SocketSniff.exe - SocketSniff

info
MZ
PE
resources
strings
imports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	SocketSniff.exe
size	39936 (0x9c00)
md5	f5223cae145cc63b3f14f320f0ccf26a

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe8

Rich Header

lib id	version	times used
93	4035	16
64	9210	3
28	9178	11
1	0	262
25	9210	3
114	50727	27
124	50727	1
120	50727	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x501a6a46
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	8.0
SizeOfCode	0x9000
SizeOfInitializedData	0x2000
SizeOfUninitializedData	0xf000
AddressOfEntryPoint	0x17f00
BaseOfCode	0x10000
BaseOfData	0x19000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x1b000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0xf000	0	RWX UDATA
UPX1	0x10000	0x9000	0x8200	RWX IDATA
.rsrc	0x19000	0x2000	0x1600	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x1a26c	0x1c8
RESOURCE	0x19000	0x126c
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
BIN	#109	6144	1252
CURSOR	#1	308	1252
CURSOR	#2	308	1252
BITMAP	#104	1000	1252
BITMAP	#133	216	1252
BITMAP	#134	216	1252
ICON	#3	744	1252
ICON	#4	296	1252
ICON	#5	296	1252
ICON	#6	296	1252
MENU	#102	1072	1252
MENU	#104	452	1252
DIALOG	#105	162	1252
DIALOG	#107	662	1252
DIALOG	#112	250	1252
DIALOG	#114	248	1252
DIALOG	#1096	822	1252
STRING	#1	506	1252
STRING	#26	58	1252
STRING	#32	280	1252
STRING	#63	156	1252
STRING	#64	116	1252
STRING	#69	100	1252
STRING	#76	38	1252
STRING	#77	38	1252
ACCELERATORS	#103	80	1252
GROUP_CURSOR	#103	20	1252
GROUP_CURSOR	#110	20	1252
GROUP_ICON	#101	34	1252
GROUP_ICON	#102	20	1252
GROUP_ICON	#110	20	1252
VERSION	#1	712	1252
MANIFEST	#1	362	1252

id	lang	string
0	1033	49 3c c5 61 86 0a 68 f5 4a 24 09 4a 1d b6 de 56 \|I<.a..h.J$.J...V\| b0 5b ef d8 46 0c 46 39 30 35 56 fd 68 3c 1a a0 \|.[..F.F905V.h<..\| 1f 15 18 58 3d d1 b6 50 1c ad 3e 4f d0 a2 c7 d2 \|...X=..P..>O....\| e6 58 8d 07 2c 61 84 f6 19 8b dd 62 d8 0d ba 11 \|.X..,a.....b....\| 3b 09 74 1e 24 62 06 8c 5c 17 e8 f8 e3 c6 b1 2a \|;.t.$b..\......\| d8 83 f5 92 84 00 0b 25 7b 7c 1c 70 e0 84 cd c5 \|.......%{\|.p....\| 18 67 53 cd da 1e a1 70 8d d0 3a 50 cb 8b 5a 2a \|.gS....p..:P..Z\| 80 48 47 5b 55 10 c3 40 a4 2a e7 82 8d cb 45 d9 \|.HG[U..@.....E.\| e8 e2 c0 a3 99 97 16 2a 72 c8 ae 34 ab e1 10 13 \|.......r..4....\| f8 f8 56 f5 7a f6 01 43 57 68 eb 12 73 66 a0 68 \|..V.z..CWh..sf.h\| 54 e4 86 2b 82 c9 43 28 d8 55 5b ee 74 48 f1 66 \|T..+..C(.U[.tH.f\| d4 28 5b 59 89 d9 62 2c 1b a2 1d 39 4b 0b 11 80 \|.([Y..b,...9K...\| 38 20 9d 91 57 3b c7 00 fe c1 e6 69 1a c8 c9 4c \|8 ..W;.....i...L\| 24 14 51 d8 a1 e8 1f 6b 8d 8c 24 88 08 42 9f 0d \|$.Q....k..$..B..\| 2d 9b 2d 20 9d c1 6c 02 e8 18 49 d1 f6 05 4e df \|-.- ..l...I...N.\| 14 88 0c 47 1d 10 87 db 89 76 dc 60 f2 0d 88 db \|...G.....v.`....\| bc 24 7c 06 53 4c b8 4d ee 33 38 57 ed df 6d 63 \|.$\|.SL.M.38W..mc\| 2e 77 84 9c 98 5d fc f4 89 76 2c 2c 0d 85 d9 70 \|.w...]...v,,...p\| 74 06 3b 1c 3c c1 f6 ea 27 04 8d b4 24 70 de d0 \|t.;.<...'...$p..\| 30 bc ee 51 fc 7d 45 6a 0c 5c 24 34 28 6e eb 9e \|0..Q.}Ej.\$4(n..\| 2c 3d 04 16 8b 16 89 7f 3c 6b 83 70 d6 74 0a 1c \|,=......
400	1033	e4 c9 8d 1b 2c fb d6 00 6f b1 86 02 8d 13 06 dd \|....,...o.......\| 50 ea f0 1e a6 73 9d c8 44 10 b1 10 bb b9 50 84 \|P....s..D.....P.\| 86 af 22 8d bc 18 e0 19 a7 8b d4 ce 40 e2 96 2d \|..".........@..-\| 9e 7e 68 06 98 9f a6 0c 72 b2 \|.~h.....r. \|
496	1033	90 5a 00 13 a2 27 db f4 f8 2a b8 62 a7 56 90 30 \|.Z...'....b.V.0\| 84 dd 80 d7 3f 15 34 50 23 0d a1 64 98 67 af 36 \|....?.4P#..d.g.6\| 55 9a a4 d9 95 6e 10 48 fd bd 20 b4 c1 22 2e 81 \|U....n.H.. .."..\| 7e 48 8a af 6a b8 42 b7 d0 39 b7 77 c4 97 39 72 \|~H..j.B..9.w..9r\| 2f 8b 90 1b 03 d1 39 54 0d 73 21 14 88 c5 08 f9 \|/.....9T.s!.....\| 50 ce c1 6d 58 3c 5e c5 1d d7 43 7c 18 06 c0 eb \|P..mX<^...C\|....\| 03 6a 8d 98 42 84 aa 29 82 d5 80 7b 88 9a 50 40 \|.j..B..)...{..P@\| 18 cc 2e e1 4e d0 89 b0 34 68 e8 0d 2e 3b 8a 0a \|....N...4h...;..\| 8b 00 e0 c1 f0 53 d3 1d 5a e9 1a 18 08 fc 0b 28 \|.....S..Z......(\| f9 06 7b 5f ec 14 2c 08 14 74 2f a8 a3 6b 77 9d \|..{_..,..t/..kw.\| 0b 30 db 70 50 53 11 07 48 32 17 21 e2 36 1c 1d \|.0.pPS..H2.!.6..\| f0 58 2a 64 6c 29 5c 50 60 31 d3 0d 4c ba 85 6e \|.Xdl)\P`1..L..n\| 37 ee 50 2b 30 8b 84 78 12 2b 23 c7 d7 de 06 74 \|7.P+0..x.+#....t\| 83 64 3a 50 2c a7 39 47 d3 75 dd 1e 78 0e 5c 2a \|.d:P,.9G.u..x.\*\| 58 50 e6 5c 45 64 ab 57 f4 fd db 1e 0a 36 16 92 \|XP.\Ed.W.....6..\| a8 10 fb 21 35 00 8f 4f ba 39 81 c0 0b 14 7e 64 \|...!5..O.9....~d\| a0 77 f6 80 02 b1 a2 4c 50 12 ca f7 24 02 2d 42 \|.w.....LP...$.-B\| 59 0c 14 82 15 1f 20 f8 \|Y..... . \|
992	1033	15 28 6b 07 e8 bb cd 28 36 0a 3b 43 04 9c 74 d7 \|.(k....(6.;C..t.\| 65 78 8d 43 40 83 4b 14 3b 88 75 bf de 13 92 ab \|ex.C@.K.;.u.....\| 3f 1f 2b c3 bb 29 9b 05 b4 b9 9f 30 01 03 d8 9c \|?.+..).....0....\| 30 c6 6b 01 5d ca 0c df 2c f9 dc bb 9d e1 8e 0b \|0.k.]...,.......\| ac 42 20 b8 0d 10 0b c8 89 0a b3 6e 58 eb 0e 24 \|.B ........nX..$\| 09 a6 0c 89 51 eb ba 11 a2 0c 17 20 0a 58 1d 78 \|....Q...... .X.x\| 27 9a b8 eb be 14 53 03 c8 51 0f 7c 03 30 68 44 \|'.....S..Q.\|.0hD\| 40 ff 7b c2 04 95 ae 2f 47 04 9b f7 d8 6a df e7 \|@.{..../G....j..\| 18 75 73 af 98 3a 0a 5e 67 4d 2c 54 35 54 ca 09 \|.us..:.^gM,T5T..\| 87 59 f7 4a 08 48 32 3c 01 42 b9 a7 \|.Y.J.H2<.B.. \|
1008	1033	86 1c 9c 96 54 55 81 45 e0 d4 16 19 b0 2e bb 0b \|....TU.E........\| 2a 12 48 83 01 8d 94 16 26 df 58 5d d4 52 0b 10 \|*.H.....&.X].R..\| 1d 20 2c ec da c3 7e 03 46 d1 5a 14 01 3d 10 6d \|. ,...~.F.Z..=.m\| b6 62 d2 0c 03 c0 8c 19 60 58 51 5f 27 01 51 c9 \|.b......`XQ_'.Q.\| 18 27 ec 10 38 51 d8 d7 1f 3c 8e e2 a4 88 88 1d \|.'..8Q...<......\| 20 c6 ba ef 74 89 88 34 d3 22 5c 09 d7 1e cc 76 \| ...t..4."\....v\| 3a 24 8c 06 94 05 2b a7 3b b3 e1 3e 95 b4 09 60 \|:$....+.;..>...`\| 68 06 3e f7 \|h.>. \|
1088	1033	愜氃࠶ᥬ轼䂢ὤ伻㻮邒䔼⭄㷈桄挄Ⱨ允䠔̫ी呴䥵ꑈȅ䌄ᒠ됆ﰖ怏䍒用Ռ肫꺑⦐茿ᰂĄ垅銗醯שּׁᤤ
1200	1033	觰諪廛༁諩츹넄ᔵɯ疭㡣嗨ᰜ์笫杆퇴ퟜ
1216	1033	ⶀ耪佉滖孪᪤꤉桘硜満倽瀉⃓큦䈪

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		VirtualProtect
KERNEL32.DLL		VirtualAlloc
KERNEL32.DLL		VirtualFree
KERNEL32.DLL		ExitProcess
COMCTL32.dll	17
comdlg32.dll		FindTextW
GDI32.dll		PatBlt
msvcrt.dll		exit
SHELL32.dll		ShellExecuteW
USER32.dll		GetDC

StringTable 040904b0

CompanyName	NirSoft
FileDescription	SocketSniff
FileVersion	1.08
InternalName	SocketSniff
LegalCopyright	Copyright © 2008 - 2012 Nir Sofer
OriginalFilename	SocketSniff.exe
ProductName	SocketSniff
ProductVersion	1.08

VS_FIXEDFILEINFO

FileVersion	1.0.8.0
ProductVersion	1.0.8.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
0	39936	EXE	08/02/2012 11:53:42	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[!] string size(30866) > stringtable size(506). truncated to 504

[!] cannot convert "\xC5a\x86\nh\xF5J$\tJ\x1D\xB6\xDEV\xB0["... to UTF-16

[!] string size(103368) > stringtable size(58). truncated to 56

[!] cannot convert "\x8D\e,\xFB\xD6\x00o\xB1\x86\x02\x8D\x13\x06\xDDP\xEA"... to UTF-16

[!] string size(46368) > stringtable size(280). truncated to 278

[!] cannot convert "\x00\x13\xA2'\xDB\xF4\xF8*\xB8b\xA7V\x900\x84\xDD"... to UTF-16

[!] string size(20522) > stringtable size(156). truncated to 154

[!] cannot convert "k\a\xE8\xBB\xCD(6\n;C\x04\x9Ct\xD7ex"... to UTF-16

[!] string size(14604) > stringtable size(116). truncated to 114

[!] cannot convert "\x9C\x96TU\x81E\xE0\xD4\x16\x19\xB0.\xBB\v*\x12"... to UTF-16

[!] string size(120544) > stringtable size(100). truncated to 98

[!] string size(10306) > stringtable size(38). truncated to 36

[!] string size(6568) > stringtable size(38). truncated to 36

[!] refusing to read CURDIRENTRY beyond resource size

SocketSniff.exe- SocketSniff