8F "... to UTF-16
[!] string size(103080) > stringtable size(136). truncated to 134
[!] cannot convert "\xCB\rN*\x19\xD0a\x04H\x83\x06\x04X\xBA\xEE\x05"... to UTF-16