filename | MiniA.exe | |
---|---|---|
size | 4655104 (0x470800) | |
md5 | 33cde296f9311f47905315892ba4b8b8 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x150 |
DOS stub
00000000: 50 45 00 00 4c 01 04 00 e8 b6 89 53 00 00 00 00 |PE..L......S....| 00000010: 00 00 00 00 e0 00 22 01 0b 01 09 00 00 40 41 00 |......"......@A.| 00000020: 00 f0 05 00 00 f0 d6 00 10 3d 18 01 00 00 d7 00 |.........=......| 00000030: 00 40 18 01 00 00 40 00 00 10 00 00 00 02 00 00 |.@....@.........| 00000040: 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 |................| 00000050: 00 10 1e 01 00 04 00 00 00 00 00 00 02 00 40 80 |..............@.| 00000060: 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 |................| 00000070: 00 00 00 00 10 00 00 00 b8 ee 1d 01 90 04 00 00 |................| 00000080: 00 00 1e 01 08 02 00 00 00 40 18 01 e0 a8 05 00 |.........@......| 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000a0: 48 f3 1d 01 10 00 00 00 00 00 00 00 00 00 00 00 |H...............| 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000000c0: e4 3e 18 01 18 00 00 00 00 00 00 00 00 00 00 00 |.>..............| 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000f0: 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 |........PE..L...| 00000100: e8 b6 89 53 00 00 00 00 00 00 00 00 e0 00 22 01 |...S..........".|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
UPX0 | 0x1000 | 0xd6f000 | 0 | RWX UDATA | |
UPX1 | 0xd70000 | 0x414000 | 0x414000 | RWX IDATA | |
.rsrc | 0x1184000 | 0x5c000 | 0x5b400 | RW- IDATA | |
.newimp | 0x11e0000 | 0x1000 | 0x1000 | RW- IDATA |
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x1583efc | 0x1583f04 | 0x148c0b0 | 0 | 0 | 0 |
type | name | size | cp | |
---|---|---|---|---|
ICON | #1 | 1128 | 1252 | |
ICON | #2 | 4264 | 1252 | |
ICON | #3 | 9640 | 1252 | |
ICON | #4 | 16936 | 1252 | |
ICON | #5 | 67624 | 1252 | |
ICON | #6 | 270376 | 1252 | |
GROUP_ICON | #1005 | 90 | 1252 | |
MANIFEST | #1 | 346 | 1252 |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.DLL | LoadLibraryA | ||
KERNEL32.DLL | GetProcAddress | ||
KERNEL32.DLL | VirtualProtect | ||
KERNEL32.DLL | ExitProcess | ||
ADVAPI32.dll | RegCloseKey | ||
CrashRpt1301.dll | 16 | ||
CRYPT32.dll | CryptMsgClose | ||
d3d9.dll | Direct3DCreate9 | ||
d3dx9_43.dll | D3DXCreateFontA | ||
DINPUT8.dll | DirectInput8Create | ||
fmod_event.dll | FMOD_EventSystem_Create | ||
fmod_event_net.dll | enum FMOD_RESULT __stdcall FMOD::NetEventSystem_Update(void) ?NetEventSystem_Update@FMOD@@YG?AW4FMOD_RESULT@@XZ | ||
fmodex.dll | public: enum FMOD_RESULT __stdcall FMOD::Sound::release(void) ?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ | ||
GDI32.dll | BitBlt | ||
IPHLPAPI.DLL | IcmpSendEcho | ||
PhysX3_x86.dll | PxGetSDKMetaData | ||
PhysX3Common_x86.dll | PxGetFoundation | ||
PhysX3Cooking_x86.dll | PxCreateCooking | ||
SHELL32.dll | ShellExecuteA | ||
ts3client_win32.dll | ts3client_freeMemory | ||
USER32.dll | SetRect | ||
VERSION.dll | VerQueryValueA | ||
VMProtectSDK32.dll | VMProtectEnd | ||
WININET.dll | InternetOpenA | ||
WINMM.dll | timeGetTime | ||
WS2_32.dll | 8 | ||
XINPUT1_3.dll | 2 | ||
InvadeZ Hack.dll | _DllMain@12 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK