filenamenxloaderx64_dump_SCY - Copy - Copy.exe
size2412544 (0x24d000)
md51383c2fd9e335ae808ecdb7ceb693cfd
typeMS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x40
blocks_in_file1
num_relocs0
header_paragraphs2
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0xa
overlay_number0
reserved00xeba1f0e00000000
oem_id0xb400
oem_info0xcd09
reserved20x4c01b821
reserved30x695721cd
reserved40x2034366e
reserved50x4558452e
reserved60x240a0d2e
lfanew0x40

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 57 69  |........!..L.!Wi|
00000010: 6e 36 34 20 2e 45 58 45  2e 0d 0a 24 40 00 00 00  |n64 .EXE...$@...|

PE Header

SignaturePE
Machine0x8664
NumberOfSections4
TimeDateStamp0x53ca8c44
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xf0
Characteristics0x222
Magic0x20b
LinkerVersion10.0
SizeOfCode0x104200
SizeOfInitializedData0x135200
SizeOfUninitializedData0
AddressOfEntryPoint0xe742c
BaseOfCode0x1000
ImageBase0x140000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.2
ImageVersion0.0
SubsystemVersion5.2
Reserved10
SizeOfImage0x257000
SizeOfHeaders0x200
CheckSum0xf106a
Subsystem2
DllCharacteristics0x8100
SizeOfStackReserve0x100000
SizeOfStackCommit0x2000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.MPRESS10x10000x2400000x238800RWX CODE IDATA UDATA
.MPRESS20x2410000x20000x1600RWX CODE IDATA UDATA
.rsrc0x2430000x120000x11200RW- IDATA
0x2550000x20000x1e00RWX CODE IDATA

Data Directory

typevasize
EXPORT0x2410000x634
IMPORT0x2550000xf0
RESOURCE0x2430000x110b4
EXCEPTION0x1960000xe0e8
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#1025376401252
ICON#1676241252
ICON#211281252
GROUP_ICON#101201252
GROUP_ICON#104201252
MANIFEST#16201252
module_namehintordfunction_name
advapi32.dll673RegSetValueExA
advapi32.dll679RegisterEventSourceW
advapi32.dll695ReportEventW
advapi32.dll235DeregisterEventSource
advapi32.dll31AdjustTokenPrivileges
advapi32.dll428LookupPrivilegeValueA
advapi32.dll530OpenProcessToken
advapi32.dll596RegCloseKey
advapi32.dll604RegCreateKeyExA
gdi32.dll569GetStockObject
gdi32.dll733SetBkMode
gdi32.dll61CreateFontA
kernel32.dllDecodePointer
kernel32.dll709GetStartupInfoW
kernel32.dll1390TerminateProcess
kernel32.dll1424UnhandledExceptionFilter
kernel32.dll1360SetUnhandledExceptionFilter
kernel32.dll1204RtlLookupFunctionEntry
kernel32.dll1197RtlCaptureContext
kernel32.dll733GetSystemTimeAsFileTime
kernel32.dllEncodePointer
kernel32.dll407FlushConsoleInputBuffer
kernel32.dll782GetVersionExW
kernel32.dll939LoadLibraryW
kernel32.dll812GlobalMemoryStatus
kernel32.dll528GetCurrentProcessId
kernel32.dll1072QueryPerformanceCounter
kernel32.dll1211RtlVirtualUnwind
kernel32.dll980MultiByteToWideChar
kernel32.dll621GetModuleHandleW
kernel32.dll532GetCurrentThreadId
kernel32.dll346ExpandEnvironmentStringsA
kernel32.dll936LoadLibraryA
kernel32.dll676GetProcAddress
kernel32.dll420FreeLibrary
kernel32.dll1039Process32First
kernel32.dll792GetWindowsDirectoryA
kernel32.dll1009OpenProcess
kernel32.dll1375Sleep
kernel32.dll215CreateProcessA
kernel32.dll598GetLastError
kernel32.dll1041Process32Next
kernel32.dll971MoveFileA
kernel32.dll616GetModuleFileNameA
kernel32.dll1066QueryFullProcessImageNameA
kernel32.dll206CreateMutexA
kernel32.dll874IsDebuggerPresent
kernel32.dll240CreateToolhelp32Snapshot
kernel32.dll1167ReleaseMutex
kernel32.dll127CloseHandle
kernel32.dll780GetVersion
kernel32.dll231CreateThread
kernel32.dll747GetThreadContext
kernel32.dll527GetCurrentProcess
kernel32.dll531GetCurrentThread
kernel32.dll783GetVolumeInformationA
kernel32.dll672GetPrivateProfileStringA
kernel32.dll1524WritePrivateProfileStringA
kernel32.dll220CreateRemoteThread
kernel32.dll1450VirtualAllocEx
kernel32.dll1528WriteProcessMemory
kernel32.dll1304SetLastError
kernel32.dll415FormatMessageA
kernel32.dllDeleteCriticalSection
kernel32.dllInitializeCriticalSection
kernel32.dllLeaveCriticalSection
kernel32.dllEnterCriticalSection
kernel32.dll1378SleepEx
kernel32.dll781GetVersionExA
kernel32.dll761GetTickCount
kernel32.dll1465WaitForSingleObject
kernel32.dll1107ReadFile
kernel32.dll1030PeekNamedPipe
kernel32.dll1463WaitForMultipleObjects
kernel32.dll581GetFileType
kernel32.dll711GetStdHandle
msvcp100.dll1415void (__cdecl*__cdecl std::set_new_handler(void (__cdecl*)(void)))(void)

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

msvcp100.dll1549bool __cdecl std::uncaught_exception(void)

?uncaught_exception@std@@YA_NXZ

msvcp100.dll652void __cdecl std::_Xlength_error(char const * __ptr64)

?_Xlength_error@std@@YAXPEBD@Z

msvcp100.dll654void __cdecl std::_Xout_of_range(char const * __ptr64)

?_Xout_of_range@std@@YAXPEBD@Z

msvcp100.dll154public: __cdecl std::_Container_base12::~_Container_base12(void) __ptr64

??1_Container_base12@std@@QEAA@XZ

msvcr100.dll228public: char const * __ptr64 __cdecl type_info::_name_internal_method(struct __type_info_node * __ptr64)const __ptr64

?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z

msvcr100.dll286__C_specific_handler
msvcr100.dll1115_unlock
msvcr100.dll328__dllonexit
msvcr100.dll758_lock
msvcr100.dll925_onexit
msvcr100.dll414_amsg_exit
msvcr100.dll1357feof
msvcr100.dll526_fileno
msvcr100.dll988_setmode
msvcr100.dll1358ferror
msvcr100.dll1496strcmp
msvcr100.dll1468raise
msvcr100.dll512_exit
msvcr100.dll1539vfprintf
msvcr100.dll1157_vsnwprintf
msvcr100.dll1573wcsstr
msvcr100.dll926_open
msvcr100.dll1030_stat64i32
msvcr100.dll573_ftime64
msvcr100.dll1371fprintf
msvcr100.dll1406isgraph
msvcr100.dll1409isprint
msvcr100.dll1412isupper
msvcr100.dll1408islower
msvcr100.dll1029_stat64
msvcr100.dll1403isalpha
msvcr100.dll631_gmtime64
msvcr100.dll768_lseeki64
msvcr100.dll566_fstat64
msvcr100.dll1447memchr
msvcr100.dll1411isspace
msvcr100.dll1402isalnum
msvcr100.dll1359fflush
msvcr100.dll1448memcmp
msvcr100.dll429_beginthreadex
msvcr100.dll1373fputc
msvcr100.dll1405isdigit
msvcr100.dll338__getmainargs
msvcr100.dll282_XcptFilter
msvcr100.dll677_ismbblead
msvcr100.dll437_cexit
msvcr100.dll405_acmdln
msvcr100.dll646_initterm
msvcr100.dll647_initterm_e
msvcr100.dll453_configthreadlocale
msvcr100.dll380__setusermatherr
msvcr100.dll452_commode
msvcr100.dll540_fmode
msvcr100.dll377__set_app_type
msvcr100.dll326__crt_debugger_hook
msvcr100.dll294__CxxFrameHandler
msvcr100.dll256void __cdecl terminate(void)

?terminate@@YAXXZ

msvcr100.dll238public: void __cdecl type_info::_type_info_dtor_internal_method(void) __ptr64

?_type_info_dtor_internal_method@type_info@@QEAAXXZ

msvcr100.dll1113_unlink
msvcr100.dll1186_wcsdup
msvcr100.dll1035_strdup
msvcr100.dll450_close
msvcr100.dll1277_write
msvcr100.dll947_read
msvcr100.dll270_CxxThrowException
msvcr100.dll35public: __cdecl std::exception::exception(char const * __ptr64 const & __ptr64, int) __ptr64

??0exception@std@@QEAA@AEBQEBDH@Z

msvcr100.dll606_getch
msvcr100.dll1481signal
msvcr100.dll1039_stricmp
msvcr100.dll1049_strnicmp
msvcr100.dll1395getenv
msvcr100.dll1249_wfopen
msvcr100.dll1486sprintf
msvcr100.dll266public: virtual char const * __ptr64 __cdecl std::exception::what(void)const __ptr64

?what@exception@std@@UEBAPEBDXZ

msvcr100.dll88public: virtual __cdecl std::__non_rtti_object::~__non_rtti_object(void) __ptr64

??1__non_rtti_object@std@@UEAA@XZ

msvcr100.dll37public: __cdecl std::exception::exception(void) __ptr64

??0exception@std@@QEAA@XZ

msvcr100.dll34public: __cdecl std::exception::exception(char const * __ptr64 const & __ptr64) __ptr64

??0exception@std@@QEAA@AEBQEBD@Z

msvcr100.dll36public: __cdecl std::exception::exception(class std::exception const & __ptr64) __ptr64

??0exception@std@@QEAA@AEBV01@@Z

msvcr100.dll318__argv
msvcr100.dll110public: bool __cdecl type_info::operator!=(class type_info const & __ptr64)const __ptr64

??9type_info@@QEBA_NAEBV0@@Z

msvcr100.dll109public: bool __cdecl type_info::operator==(class type_info const & __ptr64)const __ptr64

??8type_info@@QEBA_NAEBV0@@Z

msvcr100.dll1449memcpy
msvcr100.dll1379free
msvcr100.dll1438malloc
msvcr100.dll1514strstr
msvcr100.dll1336atoi
msvcr100.dll1472remove
msvcr100.dll1516strtok
msvcr100.dll1369fopen
msvcr100.dll1377fread
msvcr100.dll1469rand
msvcr100.dll1490srand
msvcr100.dll937_purecall
msvcr100.dll101void __cdecl operator delete(void * __ptr64)

??3@YAXPEAX@Z

msvcr100.dll1450memcpy_s
msvcr100.dll1390fwrite
msvcr100.dll1387ftell
msvcr100.dll610_getcwd
msvcr100.dll1385fseek
msvcr100.dll1356fclose
msvcr100.dll1087_time64
msvcr100.dll1352exit
msvcr100.dll99void * __ptr64 __cdecl operator new(unsigned __int64)

??2@YAPEAX_K@Z

msvcr100.dll317__argc
msvcr100.dll1545vsprintf
msvcr100.dll1533tolower
msvcr100.dll1471realloc
msvcr100.dll1341calloc
msvcr100.dll1453memset
msvcr100.dll1508strncpy
msvcr100.dll1512strrchr
msvcr100.dll1501strerror
msvcr100.dll384__sys_nerr
msvcr100.dll503_errno
msvcr100.dll1491sscanf
msvcr100.dll1495strchr
msvcr100.dll340__iob_func
msvcr100.dll1518strtol
msvcr100.dll1426isxdigit
msvcr100.dll1519strtoul
msvcr100.dll1061_strtoi64
msvcr100.dll1507strncmp
msvcr100.dll1362fgets
msvcr100.dll1466qsort
msvcr100.dll1374fputs
shell32.dll307ShellExecuteA
shell32.dll204SHGetFolderPathA
shlwapi.dll183SHDeleteKeyA
secur32.dllGetUserNameExA
user32.dll775SetTimer
user32.dll463GetWindowRect
user32.dll652RegisterClassExA
user32.dll629PostQuitMessage
user32.dll694SendDlgItemMessageA
user32.dll541KillTimer
user32.dll7AnimateWindow
user32.dll544LoadBitmapA
user32.dll550LoadIconA
user32.dll730SetFocus
user32.dll699SendMessageA
user32.dll839TranslateMessage
user32.dll467GetWindowTextA
user32.dll369GetMessageA
user32.dll112CreateWindowExA
user32.dll318GetDlgItem
user32.dllDefWindowProcA
user32.dll791SetWindowPos
user32.dll808ShowWindow
user32.dll180DispatchMessageA
user32.dll428GetSystemMetrics
user32.dll795SetWindowTextA
user32.dll863UpdateWindow
user32.dll228EnableWindow
user32.dll262FindWindowA
user32.dll546LoadCursorA
user32.dll317GetDlgCtrlID
user32.dll471GetWindowThreadProcessId
user32.dll173DestroyWindow
user32.dll442GetUserObjectInformationW
user32.dll313GetDesktopWindow
user32.dll405GetProcessWindowStation
user32.dll593MessageBoxW
user32.dll586MessageBoxA
Wldap32.dll95ldap_err2stringA
Wldap32.dll221ldap_set_optionA
Wldap32.dll132ldap_initA
Wldap32.dll227ldap_simple_bind_sA
Wldap32.dll213ldap_search_sA
Wldap32.dll111ldap_first_entry
Wldap32.dll117ldap_get_dnA
Wldap32.dll109ldap_first_attributeA
Wldap32.dll129ldap_get_values_lenA
Wldap32.dll244ldap_value_free_len
Wldap32.dll135ldap_memfreeA
Wldap32.dll163ldap_next_attributeA
Wldap32.dll10ber_free
Wldap32.dll165ldap_next_entry
Wldap32.dll161ldap_msgfree
Wldap32.dll240ldap_unbind_s
ws2_32.dll168gethostname
ws2_32.dll183ioctlsocket
ws2_32.dll184listen
ws2_32.dll160accept
ws2_32.dll188recvfrom
ws2_32.dll191sendto
ws2_32.dll165getaddrinfo
ws2_32.dll2FreeAddrInfoW
ws2_32.dll163connect
ws2_32.dll194socket
ws2_32.dll193shutdown
ws2_32.dll162closesocket
ws2_32.dll170getpeername
ws2_32.dll176getsockopt
ws2_32.dll178htons
ws2_32.dll161bind
ws2_32.dll175getsockname
ws2_32.dll192setsockopt
ws2_32.dll58WSAIoctl
ws2_32.dll190send
ws2_32.dll187recv
ws2_32.dll189select
ws2_32.dll47WSAGetLastError
ws2_32.dll159__WSAFDIsSet
ws2_32.dll83WSASetLastError
ws2_32.dll88WSAStartup
ws2_32.dll30WSACleanup
ordentry_vafunction_name
10x12ae0curl_easy_cleanup
20x12b70curl_easy_duphandle
30x3f700curl_easy_escape
40x12b40curl_easy_getinfo
50x12910curl_easy_init
60x12e20curl_easy_pause
70x12990curl_easy_perform
80x13010curl_easy_recv
90x12d70curl_easy_reset
100x13080curl_easy_send
110x12960curl_easy_setopt
120x13130curl_easy_strerror
130x3f950curl_easy_unescape
140x3f9d0curl_escape
150x46280curl_formadd
160x464d0curl_formfree
170x46f80curl_formget
180x3f9b0curl_free
190x42f30curl_getdate
200x3f660curl_getenv
210x128c0curl_global_cleanup
220x12740curl_global_init
230x12810curl_global_init_mem
240x22d10curl_maprintf
250x22ed0curl_mfprintf
260x22e80curl_mprintf
270x222f0curl_msnprintf
280x22e40curl_msprintf
290x1c620curl_multi_add_handle
300x1c4c0curl_multi_assign
310x1bbe0curl_multi_cleanup
320x1b780curl_multi_fdset
330x1bd50curl_multi_info_read
340x1b540curl_multi_init
350x1d9e0curl_multi_perform
360x1cb00curl_multi_remove_handle
370x1beb0curl_multi_setopt
380x1dda0curl_multi_socket
390x1dde0curl_multi_socket_action
400x1de20curl_multi_socket_all
410x13540curl_multi_strerror
420x1c130curl_multi_timeout
430x1b910curl_multi_wait
440x22db0curl_mvaprintf
450x22f70curl_mvfprintf
460x22f30curl_mvprintf
470x22290curl_mvsnprintf
480x22f00curl_mvsprintf
490x27ab0curl_share_cleanup
500x278e0curl_share_init
510x27900curl_share_setopt
520x135d0curl_share_strerror
530x1ef60curl_slist_append
540x1f000curl_slist_free_all
550x42190curl_strequal
560x421b0curl_strnequal
570x3f9e0curl_unescape
module_namenxloader.exe
flags0xe851d500
timestamp2014-07-19 05:22:19
version0.0
ordinal_base1
nFunctions57
nNames57
Names(57)0x241119
Functions(57)0x241028
NameOrdinals(57)0x2415bf
offsetsizetypecomment
15c115HTM#
15d02406960BINoverlay data past EOF#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











everything is OK