filenamePEview1small.exe
size40960 (0xa000)
md5cb628fb6e0e34afd2b8b6d8abb5302a1
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x6c
blocks_in_file1
num_relocs0
header_paragraphs2
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0
checksum0
ip0x11
cs0
reloc_table_offset0x40
overlay_number0
reserved00x336e695700000000
oem_id0x2032
oem_info0x7250
reserved20x6172676f
reserved30xa0d216d
reserved40xba09b424
reserved50x21cd0100
reserved60x21cd4cb4
lfanew0x60

DOS stub

00000000: 57 69 6e 33 32 20 50 72  6f 67 72 61 6d 21 0d 0a  |Win32 Program!..|
00000010: 24 b4 09 ba 00 01 cd 21  b4 4c cd 21 60 00 00 00  |$......!.L.!`...|
00000020: 47 6f 4c 69 6e 6b 2c 20  47 6f 41 73 6d 20 77 77  |GoLink, GoAsm ww|
00000030: 77 2e 47 6f 44 65 76 54  6f 6f 6c 2e 63 6f 6d 00  |w.GoDevTool.com.|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x4dd1b0d7
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion0.38
SizeOfCode0x9000
SizeOfInitializedData0x2000
SizeOfUninitializedData0xd000
AddressOfEntryPoint0x16480
BaseOfCode0xe000
BaseOfData0x17000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x19000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x10000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000xd0000RWX UDATA
UPX10xe0000x90000x8800RWX IDATA
.rsrc0x170000x20000x1600RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x183d80x1dc
RESOURCE0x170000x13d8
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#141360
BITMAP#26160
ICON#116400
ICON#27440
ICON#32960
MENU#112700
DIALOG#18060
DIALOG#21840
DIALOG#34460
STRING#312300
STRING#410920
STRING#11620
STRING#121360
ACCELERATORS#1560
GROUP_ICON#1480
VERSION#17400
MANIFEST#15370
idlangstring
324105
4e 7e 8a d2 e2 cf de 04  77 8a 82 d1 05 e8 c5 d1  |N~......w.......|
8a 8a 73 1d b8 bb ce 15  8a 82 cd 05 0a b4 06 c6  |..s.............|
41 b0 88 35 db 2a 31 e1  86 ca 0c bd 01 75 5f fd  |A..5.*1......u_.|
9b d0 85 33 07 ff 08 4f  1c 15 05 fc 0d 35 b9 04  |...3...O.....5..|
33 bf 34 f3 40 00 ff ff  82 3f 63 f2 af 75 2f 8e  |3.4.@....?c..u/.|
8b 77 20 bf 5f aa 40 00  f3 a4 89 f8 f5 80 dd 49  |.w ._.@........I|
d7 d5 66 29 f8 d1 00 0f  43 8a bf d6 3b 35 86 b8  |..f)....C...;5..|
01 98 3b 80 8b 8c 33 85  c7 8a 2f 70 6c 63 2c ae  |..;...3.../plc,.|
45 00 c3 0d fc 8a 89 b1  f4 8f 55 45 0c 9d 34 04  |E.........UE..4.|
98 15 38 21 9e 4b c7 ef  a8 37 4b 89 31 c0 39 d6  |..8!.K...7K.1.9.|
73 14 8d 7c c3 ff 7f 04  83 c0 02 01 ce 83 e9 08  |s..|............|
78 06 d1 e9 01 c8 eb e8  43 10 22 ba 24 90 7f ff  |x.......C.".$...|
e1 41 43 43 eb 04 01 ce  29 c2 2a 89 c8 83 14 fc  |.ACC....).*.....|
78 f7 e8 08 d1 e8 31 39  c2 73 ea cf 43 89 27 85  |x.....19.s..C.'.|
8c 88 4c 4d 6a 9e 82 6b  70 77 f4 8a 82 9d 05 44  |..LMj..kpw.....D|
7c 06 44 f0 23 e5 02 9b  5e 81 08 48 39 c2 2e b8  ||.D.#...^..H9...|
21 08 1b 42 50 89 d1 dc  5b c2 0d fd 00 83 c6 08  |!..BP...[.......|
29 d1 ab ce 89 15 97 34  f0 ff 40 18 59 58 89 c2  |)......4..@.YX..|
25 00 f0 00 00 81 e2 ff  68 77 07 77 23 3d 00 30  |%.......hw.w#=.0|
3d 37 bf 95 6a be 74 d1  a4 58 e0 44 32 5d 14 23  |=7..j.t..X.D2].#|
f8 5d ef bf bc a2 40 00  01 76 9c 34 e1 45 fd 62  |.]....@..v.4.E.b|
52 c3 a3 a8 28 73 c0 02  18 d0 51 f1 1f 11 00 00  |R...(s....Q.....|
d6 01 f8 19 e2 bd 05 2b  2a 75 84 fb 03 ec 07 03  |.......+*u......|
60 02 00 00 a0 50 45 36  c0 1c d7 1f 13 e7 8a 72  |`....PE6.......r|
07 4c dc d2 06 5c 70 43  55 00 c5 9c a1 40 93 39  |.L...\pCU....@.9|
aa 3a 22 98 00 f2 aa de  73 54 79 1b 03 44 3c ec  |.:".....sTy..D<.|
99 bb 07 03 f5 a7 fb ff  0f 73 0b 0d 00 00 43 75  |.........s....Cu|
73 74 6f 6d 20 28 2a 2e  2a 29 00 04 51 0b 6c 99  |stom (*.*)..Q.l.|
19 09 cc 40 03 73 6c 19  76 0f 54 61 b3 ff 02 31  |...@.sl.v.Ta...1|
41 72 69 61 6c 0c 05 6c  84 99 80 5d 64 1b 08 1b  |Arial..l...]d...|
61 83 33 17 ff ff 3f ec  20 00 49 4d 41 47 45 5f  |a.3...?. .IMAGE_|
52 45 4c 5f 42 41 53 45  44 5f 48 49 47 48 10 65  |REL_BASED_HIGH.e|
23 ec 4c 4f 57 37 17 29  82 1f 04 4e 00 00 00 5b  |#.LOW7.)...N...[|
e9 ba ee bf 1f 01 00 00  14 02 00 00 47 0f 31 07  |............G.1.|
00 03 01 c8 01 98 a6 02  04 c0 80 0c 91 21 6b d5  |.............!k.|
ae 28 e7 3a f2 33 13 32  9f 0a 70 11 7d 2a 00 45  |.(.:.3.2..p.}*.E|
9b ff ee 3b b8 a0 10 40  00 bc 03 30 1d 40 00 14  |...;...@...0.@..|
18 40 00 48 88 17 69 be  69 fe 40 00 dc 1b 40 00  |.@.H..i.i.@...@.|
e8 f0 00 1c 40 00 10 80  ee ff bb a6 90 00 2b 70  |....@.........+p|
26 40 00 50 12 40 00 1c  15 40 00 38 03 a6 69 be  |&@.P.@...@.8..i.|
f9 c0 14 40 00 80 6d fe  ff ff 6f 6b 64 ba ae f9  |...@..m...okd...|
ff f9 ff ff ff f8 fd ff  ff 44 1f 40 00 60 fc 3b  |.........D.@.`.;|
c8 03 b8 1d 05 ae 69 a0  24 bf d7 26 6b 08 c2 75  |......i.$..&k..u|
07 27 03 1d 2a 07 aa 72  01 ae 29 03 bb a9 ca 54  |.'..*..r..)....T|
65 92 66 3a ae 2a 57 95  be 99 9a a6 e9 ba 33 1b  |e.f:.*W.......3.|
34 03 35 36 39 3a 05 98  a6 69 37 38 3b ee 3f f7  |4.569:...i78;.?.|
5d 61 1c 28 40 00 70 03  a3 74 2a 40 00 cc 03 dc  |]a.(@.p..t*@....|
81 bc f9 c0 2b 40 00 24  30 2c 40 00 54 0f fe bb  |....+@.$0,@.T...|
ff c3 03 94 19 40 00 c0  34 40 00 78 13 a8 22 40  |.....@..4@.x.."@|
00 34 23 40 00 94 df fd  9b ef 03 24 24 40 00 ac  |.4#@.......$$@..|
54 2d 40 00 4d 61 69 6e  66 00 54 6f 6f 6c f7 ff  |T-@.Mainf.Tool..|
ff ff 42 61 72 57 69 6e  64 6f 77 33 32 00 6d 73  |..BarWindow32.ms|
63 74 6c 73 5f 73 74 61  74 75 73 62 61 72 12 7a  |ctls_statusbar.z|
bf f7 7f 00 53 79 73 54  72 65 65 56 69 65 21 35  |....SysTreeVie!5|
00 00 f7 10 b0 99 29 80  0d 05 82 bd 17 ec a4 0e  |......).........|
0a d7 0e 58 ec 35 c4 06  c6 00 ef 0c 04 05 7b 0e  |...X.5........{.|
2a fe fb 0e 64 b1 c3 8b  06 5b 0b 0c 04 86 82 60  |*...d....[.....`|
6f 58 13 e2 78 c1 1e 0f  67 05 24 13 0a ae 2a d8  |oX..x...g.$...*.|
7b 77 04 08 13 5e 0c d1  c0 0e 87 13 a0 63 b0 81  |{w...^.......c..|
1d 97 13 2e 00 7f 0e 2e  6a d8 0b b3 bb 1d 1c c1  |........j.......|
c0 63 8f cb 0e 8e a2 81  3b 54 db ec fd ff c0 13  |.c......;T......|
53 6f 66 74 77 61 72 65  5c 57 4a 52 4f 0f ff 7d  |Software\WJRO..}|
c3 0f 5c 50 45 76 53 00  46 6f 6e 74 1b 4f 70 65  |..\PEvS.Font.Ope|
6e 44 fb ff e6 ef 69 72  00 07 45 78 74 74 69 6f  |nD....ir..Exttio|
6e 73 00 50 6c 61 63 65  6d 65 24 b9 0e 08 37 28  |ns.Placeme$...7(|
7d 2b 07 dc 1f 30 f7 fb  30 07 e6 00 52 65 61 64  |}+...0..0...Read|
79 13 7f d8 bb ff 43 69  6e 67 2e 2e f4 43 6c 6f  |y.....Cing...Clo|
73 0b 45 78 70 61 6e b3  ee f0 b0 64 0d 00 00 d4  |s.Expan....d....|
0d 20 8a c1 ff ee ff 20  2d 20 55 6e 74 69 74 6c  |. ..... - Untitl|
65 64 43 45 78 65 63 75  74 61 62 6c 65 ef 1c c1  |edCExecutable...|
1d 13 65 78 65 15 06 00  44 79 6e e7 ef bb ff 61  |..exe...Dyn....a|
6d 69 63 20 4c 69 6e 6b  04 62 72 61 72 79 22 64  |mic Link.brary"d|
6c 6c fd 11 fc 70 06 33  74 65 4b 73 79 73 df dd  |ll...p.3teKsys..|
ff ee 14 06 00 41 63 74  69 76 65 58 20 43 f0 72  |.....ActiveX C.r|
6f 6c 32 6f f0 0f eb de  63 78 1d 06 00 15 50 61  |ol2o....cx....Pa|
6e 65 6c 20 bb d8 cf dd  00 65 6e 73 ff 25 63 70  |nel .....ens.%cp|
58 06 00 53 f7 fe fe 8e  63 8a 6e 20 53 61        |X..S....c.n Sa  |
484105
72 1a 73 63 72 40 06 9d  3b 7f 7f 00 4f 62 6a 65  |r.scr@..;...Obje|
63 74 14 6f 62 6a 06 88  6d 64 77 ef b3 62 6a 64  |ct.obj..mdw..bjd|
62 67 14 06 00 4c 69 b3  0f ec bb f7 6c 69 62 15  |bg...Li.....lib.|
06 00 54 79 70 65 ce 74  6c 7f a4 8b fd 62 2c 2a  |..Type.tl....b,*|
2e 6f 6c 20 0c 3b 00 41  6c 6c 20 46 42 90 82 f7  |.ol .;.All FB...|
69 6c 65 73 69 29 3f 86  3b c3 0f 45 72 72 6f 72  |ilesi)?.;..Error|
3a ea 63 65 70 d5 0f 76  f7 60 17 4c 69 63 cd 65  |:.cep..v.`.Lic.e|
00 00 0f 56 65 72 ff ff  ff 63 db 30 2e 39 2e 38  |...Ver...c.0.9.8|
2e 30 0d 0a 43 6f 70 79  72 69 67 68 74 20 a9 20  |.0..Copyright . |
31 39 39 37 7b ff ff ff  2d 32 30 30 37 20 57 61  |1997{...-2007 Wa|
79 6e 65 20 4a 2e 20 52  61 64 62 75 72 6e 2e 20  |yne J. Radburn. |
7c 27 fe ff ff 1f 73 20  72 65 73 65 72 76 65 64  ||'....s reserved|
2e 0d 0a 0d 0a 54 68 65  20 61 75 74 68 6f 72 20  |.....The author |
6c bf e1 10 ce 6b 73 d3  66 30 20 6f 66 20 63 68  |l....ks.f0 of ch|
e3 77 ff ff 61 72 67 65  20 74 6f 20 79 6f 75 20  |.w..arge to you |
6f 6e 20 74 33 66 6f 6c  6c 6f 77 01 7f d7 ed fe  |on t3follow.....|
74 65 72 6d 73 16 6c 79  50 59 21 6d 61 79 20 75  |terms.lyPY!may u|
73 65 fc ff bf fb 20 69  74 20 66 56 6e 6f 6e 2d  |se.... it fVnon-|
63 6f 6d 6d 65 72 63 69  61 6c 20 65 64 75 63 61  |commercial educa|
3a 0c bf 7b 9f 0b 70 75  72 70 6f 73 10 5a 20 ff  |:..{..purpos.Z .|
5f f7 ef 36 0d 0a 61 6c  73 6f 20 63 d3 20 12 64  |_..6..also c. .d|
69 73 74 72 69 62 75 74  f7 66 bb 63 4c 77 69 a6  |istribut.f.cLwi.|
75 74 8f 79 5d ec 5d 90  fe 74 68 69 73 20 73 2c  |ut.y].]..this s,|
80 0d 0a 49 66 a7 e6 de  e1 7f 64 6f 20 6e 6f 74  |...If.....do not|
20 41 63 4f b2 91 aa 58  17 ec 37 2c 0c 6e 20 1f  | AcO...X..7,.n .|
a8 2c 70 37 21 60 ee 2c  20 ab 70 70 51 30 b8 fe  |.,p7!`., .ppQ0..|
71 53 65 6c 1d 55 6e 69  6e dd c3 df 0d 86 6f 08  |qSel.Unin.....o.|
72 65 6d 6f 76 12 08 72  65 67 a5 79 21 59 ac fb  |remov..reg.y!Y..|
20 73 65 74 74 95 73 f4  3d 61 12 82 fd 09 70 72  | sett.s.=a....pr|
6f 76 69 64 ef 6e 86 fd  4f 58 c2 20 22 61 73 20  |ovid.n..OX. "as |
69 73 22 20 ed 81 6f f8  bb 04 72 61 6e 74 79 0d  |is" ..o...ranty.|
0a 8a 61 6e 79 20 6b 72  37 dc 61 b8 2c 20 65 0c  |..any kr7.a., e.|
c8 65 78 70 ce 73 65 64  e1 e9 ff 7f bd 69 6d 70  |.exp.sed.....imp|
6c 69 65 64 2c 20 69 6e  63 6c 75 ac 20 3b 87 77  |lied, inclu. ;.w|
3f 82 06 6c 69 6d 69 74  25 74 6f 0d 0a be 38 37  |?..limit%to...87|
d8 60 2a 20 5d 69 93 5e  3f c2 df 3d a3 68 6c 61  |.`* ]i.^?..=.hla|
62 69 6c 69 74 79 83 66  69 74 6e 65 41 f8 ff b3  |bility.fitneA...|
73 d5 61 20 70 61 72 74  69 63 75 6c 61 72 20 bc  |s.a particular .|
60 78 c2 0c 21 e3 73 68  61 23 77 88 e5 f8 7a 62  |`x..!.sha#w...zb|
65 52 05 a8 ba c3 65 cf  f0 64 69 72 4a 9f 09 63  |eR....e..dirJ..c|
10 1d ae 7f 78 6e 74 61  6c 85 6e 73 65 71 75 af  |....xntal.nsequ.|
27 2c b0 a3 fb f8 0d 0a  73 70 65 31 2c 69 6e 31  |',......spe1,in1|
76 65 b0 fb cf 8d a2 73  c9 7e 64 61 6d 61 67 b6  |ve.....s.~damag.|
64 75 bf c3 f5 d0 87 6f  d3 20 ae 88 66 20 64 61  |du.....o. ..f da|
74 61 bd a3 fb 0e 0f 72  6f ed 72 f2 61 73 6f 6e  |ta.....ro.r.ason|
b1 11 fe df 53 65 76 65  6e 20 69 66 20 61 64 76  |....Seven if adv|
69 35 66 39 7b 43 b0 1d  85 73 69 f4 07 73 75 63  |i5f9{C...si..suc|
68 45 f6 6b f8 98 60 2e  20 49 6e 42 20 39 74 20  |hE.k..`. InB 9t |
dd bd 6f f8 6f 58 63 6c  61 69 6d 2b 20 62 65 0d  |..o.oXclaim+ be.|
0a b3 c2 1f 76 7a fc 24  98 65 78 63 65 65 84 f0  |....vz.$.excee..|
91 0c 2e 82 09 c8 20 66  65 65 43 90 de db 44 69  |...... feeC...Di|
64 29 17 7b 21 90 0c 24  8c 07 7e f3 dd 7f 7a f7  |d).{!..$..~...z.|
55 70 d0 65 73 00 00 5c  73 68 6f 75 6c 64 74 20  |Up.es..\shouldt |
63 8e 8e 08 59 8b 66 0f  c4 6c c3 c5 72 fd 61 74  |c...Y.f..l..r.at|
65 73 74 20 df 22 c7 85  bd e1 df 34 9b 20 6d 79  |est .".....4. my|
20 77 65 62 70 31 20 61  74 3a fe 77 ff 3f f8 68  | webp1 at:.w.?.h|
74 74 70 3a 2f 2f 77 77  77 2e e7 6d 61 2e 63 61  |ttp://www..ma.ca|
2f 7e 77 6a 72 43 f8 06  fe 1b 49 20 68 26 20 70  |/~wjrC....I h& p|
6c 61 6e f8 07 d3 d9 ff  66 65 77 20 6d 6f 72 65  |lan.....few more|
20 75 8d 2c 74 48 1d 77  99 5e 12 dd 44 63 72 6f  | u.,tH.w.^..Dcro|
26 61 fe 67 1d 1d 72 67  ab 72 42 73 6f 6d 65 20  |&a.g..rg.rBsome |
73 75 67 4d 37 3c 19 a9  f3 73 cc 6c 65 61 8a 65  |sugM7<...s.lea.e|
58 17 cc fd 2d 6d 61 69  6c 20 1d 8f 7a 40 88 78  |X...-mail ..z@.x|
10 fb 6f 83 45 6e 6a 6f  79 d7 eb 0e fe 60 31 8f  |..o.Enjoy....`1.|
ce 41 63 6b 6e 6f 77 6a  c7 43 c3 83 67 db 17 4d  |.Acknowj.C..g..M|
8f 74 b8 9b 5c ef 78 6b  73 20 67 0a 6f 20 41 6e  |.t..\.xks g.o An|
2a 2b 52 6f 7e d3 0d a6  62 b5 f9 20 4a 65 b3 79  |*+Ro~...b.. Je.y|
20 47 6f 72 64 97 e9 ff  f8 0e 53 07 53 63 68 72  | Gord.....S.Schr|
65 69 62 46                                       |eibF            |
1604105硄⦌൳訊㭈Ⰶ쭧嵾䘬潰콉ᶽ滿㛋槓睠ⲽ晊汵ᯭ壺ᙇ₋棣汥ꑰ￿轤⃥
1764105久单䱅䍅瑔ﮩ縛楔敭칄瑓浡൰挊荣䳡麻ᵤ敷ݠ밸휺犋᱂ͧﯦ出ѳ特浡睥牯荫쫿ᘒ能瑓畲瑣ή븺䵵땅ꩰ䠠泝㯼輓湲⁤踼൤䜊䅯浳⋧㛡剆у⛇谊䴃䉿杵眠楨
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
ADVAPI32.dllRegCloseKey
COMCTL32.dllMenuHelp
COMDLG32.dllChooseFontA
GDI32.dllBitBlt
SHELL32.dllDragFinish
USER32.dllGetDC

StringTable 040904E4

CompanyNameWayne J. Radburn
FileDescriptionPE/COFF File Viewer
FileVersion0.9.9.0
InternalNamePEview
LegalCopyrightCopyright© 1997-2011 Wayne J. Radburn
OriginalFilenamePEview.exe
ProductNamePEview
ProductVersion0.9.9.0

VS_FIXEDFILEINFO

FileVersion0.9.9.0
ProductVersion0.9.9.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS4
FileType1
FileSubtype0
offsetsizetypecomment
040960EXE05/16/2011 23:18:47#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(64668) > stringtable size(1230). truncated to 1228
[!] cannot convert "\x8A\xD2\xE2\xCF\xDE\x04w\x8A\x82\xD1\x05\xE8\xC5\xD1\x8A\x8A"... to UTF-16
[!] string size(13540) > stringtable size(1092). truncated to 1090
[!] cannot convert "scr@\x06\x9D;\x7F\x7F\x00Object"... to UTF-16
[!] string size(25816) > stringtable size(62). truncated to 60
[!] string size(39614) > stringtable size(136). truncated to 134