| filename | l2.exe | |
|---|---|---|
| size | 51520 (0xc940) | |
| md5 | 1b2068a14ac23e055449e0a7ddfc7c1f | |
| type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x50 |
| blocks_in_file | 2 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0xf |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0x1a |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x200 |
DOS stub
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001c0:
PE Header
Packer / Compiler
Sections
Data Directory
TLS
| raw start | raw end | index | callbks | zero fill | flags | |
|---|---|---|---|---|---|---|
| 0x40c000 | 0x40c09c | 0x40910f | 0x40d010 | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | CloseHandle | ||
| KERNEL32.DLL | CreateFileA | ||
| KERNEL32.DLL | ExitProcess | ||
| KERNEL32.DLL | GetACP | ||
| KERNEL32.DLL | GetCPInfo | ||
| KERNEL32.DLL | GetCommandLineA | ||
| KERNEL32.DLL | GetCurrentThreadId | ||
| KERNEL32.DLL | GetEnvironmentStrings | ||
| KERNEL32.DLL | GetFileType | ||
| KERNEL32.DLL | GetLastError | ||
| KERNEL32.DLL | GetLocalTime | ||
| KERNEL32.DLL | GetModuleFileNameA | ||
| KERNEL32.DLL | GetModuleHandleA | ||
| KERNEL32.DLL | GetOEMCP | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | GetProcessHeap | ||
| KERNEL32.DLL | GetStartupInfoA | ||
| KERNEL32.DLL | GetStdHandle | ||
| KERNEL32.DLL | GetStringTypeW | ||
| KERNEL32.DLL | GetVersion | ||
| KERNEL32.DLL | GetVersionExA | ||
| KERNEL32.DLL | GlobalMemoryStatus | ||
| KERNEL32.DLL | HeapAlloc | ||
| KERNEL32.DLL | HeapFree | ||
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | RaiseException | ||
| KERNEL32.DLL | ReadFile | ||
| KERNEL32.DLL | RtlUnwind | ||
| KERNEL32.DLL | SetConsoleCtrlHandler | ||
| KERNEL32.DLL | SetFilePointer | ||
| KERNEL32.DLL | SetHandleCount | ||
| KERNEL32.DLL | TlsAlloc | ||
| KERNEL32.DLL | TlsFree | ||
| KERNEL32.DLL | TlsGetValue | ||
| KERNEL32.DLL | TlsSetValue | ||
| KERNEL32.DLL | UnhandledExceptionFilter | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| KERNEL32.DLL | WriteFile | ||
| USER32.DLL | EnumThreadWindows | ||
| USER32.DLL | MessageBoxA | ||
| USER32.DLL | wsprintfA |
| ord | entry_va | function_name | |
|---|---|---|---|
| 1 | 0x1059 | __GetExceptDLLinfo | |
| 2 | 0x911c | ___CPPdebugHook |
Signers (1)
issuer: /C=GB/ST=London/L=London/O=Security B-Sides London 2012/OU=CA/CN=Didier Stevens
serial: 01
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Security B-Sides London 2012, OU=CA, CN=Didier Stevens
Validity
Not Before: Jan 16 23:15:27 2012 GMT
Not After : Jan 15 23:15:27 2014 GMT
Subject: C=GB, ST=London, L=London, O=Security B-Sides London 2012, OU=Level 2 Challenge, CN=Didier Stevens
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:95:29:d4:5a:47:ff:12:43:f1:15:60:46:34:
28:08:e5:d8:eb:79:e4:1a:7c:cd:32:2f:e2:36:3d:
9e:63:96:25:a7:ba:75:27:19:55:6c:d3:6b:c3:1f:
81:28:fd:5e:3d:0b:9d:9e:af:72:62:f2:c2:6c:d7:
e5:d8:69:af:7c:15:32:f9:8d:d8:12:5a:26:91:53:
bb:f4:94:24:ea:45:4d:53:d5:a1:28:e8:76:3b:81:
de:8f:d4:3a:97:64:ab:9a:f0:14:55:30:6c:85:7e:
92:51:3a:b2:49:be:7b:45:2c:6d:23:2a:c6:4a:a8:
a0:16:f6:32:6b:fe:39:de:37:c5:c8:d5:9b:5c:7e:
ea:b2:7a:f8:8f:26:3a:db:03:61:f5:06:f8:d8:38:
2c:56:c1:38:24:a4:23:7d:20:03:43:c7:e5:b0:f9:
48:e5:15:9d:c5:0b:b6:22:89:d1:90:ce:8c:60:2b:
d4:b2:f0:49:8b:9a:4f:c9:c9:a7:2c:b3:4e:77:49:
7e:82:e8:a1:0a:44:fe:41:b3:4e:a2:4a:ed:1f:ff:
65:a4:ae:79:74:48:a7:11:62:29:9a:eb:2c:c7:00:
7d:02:40:43:37:7f:75:8d:11:fa:95:00:8b:6b:f1:
5d:2e:0e:a2:1d:b5:5f:f2:a9:21:88:3d:fc:da:d2:
42:8e:7d:b9:83:c4:97:ab:f3:5b:4a:e5:73:07:91:
fb:3f:1c:75:75:d6:d0:57:84:6f:10:bb:03:5b:1e:
c7:6d:dc:b2:ca:4d:06:e5:34:16:0f:b3:82:4c:b8:
f0:2c:83:95:55:4d:a2:cb:2f:d4:a3:7e:72:e1:2a:
2c:a4:b6:8f:e7:2c:b2:26:9a:d1:e7:f8:44:00:25:
b1:1f:c3:e5:05:d1:1e:28:a9:29:c0:c1:4c:7f:d3:
6e:dd:e8:6b:ff:1f:73:fb:df:a5:67:73:54:91:c1:
0a:2c:11:a1:f8:01:9c:08:a0:d8:60:4d:82:9e:6c:
4b:1a:b9:06:d8:41:30:19:bb:d4:cb:65:60:69:5e:
a0:04:d6:d1:ec:5a:ed:07:7c:a4:68:12:90:56:2f:
c4:e2:bf:be:bf:0d:f9:97:23:7c:d7:39:5c:4a:ac:
d4:0a:44:f1:7e:36:15:03:46:8f:f5:38:a0:44:98:
86:72:f5:8f:c9:86:da:52:6f:90:f3:35:a3:90:43:
b1:83:58:4a:77:ea:15:0d:aa:d0:2b:ef:a1:54:0d:
64:39:94:fc:fe:f8:8d:c0:4b:c4:27:4a:f0:bd:e1:
46:1e:77:64:46:6a:c1:ae:2b:dd:32:6a:ad:cf:b6:
28:9e:d9:43:f2:75:bd:f9:41:02:0d:ee:f1:3d:16:
6c:e9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
2.1.129.5.4391.2.137.1.0.1:
.
Signature Algorithm: sha1WithRSAEncryption
02:2c:31:c2:7e:41:df:9b:36:9b:f2:3d:27:78:8f:ff:fa:e6:
47:46:89:52:65:44:8d:50:ae:9a:32:9a:5c:99:8e:69:7c:82:
04:2b:64:37:53:fc:df:dc:5c:62:2a:05:6c:d7:9c:c5:b6:47:
b5:fa:fb:86:47:3f:78:25:88:32:c6:cd:b0:47:fc:98:9a:20:
30:cf:1d:d6:85:98:b5:e2:dd:83:6c:8e:e2:7b:c2:20:76:d9:
60:67:d3:32:c6:b7:3f:8a:5f:61:9d:f4:0a:dc:14:ef:28:fe:
eb:3a:f1:a2:4a:2a:a8:fa:a3:d6:a1:4c:76:a7:ce:ab:a8:ad:
8c:e7:89:50:f8:a5:06:70:77:cd:6a:1c:60:4d:7a:6e:ff:a7:
fd:2e:e0:9c:79:bb:94:c9:5c:3d:69:4d:d3:0d:8e:54:e5:07:
a5:50:0a:58:08:b2:bb:3c:2e:87:3a:65:d0:2e:f7:b6:a0:fc:
37:cb:ae:72:18:17:39:2e:f1:e5:73:02:35:17:14:69:7e:45:
30:fe:4b:6b:16:a2:db:67:06:57:10:0d:e0:4c:3d:e4:f1:22:
67:53:3e:ca:36:8a:6e:47:f7:80:d2:05:5e:99:74:21:76:a4:
39:d0:e2:18:56:07:9f:51:aa:61:bc:7a:61:fd:6c:c4:ca:cf:
dc:a2:83:5f:fd:1c:28:f5:b8:d1:a8:3a:54:a1:43:be:4b:d6:
dc:4e:7e:44:e8:f2:96:f6:8f:81:be:0f:93:e7:52:95:10:db:
72:bc:7b:6e:1a:de:49:12:65:92:a6:fb:be:05:c1:00:72:e2:
14:4a:ff:f5:73:d1:84:d1:ea:9b:53:38:a4:65:89:94:b7:f3:
da:4c:82:f1:9e:47:71:ad:4f:a5:7b:9b:dc:25:89:66:95:7b:
dc:90:1d:d2:13:07:65:9b:64:f9:48:b1:36:df:ac:54:28:6a:
d5:dd:e5:e5:c2:9a:05:5f:15:57:0a:9d:f6:90:b4:d4:46:3a:
cc:2d:aa:52:bf:52:50:e5:25:a9:62:09:5e:46:96:6e:a2:96:
87:fe:d7:ff:4a:74:58:b5:06:45:51:b8:3a:e4:28:28:5a:f6:
b6:f8:71:f5:4a:36:06:c6:b5:0e:44:a2:87:a9:07:b6:1c:6e:
aa:4b:58:4f:2b:e7:d8:5b:2f:0f:df:98:ec:2b:d0:16:66:90:
92:f3:a1:f9:3e:94:6c:0a:bc:81:69:fb:df:e6:d9:b4:99:d2:
d2:d3:9b:1a:8c:80:13:53:f7:1b:5a:43:41:16:50:14:e5:12:
f7:db:57:52:8c:44:e0:36:9e:9a:84:79:5e:8b:e9:cb:90:72:
89:f0:2d:84:59:0c:26:b1pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
cb 63 12 19 4f 37 2f 7c 31 e6 3f cd 21 09 7c 0e |.c..O7/|1.?.!.|.| f5 2b 59 af |.+Y. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificate #2
- 2
- 1
- RSA-SHA1: nil
- Issuer
- C: GB
- ST: London
- L: London
- O: Security B-Sides London 2012
- OU: CA
- CN: Didier Stevens
- 2012-01-16 23:15:27 UTC: 2014-01-15 23:15:27 UTC
- Subject
- C: GB
- ST: London
- L: London
- O: Security B-Sides London 2012
- OU: Level 2 Challenge
- CN: Didier Stevens
- #5
- rsaEncryption: nil
- AD:95:29:D4:5A:47:FF:12:43:F1:15:60:46:34:28:08:
E5:D8:EB:79:E4:1A:7C:CD:32:2F:E2:36:3D:9E:63:96:
25:A7:BA:75:27:19:55:6C:D3:6B:C3:1F:81:28:FD:5E:
3D:0B:9D:9E:AF:72:62:F2:C2:6C:D7:E5:D8:69:AF:7C:
15:32:F9:8D:D8:12:5A:26:91:53:BB:F4:94:24:EA:45:
4D:53:D5:A1:28:E8:76:3B:81:DE:8F:D4:3A:97:64:AB:
9A:F0:14:55:30:6C:85:7E:92:51:3A:B2:49:BE:7B:45:
2C:6D:23:2A:C6:4A:A8:A0:16:F6:32:6B:FE:39:DE:37:
C5:C8:D5:9B:5C:7E:EA:B2:7A:F8:8F:26:3A:DB:03:61:
F5:06:F8:D8:38:2C:56:C1:38:24:A4:23:7D:20:03:43:
C7:E5:B0:F9:48:E5:15:9D:C5:0B:B6:22:89:D1:90:CE:
8C:60:2B:D4:B2:F0:49:8B:9A:4F:C9:C9:A7:2C:B3:4E:
77:49:7E:82:E8:A1:0A:44:FE:41:B3:4E:A2:4A:ED:1F:
FF:65:A4:AE:79:74:48:A7:11:62:29:9A:EB:2C:C7:00:
7D:02:40:43:37:7F:75:8D:11:FA:95:00:8B:6B:F1:5D:
2E:0E:A2:1D:B5:5F:F2:A9:21:88:3D:FC:DA:D2:42:8E:
7D:B9:83:C4:97:AB:F3:5B:4A:E5:73:07:91:FB:3F:1C:
75:75:D6:D0:57:84:6F:10:BB:03:5B:1E:C7:6D:DC:B2:
CA:4D:06:E5:34:16:0F:B3:82:4C:B8:F0:2C:83:95:55:
4D:A2:CB:2F:D4:A3:7E:72:E1:2A:2C:A4:B6:8F:E7:2C:
B2:26:9A:D1:E7:F8:44:00:25:B1:1F:C3:E5:05:D1:1E:
28:A9:29:C0:C1:4C:7F:D3:6E:DD:E8:6B:FF:1F:73:FB:
DF:A5:67:73:54:91:C1:0A:2C:11:A1:F8:01:9C:08:A0:
D8:60:4D:82:9E:6C:4B:1A:B9:06:D8:41:30:19:BB:D4:
CB:65:60:69:5E:A0:04:D6:D1:EC:5A:ED:07:7C:A4:68:
12:90:56:2F:C4:E2:BF:BE:BF:0D:F9:97:23:7C:D7:39:
5C:4A:AC:D4:0A:44:F1:7E:36:15:03:46:8F:F5:38:A0:
44:98:86:72:F5:8F:C9:86:DA:52:6F:90:F3:35:A3:90:
43:B1:83:58:4A:77:EA:15:0D:AA:D0:2B:EF:A1:54:0D:
64:39:94:FC:FE:F8:8D:C0:4B:C4:27:4A:F0:BD:E1:46:
1E:77:64:46:6A:C1:AE:2B:DD:32:6A:AD:CF:B6:28:9E:
D9:43:F2:75:BD:F9:41:02:0D:EE:F1:3D:16:6C:E9:BF: 0x010001
- 2.1.129.5.4391.2.137.1.0.1: 0xff
- RSA-SHA1:
02 2c 31 c2 7e 41 df 9b 36 9b f2 3d 27 78 8f ff |.,1.~A..6..='x..| fa e6 47 46 89 52 65 44 8d 50 ae 9a 32 9a 5c 99 |..GF.ReD.P..2.\.| 8e 69 7c 82 04 2b 64 37 53 fc df dc 5c 62 2a 05 |.i|..+d7S...\b*.| 6c d7 9c c5 b6 47 b5 fa fb 86 47 3f 78 25 88 32 |l....G....G?x%.2| c6 cd b0 47 fc 98 9a 20 30 cf 1d d6 85 98 b5 e2 |...G... 0.......| dd 83 6c 8e e2 7b c2 20 76 d9 60 67 d3 32 c6 b7 |..l..{. v.`g.2..| 3f 8a 5f 61 9d f4 0a dc 14 ef 28 fe eb 3a f1 a2 |?._a......(..:..| 4a 2a a8 fa a3 d6 a1 4c 76 a7 ce ab a8 ad 8c e7 |J*.....Lv.......| 89 50 f8 a5 06 70 77 cd 6a 1c 60 4d 7a 6e ff a7 |.P...pw.j.`Mzn..| fd 2e e0 9c 79 bb 94 c9 5c 3d 69 4d d3 0d 8e 54 |....y...\=iM...T| e5 07 a5 50 0a 58 08 b2 bb 3c 2e 87 3a 65 d0 2e |...P.X...<..:e..| f7 b6 a0 fc 37 cb ae 72 18 17 39 2e f1 e5 73 02 |....7..r..9...s.| 35 17 14 69 7e 45 30 fe 4b 6b 16 a2 db 67 06 57 |5..i~E0.Kk...g.W| 10 0d e0 4c 3d e4 f1 22 67 53 3e ca 36 8a 6e 47 |...L=.."gS>.6.nG| f7 80 d2 05 5e 99 74 21 76 a4 39 d0 e2 18 56 07 |....^.t!v.9...V.| 9f 51 aa 61 bc 7a 61 fd 6c c4 ca cf dc a2 83 5f |.Q.a.za.l......_| fd 1c 28 f5 b8 d1 a8 3a 54 a1 43 be 4b d6 dc 4e |..(....:T.C.K..N| 7e 44 e8 f2 96 f6 8f 81 be 0f 93 e7 52 95 10 db |~D..........R...| 72 bc 7b 6e 1a de 49 12 65 92 a6 fb be 05 c1 00 |r.{n..I.e.......| 72 e2 14 4a ff f5 73 d1 84 d1 ea 9b 53 38 a4 65 |r..J..s.....S8.e| 89 94 b7 f3 da 4c 82 f1 9e 47 71 ad 4f a5 7b 9b |.....L...Gq.O.{.| dc 25 89 66 95 7b dc 90 1d d2 13 07 65 9b 64 f9 |.%.f.{......e.d.| 48 b1 36 df ac 54 28 6a d5 dd e5 e5 c2 9a 05 5f |H.6..T(j......._| 15 57 0a 9d f6 90 b4 d4 46 3a cc 2d aa 52 bf 52 |.W......F:.-.R.R| 50 e5 25 a9 62 09 5e 46 96 6e a2 96 87 fe d7 ff |P.%.b.^F.n......| 4a 74 58 b5 06 45 51 b8 3a e4 28 28 5a f6 b6 f8 |JtX..EQ.:.((Z...| 71 f5 4a 36 06 c6 b5 0e 44 a2 87 a9 07 b6 1c 6e |q.J6....D......n| aa 4b 58 4f 2b e7 d8 5b 2f 0f df 98 ec 2b d0 16 |.KXO+..[/....+..| 66 90 92 f3 a1 f9 3e 94 6c 0a bc 81 69 fb df e6 |f.....>.l...i...| d9 b4 99 d2 d2 d3 9b 1a 8c 80 13 53 f7 1b 5a 43 |...........S..ZC| 41 16 50 14 e5 12 f7 db 57 52 8c 44 e0 36 9e 9a |A.P.....WR.D.6..| 84 79 5e 8b e9 cb 90 72 89 f0 2d 84 59 0c 26 b1 |.y^....r..-.Y.&.|
- 2
- 1
- unnamed
- #0
- C: GB
- ST: London
- L: London
- O: Security B-Sides London 2012
- OU: CA
- CN: Didier Stevens
- 1
- #0
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
b5 bf 81 b1 c2 e9 6a 48 2c 89 c2 e3 71 6a ba 5f |......jH,...qj._| 88 32 aa 75 |.2.u |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
ac 61 8f 0e c3 de 43 14 99 03 41 5a 77 72 42 a3 |.a....C...AZwrB.| c5 0a 0b 88 29 dc 58 f8 55 04 41 9d f6 2f d3 62 |....).X.U.A../.b| 1a 7b 9b c0 f4 73 4b 61 09 eb 8e ab 5a 6c 60 94 |.{...sKa....Zl`.| 9b a4 8c 43 70 91 2c 5a 99 d8 5c 8f b0 a8 70 c9 |...Cp.,Z..\...p.| b1 3d c7 83 c8 e8 bb 5c 49 ac 14 3f ff ac 6e ad |.=.....\I..?..n.| 11 fc 89 30 cc b9 6b 66 06 77 97 60 db c6 e5 bb |...0..kf.w.`....| 31 5f b9 52 ee ef 55 9c 52 39 da e2 23 9e ac 94 |1_.R..U.R9..#...| 17 22 c2 38 b6 c1 86 32 c3 52 c2 a5 ba e5 2d 28 |.".8...2.R....-(| 2f 2d 22 94 7f 68 cb d0 79 a0 75 46 a0 09 3c 8c |/-"..h..y.uF..<.| 5d 8f a7 fa 35 f6 d1 ff d7 50 51 01 9d 38 af 97 |]...5....PQ..8..| 8f 6a 05 84 b3 9e 05 fb e7 74 d3 69 2b 63 48 9d |.j.......t.i+cH.| 6b e6 87 75 86 9a b0 5f 41 4a 88 08 21 79 22 a5 |k..u..._AJ..!y".| 8e 5b 58 9f 6b 62 77 b5 74 c1 45 f3 48 55 5b f6 |.[X.kbw.t.E.HU[.| b4 79 3a 42 d4 f4 37 b0 51 91 b0 f6 6a b7 83 8a |.y:B..7.Q...j...| 61 22 7b e7 45 07 74 b1 52 20 bf 76 b8 b3 73 1d |a"{.E.t.R .v..s.| 35 38 3c 3f 69 22 62 bf fc 7f d9 f9 e7 7a b0 48 |58.|
- unnamed
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK