filenamecsgo.exe
size103424 (0x19400)
md5260a37cecb4ad3993b3b1dddac48dd10
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x100

DOS stub

00000000: 56 4c 56 00 01 00 00 00  00 94 01 00 7d 42 5e 55  |VLV.........}B^U|
00000010: 7f 0c 3b bd 2e 20 85 a4  4b c7 3b a2 77 68 a9 17  |..;.. ..K.;.wh..|
00000020: bb 52 59 dc 0c c6 80 98  3b 55 5e 70 a9 47 c8 8e  |.RY.....;U^p.G..|
00000030: 39 bf 97 44 a2 3d 46 e2  5a 71 8f 65 ab 87 43 80  |9..D.=F.Zq.e..C.|
00000040: cc a6 78 d9 cb 22 d2 26  3b c7 62 64 66 3c c1 a8  |..x..".&;.bdf<..|
00000050: 03 20 6a 29 0b 6a f2 ed  6b 9d 08 d4 41 c3 f1 42  |. j).j..k...A..B|
00000060: 20 e4 31 03 bc 61 5d 47  57 56 f6 12 36 75 04 d4  | .1..a]GWV..6u..|
00000070: 84 32 8a f5 fb 82 13 b8  36 18 92 68 ef f3 14 4c  |.2......6..h...L|
00000080: 20 10 a9 4e 15 89 82 69  37 06 20 d9 2a fe 66 dd  | ..N...i7. .*.f.|
00000090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections5
TimeDateStamp0x555e4277
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x122
Magic0x10b
LinkerVersion12.0
SizeOfCode0xd800
SizeOfInitializedData0xd800
SizeOfUninitializedData0
AddressOfEntryPoint0x2188
BaseOfCode0x1000
BaseOfData0xf000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.1
ImageVersion0.0
SubsystemVersion5.1
Reserved10
SizeOfImage0x1e000
SizeOfHeaders0x400
CheckSum0
Subsystem2
DllCharacteristics0x8140
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ 6.0 - 8.0

Sections

namevavsizeraw sizeflags
.text0x10000xd69c0xd800R-X CODE
.rdata0xf0000x4a2c0x4c00R-- IDATA
.data0x140000x31440x1200RW- IDATA
.rsrc0x180000x48600x4a00R-- IDATA
.reloc0x1d0000xe180x1000R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0x133d40x3c
RESOURCE0x180000x4860
EXCEPTION00
SECURITY00
BASERELOC0x1d0000xe18
DEBUG0xf1600x38
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x12fd00x40
Bound_IAT00
IAT0xf0000x118
Delay_IAT00
CLR_Header00
typenamesizecp
ICON#113840
ICON#232400
ICON#3128400
GROUP_ICON#101480
MANIFEST#16800
module_namehintordfunction_name
USER32.dll526MessageBoxA
KERNEL32.dll739InitializeCriticalSectionAndSpinCount
KERNEL32.dll82CloseHandle
KERNEL32.dll349FormatMessageA
KERNEL32.dll514GetLastError
KERNEL32.dll581GetProcAddress
KERNEL32.dll531GetModuleFileNameA
KERNEL32.dll829LoadLibraryExA
KERNEL32.dll840LocalFree
KERNEL32.dll945RaiseException
KERNEL32.dll871MultiByteToWideChar
KERNEL32.dll390GetCommandLineA
KERNEL32.dll768IsDebuggerPresent
KERNEL32.dll234EncodePointer
KERNEL32.dll202DecodePointer
KERNEL32.dll772IsProcessorFeaturePresent
KERNEL32.dll238EnterCriticalSection
KERNEL32.dll825LeaveCriticalSection
KERNEL32.dll209DeleteCriticalSection
KERNEL32.dll1297WideCharToMultiByte
KERNEL32.dll281ExitProcess
KERNEL32.dll535GetModuleHandleExW
KERNEL32.dll1110SetEnvironmentVariableA
KERNEL32.dll1111SetEnvironmentVariableW
KERNEL32.dll719HeapFree
KERNEL32.dll1139SetLastError
KERNEL32.dll453GetCurrentThreadId
KERNEL32.dll586GetProcessHeap
KERNEL32.dll612GetStdHandle
KERNEL32.dll499GetFileType
KERNEL32.dll611GetStartupInfoW
KERNEL32.dll1317WriteFile
KERNEL32.dll532GetModuleFileNameW
KERNEL32.dll935QueryPerformanceCounter
KERNEL32.dll449GetCurrentProcessId
KERNEL32.dll633GetSystemTimeAsFileTime
KERNEL32.dll474GetEnvironmentStringsW
KERNEL32.dll353FreeEnvironmentStringsW
KERNEL32.dll1235UnhandledExceptionFilter
KERNEL32.dll1189SetUnhandledExceptionFilter
KERNEL32.dll1202Sleep
KERNEL32.dll448GetCurrentProcess
KERNEL32.dll1216TerminateProcess
KERNEL32.dll1221TlsAlloc
KERNEL32.dll1223TlsGetValue
KERNEL32.dll1224TlsSetValue
KERNEL32.dll1222TlsFree
KERNEL32.dll536GetModuleHandleW
KERNEL32.dll410GetConsoleCP
KERNEL32.dll428GetConsoleMode
KERNEL32.dll1127SetFilePointerEx
KERNEL32.dll778IsValidCodePage
KERNEL32.dll360GetACP
KERNEL32.dll567GetOEMCP
KERNEL32.dll370GetCPInfo
KERNEL32.dll715HeapAlloc
KERNEL32.dll1048RtlUnwind
KERNEL32.dll830LoadLibraryExW
KERNEL32.dll722HeapReAlloc
KERNEL32.dll906OutputDebugStringW
KERNEL32.dll1159SetStdHandle
KERNEL32.dll1316WriteConsoleW
KERNEL32.dll617GetStringTypeW
KERNEL32.dll100CompareStringW
KERNEL32.dll813LCMapStringW
KERNEL32.dll724HeapSize
KERNEL32.dll343FlushFileBuffers
KERNEL32.dll143CreateFileW
offsetsizetypecomment
0103424EXE05/21/2015 20:39:19#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







everything is OK