| parent | RegScanner.exe | |
|---|---|---|
| filename | RegScanner.unpacked.exe | |
| size | 101376 (0x18c00) | |
| md5 | 3035b3042e966337fcbc0f29a50842bb | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xf0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xef41 | 0xf000 | R-X CODE | |
| .rdata | 0x10000 | 0x2b7e | 0x2c00 | R-- IDATA | |
| .data | 0x13000 | 0xd0c | 0x200 | RW- IDATA | |
| .rsrc | 0x14000 | 0x4708 | 0x4800 | R-- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x1178c | 0xb4 | |
| RESOURCE | 0x14000 | 0x4708 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0 | 0 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| id | lang | string |
|---|---|---|
| 4 | 1033 | %d item(s) |
| 5 | 1033 | , %d Selected |
| 6 | 1033 | Created by using |
| 7 | 1033 | Select a filename to save |
| 8 | 1033 | Registry Report |
| 9 | 1033 | Do you want to stop the Registry scan ? |
| 10 | 1033 | Scanning (%d)... %s |
| 11 | 1033 | Loading, Please Wait... |
| 12 | 1033 | You must type at least one character in the find string ! |
| 13 | 1033 | N / A |
| 14 | 1033 | Select a RegEdit filename to export |
| 15 | 1033 | Select configuration filename to save |
| 16 | 1033 | Select configuration filename to load |
| 17 | 1033 | Select a filename to create a Delete .Reg file |
| 18 | 1033 | Warning: This option creates a .reg file that deletes all the selected Registry values. |
| 19 | 1033 | Do you want to continue ? |
| 20 | 1033 | Failed to create the Registry backup file: %s |
| 21 | 1033 | Warning: Deleting essential Registry keys and values can cause your computer to work improperly. Do you still want to delete the selected keys/values ? |
| 22 | 1033 | Failed to delete %d Registry items |
| 23 | 1033 | Clear Recent Files List |
| 24 | 1033 | Do you want to clear the recent files list ? |
| 25 | 1033 | Select binary file to export the selected value |
| 501 | 1033 | Text File |
| 502 | 1033 | Tab delimited text file |
| 503 | 1033 | Tabular Text File |
| 504 | 1033 | HTML File - Horizontal |
| 505 | 1033 | HTML File - Vertical |
| 506 | 1033 | XML File |
| 507 | 1033 | Comma delimited text file |
| 601 | 1033 | RegEdit File, Version 4 (98/NT) |
| 602 | 1033 | RegEdit File, Version 5 (2000/XP) |
| 611 | 1033 | Binary File |
| 612 | 1033 | All Files |
| 701 | 1033 | RegScanner Config File |
| 1001 | 1033 | Registry Key |
| 1002 | 1033 | Name |
| 1003 | 1033 | Type |
| 1004 | 1033 | Data |
| 1005 | 1033 | Key Modified Time |
| 1006 | 1033 | Data Length |
| 1100 | 1033 | REG_NONE |
| 1101 | 1033 | REG_SZ |
| 1102 | 1033 | REG_EXPAND_SZ |
| 1103 | 1033 | REG_BINARY |
| 1104 | 1033 | REG_DWORD |
| 1105 | 1033 | REG_DWORD_BIG_ENDIAN |
| 1106 | 1033 | REG_LINK |
| 1107 | 1033 | REG_MULTI_SZ |
| 1108 | 1033 | REG_RESOURCE_LIST |
| 1109 | 1033 | REG_FULL_RESOURCE_DESCRIPTOR |
| 1110 | 1033 | REG_RESOURCE_REQUIREMENTS_LIST |
| 1111 | 1033 | REG_QWORD |
| 1199 | 1033 | Key |
| 1200 | 1033 | Registry item contains any value |
| 1201 | 1033 | Exact Match |
| 1202 | 1033 | Registry item contains the specified string |
| 1203 | 1033 | Registry item contains one or more words. |
| 1204 | 1033 | Registry item contains the specified DWORD value |
| 1205 | 1033 | Registry item contains the specfied binary value |
| 1206 | 1033 | Registry item contains the specified regular expression |
| 1207 | 1033 | Registry item matches exactly the specified regular expression |
| 1208 | 1033 | Registry item matches the specified wildcards (comma-delimited list) |
| 1220 | 1033 | No time filter |
| 1221 | 1033 | Show only Registry keys modified in the last... |
| 1222 | 1033 | Show only Registry keys modified in the specified time range |
| 1231 | 1033 | Seconds |
| 1232 | 1033 | Minutes |
| 1233 | 1033 | Hours |
| 1234 | 1033 | Days |
| 1300 | 1033 | Default |
| 1301 | 1033 | 32-bit Registry |
| 1302 | 1033 | 64-Bit Registry |
StringTable 040904b0
| CompanyName | NirSoft |
| FileDescription | Registry Scanner |
| FileVersion | 2.40 |
| InternalName | RegScanner |
| LegalCopyright | Copyright © 2004 - 2019 Nir Sofer |
| OriginalFilename | RegScanner.exe |
| ProductName | RegScanner |
| ProductVersion | 2.40 |
VS_FIXEDFILEINFO
| FileVersion | 2.4.0.0 |
| ProductVersion | 2.4.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 92672 | EXE | 08/29/2019 10:56:03 | # |
| 15c1 | 15 | HTM | # | |
| 10a10 | 84 | HTM | # | |
| 16a00 | 8704 | BIN | overlay data past EOF | # |
Scanning the drive for archives: 1 file, 101376 bytes (99 KiB) Errors: 1
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK