filenameBlueScreenView.exe
size54272 (0xd400)
md51f2ff002a6a48ee32acebb299a39a837
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf8

Rich Header

lib idversiontimes used
9540352
93403518
6492103
28917811
10273
2592103
1145072726
124507271
120507271

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x4edfda04
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x103
Magic0x10b
LinkerVersion8.0
SizeOfCode0xb000
SizeOfInitializedData0x3000
SizeOfUninitializedData0x13000
AddressOfEntryPoint0x1e3b0
BaseOfCode0x14000
BaseOfData0x1f000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x22000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x130000RWX UDATA
UPX10x140000xb0000xa600RWX IDATA
.rsrc0x1f0000x30000x2a00RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x216800x26c
RESOURCE0x1f0000x2680
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BIN#1129461252
BIN#1149801252
CURSOR#13081252
CURSOR#23081252
BITMAP#10410001252
BITMAP#1332161252
BITMAP#1342161252
ICON#313841252
ICON#413841252
ICON#522161252
ICON#613841252
MENU#10214361252
MENU#1045241252
MENU#1054521252
DIALOG#1051621252
DIALOG#1076621252
DIALOG#1122501252
DIALOG#1139521252
DIALOG#10968221252
STRING#14741252
STRING#26501252
STRING#322801252
STRING#381021252
STRING#44781252
STRING#631961252
STRING#644441252
STRING#65921252
STRING#691041252
STRING#702141252
ACCELERATORS#1031201252
GROUP_CURSOR#103201252
GROUP_CURSOR#109201252
GROUP_ICON#101341252
GROUP_ICON#110201252
GROUP_ICON#111201252
VERSION#17441252
MANIFEST#15441252
idlangstring
01033
00 e5 00 ff c5 e3 7d d7  7c b7 3b d9 03 25 00 32  |......}.|.;..%.2|
00 2e 58 17 4d 00 53 00  20 df fd 63 df 03 61 00  |..X.M.S. ..c..a.|
6e 00 73 09 65 00 72 00  69 00 66 1b 42 00 6c 00  |n.s.e.r.i.f.B.l.|
75 d7 6d 66 73 0f 13 63  07 65 23 56 1b 9b e9 c6  |u.mfs..c.e#V....|
36 07 77 53 25 49 30 05  64 66 bb fd 62 2f 00 5d  |6.wS%I0.df..b/.]|
13 5f 54 14 03 e1 ba 6e  7b 9b 91 c5 17 6f 59 2b  |._T....n{....oY+|
05 78 1f 5c 60 ee ae eb  0b 79 03 74 45 6d 00 33  |.x.\`....y.tEm.3|
85 13 a2 b1 cf 1d 5c 51  85 76 8d 73 ee 75 5b e0  |......\Q.v.s.u[.|
aa bc 6f 77 47 17 1d 37  76 66 9a 4c 6e 1b 61 29  |..owG..7vf.Ln.a)|
46 13 b0 ae eb 5e 6c 45  23 49 1d 64 09 78 3b 80  |F....^lE#I.d.x;.|
75 dd 17 13 66 09 54 27  70 17 20 f3 e7 be 0f 6d  |u...f.T'p. ....m|
2b 1f 47 00 4d 33 5d 37  56 8f 45 53 27 6c 6f 74  |+.G.M3]7V.ES'lot|
29 cf 8d 7d 6e 63 17 07  77 1b 50 75 81 ec ee e1  |)..}nc..w.Pu....|
b9 4d 11 69 4b 61 17 6b  00 44 bb 67 ba ed 25 55  |.M.iKa.k.D.g..%U|
47 74 1b 63 00 ba ae d9  dc 41 2f 9b 45 70 3b 72  |Gt.c.....A/.Ep;r|
1b 48 ef 25 1b eb 2b 61  45 72 d9 4f 09 66 a6 eb  |.H.%..+aEr.O.f..|
ba 69 4f 75 9f 70 df 6f  25 c2 60 9f fb 00 43 0f  |.iOu.p.o%.`...C.|
17 75 f3 73 01 9e f9 de  0b 3b a7 51 46 25 ba b1  |.u.s.....;.QF%..|
86 c3 00 22 87 70 13 67  19 61 9b eb 06 6b 66 33  |...".p.g.a...kf3|
73 19 5c 6b 09 62 b9 8e  cf 75 51 67 01 7d 67 13  |s.\k.b...uQg.}g.|
54 2d 8d 75 ef e3 79 1f  66 b1 07 57 1d 64 ba 2d  |T-.u..y.f..W.d.-|
59 d3 17 77 5c a3 93 68  e5 2e eb c6 ba 11 79 65  |Y..w\..h......ye|
6d 20 71 31 05 00 23 1a  0e 67 21 bd 6d 45 3f 00  |m q1..#..g!.mE?.|
ee 30 61 40 4f 1f 41 63  ec cd 0e 93 52 af 91 ad  |.0a@O.Ac....R...|
4b 7d 6e 5b 96 f1 00 30  73 6b 36 5d e6 ba cf 7f  |K}n[...0sk6]....|
05 49 03 34 13 1b 38 09  bb 2c d6 19 38 11 0b 60  |.I.4..8..,..8..`|
17 f0 4c f7 ba 2a 09 64  59 8f 5c 0b a8 bf 94 fc  |..L..*.dY.\.....|
8f 24 00 5c 00 0d 00 0a  49 18 7b 03 a4 3b 00 09  |.$.\....I.{..;..|
2f 5c 67 db dc 43 8c 3c  51 f5 20 ed 07 74 2f 1d  |/\g..C.
4001033矝佰ֻ┭敹홂’ⴛ砋贯痐佣┻㍨彳㮬殍椽㸩筿豢
4961033
4d 64 73 72 22 6d 66 b0  b1 6e 6c 07 3e 21 72 07  |Mdsr"mf..nl.>!r.|
64 67 1e ec 7b c9 37 62  15 68 00 34 51 ec 7d cd  |dg..{.7b.h.4Q.}.|
dc 20 0d c7 05 66 47 d3  0e 23 9b 9b 3a 8f 01 77  |. ...fG..#..:..w|
2e 1d c6 f7 4c f7 8d bb  66 0f 97 2f 07 8b 0d 32  |....L...f../...2|
36 74 a9 67 22 1b 35 9e  f9 7b e6 69 8f 69 3c 00  |6t.g".5..{.i.i<.|
2f 7d cb ce dc f7 e5 7f  3c 63 cf 2f d1 40 06 a1  |/}.......\../|
0b dc 42 b6 a3 68 19 00  24 22 9f 07 40 4f 2e 97  |..B..h..$"..@O..|
20 5d 87 58 7c 75 7d 2c  bf 59 b7 c0 88 03 7e 17  | ].X|u},.Y....~.|
03 0e 93 14 96 cd 72 d9  a5 97 c1 95 d7 18 93 ac  |......r.........|
76 cd d6 6d aa 29 0b 2f  33 ee b0 0b 9b 9a cb 6d  |v..m.)./3......m|
b3 dc 0f 0a 25 af 5f 8a  03 24 2c 61 4f 6e cf 36  |....%._..$,aOn.6|
92 92 2b 6c 28 0b c8 24  e1 3b bb 6c b6 67 03 7c  |..+l(..$.;.l.g.||
83 67 62 f2 91 84 29 87  79 41 32 0a 7a 2d 9b ed  |.gb...).yA2.z-..|
15 72 74 2d c6 2e 1b bb  f3 2a ae 3b 7b 09 1f ef  |.rt-.....*.;{...|
d3 03 7d 67 aa 03 18 9f                           |..}g....        |
5921033
6d 9a b0 df f4 d3 47 29  d4 40 ff 34 1f 3c dc 6d  |m.....G).@.4.<.m|
05 ad 11 2e 6c 5f fe df  22 6d 02 49 6e 69 74 43  |....l_.."m.InitC|
6f 6d 6d 6f 6e 43 74 72  6f 6c d8 eb 30 d2 73 45  |ommonCtrol..0.sE|
e4 45 d3 9f 0b 75 63 75  4c 3a 7b 43 65 6e 0f 74  |.E...ucuL:{Cen.t|
a4 8f 20 d0 0d 6c 1b 93  68 1f 21 bc c3 59 6d 6d  |.. ..l..h.!..Ymm|
d7 0d df d7 9d a6 2f 0f  6c 65 73 03 2e 6a a7 a6  |....../.les..j..|
9b ac 23 2a 0f 2a                                 |..#*.*          |
6881033曉ଏ砯趀㜄昣爼◡䎗㯧㤔ⴺ㽡㿑ୣﲶ￿䥈䑒偟剁奔䙟䱉彅奓呓䵅ు귚剕䄉假य़䜗
9921033
c6 da ff d6 21 10 50 52  4f 47 52 41 4d 4d 45 74  |....!.PROGRAMMEt|
1b 47 6d cf fe ef 39 5f  43 4f 52 52 55 50 54 49  |.Gm...9_CORRUPTI|
4f 4e 2f 4e 56 2d 49 db  b6 8b bf 55 41 43 43 45  |ON/NV-I....UACCE|
53 53 0b 55 47 21 44 5a  55 b7 e6 ba ff 53 42 5f  |SS.UG!DZU....SB_|
44 52 49 56 45 52 3b 54  65 32 46 5f 45 6d 43 fe  |DRIVER;Te2F_EmC.|
f6 58 45 43 55 0c 5f 4f  46 5f 4e 4f 5f 4d 9b 6b  |.XECU._OF_NO_M.k|
33 b7 53 59 cf 2f 1c 04  76 4e 7b 77 bb 6d 9d 54  |3.SY./..vN{w.m.T|
54 4b 5f 50 46 46 44 50  43 49 5f 17 7d 5b 73 ad  |TK_PFFDPCI_.}[s.|
49 b7 21 5f 36 43 4f 56  03 6b 1f bb 86 4c 41 8b  |I.!_6COV.k...LA.|
46 4c 54 4d ac d6 bb b5  ad 6c 4f 43 1b 43 9e 51  |FLTM.....lOC.C.Q|
42 4a 2f b5 cf da ad 5f  14 52 4d af 2f 44 49 53  |BJ/...._.RM./DIS|
74 b7 ed 6d b7 47 52 e8  53 48 85 44 4f 57 13 48  |t..m.GR.SH.DOW.H|
df 44 57 9a                                       |.DW.            |
10081033
7b ce 6d 03 45 d4 2a e5  83 25 ec 22 db e5 49 17  |{.m.E.*..%."..I.|
43 53 80 00 6f c3 76 30  04 38 0d 26 49 3a 76 b7  |CS..o.v0.8.&I:v.|
b5 f6 00 55 4e e0 03 cd  42 9b 42 4f 4f 55 eb 5c  |...UN...B.BOOU.\|
6b db 56 34 55 f5 53 23  3a 5f 77 7b db 13 5a 2a  |k.V4U.S#:_w{..Z*|
45 53 50 56 49 40 25 83  db 0c 5d b5 4e 2f 51 00  |ESPVI@%...].N/Q.|
ab b1 2b b7 87 f6 4d 41  50 1d be 47 36 5f 43 06  |..+...MAP..G6_C.|
1a 6e 86 99 78 d7 b3 41  44 2f 55 09 ad b9 66 bb  |.n..x..AD/U...f.|
9d 96 7f 7e 6d e7 5a 21  7f aa 09 4c 5f 57 cd 42  |...~m.Z!...L_W.B|
42 98 b9 4b be 30 0f c7  27 74 6d 1b be 4e 3a 7b  |B..K.0..'tm..N:{|
46 4a 4f cd 2d 2c 6b 72  1b 63 4f 2c 78 84 ed 60  |FJO.-,kr.cO,x..`|
70 9e 21 9f 41 00 b7 84  d0 96 b0 1d aa 18 df 82  |p.!.A...........|
e1 b6 2e 57 15 65 36 49  4d 55 4c b5 60 c1 62 39  |...W.e6IMUL.`.b9|
8d 5e 0f 60 e8 5a a1 1c  93 21 b9 4e 23 70 8f db  |.^.`.Z...!.N#p..|
c1 90 3c 4a 4e 55 8e 25  57 68 38 67 5c 36 a2 1c  |..
10241033
d6 4e 43 2c ae 51 02 3f  8c 58 6b 24 5b 9a 93 c7  |.NC,.Q.?.Xk$[...|
6a 97 dd dc a1 8a 52 56  78 4d 75 8e 59 a7 77 ca  |j.....RVxMu.Y.w.|
2e fd 66 26 66 c9 1c 5d  4e 45 e4 4f a0 41 da d8  |..f&f..]NE.O.A..|
e8 4e 57 61 48 80 54 03  e1 3d 43 8c 4c e9 2a 07  |.NWaH.T..=C.L.*.|
d0 29 30 00 e1 10 c8 50  dc b6 2c 95 48 cf e6 46  |.)0....P..,.H..F|
eb 16 2c 37 30 07 31 42  47 0b 63 59              |..,70.1BG.cY    |
10881033쉭区䥋睷䀭᭒ხ綐债㶰昺⁂睕䴜⩋㡠ⱪ腙キॡ쭣ﴱ昒쎳奆섀螹〤鲋塅▏堰借䷚㷠깲䜑벶䰲뤺䱿ઽ닂㎁쭐臛䬇
11041033
27 1f 14 77 47 0c 82 2c  4b 8f 50 45 db 3d 19 3a  |'..wG..,K.PE.=.:|
98 4d 69 58 a0 e0 59 d4  2e 83 60 5c 97 57 b1 b8  |.MiX..Y...`\.W..|
da 5b c0 94 eb 5f 1e 45  6e 4a 0c 69 18 94 52 3a  |.[..._.EnJ.i..R:|
96 f5 6a 15 ea 5d 7f f7  6b 27 f0 da 43 54 38 d3  |..j..]..k'..CT8.|
44 88 27 cc 15 3a 43 fc  79 44 08 7a 1f 45 d8 66  |D.'..:C.yD.z.E.f|
85 bf 22 5a 08 69 65 f0  8a 97 df 03 bc 2b b4 49  |.."Z.ie......+.I|
e0 53 fc 43 78 2a 47 97  05 61 59 fa fd bb 53 87  |.S.Cx*G..aY...S.|
82 a1 95 57 25 a0 fd cc  03 c7 c6 73 97 6f 4f 47  |...W%......s.oOG|
95 72 36 e3 94 ec 44 0f  53 ea 23 a4 ad 0d 5b 0f  |.r6...D.S.#...[.|
75 06 4f 39 b6 96 84 37  ab 39 00 9b 4c ca 06 d6  |u.O9...7.9..L...|
10 71 32 bb 66 bd 90 c1  b7 63 96 73 b1 c1 dd a4  |.q2.f....c.s....|
41 46 40 f7 44 53 57 59  82 b0 c0 5c c1 1f 33 5a  |AF@.DSWY...\..3Z|
c3 94 c0 1b e4 b5 67 d7  4a cd 3d 23 61 75 74 dd  |......g.J.=#aut.|
47 24 bc 07 ed 46                                 |G$...F          |
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
ADVAPI32.dllRegCloseKey
COMCTL32.dll17
comdlg32.dllFindTextW
GDI32.dllPatBlt
msvcrt.dllexit
ole32.dllCoInitialize
SHELL32.dllSHGetMalloc
USER32.dllGetDC
VERSION.dllVerQueryValueW

StringTable 040904b0

CompanyNameNirSoft
FileDescriptionBlueScreenView
FileVersion1.45
InternalNameBlueScreenView
LegalCopyrightCopyright © 2009 - 2011 Nir Sofer
OriginalFilenameBlueScreenView.exe
ProductNameBlueScreenView
ProductVersion1.45

VS_FIXEDFILEINFO

FileVersion1.4.5.0
ProductVersion1.4.5.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
054272EXE12/07/2011 21:26:28#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(117248) > stringtable size(474). truncated to 472
[!] cannot convert "\x00\xFF\xC5\xE3}\xD7|\xB7;\xD9\x03%\x002\x00."... to UTF-16
[!] string size(27358) > stringtable size(50). truncated to 48
[!] string size(51354) > stringtable size(280). truncated to 278
[!] cannot convert "sr\"mf\xB0\xB1nl\a>!r\adg"... to UTF-16
[!] string size(79066) > stringtable size(102). truncated to 100
[!] cannot convert "\xB0\xDF\xF4\xD3G)\xD4@\xFF4\x1F<\xDCm\x05\xAD"... to UTF-16
[!] string size(45068) > stringtable size(78). truncated to 76
[!] string size(112012) > stringtable size(196). truncated to 194
[!] cannot convert "\xFF\xD6!\x10PROGRAMMEt\eG"... to UTF-16
[!] string size(105718) > stringtable size(444). truncated to 442
[!] cannot convert "m\x03E\xD4*\xE5\x83%\xEC\"\xDB\xE5I\x17CS"... to UTF-16
[!] string size(40364) > stringtable size(92). truncated to 90
[!] cannot convert "C,\xAEQ\x02?\x8CXk$[\x9A\x93\xC7j\x97"... to UTF-16
[!] string size(14090) > stringtable size(104). truncated to 102
[!] string size(15950) > stringtable size(214). truncated to 212
[!] cannot convert "\x14wG\f\x82,K\x8FPE\xDB=\x19:\x98M"... to UTF-16
[!] refusing to read CURDIRENTRY beyond resource size