filenameBAS_FUN.DLL
size51200 (0xc800)
md53122679a40493acc49508df48c59fada
typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavscan pending
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x50
blocks_in_file2
num_relocs0
header_paragraphs4
min_extra_paragraphs0xf
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0x1a
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections9
TimeDateStamp0x2a425e19
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0xa18e
Magic0x10b
LinkerVersion2.25
SizeOfCode0x12a00
SizeOfInitializedData0x4200
SizeOfUninitializedData0
AddressOfEntryPoint0x1c001
BaseOfCode0x1000
BaseOfData0x14000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x1f000
SizeOfHeaders0x400
CheckSum0
Subsystem2
DllCharacteristics1
SizeOfStackReserve0
SizeOfStackCommit0
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

ASPack v2.12

This file is packed with ASPack. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
CODE0x10000x130000x8a00RW- IDATA
DATA0x140000x10000x400RW- IDATA
BSS0x150000x10000RW- IDATA
.idata0x160000x10000x600RW- IDATA
.edata0x170000x10000x200RW- IDATA
.reloc0x180000x20000x1200RW- IDATA
.rsrc0x1a0000x20000xa00RW- IDATA
.aspack0x1c0000x20000x1200RW- IDATA
.adata0x1e0000x10000RW- IDATA

Data Directory

typevasize
EXPORT0x170000xf1
IMPORT0x1cfac0x14c
RESOURCE0x1a0000x1800
EXCEPTION00
SECURITY00
BASERELOC0x1cf548
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
00x100000
typenamesizecp
ICON#17440
STRING#40905120
STRING#40913800
STRING#40922360
STRING#40935240
STRING#40949760
STRING#40958840
STRING#40967080
RCDATADVCLAL160
RCDATAPACKAGEINFO1680
GROUP_ICONMAINICON200
idlangstring
654240
c6 8d 26 f0 a9 c9 f6 c0  48 4e b3 a2 d2 30 72 45  |..&.....HN...0rE|
c4 c5 b4 1b 32 2d 1a 38  a6 8c f1 d2 9a c5 c4 71  |....2-.8.......q|
da e5 58 d0 25 5c 18 28  4a fb e5 63 8d 94 59 b2  |..X.%\.(J..c..Y.|
18 e0 48 2f 00 84 27 c0  f9 a7 5c a0 34 00 a8 73  |..H/..'...\.4..s|
03 8c 15 45 7e 24 54 30  0b 76 f0 d7 ac 87 94 a3  |...E~$T0.v......|
0a 68 a1 33 3b ab af 89  f9 29 13 7f b7 17 72 35  |.h.3;....)....r5|
19 22 27 7e 68 02 d0 46  d1 ac e8 e0 f1 1c 25 aa  |."'~h..F......%.|
a9 80 04 91 95 96 71 47  4f d7 93 f0 31 00 1c 1d  |......qGO...1...|
4d 4d 00 ea 72 87 75 cb  98 9b 7f d4 f5 f5 4b 29  |MM..r.u.......K)|
73 52 b6 a4 43 a0 a7 3c  0a f4 f7 0f 9c 6c d5 ba  |sR..C..<.....l..|
5c 18 a0 74 d6 b9 2d c6  f1 c8 61 98 02 9f a6 7d  |\..t..-...a....}|
e6 7e 55 d7 6b 8f 5c 06  e5 8e 2b 08 c6 0a 7a 60  |.~U.k.\...+...z`|
a7 26 0a 68 60 a6 45 30  1b 6f ba a2 bc 8a b8 62  |.&.h`.E0.o.....b|
95 97 df 87 06 9e 46 95  d2 f7 04 63 0b b0 2e f4  |......F....c....|
09 5c f0 5c ef b5 95 28  14 28 5a 83 f6 4d 03 4d  |.\.\...(.(Z..M.M|
c2 f3 e2 f8 01 d2 cf b9  ac 24 57 09 b9 05 46 4d  |.........$W...FM|
52 c5 cc b5 c4 a5 81 5f  40 27 05 b8 7e be 24 24  |R......_@'..~.$$|
44 72 4f b0 14 c5 b1 44  c3 bf 4b 60 18 60 9b 06  |DrO....D..K`.`..|
66 e4 b4 d1 4a bb 2f cd  c5 de 63 f1 8b 10 4b 0b  |f...J./...c...K.|
6d b8 a1 b8 1d c4 f4 d5  d7 85 4c e1 38 ce 02 7d  |m.........L.8..}|
ed 90 f3 f2 18 29 4a a1  6d 18 51 1b 6f df c6 af  |.....)J.m.Q.o...|
1f 58 30 71 a8 6d 63 a3  1e a3 f6 f0 ea 2f 38 37  |.X0q.mc....../87|
4a e1 38 0d 22 c8 76 44  14 51 d8 6a 2c e1 ef 94  |J.8.".vD.Q.j,...|
b6 91 2d 7e 63 e3 d0 73  ae 12 c0 50 e2 46 d5 33  |..-~c..s...P.F.3|
0d b1 a0 4e c7 40 1f a4  76 0d 5f 7c b0 0e 92 a4  |...N.@..v._|....|
65 76 10 5a 58 37 48 a3  d2 15 b2 f5 9a f8 cf 7a  |ev.ZX7H........z|
45 9a d2 af ae 1b c9 1d  91 77 71 bf c0 ec 51 9d  |E........wq...Q.|
2b b0 8f 7d 5a 64 16 b1  e6 67 44 81 78 4e 3c de  |+..}Zd...gD.xN<.|
6c 4e 17 f4 1c 2f 30 d3  56 d8 16 2f f8 3d 82 8e  |lN.../0.V../.=..|
81 0d dc c5 5f 67 42 d2  7b 3b d8 36 4e 5f 31 51  |...._gB.{;.6N_1Q|
c8 bb b7 8a 99 4c 4e d4  85 32 b9 4b 06 56 9c b0  |.....LN..2.K.V..|
72 64 ba 67 a1 04 ba c0  38 ae 80 b7 31 62 d3 07  |rd.g....8...1b..|
654400
bb 1b e8 19 61 0b de 26  16 a0 32 c0 3b ba a9 b7  |....a..&..2.;...|
e4 b2 ac 45 af 12 ae 67  c8 1e 67 3a 21 bd aa 3e  |...E...g..g:!..>|
3a 55 7d fb 52 c6 db 1b  27 fb 9e be 67 6f 44 bd  |:U}.R...'...goD.|
c4 30 68 36 56 44 90 e1  22 51 66 58 48 d6 75 93  |.0h6VD.."QfXH.u.|
06 97 fd 19 2f c7 ac 86  81 c2 8b 41 c8 68 8f d3  |..../......A.h..|
a4 4a c9 fa 49 9c 5c a8  5c 6f de 7c d7 f6 68 14  |.J..I.\.\o.|..h.|
5b ab 0f be e4 13 e4 b3  5d 1c bf a7 cb 57 d6 72  |[.......]....W.r|
98 92 55 83 a7 79 ee c4  73 20 6c fe 4f 38 b0 1d  |..U..y..s l.O8..|
2a a5 be d1 10 bf f9 22  75 7f ae 89 1a 11 05 8e  |*......"u.......|
05 0b a0 98 89 e6 30 af  a5 4b e0 80 c6 db 0a 14  |......0..K......|
6e 9f 1f 73 c8 ae db 4a  f9 b1 db 06 57 fe 22 6d  |n..s...J....W."m|
ec 54 84 2f 8d c4 83 3f  76 ca 3e 8b 22 28 cc 7c  |.T./...?v.>."(.||
16 d9 2d d4 68 aa 8f 44  8c 19 2b 8d 3c 19 16 d4  |..-.h..D..+.<...|
1b e3 2a 13 69 30 67 29  63 aa 23 86 a6 25 4e 68  |..*.i0g)c.#..%Nh|
32 46 c3 07 21 bc b2 2e  d3 48 9a 15 f8 f5 b9 c9  |2F..!....H......|
fc cf 8d e0 66 2a 7c c9  7c f1 89 5f 13 35 e0 c9  |....f*|.|.._.5..|
00 1e 17 c4 e3 18 24 bc  9c f4 ed 07 76 76 8b 48  |......$.....vv.H|
03 5d c5 0a b0 f4 29 50  a6 66 65 74 b4 3a 29 e4  |.]....)P.fet.:).|
c9 44 50 20 01 e4 50 2b  63 20 a6 63 f7 f5 7b e7  |.DP ..P+c .c..{.|
91 28 da f8 ad 05 cc d9  ed 30 49 d1 04 94 7f 65  |.(.......0I....e|
3b 6d 3a 24 a7 d3 2a 66  1a a2 78 f2 06 54 bb 8f  |;m:$..*f..x..T..|
e8 94 22 48 f1 30 d5 76  09 a1 27 4f 31 d4 a0 ee  |.."H.0.v..'O1...|
7e 75 97 d1 ef a0 81 52  20 1c f9 5a 39 da 1e d1  |~u.....R ..Z9...|
f9 01 dd 4f 24 0b 7a 37  cf e1 5e 38              |...O$.z7..^8    |
654560菾벼申ソ邯悐Ϩ
module_namehintordfunction_name
kernel32.dllGetProcAddress
kernel32.dllGetModuleHandleA
kernel32.dllLoadLibraryA
user32.dllGetKeyboardType
advapi32.dllRegQueryValueExA
oleaut32.dllSysFreeString
user32.dllMessageBoxA
oleaut32.dllSafeArrayPtrOfIndex
ordentry_vafunction_name
10x13180DeReg
20x12e58EnReg
30x12c10DeSender
40x1298cEnSender
50x1369cGetDiskSerial
60x127c8GetSerialCode
70x12530GetPassword
80x123e8GetCardPassword
90x125f4GetValidDate
module_nameBAS_FUN.dll
flags0
timestamp0
version0.0
ordinal_base1
nFunctions9
nNames9
Names(9)0x1704c
Functions(9)0x17028
NameOrdinals(9)0x17070
offsetsizetypecomment
051200DLL06/19/1992 22:22:17#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x1aa08
[?] can't find file_offset of VA 0x1ac14
[?] can't find file_offset of VA 0x1afe4
[?] can't find file_offset of VA 0x1b358
[!] string size(72588) > stringtable size(512). truncated to 510
[!] cannot convert "&\xF0\xA9\xC9\xF6\xC0HN\xB3\xA2\xD20rE\xC4\xC5"... to UTF-16
[!] string size(14198) > stringtable size(380). truncated to 378
[!] cannot convert "\xE8\x19a\v\xDE&\x16\xA02\xC0;\xBA\xA9\xB7\xE4\xB2"... to UTF-16
[!] string size(40676) > stringtable size(236). truncated to 234
[?] can't find file_offset of VA 0x1b61c
[?] can't find file_offset of VA 0x1b62c
[?] can't find file_offset of VA 0x1b6d4
[?] can't find file_offset of VA 0x0