pe.dll

info
MZ
PE
imports
exports
foremost
hexdump
disasm
log
discuss
donate

filename	pe.dll
size	188928 (0x2e200)
md5	c02c429b235fa5a7505eefee498d9d51

type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x78
blocks_in_file	1
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 69 73 20  61 20 66 69 6c 65 20 6c  |This is a file l|
00000020: 6f 61 64 65 72 20 20 6d  6f 64 75 6c 65 20 66 6f  |oader  module fo|
00000030: 72 20 49 44 41 24 20 20  36 ef ce 27 72 8e a0 74  |r IDA$  6..'r..t|
00000040: 72 8e a0 74 72 8e a0 74  7b f6 33 74 7a 8e a0 74  |r..tr..t{.3tz..t|
00000050: af 71 6b 74 76 8e a0 74  49 d0 a3 75 71 8e a0 74  |.qktv..tI..uq..t|
00000060: 49 d0 a5 75 66 8e a0 74  49 d0 a4 75 79 8e a0 74  |I..uf..tI..uy..t|
00000070: 49 d0 a1 75 76 8e a0 74  e5 d0 a1 75 71 8e a0 74  |I..uv..t...uq..t|
00000080: 72 8e a1 74 cb 8e a0 74  e5 d0 a5 75 77 8e a0 74  |r..t...t...uw..t|
00000090: e5 d0 a0 75 73 8e a0 74  e5 d0 a2 75 73 8e a0 74  |...us..t...us..t|
000000a0: 52 69 63 68 72 8e a0 74  00 00 00 00 ed a0 d1 e8  |Richr..t........|
000000b0: 4a 69 61 6e 67 20 59 69  6e 67 2c 20 50 65 72 73  |Jiang Ying, Pers|

PE Header

Signature	PE
Machine	0x8664
NumberOfSections	6
TimeDateStamp	0x59ba67b3
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xf0
Characteristics	0x2022
Magic	0x20b
LinkerVersion	14.0
SizeOfCode	0x1ee00
SizeOfInitializedData	0x1fa00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1e62c
BaseOfCode	0x1000
ImageBase	0x14000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	6.0
ImageVersion	0.0
SubsystemVersion	6.0
Reserved1	0
SizeOfImage	0x42000
SizeOfHeaders	0x400
CheckSum	0
Subsystem	2
DllCharacteristics	0x160
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MASM/TASM - sig1(h)

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x1ec4a	0x1ee00	R-X CODE
.rdata	0x20000	0xca48	0xcc00	R-- IDATA
.data	0x2d000	0x10c90	0x400	RW- IDATA
.pdata	0x3e000	0x1944	0x1a00	R-- IDATA
.gfids	0x40000	0x2c	0x200	R-- IDATA
.reloc	0x41000	0x3bc	0x400	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x2b710	0x40
IMPORT	0x2b750	0xc8
RESOURCE	0	0
EXCEPTION	0x3e000	0x1944
SECURITY	0	0
BASERELOC	0x41000	0x3bc
DEBUG	0x27180	0x54
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x271e0	0x94
Bound_IAT	0	0
IAT	0x20000	0x5f0
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
IDA.dll	1108	qctime_utc
IDA.dll	808	interr
IDA.dll	1095	qalloc
IDA.dll	1129	qfree
IDA.dll	1192	qstrncpy
IDA.dll	1181	qstpncpy
IDA.dll	1177	qsnprintf
IDA.dll	1214	qvsnprintf
IDA.dll	1348	set_file_ext
IDA.dll	1118	qfileexist
IDA.dll	1096	qalloc_or_throw
IDA.dll	1209	qvector_reserve
IDA.dll	871	is_valid_utf8
IDA.dll	778	idb_utf8
IDA.dll	1137	qgetenv
IDA.dll	1221	rangeset_t_add
IDA.dll	1234	rangeset_t_sub
IDA.dll	954	netnode_check
IDA.dll	972	netnode_kill
IDA.dll	1010	netnode_valobj
IDA.dll	1011	netnode_valstr
IDA.dll	987	netnode_set
IDA.dll	948	netnode_altval
IDA.dll	1008	netnode_supval
IDA.dll	1006	netnode_supstr
IDA.dll	1003	netnode_supset
IDA.dll	999	netnode_supnext
IDA.dll	977	netnode_qgetblob
IDA.dll	988	netnode_setblob
IDA.dll	272	ea2node
IDA.dll	9	add_encoding
IDA.dll	1330	set_default_encoding_idx
IDA.dll	862	is_spec_segm
IDA.dll	44	allocate_selector
IDA.dll	1311	sel2para
IDA.dll	655	get_segm_by_sel
IDA.dll	25	add_segm_ex
IDA.dll	24	add_segm
IDA.dll	660	get_segm_qty
IDA.dll	721	getseg
IDA.dll	601	get_next_seg
IDA.dll	507	get_first_seg
IDA.dll	654	get_segm_by_name
IDA.dll	1391	set_segm_end
IDA.dll	1393	set_segm_start
IDA.dll	1392	set_segm_name
IDA.dll	657	get_segm_name
IDA.dll	1310	segtype
IDA.dll	1521	update_segm
IDA.dll	1530	vadd_extra_line
IDA.dll	142	change_storage_type
IDA.dll	1019	next_that
IDA.dll	1015	next_head
IDA.dll	847	is_mapped
IDA.dll	516	get_flags_ex
IDA.dll	250	del_value
IDA.dll	842	is_loaded
IDA.dll	426	get_byte
IDA.dll	711	get_word
IDA.dll	455	get_dword
IDA.dll	645	get_qword
IDA.dll	441	get_data_value
IDA.dll	1087	put_byte
IDA.dll	1093	put_word
IDA.dll	1090	put_dword
IDA.dll	227	del_items
IDA.dll	1379	set_op_type
IDA.dll	1026	num_flag
IDA.dll	183	create_data
IDA.dll	181	create_align
IDA.dll	573	get_max_strlit_length
IDA.dll	195	create_strlit
IDA.dll	1320	set_cmt
IDA.dll	14	add_func_ex
IDA.dll	1064	plan_to_apply_idasgn
IDA.dll	199	create_xrefs_from
IDA.dll	188	create_insn
IDA.dll	1238	read_config
IDA.dll	812	invoke_callbacks
IDA.dll	1382	set_processor_type
IDA.dll	1540	vloader_failure
IDA.dll	336	file2base
IDA.dll	184	create_filename_cmt
IDA.dll	792	import_module
IDA.dll	361	find_plugin
IDA.dll	1299	run_plugin
IDA.dll	1373	set_name
IDA.dll	931	make_name_auto
IDA.dll	934	make_name_public
IDA.dll	450	get_default_reftype
IDA.dll	1032	op_offset_ex
IDA.dll	1031	op_offset
IDA.dll	1448	split_sreg_range
IDA.dll	1329	set_default_dataseg
IDA.dll	404	gen_fix_fixups
IDA.dll	1349	set_fixup
IDA.dll	343	find_custom_fixup
IDA.dll	514	get_fixups
IDA.dll	10	add_entry
IDA.dll	1333	set_entry_forwarder
IDA.dll	1423	show_auto
IDA.dll	75	auto_mark_range
IDA.dll	928	lread
IDA.dll	1148	qlread
IDA.dll	1146	qlgetz
IDA.dll	1150	qlsize
IDA.dll	1149	qlseek
IDA.dll	828	is_debugger_on
IDA.dll	569	get_mangled_name_type
IDA.dll	1321	set_compiler
IDA.dll	727	h2ti
IDA.dll	1052	parse_decls
IDA.dll	586	get_named_type
IDA.dll	793	import_type
IDA.dll	686	get_struc
IDA.dll	694	get_struc_size
IDA.dll	1502	under_debugger
IDA.dll	794	inf
IDA.dll	1297	root_node
IDA.dll	135	callui
IDA.dll	1062	ph
IDA.dll	64	ash
IDA.dll	1099	qcalloc
IDA.dll	1528	utf16_utf8
IDA.dll	1088	put_bytes
IDA.dll	1529	utf8_utf16
MSVCP140.dll	654	void __cdecl std::_Xlength_error(char const * __ptr64) ?_Xlength_error@std@@YAXPEBD@Z
ole32.dll	30	CoCreateInstance
ole32.dll	83	CoInitialize
ole32.dll	131	CoUninitialize
KERNEL32.dll	1362	SetUnhandledExceptionFilter
KERNEL32.dll	874	IsDebuggerPresent
KERNEL32.dll	852	InitializeSListHead
KERNEL32.dll	279	DisableThreadLibraryCalls
KERNEL32.dll	733	GetSystemTimeAsFileTime
KERNEL32.dll	949	LocalFree
KERNEL32.dll	415	FormatMessageA
KERNEL32.dll	1198	RtlCaptureContext
KERNEL32.dll	1205	RtlLookupFunctionEntry
KERNEL32.dll	1212	RtlVirtualUnwind
KERNEL32.dll	1426	UnhandledExceptionFilter
KERNEL32.dll	527	GetCurrentProcess
KERNEL32.dll	1392	TerminateProcess
KERNEL32.dll	880	IsProcessorFeaturePresent
KERNEL32.dll	1072	QueryPerformanceCounter
KERNEL32.dll	528	GetCurrentProcessId
KERNEL32.dll	532	GetCurrentThreadId
VCRUNTIME140.dll	37	__std_type_info_destroy_list
VCRUNTIME140.dll	34	__std_exception_destroy
VCRUNTIME140.dll	33	__std_exception_copy
VCRUNTIME140.dll	54	_purecall
VCRUNTIME140.dll	35	__std_terminate
VCRUNTIME140.dll	61	memmove
VCRUNTIME140.dll	64	strchr
VCRUNTIME140.dll	65	strrchr
VCRUNTIME140.dll	1	_CxxThrowException
VCRUNTIME140.dll	14	__CxxFrameHandler3
VCRUNTIME140.dll	62	memset
VCRUNTIME140.dll	66	strstr
VCRUNTIME140.dll	60	memcpy
VCRUNTIME140.dll	8	__C_specific_handler
api-ms-win-crt-runtime-l1-1-0.dll	84	abort
api-ms-win-crt-runtime-l1-1-0.dll	57	_invalid_parameter_noinfo_noreturn
api-ms-win-crt-runtime-l1-1-0.dll	34	_execute_onexit_table
api-ms-win-crt-runtime-l1-1-0.dll	22	_cexit
api-ms-win-crt-runtime-l1-1-0.dll	30	_crt_atexit
api-ms-win-crt-runtime-l1-1-0.dll	103	terminate
api-ms-win-crt-runtime-l1-1-0.dll	54	_initterm
api-ms-win-crt-runtime-l1-1-0.dll	55	_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll	63	_seh_filter_dll
api-ms-win-crt-runtime-l1-1-0.dll	24	_configure_narrow_argv
api-ms-win-crt-runtime-l1-1-0.dll	51	_initialize_narrow_environment
api-ms-win-crt-runtime-l1-1-0.dll	52	_initialize_onexit_table
api-ms-win-crt-runtime-l1-1-0.dll	60	_register_onexit_function
api-ms-win-crt-string-l1-1-0.dll	52	_strnicmp
api-ms-win-crt-string-l1-1-0.dll	42	_stricmp
api-ms-win-crt-string-l1-1-0.dll	134	strcmp
api-ms-win-crt-convert-l1-1-0.dll	80	atoi
api-ms-win-crt-heap-l1-1-0.dll	8	_callnewh
api-ms-win-crt-heap-l1-1-0.dll	25	malloc
api-ms-win-crt-heap-l1-1-0.dll	24	free

ord	entry_va	function_name
1	0x2d000	LDSC

module_name	pe.dll
flags	0
timestamp	2017-09-14 11:27:47
version	0.0
ordinal_base	1
nFunctions	1
nNames	1
Names(1)	0x2b73c
Functions(1)	0x2b738
NameOrdinals(1)	0x2b740

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	183344	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[!] non-zero dos stub after rich_hdr: "\x00\x00\x00\x00\xED\xA0\xD1\xE8Jiang Ying, Pers"