filenameAFK jelzo figyelo.exe
size407520 (0x637e0)
md50ccb3e25b500c038c14364a4a5521f0c
typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0xe7962d93
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x22
Magic0x10b
LinkerVersion48.0
SizeOfCode0x33800
SizeOfInitializedData0x2fa00
SizeOfUninitializedData0
AddressOfEntryPoint0x35686
BaseOfCode0x2000
BaseOfData0x36000
ImageBase0x400000
SectionAlignment0x2000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion6.0
Reserved10
SizeOfImage0x68000
SizeOfHeaders0x200
CheckSum0x6fce7
Subsystem2
DllCharacteristics0x8560
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C# / Basic .NET

Sections

namevavsizeraw sizeflags
.text0x20000x3368c0x33800R-X CODE
.rsrc0x360000x2f7ac0x2f800R-- IDATA
.reloc0x660000xc0x200R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0x356320x4f
RESOURCE0x360000x2f7ac
EXCEPTION00
SECURITY0x634000x3e0
BASERELOC0x660000xc
DEBUG0x355980x38
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x20008
Delay_IAT00
CLR_Header0x20080x48
typenamesizecp
ICON#1205670
ICON#2105680
ICON#3676240
ICON#4380560
ICON#5216400
ICON#6169360
ICON#796400
ICON#842640
ICON#924400
ICON#1011280
GROUP_ICON#325121460
VERSION#17960
module_namehintordfunction_name
mscoree.dll_CorExeMain

StringTable 000004b0

Comments
CompanyName
FileDescriptionAFK jelző
FileVersion1.0.0.0
InternalNameAFK jelzo.exe
LegalCopyrightCopyright © 2020
LegalTrademarks
OriginalFilenameAFK jelzo.exe
ProductNameAFK jelző
ProductVersion1.0.0.0
Assembly Version1.0.0.0

VS_FIXEDFILEINFO

FileVersion1.0.0.0
ProductVersion1.0.0.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS4
FileType1
FileSubtype0

Signers (1)

issuer: /CN=\x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x006\x006\x003\x00E\x00B\x00C\x00Q\x00\\x00d\x00i\x00o\x00g\x00e
serial: 729F79D06CE8D6AA461E9B9882158DDE

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:9f:79:d0:6c:e8:d6:aa:46:1e:9b:98:82:15:8d:de
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=\x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x006\x006\x003\x00E\x00B\x00C\x00Q\x00\\x00d\x00i\x00o\x00g\x00e
        Validity
            Not Before: May 27 02:08:26 2020 GMT
            Not After : May 27 08:08:26 2021 GMT
        Subject: CN=\x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x006\x006\x003\x00E\x00B\x00C\x00Q\x00\\x00d\x00i\x00o\x00g\x00e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:c8:41:28:fa:26:e2:42:0b:2c:e0:84:c7:8c:c8:
                    5c:f9:9d:72:c8:00:7e:ed:26:fe:c0:99:4d:6d:9e:
                    9f:d2:0a:32:1f:dd:e6:8e:ca:b0:f0:b1:f4:5f:f5:
                    6e:c3:1b:85:92:7a:9d:df:4c:40:6e:0d:a9:52:7f:
                    f3:09:18:9f:f7:84:32:41:86:61:5c:40:7b:39:20:
                    16:e7:10:8e:5e:c3:28:d4:da:bd:72:9d:7b:f8:12:
                    17:de:7b:f3:f9:fc:9a:6b:6f:f6:ad:b9:6a:4b:a3:
                    4d:f4:da:b6:98:4c:c0:90:ca:46:97:ff:4a:78:53:
                    0f:59:0d:5c:26:e0:02:10:fd
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         be:71:bc:a3:8a:51:68:71:0a:ff:0e:8f:46:e1:7a:6b:75:10:
         97:e7:bd:a8:66:5d:23:43:a2:b2:90:51:cd:e3:85:c3:f2:d7:
         ea:11:ec:17:8f:9c:9c:de:19:55:a6:60:40:61:b6:05:19:c7:
         5b:c1:3e:91:05:f6:28:21:c2:c3:ef:27:9d:3a:94:76:a9:db:
         c0:8f:31:76:fb:2e:ff:9c:9a:7b:1d:f8:a6:c8:52:41:c5:f7:
         a2:4f:9a:ab:72:06:48:f6:ca:a7:80:d2:44:4c:8d:a1:6b:88:
         10:b6:03:0b:05:ea:12:26:96:d3:22:0e:d1:43:1d:2e:d3:d9:
         68:8f
pkcs7-signedData
  • 1
    • SHA256: nil
    • 1.3.6.1.4.1.311.2.1.4
      • #0
        • 1.3.6.1.4.1.311.2.1.15
          • :
        • SHA256
          • 31 be 99 50 44 9e fb 77  0e 00 a2 15 81 c6 4d 7a  |1..PD..w......Mz|
bc 49 28 3f 9b bf ae 39  2b f6 7a 68 ad 22 7d ac  |.I(?...9+.zh."}.|
    • #2
      • 2
        • 72:9F:79:D0:6C:E8:D6:AA:46:1E:9B:98:82:15:8D:DE
        • RSA-SHA256: nil
        • CN: 
          00 44 00 45 00 53 00 4b  00 54 00 4f 00 50 00 2d  |.D.E.S.K.T.O.P.-|
00 36 00 36 00 33 00 45  00 42 00 43 00 51 00 5c  |.6.6.3.E.B.C.Q.\|
00 64 00 69 00 6f 00 67  00 65                    |.d.i.o.g.e      |
        • 2020-05-27 02:08:26 UTC: 2021-05-27 08:08:26 UTC
        • CN: 
          00 44 00 45 00 53 00 4b  00 54 00 4f 00 50 00 2d  |.D.E.S.K.T.O.P.-|
00 36 00 36 00 33 00 45  00 42 00 43 00 51 00 5c  |.6.6.3.E.B.C.Q.\|
00 64 00 69 00 6f 00 67  00 65                    |.d.i.o.g.e      |
        • #5
          • rsaEncryption: nil
          • C8:41:28:FA:26:E2:42:0B:2C:E0:84:C7:8C:C8:5C:F9:
            9D:72:C8:00:7E:ED:26:FE:C0:99:4D:6D:9E:9F:D2:0A:
            32:1F:DD:E6:8E:CA:B0:F0:B1:F4:5F:F5:6E:C3:1B:85:
            92:7A:9D:DF:4C:40:6E:0D:A9:52:7F:F3:09:18:9F:F7:
            84:32:41:86:61:5C:40:7B:39:20:16:E7:10:8E:5E:C3:
            28:D4:DA:BD:72:9D:7B:F8:12:17:DE:7B:F3:F9:FC:9A:
            6B:6F:F6:AD:B9:6A:4B:A3:4D:F4:DA:B6:98:4C:C0:90:
            CA:46:97:FF:4A:78:53:0F:59:0D:5C:26:E0:02:10:FD            : 0x010001
      • RSA-SHA256: 
        be 71 bc a3 8a 51 68 71  0a ff 0e 8f 46 e1 7a 6b  |.q...Qhq....F.zk|
75 10 97 e7 bd a8 66 5d  23 43 a2 b2 90 51 cd e3  |u.....f]#C...Q..|
85 c3 f2 d7 ea 11 ec 17  8f 9c 9c de 19 55 a6 60  |.............U.`|
40 61 b6 05 19 c7 5b c1  3e 91 05 f6 28 21 c2 c3  |@a....[.>...(!..|
ef 27 9d 3a 94 76 a9 db  c0 8f 31 76 fb 2e ff 9c  |.'.:.v....1v....|
9a 7b 1d f8 a6 c8 52 41  c5 f7 a2 4f 9a ab 72 06  |.{....RA...O..r.|
48 f6 ca a7 80 d2 44 4c  8d a1 6b 88 10 b6 03 0b  |H.....DL..k.....|
05 ea 12 26 96 d3 22 0e  d1 43 1d 2e d3 d9 68 8f  |...&.."..C....h.|
    • 1
      • #0
        • CN: 
          00 44 00 45 00 53 00 4b  00 54 00 4f 00 50 00 2d  |.D.E.S.K.T.O.P.-|
00 36 00 36 00 33 00 45  00 42 00 43 00 51 00 5c  |.6.6.3.E.B.C.Q.\|
00 64 00 69 00 6f 00 67  00 65                    |.d.i.o.g.e      |
        • 72:9F:79:D0:6C:E8:D6:AA:46:1E:9B:98:82:15:8D:DE
      • SHA256: nil
      • #2
        • 1.3.6.1.4.1.311.2.1.12
          • nil
        • contentType: 1.3.6.1.4.1.311.2.1.4
        • messageDigest: 
          aa 68 a4 03 67 1e 4b 09  c4 84 a8 d0 69 f8 a6 ce  |.h..g.K.....i...|
aa 4e 6d 9d ca 42 cb a0  42 01 6e 4b 37 90 d0 4b  |.Nm..B..B.nK7..K|
      • rsaEncryption: 
        0a af cb 48 d8 d8 e2 63  1a 69 67 79 ea 4d 92 80  |...H...c.igy.M..|
72 07 70 a7 c4 f7 7a 8b  04 b1 cc 23 f1 c3 78 ac  |r.p...z....#..x.|
48 ee eb 0d a0 da f3 66  ad 70 11 92 d9 5b e9 3d  |H......f.p...[.=|
f2 91 9b 45 e4 f3 88 48  5d 93 b5 05 74 bd 36 bc  |...E...H]...t.6.|
96 c7 fa 94 ff 7c a2 45  68 61 ca fa cd 7f 4c ea  |.....|.Eha....L.|
a4 32 1d 7d 6e 0c 5f 84  b2 10 c7 ba 89 f4 e4 22  |.2.}n._........"|
ae 7f a9 20 b7 a5 92 e6  df 27 62 18 b7 cc 3b 8b  |... .....'b...;.|
2c 05 e1 4f eb 3e 14 0f  40 53 cf 0b d9 d8 81 b8  |,..O.>..@S......|
offsetsizetypecomment
0406528EXE02/13/2093 15:56:03#
15c115HTM#
457f20567PNG(512 x 512)#
95d610568PNG(256 x 256)#
33be820567PNG(512 x 512)#
38c5010568PNG(256 x 256)#
63400992PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER