CM.exe

info
MZ
PE
resources
imports
foremost
signature
hexdump
disasm
log
discuss
donate

filename	CM.exe
size	14848 (0x3a00)
md5	0d19551755a72e731c1bee8713b541af

type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	6
TimeDateStamp	0x5416f15d
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x20f
Magic	0x10b
LinkerVersion	2.56
SizeOfCode	0x1c00
SizeOfInitializedData	0x3200
SizeOfUninitializedData	0x200
AddressOfEntryPoint	0x1000
BaseOfCode	0x1000
BaseOfData	0x3000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	1.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x8000
SizeOfHeaders	0x400
CheckSum	0xd332
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x200000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MingWin32 GCC 3.x

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x1bf8	0x1c00	R-X CODE IDATA
.data	0x3000	0x70	0x200	RW- IDATA
.rdata	0x4000	0x3f8	0x400	RW- IDATA
.bss	0x5000	0x70	0	RW- UDATA
.idata	0x6000	0x350	0x400	RW- IDATA
.rsrc	0x7000	0xacc	0xc00	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x6000	0x350
RESOURCE	0x7000	0xacc
EXCEPTION	0	0
SECURITY	0x3600	0x400
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	296
ICON	#2	2216
GROUP_ICON	APP	34

module_name	hint	function_name
KERNEL32.dll	1	AddAtomA
KERNEL32.dll	85	CreateProcessA
KERNEL32.dll	156	ExitProcess
KERNEL32.dll	176	FindAtomA
KERNEL32.dll	221	GetAtomNameA
KERNEL32.dll	739	SetUnhandledExceptionFilter
msvcrt.dll		_access
msvcrt.dll	39	__getmainargs
msvcrt.dll	59	__p__environ
msvcrt.dll	61	__p__fmode
msvcrt.dll	78	__set_app_type
msvcrt.dll	118	_cexit
msvcrt.dll	169	_fileno
msvcrt.dll	222	_iob
msvcrt.dll	336	_onexit
msvcrt.dll	373	_setmode
msvcrt.dll	510	abort
msvcrt.dll	517	atexit
msvcrt.dll	552	free
msvcrt.dll	603	malloc
msvcrt.dll	633	signal
msvcrt.dll	636	sprintf
msvcrt.dll	640	strcat
msvcrt.dll	642	strcmp
msvcrt.dll	644	strcpy
msvcrt.dll	648	strlen
msvcrt.dll	653	strrchr

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=IPG Zertifikatsname Test

serial: 0AFCC1AABE78D9984A5ABFBE13B40800

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:fc:c1:aa:be:78:d9:98:4a:5a:bf:be:13:b4:08:00
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=IPG Zertifikatsname Test
        Validity
            Not Before: Dec 31 23:00:00 2014 GMT
            Not After : Dec 30 23:00:00 2020 GMT
        Subject: CN=IPG Zertifikatsname Test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:9f:fd:8c:63:71:b9:70:2a:8f:dd:dd:0d:c4:b1:
                    00:03:e3:56:dc:47:95:32:28:75:d3:82:c7:15:82:
                    b6:2f:cf:ba:ab:44:46:3a:b9:38:49:8c:d3:b0:69:
                    8a:dd:c2:34:10:a5:6d:44:75:33:41:54:c7:a1:80:
                    87:3e:d7:3f:5b:6f:3e:8e:68:a1:c2:5e:e6:dd:e8:
                    b2:60:ae:25:37:c7:d2:ed:9b:34:98:98:74:89:53:
                    b0:b2:51:bf:d5:48:78:b2:dd:10:33:55:4e:bf:0a:
                    93:bf:f2:01:78:7c:da:f5:8c:5b:2e:f0:39:da:01:
                    ea:58:2b:84:71:4a:ca:80:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1: 
                0K..H..i..h..oe8..8..%0#1!0...U....IPG Zertifikatsname Test..
....x..JZ......
    Signature Algorithm: md5WithRSAEncryption
    Signature Value:
        0f:49:e2:15:86:a7:68:3e:95:d8:43:57:52:cd:d1:e7:63:aa:
        30:02:50:f9:05:ca:a8:be:8a:34:a2:b6:76:cd:b2:68:df:45:
        45:f2:a5:98:73:da:48:04:8e:88:97:1e:7d:2a:27:14:e5:f2:
        c8:96:f0:5f:c1:e9:65:d2:fb:c0:43:89:4d:56:8f:36:f5:d9:
        08:5d:a6:ed:ed:8f:67:4a:ba:51:98:c7:5e:1f:c7:1a:3a:17:
        cc:40:fa:c8:eb:fe:7a:63:50:16:6b:98:81:c9:69:d9:be:ea:
        bb:c3:28:62:e4:85:b7:72:2a:4d:37:0d:bf:5d:9c:f4:5c:fd:
        8d:85

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

d1 86 9c ba 8a a9 8e c2 77 75 3d 4a f3 90 2d c1 |........wu=J..-.| 26 3b e6 e0 |&;.. |

2
- 0A:FC:C1:AA:BE:78:D9:98:4A:5A:BF:BE:13:B4:08:00
- RSA-MD5: nil
- CN: IPG Zertifikatsname Test
- 2014-12-31 23:00:00 UTC: 2020-12-30 23:00:00 UTC
- CN: IPG Zertifikatsname Test
- #5
  - rsaEncryption: nil
  - 9F:FD:8C:63:71:B9:70:2A:8F:DD:DD:0D:C4:B1:00:03:
    E3:56:DC:47:95:32:28:75:D3:82:C7:15:82:B6:2F:CF:
    BA:AB:44:46:3A:B9:38:49:8C:D3:B0:69:8A:DD:C2:34:
    10:A5:6D:44:75:33:41:54:C7:A1:80:87:3E:D7:3F:5B:
    6F:3E:8E:68:A1:C2:5E:E6:DD:E8:B2:60:AE:25:37:C7:
    D2:ED:9B:34:98:98:74:89:53:B0:B2:51:BF:D5:48:78:
    B2:DD:10:33:55:4E:BF:0A:93:BF:F2:01:78:7C:DA:F5:
    8C:5B:2E:F0:39:DA:01:EA:58:2B:84:71:4A:CA:80:4B: 0x010001
- 2.5.29.1
  - 48 95 9f 69 ea 98 68 a7 ec 6f 65 38 e8 fc 38 e6 |H..i..h..oe8..8.|
    - CN: IPG Zertifikatsname Test
    - 0a fc c1 aa be 78 d9 98 4a 5a bf be 13 b4 08 00 |.....x..JZ......|

RSA-MD5:

0f 49 e2 15 86 a7 68 3e  95 d8 43 57 52 cd d1 e7  |.I....h>..CWR...|
63 aa 30 02 50 f9 05 ca  a8 be 8a 34 a2 b6 76 cd  |c.0.P......4..v.|
b2 68 df 45 45 f2 a5 98  73 da 48 04 8e 88 97 1e  |.h.EE...s.H.....|
7d 2a 27 14 e5 f2 c8 96  f0 5f c1 e9 65 d2 fb c0  |}*'......_..e...|
43 89 4d 56 8f 36 f5 d9  08 5d a6 ed ed 8f 67 4a  |C.MV.6...]....gJ|
ba 51 98 c7 5e 1f c7 1a  3a 17 cc 40 fa c8 eb fe  |.Q..^...:..@....|
7a 63 50 16 6b 98 81 c9  69 d9 be ea bb c3 28 62  |zcP.k...i.....(b|
e4 85 b7 72 2a 4d 37 0d  bf 5d 9c f4 5c fd 8d 85  |...r*M7..]..\...|

#0
- CN: IPG Zertifikatsname Test
- 0A:FC:C1:AA:BE:78:D9:98:4A:5A:BF:BE:13:B4:08:00
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

55 53 53 61 ed 9a 14 3b  1c c4 26 9e a0 b6 7c 6d  |USSa...;..&...|m|
b8 fa e5 01                                       |....            |

rsaEncryption:

25 4a 4a 7e 2b 1a ad ea  36 30 e4 2f ed 1b 9e 99  |%JJ~+...60./....|
ab cc 9f 40 84 87 04 36  72 15 42 0f 87 3a 1e 41  |...@...6r.B..:.A|
d9 b2 e1 a9 a4 7a 53 09  40 64 37 43 24 d5 6b 0d  |.....zS.@d7C$.k.|
f0 c6 74 b2 d6 a7 42 9a  de a8 57 35 0c 6b 24 7d  |..t...B...W5.k$}|
30 08 6f 07 22 7c 31 41  7a 10 3e fb d2 54 47 fb  |0.o."|1Az.>..TG.|
79 8a c5 92 0c ac b5 95  e7 cc 13 0c c0 f5 5b 8c  |y.............[.|
04 a1 82 db 1f 98 58 6e  69 22 3a 93 3f 96 3f 3f  |......Xni":.?.??|
6c b6 27 fe 28 6f b2 3e  44 94 91 99 05 05 e1 dd  |l.'.(o.>D.......|

show previews

offset	size	type	comment
0	13824	EXE	09/15/2014 14:02:05	#
15c1	15	HTM		#
3600	1024	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK