| filename | calc.exe | |
|---|---|---|
| size | 641979 (0x9cbbb) | |
| md5 | d64a7e1edb84011d1baf55639d98c249 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xe8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x4a99a | 0x4aa00 | R-X CODE | |
| .data | 0x4c000 | 0x431c | 0x3000 | RW- IDATA | |
| .rsrc | 0x51000 | 0x4ab07 | 0x4ac00 | R-- IDATA | |
| .reloc | 0x9c000 | 0x41f6 | 0x4200 | R-- IDATA DISCARDABLE |
Data Directory
| module_name | hint | ord | function_name |
|---|
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 641979 | EXE | 09/14/2008 07:28:52 | # |
| 15c1 | 15 | HTM | # | |
| 4ec3e | 7465 | PNG | (529 x 476) | # |
| 5096a | 4086 | PNG | (190 x 50) | # |
| 51962 | 4234 | PNG | (385 x 50) | # |
| 529ee | 4625 | PNG | (190 x 139) | # |
| 53c02 | 4873 | PNG | (385 x 139) | # |
| 54f0e | 3048 | PNG | (190 x 50) | # |
| 55af6 | 3052 | PNG | (385 x 50) | # |
| 566e2 | 3217 | PNG | (190 x 139) | # |
| 57376 | 3338 | PNG | (385 x 139) | # |
| 58082 | 4191 | PNG | (116 x 27) | # |
| 590e2 | 4229 | PNG | (116 x 27) | # |
| 5a16a | 4110 | PNG | (116 x 16) | # |
| 5b17a | 4065 | PNG | (116 x 16) | # |
| 5c15e | 3235 | PNG | (16 x 14) | # |
| 5ce02 | 470 | PNG | (16 x 17) | # |
| 5cfda | 587 | PNG | (16 x 16) | # |
| 5d226 | 518 | PNG | (16 x 17) | # |
| 5d42e | 5344 | PNG | (136 x 27) | # |
| 5e90e | 4154 | PNG | (136 x 27) | # |
| 5f94a | 4815 | PNG | (136 x 59) | # |
| 60c1a | 6038 | PNG | (292 x 27) | # |
| 623b2 | 4290 | PNG | (136 x 27) | # |
| 63476 | 4815 | PNG | (136 x 59) | # |
| 64746 | 4550 | PNG | (264 x 27) | # |
| 6590e | 1545 | PNG | (136 x 27) | # |
| 65f1a | 1518 | PNG | (325 x 63) | # |
| 6650a | 853 | PNG | (73 x 93) | # |
| 66862 | 593 | PNG | (190 x 27) | # |
| 66ab6 | 3398 | PNG | (245 x 242) | # |
| 677fe | 3605 | PNG | (245 x 342) | # |
| 68616 | 3508 | PNG | (330 x 242) | # |
| 693ca | 3761 | PNG | (330 x 342) | # |
| 70932 | 60175 | PNG | (256 x 256) | # |
| 8562a | 60175 | PNG | (256 x 256) | # |
Scanning the drive for archives:
1 file, 641979 bytes (627 KiB)
--
Type = PE
ERRORS:
Unexpected end of archive
WARNING = Checksum error
Physical Size = 642048
CPU = x86
Characteristics = Executable 32-bit
Created = 2008-09-14 07:28:52
Headers Size = 1024
Checksum = 690555
Image Size = 659456
Section Alignment = 4096
File Alignment = 512
Code Size = 305664
Initialized Data Size = 340480
Uninitialized Data Size = 0
Linker Version = 9.0
OS Version = 5.1
Image Version = 5.256
Subsystem Version = 5.1
Subsystem = Windows GUI
DLL Characteristics = Relocated NX-Compatible TerminalServerAware
Stack Reserve = 262144
Stack Commit = 8192
Heap Reserve = 1048576
Heap Commit = 4096
Image Base = 16777216
----
Path = .rsrc_1
Size = 306176
Packed Size = 306176
Virtual Size = 306176
Offset = 318976
--
Path = .rsrc_1
Type = lzma86
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
..... 2147484400 .rsrc_1~
------------------- ----- ------------ ------------ ------------------------
2147484400 641979 1 files
Warnings: 1
Errors: 1 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] non-empty last IMAGE_IMPORT_DESCRIPTOR: #<struct PEdump::IMAGE_IMPORT_DESCRIPTOR OriginalFirstThunk=3110273023, TimeDateStamp=305922052, ForwarderChain=0, Name=0, FirstThunk=0, module_name=nil, original_first_thunk=nil, first_thunk=nil>
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xa604ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xa648ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xa68affff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xa6aeffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xaaa4ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xb014ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xb03effff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xb058ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xb24effff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0xffff0004
[?] can't find file_offset of VA 0xb688ffff
[?] can't find file_offset of VA 0xffffffff
[?] can't find file_offset of VA 0x280