filename317.exe
size359936 (0x57e00)
md538b9ac8eceaa2670d823550c623531a7
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf0

Rich Header

lib idversiontimes used
1272913
14729943
19802245
10619
19803425
119782109
109782199
11816883
00102
617351

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x51121bfb
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion6.0
SizeOfCode0x3e000
SizeOfInitializedData0x1a000
SizeOfUninitializedData0x9b000
AddressOfEntryPoint0xd91a0
BaseOfCode0x9c000
BaseOfData0xda000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0xf4000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX 2.93 (LZMA)

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x9b0000RWX UDATA
UPX10x9c0000x3e0000x3de00RWX IDATA
.rsrc0xda0000x1a0000x19c00RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0xf379c0x35c
RESOURCE0xda0000x1979c
EXCEPTION00
SECURITY00
BASERELOC0xf3af80xc
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
TEXTINCLUDE#1110
TEXTINCLUDE#2220
TEXTINCLUDE#33370
CURSOR#13080
CURSOR#23080
CURSOR#33080
CURSOR#41800
BITMAP#10315840
BITMAP#10383240
BITMAP#11383440
BITMAP#11393440
BITMAP#11403440
BITMAP#11413440
BITMAP#11423440
BITMAP#11433440
BITMAP#11443440
BITMAP#11453440
BITMAP#2656715080
BITMAP#309941840
BITMAP#309953640
BITMAP#309963240
ICON#17440
ICON#22960
ICON#3676240
ICON#4169360
ICON#596400
ICON#642640
ICON#711280
MENU#127120
MENU#10396440
DIALOG#1501520
DIALOG#2863780
DIALOG#5542500
DIALOG#10372340
DIALOG#108422220
DIALOG#11241780
DIALOG#11342040
DIALOG#11501780
DIALOG#307212260
DIALOG#307223960
STRING#3841800
STRING#3842440
STRING#38431200
STRING#38574520
STRING#38582980
STRING#38593260
STRING#3865640
STRING#38661000
STRING#38674720
STRING#38682760
STRING#3869360
GROUP_CURSOR#1032200
GROUP_CURSOR#1033200
GROUP_CURSOR#30977340
GROUP_ICONDEFAULT_ICON760
GROUP_ICON#1151200
GROUP_ICON#1152200
MANIFEST#14610
idlangstring
614402052
4e d6 5f 4f 5e 16 2f 13  fb f1 f0 f5 74 43 4e 95  |N._O^./.....tCN.|
fe c0 42 cd e9 7c a1 4f  78 b5 eb 15 3e 84 f2 fe  |..B..|.Ox...>...|
e0 55 6b aa 3c 43 21 dc  ab cc 03 a5 11 5f bd ce  |.Uk.
614562052
db e0 61 01 0b 0b 3f 9f  6b c8 fd 64 b8 bf c4 af  |..a...?.k..d....|
78 3a f4 f7 81 bd ec de  b2 94 8c 37 46 76 19 c5  |x:.........7Fv..|
9b 69 0b 30 cc 3b ab 15  74 4b e0 b8              |.i.0.;..tK..    |
614722052
21 a4 53 fd a1 c1 ae 86  7e d1 08 f0 6e f9 63 d0  |!.S.....~...n.c.|
8c c7 40 73 d4 41 58 88  1e 01 4f ea 0c 5a c0 3e  |..@s.AX...O..Z.>|
d2 b4 d3 e8 75 9b 16 78  98 c6 8b 7f 3b b3 4d 52  |....u..x....;.MR|
4b a1 b0 f9 6b d9 85 6b  53 82 02 0b 3b 1c 1e ef  |K...k..kS...;...|
8d a5 ed f0 c0 b1 17 95  32 bf 1b 67 fd 31 37 0e  |........2..g.17.|
72 73 8f f3 3e 60 e7 b7  ff cb e1 cb 12 5a 8e 28  |rs..>`.......Z.(|
67 0d 96 6c a1 b6 ea e7  be fa 7f f4 88 d2 df 3d  |g..l...........=|
5a d2 df 89 7c 2e d6 35                           |Z...|..5        |
616962052
9c 06 99 99 1d 53 1a 18  1b 71 40 c6 fc 88 f6 7c  |.....S...q@....||
28 73 82 6d bd 9b fe c6  d8 38 05 70 40 e2 13 5e  |(s.m.....8.p@..^|
c4 56 70 12 b9 95 92 82  df f3 f0 bf 50 f6 03 b4  |.Vp.........P...|
94 5f 6e 76 e0 d3 25 c0  59 b7 77 ca bb a8 24 ff  |._nv..%.Y.w...$.|
7b 89 c3 46 89 58 e4 c9  13 39 7b 1f 9f 52 e8 e9  |{..F.X...9{..R..|
14 07 db d8 cf e0 ff 74  3c 4c 3b 6e 21 cf e5 9c  |.......tk.17|
3e f4 ca 8b bc fe b9 70  2c e2 1b 47 62 19 8a f2  |>......p,..Gb...|
8c 7d 6f 87 51 b5 de 57  5b 98 bb f9 3f ef aa 0d  |.}o.Q..W[...?...|
bf 3a e2 28 57 cb 0b 7b  f7 e0 9f bb 58 28 d0 f2  |.:.(W..{....X(..|
b6 b0 c5 22 75 70 96 c1  f4 79 7b a0 03 e5 f5 b9  |..."up...y{.....|
61 bb 45 a3 bf ad 28 66  dc 09 cb b0 e5 5c 49 0d  |a.E...(f.....\I.|
5c 1a 53 96 6a 3d 45 1a  6a 2d b5 a0 06 c6 d2 4d  |\.S.j=E.j-.....M|
04 f9 18 a5 4f a7 72 05  8c 6e 85 24 32 d7 f2 4b  |....O.r..n.$2..K|
79 00 fa 07 2f 89 69 48  b0 57 4a 01 e5 31 26 1c  |y.../.iH.WJ..1&.|
6f 52 d5 7b 98 f9 1d a0  f8 ff be 73 ea 34 35 eb  |oR.{.......s.45.|
ee 84 f8 d2 e4 1d 19 9e  17 e4 fe 5d 5e 7e 5a 96  |...........]^~Z.|
32 92 97 bb 03 eb e6 59  2f 41 03 26 48 11 51 49  |2......Y/A.&H.QI|
fb 5c a9 96 63 36 1d ce  6f be b9 63 45 8b e4 b3  |.\..c6..o..cE...|
84 34 d4 8d c5 e9 52 e9  cf 29 16 b4 fc c6 45 e1  |.4....R..)....E.|
d4 26 5a 09 0e e3 27 44  3a 5d 94 81 f1 79 96 2d  |.&Z...'D:]...y.-|
d1 00 8b 09 60 3c 25 b5  40 c1 a7 58 7a 25 35 c6  |....`<%.@..Xz%5.|
d2 18 de 96 c1 cb 6c 8a  05 c1 e7 f9 39 2d eb 53  |......l.....9-.S|
14 60 de 4c 78 46 7c a7  b8 2e a9 31 04 84 54 48  |.`.LxF|....1..TH|
77 80 1a 88 71 9d a4 f2  d0 d8 c1 d2 cf 65 a8 b3  |w...q........e..|
ff 23 28 18 13 54 2f be  c0 61 8f cf cc 3c f9 7f  |.#(..T/..a...<..|
4f 52 41 04 88 4a ab 90  69 4d 92 05 15 24 cc cd  |ORA..J..iM...$..|
96 b7 97 ea 40 e6 c7 98  d9 1c c6 1f a3 e3 67 29  |....@.........g)|
b6 fe d1 33                                       |...3            |
617122052
6e b6 25 90 7e 56 33 45  23 fc 59 e8 0e 58 b7 ce  |n.%.~V3E#.Y..X..|
8c d9 25 47 1c 0f 81 60  d3 cc f6 55 dd 41 fa d1  |..%G...`...U.A..|
64 ee 8a 5c c6 f8 fd 38  53 9a bf 6d a6 00 bc e9  |d..\...8S..m....|
53 28 60 1f 4b da 3f 58  f4 03 27 0f f7 3a 61 b1  |S(`.K.?X..'..:a.|
aa 22 be 9f 51 57 6c f5  12 2a 17 e9 5d 61 cd 7e  |."..QWl..*..]a.~|
8b d0 ee 69 5c ee 3b fb  02 03 7b d1 dc 08 25 62  |...i\.;...{...%b|
e7 1e 21 19 41 0b 65 97  3b 59 6d 6d aa df 45 11  |..!.A.e.;Ymm..E.|
b2 10 5e 49 39 42 02 77  81 ca 89 6e 4e 54 50 7b  |..^I9B.w...nNTP{|
e1 0d 41 57 65 8a ba 6d  26 a0 22 d2 1c 49 d7 a2  |..AWe..m&."..I..|
49 ba 75 9e 23 43 fa ea  eb 1f 67 c3 7d 1f 46 c2  |I.u.#C....g.}.F.|
5e f3 3c 74 86 0b 23 79  2d 49 95 6f 18 8c 1f cc  |^.
617282052
ae b1 8c da 1b bd 1a 13  85 1d b8 1d 24 36 d1 f7  |............$6..|
5f 82 e7 5d c7 3f 0a 4e  8a 67 6f 05 26 b9 73 5d  |_..].?.N.go.&.s]|
57 d8 68 5c c1 53 7e 21  15 ac 0b a4 31 1b d1 e0  |W.h\.S~!....1...|
94 c7 23 6b 44 79 ac 81  bd 99 40 9e 25 91 e2 07  |..#kDy....@.%...|
d2 5d 0a 16 2e be f8 32  0c 7b be b4 a6 72 e9 1f  |.].....2.{...r..|
18 28 e1 f7 d1 fa 9e d8  c0 b7 3d d0 32 ac 30 13  |.(........=.2.0.|
f0 76 ac 6d 55 0d 27 18  b0 ac 61 86 84 ab 91 ad  |.v.mU.'...a.....|
5e b3 8f 4d 41 26 ce 04  b5 aa 85 33 55 07 cb 6e  |^..MA&.....3U..n|
db 59 58 a0 eb db 88 2f  50 6d 24 f8 5f d5 c7 3e  |.YX..../Pm$._..>|
78 6a e9 1e 6e e6 22 d9  46 9c f6 cf 25 85 0a 28  |xj..n.".F...%..(|
7c e9 ec 5b ee 90 56 ce  9a c1 b2 76 c2 89 a4 1c  ||..[..V....v....|
97 e0 46 cc 9a 22 97 a7  6a 95 2a 66 75 91 17 86  |..F.."..j.*fu...|
63 33 2e df 60 5c a7 fd  d4 72 ac 2d b5 30 75 cc  |c3..`\...r.-.0u.|
c8 59 f2 2d 43 29 70 87  c3 ec 26 8f b9 ba 41 14  |.Y.-C)p...&...A.|
c7 43 28 1a 53 e0 67 9d  89 a3 6e 90 b8 a7 f9 88  |.C(.S.g...n.....|
9c 97 57 ed ef 05 0e 0f  6a b4 5f e3 72 e8 cd 2a  |..W.....j._.r..*|
5b 25 33 2a c0 2e fc b9  d2 b5 bd 71 3a 7c 40 f3  |[%3*.......q:|@.|
99 82 b1 65 8c 11 a0 e9  cb 99 1b 32 64 5d d7 6d  |...e.......2d].m|
f3 07 15 a5 12 03 7d a1  ff 57 ec 36 df b6 9e 5b  |......}..W.6...[|
15 a8 0a 8b c0 0c 6e 1c  76 b8 b1 06 1c ce 96 1c  |......n.v.......|
af 65 fb b8 97 9e                                 |.e....          |
618242052
64 02 10 6a 00 68 0e 18  4a ee aa 11 30 d1 9d dd  |d..j.h..J...0...|
4c 35 20 c4 fb f6 24 55  ed 51 5a 02 b3 c6 d3 62  |L5 ...$U.QZ....b|
a5 e4 8d 10 dd e9 e3 60  a0 26 90 b3 1f 98 ac 61  |.......`.&.....a|
9a c3 84 11 0e 62 02 60  a6 bb 70 e3 d5 f4 b5 43  |.....b.`..p....C|
618402052
92 18 c8 07 04 b5 ad 6a  04 0f c2 19 b7 ef 30 8a  |.......j......0.|
e0 5c a2 ec ac 3a 86 e0  e4 22 1a da 01 a3 80 f7  |.\...:..."......|
c8 e7 3f 32 89 73 c9 88  39 2b 15 af d2 a3 2a 5e  |..?2.s..9+....*^|
3e dd 0b 9e 7c 1c ad b2  90 4d ce 0d 01 3e fc d6  |>...|....M...>..|
89 eb 58 d2 97 62 83 c1  df 52 c6 ab 42 b8 14 cb  |..X..b...R..B...|
aa 2d 4c 29 2d b3 3c d9  3a 39 c8 80 e5 da 96 69  |.-L)-.<.:9.....i|
58 28 d2 cd                                       |X(..            |
618562052
01 5b 06 3f 13 dd 77 ad  6b 55 7b 29 9d 92 8f fa  |.[.?..w.kU{)....|
d6 da b3 a4 60 ba 07 b2  12 af 45 80 69 a7 d6 f9  |....`.....E.i...|
4f 43 71 27 b5 52 1a ca  a1 f9 68 7d f3 7e 90 71  |OCq'.R....h}.~.q|
7b b6 07 1d a9 b1 c0 7c  2a 38 26 ba 22 17 77 2c  |{......|*8&.".w,|
23 bb a1 e8 6d 84 fb 34  ef 48 7c 04 4c 42 c1 0d  |#...m..4.H|.LB..|
f9 6c b6 44 59 cb f5 8b  d7 80 4f d6 d6 49 52 95  |.l.DY.....O..IR.|
2f d1 8c 68 5e 14 b9 49  02 48 45 ef b3 5b bb db  |/..h^..I.HE..[..|
cf 04 60 74 2d 76 06 75  bf 72 33 ec 79 27 84 c4  |..`t-v.u.r3.y'..|
73 f2 34 72 23 80 e6 c0  c8 0e 63 53 f1 73 ab 8f  |s.4r#.....cS.s..|
8a b3 cd 6f 38 98 3e f7  66 45 72 23 c7 15 95 3d  |...o8.>.fEr#...=|
27 a1 e8 05 16 6e 48 3a  97 14 f2 04 f1 d9 ac 5f  |'....nH:......._|
eb b4 a0 42 d4 ae 5b 9e  a7 f6 82 ff 29 62 52 d7  |...B..[.....)bR.|
e2 31 15 26 a0 dd 09 8a  fa 35 14 be 34 d6 e2 54  |.1.&.....5..4..T|
54 11 9b 1f ae 2a 88 b8  4a 1f 6e e7 ae 98 c5 f7  |T....*..J.n.....|
18 da f8 15 8c 6d e1 ad  39 ee de 8e 14 d9 1f 54  |.....m..9......T|
6c c4 09 71 25 f7 63 1e  6a 8a 76 01 78 d5 6b cd  |l..q%.c.j.v.x.k.|
bb 6c 09 90 66 81 8e 7f  f0 e4 25 90 11 eb fa 5f  |.l..f.....%...._|
6b f1 5f 85 4f 5a e1 bc  cc 25 86 54 c3 4e ad 24  |k._.OZ...%.T.N.$|
86 c9 2c ad ba bc 12 4c  37 5d 9b 87 1a 19 73 ad  |..,....L7]....s.|
6e 51 84 f2 29 0b 3d a6  44 98 f1 72 57 e2 d3 13  |nQ..).=.D..rW...|
20 f4 29 aa cb 5f 98 db  82 6e c1 9f c0 7b 16 5a  | .).._...n...{.Z|
34 5f ca 0e 9f 06 42 8b  89 07 0c 55 c5 63 4a d2  |4_....B....U.cJ.|
46 a3 5b 42 62 d4 8c 3a  23 55 f8 e5 43 c8 87 64  |F.[Bb..:#U..C..d|
46 2e 76 98 2a 14 e6 a4  0d 66 e9 51 00 df 4e ae  |F.v.*....f.Q..N.|
a5 c0 58 6d cc ac c0 40  43 26 aa 31 5d 47 dc d1  |..Xm...@C&.1]G..|
de 88 cb 72 55 86 f1 20  9f 33 75 36 71 dc 7c 5c  |...rU.. .3u6q.|\|
4f 22 ef dd 7e b8 95 6a  9f ad 6b 32 11 3c 8a b9  |O"..~..j..k2.<..|
eb 53 99 1a fc 2f 3a 65  97 8b 0c f9 07 d6 06 f4  |.S.../:e........|
fb bc c2 f4 0d 00 ff 82  f0 5d cf af 40 43 bd c6  |.........]..@C..|
5e 62 72 b7 57 da 37 b4                           |^br.W.7.        |
618722052
07 a4 ea b2 03 a3 42 6f  37 a3 bb a4 74 b6 fc 53  |......Bo7...t..S|
ad be 76 77 29 45 d5 1c  a5 0d b5 73 d9 f0 e9 57  |..vw)E.....s...W|
5d 68 82 7a 5a 77 b1 1c  de ff 84 a0 74 c9 41 13  |]h.zZw......t.A.|
87 b1 7a 7f 3f c2 e9 07  17 64 ba 2c 9b 5c 28 9f  |..z.?....d.,.\(.|
c2 3a 57 bd bb de b2 21  d3 d9 91 04 f3 17 30 3d  |.:W....!......0=|
3d e2 96 7a 27 4c c9 d1  89 09 5b 35 f2 f9 72 ef  |=..z'L....[5..r.|
80 24 45 07 28 9c e2 2d  b0 fa 6d 53 43 7e 16 7e  |.$E.(..-..mSC~.~|
a7 ef 33 dd e9 cc dc e8  a4 a8 08 2e ad 4b f9 94  |..3..........K..|
0e b5 ae b9 00 19 e0 8f  55 88 63 b2 45 90 e3 98  |........U.c.E...|
0c 22 b9 ec 33 b9 7c e2  4e 28 59 e9 38 b8 60 8b  |."..3.|.N(Y.8.`.|
dd 35 43 a5 9e 5d c0 a9  27 4d 9b 7b 54 82 60 98  |.5C..]..'M.{T.`.|
5d 17 3e 22 ab 40 84 ae  28 49 a6 92 a3 69 79 31  |].>".@..(I...iy1|
9b 49 44 3e 6d 62 99 c7  26 c4 ca 5e 22 fe cf 94  |.ID>mb..&..^"...|
1e be 0b 2b a9 30 83 08  52 92 54 75 6b 6b 74 ca  |...+.0..R.Tukkt.|
ae 0e 2e b6 64 6c 15 ec  17 d1 4a b7 1f f6 14 67  |....dl....J....g|
6f 55 0c 50 c1 a9 00 35  56 27 8d 31 37 ea ee 3b  |oU.P...5V'.17..;|
14 8e 5a 50 75 c3 62 65  90 3a 6a 7e 46 1e 61 67  |..ZPu.be.:j~F.ag|
a1 63 d5 5d                                       |.c.]            |
618882052
1e 40 49 7b 6e f9 8e be  a3 91 ea e1 ca ab ca 7f  |.@I{n...........|
97 cd f8 4a 0c da 76 20  3d f8 5f e9 60 e6 fd 54  |...J..v =._.`..T|
0b 66 7d e5                                       |.f}.            |
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
ADVAPI32.dllRegCloseKey
COMCTL32.dll17
comdlg32.dllChooseColorA
GDI32.dllPatBlt
ole32.dllCoTaskMemFree
OLEAUT32.dll10
oledlg.dll8
RASAPI32.dllRasHangUpA
SHELL32.dllShellExecuteA
USER32.dllGetDC
WININET.dllInternetOpenA
WINMM.dllwaveOutOpen
WINSPOOL.DRVOpenPrinterA
WS2_32.dll16
offsetsizetypecomment
0359936EXE02/06/2013 09:01:47#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(109724) > stringtable size(80). truncated to 78
[!] cannot convert "_O^\x16/\x13\xFB\xF1\xF0\xF5tCN\x95\xFE\xC0"... to UTF-16
[!] string size(115126) > stringtable size(44). truncated to 42
[!] cannot convert "a\x01\v\v?\x9Fk\xC8\xFDd\xB8\xBF\xC4\xAFx:"... to UTF-16
[!] string size(84034) > stringtable size(120). truncated to 118
[!] cannot convert "S\xFD\xA1\xC1\xAE\x86~\xD1\b\xF0n\xF9c\xD0\x8C\xC7"... to UTF-16
[!] string size(3384) > stringtable size(452). truncated to 450
[!] cannot convert "\x99\x99\x1DS\x1A\x18\eq@\xC6\xFC\x88\xF6|(s"... to UTF-16
[!] string size(93404) > stringtable size(298). truncated to 296
[!] cannot convert "%\x90~V3E#\xFCY\xE8\x0EX\xB7\xCE\x8C\xD9"... to UTF-16
[!] string size(90972) > stringtable size(326). truncated to 324
[!] cannot convert "\x8C\xDA\e\xBD\x1A\x13\x85\x1D\xB8\x1D$6\xD1\xF7_\x82"... to UTF-16
[!] string size(1224) > stringtable size(64). truncated to 62
[!] cannot convert "\x10j\x00h\x0E\x18J\xEE\xAA\x110\xD1\x9D\xDDL5"... to UTF-16
[!] string size(12580) > stringtable size(100). truncated to 98
[!] cannot convert "\xC8\a\x04\xB5\xADj\x04\x0F\xC2\x19\xB7\xEF0\x8A\xE0\\"... to UTF-16
[!] string size(46594) > stringtable size(472). truncated to 470
[!] cannot convert "\x06?\x13\xDDw\xADkU{)\x9D\x92\x8F\xFA\xD6\xDA"... to UTF-16
[!] string size(83982) > stringtable size(276). truncated to 274
[!] cannot convert "\xEA\xB2\x03\xA3Bo7\xA3\xBB\xA4t\xB6\xFCS\xAD\xBE"... to UTF-16
[!] string size(32828) > stringtable size(36). truncated to 34
[!] cannot convert "I{n\xF9\x8E\xBE\xA3\x91\xEA\xE1\xCA\xAB\xCA\x7F\x97\xCD"... to UTF-16
[!] refusing to read CURDIRENTRY beyond resource size