| filename | a3.exe | |
|---|---|---|
| size | 38848 (0x97c0) | |
| md5 | cb16d94b837c42a6485d1999b76a137b | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xb8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000070: 00 00 00 00 00 00 00 00 |........ |
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xba6 | 0xc00 | R-X CODE | |
| .rdata | 0x2000 | 0x12a | 0x200 | R-- IDATA | |
| .data | 0x3000 | 0xc8 | 0x200 | RW- IDATA | |
| .rsrc | 0x4000 | 0x7d08 | 0x7e00 | R-- IDATA | |
| .reloc | 0xc000 | 0x11a | 0x200 | R-- IDATA DISCARDABLE |
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| user32.dll | 388 | IsGUIThread | |
| user32.dll | 208 | FindWindowA | |
| kernel32.dll | 308 | GetModuleHandleA | |
| kernel32.dll | 748 | WaitForSingleObject | |
| kernel32.dll | 405 | GetVersion | |
| kernel32.dll | 86 | CreateThread | |
| kernel32.dll | 155 | ExitProcess | |
| kernel32.dll | 339 | GetProcAddress |
Signers (1)
issuer: /CN=Eweriwer
serial: 6F07AD67D6760F8A48153FE50EA6B6E5
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:07:ad:67:d6:76:0f:8a:48:15:3f:e5:0e:a6:b6:e5
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=Eweriwer
Validity
Not Before: Dec 31 22:00:00 2010 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=Eweriwer
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:ae:83:af:cd:92:04:8c:be:c5:7a:9d:d9:1f:82:
5a:13:66:5c:64:c3:bd:c8:a9:13:82:bc:4e:f3:91:
ea:29:3d:59:19:8c:dd:b6:8e:0a:fc:48:c8:49:3e:
6a:74:b8:bb:f2:ff:48:5e:2d:23:60:53:b4:a4:f5:
e5:4a:38:29:90:26:17:ed:e4:f0:13:f4:82:ac:8c:
5a:fc:1c:bc:89:f7:fe:10:c6:cf:04:9b:f8:31:7e:
81:19:c3:42:ae:26:af:a0:82:66:7e:71:91:a6:29:
d3:28:84:8f:8c:c6:c2:a4:9c:fb:6f:1e:73:74:52:
bd:7f:7d:f9:07:eb:92:da:95
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0;...z..?.b..(.EB.....0.1.0...U....Eweriwer..o..g.v..H.?.....
Signature Algorithm: md5WithRSAEncryption
32:b4:67:4c:92:a1:9e:f3:7a:0b:df:97:ba:8f:cf:6b:fe:84:
23:75:57:62:f9:fd:eb:6e:20:6e:0a:d8:fe:d0:55:87:5e:d9:
07:b0:71:f1:19:38:9b:36:1a:bd:b1:cd:a1:bd:72:83:0d:0f:
26:12:97:96:ff:e6:30:1d:72:c6:8f:6e:eb:c8:4c:7e:4c:0e:
aa:16:1b:e1:26:80:92:a0:40:dd:3c:17:2e:dd:3d:e2:47:57:
86:3b:e2:9b:7e:43:8f:86:bc:63:66:24:fb:1f:c5:98:bd:7d:
06:ed:b2:f6:ab:d0:4c:9a:00:cf:4f:d5:1b:89:f0:d0:0a:c9:
49:6fpkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
56 a0 39 1d 55 46 16 7c f9 db fc 96 27 87 ba 09 |V.9.UF.|....'...| e6 c5 51 0a |..Q. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 6F:07:AD:67:D6:76:0F:8A:48:15:3F:E5:0E:A6:B6:E5
- RSA-MD5: nil
- CN: Eweriwer
- 2010-12-31 22:00:00 UTC: 2039-12-31 23:59:59 UTC
- CN: Eweriwer
- #5
- rsaEncryption: nil
- AE:83:AF:CD:92:04:8C:BE:C5:7A:9D:D9:1F:82:5A:13:
66:5C:64:C3:BD:C8:A9:13:82:BC:4E:F3:91:EA:29:3D:
59:19:8C:DD:B6:8E:0A:FC:48:C8:49:3E:6A:74:B8:BB:
F2:FF:48:5E:2D:23:60:53:B4:A4:F5:E5:4A:38:29:90:
26:17:ED:E4:F0:13:F4:82:AC:8C:5A:FC:1C:BC:89:F7:
FE:10:C6:CF:04:9B:F8:31:7E:81:19:C3:42:AE:26:AF:
A0:82:66:7E:71:91:A6:29:D3:28:84:8F:8C:C6:C2:A4:
9C:FB:6F:1E:73:74:52:BD:7F:7D:F9:07:EB:92:DA:95: 0x010001
- 2.5.29.1
d4 7a d1 af 3f 9a 62 01 9f 28 8b 45 42 e7 f5 86 |.z..?.b..(.EB...|
- CN: Eweriwer
6f 07 ad 67 d6 76 0f 8a 48 15 3f e5 0e a6 b6 e5 |o..g.v..H.?.....|
- RSA-MD5:
32 b4 67 4c 92 a1 9e f3 7a 0b df 97 ba 8f cf 6b |2.gL....z......k| fe 84 23 75 57 62 f9 fd eb 6e 20 6e 0a d8 fe d0 |..#uWb...n n....| 55 87 5e d9 07 b0 71 f1 19 38 9b 36 1a bd b1 cd |U.^...q..8.6....| a1 bd 72 83 0d 0f 26 12 97 96 ff e6 30 1d 72 c6 |..r...&.....0.r.| 8f 6e eb c8 4c 7e 4c 0e aa 16 1b e1 26 80 92 a0 |.n..L~L.....&...| 40 dd 3c 17 2e dd 3d e2 47 57 86 3b e2 9b 7e 43 |@.<...=.GW.;..~C| 8f 86 bc 63 66 24 fb 1f c5 98 bd 7d 06 ed b2 f6 |...cf$.....}....| ab d0 4c 9a 00 cf 4f d5 1b 89 f0 d0 0a c9 49 6f |..L...O.......Io|
- 2
- 1
- #0
- CN: Eweriwer
- 6F:07:AD:67:D6:76:0F:8A:48:15:3F:E5:0E:A6:B6:E5
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
bd 06 4e d6 e7 a7 ff 9f 68 75 ae 7a a4 0c 8a 56 |..N.....hu.z...V| 5f 2f 09 c1 |_/.. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
1f 01 bb a7 65 4f 6b 44 11 cb 3c 22 dd 64 0f b0 |....eOkD..<".d..| c3 9a b1 90 08 81 e6 b4 33 ee 61 9a 1a f8 61 9d |........3.a...a.| 0d 53 1f a1 1a 6e 72 c3 eb e3 75 40 ce 3e 6a fe |.S...nr...u@.>j.| 98 9c 47 f3 b7 b5 bf 4a c3 bc cd 9a cb 4b a3 fa |..G....J.....K..| 8f 6e e8 9b d3 55 6c a4 18 93 96 3f 3d ca 6e f3 |.n...Ul....?=.n.| 1a 4f 48 89 12 f8 a4 85 97 be 60 ff b5 03 b9 69 |.OH.......`....i| 6e 83 7c e8 95 56 67 d7 8a ee f9 e3 b2 81 26 32 |n.|..Vg.......&2| b6 a5 1b 9e 20 d4 bb 05 b9 59 90 dc d8 02 6f 85 |.... ....Y....o.|
- #0
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK