| filename | hp (1).gf | |
|---|---|---|
| size | 1155336 (0x11a108) | |
| md5 | e3cce010a6dd36ea82db065ee92f2c2e | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x10b9d0 | 0x10ba00 | R-X CODE | |
| .rdata | 0x10d000 | 0x98b2 | 0x9a00 | R-- IDATA | |
| .data | 0x117000 | 0x1d70 | 0x1e00 | RW- IDATA | |
| .rsrc | 0x119000 | 0xeec48 | 0x1e00 | R-- IDATA |
Data Directory
| type | name | size | cp | |
|---|---|---|---|---|
| ICON | #1 | 296 | 0 | |
| ICON | #2 | 1384 | 0 | |
| ICON | #3 | 744 | 0 | |
| ICON | #4 | 2216 | 0 | |
| RCDATA | #1 | 1050 | 0 | |
| GROUP_ICON | #101 | 62 | 0 | |
| VERSION | #1 | 1032 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.dll | 753 | LoadLibraryA | |
| KERNEL32.dll | 502 | GetModuleHandleA | |
| KERNEL32.dll | 81 | CompareFileTime | |
| KERNEL32.dll | 128 | CreateHardLinkA | |
| KERNEL32.dll | 321 | FlushFileBuffers | |
| KERNEL32.dll | 544 | GetProcAddress | |
| KERNEL32.dll | 649 | GlobalFindAtomW | |
| KERNEL32.dll | 756 | LoadLibraryW | |
| KERNEL32.dll | 845 | QueryDosDeviceA | |
| KERNEL32.dll | 924 | SetCommBreak | |
| KERNEL32.dll | 1020 | SetStdHandle | |
| KERNEL32.dll | 454 | GetExitCodeThread | |
| KERNEL32.dll | 1108 | VirtualAlloc | |
| USER32.dll | 469 | LoadCursorW | |
| USER32.dll | 47 | CharNextW | |
| ADVAPI32.dll | 601 | RegOpenKeyA | |
| SHELL32.dll | 188 | SHGetFolderPathA | |
| SHELL32.dll | 6 | CheckEscapesW | |
| SHELL32.dll | 25 | DoEnvironmentSubstA | |
| SHELL32.dll | 291 | Shell_NotifyIconW | |
| SHELL32.dll | 289 | Shell_NotifyIcon | |
| SHELL32.dll | 276 | ShellExecuteA | |
| SHELL32.dll | 217 | SHGetSpecialFolderPathA | |
| SHELL32.dll | 207 | SHGetPathFromIDListA | |
| SHELL32.dll | 197 | SHGetInstanceExplorer | |
| SHELL32.dll | 175 | SHFreeNameMappings | |
| SHELL32.dll | 42 | ExtractIconExA | |
| SHELL32.dll | 32 | DragQueryFileW | |
| SHELL32.dll | 31 | DragQueryFileAorW | |
| SHELL32.dll | 30 | DragQueryFileA |
StringTable 04090000
| Comments | Tool used internally by Total Commander, do not start directly! |
| CompanyName | Ghisler Software GmbH |
| FileDescription | Total Commander 32bit->64bit helper tool |
| FileVersion | 1, 0, 0, 7 |
| InternalName | Totalcmd-X64 |
| LegalCopyright | Copyright © 2008-2016 Christian Ghisler |
| OriginalFilename | tcmdx64.exe |
| ProductName | Ghisler Software GmbH Totalcmd-X64 |
| ProductVersion | 1, 0, 0, 7 |
VS_FIXEDFILEINFO
| FileVersion | 1.0.0.7 |
| ProductVersion | 1.0.0.7 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=KXIDPVBY
serial: 50422C8A091132B34BDF608B7866B4CD
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:42:2c:8a:09:11:32:b3:4b:df:60:8b:78:66:b4:cd
Signature Algorithm: sha1WithRSA
Issuer: CN=KXIDPVBY
Validity
Not Before: Mar 27 12:28:55 2019 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=KXIDPVBY
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b6:14:99:81:c5:ae:41:29:0c:83:9d:d4:6b:70:
4a:e9:a3:26:31:2d:12:17:81:1f:1f:36:c8:01:db:
a6:e2:35:1c:02:30:a3:01:dc:a3:2b:a8:9d:1f:57:
72:cd:4d:72:9d:df:62:73:80:6c:ed:32:0e:d9:04:
28:b9:d6:b8:f4:82:13:2e:a5:77:b7:b2:bd:64:b8:
0f:48:2c:db:de:35:df:db:23:0a:67:06:ee:d7:06:
7e:65:f7:cd:78:2e:4e:d0:b5:35:fa:67:da:81:f5:
ee:2a:07:65:a0:b4:bd:37:17:56:16:94:5b:87:a6:
59:9c:af:f7:5a:6a:5e:61:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
Code Signing
2.5.29.1:
0;../-2J.FI..r<.......0.1.0...U....KXIDPVBY..PB,...2.K.`.xf..
Signature Algorithm: sha1WithRSA
Signature Value:
0b:35:89:80:2f:af:dc:77:33:e6:6d:e7:01:e6:75:b8:8d:3b:
ec:8f:94:1f:81:58:e9:df:34:77:55:04:19:26:e4:2c:0c:02:
d7:c5:e7:5a:c9:62:44:0d:fc:10:ac:70:0a:93:6c:b8:f8:05:
09:06:94:14:70:b6:22:5f:94:6b:b2:91:4d:92:e1:56:77:cf:
d9:53:ce:ca:03:4f:57:df:57:fd:7b:d5:f4:97:ab:db:aa:14:
ee:40:3b:48:2f:d2:34:23:18:47:bf:15:7f:c8:95:14:0f:88:
f8:ed:1d:74:1b:da:e2:2e:ae:de:d1:be:81:cc:6a:22:af:b8:
4e:9b
pkcs7-signedData
- 1
- SHA256: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA256
0f 86 21 60 6d e4 4a 61 ad eb ad 9c 1e 40 05 0c |..!`m.Ja.....@..| 3a 9f 9e 74 43 37 66 a5 bc 79 fb 70 1f 2f c8 b8 |:..tC7f..y.p./..|
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 50:42:2C:8A:09:11:32:B3:4B:DF:60:8B:78:66:B4:CD
- RSA-SHA1-2: nil
- CN: KXIDPVBY
- 2019-03-27 12:28:55 UTC: 2039-12-31 23:59:59 UTC
- CN: KXIDPVBY
- #5
- rsaEncryption: nil
- B6:14:99:81:C5:AE:41:29:0C:83:9D:D4:6B:70:4A:E9:
A3:26:31:2D:12:17:81:1F:1F:36:C8:01:DB:A6:E2:35:
1C:02:30:A3:01:DC:A3:2B:A8:9D:1F:57:72:CD:4D:72:
9D:DF:62:73:80:6C:ED:32:0E:D9:04:28:B9:D6:B8:F4:
82:13:2E:A5:77:B7:B2:BD:64:B8:0F:48:2C:DB:DE:35:
DF:DB:23:0A:67:06:EE:D7:06:7E:65:F7:CD:78:2E:4E:
D0:B5:35:FA:67:DA:81:F5:EE:2A:07:65:A0:B4:BD:37:
17:56:16:94:5B:87:A6:59:9C:AF:F7:5A:6A:5E:61:5D: 0x010001
- #6
- extendedKeyUsage: codeSigning
- 2.5.29.1
2f 2d 32 4a a3 46 49 16 07 72 3c db 9e 90 e1 0c |/-2J.FI..r<.....|
- CN: KXIDPVBY
50 42 2c 8a 09 11 32 b3 4b df 60 8b 78 66 b4 cd |PB,...2.K.`.xf..|
- RSA-SHA1-2:
0b 35 89 80 2f af dc 77 33 e6 6d e7 01 e6 75 b8 |.5../..w3.m...u.| 8d 3b ec 8f 94 1f 81 58 e9 df 34 77 55 04 19 26 |.;.....X..4wU..&| e4 2c 0c 02 d7 c5 e7 5a c9 62 44 0d fc 10 ac 70 |.,.....Z.bD....p| 0a 93 6c b8 f8 05 09 06 94 14 70 b6 22 5f 94 6b |..l.......p."_.k| b2 91 4d 92 e1 56 77 cf d9 53 ce ca 03 4f 57 df |..M..Vw..S...OW.| 57 fd 7b d5 f4 97 ab db aa 14 ee 40 3b 48 2f d2 |W.{........@;H/.| 34 23 18 47 bf 15 7f c8 95 14 0f 88 f8 ed 1d 74 |4#.G...........t| 1b da e2 2e ae de d1 be 81 cc 6a 22 af b8 4e 9b |..........j"..N.|
- 2
- 1
- #0
- CN: KXIDPVBY
- 50:42:2C:8A:09:11:32:B3:4B:DF:60:8B:78:66:B4:CD
- SHA256: nil
- #2
- contentType: pkcs7-data
- 1.3.6.1.4.1.311.2.1.12
- :
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- signingTime: 1899-12-30 00:00:00 UTC
- messageDigest:
9a 3d c0 c4 dd 5b 66 c4 4b 3c 20 10 f3 a7 80 46 |.=...[f.K< ....F| 0f be ec 43 e0 20 5b b4 05 25 4a ef d8 ad cd 7a |...C. [..%J....z|
- id-smime-aa-signingCertificate
21 3c 40 e1 46 24 ab 7f 84 b0 14 51 8c 2a 45 3f |!<@.F$.....Q.*E?| 31 74 a6 27 |1t.' |
- #0
- CN: KXIDPVBY
- 50:42:2C:8A:09:11:32:B3:4B:DF:60:8B:78:66:B4:CD
- #0
- RSA-SHA256:
42 c5 8f 90 c5 49 81 c4 d9 93 bb 92 22 1a b2 01 |B....I......"...| e2 ee e7 18 d6 07 fe 0a 02 1d 82 c8 db 2e 9c 6e |...............n| 61 39 63 7f d8 b7 32 e5 7f c0 3e 82 69 a1 b6 15 |a9c...2...>.i...| bc 62 9d f8 36 f4 f6 fc 49 96 9d 2a be bd 5b 23 |.b..6...I..*..[#| af 6d f0 fc 43 c0 64 57 f4 dc b4 de 27 7b 88 42 |.m..C.dW....'{.B| cc 1e aa 36 bf f7 02 03 df 8d 51 5b ac 11 73 eb |...6......Q[..s.| ec 4d ca 4f 44 74 09 d0 39 ea 35 6b 27 3f 8f 07 |.M.ODt..9.5k'?..| ac 0f 71 a2 83 f5 09 b2 7b 33 89 96 b1 f8 ba 30 |..q.....{3.....0| - 1.3.6.1.4.1.311.3.3.1
- pkcs7-signedData
- 3
- SHA256: nil
- id-smime-ct-TSTInfo
- 1
- 1.3.6.1.4.1.6449.2.1.1
- SHA256:
ed e0 04 0e 9b 05 9e ef 47 41 58 bb 78 4a 9b e1 |........GAX.xJ..| b4 13 22 ce 7b 2e d3 04 46 44 94 08 7b 36 7f d8 |..".{...FD..{6..| - 2E:8F:CB:46:91:CC:64:4E:55:B1:A9:34:23:7F:0C:8D:
8C:9E:BB:33 - 2019-03-28 12:38:45 UTC
- 6B:E9:EE:43:8E:32:9A:31
- #5
- C: GB
- ST: Greater Manchester
- L: Salford
- O: COMODO CA Limited
- CN: COMODO SHA-256 Time Stamping Signer
- 1
- Certificate #2
- 2
- 4E:B0:87:8F:CC:24:35:36:B2:D8:C9:F7:BF:39:55:77
- RSA-SHA256: nil
- Issuer
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 2015-12-31 00:00:00 UTC: 2019-07-09 18:40:36 UTC
- Subject
- C: GB
- ST: Greater Manchester
- L: Salford
- O: COMODO CA Limited
- CN: COMODO SHA-256 Time Stamping Signer
- #5
- rsaEncryption: nil
- CE:BC:74:B7:70:80:4F:5E:F3:3F:98:AA:2E:CB:D4:12:
01:23:35:69:0B:22:BC:E6:FD:09:6C:28:E4:13:12:AC:
BB:BA:2D:E5:D5:DD:22:EE:73:B6:2C:F8:D2:A4:71:E7:
49:25:78:AB:25:B7:90:10:A0:9B:8B:77:26:DD:40:EA:
41:A3:FD:88:CD:72:A6:89:3B:50:57:1C:7A:25:24:22:
02:51:40:35:67:8A:31:69:0D:E5:39:73:49:39:9B:95:
01:85:52:F2:2B:14:89:9A:4E:04:A4:BC:40:AE:39:A6:
DD:40:02:E0:3A:75:FE:3D:7D:55:94:5B:F1:4E:24:7C:
C8:B8:58:19:CA:C0:DA:BE:58:13:9A:E6:1C:E7:D1:C1:
3B:F0:5D:8F:49:08:21:9E:D0:F3:BE:D6:D4:66:4F:5C:
72:36:7B:C3:82:D3:98:08:94:AF:AB:44:4F:18:C7:14:
DA:16:B1:1E:32:0E:12:38:C0:B5:3C:76:EC:75:50:00:
20:04:11:19:ED:C6:FF:DF:4E:FE:08:81:27:31:4F:71:
74:6E:03:0C:70:27:81:55:6A:9A:43:92:A4:7F:DB:FD:
3F:C5:17:1E:41:BB:CE:E8:A7:7F:8C:95:F9:FD:7F:F8:
61:88:89:00:3E:FF:0B:01:DB:FD:D5:B5:A4:E4:91:11: 0x010001
- #6
- authorityKeyIdentifier:
da ed 64 74 14 9c 14 3c ab dd 99 a9 bd 5b 28 4d |..dt...<.....[(M| 8b 3c c9 d8 |.<.. |
- subjectKeyIdentifier:
7d bf 91 d7 a7 6c 5a 47 66 44 7b 90 d4 8e 90 72 |}....lZGfD{....r| 41 8f 17 c2 |A... | - keyUsage: true, 0xc0
- basicConstraints
- true
- nil
- extendedKeyUsage: true, timeStamping
- crlDistributionPoints: http://crl.usertrust.com/UTN-USERFirst-Object.crl
- authorityInfoAccess
- OCSP: http://ocsp.usertrust.com
- authorityKeyIdentifier:
- RSA-SHA256:
50 b0 f5 df 5f ad 33 dc c3 53 58 58 bc c2 13 75 |P..._.3..SXX...u| 7b 20 1d 54 ca ba 3f 50 3f ba 8a f4 6b 09 63 c0 |{ .T..?P?...k.c.| 5b 5d 8b d6 75 1a 73 bd 8b ff 47 f1 15 dc 51 16 |[]..u.s...G...Q.| 23 19 32 e6 6e 92 4d d1 c6 2e 5a 1e 88 42 14 c9 |#.2.n.M...Z..B..| 72 e5 d7 08 50 8a 6a f5 64 40 56 ae 24 e3 61 97 |r...P.j.d@V.$.a.| 15 42 f0 2c 48 ae 83 e6 35 3c 8b 5b c2 8f ae 8e |.B.,H...5<.[....| cc 34 52 34 e0 fb fe ca fd b1 24 68 d1 a4 11 23 |.4R4......$h...#| 10 06 fd b2 c2 24 27 c7 d7 e9 4a 1c 8f 3f 3e cf |.....$'...J..?>.| ed eb 75 79 6c 8e 5f f7 21 b6 50 e6 25 a1 cd 66 |..uyl._.!.P.%..f| 94 12 6c bf db b3 ae 87 d8 68 03 72 20 02 c2 7e |..l......h.r ..~| da 94 f3 72 07 3c 57 e8 55 24 e7 05 a0 1d c4 81 |...r.
- 2
- 1
- unnamed
- #0
- C: US
- ST: UT
- L: Salt Lake City
- O: The USERTRUST Network
- OU: http://www.usertrust.com
- CN: UTN-USERFirst-Object
- 4E:B0:87:8F:CC:24:35:36:B2:D8:C9:F7:BF:39:55:77
- #0
- SHA256: nil
- #2
- contentType: id-smime-ct-TSTInfo
- signingTime: 2019-03-28 12:38:45 UTC
- id-smime-aa-signingCertificate:
36 52 7d 4f a2 6a 68 f9 eb 45 96 f1 d9 9a bb 2c |6R}O.jh..E.....,| 0e a7 6d fa |..m. |
- messageDigest:
d9 5f 78 b1 61 3a 73 c7 0c db f4 24 eb 40 05 41 |._x.a:s....$.@.A| da 39 b5 b8 3e b4 b5 d7 68 0f 26 71 f6 40 9b 85 |.9..>...h.&q.@..|
- rsaEncryption:
b4 68 5a 28 d3 a1 53 84 25 df 8a e9 27 53 20 4b |.hZ(..S.%...'S K| 92 bf 0c 82 72 3c c1 c7 dc 53 74 23 eb fd d1 23 |....r<...St#...#| d2 5b 02 14 68 3f 44 db cc 13 08 06 c8 01 72 d8 |.[..h?D.......r.| 57 73 9c 87 ae 7b 30 3a 67 bc 14 fc 38 02 dd a9 |Ws...{0:g...8...| a5 74 2f 47 f7 71 ba f6 29 a8 d5 f9 10 f1 ba 08 |.t/G.q..).......| cf 6b 35 48 48 ed 19 e3 c2 3b 76 60 60 8c 32 50 |.k5HH....;v``.2P| d4 25 fb a8 0c 05 2d 82 8d a9 06 9d 54 0d 70 ea |.%....-.....T.p.| ab 8e 1d 8d 9f ce 63 28 bd 12 40 aa 41 d1 18 16 |......c(..@.A...| 2a 16 e9 ef 97 37 9e b7 1d 06 a2 a9 ae 4d 68 83 |*....7.......Mh.| 4b 43 77 0e 38 31 d2 00 92 aa e0 89 38 28 5e 65 |KCw.81......8(^e| b8 b6 0b 99 6e cc 0a 4c 26 08 27 f0 80 53 e2 07 |....n..L&.'..S..| db 1b 61 68 2b 4c 49 60 88 80 93 43 6e cd 8f 7f |..ah+LI`...Cn...| 60 f7 e7 71 bf 05 90 12 46 ca 16 10 8f a7 56 0b |`..q....F.....V.| 4a 1e cc 72 cc 54 fa ae 03 5a a6 5e 1b bd 58 f7 |J..r.T...Z.^..X.| 38 5f ff 34 39 37 f8 6a 0f ad fb 7e 00 4d a8 70 |8_.497.j...~.M.p| 3b bd 90 89 7f ff c8 fe 30 d6 40 69 21 92 2d 3e |;.......0.@i!.->|
- unnamed
- 3
- pkcs7-signedData
- #0
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 1152000 | EXE | 03/28/2019 12:38:33 | # |
| 15c1 | 15 | HTM | # | |
| 119400 | 3336 | PKCS7 | Authenticode Signature | # |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK