filenamec72c709959b0ea5cbe6bf4a5411811e537b02534fa1457f9d7bfa2c9f98ec1a7
size39936 (0x9c00)
md50f4caaa39137d175f05a1322a90335cb
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x50
blocks_in_file2
num_relocs0
header_paragraphs4
min_extra_paragraphs0xf
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0x1a
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x4ced1e12
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x818f
Magic0x10b
LinkerVersion2.25
SizeOfCode0x9000
SizeOfInitializedData0x1000
SizeOfUninitializedData0x18000
AddressOfEntryPoint0x21370
BaseOfCode0x19000
BaseOfData0x22000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x23000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x4000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX 2.93 (LZMA)

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x180000RWX UDATA
UPX10x190000x90000x9000RWX IDATA
.rsrc0x220000x10000x800RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x226b40x14c
RESOURCE0x220000x6b4
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS0x21f100x18
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00

TLS

raw
start		raw
end		indexcallbkszero
fill		flags
0x421f280x421f340x413788000
typenamesizecp
STRING#4090880
STRING#40914880
STRING#40922040
STRING#40933760
STRING#40949160
STRING#40958600
STRING#40966400
RCDATADVCLAL160
RCDATAPACKAGEINFO2240
MANIFEST#111030
idlangstring
654240猿j⩫΋载ƍ맻쎬ᏼꔫ๚牞ᦜﯜ痍鎉⮋㌫麘ᅚល⹂沟⚃鬖兯䬖ꆻ⚢쳊瀕퐰였曕툆抻
654400
1f 75 09 d8 a9 9e 7b 18  4e cd 72 65 47 54 3c a4  |.u....{.N.reGT<.|
51 c5 f3 cf f8 2a 7b fa  6b aa cc 4b cd f6 b1 81  |Q....*{.k..K....|
06 97 90 7b f2 a4 8b c7  e4 c4 37 6f 3d 5d 45 9c  |...{......7o=]E.|
e7 1b 2e 41 bf ac e3 14  86 97 57 ca 8f 8d 7b 26  |...A......W...{&|
ee 08 2d c7 c2 16 f7 2c  d8 12 cc 02 d3 d2 c8 8e  |..-....,........|
48 2b 9b 57 cd b2 47 3f  dd 0a ab 13 9f cc dd fb  |H+.W..G?........|
4f 59 86 b1 b1 41 4a a8  27 8e 34 a5 7b 45 1b 65  |OY...AJ.'.4.{E.e|
c4 ff 67 d4 7b 7d e4 44  c5 aa 44 ed 62 56 53 25  |..g.{}.D..D.bVS%|
f0 c1 d3 f9 b5 b6 77 17  ea 48 5a 0d de ee a0 45  |......w..HZ....E|
41 de f6 f3 32 c9 18 85  2e bc 3e 70 a2 b8 82 9b  |A...2.....>p....|
d4 17 90 8e 1f a7 24 ba  4b 6f e9 05 cd dc 98 02  |......$.Ko......|
1f bd ed 36 65 2b b7 15  0b 94 8d f1 df 9f 68 53  |...6e+........hS|
37 a0 63 c0 dc 0f 99 fb  54 bc fd c2 39 4b 5f 3d  |7.c.....T...9K_=|
31 66 95 f6 55 ab a4 24  b4 97 da 8b 34 35 2c e3  |1f..U..$....45,.|
ea aa 99 de 91 33 3d fd  5c 7f 25 1f 51 19 b0 59  |.....3=.\.%.Q..Y|
ff aa 40 c4 2f 1e 3d 2b  5f 98 6c 81 c8 b1 4f fb  |..@./.=+_.l...O.|
d9 45 97 40 97 e1 ba 98  e8 d8 9f 83 35 b9 6b 2e  |.E.@........5.k.|
c2 10 56 98 4e 58 85 dd  de a8 d4 53 a4 45 8c 5b  |..V.NX.....S.E.[|
7d 88 fc c0 bc 95 03 21  49 58 6f 32 67 52 da 26  |}......!IXo2gR.&|
34 ef 95 fe 67 99 1a bb  ff 69 05 99 f4 05 8e 36  |4...g....i.....6|
c5 ad 61 33 64 4d 24 80  af af 0a bd 68 e3 cf 25  |..a3dM$.....h..%|
75 ac 1b 8f 23 9f 17 fa  00 a8 bb b2 b3 83 8c 54  |u...#..........T|
9f 19 3f 1f ac f6 23 de  0c 01 47 8e 80 50 a7 2e  |..?...#...G..P..|
dc 9d 80 06 27 e4 89 1e  44 80 cf 20 1a 77 de 6d  |....'...D.. .w.m|
f1 e2 da df b5 e3 fb 37  71 48 b1 7b 39 52 27 50  |.......7qH.{9R'P|
40 26 38 9c ab dd 82 7b  b2 c9 c6 80 5e fb a9 09  |@&8....{....^...|
ef 6c 62 1a 81 41 38 8d  0a e2 c6 65 e3 b3 da 12  |.lb..A8....e....|
71 ed 80 9a c9 d3 fd 0e  4e b9 de 5f b0 38 89 57  |q.......N.._.8.W|
e3 e9 64 a8 f0 73 68 84  d0 8f d8 f3 2d 99 91 37  |..d..sh.....-..7|
9f 1e 1d 75 53 a4 10 7d  85 49 11 a0 40 a3 31 d6  |...uS..}.I..@.1.|
5e a4 b8 09 3b 2f 8c a2                           |^...;/..        |
654560
4f 85 30 ad 29 3c 0d 21  47 2d 81 df 1b 34 ee 2f  |O.0.)<.!G-...4./|
a8 d4 56 8b 01 20 50 d5  e9 e3 fd 03 d8 45 cc aa  |..V.. P......E..|
fe 72 c0 e8 db aa df e2  48 eb c7 11 f7 fb 24 4d  |.r......H.....$M|
60 6e 7e c3 c5 c3 cd f6  aa f7 60 0f bc bf 9b 9f  |`n~.......`.....|
5c 8d 6f ce e2 2f 45 d9  47 88 ef 42 63 2c 82 6a  |\.o../E.G..Bc,.j|
6a 35 30 f8 cd 35 2e 47  7d 5b 80 f0 2a 17 0a ef  |j50..5.G}[..*...|
ee a7 02 f8 0b 33 a9 52  d7 69 82 d8 01 c4 de 31  |.....3.R.i.....1|
5a 61 e1 ca 28 e2 d2 4d  70 38 6a eb 12 88 9b 3d  |Za..(..Mp8j....=|
d5 be b7 fa 73 ef 6b 43  da 11 0b 3b 5e 7a af 30  |....s.kC...;^z.0|
91 f7 47 f4 6b bc 2e 2e  42 61 40 21 fd cb 8d af  |..G.k...Ba@!....|
cf 39 6f 5c 42 2a 13 38  b8 1b e1 a4 9c ac 2b e5  |.9o\B*.8......+.|
d7 a2 e0 8e 46 2d 96 35  c0 59 8b b5 0a a2 0e fc  |....F-.5.Y......|
ae b9 79 5e 98 c2 a2 d9  90 16 10 c7              |..y^........    |
654720
9b 52 b2 5d a2 7c 66 f6  08 13 6f 92 9b 7e cf af  |.R.].|f...o..~..|
2b a0 55 f4 7c b6 b9 13  89 d1 b5 a7 8b fd 77 fa  |+.U.|.........w.|
a6 a8 fc 3c 69 c5 49 db  1d 9a 89 3b d7 a7 f5 5f  |...
654880
be d0 d4 e3 9c 42 7f 67  4e 50 30 15 33 be 0a b6  |.....B.gNP0.3...|
bd 0c 11 00 cd 8f c2 d9  fc db 09 36 64 72 6e d4  |...........6drn.|
73 e5 76 34 f0 a7 01 35  cb 1f fe db c9 e1 8e a5  |s.v4...5........|
ac ed 62 64 44 d1 7f 45  b2 67 ff 09 29 ab 66 75  |..bdD..E.g..).fu|
77 20 7a 9b ea a5 04 b5  d2 b6 14 96 62 2b 28 f8  |w z.........b+(.|
d6 97 7b f9 c6 ce c3 95  99 28 65 b3 ef cb 60 30  |..{......(e...`0|
63 34 57 8e 26 f5 0f 28  45 81 27 14 61 08 d9 f7  |c4W.&..(E.'.a...|
26 8a 25 fa a1 1d 98 c9  3c 36 aa 6a 7c a7 ae ba  |&.%.....<6.j|...|
3f 35 78 65 8a 78 a9 4c  0c fc f6 0c e0 9c c8 c5  |?5xe.x.L........|
75 05 18 72 27 7c 39 fc  ea 6a a9 33 a7 5a 84 87  |u..r'|9..j.3.Z..|
36 9f 1e 7c a3 d7 09 e8  41 b2 02 0c 0c c2 17 c5  |6..|....A.......|
a9 d0 fd e9 18 4a d0 af  b8 aa 49 3e d1 96 c2 93  |.....J....I>....|
71 00 f2 ac 99 0e ef 17  ec d9 ba 5f 18 47 61 6d  |q.........._.Gam|
41 3e 6b 20 e9 75 30 ee  68 2e 45 18 a6 8e 16 b1  |A>k .u0.h.E.....|
0a f2 23 5c 51 f7 a8 e0  16 1f 33 34 66 07 c4 b5  |..#\Q.....34f...|
7c 03 9d a8 c6 ac 4e 49  d6 4d 6f 51 78 df 3b 32  ||.....NI.MoQx.;2|
21 13 6a 46 7a 85 d7 26  a6 08 b9 0f b4 39 dd 0c  |!.jFz..&.....9..|
d3 4c c1 66 d9 9e f4 8b  9f 0a 1a ea 4c 92 da 06  |.L.f........L...|
02 75 17 6a 28 39 ab 7d  1e a5 21 c6 30 c3 98 60  |.u.j(9.}..!.0..`|
98 46 20 65 ca 2f d7 8c  81 28 9c ab 73 0f 1a bc  |.F e./...(..s...|
c3 c2 12 d2 78 af af 38  b6 0a ff 15 d2 4e bc e2  |....x..8.....N..|
19 16 18 fa 86 4f fd db  0d ef 6b 0b 17 30 28 86  |.....O....k..0(.|
06 03 fc 81 05 ee 31 42  73 eb 26 5e 6d 91 ce 78  |......1Bs.&^m..x|
14 1e 97 92 b9 ed 3a 05  0d a1 f8 1f a4 4b 90 2c  |......:......K.,|
31 ec 23 a5 fb 44 59 f7  a7 98 34 2a e7 d0 49 fe  |1.#..DY...4*..I.|
54 bb 2c d9 54 a8 44 72  53 26 aa 79 bf 2f 71 ec  |T.,.T.DrS&.y./q.|
49 f0 13 1b 3c 10 6b e1  d6 d6 f2 0c 28 7a 03 97  |I...<.k.....(z..|
dd 7a f4 52 16 ce 14 ba  20 21 e5 c0 33 da 2a 46  |.z.R.... !..3.*F|
8e e5 10 b2 09 8d 1a 3c  6d 2b 0e 0f 7d 70 88 84  |........}.8}/...|
30 62 ae 95 52 28 30 bf  a4 a8 56 68 5b 5b f8 f1  |0b..R(0...Vh[[..|
ef d9 6e 85 1e 40 b7 ee  83 64 9d 82 ab a6 78 95  |..n..@...d....x.|
b5 f7 37 9d 16 f2 af f2  f3 4c e7 c0 c0 f7 90 d6  |..7......L......|
00 df 54 09 fc b7 30 17  bd 1f 14 26 26 82 8e f7  |..T...0....&&...|
ab e8 bc 2f 19 70 56 d5  2f dc c6 61 75 8d 9a aa  |.../.pV./..au...|
72 7f ed cd d3 78 8e 0c  89 0d 96 bc 61 cc 92 94  |r....x......a...|
1b 3c 18 a8 0a 82 ad af  94 6a 36 b8 21 a4 1d f4  |.<.......j6.!...|
5e 24 10 ec a5 b3 30 14  b3 c0 46 80 b1 5c e2 9d  |^$....0...F..\..|
56 69 f9 94 57 0b c2 66  76 b1 72 e5 f7 1b 74 7e  |Vi..W..fv.r...t~|
5b 57 22 77 0f 56 17 d6  17 a5 a3 8c ae 8b 9f 3c  |[W"w.V.........<|
fd f1 64 30 d3 d1 fd f3  43 0e 25 17 07 78 14 22  |..d0....C.%..x."|
e8 89 6b f8 3c 2d 3e c5  1e 02 fb e6 6f d5 fc e8  |..k.<->.....o...|
21 ba 7a b6 46 29 b3 27  ab 50 f0 54 56 47 15 ad  |!.z.F).'.P.TVG..|
f3 3a 3e 5c 4b 6e df 38  52 0e e1 59 96 03 28 3a  |.:>\Kn.8R..Y..(:|
ee ee 0d 92 1d 53 e9 46  12 f5 91 2d a8 07 d4 6e  |.....S.F...-...n|
cb 48 f3 c8 92 9b 5c e4  a3 db 11 f4 83 72 ff 65  |.H....\......r.e|
50 4b 8a 9e 17 6e 7c c3  1e d5 a3 1e 1a 89 e4 8e  |PK...n|.........|
c0 ef 4d e7 b0 84 34 c9  91 1c 00 0b 9a 0a 2c 17  |..M...4.......,.|
5e 34 a5 68 d8 21 c7 2c  71 a4 77 f6 7c 76 d5 5e  |^4.h.!.,q.w.|v.^|
03 67 f0 cd 5b fc 87 72  a8 07 45 c3 5b aa 42 48  |.g..[..r..E.[.BH|
4a ee 52 21 ce 5e 0b e6  c8 77 4f 81 87 cf 87 e3  |J.R!.^...wO.....|
ee dd c7 90 24 47 28 11  a0 50 24 89 74 d6 ec 90  |....$G(..P$.t...|
10 ae f1 04 a3 41 8f ce  a4 3d ac 98 27 29 72 98  |.....A...=..')r.|
ed 5f cb c6 2b 44 d3 a7  33 52 ee 4d 50 34 0f c5  |._..+D..3R.MP4..|
b3 30 7a 61 6c 34 e9 b2  6f b5 ad 63 59 53 bb 4e  |.0zal4..o..cYS.N|
a2 51 d2 d5 99 f0 c7 70  41 9a c7 dc 47 3a 11 40  |.Q.....pA...G:.@|
4f 1f ae 7b                                       |O..{            |
655040
13 bf 15 68 03 e5 1d 1c  8e 96 83 40 f0 d1 4f 41  |...h.......@..OA|
2d b6 25 f6 61 01 ab 6e  31 c4 07 09 b0 b8 ee 2a  |-.%.a..n1......*|
61 41 d6 eb 56 bf 7f 42  0a 5a df c8 8d ec f3 04  |aA..V..B.Z......|
95 82 7f f0 53 06 04 17  e0 6a 76 c4 ca e1 2f 68  |....S....jv.../h|
0f a9 b7 82 9d c3 1a 13  f4 7c 3b cb 42 ed 17 51  |.........|;.B..Q|
67 b6 67 4d 75 f6 be bc  7a 3d 07 2e 74 12 6d 4b  |g.gMu...z=..t.mK|
1f b2 5e f7 c1 d8 58 e8  92 d5 c8 67 47 5e ac d7  |..^...X....gG^..|
0d e3 1f 90 80 4a c7 4a  a0 4e 99 7d 8f d0 3b c1  |.....J.J.N.}..;.|
aa 5f 3b e3 f5 5d 5a ca  00 be 26 46 1a e7 f4 12  |._;..]Z...&F....|
ea 73 03 b4 f8 2d 97 b7  25 2d 46 54 5a d0 d5 f1  |.s...-..%-FTZ...|
44 e5 98 81 bd 0a 7b 52  06 e1 df ca 44 30 f6 6a  |D.....{R....D0.j|
e4 8a 3d 61 dd d3 c9 bb  96 ca 99 e0 37 1e 5b 20  |..=a........7.[ |
95 5e 10 87 b1 7c 2d 3a  1a 83 a1 1c ce 8b 92 2c  |.^...|-:.......,|
0b 6e ab 36 ef f5 24 19  89 ff eb e0 0a bf ff c1  |.n.6..$.........|
d0 c9 a4 ca ba f6 f6 da  be 90 77 cb fe 63 28 5a  |..........w..c(Z|
31 03 8c cd 0e 6c 47 30  27 20 08 b5 ec 4b ce 8e  |1....lG0' ...K..|
31 f1 c0 1b 8a a0 d1 43  1b 33 ab 10 f7 68 d4 2c  |1......C.3...h.,|
5f 9e bd a9 bc 21 c6 24  49 bb 3a 08 90 e7 69 2b  |_....!.$I.:...i+|
e3 dd 3a 91 57 43 0b d6  00 b4 ab ec b4 1f e2 2e  |..:.WC..........|
16 93 8e 0f 86 c0 9e da  e0 fd af 73 7e 98 a6 81  |...........s~...|
13 6d 18 b0 4a b4 ad f4  1d 8e cb 65 15 57 7c 11  |.m..J......e.W|.|
dd 59 0d 49 1b a4 7f d3  c0 a1 4e 74 4d 66 4b c7  |.Y.I......NtMfK.|
22 4c 90 2f a2 98 74 2f  c2 ae 4d ca d8 b3 8d 17  |"L./..t/..M.....|
2d 61 ba f9 53 be 68 89  e3 ba 66 c9 8e 5d 41 2e  |-a..S.h...f..]A.|
50 6b aa e3 b3 96 9a 20  e6 be 87 0b 9f 95 72 5a  |Pk..... ......rZ|
8f 34 37 aa e2 7e 1f 05  ac 84 a0 3e 1b 88 14 c1  |.47..~.....>....|
6b f6 b7 41 37 3a 8f 87  75 25 9a 23 a9 27 01 60  |k..A7:..u%.#.'.`|
a7 10 b3 97 bf aa 9d f6  80 c3 0b 33 d5 42 7f 07  |...........3.B..|
fb 71 6a da fc 34 3c 0e  02 75 25 52 3a 80 72 07  |.qj..4<..u%R:.r.|
92 d7 f9 74 db 77 3e 84  e4 ec f0 43 b7 04 e7 70  |...t.w>....C...p|
84 49 b9 71 5d 22 8c 2a  6a f1 7c 72 5f 2d 3a 46  |.I.q]".*j.|r_-:F|
08 ca fc c6 9f a7 7e f9  c7 ce 53 2e c4 29 bc bb  |......~...S..)..|
46 6c 32 31 b3 30 12 72  69 0f c9 f5 9e 0e 3a 03  |Fl21.0.ri.....:.|
7b 3a 2d c7 98 75 45 81  91 54 6a 19 4d 0a 89 07  |{:-..uE..Tj.M...|
58 fc 23 09 e4 87 5a a5  bb b3 13 f0 fa 81 f0 76  |X.#...Z........v|
52 ff 1b 35 61 53 8b ae  46 59 d8 c9 c0 69 a3 74  |R..5aS..FY...i.t|
8b da 68 e8 91 67 0e 92  e5 f6 49 1e d1 d0 60 a2  |..h..g....I...`.|
cc 4f a9 3f e6 63 f7 8d  b5 22 b9 b2 e1 94 f2 81  |.O.?.c..."......|
c2 a4 4e e5 bb 87 ae 18  62 03 f9 ae 3a 13 d5 a6  |..N.....b...:...|
f2 b4 ba 21 77 48 5b 0b  b4 ac b3 92 cc 36 39 85  |...!wH[......69.|
e3 97 3c ea 33 c8 5c f1  e1 64 f1 bc 9e 8e 73 1d  |..<.3.\..d....s.|
ad cd ee 6e 59 ad f0 e1  f8 72 f7 7b ca 1d fb 16  |...nY....r.{....|
5b dc 93 bb 0e 60 58 06  7a e1 4b 76 46 e6 90 54  |[....`X.z.KvF..T|
18 ad 72 50 d2 ef 55 09  74 bf 3e 91 43 cc 54 0c  |..rP..U.t.>.C.T.|
18 98 62 d5 f5 c9 06 26  1f 2d 93 32 bd e9 e1 fb  |..b....&.-.2....|
6e f6 9d 3c 2c 32 bb 84  98 70 38 eb 3e bc a3 ac  |n..<,2...p8.>...|
5a de 99 e0 6e 40 6f e7  ea ea 6e b0 27 9f f0 2d  |Z...n@o...n.'..-|
e9 ce c2 ef 0a 78 71 ae  d8 e8 82 8b 60 e9 4e 70  |.....xq.....`.Np|
95 af 4e ac 6a 1b 34 2c  c0 68 86 0f 09 2a dd 5f  |..N.j.4,.h...*._|
3a f9 4f 52 f4 e8 ff 5e  4e d9 bc ce dd 09 20 23  |:.OR...^N..... #|
8a 0e 79 a5 f8 c6 87 81  37 43 b0 79 b5 f9 ef 6d  |..y.....7C.y...m|
72 8a 1f 49 04 d1 94 12  5a d2 27 7f 78 17 f4 7c  |r..I....Z.'.x..||
df 72 f6 bc e3 41 1d 3c  b4 1a c6 c0 fb cf 67 00  |.r...A.<......g.|
0e d8 0f f6 89 8a b1 c9  3b d6 c6 ba              |........;...    |
655200
a6 4c 79 1e 43 93 00 31  e9 8b 16 c6 03 71 ea 23  |.Ly.C..1.....q.#|
a7 45 d4 23 d7 94 89 e0  28 5a b5 b8 5f cd d5 43  |.E.#....(Z.._..C|
9d 79 b0 0b 57 88 87 4d  1f ea 83 02 e9 33 b7 90  |.y..W..M.....3..|
c5 2f a6 aa 56 41 e9 fb  5a 92 47 1e 71 f8 31 a4  |./..VA..Z.G.q.1.|
56 ed 45 a5 d5 54 73 ba  c7 d8 dc b1 19 cb 94 4f  |V.E..Ts........O|
44 77 3d ab 26 80 1e 5e  ac 3c 67 96 c3 97 c3 94  |Dw=.&..^..z|..c.....|
a3 78 63 a5 29 9c 18 77  e0 70 48 d3 29 09 6d 7b  |.xc.)..w.pH.).m{|
2f fd a6 85 73 0a 1a fc  a3 9f b9 40 5c 8f be 66  |/...s......@\..f|
33 6c c9 f8 58 c2 3d 66  14 d5 05 68 05 46 11 a3  |3l..X.=f...h.F..|
78 98 85 3e be b1 9b 07  9f c7 b1 e4 fd 8a 66 88  |x..>..........f.|
42 65 20 53 d0 d6 7c 8f  7e ec 64 08 7c fe 9d 3a  |Be S..|.~.d.|..:|
be 13 50 d9 65 ed 9d cd  17 4c 28 0e a7 ae 91 e7  |..P.e....L(.....|
02 11 a0 0b fd 44 66 a8  9b 28 93 01 35 5a 45 24  |.....Df..(..5ZE$|
6d e9 db de ce f0 63 08  52 fc 5c c7 ef 87 00 da  |m.....c.R.\.....|
bb f8 80 d5 7d 6b 13 ff  17 12 0b 38 14 5c f3 21  |....}k.....8.\.!|
c6 48 a2 ea ee 76 1d c5  71 58 de 5c 52 b9 e1 6e  |.H...v..qX.\R..n|
fd 02 2e 83 a7 bb 4c 51  73 a3 b3 76 75 37 ab 33  |......LQs..vu7.3|
cb 8d 43 9f 1f bf cb e4  c9 26 1a 72 e6 e6 b0 a9  |..C......&.r....|
c5 05 ad 7e 84 9d d9 fd  d9 1e ff 38 82 40 6d 3d  |...~.......8.@m=|
90 00 44 12 50 d3 e0 8c  d6 d7 5c 3a b7 62 fe 22  |..D.P.....\:.b."|
c4 87 e9 67 58 d0 29 8e  4a 36 4e 11 ad 33 dd 7d  |...gX.).J6N..3.}|
62 85 ac cb 74 ee a1 49  01 fc 0a ff 22 ba 89 a5  |b...t..I...."...|
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
advapi32.dllRegFlushKey
oleaut32.dllVariantCopy
user32.dllCharNextA
offsetsizetypecomment
039936EXE11/24/2010 14:15:46#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[!] string size(34386) > stringtable size(88). truncated to 86
[!] string size(59966) > stringtable size(488). truncated to 486
[!] cannot convert "\t\xD8\xA9\x9E{\x18N\xCDreGT<\xA4Q\xC5"... to UTF-16
[!] string size(68254) > stringtable size(204). truncated to 202
[!] cannot convert "0\xAD)<\r!G-\x81\xDF\e4\xEE/\xA8\xD4"... to UTF-16
[!] string size(42294) > stringtable size(376). truncated to 374
[!] cannot convert "\xB2]\xA2|f\xF6\b\x13o\x92\x9B~\xCF\xAF+\xA0"... to UTF-16
[!] string size(106876) > stringtable size(916). truncated to 914
[!] cannot convert "\xD4\xE3\x9CB\x7FgNP0\x153\xBE\n\xB6\xBD\f"... to UTF-16
[!] string size(97830) > stringtable size(860). truncated to 858
[!] cannot convert "\x15h\x03\xE5\x1D\x1C\x8E\x96\x83@\xF0\xD1OA-\xB6"... to UTF-16
[!] string size(39244) > stringtable size(640). truncated to 638
[!] cannot convert "y\x1EC\x93\x001\xE9\x8B\x16\xC6\x03q\xEA#\xA7E"... to UTF-16
[?] can't find file_offset of VA 0x13788