Shadow.exe

info
MZ
PE
resources
imports
exports
foremost
hexdump
disasm
log
discuss
donate

filename	Shadow.exe
size	3128832 (0x2fbe00)
md5	b0b5222771b4dda3bbf4d3a81562267c

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	0xd
TimeDateStamp	0x52c0654d
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818f
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0x578e00
SizeOfInitializedData	0x18d400
SizeOfUninitializedData	0
AddressOfEntryPoint	0x7d717c
BaseOfCode	0x1000
BaseOfData	0x57a000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0xabf000
SizeOfHeaders	0x400
CheckSum	0x307404
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x4000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x564c8c	0	R-X CODE
.itext	0x566000	0x14000	0	R-X CODE
.data	0x57a000	0x1b37c	0	RW- IDATA
.bss	0x596000	0x2c498	0	RW-
.idata	0x5c3000	0x4f12	0	RW- IDATA
.didata	0x5c8000	0x3a6	0	RW- IDATA
.edata	0x5c9000	0x2ed	0	R-- IDATA
.tls	0x5ca000	0x1c0	0	RW-
.rdata	0x5cb000	0x18	0	R-- IDATA
.reloc	0x5cc000	0x5cc98	0	RW-
.rsrc	0x629000	0x1809d3	0x6a00	RWX CODE IDATA
.tls0	0x7aa000	0x1f2d8	0	--X CODE
.tls1	0x7ca000	0x2f4dba	0x2f4e00	RWX CODE IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x7e56fc	0xf14
IMPORT	0x887fdc	0x17c
RESOURCE	0x629000	0x16c580
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x8ac2f8	0x20
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x88a840	0xa4
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x9ca000	0x9ca1c0	0x97ac2c	0xcac310	0	0

show previews

type	name	size
CURSOR	#1	308
CURSOR	#2	308
CURSOR	#3	308
CURSOR	#4	308
CURSOR	#5	308
CURSOR	#6	308
CURSOR	#7	308
CURSOR	#8	748
CURSOR	#9	748
CURSOR	#10	748
CURSOR	#11	748
CURSOR	#12	308
CURSOR	#13	308
CURSOR	#14	308
CURSOR	#15	748
CURSOR	#16	748
CURSOR	#17	748
CURSOR	#18	748
CURSOR	#19	748
CURSOR	#20	748
CURSOR	#50	308
CURSOR	#51	180
BITMAP	BBABORT	464
BITMAP	BBALL	484
BITMAP	BBCANCEL	464
BITMAP	BBCLOSE	464
BITMAP	BBHELP	464
BITMAP	BBIGNORE	464
BITMAP	BBNO	464
BITMAP	BBOK	464
BITMAP	BBRETRY	464
BITMAP	BBYES	464
BITMAP	BOOKMARK	744
BITMAP	BREAK_ACTIVE	560
BITMAP	BREAK_DISABLED	560
BITMAP	BREAK_INACTIVE	560
BITMAP	DBG_ACTIVE	656
BITMAP	DBG_TOP	656
BITMAP	EL_BPL	232
BITMAP	EL_DLL	1320
BITMAP	EL_ERROR	2130
BITMAP	EL_MINUS	248
BITMAP	EL_NET	1320
BITMAP	EL_PAS	232
BITMAP	EL_PLUS	248
BITMAP	EL_SEND	2088
BITMAP	EL_VCL	232
BITMAP	FOLD_END	436
BITMAP	FOLD_MINUS	436
BITMAP	FOLD_PLUS	436
BITMAP	LMDBMPCL_ARROWS	2088
BITMAP	LMDBMPCOL_BUTTON	3268
BITMAP	LMDBMPPLAYGLYPH	360
BITMAP	LMDBMPSHIELD_BIG	2088
BITMAP	LMDBMPSHIELD_SMALL	1320
BITMAP	SBDOWN	200
BITMAP	SBDOWNDIS	200
BITMAP	SBDOWNDN	1256
BITMAP	SBLEFT	208
BITMAP	SBLEFTDIS	208
BITMAP	SBLEFTDN	208
BITMAP	SBRIGHT	208
BITMAP	SBRIGHTDIS	208
BITMAP	SBRIGHTDN	208
BITMAP	SBUP	1256
BITMAP	SBUPDIS	1256
BITMAP	SBUPDN	1256
BITMAP	VT_CHECK_DARK	3304
BITMAP	VT_CHECK_LIGHT	3304
BITMAP	VT_FLAT	3304
BITMAP	VT_MOVEALL	616
BITMAP	VT_MOVEEW	616
BITMAP	VT_MOVENS	616
BITMAP	VT_TICK_DARK	3304
BITMAP	VT_TICK_LIGHT	3304
BITMAP	VT_UTILITIES	3368
BITMAP	VT_XP	19242
BITMAP	VT_XPBUTTONMINUS	294
BITMAP	VT_XPBUTTONPLUS	294
BITMAP	WRAP_LINE	200
ICON	#1	9640
ICON	#2	4264
DIALOG	EL_DIALOG	616
DIALOG	EL_MS_DIALOG	1344
DIALOG	EL_REQUEST	276
DIALOG	EL_SERVER	178
DIALOG	EL_TAB_ASSEMBLER	188
DIALOG	EL_TAB_CALLSTACK	192
DIALOG	EL_TAB_CPU	188
DIALOG	EL_TAB_GENERAL	188
DIALOG	EL_TAB_MODULESLIST	192
DIALOG	EL_TAB_PROCESSESLIST	192
DIALOG	LMDPAGESETUPDLG	1166
STRING	#4042	700
STRING	#4043	432
STRING	#4044	2132
STRING	#4045	2344
STRING	#4046	2076
STRING	#4047	2868
STRING	#4048	728
STRING	#4049	1096
STRING	#4050	880
STRING	#4051	520
STRING	#4052	684
GROUP_ICON	MAINICON	34
MANIFEST	#1	850

module_name	hint	ord	function_name
oleaut32.dll			SafeArrayCreate
advapi32.dll			RegQueryValueExW
user32.dll			GetWindowTextLengthW
kernel32.dll			GlobalDeleteAtom
msimg32.dll			AlphaBlend
gdi32.dll			SetMapMode
version.dll			GetFileVersionInfoW
mpr.dll			WNetOpenEnumW
ole32.dll			OleUninitialize
comctl32.dll			ImageList_Add
shell32.dll			Shell_NotifyIconW
comdlg32.dll			GetOpenFileNameW
winspool.drv			OpenPrinterW
oleacc.dll			LresultFromObject
winmm.dll			timeGetTime
wsock32.dll			socket
user32.dll			MessageBoxA
kernel32.dll			GetModuleHandleA
kernel32.dll			LoadLibraryA
kernel32.dll			LocalAlloc
kernel32.dll			LocalFree
kernel32.dll			GetModuleFileNameA
kernel32.dll			ExitProcess

ord	entry_va	function_name
1	0xbf408	EurekaLog_LastDelphiException
2	0xbf410	EurekaLog_CallCreateThread
3	0xbf4a4	EurekaLog_CallResumeThread
4	0xbf548	EurekaLog_CallExitThread
5	0xbeb6c	EurekaLog_CallExceptObject
6	0xbe9d8	EurekaLog_CallGeneralRaise
7	0xc0d78	ExceptionManager
8	0xa0a90	EurekaLog_PasswordRequestEvent
9	0xa0ad8	EurekaLog_PasswordRequestEventEx
10	0xa0bac	EurekaLog_ExceptionNotifyEvent
11	0xa0c54	EurekaLog_HandledExceptionNotifyEvent
12	0xa0cfc	EurekaLog_ExceptionActionNotifyEvent
13	0xa0da0	EurekaLog_ExceptionErrorNotifyEvent
14	0xa0e44	EurekaLog_CustomDataRequestEventEx
15	0xa0ee8	EurekaLog_AttachedFilesRequestEvent
16	0xa0f8c	EurekaLog_CustomWebFieldsRequestEvent
17	0xa1030	EurekaLog_CustomButtonClickEvent
18	0	50 8a 22 8d ca 3f ff 25 67 3c e5 61 9c 2a d5 55 \|P."..?.%g<.a..U\| d7 55 8f e6 09 20 94 3e d8 46 1c 03 38 53 1f 0a \|.U... .>.F..8S..\| d1 fe d6 2d 81 5c 3e 63 f5 fa 88 5e 06 74 91 46 \|...-.\>c...^.t.F\| 6d 13 b4 4a ed 6d 9b 2b 16 31 eb f1 25 89 db 79 \|m..J.m.+.1..%..y\| c8 c0 29 7c b1 1b ec 4c 39 ff 42 68 96 f6 c7 8c \|..)\|...L9.Bh....\| 5e 11 68 06 48 b3 01 50 73 ec b5 49 ae be 26 93 \|^.h.H..Ps..I..&.\| 7a 13 cc e0 ba 39 26 3f 60 1d 8a aa 85 ac c2 7a \|z....9&?`......z\| a4 0e c2 6a 09 8d 1d 53 92 84 11 dd 61 88 4c b5 \|...j...S....a.L.\| 13 ae ba 15 9f a9 06 aa 02 16 98 24 2f 46 50 f4 \|...........$/FP.\| 1c 3a 1c 1b c5 c5 50 f0 7b f5 5a 59 ea 31 1e ce \|.:....P.{.ZY.1..\| a2 bd 30 28 0a 92 ac 15 15 a5 6c a8 15 25 c1 75 \|..0(......l..%.u\| 87 3d 15 10 b8 5e fc f6 97 36 b0 39 1f b6 ed 63 \|.=...^...6.9...c\| 1a e1 ac 7b 45 4f 40 17 f4 78 c5 df db 63 ed 0c \|...{EO@..x...c..\| 8a 30 8e 96 be 8a 89 47 b4 2b f6 cd f2 c8 95 8b \|.0.....G.+......\| 53 2f f4 c5 3f 6d e9 5c 63 2f 2b 44 4c ca 2f 58 \|S/..?m.\c/+DL./X\| af a1 ae 4f 5a b4 62 da 06 b0 d4 3e 82 cd 6f f1 \|...OZ.b....>..o.\| 08 2e 11 11 8d b0 d5 a7 84 5e e4 25 53 dc 62 90 \|.........^.%S.b.\| 63 93 e1 2e b0 77 f5 b9 20 94 b5 81 0d df 5c d6 \|c....w.. .....\.\| d6 d8 4d bc 67 0f 35 cb df 90 01 a7 01 ca e9 7f \|..M.g.5.........\| f6 7c d4 7a 8c a3 b6 06 fe 9b c9 67 f2 cb bf 0f \|.\|.z.......g....\| 45 a1 3c 79 a7 b3 3d b2 61 41 51 c0 8a 7d ab 82 \|E.N.Tw...;..&...\| 13 54 ed 93 0a c3 2f c6 b5 9e 70 d3 e3 49 9a 80 \|.T..../...p..I..\| 5b 14 f5 ca 94 a8 29 3a 7e dd f6 1c d6 52 e4 2f \|[.....):~....R./\| c2 6e 24 9c b9 d9 52 2c e8 68 f7 24 9c 0b d2 41 \|.n$...R,.h.$...A\| 5d 5b 57 a7 c8 c1 01 cb 56 4a 40 a8 91 a7 34 c9 \|][W.....VJ@...4.\| 7a 09 86 f2 0b ac fd 7d 21 60 a8 a6 48 59 c4 66 \|z......}!`..HY.f\| 1a 0d aa 99 35 f7 6f 84 0a 85 08 03 f2 7a 16 ed \|....5.o......z..\| 57 94 b1 7b d3 47 ce b5 a6 c4 1f 45 d7 c0 82 20 \|W..{.G.....E... \| df 94 6c ee c1 af d4 29 d2 87 8b 3e bc 6d 1c 56 \|..l....)...>.m.V\| 5b f7 82 6e 8e ea 69 e3 22 c7 b9 bd 5c 7d 9e 33 \|[..n..i."...\}.3\| e2 d2 5d 4a f9 84 95 91 4d 3e cd 41 d1 d7 5c 51 \|..]J....M>.A..\Q\| 6b 8d 1c 58 58 0c 73 2b a2 91 9b a1 0d 80 30 f6 \|k..XX.s+......0.\| 3a 1b 80 a2 0d 45 1c ac 78 89 91 c6 3c c5 6f c0 \|:....E..x...<.o.\| 50 23 e3 19 f2 54 99 c1 9a 3d ac 55 44 71 d4 56 \|P#...T...=.UDq.V\| df 36 20 41 cf f2 d4 79 b9 40 62 5f 28 f6 75 19 \|.6 A...y.@b_(.u.\| b7 fa 85 e5 c3 9e 88 f2 de d8 98 13 81 a7 ac d1 \|................\| b4 5f c7 c5 b9 c6 30 0e d8 2b 8d 6d e6 dd 0f 65 \|._....0..+.m...e\| 32 c9 ee 46 d5 fc f4 1d ab 69 cd e6 66 32 59 7e \|2..F.....i..f2Y~\| 7b 47 48 21 e5 29 a3 93 02 06 23 28 ec a3 62 43 \|{GH!.)....#(..bC\| 36 bb 53 16 d4 b3 95 b3 9d e3 81 b4 ba d1 05 02 \|6.S.............\| da 13 b4 9a 15 b9 a7 45 c5 83 f9 9c d2 23 19 e3 \|.......E.....#..\| 1c 6e 28 87 14 3b 25 3d b7 34 aa 2f 69 fb 5b 99 \|.n(..;%=.4./i.[.\| 5e 58 68 cb a9 4b b9 74 18 47 ab a7 55 eb 62 0e \|^Xh..K.t.G..U.b.\| 21 f2 28 1d 88 40 62 54 60 3a 04 e0 7f db 8b 15 \|!.(..@bT`:......\| 74 25 fc a3 ac e3 5b 87 51 eb 94 fe 54 41 ee 1c \|t%....[.Q...TA..\| 66 cf 51 af cb a2 11 a8 60 c7 0d 26 32 4d 4a d7 \|f.Q.....`..&2MJ.\| 72 f8 54 64 c7 bd 10 f4 2d fc d6 28 d6 1b f5 f9 \|r.Td....-..(....\| f0 fe e7 6c 1c 77 f6 fb e7 a5 0a 32 d5 e1 cf da \|...l.w.....2....\| 8c c7 92 a4 4d 48 62 4b cb fc 58 7f 03 25 2f 2b \|....MHbK..X..%/+\| ab ef 70 d1 5b 08 df 25 88 8c 02 09 e5 e0 d6 a7 \|..p.[..%........\| e0 f9 21 4e 2f 25 dd 2b b2 5f c1 34 27 be db c4 \|..!N/%.+._.4'...\| 61 82 b6 b6 0f cf 9a 10 37 2e bf 84 02 42 9f 60 \|a.......7....B.`\| 6d 6b aa 9f 06 2c 14 48 c8 8f 80 49 b2 fb ba 70 \|mk...,.H...I...p\| c4 0f c8 41 60 80 f9 ba 4f 2b d3 51 ea b4 ee b6 \|...A`...O+.Q....\| 15 6c 21 2b 0e 66 9a 6d 5a e8 c6 96 3c a3 14 6d \|.l!+.f.mZ...<..m\| 6a 5d f7 ef 1d fc d4 38 8f 1d 91 f1 89 99 0c f4 \|j].....8........\| 9f c0 b7 d7 25 14 09 75 19 bc 89 c6 7b 32 b0 8b \|....%..u....{2..\| cc ad dc 90 b7 5f 07 af 19 8c 10 b9 e7 05 c3 f4 \|....._..........\| b7 a1 e7 de cf a6 fc 52 17 50 82 5a 4c d5 de 31 \|.......R.P.ZL..1\| 47 b0 50 49 45 f3 6e 5b 72 f9 2a d4 34 c2 65 28 \|G.PIE.n[r..4.e(\| ec b8 6e ce 37 c5 19 09 ce dc 2e a3 b0 74 70 59 \|..n.7........tpY\| 1c 8d 71 91 7f 3b ed 8a 85 d8 80 3e c1 4f c4 90 \|..q..;.....>.O..\| b2 29 4b 8a 24 4b fe b1 1a 8f cf c9 cb a3 bb 91 \|.)K.$K..........\| 70 dc a2 37 c4 e9 6d 9f a1 8f 76 c7 06 db 3a c7 \|p..7..m...v...:.\| 60 84 c1 49 09 45 5a 79 3b 88 6b c8 e8 af 9a fa \|`..I.EZy;.k.....\| 4d ae 89 58 16 e8 d7 12 78 79 33 18 9d 4f a0 f8 \|M..X....xy3..O..\| 30 d3 5c 92 f8 f6 d7 a0 d4 dd cb 6f 72 98 6a 4b \|0.\........or.jK\| 9f 83 12 6b 1a 53 1c 6c 20 e4 a1 a6 46 42 5a e3 \|...k.S.l ...FBZ.\| 42 93 e6 48 aa d6 27 7d ef 98 7c 62 f9 11 0e cc \|B..H..'}..\|b....\| 3a 51 6a 37 19 7b 2c 4d 12 16 71 c2 e1 02 49 db \|:Qj7.{,M..q...I.\| 98 b3 70 99 7a 8f fd 77 f8 b6 d0 17 34 81 ea 5d \|..p.z..w....4..]\| cf 83 04 d7 02 e4 ff 68 2d 43 17 8b 79 91 d5 c9 \|.......h-C..y...\| 1c 97 4f 0f 68 ff 15 0d bf 27 dc d9 f9 04 ea 6f \|..O.h....'.....o\| fb f7 95 bf 65 49 91 83 b4 98 c8 f7 35 a5 ec 28 \|....eI......5..(\| 97 18 1c 81 18 3b 2a cc 78 cf 7b ca 48 6a 7b 07 \|.....;.x.{.Hj{.\| 3a ff 1b b1 7a 93 e1 79 4d 34 82 d1 65 a6 fd 08 \|:...z..yM4..e...\| b9 80 b0 20 d0 85 fc 5d bb 8a 49 db 3f 37 90 bf \|... ...]..I.?7..\| eb 61 d0 c5 1a e5 f1 3a 02 29 04 b4 7b b4 fb 0d \|.a.....:.)..{...\| 16 92 31 6d 7e 5c 53 76 84 24 a7 d4 23 a1 9e c7 \|..1m~\Sv.$..#...\| 58 57 3b 69 c1 94 c8 c7 40 7f d0 13 10 9e 5f 6f \|XW;i....@....._o\| 23 80 fe 3f b0 6c f6 e5 35 5d bb 51 5d 95 9f de \|#..?.l..5].Q]...\| a5 8f 1f 5c 93 27 72 39 da 31 2f 31 db ec 25 f9 \|...\.'r9.1/1..%.\| 3d f2 c3 c0 9b 98 b2 8b 90 eb 70 c0 7b b3 12 5c \|=.........p.{..\\| e2 2c 87 b2 55 5b fc b9 09 2e 2c 2a be d6 cc 0c \|.,..U[....,....\| a2 07 6c 6e 17 f8 59 5d be 77 71 66 2c 4d f6 29 \|..ln..Y].wqf,M.)\| 02 c3 c3 d4 70 21 7c 86 62 58 96 e9 bb 4b 59 9b \|....p!\|.bX...KY.\| 76 4b 28 1c 9d d5 be 63 4c 9e 31 59 46 6c d5 c4 \|vK(....cL.1YFl..\| d5 5e 65 80 f2 9c 07 f4 e7 88 02 33 f7 ea 54 2f \|.^e........3..T/\| c1 c4 6d f0 50 ae bc ba 29 f1 e5 84 c0 ca b6 3f \|..m.P...)......?\| 1a 7c 43 c3 8e 28 b7 69 f9 88 c5 99 bf 0c c7 e2 \|.\|C..(.i........\| 6d eb f1 65 f1 37 2f 94 aa f6 87 a8 b9 d8 29 3f \|m..e.7/.......)?\| 69 0f 77 05 98 4e ac 60 60 18 fc 87 81 b7 45 66 \|i.w..N.``.....Ef\| 4a ab b4 48 ea 54 f8 35 87 26 d3 57 70 b9 3f fe \|J..H.T.5.&.Wp.?.\| 47 7c 61 fa 0b d1 0b 68 43 e9 87 39 cf ab e0 fc \|G\|a....hC..9....\| 0a 64 f5 bc 46 22 fc f4 dc eb 4d f9 4b 46 8d 4b \|.d..F"....M.KF.K\| 18 9e a1 b2 83 a5 f7 24 33 a4 09 c1 61 5a 31 7f \|.......$3...aZ1.\| 46 eb 38 38 b4 ed 25 42 2b aa 38 c9 d1 08 2f 87 \|F.88..%B+.8.../.\| 25 c3 21 8c 44 f1 9e 4a 20 e4 e7 06 10 e8 53 59 \|%.!.D..J .....SY\| 77 87 46 85 88 3b 5e 9c 55 b7 9f d7 b0 40 c1 a7 \|w.F..;^.U....@..\| 9b ad 08 3d 32 15 2f a6 61 38 51 be db 30 e6 8b \|...=2./.a8Q..0..\| fe f4 2b c3 ba bf 99 98 a4 5b 4f 06 b9 e1 66 37 \|..+......[O...f7\| 8c 93 c5 cc d6 9e da 16 b1 23 34 78 e6 bd 0f a7 \|.........#4x....\| 1e 64 37 63 e5 67 cc e0 c4 d1 d8 0d e0 94 c4 52 \|.d7c.g.........R\| ec 1e 0e 97 61 53 d9 8c 2f 1b 43 96 77 d4 75 d6 \|....aS../.C.w.u.\| fd 79 fe 2c 4b 4f ee 30 c6 4e 92 77 3e b4 06 ac \|.y.,KO.0.N.w>...\| 96 6b d4 4d a1 2c 66 12 5a 8c f5 4d f8 69 44 d4 \|.k.M.,f.Z..M.iD.\| a8 4d 5c 39 cd cb fd 59 1e f4 95 a4 10 50 d7 8a \|.M\9...Y.....P..\| 46 0f 57 f2 0f 54 c0 bf 1b d5 88 a5 fa 25 2d f0 \|F.W..T.......%-.\| 0e 69 6a f5 f3 61 fa 3f a3 dd bf c7 b5 2c 6c c6 \|.ij..a.?.....,l.\| 9d 0e 11 e0 c2 2e 2a c4 bb 4a f9 7d 2e 66 63 11 \|........J.}.fc.\| 01 d0 8a 28 eb cb ea dc 92 17 b2 e8 b4 bf 79 ce \|...(..........y.\| 22 e1 c6 c3 7a 4d ea 64 e9 31 0f 86 6a 3e 9d a9 \|"...zM.d.1..j>..\| 38 f5 5f e3 83 f9 d6 3d 8b a1 d1 e2 b4 36 39 a4 \|8._....=.....69.\| 3c 7a 7e 9b 96 7a 4d f5 b7 c4 4c 45 aa 73 1a c9 \|KiV\| ec 30 20 4f da 86 f8 10 86 1e 88 ad 0c a4 95 df \|.0 O............\| cd e8 2f ca a9 be d5 5a ea b6 a6 77 78 03 98 9d \|../....Z...wx...\| 07 42 22 a6 35 1d f3 d4 e5 da 9c 5c 3e 61 27 12 \|.B".5......\>a'.\| 14 43 22 e8 c2 d3 a0 6f 9e 5c 16 77 89 f4 1d 89 \|.C"....o.\.w....\| 60 98 9a eb 40 68 c5 3f dd 4d fa 0f 66 61 6f ca \|`...@h.?.M..fao.\| b1 c6 2d 0e b7 e5 de 27 85 32 60 46 36 e2 1d c4 \|..-....'.2`F6...\| a0 58 9d 64 bb 08 e5 8d fd 29 77 cf 1c 81 1a 3e \|.X.d.....)w....>\| ff 10 c6 69 da 6f 49 08 a3 23 7d 98 6c 41 45 88 \|...i.oI..#}.lAE.\| 52 18 85 aa 0b ce d2 0f 3a 11 ac 7d 1d 50 55 30 \|R.......:..}.PU0\| 3a 32 aa 7e 20 1c 9f ab 5d 10 2a f7 38 3a c6 a6 \|:2.~ ...]..8:..\| e5 e5 eb ae 36 c2 0c 29 eb 9f f7 cd 48 13 d0 fa \|....6..)....H...\| 83 b2 d5 28 24 cc a4 c2 7d ca e3 c1 cc aa 53 82 \|...($...}.....S.\| ae 40 b3 b0 e8 1d 17 55 cd 60 79 46 a4 bf c4 8c \|.@.....U.`yF....\| e0 8b 8a 90 22 96 1f 0f 32 1b ef 28 81 26 25 13 \|...."...2..(.&%.\| e1 1b 01 48 73 4f 7c 20 02 d5 18 42 59 02 ea 67 \|...HsO\| ...BY..g\| 3a 2b 51 39 fc c0 db 67 0d bb 54 2e d0 f0 f6 e4 \|:+Q9...g..T.....\| 9d df 3b 5e c7 f9 c9 29 0b 75 7d f1 b2 3a 80 a0 \|..;^...).u}..:..\| 5e 74 f1 f5 39 c8 a6 b7 06 5b dc af \|^t..9....[.. \|

module_name	Shadow.exe
flags	0
timestamp	0
version	0.0
ordinal_base	1
nFunctions	18
nNames	18
Names(18)	0x7e5790
Functions(18)	0x7e5724
NameOrdinals(18)	0x7e576c

show previews

offset	size	type	comment
0	3128832	EXE	12/29/2013 18:09:17	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x62fb20

[?] can't find file_offset of VA 0x62fc54

[?] can't find file_offset of VA 0x62fd88

[?] can't find file_offset of VA 0x62febc

[?] can't find file_offset of VA 0x62fff0

[?] can't find file_offset of VA 0x630124

[?] can't find file_offset of VA 0x630410

[?] can't find file_offset of VA 0x6306fc

[?] can't find file_offset of VA 0x6309e8

[?] can't find file_offset of VA 0x630cd4

[?] can't find file_offset of VA 0x630e08

[?] can't find file_offset of VA 0x630f3c

[?] can't find file_offset of VA 0x631070

[?] can't find file_offset of VA 0x63135c

[?] can't find file_offset of VA 0x631648

[?] can't find file_offset of VA 0x631934

[?] can't find file_offset of VA 0x631c20

[?] can't find file_offset of VA 0x631f0c

[?] can't find file_offset of VA 0x6321f8

[?] can't find file_offset of VA 0x63232c

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[?] can't find file_offset of VA 0x6323e0

[?] can't find file_offset of VA 0x6325b0

[?] can't find file_offset of VA 0x632794

[?] can't find file_offset of VA 0x632964

[?] can't find file_offset of VA 0x632b34

[?] can't find file_offset of VA 0x632d04

[?] can't find file_offset of VA 0x632ed4

[?] can't find file_offset of VA 0x6330a4

[?] can't find file_offset of VA 0x633274

[?] can't find file_offset of VA 0x633444

[?] can't find file_offset of VA 0x633614

[?] can't find file_offset of VA 0x6338fc

[?] can't find file_offset of VA 0x633b2c

[?] can't find file_offset of VA 0x633d5c

[?] can't find file_offset of VA 0x633f8c

[?] can't find file_offset of VA 0x63421c

[?] can't find file_offset of VA 0x6344ac

[?] can't find file_offset of VA 0x634594

[?] can't find file_offset of VA 0x634abc

[?] can't find file_offset of VA 0x635310

[?] can't find file_offset of VA 0x635408

[?] can't find file_offset of VA 0x635930

[?] can't find file_offset of VA 0x635a18

[?] can't find file_offset of VA 0x635b10

[?] can't find file_offset of VA 0x636338

[?] can't find file_offset of VA 0x636420

[?] can't find file_offset of VA 0x6365d4

[?] can't find file_offset of VA 0x636788

[?] can't find file_offset of VA 0x63693c

[?] can't find file_offset of VA 0x637164

[?] can't find file_offset of VA 0x637e28

[?] can't find file_offset of VA 0x637f90

[?] can't find file_offset of VA 0x6387b8

[?] can't find file_offset of VA 0x638ce0

[?] can't find file_offset of VA 0x638da8

[?] can't find file_offset of VA 0x638e70

[?] can't find file_offset of VA 0x639358

[?] can't find file_offset of VA 0x639428

[?] can't find file_offset of VA 0x6394f8

[?] can't find file_offset of VA 0x6395c8

[?] can't find file_offset of VA 0x639698

[?] can't find file_offset of VA 0x639768

[?] can't find file_offset of VA 0x639838

[?] can't find file_offset of VA 0x639d20

[?] can't find file_offset of VA 0x63a208

[?] can't find file_offset of VA 0x63a6f0

[?] can't find file_offset of VA 0x63b3d8

[?] can't find file_offset of VA 0x63c0c0

[?] can't find file_offset of VA 0x63cda8

[?] can't find file_offset of VA 0x63d010

[?] can't find file_offset of VA 0x63d278

[?] can't find file_offset of VA 0x63d4e0

[?] can't find file_offset of VA 0x63e1c8

[?] can't find file_offset of VA 0x63eeb0

[?] can't find file_offset of VA 0x63fbd8

[?] can't find file_offset of VA 0x644704

[?] can't find file_offset of VA 0x64482c

[?] can't find file_offset of VA 0x644954

[?] can't find file_offset of VA 0x644a1c

[?] can't find file_offset of VA 0x644c84

[?] can't find file_offset of VA 0x6451c4

[?] can't find file_offset of VA 0x6452d8

[?] can't find file_offset of VA 0x64538c

[?] can't find file_offset of VA 0x645448

[?] can't find file_offset of VA 0x645508

[?] can't find file_offset of VA 0x6455c4

[?] can't find file_offset of VA 0x645680

[?] can't find file_offset of VA 0x645740

[?] can't find file_offset of VA 0x645800

[?] can't find file_offset of VA 0x645c90

[?] can't find file_offset of VA 0x645f4c

[?] can't find file_offset of VA 0x6460fc

[?] can't find file_offset of VA 0x646950

[?] can't find file_offset of VA 0x647278

[?] can't find file_offset of VA 0x647a94

[?] can't find file_offset of VA 0x6485c8

[?] can't find file_offset of VA 0x6488a0

[?] can't find file_offset of VA 0x648ce8

[?] can't find file_offset of VA 0x649058

[?] can't find file_offset of VA 0x649260

[?] can't find file_offset of VA 0x64950c

[?] too many errors getting resource data, stopped on 0 of 1

[?] can't find file_offset of VA 0x57ac2c