MiniA.exe

info
MZ
PE
resources
imports
exports
foremost
hexdump
disasm
log
discuss
donate

filename	MiniA.exe
size	4655104 (0x470800)
md5	33cde296f9311f47905315892ba4b8b8

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x150

DOS stub

00000000: 50 45 00 00 4c 01 04 00  e8 b6 89 53 00 00 00 00  |PE..L......S....|
00000010: 00 00 00 00 e0 00 22 01  0b 01 09 00 00 40 41 00  |......"......@A.|
00000020: 00 f0 05 00 00 f0 d6 00  10 3d 18 01 00 00 d7 00  |.........=......|
00000030: 00 40 18 01 00 00 40 00  00 10 00 00 00 02 00 00  |.@....@.........|
00000040: 05 00 00 00 00 00 00 00  05 00 00 00 00 00 00 00  |................|
00000050: 00 10 1e 01 00 04 00 00  00 00 00 00 02 00 40 80  |..............@.|
00000060: 00 00 10 00 00 10 00 00  00 00 10 00 00 10 00 00  |................|
00000070: 00 00 00 00 10 00 00 00  b8 ee 1d 01 90 04 00 00  |................|
00000080: 00 00 1e 01 08 02 00 00  00 40 18 01 e0 a8 05 00  |.........@......|
00000090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0: 48 f3 1d 01 10 00 00 00  00 00 00 00 00 00 00 00  |H...............|
000000b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0: e4 3e 18 01 18 00 00 00  00 00 00 00 00 00 00 00  |.>..............|
000000d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000f0: 00 00 00 00 00 00 00 00  50 45 00 00 4c 01 03 00  |........PE..L...|
00000100: e8 b6 89 53 00 00 00 00  00 00 00 00 e0 00 22 01  |...S..........".|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x5389b6e8
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x122
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0x414000
SizeOfInitializedData	0x5f000
SizeOfUninitializedData	0xd6f000
AddressOfEntryPoint	0x1183d10
BaseOfCode	0xd70000
BaseOfData	0x1184000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x11e1000
SizeOfHeaders	0x400
CheckSum	0
Subsystem	2
DllCharacteristics	0x8040
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0xd6f000	0	RWX UDATA
UPX1	0xd70000	0x414000	0x414000	RWX IDATA
.rsrc	0x1184000	0x5c000	0x5b400	RW- IDATA
.newimp	0x11e0000	0x1000	0x1000	RW- IDATA

Data Directory

type	va	size
EXPORT	0x11deeb8	0x490
IMPORT	0x11e0000	0x208
RESOURCE	0x1184000	0x5a8e0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x11df348	0x10
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x1183ee4	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x1583efc	0x1583f04	0x148c0b0	0	0	0

show previews

type	name	size	cp
ICON	#1	1128	1252
ICON	#2	4264	1252
ICON	#3	9640	1252
ICON	#4	16936	1252
ICON	#5	67624	1252
ICON	#6	270376	1252
GROUP_ICON	#1005	90	1252
MANIFEST	#1	346	1252

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		VirtualProtect
KERNEL32.DLL		ExitProcess
ADVAPI32.dll		RegCloseKey
CrashRpt1301.dll	16
CRYPT32.dll		CryptMsgClose
d3d9.dll		Direct3DCreate9
d3dx9_43.dll		D3DXCreateFontA
DINPUT8.dll		DirectInput8Create
fmod_event.dll		FMOD_EventSystem_Create
fmod_event_net.dll		enum FMOD_RESULT __stdcall FMOD::NetEventSystem_Update(void) ?NetEventSystem_Update@FMOD@@YG?AW4FMOD_RESULT@@XZ
fmodex.dll		public: enum FMOD_RESULT __stdcall FMOD::Sound::release(void) ?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
GDI32.dll		BitBlt
IPHLPAPI.DLL		IcmpSendEcho
PhysX3_x86.dll		PxGetSDKMetaData
PhysX3Common_x86.dll		PxGetFoundation
PhysX3Cooking_x86.dll		PxCreateCooking
SHELL32.dll		ShellExecuteA
ts3client_win32.dll		ts3client_freeMemory
USER32.dll		SetRect
VERSION.dll		VerQueryValueA
VMProtectSDK32.dll		VMProtectEnd
WININET.dll		InternetOpenA
WINMM.dll		timeGetTime
WS2_32.dll	8
XINPUT1_3.dll	2
InvadeZ Hack.dll		_DllMain@12

ord	entry_va	function_name
1	0x11730	??0System@Scaleform@@QAE@ABUHeapDesc@MemoryHeap@1@PAVSysAllocBase@1@@Z
2	0x11710	??0System@Scaleform@@QAE@PAVSysAllocBase@1@@Z
3	0x11660	??1AcquireInterface@Scaleform@@UAE@XZ
4	0x11660	??1DefaultAcquireInterface@Scaleform@@UAE@XZ
5	0x11750	??1System@Scaleform@@QAE@XZ
6	0x116e0	??_FEvent@Scaleform@@QAEXXZ
7	0x116d0	??_FMutex@Scaleform@@QAEXXZ
8	0x116f0	??_FSemaphore@Scaleform@@QAEXXZ
9	0x10f540	??_FSysAllocPagedMalloc@Scaleform@@QAEXXZ
10	0x115a0	??_FSysAllocStatic@Scaleform@@QAEXXZ
11	0x10f550	??_FSysAllocWinAPI@Scaleform@@QAEXXZ
12	0x117b0	??_FSystem@Scaleform@@QAEXXZ
13	0x11700	??_FThread@Scaleform@@QAEXXZ
14	0x11f60	?GetXScale@?$Matrix2x4@M@Render@Scaleform@@QBEMXZ
15	0x11f80	?GetYScale@?$Matrix2x4@M@Render@Scaleform@@QBEMXZ
16	0x117f0	?Init@System@GFx@Scaleform@@SAXPAVSysAllocBase@3@@Z
17	0x11760	?Init@System@Scaleform@@SAXPAVSysAllocBase@2@@Z
18	0x112610	?Prepend@?$Matrix2x4@M@Render@Scaleform@@QAEAAV123@ABV123@@Z
19	0x11f20	?SetIdentity@?$Matrix2x4@M@Render@Scaleform@@QAEXXZ
20	0x11fa0	?SetIdentity@?$Matrix3x4@M@Render@Scaleform@@QAEXXZ
21	0x11fd0	?SetIdentity@?$Matrix4x4@M@Render@Scaleform@@QAEXXZ

module_name	MiniA.exe
flags	0
timestamp	2014-05-31 11:02:09
version	0.0
ordinal_base	1
nFunctions	21
nNames	21
Names(21)	0x11def34
Functions(21)	0x11deee0
NameOrdinals(21)	0x11def88

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	4649520	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK