server_protected.exe - MSRSAAP.EXE - Remote Service Application

info
MZ
PE
resources
strings
imports
exports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	server_protected.exe
size	1542656 (0x178a00)
md5	2d1e75644a400651df2a737a006f7488

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	0xc
TimeDateStamp	0x4fcbadf0
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818e
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0x90400
SizeOfInitializedData	0x15200
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1f026
BaseOfCode	0x1000
BaseOfData	0x92000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x47a000
SizeOfHeaders	0x600
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x4000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

Enigma Protector 1.1X-1.3X (Sukhov Vladimir & Serge N. Markin)

Sections

name	va	vsize	raw size	flags
	0x1000	0x8f000	0x3ec00	RWX IDATA
	0x90000	0x2000	0xe00	RWX IDATA
	0x92000	0x4000	0x1a00	RWX IDATA
	0x96000	0xa000	0	RW-
	0xa0000	0x5000	0	RWX IDATA
	0xa5000	0x1000	0	RW-
	0xa6000	0x1000	0	RWX IDATA
	0xa7000	0x9000	0	RWX IDATA
	0xb0000	0x5000	0xa00	RWX IDATA
.rsrc	0xb5000	0x3000	0x3000	RWX IDATA
	0xb8000	0x2b8000	0x29a00	RWX IDATA
.data	0x370000	0x10a000	0x109c00	RWX IDATA

Data Directory

type	va	size
EXPORT	0x370048	0xe2f
IMPORT	0x370e78	0x518
RESOURCE	0xb5000	0x2f2c
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x370028	0x10
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x370000	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x4a5000	0x4a5038	0x770018	0x770020	0	0

show previews

type	name	size	cp
CURSOR	#1	308	1252
CURSOR	#2	308	1252
CURSOR	#3	308	1252
CURSOR	#4	308	1252
CURSOR	#5	308	1252
CURSOR	#6	308	1252
CURSOR	#7	308	1252
STRING	#4083	524	1252
STRING	#4084	1020	1252
STRING	#4085	168	1252
STRING	#4086	320	1252
STRING	#4087	1144	1252
STRING	#4088	816	1252
STRING	#4089	876	1252
STRING	#4090	1008	1252
STRING	#4091	204	1252
STRING	#4092	176	1252
STRING	#4093	684	1252
STRING	#4094	952	1252
STRING	#4095	852	1252
STRING	#4096	752	1252
RCDATA	DCDATA	490	1252
RCDATA	DVCLAL	16	1252
RCDATA	PACKAGEINFO	2036	1252
GROUP_CURSOR	#32761	20	1252
GROUP_CURSOR	#32762	20	1252
GROUP_CURSOR	#32763	20	1252
GROUP_CURSOR	#32764	20	1252
GROUP_CURSOR	#32765	20	1252
GROUP_CURSOR	#32766	20	1252
GROUP_CURSOR	#32767	20	1252
VERSION	#1	856	1252

id	lang	string
65312	0	DCOM not installed
65313	0	Unable to find a Table of Contents
65314	0	No help found for %s
65315	0	No context-sensitive help installed
65316	0	No help found for context
65317	0	No topic-based help system installed
65318	0	Unable to retrieve a pointer to a running object registered with OLE for %s/%s
65328	0	Shift+
65329	0	Ctrl+
65330	0	Alt+
65331	0	Invalid clipboard format
65332	0	Clipboard does not support Icons
65333	0	Cannot open clipboard
65334	0	Menu '%s' is already being used by another form
65335	0	Docked control must have a name
65336	0	Error removing control from dock tree
65337	0	- Dock zone not found
65338	0	- Dock zone has no control
65339	0	Error loading dock zone from the stream. Expecting version %d, but found %d.
65340	0	OLE error %.8x
65341	0	Method '%s' not supported by automation object
65342	0	Variant does not reference an automation object
65343	0	Dispatch methods do not support more than 64 parameters
65344	0	Yes to &All
65345	0	BkSp
65346	0	Tab
65347	0	Esc
65348	0	Enter
65349	0	Space
65350	0	PgUp
65351	0	PgDn
65352	0	End
65353	0	Home
65354	0	Left
65355	0	Up
65356	0	Right
65357	0	Down
65358	0	Ins
65359	0	Del
65360	0	A control cannot have itself as its parent
65361	0	Cannot drag a form
65362	0	Warning
65363	0	Error
65364	0	Information
65365	0	Confirm
65366	0	&Yes
65367	0	&No
65368	0	OK
65369	0	Cancel
65370	0	&Help
65371	0	&Abort
65372	0	&Retry
65373	0	&Ignore
65374	0	&All
65375	0	N&o to All
65376	0	Invalid ImageList Index
65377	0	Failed to read ImageList data from stream
65378	0	Failed to write ImageList data to stream
65379	0	Error creating window device context
65380	0	Error creating window class
65381	0	Cannot focus a disabled or invisible window
65382	0	Control '%s' has no parent window
65383	0	Cannot hide an MDI Child Form
65384	0	Cannot change Visible in OnShow or OnHide
65385	0	Cannot make a visible window modal
65386	0	Menu index out of range
65387	0	Menu inserted twice
65388	0	Sub-menu is not in menu
65389	0	Not enough timers available
65390	0	GroupIndex cannot be less than a previous menu item's GroupIndex
65391	0	Cannot create form. No MDI forms are currently active
65392	0	%s not in a class registration group
65393	0	Property %s does not exist
65394	0	Stream write error
65395	0	Thread creation error: %s
65396	0	Thread Error: %s (%d)
65397	0	Bitmap image is not valid
65398	0	Icon image is not valid
65399	0	Metafile is not valid
65400	0	Invalid pixel format
65401	0	Scan line index out of range
65402	0	Cannot change the size of an icon
65403	0	Unsupported clipboard format
65404	0	Out of system resources
65405	0	Canvas does not allow drawing
65406	0	Invalid image size
65407	0	Invalid ImageList
65408	0	Invalid property path
65409	0	Invalid property value
65410	0	Invalid data type for '%s'
65411	0	List capacity out of bounds (%d)
65412	0	List count out of bounds (%d)
65413	0	List index out of bounds (%d)
65414	0	Out of memory while expanding memory stream
65415	0	Error reading %s%s%s: %s
65416	0	Stream read error
65417	0	Property is read-only
65418	0	Failed to create key %s
65419	0	Failed to get data for '%s'
65420	0	Failed to set data for '%s'
65421	0	Resource %s not found
65422	0	%s.Seek not implemented
65423	0	Operation not allowed on sorted list
65424	0	Saturday
65425	0	Unable to create directory
65426	0	Ancestor for '%s' not found
65427	0	Cannot assign a %s to a %s
65428	0	Bits index out of range
65429	0	Can't write to a read-only resource stream
65430	0	CheckSynchronize called from thread $%x, which is NOT the main thread
65431	0	Class %s not found
65432	0	A class named %s already exists
65433	0	List does not allow duplicates ($0%x)
65434	0	A component named %s already exists
65435	0	String list does not allow duplicates
65436	0	Cannot create file "%s". %s
65437	0	Cannot open file "%s". %s
65438	0	Invalid stream format
65439	0	''%s'' is not a valid component name
65440	0	October
65441	0	November
65442	0	December
65443	0	Sun
65444	0	Mon
65445	0	Tue
65446	0	Wed
65447	0	Thu
65448	0	Fri
65449	0	Sat
65450	0	Sunday
65451	0	Monday
65452	0	Tuesday
65453	0	Wednesday
65454	0	Thursday
65455	0	Friday
65456	0	Jun
65457	0	Jul
65458	0	Aug
65459	0	Sep
65460	0	Oct
65461	0	Nov
65462	0	Dec
65463	0	January
65464	0	February
65465	0	March
65466	0	April
65467	0	May
65468	0	June
65469	0	July
65470	0	August
65471	0	September
65472	0	Unexpected variant error
65473	0	External exception %x
65474	0	Assertion failed
65475	0	Interface not supported
65476	0	Exception in safecall method
65477	0	%s (%s, line %d)
65478	0	Abstract Error
65479	0	Access violation at address %p in module '%s'. %s of address %p
65480	0	System Error. Code: %d. %s
65481	0	A call to an OS function failed
65482	0	Application is not licensed to use this feature
65483	0	Jan
65484	0	Feb
65485	0	Mar
65486	0	Apr
65487	0	May
65488	0	No argument for format '%s'
65489	0	Variant method calls not supported
65490	0	Read
65491	0	Write
65492	0	Error creating variant or safe array
65493	0	Variant or safe array index out of bounds
65494	0	Variant or safe array is locked
65495	0	Invalid variant type conversion
65496	0	Invalid variant operation
65497	0	Invalid variant operation (%s%.8x) %s
65498	0	Could not convert variant of type (%s) into type (%s)
65499	0	Overflow while converting variant of type (%s) into type (%s)
65500	0	Variant overflow
65501	0	Invalid argument
65502	0	Invalid variant type
65503	0	Operation not supported
65504	0	Range check error
65505	0	Integer overflow
65506	0	Invalid floating point operation
65507	0	Floating point division by zero
65508	0	Floating point overflow
65509	0	Floating point underflow
65510	0	Invalid pointer operation
65511	0	Invalid class typecast
65512	0	Access violation at address %p. %s of address %p
65513	0	Access violation
65514	0	Stack overflow
65515	0	Control-C hit
65516	0	Privileged instruction
65517	0	Exception %s in module %s at %p. %s%s
65518	0	Application Error
65519	0	Format '%s' invalid or incompatible with argument
65520	0	'%s' is not a valid integer value
65521	0	'%s' is not a valid floating point value
65522	0	'%s' is not a valid date and time
65523	0	'%s' is not a valid GUID value
65524	0	Invalid argument to time encode
65525	0	Invalid argument to date encode
65526	0	Out of memory
65527	0	I/O error %d
65528	0	File not found
65529	0	Invalid filename
65530	0	Too many open files
65531	0	File access denied
65532	0	Read beyond end of file
65533	0	Disk full
65534	0	Invalid numeric input
65535	0	Division by zero

module_name	hint	ord	function_name
kernel32.dll			GetModuleHandleA
kernel32.dll			GetProcAddress
kernel32.dll			ExitProcess
kernel32.dll			LoadLibraryA
user32.dll			MessageBoxA
advapi32.dll			RegCloseKey
oleaut32.dll			SysFreeString
gdi32.dll			CreateFontA
shell32.dll			ShellExecuteA
version.dll			GetFileVersionInfoA
wsock32.dll			__WSAFDIsSet
ole32.dll			CoTaskMemFree
urlmon.dll			URLDownloadToFileA
comctl32.dll			_TrackMouseEvent
wininet.dll			InternetReadFile
winmm.dll			waveInUnprepareHeader
netapi32.dll			Netbios
gdiplus.dll			GdipGetImageEncoders
msacm32.dll			acmStreamUnprepareHeader
ntdll.dll			NtQuerySystemInformation
ws2_32.dll			WSAIoctl
shfolder.dll			SHGetFolderPathA
ntdll			NtUnmapViewOfSection
avicap32.dll			capGetDriverDescriptionA

ord

entry_va

function_name

57 50 09 d9 9b 8e 43 69  74 73 4a 7f a0 24 9f 68  |WP....CitsJ..$.h|
52 04 12 19 97 3a 68 5b  ba ee d8 29 ea 20 61 4b  |R....:h[...). aK|
d9 15 2e 42 1e b8 8c 03  74 65 2a 1f 4e fa 9b 4f  |...B....te*.N..O|
2f 3b 62 8a c6 bf f3 12  e3 1a 79 1f 95 dd 44 24  |/;b.......y...D$|
10 af 39 c7 46 97 a5 05  43 2a 3f 20 9b 57 4e 5d  |..9.F...C*? .WN]|
ac dd 36 9c 5f c0 d9 52  b1 3b a2 81 43 0a 15 a3  |..6._..R.;..C...|
95 12 3f ae cf ab 6b 9e  2c 2a e7 37 62 5d ce df  |..?...k.,*.7b]..|
a9 27 13 ce 3f 65 47 e6  73 bf e1 fd b1 30 fb 71  |.'..?eG.s....0.q|
0b 3e b6 30 36 47 dd b3  03 5d 64 89 bf 85 d6 57  |.>.06G...]d....W|
0a 66 e4 93 05 aa 8f 4b  fd ac ac b4 df 35 c3 67  |.f.....K.....5.g|
17 50 7d 79 bb 92 22 dc  1e 52 d9 b0 17 9b c2 78  |.P}y.."..R.....x|
b3 fc f8 52 14 62 2a b2  a7 99 58 39 12 4d db 94  |...R.b*...X9.M..|
61 72 d3 ac 65 88 80 64  56 2a 52 bb 10 c0 94 2b  |ar..e..dV*R....+|
91 63 02 66 93 32 b0 03  4d b2 21 92 d2 04 59 3b  |.c.f.2..M.!...Y;|
96 e6 5c dc fc f7 66 4a  09 9b ba 2d 92 68 f2 8b  |..\...fJ...-.h..|
93 23 15 1e 6f 92 e1 d3  4f b7 25 3f eb 37 f2 d2  |.#..o...O.%?.7..|
69 02 21 15 11 85 64 42  1a f0 e3 f8 cf 5b 27 eb  |i.!...dB.....['.|
ab db ad bd 56 d1 a1 74  90 fb 68 2e 70 19 05 05  |....V..t..h.p...|
8d 2d 8c 52 f0 a7 2f b4  ee 06 83 8a 38 b6 1e ce  |.-.R../.....8...|
d0 40 a8 7b bc 11 f5 e5  79 67 d2 c2 b2 30 8e af  |.@.{....yg...0..|
bb e3 70 83 b3 a9 9f ba  70 4f 33 c0 82 e8 6b ee  |..p.....pO3...k.|
fe 17 4a 82 d9 45 09 dd  f6 76 2e d5 4c 57 34 e7  |..J..E...v..LW4.|
b0 b8 ff 90 32 aa b1 27  0d d0 6e eb a9 b8 43 38  |....2..'..n...C8|
35 3b 36 f2 a9 38 2a c6  77 39 2b b3 19 bc 3c f1  |5;6..8*.w9+...<.|
2f 50 d4 50 0a 9e 86 7a  b6 24 98 d3 ec 3c 7f c9  |/P.P...z.$...<..|
74 9b 79 dd e9 87 cb bc  f0 52 5b 1c 3b e2 93 49  |t.y......R[.;..I|
fa 62 e8 90 9c 4c 63 ee  e3 78 f5 b1 cd e0 9d f9  |.b...Lc..x......|
c5 3a 7f 4c 1f a3 85 91  d8 f9 37 42 14 9e c9 9b  |.:.L......7B....|
dc bb 9e 13 0f 50 af 6e  8e 8f af 33 12 67 c0 50  |.....P.n...3.g.P|
33 2f 1c 38 91 d1 11 cb  2d fb 1a cf 4f 1c 13 cd  |3/.8....-...O...|
a1 3e b8 8c 4b 18 f9 99  34 bd d2 7b c5 e2 ac 8a  |.>..K...4..{....|
cc a4 86 91 4b 2d 4d a4  6c b9 42 e0 d6 d8 45 f3  |....K-M.l.B...E.|
1b de 5f a5 fe e8 f0 c2  d6 ed 50 20 36 bc cc 98  |.._.......P 6...|
a3 d9 56 3a 1d a0 3d 09  9b 25 d2 04 dc a6 dd 5a  |..V:..=..%.....Z|
1d a5 20 fb 9b d7 6b f2  fc 9e fd 2b f6 b1 2e 9e  |.. ...k....+....|
cf 21 8b 0a 99 ee 07 9b  43 c6 d3 3e d5 ad fc 7e  |.!......C..>...~|
82 af ea 21 55 d2 60 e4  af df 95 1b dd d0 82 f5  |...!U.`.........|
6c e1 87 cc 18 ad f5 b0  6d b9 31 08 78 66 64 13  |l.......m.1.xfd.|
26 2d 13 98 27 97 ec 09  7d 59 b2 e0 04 7e 1f 2a  |&-..'...}Y...~.*|
97 96 12 40 b4 45 79 53  ab af b7 4c c2 9f 7c ff  |...@.EyS...L..|.|
e9 64 51 dc ce b9 52 81  78 44 d8 e3 ca 74 fe fc  |.dQ...R.xD...t..|
75 ce 53 18 4e f3 23 40  11 ea 1d 6c f4 7c 52 5e  |u.S.N.#@...l.|R^|
b3 ad c1 5a cb a0 f4 27  36 6e 6a fd d1 bd bd 63  |...Z...'6nj....c|
2c 2c da fb 88 c9 a8 e8  36 43 f6 3b 93 72 93 7d  |,,......6C.;.r.}|
6a 74 e3 72 65 87 5e 84  d1 38 b3 7d 01 ba 9f 83  |jt.re.^..8.}....|
e6 65 99 85 cb ad e7 73  36 25 c0 02 66 4c 95 df  |.e.....s6%..fL..|
fc 3c 9d 7a a3 7e 3a d9  e6 9a de 23 83 21 87 bc  |.<.z.~:....#.!..|
d4 46 e7 46 42 58 dc b9  b1 90 da 7c 7b 28 4f 3b  |.F.FBX.....|{(O;|
5b 96 36 bb 56 67 59 1b  99 1c fe 26 c5 f7 02 9e  |[.6.VgY....&....|
29 ae 7d be db 56 aa 48  cc 19 87 da 21 78 5d 7b  |).}..V.H....!x]{|
7a 2f 59 71 0c fa af ef  8f dc 0a 30 7c 9b 3b ec  |z/Yq.......0|.;.|
1a 8e 7a 66 4c 0a 98 60  2f e6 ec c0 ec 04 fd be  |..zfL..`/.......|
53 c1 18 ce 1c c3 58 b2  f1 8e d6 5f 9c bc 04 a1  |S.....X...._....|
e2 ee 60 aa 0a a8 12 f9  05 b4 19 46 b7 e4 16 57  |..`........F...W|
e3 1f e6 f7 9f 22 8d 74  6f 75 24 47 61 60 d4 e7  |.....".tou$Ga`..|
c2 ea 16 e7 52 3a a4 bc  fd d3 f8 f8 9d 88 2c cc  |....R:........,.|
2c 2c 9d 07 73 48 b1 f7  39 6c 93 ea 48 dd c4 22  |,,..sH..9l..H.."|
fb af e3 72 23 9e 03 06  4e 27 5f d5 fe b2 6d d7  |...r#...N'_...m.|
31 e1 77 07 3a 3e 49 b4  06 e1 a8 c7 14 e0 92 e2  |1.w.:>I.........|
d6 80 7a 91 40 85 05 e8  ad 26 06 54 80 78 a8 69  |..z.@....&.T.x.i|
fb 4c 16 fa 58 de fb d5  0f d6 cd c8 cc 6c a0 f3  |.L..X........l..|
9d b5 e9 7f 31 73 a4 2a  58 dd 85 5a 0a 45 52 a1  |....1s.*X..Z.ER.|
99 8d 7c d7 f7 d9 97 3d  13 e0 50 52 ba d1 f2 52  |..|....=..PR...R|
9e b8 a9 6c 42 c3 ff 43  0e ed 5f 45 c8 d6 81 d8  |...lB..C.._E....|
1b d9 14 85 06 b1 0c 7b  53 2b 61 3a 6e bb 35 2d  |.......{S+a:n.5-|
2d 08 93 7a 81 a2 5a 61  13 89 f4 e3 2c 3f f1 99  |-..z..Za....,?..|
94 7a a8 e1 34 bf 6e d9  96 72 16 c9 b7 25 b3 ea  |.z..4.n..r...%..|
a0 38 e6 c1 c3 11 1b 67  2f 78 8e 7b e9 e5 03 a1  |.8.....g/x.{....|
20 cb 69 bd f7 2d f6 54  27 08 67 be af 5e 61 22  | .i..-.T'.g..^a"|
54 ee 43 4c 9f e5 cb e9  ae 17 56 c3 fa 83 b9 e3  |T.CL......V.....|
da 3e eb de 8a fa 04 99  d0 d3 32 4d af 0d d1 a1  |.>........2M....|
a5 e6 b1 19 71 c8 1c 32  60 55 5d e7 99 28 bb 87  |....q..2`U]..(..|
e4 57 28 fd e9 fa 14 0e  e7 4d 38 19 56 28 41 67  |.W(......M8.V(Ag|
f8 ee 9b 1d 57 38 dd 3f  99 b6 94 89 48 35 57 e5  |....W8.?....H5W.|
63 af 7a c6 d6 d5 cd c7  41 84 1f 3d 85 fb 8c aa  |c.z.....A..=....|
b5 e9 cd 3d 35 85 09 c1  32 53 d4 bc c9 61 7a 8e  |...=5...2S...az.|
7f f3 a2 dc d7 06 f8 93  37 19 6f 48 64 2a 34 d1  |........7.oHd*4.|
45 cf 7c 55 b2 d4 b6 1f  84 d6 d8 08 28 b6 b8 44  |E.|U........(..D|
66 e4 c4 d3 36 da 81 f0  a7 43 96 3b 5d a6 5f 7a  |f...6....C.;]._z|
17 aa 3c 35 3c 20 27 71  72 80 3f 68 ae 93 4a fc  |..<5< 'qr.?h..J.|
49 58 69 35 fd 78 79 13  f3 ca e5 8c 1e b8 d6 76  |IXi5.xy........v|
9e 98 08 9e ff 35 bc 85  5f 25 8c 4e ee a9 0c e3  |.....5.._%.N....|
5c 36 7c 7d 02 d5 15 e2  03 0e 92 27 9a fd 0a c7  |\6|}.......'....|
53 cd 3e 4a f1 b5 fc dd  33 2c 27 9c bc 01 7b 56  |S.>J....3,'...{V|
d7 7b 4e 1e d7 be ad f9  3e fe b5 69 08 65 08 a8  |.{N.....>..i.e..|
ae 8f a0 e1 c8 16 93 b0  59 91 5a ad 30 f2 be e8  |........Y.Z.0...|
fa 39 93 7c d7 d0 be a8  93 24 4d 23 e0 35 88 85  |.9.|.....$M#.5..|
31 3a 56 05 02 9f 4f e4  c2 e4 55 4b a6 2e 9b 60  |1:V...O...UK...`|
05 94 63 f0 20 81 e9 f2  75 97 39 9c e3 04 e4 fe  |..c. ...u.9.....|
5c 3c e8 47 da 70 23 1b  e2 4a 2b b6 bf b3 7e b8  |\<.G.p#..J+...~.|
3b c5 3b c9 92 17 f3 90  d9 05 3f 8f 14 be 1a e8  |;.;.......?.....|
b7 18 46 2e 57 79 25 a2  b1 79 d3 a3 60 db 76 1f  |..F.Wy%..y..`.v.|
e6 1a fa 47 d4 ac c4 ec  39 b0 08 29 b7 a6 ca 4c  |...G....9..)...L|
ce 64 c0 37 40 80 90 82  aa be 29 3a b1 4f 38 f6  |.d.7@.....):.O8.|
55 f0 e5 9e 4f 32 69 27  93 6f 22 0c 59 4e 3c 66  |U...O2i'.o".YN....L......|
2b 23 28 54 c9 27 9f 85  b9 45 e7 23 96 c1 42 e9  |+#(T.'...E.#..B.|
54 62 51 68 32 8f bd 0e  c9 16 62 f4 9f 79 f8 46  |TbQh2.....b..y.F|
d8 ce 92 6c dc 6c 43 7c  12 06 d3 81 08 f6 64 97  |...l.lC|......d.|
b2 c5 39 02 89 39 47 a9  a7 7a 19 ad 57 1f 27 f2  |..9..9G..z..W.'.|
8c 1b cb de 43 f0 56 ae  c7 9f f9 07 5a 2c 90 bc  |....C.V.....Z,..|
b1 c1 74 f4 53 b8 de 0c  c7 19 9f f0 11 5d 0b de  |..t.S........]..|
fb 7c 73 a4 2f 94 a1 de  05 b7 01 d6 a1 a7 88 f6  |.|s./...........|
c8 92 91 f0 66 18 1f 0f  d3 23 51 5c 43 64 f5 84  |....f....#Q\Cd..|
e2 78 8b a8 97 0f 0e 81  73 8c 73 89 36 02 ad 1b  |.x......s.s.6...|
75 88 84 9c 5b 37 c4 44  f9 5e 69 02 a9 b7 de 8f  |u...[7.D.^i.....|
fe aa 78 c9 38 e8 ab c0  45 eb c1 2c b4 2c 08 2d  |..x.8...E..,.,.-|
3a 09 a7 8f 90 c9 ae ed  eb 24 0a 68 41 30 5f df  |:........$.hA0_.|
14 c0 07 da 91 7e ab 7a  2d 3c 3e 3d fd 66 45 69  |.....~.z-<>=.fEi|
99 8e b4 58 27 57 e2 04  de 63 39 88 4d f9 b3 8b  |...X'W...c9.M...|
e8 7e 63 a3 e6 02 65 40  62 72 21 b0 36 48 b2 3e  |.~c...e@br!.6H.>|
1f a2 cc 77 04 3a 89 32  8e 9c dd d2 54 95 bf d9  |...w.:.2....T...|
48 ba 21 dd 3e 78 54 57  a2 1d 84 f0 c6 bb 45 4d  |H.!.>xTW......EM|
55 e8 75 61 d0 a2 ef d7  37 e6 c7 26 20 d7 07 48  |U.ua....7..& ..H|
02 60 35 3a 64 bb 17 b8  2c 59 68 d6 5a fe 94 6e  |.`5:d...,Yh.Z..n|
ce 16 94 80 fb 93 86 09  9b eb a6 db bf e8 b4 86  |................|
e8 6e fa 5b e8 78 6f 13  c4 dd af b5 e2 a3 db ab  |.n.[.xo.........|
1f f0 78 31 b5 e3 e1 8c  01 e8 10 bb 85 44 96 79  |..x1.........D.y|
d2 f5 31 d7 1e 30 44 c7  b2 ef 21 4f 93 91 fb 43  |..1..0D...!O...C|
e0 57 cf c3 f4 40 ba df  33 af 7c 05 08 ba 1d 3a  |.W...@..3.|....:|
9b 20 f7 3a 1c 38 a0 eb  c3 6d 69 dc e5 03 77 a7  |. .:.8...mi...w.|
b0 3b af 7e 71 27 ee 30  7e a6 4b 69 22 71 5f 15  |.;.~q'.0~.Ki"q_.|
22 27 d6 03 be ba b3 49  45 c4 16 09 95 84 76 80  |"'.....IE.....v.|
2f a0 90 9a a9 eb 7d 62  b4 c7 bb 0f f0 df 16 8a  |/.....}b........|
49 58 b7 a4 a4 b3 ce 5e  0e f9 9a f5 a4 f9 c4 a7  |IX.....^........|
01 9f 4d 44 de b5 8b 0e  2d 9f f2 90 d7 d2 a0 4f  |..MD....-......O|
f6 19 e8 86 32 f4 6a 5b  74 a5 4f 37 55 99 d1 2c  |....2.j[t.O7U..,|
ce 66 27 9c 17 80 62 7e  c0 51 fa fa 7d 69 fd 4c  |.f'...b~.Q..}i.L|
19 dd 1d 04 8e 25 20 27  54 f2 6f d3 32 ed b1 50  |.....% 'T.o.2..P|
46 35 c2 b9 1a 1b 6e b2  cd 92 c1 d0 cb 1a d5 9d  |F5....n.........|
9b 33 69 6a a5 bb ae 5a  0f a2 18 48 06 d4 1c 8a  |.3ij...Z...H....|
19 60 27 a3 77 29 41 5f  35 ad 17 08 f0 ab 71 93  |.`'.w)A_5.....q.|
72 b6 49 fe 25 07 f8 42  86 08 4f 85 e1 7f 6c 86  |r.I.%..B..O...l.|
fa 51 c1 58 7f 22 8d eb  5f 7e b0 0c 61 3a be b3  |.Q.X.".._~..a:..|
95 1c 9a f7 82 27 07 e1  25 0a f9 ee 1b 76 a3 21  |.....'..%....v.!|
a4 84 62 c7 48 50 2e 73  34 79 28 b8 d0 37 4f b5  |..b.HP.s4y(..7O.|
fd 2a 9e 7f f4 14 01 ec  d4 25 e4 5c 48 93 63 6d  |.*.......%.\H.cm|
d4 8b 3c d7 a9 d4 1e c5  23 a1 f9 62 3c 66 58 86  |..<.....#..b.E|
22 68 0d 0b 66 07 ca 26  8c 1b cf 45 22 ba fe 1c  |"h..f..&...E"...|
8a 3a 8a f4 ab db 71 25  c0 79 17 fb c8 09 f7 24  |.:....q%.y.....$|
19 f5 a9 a0 fe a9 aa cf  7c c9 c0 23 90 ee d4 76  |........|..#...v|
94 f4 9d 2d 8f 1c 7b 8f  a8 91 54 05 fa 28 6b 1e  |...-..{...T..(k.|
82 55 61 9b eb aa e6 dd  66 6f d9 63 da 17 cc 4a  |.Ua.....fo.c...J|
1a a5 25 fa e9 4c 66 6c  fd cc 48 a6 49 70 b2 7d  |..%..Lfl..H.Ip.}|
33 92 c0 99 9f 21 52 58  d1 8b f1 10 92 ef f3 bc  |3....!RX........|
34 9d 20 36 4d 2c 59 5c  4a b5 f9 e5 27 06 ed c0  |4. 6M,Y\J...'...|
04 c8 b7 2c 50 f8 e7 fa  c7 2f c1 a6 8d 89 fb 26  |...,P..../.....&|
fa 45 ef a9 11 52 9f b5  96 65 55 39 4f 64 df 9a  |.E...R...eU9Od..|
d1 29 99 d7 f5 ef c2 35  d7 ff e4 1b e7 47 3a 13  |.).....5.....G:.|
8f 17 5b 14 50 28 a7 81  75 8d 2a 8e bb 59 f1 f2  |..[.P(..u.*..Y..|
7d f7 20 16 4e 9b 25 2b  12 38 dd d0 ff e3 a8 44  |}. .N.%+.8.....D|
15 a1 8c 29 ea e9 04 7e  f8 71 29 45 ad 07 2d e1  |...)...~.q)E..-.|
ec 8e 67 54 db 61 71 b2  0e a5 12 a4 76 69 e5 ad  |..gT.aq.....vi..|
b0 88 11 8f 83 aa 6b 1d  ba e8 ec 31 aa e4 44 b8  |......k....1..D.|
08 5a ed f1 e2 7c 32 59  e3 a9 ca e2 33 39 33 78  |.Z...|2Y....393x|
8e 81 db e2 83 4d b9 82  d5 5f ed 9a 7a bb 88 f7  |.....M..._..z...|
bc da 9a 46 6d fd 14 5e  33 3a 34 4e 60 07 75 02  |...Fm..^3:4N`.u.|
dd 57 42 b1 14 8d ea 8a  e9 d4 8c 3d 29 aa f2 57  |.WB........=)..W|
fa a6 b2 98 49 c8 e7 b3  1e e1 60 1d 6c db 37 d9  |....I.....`.l.7.|
d0 e9 ff 7e 27 f7 25 c0  1b dd 0b 4a 07 25 1f c0  |...~'.%....J.%..|
b8 65 e4 27 07 92 a0 03  48 be 44 f8 0a 14 a5 c4  |.e.'....H.D.....|
9e 2c 32 c2 6d ed ac 67  13 a2 92 64 a9 ef 4c 53  |.,2.m..g...d..LS|
ed d3 40 22 fc e8 59 a6  de 81 b9 ff 2f 60 92 bb  |..@"..Y...../`..|
82 23 5b e6 60 a3 eb 74  fa dc 2d a4 e8 25 5f 60  |.#[.`..t..-..%_`|
97 c2 39 af 44 2a 4d ae  8d 70 7d c3 17 c3 74 e9  |..9.D*M..p}...t.|
ba eb 62 4b 3b 24 74 90  84 de c9 96 e0 35 de 70  |..bK;$t......5.p|
b7 18 a7 e7 b9 88 dc de  86 65 30 4c 3f 97 64 b1  |.........e0L?.d.|
8b b3 8f 43 fc 4b f5 1a  e2 8a 3b 3b f1 df f5 3d  |...C.K....;;...=|
53 cb c7 d8 ff 0d 8e ad  80 cd 57 11 6b 87 20 a7  |S.........W.k. .|
3b bd 93 15 69 cb 48 22  ce 58 3a 05 c1 3d 76 b5  |;...i.H".X:..=v.|
71 ea 3b 82 7b 92 09 48  b5 ac 5c 03 a0 94 09 92  |q.;.{..H..\.....|
14 62 7e fb 07 2a 67 6f  84 54 61 dd 37 b6 d1 fb  |.b~..*go.Ta.7...|
21 95 04 da 57 c8 1b 8d  e2 96 8c 81 2a 13 26 71  |!...W.......*.&q|
66 0a c7 27 23 c0 6f 79  c2 1f 30 21 80 0c 22 66  |f..'#.oy..0!.."f|
72 02 8b ca 7e 32 b3 11  4b b5 1a 64 96 aa 1f 72  |r...~2..K..d...r|
84 35 49 ba ca ba a5 70  cd ea 08 9e 0d 4e 21 80  |.5I....p.....N!.|
7a 78 9e 2f a4 26 e7 1b  b4 c8 18 f5 b7 58 43 fb  |zx./.&.......XC.|
c4 75 41 cc d3 1c 6f 33  6e 80 33 99 90 e3 2f 07  |.uA...o3n.3.../.|
52 55 6c d8 3e d0 f0 a5  67 20 81 f2 a4 6c 84 a5  |RUl.>...g ...l..|
83 73 52 68 d4 b7 57 59  ef 3c d9 cc 05 86 4f ee  |.sRh..WY.<....O.|
17 0a 89 8d 84 31 2c 61  33 a2 32 8d b7 8b 77 3d  |.....1,a3.2...w=|
1e e7 81 8c 28 39 0d 2c  23 0d 0d 61 a6 46 2b 5d  |....(9.,#..a.F+]|
e8 1b ed 06 75 1a 19 b2  69 ca ec 6d 8f ac 56 c1  |....u...i..m..V.|
f8 a3 3a 2d ee 1c 61 a8  5a 76 bf f9 f4 85 0d ad  |..:-..a.Zv......|
ed 22 f6 ef d2 33 5c ae  e0 a4 55 aa 0e 1d fd 68  |."...3\...U....h|
79 88 4a 30 0c b2 4d 80  6f 91 c8 a8 b5 f7 e3 6d  |y.J0..M.o......m|
4e c9 62 eb 22 f8 be 24  f1 d3 f4 d4 5a 7d f1 9a  |N.b."..$....Z}..|
0c 8c e3 71 27 22 ea 1a  bc 09 e3 f6 ef aa 45 60  |...q'"........E`|
37 d5 57 8e ab b8 2e 8f  7b 8c 3a ed dd c1 57 f2  |7.W.....{.:...W.|
20 bc 9d bf aa 63 78 8d  23 1e af df f0 fa 68 7b  | ....cx.#.....h{|
d8 19 5c 61 7d 96 ba 27  df 99 75 6b 48 33 f5 44  |..\a}..'..ukH3.D|
26 36 70 de c7 44 58 a9  06 a3 af d3 49 9b 28 eb  |&6p..DX.....I.(.|
6a 7d 5d e1 69 8b 98 d0  04 58 db 37 8b 6c 3e 92  |j}].i....X.7.l>.|
97 2c bc 84 70 66 12 ef  4e 01 4b b7 cc 91 05 0e  |.,..pf..N.K.....|
22 fe ab 80 04 60 21 28  53 bb 87 af de 5e 40 16  |"....`!(S....^@.|
ed e4 42 5d 5c 3f 50 95  67 33 cc e1 95 39 22 75  |..B]\?P.g3...9"u|
3f ae fa a2 a8 b5 cf 7e  b9 48 74 a7 ba 4e b2 3a  |?......~.Ht..N.:|
a9 bc 29 08 07 16 e0 84  41 c8 64 21 fd 3f 47 e7  |..).....A.d!.?G.|
01 b1 64 a1 72 fe 47 d5  ab 19 83 64 df d2 ee a1  |..d.r.G....d....|
4b 21 fa 16 b1 0b b7 5a  4f e6 25 b2 a7 a6 e0 61  |K!.....ZO.%....a|
ad 41 62 ca 45 83 4b e5  1d da 7b a0 4f da f1 20  |.Ab.E.K...{.O.. |
5c 96 a5 11 5d 0e ea 67  8a 44 07 4c 76 c5 fd 0f  |\...]..g.D.Lv...|
8d a8 d5 5d c4 5e c3 1a  88 cf 05 89 50 a4 5d be  |...].^......P.].|
66 b1 7b 72 d2 e3 b4 b3  6e 2e e3 15 93 47 52 54  |f.{r....n....GRT|
ed 4a 04 90 5a 7e be 93  ec cc ac c1 6c c4 78 b8  |.J..Z~......l.x.|
f8 1f 33 a9 9c 28                                 |..3..(          |

module_name
flags	0
timestamp	0
version	0.0
ordinal_base	1
nFunctions	1
nNames	1
Names(1)	0x37007c
Functions(1)	0x370078
NameOrdinals(1)	0x370074

StringTable 040904b0

Comments	Remote Service Application
CompanyName	Microsoft Corp.
FileDescription	Remote Service Application
FileVersion	1, 0, 0, 1
InternalName	MSRSAAPP
LegalCopyright	Copyright (C) 1999
OriginalFilename	MSRSAAP.EXE
ProductName	Remote Service Application
ProductVersion	4, 0, 0, 0

VS_FIXEDFILEINFO

FileVersion	4.0.0.0
ProductVersion	4.0.0.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
0	1542656	EXE	06/03/2012 18:33:20	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0xb0a58

[?] can't find file_offset of VA 0xb0b8c

[?] can't find file_offset of VA 0xb0cc0

[?] can't find file_offset of VA 0xb0df4

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[?] can't find file_offset of VA 0xb3440

[?] can't find file_offset of VA 0xb362c

[?] can't find file_offset of VA 0xb363c

[?] can't find file_offset of VA 0xb3e30

[?] can't find file_offset of VA 0xb3e44

[?] can't find file_offset of VA 0xb3e58

[?] can't find file_offset of VA 0xb3e6c

[?] can't find file_offset of VA 0xb3e80

[?] can't find file_offset of VA 0xb3e94

[?] can't find file_offset of VA 0xb3ea8

server_protected.exe-