MZ Header

Rich Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 040904e4

VS_FIXEDFILEINFO

offsetsizetypecomment
026112EXE12/05/2009 22:50:46#
66004446485BINoverlay data past EOF#
Type = Nsis
Method = LZMA:23
Solid = +

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
                    .....        11264      4446481  $PLUGINSDIR/System.dll
                    .....         4096               $PLUGINSDIR/UserInfo.dll
2011-09-20 21:35:14 .....        40787               $0/023.dat
2010-11-26 22:07:20 .....         2181               $0/023v.dat
2010-02-12 20:55:28 .....          660               $0/023w7.dat
2011-06-26 19:16:00 .....          666               $0/AWF.cmd
2012-02-10 22:12:14 .....          690               $0/ActiveDrv.vbs
2012-04-24 04:25:14 .....       170010               $0/AppDataFile.cfx
2012-04-23 19:02:58 .....        26806               $0/AppDataFolder.cfx
2010-04-15 18:11:36 .....         4144               $0/Assoc.cmd
2011-07-20 00:38:32 .....         5194               $0/Auto-RC.cmd
2012-01-03 13:27:24 .....        40960               $0/BFE.dat
2011-11-19 13:14:36 .....         5277               $0/Boot-Rk.cmd
2011-11-19 13:14:26 .....         8400               $0/Boot.bat
2010-07-27 12:55:16 .....          875               $0/BootDrv.vbs
2011-12-31 16:32:26 .....        30919               $0/CF-Script.cmd
2010-10-21 12:45:48 .....         1080               $0/Catch-sub.cmd
2010-08-19 19:16:34 .....         1024               $0/Combo-Fix.sys
2000-08-31 04:00:00 .....       236032               $0/ComboFix-Download.3XE
2011-10-30 15:38:22 .....         8216               $0/Combobatch.bat
2011-07-12 17:19:02 .....        19312               $0/Create.cmd
2012-04-20 10:19:18 .....       594809               $0/Creg.dat
2011-09-01 21:03:18 .....         4564               $0/CregC.cmd
2010-04-17 13:21:48 .....          472               $0/CregC.dat
2000-08-31 04:00:00 .....          746               $0/DPF.str
2011-05-07 15:25:14 .....         1948               $0/DelClsid.bat
2011-05-07 15:25:36 .....         1957               $0/DelClsid64.bat
2012-04-23 19:03:08 .....        15951               $0/DesktopFile.cfx
2010-01-23 08:17:42 .....           46               $0/Dnl.dat
2010-04-18 22:44:24 .....          650               $0/DrvRun.vbs
2005-10-20 16:02:28 .....       163328               $0/ERDNT.e_e
2000-08-31 04:00:00 .....         2815               $0/ERDNTDOS.LOC
2000-08-31 04:00:00 .....         3275               $0/ERDNTWIN.LOC
2005-10-20 16:00:28 .....       394752               $0/ERUNT.3XE
2000-08-31 04:00:00 .....         4090               $0/ERUNT.LOC
2012-03-09 14:29:58 .....        17373               $0/Exe.reg
2011-12-24 13:35:54 .....        11389               $0/FD-SV.cmd
2012-02-19 19:14:44 .....        34257               $0/FIND3M.bat
2011-10-26 20:32:16 .....         5865               $0/FIXLSP.bat
2011-07-20 00:38:32 .....         1115               $0/FKMGen.cmd
2010-09-05 12:52:14 .....           20               $0/FavoriteFolder.cfx
2012-04-17 16:35:32 .....        10058               $0/FavoritesFile.cfx
2000-08-31 04:00:00 .....       145920               $0/FileKill.3XE
2010-08-10 00:32:44 .....          677               $0/Fin.dat
2011-06-03 13:43:34 .....         6090               $0/GetHive.cmd
2010-09-05 03:07:30 .....          224               $0/Imefile.dat
2011-07-14 13:30:12 .....         8096               $0/Install-RC.cmd
2011-07-14 13:29:42 .....         1395               $0/Kill-All.cmd
2010-12-18 19:52:02 .....          315               $0/Ksvchost.vbs
2011-11-05 09:13:06 .....       253091               $0/Lang.bat
2012-04-14 21:42:26 .....        29416               $0/List-B.bat
2012-04-12 19:52:50 .....       269214               $0/List-C.bat
2012-03-30 13:14:44 .....       120809               $0/List-D.bat
2012-04-24 04:25:50 .....      2668050               $0/List.bat
2012-04-23 19:03:10 .....        22037               $0/LocalAppDataFile.cfx
2012-04-17 23:53:48 .....         5824               $0/LocalAppDataFolder.cfx
2000-08-31 04:00:00 .....          225               $0/LocalService.dat
2000-08-31 04:00:00 .....           91               $0/LocalServiceNetworkRestricted.dat
2012-03-17 00:44:48 .....         3818               $0/LocalSettingsFile.cfx
2000-08-31 04:00:00 .....          198               $0/LocalSystemNetworkRestricted.dat
2011-07-28 23:06:10 .....         2862               $0/MoveIt.bat
2012-02-11 08:48:16 .....         8192               $0/MpsSvc.dat
2011-12-26 03:40:08 .....        66359               $0/ND_.bat
2011-12-26 03:39:44 .....        17689               $0/ND_64.bat
2012-04-09 18:22:32 .....        48807               $0/NT-OS.cmd
2000-08-31 04:00:00 .....           88               $0/NetworkService.dat
2009-04-20 08:56:28 .....        60416               $0/NirCmd.3XE
2009-04-20 08:56:28 .....        60416               $0/firefox.exe
2009-04-20 08:56:28 .....        60416               $0/iexplore.exe
2009-04-20 08:56:28 .....        60416               $0/n.pif
2000-08-31 04:00:00 .....        32317               $0/NirCmd.chm
2009-04-20 08:56:26 .....        58880               $0/NirCmdC.3XE
2011-09-24 01:16:50 .....         1378               $0/NirScript.dat
2000-08-31 04:00:00 .....          977               $0/OSid.vbs
2012-04-24 04:25:54 .....        22654               $0/P.cmd
2012-04-23 19:03:14 .....         9261               $0/PersonalFile.cfx
2012-04-16 06:22:14 .....          290               $0/PersonalFolder.cfx
2009-07-05 23:51:10 .....         2992               $0/Policies.dat
2011-08-23 23:04:52 .....         2870               $0/Prep.inf
2012-04-22 16:17:26 .....        28917               $0/ProfilesFile.cfx
2012-03-31 14:33:40 .....         1512               $0/ProfilesFolder.cfx
2012-04-23 19:03:34 .....         8538               $0/ProgramsFile.cfx
2012-04-22 16:15:24 .....        16739               $0/ProgramsFolder.cfx
2000-08-31 04:00:00 .....          404               $0/Purity.dat
2000-08-31 04:00:00 .....         7478               $0/RCLink.dat
2000-08-31 04:00:00 .....         3558               $0/REGDACL.sed
2000-08-31 04:00:00 .....         9203               $0/RegDo.sed
2012-03-30 13:39:02 .....        54060               $0/RegScan.cmd
2012-03-30 13:40:46 .....        20380               $0/RegScan64.cmd
2009-11-15 00:35:16 .....          442               $0/Rkey.cmd
2009-06-10 07:38:44 .....           30               $0/Rust.str
2011-06-23 22:52:40 .....         2147               $0/SRestore.cmd
2009-10-18 08:00:38 .....          585               $0/Safeboot.def.w7.dat
2011-06-26 19:35:12 .....        17077               $0/SetEnvmt.bat
2011-06-23 22:52:40 .....         4634               $0/SnapShot.cmd
2012-04-17 23:54:34 .....         7524               $0/StartMenuFile.cfx
2012-01-29 19:54:12 .....          576               $0/StartMenuFolder.cfx
2012-04-23 19:03:38 .....        23370               $0/StartUpFile.cfx
2011-11-19 13:17:54 .....        20664               $0/SuppScan.cmd
2000-08-31 04:00:00 .....         2176               $0/SvcDrv.vbs
2012-04-22 16:17:30 .....         7737               $0/TemplatesFile.cfx
2012-03-27 14:36:36 .....          138               $0/TemplatesFolder.cfx
2012-01-10 05:47:22 .....         3987               $0/Update-CF.cmd
2012-02-18 23:06:14 .....         9098               $0/VBR.pif
2011-06-22 12:40:36 .....          557               $0/VINFO3
2011-06-22 12:40:32 .....         3819               $0/VInfo
2012-04-20 10:18:04 .....        19268               $0/VInfo2
2010-05-10 19:30:04 .....          308               $0/Vipev.dat
2010-07-31 13:05:38 .....          244               $0/VwinTemp.dacl
2010-12-11 22:38:02 .....         1127               $0/Wmi_rem.vbs
2010-02-02 13:41:38 .....        13090               $0/XPSBoot.reg
2000-08-31 04:00:00 .....         6760               $0/appinit.bad
2009-07-13 19:09:30 .....          602               $0/asp.str
2012-04-10 23:30:26 .....         4621               $0/av.cmd
2010-12-15 18:02:06 .....         2933               $0/av.vbs
2012-04-24 04:26:00 .....      1075256               $0/badclsid.c
2012-03-19 04:14:46 .....        64092               $0/c.bat
2009-04-17 13:37:10 .....       147456               $0/catchme.3XE
2012-04-24 04:26:00 .....       270063               $0/clsid.c
2011-06-06 13:52:50 .....       101376               $0/dd.3XE
2009-05-25 05:59:50 .....         7983               $0/ddsDo.sed
2000-08-31 04:00:00 .....        51200               $0/dumphive.3XE
2000-08-31 04:00:00 .....          303               $0/embedded.sed
2000-08-31 04:00:00 .....        52736               $0/extract.3XE
2010-08-30 00:45:50 .....        38901               $0/ffdefstr.dll
2012-04-24 04:26:00 .....         3175               $0/files.pif
2011-09-24 00:17:22 .....          670               $0/fl0.bat
2000-08-31 04:00:00 .....        80412               $0/grep.3XE
2000-08-31 04:00:00 .....        15360               $0/gsar.3XE
2008-11-18 08:15:14 .....       417136               $0/handle.3XE
2005-08-15 21:54:58 .....         1536               $0/hidec.3XE
2005-08-15 21:54:58 .....         1536               $_OUTDIR/EN-US/iexplore.exe
2009-10-20 13:25:36 .....          954               $0/history.bat
2010-07-14 20:44:50 .....        74529               $0/hwid.pif
2000-08-31 04:00:00 .....         1057               $0/image001.gif
2011-03-09 04:49:06 .....         1374               $0/katch.cmd
2011-10-09 02:59:50 .....         3495               $0/lnkread.vbs
2009-10-25 02:11:34 .....       184320               $0/mbr.3XE
2010-08-29 07:30:24 .....         2141               $0/mbr.chk
2012-04-24 04:26:00 .....         6732               $0/md5sum.pif
2012-04-24 04:26:00 .....           34               $0/md5sum00.pif
2000-08-31 04:00:00 .....        11264               $0/mtee.3XE
2000-08-31 04:00:00 .....            0               $0/mynul.dat
2011-08-26 16:38:54 .....         8543               $0/ncmd.com
2011-08-26 16:38:54 .....         8543               $_OUTDIR/License/ncmd.cfxxe
2009-12-24 11:12:40 .....          283               $0/ndis_combofix.dat
2010-04-14 14:21:30 .....          520               $0/netsvc.bad.dat
2000-08-31 04:00:00 .....          159               $0/netsvc.dat
2000-08-31 04:00:00 .....          481               $0/netsvc.vista.dat
2000-08-31 04:00:00 .....          525               $0/netsvc.xp.dat
2002-09-29 09:01:16 .....       180224               $0/pausep.3XE
2011-06-26 10:45:56 .....       256000               $0/pev.3XE
2011-06-26 10:45:56 .....       256000               $_OUTDIR/License/firefox.exe
2011-06-26 10:45:56 .....       256000               $_OUTDIR/License/iexplore.exe
2011-01-28 04:28:38 .....       102400               $0/pevb.3XE
2010-05-13 12:57:52 .....           64               $0/powp.dat
2006-03-02 18:42:40 .....        73728               $0/pv.com
2010-09-17 00:03:32 .....         1153               $0/region.dat
2009-05-01 18:26:10 .....          587               $0/restore_pt.vbs
2010-11-07 20:20:24 .....       208896               $0/rmbr.3XE
2000-08-31 04:00:00 .....          820               $0/rogues.dat
2000-08-31 04:00:00 .....          287               $0/run2.sed
1999-11-10 19:00:00 .....        38400               $0/s0rt.3XE
2000-08-31 04:00:00 .....          329               $0/safeboot.dat
2009-06-09 22:25:08 .....         1464               $0/safeboot.def.dat
2010-11-26 21:53:30 .....          482               $0/safeboot.def.vista.dat
2000-08-31 04:00:00 .....        98816               $0/sed.3XE
2000-08-31 04:00:00 .....        66172               $0/setpath.3XE
2012-04-22 23:31:56 .....       344653               $0/srizbi.md5
2009-11-29 01:42:26 .....        11987               $0/svc_wht.dat
2000-08-31 04:00:00 .....          555               $0/svchost.dat
2000-08-31 04:00:00 .....          668               $0/svchost.vista.dat
2010-11-27 08:12:00 .....          749               $0/svchost.vista.x64.dat
2009-10-18 08:14:26 .....          956               $0/svchost.w7.dat
2010-11-27 07:19:42 .....         1306               $0/svchost.w7.x64.dat
2000-08-31 04:00:00 .....       518144               $0/swreg.3XE
2000-08-31 04:00:00 .....       406528               $0/swsc.3XE
2000-08-31 04:00:00 .....       212480               $0/swxcacls.3XE
2000-08-31 04:00:00 .....          276               $0/system_ini.dat
1999-11-10 03:00:00 .....        35328               $0/tail.3XE
2009-10-30 08:26:54 .....          633               $0/toolbar.sed
2010-07-26 23:17:22 .....          440               $0/vistaMcode.dat
2012-02-11 15:39:54 .....        21711               $0/vistareg.dat
2010-06-21 00:05:36 .....         7584               $0/vun.dat
2010-07-24 00:20:44 .....          440               $0/w7Mcode.dat
2012-02-11 15:37:08 .....        22516               $0/w7reg.dat
2009-06-21 10:45:40 .....        98948               $0/w_sock.dll
2010-07-22 18:14:44 .....          440               $0/xpmcode.dat
2012-01-04 09:21:26 .....        63263               $0/xpreg.dat
2000-08-31 04:00:00 .....        23773               $0/zDomain.dat
2012-04-22 23:45:08 .....        66745               $0/zhsvc.dat
2000-08-31 04:00:00 .....        68096               $0/zip.3XE
2009-04-01 04:19:38 .....         1070               $_OUTDIR/License/Curl - license.txt
1996-08-18 22:10:00 .....         7385               $_OUTDIR/License/EXTRACT.TXT
2007-11-14 22:36:34 .....          212               $_OUTDIR/License/FI - license.txt
2010-12-19 12:48:22 .....          144               $_OUTDIR/License/UnxUtilsDist.com
2009-04-01 22:38:26 .....        26383               $_OUTDIR/License/UnxUtilsDist.html
2010-12-21 18:32:48 .....          388               $_OUTDIR/License/UnxUtilsDist.pif
2009-04-01 04:40:18 .....         3412               $_OUTDIR/License/Zip - license.txt
2009-04-01 07:38:06 .....          383               $_OUTDIR/License/dumphive-license.txt
2006-10-31 06:06:42 .....          850               $_OUTDIR/License/mtee.txt
2006-04-13 10:06:04 .....        39183               $_OUTDIR/License/pv_5_2_2.zip
2009-04-01 06:34:50 .....        75425               $_OUTDIR/License/streamtools.zip
                    .....         6656               $_OUTDIR/$PLUGINSDIR/nsExec.dll
                    .....         4608               $_OUTDIR/$PLUGINSDIR/ExecCmd.dll
                    .....                            N_/$PLUGINSDIR/Banner.dll
------------------- ----- ------------ ------------  ------------------------
                              12495431      4446481  206 files, 0 folders
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

everything is OK