filenamezoek.exe
size2038755 (0x1f1be3)
md5294dbd73a55af616b18771026b499b53
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x50
blocks_in_file2
num_relocs0
header_paragraphs4
min_extra_paragraphs0xf
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0x1a
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x200

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x3ce1016c
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion5.0
SizeOfCode0x6000
SizeOfInitializedData0x2000
SizeOfUninitializedData0x18000
AddressOfEntryPoint0x1e890
BaseOfCode0x19000
BaseOfData0x1f000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x21000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x2000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x180000RWX UDATA
UPX10x190000x60000x5a00RWX IDATA
.rsrc0x1f0000x20000x1c00RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x208b00x1a4
RESOURCE0x1f0000x18b0
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
ICON#12960
ICON#213840
ICON#37440
ICON#422160
DIALOGGETPASSWORD13140
DIALOGLICENSEDLG2160
DIALOGRENAMEDLG3020
DIALOGREPLACEFILEDLG8240
DIALOGSTARTDLG4340
STRING#75560
STRING#89820
STRING#95120
STRING#105660
RCDATADVCLAL160
GROUP_ICON#100620
MANIFEST#15310
idlangstring
961049
18 11 55 bf b8 fb 7b 6e  66 57 b0 04 10 80 3d 99  |..U...{nfW....=.|
3e 12 73 0a 65 ba 78 26  aa 0a ee 12 dc 05 ff 63  |>.s.e.x&.......c|
71 89 50 0c 80 60 14 ef  f6 05 94 08 74 32 c0 04  |q.P..`......t2..|
3c 06 bf 8b 41 0c 3b 01  5b 91 a3 c2 2c 0b f2 ac  |<...A.;.[...,...|
36 32 2c 8e 16 0b 80 4a  62 8d da b3 25 80 61 38  |62,....Jb...%.a8|
f1 46 b7 a8 06 ea 43 df  2d 53 61 8b dc 24 31 8c  |.F....C.-Sa..$1.|
d8 ba 2a 8b e0 3c ae dc  05 ea 58 b3 65 15 98 69  |..*..<....X.e..i|
3b ee 42 f4 0a f1 8b 85  a2 9a 07 f6 0c b3 fd 8d  |;.B.............|
43 04 8a 53 03 1c 9b a6  a3 9c 16 83 8c 0c 36 06  |C..S..........6.|
0d 9e 08 a0 c6 c8 20 23  0a a2 0c ed 72 32 d6 2a  |...... #....r2.*|
f1 0c 10 a8 0d 32 76 32  14 ac 34 18 b0 20 23 83  |.....2v2..4.. #.|
8c 0d 1a b2 1c 32 32 c8  c8 b4 1e b6 20 8c 9d 8c  |.....22..... ...|
0d b8 52 22 bc 0c 26 08  b7 ca 9c c0 5e c4 2c 07  |..R"..&.....^.,.|
29 5e 20 cd e4 1a 59 a8  79 b2 43 16 5a f8 0a 7c  |)^ ...Y.y.C.Z..||
7d f6 21 83 30 e1 7e 0d  04 80 27 63 13 32 82 84  |}.!.0.~...'c.2..|
7c 0a 88 27 23 27 63 0c  0e 8c 12 90 13 c2 20 63  ||..'#'c....... c|
34 16 94 04 96 1b 04 ef  11 8a 2e a1 c0 86 f9 75  |4..............u|
45 25 90 0b 0d 04 13 b5  23 c5 c8 7e 21 2a 50 08  |E%......#..~!*P.|
22 f7 c6 0e e3 64 21 04  65 a3 35 f4 bf e9 60 c5  |"....d!.e.5...`.|
1c 2f 1d 74 1c 57 8b fb  8b 35 70 a3 5e aa 77 08  |./.t.W...5p.^.w.|
83 e7 07 55 fd df d3 ee  1c 80 ef be 7b 8b 2d 6c  |...U........{.-l|
12 73 3a ff 0d 38 3a 78  10 a1 34 86 d9 95 e3 67  |.s:..8:x..4....g|
0a 05 0f b6 96 8a 6e c8  e8 b7 3a 39 01 5a ac cb  |......n...:9.Z..|
d3 e0 0b f0 aa fe 77 ad  86 3f 72 c6 8b fe 83 eb  |......w..?r.....|
10 c1 ee 10 4f 94 b9 e6  4d 20 12 4c d6 f7 d2 d8  |....O...M .L....|
06 0c 00 84 f3 fa 74 25  90 b7 9d 0b 5f 65 eb 65  |......t%...._e.e|
5e 08 73 39 07 2c 2b 40  ea 5f b3 d8 49 14 30 60  |^.s9.,+@._..I.0`|
7a 52 5d d2 0d 2f 0f 08  72 c7 88 95 28 29 45 81  |zR]../..r...()E.|
fd 1e 79 a0 da a6 c7 10  b8 0d e2 d5 68 ab b2 7d  |..y.........h..}|
6f 8c 33 ed 66 08 f5 c7  84 11 6e 38 6f 1c 92 89  |o.3.f.....n8o...|
1c 89 35 50 04 dc 61 89  44 66 90 e0 3a 8a 4b 3b  |..5P..a.Df..:.K;|
80 fb c0 5c 13 11 fc 11  75 fc f5 13 c7 04 9c 40  |...\....u......@|
db 40 dd 1e 43 81 fb a6  7c f0 07 9c 3c e9 36 02  |.@..C...|...<.6.|
7d 10 17 09 00 01 18 c8  20 27 87 07 18 20 cf 3d  |}....... '... .=|
72 72 08 20 c7 05 64 66  2a f7 9d ad              |rr. ..df*...    |
1121049
c0 68 58 5d 04 96 79 68  17 bb 5e f7 83 63 b9 01  |.hX]..yh..^..c..|
28 ba 2d 68 67 38 8d 86  03 3a 26 e7 1f bd 70 c6  |(.-hg8...:&...p.|
7e 27 eb 7c 9c 05 08 1e  7c f3 69 3e 4f b3 51 68  |~'.|....|.i>O.Qh|
05 d4 10 a5 60 bb 44 11  e4 68 61 1e 00 4e 80 ed  |....`.D..ha..N..|
de 27 48 7e 16 a1 48 0e  6b c0 57 3b 4f b0 c0 24  |.'H~..H.k.W;O..$|
bc 68 34 64 41 04 03 78  d8 27 62 94 ce 83 14 38  |.h4dA..x.'b....8|
30 2b 74 c8 dc 9c 11 0c  01 a7 51 8b 40 1e 84 74  |0+t.......Q.@..t|
30 05 61 ae 83 85 b7 67  05 83 26 83 e2 1f b9 05  |0.a....g..&.....|
ca c0 96 80 43 05 16 1c  53 22 59 ba 2b 42 4e 20  |....C...S"Y.+BN |
04 b7 f2 a5 99 04 ee 04  83 e5 0f 05 c5 04 b0 b7  |................|
1f da 81 7c 9f a8 77 07  83 09 20 20 76 36 48 b6  |...|..w...  v6H.|
6f 11 be 3b ef 76 5a 6d  03 ad 19 6e a6 03 04 bd  |o..;.vZm...n....|
0c d2 c3 6e 6f 6d db 82  03 b4 47 7b 03 55 c5 84  |...nom....G{.U..|
24 77 1d f0 7e a3 a6 df  13 73 13 8b 14 1f f8 4c  |$w..~....s.....L|
e0 e1 e2 ee 94 24 47 12  72 ed c7 96 5d 4d e5 3e  |.....$G.r...]M.>|
a3 26 14 b9 13 0c fe 20  56 c5 e8 de 52 ba 0a 13  |.&..... V...R...|
34 08 1b 0a 50 81 ba b4  14 77 b1 a8 eb 2a f8 7f  |4...P....w...*..|
83 c2 17 05 01 03 78 1c  5a 81 8b 0b 1f cc 05 b8  |......x.Z.......|
86 59 97 89 03 44 1b c4  ad c3 a8 33 4c 38 89 d5  |.Y...D.....3L8..|
3e 4d f7 05 b4 aa 94 b2  c0 14 27 ba 9d 20 fb 60  |>M........'.. .`|
41 eb 35 ed 3b 5c 50 72  c5 32 dd ad 03 29 23 eb  |A.5.;\Pr.2...)#.|
e2 03 69 0c b5 1c d0 ad  43 7a 01 42 df 5b ed d6  |..i.....Cz.B.[..|
6a e3 e1 6f 78 04 e3 92  11 bb d9 85 dd 8b ef 96  |j..ox...........|
89 7c 06 ff 04 75 15 75  7c 10 56 c9 5b 4e 02 73  |.|...u.u|.V.[N.s|
3c 6d 16 70 ad 87 02 72  c4 fc 56 50 03 b5 b0 d5  |
1281049
ff 7f 32 ec 3b bf 76 05  0f 5d 83 06 c7 2b 25 be  |..2.;.v..]...+%.|
e8 2b bd 55 06 f7 f2 3b  75 f0 13 6f e0 8b f0 29  |.+.U...;u..o...)|
c6 e1 b7 ae 08 1a 2b 22  3b f2 77 1f ba ff 04 d0  |......+";.w.....|
4c 54 21 48 cf 51 6e 6b  4b 4d d1 60 7f e8 02 43  |LT!H.QnkKM.`...C|
1b 50 8e c3 78 1f 3d 90  20 40 ec 43 07 18 07 e3  |.P..x.=. @.C....|
4e 75 e5 46 75 14 42 83  73 31 4c c7 7d f0 60 66  |Nu.Fu.B.s1L.}.`f|
4c 1b 16 50 4b 46 aa 15  67 3d ab 87 88 65 50 df  |L..PKF..g=...eP.|
35 d3 26 4d c0 3b a3 27  68 74 ea a9 6b f4 31 db  |5.&M.;.'ht..k.1.|
18 58 df c4 3c 41 cb 0d  c7 61 b9 c0 eb 55 1b ac  |.X.../+.N..|
15 58 ef 81 e0 08 e4 1e  18 4e a1 45 d8 08 14 e8  |.X.......N.E....|
3b d8 73 00 7f a7 c0 42  31 58 6c 9f c3 5a ff 21  |;.s....B1Xl..Z.!|
f5 41 6a fc 74 22 a1 60  19 6d 52 03 a9 23 21 05  |.Aj.t".`.mR..#!.|
d9 68 56 7b 1c 34 a3 fd  34 28 c3 07 96 a6 8d 85  |.hV{.4..4(......|
3c 09 8a 5f 2d b4 0d 33  f8 1c 76 0b 2a 0f c4 37  |<.._-..3..v.*..7|
d6 8b 8a 00 04 21 10 28  36 5b a1 84 24 7c b9 44  |.....!.(6[..$|.D|
b5 1d 54 12 ad 75 45 d8  05 be 0b d4 d6 42 e4 30  |..T..uE......B.0|
d8 c4 84 8d 23 83 6d ac  55 df 14 04 ff 4d e4 88  |....#.m.U....M..|
32 3b 20 b1 00 96 8a 75  27 0c 6e 0b 8e 00 94 08  |2; ....u'.n.....|
6e 6b b7 9a 22 4a c4 fb  83 bc 9d 25 1c fd e3 03  |nk.."J.....%....|
ef 26 76 f0 89 5d 14 3b  18 25 08 89 1a c7 77 b2  |.&v..].;.%....w.|
b5 af 5b 80 8b 4f 28 8d  09 5c 33 38 b6 05 c0 e4  |..[..O(..\38....|
08 ea c4 cc 27 cd e1 6e  9b 7b 3b 13 76 08 38 8a  |....'..n.{;.v.8.|
5f d2 d6 98 51 e4 a1 1d  c4 8d e8 2d f6 f2 e4 73  |_...Q......-...s|
24 c4 2b 94 67 f1 c4 85  d2 b7 fb 67 36 f7 02 84  |$.+.g......g6...|
d1 65 c4 43 23 72 dc 62  64 19 b9 35 3f 26 84 8d  |.e.C#r.bd..5?&..|
45 c0 09 e0 3f 0d 56 4d  c4 01 8c 95 7c c1 76 df  |E...?.VM....|.v.|
6e 38 38 44 8d 55 80 4f  d8 8d 95 3c 0b 89 c3 22  |n88D.U.O...<..."|
fe 5a 2b f3 f9 fc 03 18  89 6c 2e 8c 50 3b 03 ed  |.Z+......l..P;..|
36 78 fa 80 04 ec 6d 86  81 03 26 89 51 2f f6 70  |6x....m...&.Q/.p|
13 74 8b 19 73 8b 84 9d  98 ff 06 ed 81 b1 6f c7  |.t..s.........o.|
94 3b ff 21 e4 df 2d 45  1b e5 f8 72 d0 a7 c9 7e  |.;.!..-E...r...~|
1441049
8b ec dd 0e af 19 23 bd  19 89 8d 0b 67 6d 28 b8  |......#.....gm(.|
dc 56 46 c8 6b 50 fc 76  ec d6 00 64 c8 a8 f8 fe  |.VF.kP.v...d....|
b0 4d d4 1c 07 bd d1 c1  c0 22 3b eb 0f 8f 55 e7  |.M.......";...U.|
dd 77 98 03 7d ec f0 e3  7a 04 6a 70 db f4 ae 8c  |.w..}...z.jp....|
b8 01 45 c8 46 56 2b 4d  3d 4d c0 66 7a 58 e8 8c  |..E.FV+M=M.fzX..|
50 07 64 02 b4 43 fa 0d  23 b8 46 5d 8b a8 55 f0  |P.d..C..#.F]..U.|
2b 5d c8 42 5a b4 dc ff  0b 3b c2 76 23 2b c2 5f  |+].BZ....;.v#+._|
6f 96 5c d8 f0 c7 55 03  d1 eb 0b 03 c0 07 3b 02  |o.\...U.......;.|
99 2b 02 a9 68 8d 36 64  c0 72 ff 5a c4 db a5 c2  |.+..h.6d.r.Z....|
6d d3 84 ec 76 b2 aa 73  05 45 ec d2 ff 5b c2 2b  |m...v..s.E...[.+|
d8 af a2 dc 89 1c b2 8b  7d c0 47 3c 74 24 62 8b  |........}.G
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLExitProcess
ADVAPI32.DLLRegCloseKey
COMCTL32.DLL17
GDI32.DLLDeleteObject
OLE32.DLLOleInitialize
SHELL32.DLLSHGetMalloc
USER32.DLLSetMenu
offsetsizetypecomment
031232EXE05/14/2002 12:22:04#
15c115HTM#
7a002007523ZIP#
Scanning the drive for archives:
1 file, 2038755 bytes (1991 KiB)


--
Type = zip
Physical Size = 2038755
Embedded Stub Size = 31232
Comment = ;The comment below contains SFX script commands

Setup=pevz.exe exec cmd.exe /c zoek-install.bat
TempMode
Silent=1
Overwrite=1


   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2012-06-16 23:48:24 ....A          719          334  z0.scf
2018-02-21 21:18:04 ....A        13869         2658  z1.scf
2018-05-10 11:07:18 ....A       818116       125573  z2.scf
2012-02-09 09:41:04 ....A       161792       151538  z3.scf
2012-02-09 09:41:04 ....A       154232        76434  z5.scf
2011-01-12 12:51:14 ....A        69632        35692  z6.scf
2018-02-05 01:47:00 ....A         6754         1988  z7.scf
2014-02-13 23:59:26 ....A        24064        21483  z8.scf
2012-02-09 09:41:04 ....A        30720        28139  z9.scf
2000-08-31 09:00:00 ....A        98816        44581  za.scf
2012-09-25 19:06:28 ....A       217088       102561  zb.scf
2006-05-14 10:25:10 ....A       476672       235763  zc.scf
2014-02-11 22:10:18 ....A       388608       305772  zd.scf
2005-07-04 02:11:00 ....A        57344        20839  ze.scf
2012-02-09 09:41:04 ....A       256512       254589  PEVZ.EXE
2018-05-10 11:41:28 ....A         6073         1691  zoek-install.bat
2007-02-03 09:40:16 ....A        10134         3943  zf.scf
2015-02-12 23:16:44 ....A        20480         8061  zg.scf
2018-04-15 22:57:10 ....A       533851       127746  zh.scf
2018-04-06 19:25:20 ....A       167936        78388  zi.scf
2006-05-14 11:25:10 ....A       476672       235763  zj.scf
2009-11-10 20:09:46 ....A       157184        79559  zk.scf
2014-05-20 14:11:28 ....A        68096        62217  ZAScan.exe
------------------- ----- ------------ ------------  ------------------------
2018-05-10 11:41:28            4215364      2005312  23 files
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[!] string size(8752) > stringtable size(556). truncated to 554
[!] cannot convert "U\xBF\xB8\xFB{nfW\xB0\x04\x10\x80=\x99>\x12"... to UTF-16
[!] string size(53632) > stringtable size(982). truncated to 980
[!] cannot convert "X]\x04\x96yh\x17\xBB^\xF7\x83c\xB9\x01(\xBA"... to UTF-16
[!] string size(65534) > stringtable size(512). truncated to 510
[!] cannot convert "2\xEC;\xBFv\x05\x0F]\x83\x06\xC7+%\xBE\xE8+"... to UTF-16
[!] string size(121110) > stringtable size(566). truncated to 564
[!] cannot convert "\xDD\x0E\xAF\x19#\xBD\x19\x89\x8D\vgm(\xB8\xDCV"... to UTF-16