| filename | 1FreeAntispyware_ML.exe | |
|---|---|---|
| size | 131704 (0x20278) | |
| md5 | 2345170e60978666f36d60bc4e0832d2 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
| type | name | size | cp | |
|---|---|---|---|---|
| ICON | #1 | 9640 | 0 | |
| ICON | #2 | 4264 | 0 | |
| ICON | #3 | 1128 | 0 | |
| DIALOG | #105 | 256 | 0 | |
| DIALOG | #106 | 284 | 0 | |
| DIALOG | #111 | 96 | 0 | |
| GROUP_ICON | #103 | 48 | 0 | |
| MANIFEST | #1 | 737 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.dll | 1130 | SetFileTime | |
| KERNEL32.dll | 96 | CompareFileTime | |
| KERNEL32.dll | 1053 | SearchPathW | |
| KERNEL32.dll | 609 | GetShortPathNameW | |
| KERNEL32.dll | 507 | GetFullPathNameW | |
| KERNEL32.dll | 867 | MoveFileW | |
| KERNEL32.dll | 1101 | SetCurrentDirectoryW | |
| KERNEL32.dll | 490 | GetFileAttributesW | |
| KERNEL32.dll | 514 | GetLastError | |
| KERNEL32.dll | 129 | CreateDirectoryW | |
| KERNEL32.dll | 1121 | SetFileAttributesW | |
| KERNEL32.dll | 1202 | Sleep | |
| KERNEL32.dll | 659 | GetTickCount | |
| KERNEL32.dll | 496 | GetFileSize | |
| KERNEL32.dll | 532 | GetModuleFileNameW | |
| KERNEL32.dll | 448 | GetCurrentProcess | |
| KERNEL32.dll | 117 | CopyFileW | |
| KERNEL32.dll | 281 | ExitProcess | |
| KERNEL32.dll | 687 | GetWindowsDirectoryW | |
| KERNEL32.dll | 645 | GetTempPathW | |
| KERNEL32.dll | 391 | GetCommandLineW | |
| KERNEL32.dll | 1112 | SetErrorMode | |
| KERNEL32.dll | 1354 | lstrcpynA | |
| KERNEL32.dll | 82 | CloseHandle | |
| KERNEL32.dll | 1355 | lstrcpynW | |
| KERNEL32.dll | 463 | GetDiskFreeSpaceW | |
| KERNEL32.dll | 709 | GlobalUnlock | |
| KERNEL32.dll | 702 | GlobalLock | |
| KERNEL32.dll | 181 | CreateThread | |
| KERNEL32.dll | 831 | LoadLibraryW | |
| KERNEL32.dll | 168 | CreateProcessW | |
| KERNEL32.dll | 1348 | lstrcmpiA | |
| KERNEL32.dll | 143 | CreateFileW | |
| KERNEL32.dll | 643 | GetTempFileNameW | |
| KERNEL32.dll | 1343 | lstrcatW | |
| KERNEL32.dll | 581 | GetProcAddress | |
| KERNEL32.dll | 828 | LoadLibraryA | |
| KERNEL32.dll | 533 | GetModuleHandleA | |
| KERNEL32.dll | 896 | OpenProcess | |
| KERNEL32.dll | 1352 | lstrcpyW | |
| KERNEL32.dll | 676 | GetVersionExW | |
| KERNEL32.dll | 624 | GetSystemDirectoryW | |
| KERNEL32.dll | 674 | GetVersion | |
| KERNEL32.dll | 1351 | lstrcpyA | |
| KERNEL32.dll | 1027 | RemoveDirectoryW | |
| KERNEL32.dll | 1345 | lstrcmpA | |
| KERNEL32.dll | 1349 | lstrcmpiW | |
| KERNEL32.dll | 1346 | lstrcmpW | |
| KERNEL32.dll | 285 | ExpandEnvironmentStringsW | |
| KERNEL32.dll | 691 | GlobalAlloc | |
| KERNEL32.dll | 1273 | WaitForSingleObject | |
| KERNEL32.dll | 479 | GetExitCodeProcess | |
| KERNEL32.dll | 698 | GlobalFree | |
| KERNEL32.dll | 536 | GetModuleHandleW | |
| KERNEL32.dll | 830 | LoadLibraryExW | |
| KERNEL32.dll | 354 | FreeLibrary | |
| KERNEL32.dll | 1323 | WritePrivateProfileStringW | |
| KERNEL32.dll | 578 | GetPrivateProfileStringW | |
| KERNEL32.dll | 1297 | WideCharToMultiByte | |
| KERNEL32.dll | 1357 | lstrlenA | |
| KERNEL32.dll | 870 | MulDiv | |
| KERNEL32.dll | 1317 | WriteFile | |
| KERNEL32.dll | 960 | ReadFile | |
| KERNEL32.dll | 871 | MultiByteToWideChar | |
| KERNEL32.dll | 1126 | SetFilePointer | |
| KERNEL32.dll | 302 | FindClose | |
| KERNEL32.dll | 325 | FindNextFileW | |
| KERNEL32.dll | 313 | FindFirstFileW | |
| KERNEL32.dll | 214 | DeleteFileW | |
| KERNEL32.dll | 1358 | lstrlenW | |
| USER32.dll | 263 | GetAsyncKeyState | |
| USER32.dll | 462 | IsDlgButtonChecked | |
| USER32.dll | 621 | ScreenToClient | |
| USER32.dll | 347 | GetMessagePos | |
| USER32.dll | 30 | CallWindowProcW | |
| USER32.dll | 480 | IsWindowVisible | |
| USER32.dll | 487 | LoadBitmapW | |
| USER32.dll | 73 | CloseClipboard | |
| USER32.dll | 646 | SetClipboardData | |
| USER32.dll | 213 | EmptyClipboard | |
| USER32.dll | 550 | OpenClipboard | |
| USER32.dll | 758 | TrackPopupMenu | |
| USER32.dll | 412 | GetWindowRect | |
| USER32.dll | 10 | AppendMenuW | |
| USER32.dll | 107 | CreatePopupMenu | |
| USER32.dll | 382 | GetSystemMetrics | |
| USER32.dll | 218 | EndDialog | |
| USER32.dll | 214 | EnableMenuItem | |
| USER32.dll | 381 | GetSystemMenu | |
| USER32.dll | 644 | SetClassLongW | |
| USER32.dll | 476 | IsWindowEnabled | |
| USER32.dll | 710 | SetWindowPos | |
| USER32.dll | 172 | DialogBoxParamW | |
| USER32.dll | 62 | CheckDlgButton | |
| USER32.dll | 110 | CreateWindowExW | |
| USER32.dll | 748 | SystemParametersInfoW | |
| USER32.dll | 590 | RegisterClassW | |
| USER32.dll | 656 | SetDlgItemTextW | |
| USER32.dll | 298 | GetDlgItemTextW | |
| USER32.dll | 530 | MessageBoxIndirectW | |
| USER32.dll | 47 | CharNextA | |
| USER32.dll | 60 | CharUpperW | |
| USER32.dll | 52 | CharPrevW | |
| USER32.dll | 821 | wvsprintfW | |
| USER32.dll | 175 | DispatchMessageW | |
| USER32.dll | 563 | PeekMessageW | |
| USER32.dll | 818 | wsprintfA | |
| USER32.dll | 166 | DestroyWindow | |
| USER32.dll | 99 | CreateDialogParamW | |
| USER32.dll | 699 | SetTimer | |
| USER32.dll | 715 | SetWindowTextW | |
| USER32.dll | 567 | PostQuitMessage | |
| USER32.dll | 659 | SetForegroundWindow | |
| USER32.dll | 735 | ShowWindow | |
| USER32.dll | 819 | wsprintfW | |
| USER32.dll | 635 | SendMessageTimeoutW | |
| USER32.dll | 491 | LoadCursorW | |
| USER32.dll | 648 | SetCursor | |
| USER32.dll | 406 | GetWindowLongW | |
| USER32.dll | 379 | GetSysColor | |
| USER32.dll | 49 | CharNextW | |
| USER32.dll | 270 | GetClassInfoW | |
| USER32.dll | 245 | ExitWindowsEx | |
| USER32.dll | 475 | IsWindow | |
| USER32.dll | 295 | GetDlgItem | |
| USER32.dll | 708 | SetWindowLongW | |
| USER32.dll | 495 | LoadImageW | |
| USER32.dll | 289 | GetDC | |
| USER32.dll | 216 | EnableWindow | |
| USER32.dll | 446 | InvalidateRect | |
| USER32.dll | 636 | SendMessageW | |
| USER32.dll | 156 | DefWindowProcW | |
| USER32.dll | 14 | BeginPaint | |
| USER32.dll | 276 | GetClientRect | |
| USER32.dll | 246 | FillRect | |
| USER32.dll | 208 | DrawTextW | |
| USER32.dll | 220 | EndPaint | |
| USER32.dll | 249 | FindWindowExW | |
| GDI32.dll | 638 | SetBkColor | |
| GDI32.dll | 459 | GetDeviceCaps | |
| GDI32.dll | 230 | DeleteObject | |
| GDI32.dll | 44 | CreateBrushIndirect | |
| GDI32.dll | 64 | CreateFontIndirectW | |
| GDI32.dll | 639 | SetBkMode | |
| GDI32.dll | 678 | SetTextColor | |
| GDI32.dll | 631 | SelectObject | |
| SHELL32.dll | 123 | SHBrowseForFolderW | |
| SHELL32.dll | 215 | SHGetPathFromIDListW | |
| SHELL32.dll | 189 | SHGetFileInfoW | |
| SHELL32.dll | 290 | ShellExecuteW | |
| SHELL32.dll | 172 | SHFileOperationW | |
| SHELL32.dll | 223 | SHGetSpecialFolderLocation | |
| ADVAPI32.dll | 592 | RegEnumKeyW | |
| ADVAPI32.dll | 609 | RegOpenKeyExW | |
| ADVAPI32.dll | 560 | RegCloseKey | |
| ADVAPI32.dll | 580 | RegDeleteKeyW | |
| ADVAPI32.dll | 584 | RegDeleteValueW | |
| ADVAPI32.dll | 569 | RegCreateKeyExW | |
| ADVAPI32.dll | 638 | RegSetValueExW | |
| ADVAPI32.dll | 622 | RegQueryValueExW | |
| ADVAPI32.dll | 594 | RegEnumValueW | |
| COMCTL32.dll | 79 | ImageList_AddMasked | |
| COMCTL32.dll | 84 | ImageList_Destroy | |
| COMCTL32.dll | 17 | ||
| COMCTL32.dll | 83 | ImageList_Create | |
| ole32.dll | 104 | CoTaskMemFree | |
| ole32.dll | 306 | OleInitialize | |
| ole32.dll | 329 | OleUninitialize | |
| ole32.dll | 16 | CoCreateInstance | |
| VERSION.dll | 5 | GetFileVersionInfoSizeW | |
| VERSION.dll | 6 | GetFileVersionInfoW | |
| VERSION.dll | 14 | VerQueryValueW |
Signers (1)
issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign CodeSigning CA - G2
serial: 11216C6B688869B7980323D94C3965BBB528
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:21:6c:6b:68:88:69:b7:98:03:23:d9:4c:39:65:bb:b5:28
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CodeSigning CA - G2
Validity
Not Before: Apr 15 17:25:37 2013 GMT
Not After : May 18 11:11:52 2016 GMT
Subject: C=ES, ST=Barcelona, L=Cerdanyola Del Valles, O=Onekit Internet S,L, CN=Onekit Internet S,L/emailAddress=info@onekit.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:9a:3d:56:f7:59:1d:b7:d1:7f:0b:18:d4:6a:
8f:f5:f9:d3:4c:51:ea:e5:2d:49:5d:5a:f7:89:2f:
d2:fa:ff:8c:27:41:1e:55:c5:bd:cc:7f:c0:7a:cd:
c5:67:48:d7:ef:6d:f2:fb:09:75:07:39:11:38:b7:
31:b4:95:e3:67:1c:43:46:fd:28:90:db:c0:84:a5:
4b:8e:d4:46:4e:ea:aa:96:7f:98:4a:bd:73:ea:aa:
33:77:45:c5:da:36:da:c5:e8:9b:e6:86:bc:1d:f5:
65:b4:8b:b6:a5:17:ec:8b:ef:fb:46:88:71:2f:e6:
66:2e:84:bc:00:db:fb:bf:22:5d:27:82:b1:98:0d:
aa:e9:26:89:c4:3a:22:61:11:d2:11:35:19:11:16:
21:81:d8:63:27:5f:5e:5f:53:8a:ef:57:b7:19:e8:
94:67:99:1d:ed:d1:94:a8:4d:0c:3a:29:0e:8a:18:
f9:9d:fd:cf:53:6b:16:80:77:9e:60:95:23:b2:a6:
75:a6:62:ec:4d:d9:9f:f5:0b:ba:75:df:ad:20:48:
85:fa:3e:a1:23:4c:0f:47:d3:01:ca:a1:08:83:ca:
1d:9b:bc:4f:4b:a9:5e:e3:53:fa:67:b2:df:14:ec:
d6:7f:86:49:a7:c8:cd:98:ab:2f:2d:df:b0:3d:07:
9c:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.50
CPS: https://www.globalsign.com/repository/
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
Code Signing
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/gs/gscodesigng2.crl
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gscodesigng2.crt
OCSP - URI:http://ocsp2.globalsign.com/gscodesigng2
X509v3 Subject Key Identifier:
F4:F6:8A:92:9E:E2:98:69:80:A6:8D:A7:BD:E1:34:19:3B:8C:81:A0
X509v3 Authority Key Identifier:
08:6E:D8:B6:9C:8A:BF:ED:3E:D7:C3:74:5D:CC:80:1F:A8:2F:50:7A
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
09:8a:52:6a:2b:76:84:54:fd:2a:f1:8b:88:83:30:a4:2e:64:
b1:27:eb:e5:18:ef:c9:5a:fd:6d:89:f7:4f:9d:46:e0:b5:44:
3c:b1:d3:b6:22:41:33:3d:2c:eb:57:80:d7:28:ad:a8:6f:d7:
01:f1:98:69:42:43:31:13:35:85:ca:74:a8:95:9e:9d:8a:09:
00:03:3e:75:5b:65:73:8e:69:5f:98:ce:f6:a4:ef:4c:24:43:
3c:f4:73:01:f7:74:d0:96:f3:3e:eb:97:d3:cc:03:15:29:d2:
e3:47:25:91:a9:fa:16:b7:c5:5a:51:40:8f:6d:56:22:1a:96:
f3:ec:fd:1e:5d:bf:85:34:1e:0b:a4:ab:ee:06:e3:97:2e:c5:
ca:85:81:e0:83:fc:9e:d7:e4:ce:2d:9e:ef:8b:48:72:e3:5e:
4d:a2:29:c8:b5:3a:df:9c:e6:01:b3:bc:89:cc:f6:ca:0d:61:
fb:b9:00:61:08:6b:30:07:52:36:0c:7c:60:26:47:6d:05:ad:
31:61:3e:8e:2a:f9:87:e7:c3:74:d0:2c:7f:8e:b8:dc:07:bc:
dd:02:8f:d6:35:3f:51:45:a5:4c:f8:fb:70:c9:f7:d5:20:b0:
5b:72:69:50:f6:78:02:36:8a:21:67:80:24:be:02:f0:85:8f:
31:51:2b:b1
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
ac c4 78 74 c8 02 05 b2 13 33 d3 35 6b 54 86 1e |..xt.....3.5kT..| b2 1f 1c a8 |.... |
- 1.3.6.1.4.1.311.2.1.15
- #0
- Certificate #2
- 2
- 11:21:6C:6B:68:88:69:B7:98:03:23:D9:4C:39:65:BB:
B5:28 - RSA-SHA1: nil
- Issuer
- C: BE
- O: GlobalSign nv-sa
- CN: GlobalSign CodeSigning CA - G2
- 2013-04-15 17:25:37 UTC: 2016-05-18 11:11:52 UTC
- Subject
- C: ES
- ST: Barcelona
- L: Cerdanyola Del Valles
- O: Onekit Internet S,L
- CN: Onekit Internet S,L
- emailAddress: info@onekit.com
- #5
- rsaEncryption: nil
- CF:9A:3D:56:F7:59:1D:B7:D1:7F:0B:18:D4:6A:8F:F5:
F9:D3:4C:51:EA:E5:2D:49:5D:5A:F7:89:2F:D2:FA:FF:
8C:27:41:1E:55:C5:BD:CC:7F:C0:7A:CD:C5:67:48:D7:
EF:6D:F2:FB:09:75:07:39:11:38:B7:31:B4:95:E3:67:
1C:43:46:FD:28:90:DB:C0:84:A5:4B:8E:D4:46:4E:EA:
AA:96:7F:98:4A:BD:73:EA:AA:33:77:45:C5:DA:36:DA:
C5:E8:9B:E6:86:BC:1D:F5:65:B4:8B:B6:A5:17:EC:8B:
EF:FB:46:88:71:2F:E6:66:2E:84:BC:00:DB:FB:BF:22:
5D:27:82:B1:98:0D:AA:E9:26:89:C4:3A:22:61:11:D2:
11:35:19:11:16:21:81:D8:63:27:5F:5E:5F:53:8A:EF:
57:B7:19:E8:94:67:99:1D:ED:D1:94:A8:4D:0C:3A:29:
0E:8A:18:F9:9D:FD:CF:53:6B:16:80:77:9E:60:95:23:
B2:A6:75:A6:62:EC:4D:D9:9F:F5:0B:BA:75:DF:AD:20:
48:85:FA:3E:A1:23:4C:0F:47:D3:01:CA:A1:08:83:CA:
1D:9B:BC:4F:4B:A9:5E:E3:53:FA:67:B2:DF:14:EC:D6:
7F:86:49:A7:C8:CD:98:AB:2F:2D:DF:B0:3D:07:9C:3D: 0x010001
- #6
- keyUsage: true, 0x80
- certificatePolicies
- 1.3.6.1.4.1.4146.1.50
- id-qt-cps: https://www.globalsign.com/repository/
- 1.3.6.1.4.1.4146.1.50
- basicConstraints
- nil
- extendedKeyUsage: codeSigning
- crlDistributionPoints: http://crl.globalsign.com/gs/gscodesigng2.crl
- authorityInfoAccess
- #0
- caIssuers: http://secure.globalsign.com/cacert/gscodesigng2.crt
- OCSP: http://ocsp2.globalsign.com/gscodesigng2
- #0
- subjectKeyIdentifier:
f4 f6 8a 92 9e e2 98 69 80 a6 8d a7 bd e1 34 19 |.......i......4.| 3b 8c 81 a0 |;... |
- authorityKeyIdentifier:
08 6e d8 b6 9c 8a bf ed 3e d7 c3 74 5d cc 80 1f |.n......>..t]...| a8 2f 50 7a |./Pz |
- 11:21:6C:6B:68:88:69:B7:98:03:23:D9:4C:39:65:BB:
- RSA-SHA1:
09 8a 52 6a 2b 76 84 54 fd 2a f1 8b 88 83 30 a4 |..Rj+v.T.*....0.| 2e 64 b1 27 eb e5 18 ef c9 5a fd 6d 89 f7 4f 9d |.d.'.....Z.m..O.| 46 e0 b5 44 3c b1 d3 b6 22 41 33 3d 2c eb 57 80 |F..D<..."A3=,.W.| d7 28 ad a8 6f d7 01 f1 98 69 42 43 31 13 35 85 |.(..o....iBC1.5.| ca 74 a8 95 9e 9d 8a 09 00 03 3e 75 5b 65 73 8e |.t........>u[es.| 69 5f 98 ce f6 a4 ef 4c 24 43 3c f4 73 01 f7 74 |i_.....L$C<.s..t| d0 96 f3 3e eb 97 d3 cc 03 15 29 d2 e3 47 25 91 |...>......)..G%.| a9 fa 16 b7 c5 5a 51 40 8f 6d 56 22 1a 96 f3 ec |.....ZQ@.mV"....| fd 1e 5d bf 85 34 1e 0b a4 ab ee 06 e3 97 2e c5 |..]..4..........| ca 85 81 e0 83 fc 9e d7 e4 ce 2d 9e ef 8b 48 72 |..........-...Hr| e3 5e 4d a2 29 c8 b5 3a df 9c e6 01 b3 bc 89 cc |.^M.)..:........| f6 ca 0d 61 fb b9 00 61 08 6b 30 07 52 36 0c 7c |...a...a.k0.R6.|| 60 26 47 6d 05 ad 31 61 3e 8e 2a f9 87 e7 c3 74 |`&Gm..1a>.*....t| d0 2c 7f 8e b8 dc 07 bc dd 02 8f d6 35 3f 51 45 |.,..........5?QE| a5 4c f8 fb 70 c9 f7 d5 20 b0 5b 72 69 50 f6 78 |.L..p... .[riP.x| 02 36 8a 21 67 80 24 be 02 f0 85 8f 31 51 2b b1 |.6.!g.$.....1Q+.|
- 2
- Signer
- 1
- unnamed
- #0
- C: BE
- O: GlobalSign nv-sa
- CN: GlobalSign CodeSigning CA - G2
- 11:21:6C:6B:68:88:69:B7:98:03:23:D9:4C:39:65:BB:
B5:28
- #0
- SHA1: nil
- #3
- 1.3.6.1.4.1.311.2.1.12:
- contentType: 1.3.6.1.4.1.311.2.1.4
- signingTime: 2013-06-14 14:34:02 UTC
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
7f e2 ae 99 b8 27 36 56 81 c6 0a 77 44 f5 eb 25 |.....'6V...wD..%| 10 6e 47 ae |.nG. |
- rsaEncryption:
0a c5 f6 21 72 6a 8a ba 51 eb a4 ee 93 66 52 d3 |...!rj..Q....fR.| 3b 8c d9 b9 91 31 4a 9a ce 8c a9 f1 3f 5f 06 07 |;....1J.....?_..| cd 74 47 1a 1f d1 6a 2a ea 9d e8 cd d0 b7 00 6d |.tG...j*.......m| 24 35 83 da 77 b5 c7 1e 0d 59 8f d6 03 ba f2 84 |$5..w....Y......| db 11 2b d4 92 05 f6 69 73 43 d7 23 0b cb 9a f3 |..+....isC.#....| 70 94 b9 27 aa 98 9b c1 45 3e 41 06 5b d0 cd 0d |p..'....E>A.[...| f7 d2 f0 d3 85 00 4c cd c3 ee 24 45 f8 3c 09 f0 |......L...$E.<..| e2 9a af c5 c5 57 f3 59 b8 e1 14 07 4d e8 b7 ea |.....W.Y....M...| 96 8a a9 dd 79 30 9d 62 98 3b 46 bc 4e 0c 0c 38 |....y0.b.;F.N..8| a7 3c cd 37 42 44 9c 12 f4 1a f6 38 fb 9c 50 14 |.<.7BD.....8..P.| 33 13 a0 ae ff 2a 6e bb 69 b8 27 f6 d6 c8 4f e7 |3....*n.i.'...O.| f8 19 61 ed ce df b9 38 78 30 be 6b cd 5d 82 b7 |..a....8x0.k.]..| 5c d7 9b 2e 7f 12 08 5e e1 05 6e 3a 0d 78 b3 b2 |\......^..n:.x..| 68 65 d6 36 90 a9 2c 40 fd 6a 80 85 c7 32 9d 52 |he.6..,@.j...2.R| fc 3b 57 f3 03 3c 83 a9 d7 58 f8 33 b1 a2 30 7c |.;W..<...X.3..0|| 5d 6b f9 52 43 7e c6 0b 41 e8 f6 a5 de 4e 33 ef |]k.RC~..A....N3.|
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 51200 | EXE | 02/24/2012 19:20:04 | # |
| 15c1 | 15 | HTM | # | |
| 12ba7 | 6798 | PNG | (48 x 48) | # |
| 14635 | 48195 | BIN | overlay data past EOF | # |
Scanning the drive for archives:
1 file, 131704 bytes (129 KiB)
--
Type = PE
Physical Size = 131704
CPU = x86
Characteristics = Executable 32-bit
Created = 2012-02-24 19:20:04
Headers Size = 1024
Checksum = 0
Image Size = 1253376
Section Alignment = 4096
File Alignment = 512
Code Size = 29696
Initialized Data Size = 489984
Uninitialized Data Size = 16896
Linker Version = 10.0
OS Version = 5.0
Image Version = 6.0
Subsystem Version = 5.0
Subsystem = Windows GUI
DLL Characteristics = Relocated NX-Compatible NoSEH TerminalServerAware
Stack Reserve = 1048576
Stack Commit = 4096
Heap Reserve = 1048576
Heap Commit = 4096
Image Base = 4194304
----
Path = [0]
Size = 78504
Packed Size = 78504
Virtual Size = 78504
Offset = 51200
--
Path = [0]
Type = Nsis
Offset = 12800
Physical Size = 65698
Tail Size = 6
Method = Deflate
Solid = -
Headers Size = 22508
Embedded Stub Size = 0
SubType = NSIS-Park-3 Unicode log
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
..... 11025 $PLUGINSDIR/inetc.dll
2013-01-29 09:29:26 ..... 6798 6798 $PLUGINSDIR/icon.png
..... 46181 $PLUGINSDIR/InstallerOneKit.dll
------------------- ----- ------------ ------------ ------------------------
2013-01-29 09:29:26 6798 64004 3 files |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x86000