filename | cports.exe | |
---|---|---|
size | 66048 (0x10200) | |
md5 | 0139f6697d38a2118397364cfc9d48f9 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX Modified >> *$igBy Ahmed18 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
UPX0 | 0x1000 | 0x16000 | 0 | RWX UDATA | |
UPX1 | 0x17000 | 0xf000 | 0xea00 | RWX IDATA | |
.rsrc | 0x26000 | 0x2000 | 0x1400 | RW- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x27004 | 0x268 | |
RESOURCE | 0x26000 | 0x1004 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
0 | 1033 | 00 ba 69 74 43 13 6b dc e8 d8 ba 6e 86 74 7a 6c |..itC.k....n.tzl| 73 72 17 d1 78 d8 f6 45 72 0b 72 07 3a 20 38 85 |sr..x..Er.r.: 8.| 46 63 a3 a3 dd 20 66 88 25 16 73 b1 1b 42 20 63 |Fc... f.%.s..B c| 32 06 33 07 97 1b 5f a5 e6 1c 2e 33 be 47 3a 47 |2.3..._....3.G:G| ae 6b b6 27 84 46 03 bf 0e b3 9e 0f c6 56 58 c6 |.k.'.F.......VX.| b1 4a 4f 5e 33 75 d4 d8 6f 1c e9 3a 72 35 3a 74 |.JO^3u..o..:r5:t| 82 3a 38 30 0d 0a 16 bb 70 f9 76 62 14 68 3a 75 |.:80....p.vb.h:u| 64 35 33 e4 33 39 18 b7 df 5b 72 65 78 2d 1b 31 |d53.39...[rex-.1| 39 c6 31 36 01 1b b0 ed 38 2e 30 05 2d 0b 30 47 |9.16....8.0.-.0G| dd 50 e0 a4 70 c6 3a 5f f9 6f 78 2e ed d9 ae a1 |.P..p.:_.ox.....| 46 b5 9f 7f 37 4e 87 c7 4d 0b c2 4b 67 9b 03 99 |F...7N..M..Kg...| 19 a3 64 84 61 70 69 1d 66 38 ff 76 44 0b 51 75 |..d.api.f8.vD.Qu| 65 72 79 5f 57 18 eb 6d 6c a5 a5 3f 74 37 f5 72 |ery_W..ml..?t7.r| 7e 46 2c 58 a3 bb 59 6d 4d 5a 61 07 1f 18 e9 b9 |~F,X..YmMZa.....| ed c0 75 1b 65 66 13 4e 78 6d 1c 69 74 73 44 61 |..u.ef.Nxm.itsDa| 5b 54 88 26 e9 dd 71 5b 6c 6d 73 67 63 33 20 6e |[T.&..q[lmsgc3 n| 0c e1 10 6f 5c 73 c8 64 3a 1b 69 eb 39 d5 2f bd |...o\s.d:.i.9./.| 69 d3 6b 8b 7a 1a 10 5a 3a bb 20 87 2f 38 f7 6a |i.k.z..Z:. ./8.j| 50 6d 12 ea 0f 10 2f 6d bc 48 5b 07 ef 28 4b 29 |Pm..../m.H[..(K)| 00 22 30 93 a3 38 b1 eb 37 4c b7 5f ed 63 e1 6d |."0..8..7L._.c.m| 00 6d 36 75 5f 6d 9a e9 19 d8 5e 61 47 09 8f e3 |.m6u_m....^aG...| 78 9a b5 b9 92 76 67 07 9f 64 9a 81 ad 39 1c 2f |x....vg..d...9./| 2c 70 86 7c 59 6a ad e5 23 2b 17 d3 2b 73 af d6 |,p.|Yj..#+..+s..| b6 57 7f e5 6c 21 b0 e6 60 20 1e b0 00 0f 55 52 |.W..l!..` ....UR| 4c e9 7d db f6 33 74 6b 5f 6c 55 2e 59 69 7f 22 |L.}..3tk_lU.Yi."| 74 c8 52 c1 94 a2 cb 09 2e 66 e0 ad ce ce b3 3c |t.R......f.....<| 5f 20 62 67 62 3c a1 d4 0c ee 3d 23 c0 18 4d 77 |_ bgb<....=#..Mw| 04 95 dc 1b d9 1b 14 13 db e6 66 1b fc 4f 26 6e |..........f..O&n| 62 68 3b 0f 27 39 59 8b 54 5a fc c2 05 3d 93 b5 |bh;.'9Y.TZ...=..| 17 0b 3f 81 00 16 22 86 76 88 2d 22 67 a5 15 c9 |..?...".v.-"g...| 58 68 b4 ba 65 14 31 14 3f 35 70 b0 d6 66 d8 f6 |Xh..e.1.?5p..f..| 64 16 0f 35 14 37 cb 9a b6 59 62 2f 66 02 20 42 |d..5.7...Yb/f. B| 8a 35 f7 62 70 13 99 08 4c 6b 77 f8 f5 3b ab 38 |.5.bp...Lkw..;.8| 73 d0 3e 3c 69 f2 cf b9 37 98 |s.> |
16 | 1033 | 8b 32 06 10 c2 d2 2f 73 33 1c 3c 3f 78 6d 5b 76 |.2..../s3. |
96 | 1033 | 4d d3 34 4d 32 b2 72 f2 0a 8a 34 4d d3 34 4a ca |M.4M2.r...4M.4J.| 2a aa 6a d3 34 4d d3 ea 1a 9a 5a da 4d d3 34 4d |*.j.4M....Z.M.4M| 3a ba 7a fa 06 86 34 4d d3 34 46 c6 26 a6 66 d3 |:.z...4M.4F.&.f.| 34 4d d3 e6 16 96 56 d6 4d d3 |4M....V.M. | |
192 | 1033 | 36 b6 76 f6 0e 8e 34 4d d3 34 4e ce 2e ae 6e d3 |6.v...4M.4N...n.| 34 4d d3 ee 1e 9e 5e de 4d d3 34 4d 3e be 7e fe |4M....^.M.4M>.~.| 01 81 34 4d d3 34 41 c1 21 a1 61 d3 |..4M.4A.!.a. | |
496 | 1033 | 34 4d d3 e1 11 91 51 d1 4d d3 34 4d 31 b1 71 f1 |4M....Q.M.4M1.q.| 09 89 34 4d d3 34 49 c9 29 a9 69 d3 34 4d d3 e9 |..4M.4I.).i.4M..| 19 99 59 d9 4d d3 34 4d 39 b9 79 f9 05 85 34 4d |..Y.M.4M9.y...4M| d3 34 45 c5 25 a5 65 d3 34 4d d3 e5 15 95 55 d5 |.4E.%.e.4M....U.| 4d d3 34 4d 35 b5 75 f5 0d 8d 34 4d d3 34 4d cd |M.4M5.u...4M.4M.| 2d ad 6d d3 34 4d d3 ed 1d 9d 5d dd 72 d3 34 4d |-.m.4M....].r.4M| 3d bd 7d fd 13 00 09 4d d3 74 cb 01 93 07 93 53 |=.}....M.t.....S| 53 d3 34 4d d3 34 d3 33 33 b3 b3 d3 34 4d d3 73 |S.4M.4.33...4M.s| 73 f3 f3 0b 4d d3 34 4d 0b 8b 8b 4b 4b cb 34 4d |s...M.4M...KK.4M| d3 34 cb 2b 2b ab ab d3 34 4d d3 6b 6b eb eb 1b |.4.++...4M.kk...| 4d d3 34 4d 1b 9b 9b 5b 5b db 34 4d d3 34 db 3b |M.4M...[[.4M.4.;| 3b bb bb d3 34 4d d3 7b 7b fb fb 07 4d d3 34 4d |;...4M.{{...M.4M| 07 87 87 47 47 c7 34 4d d3 34 c7 27 27 a7 a7 d3 |...GG.4M.4.''...| 34 4d d3 67 67 e7 e7 17 4d d3 34 4d 17 97 97 57 |4M.gg...M.4M...W| 57 d7 34 4d d3 34 d7 37 37 b7 b7 d3 34 4d d3 77 |W.4M.4.77...4M.w| 77 f7 f7 0f 4d d3 34 4d 0f 8f 8f 4f 4f cf 34 4d |w...M.4M...OO.4M| d3 34 cf 2f 2f af af d3 34 4d d3 6f 6f ef ef 1f |.4.//...4M.oo...| 4d d3 34 4d 1f 9f 9f 5f |M.4M..._ | |
10000 | 1033 | 5f df 34 4d d3 34 df 3f 3f bf bf cb 34 4d d3 7f |_.4M.4.??...4M..| 7f ff ff 09 a6 69 9a ee 40 03 20 60 10 50 9a a6 |.....i..@. `.P..| 69 9a 30 70 08 48 28 68 69 9a a6 69 18 58 38 78 |i.0p.H(hi..i.X8x| 04 a6 69 9a a6 44 24 64 14 54 9a ae 6b 9a 34 74 |..i..D$d.T..k.4t| 03 41 83 03 43 c3 91 ae a6 69 23 a3 63 f9 e3 34 |.A..C....i#.c..4| 4d b3 b9 05 73 03 08 18 04 14 d3 34 4d d3 0c 1c |M...s......4M...| 02 12 0a 4d d3 34 4d 1a 06 16 0e 1e 01 34 4d d3 |...M.4M......4M.| 34 11 09 19 05 15 d3 34 4d d3 0d 1d 03 13 0b fe |4......4M.......| 4f 03 4d 1b 07 89 17 01 02 03 04 04 05 05 06 06 |O.M.............| 19 a4 e9 00 07 08 09 0a 4a 86 64 48 0b 0c a8 64 |........J.dH...d| 28 19 0d 0e 8f 41 a8 64 0f d5 12 13 13 41 06 69 |(....A.d.....A.i| ba 14 00 15 16 17 92 21 19 92 18 19 1a 2a 19 4a |.......!.....*.J| 86 1b 1c 88 10 2a 19 1d ff 0c e1 70 58 fd 07 f1 |.....*.....pX...| dd b3 0c 32 d8 21 5b 10 00 11 12 0c c9 20 83 13 |...2.![...... ..| 14 15 90 0c c9 90 16 17 08 25 43 c9 18 19 b2 28 |.........%C....(| 85 4a 7f 5a af c5 2c 92 c5 a7 9f 4d d3 74 97 97 |.J.Z..,....M.t..| 0a 03 0c 0e 10 14 34 4d d3 34 18 1c 20 28 30 d3 |......4M.4.. (0.| 34 4d d3 38 40 50 60 70 25 d4 34 4d 80 a0 c0 e0 |4M.8@P`p%.4M....| 2b 7b ef 25 6c 77 73 6f 6b 67 ef bd f7 de 63 5f |+{.%lwsokg....c_| 5b 57 53 4f 6e 80 ec 7b 4b 3c 80 40 03 28 92 ab |[WSOn..{K<.@.(..| e9 9a 05 07 d9 09 0b 21 04 41 57 57 d7 11 1b 17 |.......!.AWW....| 17 1f 97 2b d5 d5 d5 d5 ab 3b a7 53 9b 73 b3 a3 |...+.....;.S.s..| 86 ec bd d6 af e3 66 6b 56 01 11 19 64 90 41 12 |......fkV...d.A.| 13 14 ac 89 41 06 15 10 d5 c4 b6 d1 7d 10 |....A.......}. | |
10016 | 1033 | 83 71 0d 39 19 5b 17 5d 74 2b 31 37 61 3f c1 1f |.q.9.[.]t+17a?..| 01 fe ff bf b5 81 02 6c 03 01 04 01 06 01 08 01 |.......l........| 0c 01 10 01 18 01 20 01 30 01 40 01 61 c3 12 f6 |...... .0.@.a...| fe 77 6f 67 4d d3 34 dd 16 01 17 18 19 1a 1b 20 |.wogM.4........ | 4d d3 34 1c 1d 40 00 03 6f d7 fc a9 2a 41 00 04 |M.4..@..o...*A..| 08 03 d3 2b 0b 7f 0d d6 30 d8 08 0b 06 36 20 0b |...+....0....6 .| 04 93 bd 2f 8e 6f bd 2e d9 10 17 0b 80 78 67 33 |.../.o.......xg3| c8 00 80 20 00 01 09 ec d3 3c 6b 2b 04 0b 02 01 |... ..... |
10096 | 1033 | 44 45 4a 4b 4d 96 65 f9 b2 4f 5a 00 45 43 45 47 |DEJKM.e..OZ.ECEG| 48 cb f2 65 59 52 53 54 00 46 49 4a 4b dd b6 b2 |H..eYRST.FIJK...| 2c 4d 4f 17 53 41 47 41 b2 2c cb b2 02 42 44 45 |,MO.SAGA.,...BDE| 46 48 cb b2 2c cb 49 4c 4d 4e 50 51 2c cb b2 2c |FH..,.ILMNPQ,..,| 52 53 54 55 57 96 65 59 be 59 00 48 4b 4d 4e 52 |RSTUW.eY.Y.HKMNR| 54 cb b2 2c 5f 55 00 49 44 45 4c 4e 4f e5 cb b2 |T..,_U.IDELNO...| 2c 51 52 53 54 00 4a 4d b2 2c cb 97 4f 50 00 4b |,QRST.JM.,..OP.K| 45 47 48 49 cb b2 2c cb 4d 4e 50 52 57 59 65 59 |EGHI..,.MNPRWYeY| 96 2f 5a 00 4c 41 42 43 49 96 65 59 96 4b 52 53 |./Z.LABCI.eY.KRS| 54 55 56 cb b2 2c 5f 59 00 4d 41 43 44 47 48 2c |TUV..,_Y.MACDGH,| cb b2 2c 4b 4c 4d 4e 4f b2 2c cb b2 50 51 52 53 |..,KLMNO.,..PQRS| 54 cb b2 2c cb 55 56 57 58 59 5a 65 59 96 e5 00 |T..,.UVWXYZeY...| 4e 41 43 45 46 47 96 65 59 96 49 4c 4f 50 52 55 |NACEFG.eY.ILOPRU| 59 b6 db 56 23 4f 4d 50 |Y..V#OMP | |
10112 | 1033 | 䙅奥斖䡇䱋镍奥亖卒坔陟뛭兓利Ʌ問W䅓쬬Ⲳ䍂䕄뉇쬬䢲䩉 |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.DLL | LoadLibraryA | ||
KERNEL32.DLL | GetProcAddress | ||
KERNEL32.DLL | VirtualProtect | ||
KERNEL32.DLL | VirtualAlloc | ||
KERNEL32.DLL | VirtualFree | ||
KERNEL32.DLL | ExitProcess | ||
ADVAPI32.dll | RegDeleteKeyA | ||
COMCTL32.dll | 17 | ||
comdlg32.dll | FindTextA | ||
GDI32.dll | SetBkMode | ||
msvcrt.dll | exit | ||
SHELL32.dll | ShellExecuteA | ||
USER32.dll | GetDC | ||
VERSION.dll | VerQueryValueA | ||
WS2_32.dll | 56 |
StringTable 040904b0
CompanyName | NirSoft |
FileDescription | CurrPorts |
FileVersion | 2.10 |
InternalName | CurrPorts |
LegalCopyright | Copyright © 2004 - 2013 Nir Sofer |
OriginalFilename | CurrPorts.exe |
ProductName | CurrPorts |
ProductVersion | 2.10 |
VS_FIXEDFILEINFO
FileVersion | 2.1.0.0 |
ProductVersion | 2.1.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(95232) > stringtable size(538). truncated to 536
[!] cannot convert "itC\x13k\xDC\xE8\xD8\xBAn\x86tzlsr"... to UTF-16
[!] string size(25878) > stringtable size(532). truncated to 530
[!] cannot convert "\x06\x10\xC2\xD2/s3\x1C<?xm[vAV"... to UTF-16
[!] string size(108186) > stringtable size(58). truncated to 56
[!] cannot convert "4M2\xB2r\xF2\n\x8A4M\xD34J\xCA*\xAA"... to UTF-16
[!] string size(93292) > stringtable size(44). truncated to 42
[!] cannot convert "v\xF6\x0E\x8E4M\xD34N\xCE.\xAEn\xD34M"... to UTF-16
[!] string size(39528) > stringtable size(280). truncated to 278
[!] cannot convert "\xD3\xE1\x11\x91Q\xD1M\xD34M1\xB1q\xF1\t\x89"... to UTF-16
[!] string size(114366) > stringtable size(382). truncated to 380
[!] cannot convert "4M\xD34\xDF??\xBF\xBF\xCB4M\xD3\x7F\x7F\xFF"... to UTF-16
[!] string size(58118) > stringtable size(286). truncated to 284
[!] cannot convert "\r9\x19[\x17]t+17a?\xC1\x1F\x01\xFE"... to UTF-16
[!] string size(35464) > stringtable size(216). truncated to 214
[!] cannot convert "JKM\x96e\xF9\xB2OZ\x00ECEGH\xCB"... to UTF-16
[!] string size(1154) > stringtable size(54). truncated to 52
[!] refusing to read CURDIRENTRY beyond resource size