wpcdiala.exe

info
MZ
PE
imports
foremost
hexdump
disasm
log
discuss
donate

filename	wpcdiala.exe
size	147456 (0x24000)
md5	2e2a1f0cdc51c4e1717a27e22f6f5191

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 9f c5 48 c6 58 c6 86 9f  4c 68 08 8f c6 2d 95 4c  |..H.X...Lh...-.L|
00000010: 68 c6 c4 c8 0d f6 9f 4c  68 08 c5 4c 68 c6 f4 28  |h......Lh..Lh..(|
00000020: c6 8f 0c 68 c6 4c 68 c6  08 c5 78 c6 8f 4c 68 c5  |...h.Lh...x..Lh.|
00000030: 26 96 36 86 9f 4c 68 c0  00 00 00 00 00 00 00 00  |&.6..Lh.........|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x5c14343a
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	12.0
SizeOfCode	0x8000
SizeOfInitializedData	0x1c000
SizeOfUninitializedData	1
AddressOfEntryPoint	0x72b6
BaseOfCode	0x1000
BaseOfData	0x9000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x1000
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x25000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0x8100
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x7812	0x8000	R-X CODE
.data	0x9000	0x2e40	0x2000	RW- IDATA
.idata	0xc000	0x1f4	0x1000	R-- IDATA
.code	0xd000	0x17236	0x18000	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xc03c	0x78
RESOURCE	0	0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0xc000	0x3c
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	ord	function_name
msi.dll		29
GDI32.dll	450		GetColorAdjustment
WINMM.dll	183		waveOutReset
ADVAPI32.dll	692		SetSecurityAccessMask
KERNEL32.dll	542		GetNamedPipeClientProcessId
KERNEL32.dll	345		FlushProcessWriteBuffers
KERNEL32.dll	570		GetPriorityClass
KERNEL32.dll	643		GetTempFileNameW
KERNEL32.dll	536		GetModuleHandleW
KERNEL32.dll	472		GetEnvironmentStrings

show previews

offset	size	type	comment
0	147456	EXE	12/14/2018 22:52:42	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK