12.exe

info
MZ
PE
resources
strings
imports
foremost
7zip
hexdump
disasm
log
discuss
donate

filename	12.exe
size	478206 (0x74bfe)
md5	e26a2e47f9a9851a2e3e774ea50de0f7

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe0

Rich Header

lib id	version	times used
147	30729	21
1	0	176
149	21022	5
131	30729	9
132	30729	45
146	30729	1
148	30729	1
145	30729	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x4f3e6a59
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0xc000
SizeOfInitializedData	0x12000
SizeOfUninitializedData	0x35000
AddressOfEntryPoint	0x41b50
BaseOfCode	0x36000
BaseOfData	0x42000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x54000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0x8500
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX Modified >> *$igBy Ahmed18

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0x35000	0	RWX UDATA
UPX1	0x36000	0xc000	0xbe00	RWX IDATA
.rsrc	0x42000	0x12000	0x11600	RW- IDATA

Data Directory

type	va	size
EXPORT	0x14bb0	0x33
IMPORT	0x5322c	0x288
RESOURCE	0x42000	0x1122c
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
BITMAP	#101	2998
ICON	#1	67624
DIALOG	ASKNEXTVOL	646
DIALOG	GETPASSWORD1	314
DIALOG	LICENSEDLG	236
DIALOG	RENAMEDLG	302
DIALOG	REPLACEFILEDLG	824
DIALOG	STARTDLG	594
STRING	#7	556
STRING	#8	974
STRING	#9	530
STRING	#10	776
STRING	#11	380
STRING	#12	102
GROUP_ICON	#100	20
MANIFEST	#1	1464

id	lang	string
96	1033	12 74 21 57 30 fa 0f 6b 28 31 79 46 46 eb 0c 05 \|.t!W0..k(1yFF...\| 65 46 21 2b 4e 43 5d 32 e1 b3 08 39 ba 97 cf c5 \|eF!+NC]2...9....\| a4 83 0c 54 08 04 08 08 bb 11 75 59 44 2b c2 21 \|...T......uYD+.!\| 03 54 7e 0b ec b6 9a 0e 19 29 51 7c 0e 4b f8 83 \|.T~......)Q\|.K..\| 13 f4 1b 92 4e 8d bc b1 b8 e2 e3 6f 17 5a 77 1a \|....N......o.Zw.\| 89 9a 74 17 d6 6b ff 2c d7 2b c6 f4 2d 55 bc 5b \|..t..k.,.+..-U.[\| 3b 00 81 21 8b 2d 5e af 6f 1b 89 0a 89 10 88 9a \|;..!.-^.o.......\| cb 00 22 c5 d7 b1 ac 21 21 23 f0 1b 11 31 d3 0d \|.."....!!#...1..\| c1 e3 14 39 1f fe 00 78 04 1e 9a e8 42 6a 44 2d \|...9...x....BjD-\| 35 80 c6 d9 c3 8a 57 dd 1c d3 be 6b f6 f9 25 1d \|5.....W....k..%.\| bd 8d 94 87 3d 7e 0e db 80 0d aa 09 0e d5 f4 1b \|....=~..........\| 14 aa b6 61 58 4e 89 1f 43 bb 7c 97 62 18 75 0f \|...aXN..C.\|.b.u.\| 68 98 86 f1 41 f4 5c 15 93 90 8c a8 56 27 d3 3e \|h...A.\.....V'.>\| c3 ea 7e bf db 36 6b 5b 6c f7 f3 72 8b 8e 60 89 \|..~..6k[l..r..`.\| 8e 40 ed 77 ad a0 33 d8 6b db 54 2b fb 28 d8 a8 \|.@.w..3.k.T+.(..\| f0 bd 1b 5f f7 f7 1e 40 ff 67 3c 31 b3 ed 2a 40 \|..._...@.g<1..@\| 03 c8 24 5c a3 5b d7 fd fe 6a 04 5a 52 89 be 54 \|..$\.[...j.ZR..T\| 7e be b0 3f 59 26 03 36 86 d7 e2 7f a2 b4 7e 40 \|~..?Y&.6......~@\| 88 44 06 03 40 4a c1 08 c2 1b 85 05 26 41 be 34 \|.D..@J......&A.4\| 08 7c f4 c4 6f 05 a8 d8 08 0e f3 0f 0c 7c f3 35 \|.\|..o........\|.5\| 28 cb 25 04 26 08 e8 00 a8 10 bc fe 29 11 dc 44 \|(.%.&.......)..D\| 97 1e 88 8e 1f 8d 46 2a 55 97 86 b2 f3 80 a5 0e \|......FU.......\| 7d fc 97 80 1a 2c ec f8 e0 b3 03 cb 29 a2 29 e2 \|}....,......).).\| 88 08 40 82 e5 66 bc 19 1e 04 7e dc 29 5c 30 29 \|..@..f....~.)\0)\| 58 e8 e6 0c be 31 07 89 5d 10 da 85 c3 c7 20 d4 \|X....1..]..... .\| 44 8d 8c 96 0d 7a 7f 67 aa ab 39 49 26 91 b2 8b \|D....z.g..9I&...\| 17 50 53 57 89 11 27 0b 27 01 cf 0c c1 86 89 49 \|.PSW..'.'......I\| 38 78 e1 0b 89 18 05 eb 0f 52 cc 25 e0 59 41 ee \|8x.......R.%.YA.\| e7 e2 44 83 53 55 f5 05 de 3f 31 8b 86 50 06 99 \|..D.SU...?1..P..\| 65 84 30 6c 09 6c ec 36 10 77 6e 0a 5f 8d 79 71 \|e.0l.l.6.wn._.yq\| 49 b7 a3 6d 10 e1 09 19 26 94 32 1a 2f 94 6f b7 \|I..m....&.2./.o.\| 07 5f 01 0b 8c 31 6b 08 f8 05 03 d3 70 b7 01 6e \|._...1k.....p..n\| 8c 51 f8 7e 96 64 42 c1 fa 1a e7 36 54 b4 98 20 \|.Q.~.dB....6T.. \| 70 96 6d 41 08 a8 15 da fd c0 8d 96 70 4a 19 6a \|p.mA........pJ.j\| 08 20 03 bd 61 63 8b ff 42 9a 02 b2 \|. ..ac..B... \|
112	1033	f5 8d 0c 4e 57 68 82 a8 5a 39 46 78 7e 5d e8 37 \|...NWh..Z9Fx~].7\| f0 8a 47 01 ec 92 c2 02 d0 88 57 d3 a6 7c 8b 5d \|..G.......W..\|.]\| 68 c8 34 0f 01 89 80 4a 08 02 1a db 12 54 73 20 \|h.4....J.....Ts \| 61 07 d9 df a5 80 85 f1 80 4a ff 86 72 c6 0e 41 \|a........J..r..A\| 6d bc 86 69 7b 5c 70 86 7a 5d c8 28 25 c7 3f d6 \|m..i{\p.z].(%.?.\| 10 15 72 7f 1a 8a 8e 6c 2c d2 9b db 4c 75 78 28 \|..r....l,...Lux(\| 0c 5c 58 42 22 54 ae dc e0 70 05 01 02 07 88 8c \|.\XB"T...p......\| 0d 45 34 d8 6b 80 93 5d 00 9c 9b 83 26 9b 39 70 \|.E4.k..]....&.9p\| 81 6c e1 c7 f8 6e 93 81 c1 28 51 93 c3 8d 81 78 \|.l...n...(Q....x\| ca 05 82 bb bb 95 3c 91 7c 07 8d 91 74 05 5b 9d \|......<.\|...t.[.\| 18 e1 f6 32 89 30 18 70 ca 88 0a ef 4f 20 7a 55 \|...2.0.p....O zU\| 59 fa b1 8c a2 5f a8 78 18 64 0c ba ff fe 3f c3 \|Y...._.x.d....?.\| f6 e3 2d 89 c2 0f 83 81 3b f2 07 a8 bc 78 e3 14 \|..-.....;....x..\| f5 91 34 cc 56 e8 03 d6 03 a0 fa b1 d6 c3 3c 31 \|..4.V.........<1\| 5e 3b fe 72 3c 56 62 e9 df ca e9 03 8a 18 88 1a \|^;.r.+....q.\| c3 d3 e8 d3 96 44 e0 37 32 50 14 61 84 02 0b 88 \|.....D.72P.a....\| 2a 80 5b e7 06 ab 4f 0f cc 8a ef 53 47 3b fb 72 \|*.[...O....SG;.r\| a9 17 2f b7 a1 d3 a6 1b e9 4e 02 fd d3 ea f9 a2 \|../......N......\| 22 28 35 b4 85 d2 a0 5e 3e 5b 40 75 b4 c3 d8 80 \|"(5....^>[@u....\| f9 14 dc f1 ff 8d fe d5 75 0f 66 d1 20 b2 03 d2 \|........u.f. ...\| e2 fe c1 88 ee 50 03 c3 86 3f 49 11 6d 8d 7d f8 \|.....P...?I.m.}.\| a5 66 a5 a8 c0 bb f0 4c 76 08 32 8d 75 11 00 8b \|.f.....Lv.2.u...\| ea 40 2d bf a7 12 e2 b0 b5 6e 81 3e d8 ee 28 c7 \|.@-......n.>..(.\| e2 7f df 92 ec 9f 8b e3 46 34 b1 01 f1 01 b0 0e \|........F4......\| cc 01 41 88 c8 42 e9 06 dd 28 15 e2 10 ee f5 09 \|..A..B...(......\| b4 2d 68 d0 3e b2 9f 5f 82 06 50 6e 17 a3 ef 91 \|.-h.>.._..Pn....\| 8a d3 8c aa 1b f0 0b c8 4f 0b 75 ea 82 83 \|........O.u... \|
128	1033	3a 81 4a 1d 3b 81 c9 be 28 5e d5 53 d8 57 95 1c \|:.J.;...(^.S.W..\| 54 26 11 e5 64 05 1d 3c 68 a4 22 a9 26 ad 10 71 \|T&..d..........\| 78 87 ed 0f 34 6e 90 03 fb 2e 58 7d 2a 8b 78 42 \|x...4n....X}.xB\| 82 b2 6c 6f 4b 89 5f 04 08 04 08 83 e6 7e 2b 1e \|..loK._......~+.\| 40 02 66 01 42 27 03 bf f6 4b 45 e1 fe a6 99 74 \|@.f.B'...KE....t\| c4 8b 52 04 4b 5a 83 bb 3a 75 e6 62 f1 3b 8d 2e \|..R.KZ..:u.b.;..\| 91 b0 45 df d6 68 3d 3a 3c 00 c6 50 30 f1 4f 77 \|..E..h=:<..P0.Ow\| 91 46 02 3d 55 7e 28 8d 90 7f 66 97 b6 d8 58 81 \|.F.=U~(...f...X.\| 07 71 fa c2 80 fd 8b b9 a2 57 e0 89 4c ca 3e 2b \|.q.......W..L.>+\| 07 8b 25 0c 34 a5 a2 be e9 fd 44 59 2e b4 01 29 \|..%.4.....DY...)\| 02 54 39 d0 5f 34 2e dc 59 39 03 4f b9 2b d3 28 \|.T9._4..Y9.O.+.(\| 15 94 12 b7 c2 87 91 23 8b 1a 24 e1 89 02 3b 9e \|.......#..$...;.\| 2d c1 c8 b9 10 5e 30 da 8b f2 44 45 c2 ed dc 85 \|-....^0...DE....\| 70 6a a3 7c a0 27 0e 50 d6 00 6b 75 1f 96 78 f8 \|pj.\|.'.P..ku..x.\| 1a 26 0d ff 8f f0 10 be 15 b8 9b f0 3e c4 44 11 \|.&..........>.D.\| eb 32 ad 01 07 8b b3 53 be 21 74 25 4b c4 b6 0d \|.2.....S.!t%K...\| 5b f2 53 15 8e 2a a1 13 44 a1 46 d1 57 51 d2 6b \|[.S....D.F.WQ.k\| 14 8b 11 9e 9f c3 5b c6 fe 3a 03 bf f8 36 91 37 \|......[..:...6.7\| 04 a5 96 b3 8b 0a 21 b5 78 eb 45 be e2 8f 7e 10 \|......!.x.E...~.\| 2b c9 d1 ed 17 4b 25 8e bc 29 01 70 eb c9 b6 4d \|+....K%..).p...M\| e8 d1 ec c5 30 f3 d7 b1 89 66 f1 83 33 02 81 eb \|....0....f..3...\| 34 7d a0 c0 47 31 1b 1e d0 89 fb e9 8e c5 71 ff \|4}..G1........q.\| 76 16 6a 0e 2b d0 56 18 f6 84 6f 37 8e f1 50 8a \|v.j.+.V...o7..P.\| 8d 21 02 3b 3a 66 dc 68 2d 4d c7 15 02 c3 41 62 \|.!.;:f.h-M....Ab\| f6 6b 3b 0b 74 07 1a 60 c3 6a 32 86 59 01 bd 2a \|.k;.t..`.j2.Y..\| ef 6c 00 ce e2 dd 3e 29 59 3e 2a 3b d8 c0 2e e8 \|.l....>)Y>;....\| 43 f1 0c 72 f1 ed 4c 74 1b b6 98 d5 f4 23 7d 56 \|C..r..Lt.....#}V\| 95 bb 9f 30 68 86 41 0e 7f 21 25 c4 89 12 40 29 \|...0h.A..!%...@)\| 41 cc 05 30 b1 75 8c cf 60 f2 42 76 e5 4b d0 37 \|A..0.u..`.Bv.K.7\| 6f 57 \|oW \|
144	1033	41 1e 14 8d 88 ee 38 35 79 ae be 89 41 02 e7 f6 \|A.....85y...A...\| 46 36 ed 0c 88 34 05 44 06 c1 a4 9a 91 4c 48 c3 \|F6...4.D.....LH.\| fb 19 99 88 57 fc 88 6a 83 e2 3d e4 6c 06 8d 9e \|....W..j..=.l...\| 37 b0 42 5f 6c f0 e8 b1 23 60 18 f8 f0 66 37 bc \|7.B_l...#`...f7.\| a3 75 58 83 c9 ff 7d 8e 68 06 1f 6b 10 6b e1 8e \|.uX...}.h..k.k..\| 4c 58 49 25 62 ef 7b ed 60 b0 2f 0f 5c 22 15 b1 \|LXI%b.{.`./.\"..\| f5 3e db a3 38 08 b9 01 01 0d 7d bf bf 02 86 f7 \|.>..8.....}.....\| c6 57 40 0d 3d 24 89 41 8b 6c 4b 93 04 20 04 3c \|.W@.=$.A.lK.. .<\| 50 65 a8 73 2c dc c5 f0 88 8e ac 40 d3 5b ee 96 \|Pe.s,......@.[..\| 24 2e 88 d6 0b b7 4f d6 9e c6 44 02 5a 0d 83 64 \|$.....O...D.Z..d\| 02 02 8a c0 06 9b 21 e0 d3 41 3d 06 7c cd 95 de \|......!..A=.\|...\| 70 fd 86 72 74 3e 89 d3 be f0 83 c3 02 b9 38 96 \|p..rt>........8.\| ab 23 0e 09 04 f4 1b 0f 6c 04 4d e8 ec 08 79 11 \|.#......l.M...y.\| ba 40 4d 35 4e 83 0d 33 83 b6 55 5b 2a df eb ec \|.@M5N..3..U[...\| b3 86 e4 0b d8 6d 50 f4 f4 02 41 7f 48 37 7c c9 \|.....mP...A.H7\|.\| 70 41 f5 a5 d8 01 7d f0 39 85 a0 44 b7 22 63 4e \|pA....}.9..D."cN\| 03 22 5a bc 04 55 ca 34 5e c6 41 46 c1 4d 51 df \|."Z..U.4^.AF.MQ.\| 2f 41 fd c6 01 e4 4e 75 ef 3d 22 bd 15 69 19 7c \|/A....Nu.="..i.\|\| e0 41 a4 1b 40 8c 45 ef 43 92 6c b4 fe 70 78 91 \|.A..@.E.C.l..px.\| 2d d7 f3 1a 6a 09 e1 b6 b7 64 2e 85 6e 08 58 6c \|-...j....d..n.Xl\| 8d 06 6d d9 76 47 68 02 93 68 f5 10 6a 06 20 77 \|..m.vGh..h..j. w\| d0 c1 9f c4 44 c0 88 84 06 6c 80 40 0b 40 a9 56 \|....D....l.@.@.V\| 3a 7e b8 fb 83 8d 5e 50 05 f6 4f 53 d4 6d ab 58 \|:~....^P..OS.m.X\| 18 9e 43 13 42 40 19 a1 c4 16 16 ed 00 e3 09 93 \|..C.B@..........\| 6c 4f 37 4f c0 08 12 ac 5f 03 1e d1 6d 6f 42 8c \|lO7O...._...moB.\| 07 6e ab 16 68 c1 11 7d 12 03 0f 48 8d c3 11 22 \|.n..h..}...H..."\| 08 8b 80 99 37 17 3a c6 a5 eb 97 70 fa b8 ef 20 \|....7.:....p... \| cb 3b 43 f2 d6 ed b7 04 e6 8b 4b 04 80 41 f3 8d \|.;C.......K..A..\| 4b df 83 01 04 e1 f8 03 d4 11 cb b7 d2 2b d6 e3 \|K............+..\| 7a 5c 68 11 cc 25 39 96 13 01 b5 15 8a c2 0d ec \|z\h..%9.........\| a5 81 f6 d6 34 03 06 d1 fa 88 07 5d d2 9b 61 6b \|....4......]..ak\| 77 2f 50 07 29 27 2d ec bb 22 f0 7e fb b2 42 b7 \|w/P.)'-..".~..B.\| 1d 01 11 8a 09 3a 50 fb 76 35 bd d1 5e 8a 06 7d \|.....:P.v5..^..}\| e0 a5 eb ed 8d 72 fa 21 de b5 6f fd a5 83 ea 06 \|.....r.!..o.....\| 0a 2d 3b 53 04 74 f2 7f 09 80 6d e0 3e f0 87 3a \|.-;S.t....m.>..:\| 56 fb 8b d6 77 1f 68 6e 83 dd c5 e0 22 1f ae a0 \|V...w.hn...."...\| 40 36 55 43 01 26 72 ac e8 06 2b f0 ae ed 0a 74 \|@6UC.&r...+....t\| f5 2d d2 f8 66 29 13 83 a7 c6 c2 1b 55 0b fa 01 \|.-..f)......U...\| 75 9b 73 7d ff 3d b1 b5 80 62 f0 06 55 4a 8a da \|u.s}.=...b..UJ..\| d0 eb 2a 62 fb 8d e0 d3 d1 f8 fe 88 55 f1 7f ea \|..b........U...\| 32 e8 a6 b7 d6 35 59 a5 40 13 9a 84 10 b5 2a 87 \|2....5Y.@......\| cb cd 4b bb 82 44 4b 38 89 3e 89 8a 23 35 b7 db \|..K..DK8.>..#5..\| 68 7a 6a f9 44 eb 3e 63 ae 6e d8 61 a2 ca 9c a3 \|hzj.D.>c.n.a....\| 4d e8 4f 41 d1 f9 0a 6d 15 e1 3c ce 16 dc e0 24 \|M.OA...m..<....$\| b5 26 de ff 73 de e9 ac 5e 13 ae d4 76 08 02 f5 \|.&..s...^...v...\| 81 47 80 06 24 2a bb 08 31 d2 59 2f fe 13 83 22 \|.G..$..1.Y/..."\| 8b 0b b1 89 ed f2 b4 70 8a bd f8 a8 75 41 d1 eb \|.......p....uA..\| e8 12 83 79 68 85 0b b2 15 ab 8d f9 74 61 6d 82 \|...yh.......tam.\| 49 d8 6d 29 dc 22 04 6f \|I.m).".o \|
160	1033	01 78 8b 93 3f b6 d1 f0 a5 74 8a 12 eb 03 6f 38 \|.x..?....t....o8\| e0 f9 08 40 df 16 82 5a 39 4b 75 0d 89 07 96 0a \|...@...Z9Ku.....\| c1 af 4b 49 75 ce 8b af 8d 91 88 70 f4 50 0a 7a \|..KIu......p.P.z\| b6 85 6d e1 8a 16 46 23 fa c7 31 0f f8 4d fe 5c \|..m...F#..1..M.\\| 17 74 5f 4e 3b 8b dc fe 77 75 69 53 1d 34 1b c9 \|.t_N;...wuiS.4..\| 51 02 40 51 ed f6 b4 a9 4b 8d 48 07 51 8d 34 e6 \|Q.@Q....K.H.Q.4.\| 77 0b e1 a8 6a b0 26 05 58 87 25 e8 a0 44 10 89 \|w...j.&.X.%..D..\| 03 0b 5b 71 01 6e ad 34 12 1e f6 fe c6 8a ef 8a \|..[q.n.4........\| 8d a0 41 58 f9 a4 83 ef 04 ff 85 60 81 d7 37 53 \|..AX.......`..7S\| 66 df c8 d4 ab a0 f5 b0 9f 88 75 e1 df f4 a7 c1 \|f.........u.....\| 6c 25 cb 20 14 b3 54 d4 3e 0b bc e0 4d e0 22 04 \|l%. ..T.>...M.".\| cf c2 37 54 f6 3c 1f 73 5f 2e 44 78 b5 2a 5b 07 \|..7T.<.s_.Dx.*[.\| 85 52 b3 3f 4b d9 16 00 ba ae 38 0e dc c6 a9 0e \|.R.?K.....8.....\| 78 8b ba 71 8a 46 5e 46 fb b6 46 fa 50 2b cc 68 \|x..q.F^F..F.P+.h\| 35 05 0c d9 e4 17 5b db e8 9d 49 3c 73 73 1c 28 \|5.....[...I
176	1033	e1 58 e2 8b 12 85 c5 2b 6c fe 69 e3 57 58 e2 f4 \|.X.....+l.i.WX..\| 4f 42 47 89 b4 89 10 9b bd 37 5a 0f b1 f0 75 1a \|OBG......7Z...u.\| 5c 37 5f ba 0a 9a 15 d6 69 f0 8a 9a 5c 8e 88 24 \|\7_.....i...\..$\| 26 74 6d d0 16 a5 be 1c d1 6d 76 1a 75 18 6c 0e \|&tm......mv.u.l.\| 8b b7 72 69 55 b8 e8 20 9f 0a 4e 76 7d 54 78 af \|..riU.. ..Nv}Tx.\| f6 b6 11 22 3b c2 01 6c 1d ed 10 1b d2 41 42 d8 \|...";..l.....AB.\| f4 af 5d ca bd 18 \|..]... \|

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		VirtualProtect
KERNEL32.DLL		VirtualAlloc
KERNEL32.DLL		VirtualFree
KERNEL32.DLL		ExitProcess
ADVAPI32.dll		RegCloseKey
COMCTL32.dll		InitCommonControlsEx
COMDLG32.dll		GetOpenFileNameW
GDI32.dll		DeleteDC
ole32.dll		OleInitialize
OLEAUT32.dll	8
SHELL32.dll		SHGetMalloc
SHLWAPI.dll		SHAutoComplete
USER32.dll		GetDC

show previews

offset	size	type	comment
0	120832	EXE	02/17/2012 14:55:21	#
15c1	15	HTM		#
1f586	51207	RAR	Password Protected:Encrypted Headers!	#
2bd8d	298609	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 478206 bytes (467 KiB)


--
Type = Rar
Offset = 128390
Physical Size = 349816
Solid = -
Blocks = 3
Multivolume = -
Volumes = 1

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2016-12-25 08:41:44 ....A        64512        35598  mHNXiZ.exe
2016-12-25 08:41:44 ....A       311367       311367  x
2016-12-25 08:41:44 ....A       284982          951  kson.bmp
------------------- ----- ------------ ------------  ------------------------
2016-12-25 08:41:44             660861       347916  3 files

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x2c42c

[!] string size(59428) > stringtable size(556). truncated to 554

[!] cannot convert "!W0\xFA\x0Fk(1yFF\xEB\f\x05eF"... to UTF-16

[!] string size(72682) > stringtable size(974). truncated to 972

[!] cannot convert "\fNWh\x82\xA8Z9Fx~]\xE87\xF0\x8A"... to UTF-16

[!] string size(66164) > stringtable size(530). truncated to 528

[!] cannot convert "J\x1D;\x81\xC9\xBE(^\xD5S\xD8W\x95\x1CT&"... to UTF-16

[!] string size(15490) > stringtable size(776). truncated to 774

[!] cannot convert "\x14\x8D\x88\xEE85y\xAE\xBE\x89A\x02\xE7\xF6F6"... to UTF-16

[!] string size(61442) > stringtable size(380). truncated to 378

[!] cannot convert "\x8B\x93?\xB6\xD1\xF0\xA5t\x8A\x12\xEB\x03o8\xE0\xF9"... to UTF-16

[!] string size(45506) > stringtable size(102). truncated to 100

[!] cannot convert "\xE2\x8B\x12\x85\xC5+l\xFEi\xE3WX\xE2\xF4OB"... to UTF-16

[?] can't find file_offset of VA 0x14bb0