worksxc_220.exe

info
MZ
PE
resources
strings
imports
foremost
7zip
hexdump
disasm
log
discuss
donate

filename	worksxc_220.exe
size	465995 (0x71c4b)
md5	3dcc63e69985b7637ac1671230ad176a

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x489b1e0e
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	5.0
SizeOfCode	0x3000
SizeOfInitializedData	0x1000
SizeOfUninitializedData	0x1d000
AddressOfEntryPoint	0x20d30
BaseOfCode	0x1e000
BaseOfData	0x21000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x22000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0x1d000	0	RWX UDATA
UPX1	0x1e000	0x3000	0x3000	RWX IDATA
.rsrc	0x21000	0x1000	0x600	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x21494	0x16c
RESOURCE	0x21000	0x494
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	744
DIALOG	#102	494
DIALOG	#127	172
STRING	#1	528
STRING	#2	342
GROUP_ICON	#103	20

lang

string

1033

ba 1b 40 84 e8 0d 08 20  de 20 db 90 cd 17 1c 07  |..@.... . ......|
aa 08 99 6d 11 32 05 47  03 1a 5c 83 d6 9c 01 70  |...m.2.G..\....p|
3c aa 0b 11 e4 85 60 46  16 05 aa 02 0b c8 17 02  |<.....`F........|
ea 14 85 ad b9 df a6 04  eb 15 e7 85 34 66 19 81  |............4f..|
11 0a af 83 48 e2 c8 84  b7 a5 19 0a 79 61 e7 1d  |....H.......ya..|
02 05 0a dd 71 0e 0c 22  28 8b ca 4f 6d 7b 34 e0  |....q.."(..Om{4.|
e1 72 10 24 10 2b 0c 5b  2a bc dd 03 c2 b3 eb 07  |.r.$.+.[*.......|
1a a9 03 7b 97 78 a2 dc  5c 7e 6d 63 01 dd 8b 42  |...{.x..\~mc...B|
6d 13 ff 1a 4f 2c 3b d1  36 75 1f 35 ff 3a 8c a5  |m...O,;.6u.5.:..|
cb 4f c1 74 37 d1 6f 0a  9a 3a b4 19 78 07 eb 68  |.O.t7.o..:..x..h|
ec 5e 23 64 72 b8 51 c4  b0 fb 57 81 b1 3c 9f 34  |.^#dr.Q...W..<.4|
47 30 d0 e8 a2 ad 0d 73  b8 56 a1 59 56 40 36 b3  |G0.....s.V.YV@6.|
05 b2 e8 59 92 43 fd ec  da 73 b7 7f 8a 09 88 0a  |...Y.C...s......|
42 f7 ec 48 0f 43 49 36  b4 73 05 27 41 c0 ff 4b  |B..H.CI6.s.'A..K|
dd 43 ff a1 00 db 50 41  0d d3 c1 b8 eb ce cb 81  |.C....PA........|
00 8a 4b 08 bf 48 b9 83  23 00 e4 31 28 44 ea ad  |..K..H..#..1(D..|
c3 46 18 8c ac 01 d6 56  f2 fd 25 24 3e 98 64 b7  |.F.....V..%$>.d.|
34 0f 09 74 80 c9 b0 b1  ec e0 36 7c 37 16 66 ca  |4..t......6|7.f.|
82 8d cc cd 35 26 5e 1b  1b bd b1 76 08 07 76 25  |....5&^....v..v%|
6d 5a ff 60 24 18 6a 23  13 d9 83 0e 0a fc 28 57  |mZ.`$.j#......(W|
30 a4 1f 50 1a cb b2 2c  5b 4e 4d 4f 4d 4e 4d 99  |0..P...,[NMOMNM.|
ed f3 2f d9 2b 1e 89 0e  01 5e eb 4e aa 08 db 89  |../.+....^.N....|
45 f2 d8 01 9c 24 fe 24  31 5b 24 83 9c 69 96 db  |E....$.$1[$..i..|
ed b2 19 fe 61 1a 03 0c  1b 67 f4 35 cb e5 b2 42  |....a....g.5...B|
1c 36 1d 73 1e c5 ec 31  30 c1 d6 0b ff ab 04 47  |.6.s...10......G|
15 b0 05 01 07 35 f4 5c  1c b6 6f 40 3b f7 07 64  |.....5.\..o@;..d|
7e 34 8b 5e 79 56 26 5e  72 05 52 c0 8e 89 7d 18  |~4.^yV&^r.R...}.|
07 6d b3 63 57 c0 3b f9  b8 cf 49 4e 2c 07 a3 d3  |.m.cW.;...IN,...|
d1 57 6c 4d 13 8d 4e e4  be 25 1b 0c 0c 50 fa 14  |.WlM..N..%...P..|
73 17 ff a9 a7 2f 8d a0  39 56 d3 e7 0b df a1 c2  |s..../..9V......|
4e b6 fd 02 ae 8b 2b 97  23 cb 8d 3c cf 1b 0f 2c  |N.....+.#..<...,|
cd c6 ad c0 1c 1d 07 4f  01 da 7e d3 b1 76 6d bf  |.......O..~..vm.|
eb 0b 2b d1 24 1c 2e 75  22 1a 95 d8 66 8f e1 f3  |..+.$..u"...f...|

1033

5b 36 03 7f c0 da eb 80  39 eb c4 50 09 1e d9 5a  |[6......9..P...Z|
73 db 0e 08 3e 49 45 86  0f 17 90 65 20 ec 14 78  |s...>IE....e ..x|
6d 85 ed b3 7e 89 5d 0c  3b f6 10 7f 32 b2 85 9d  |m...~.].;...2...|
ce 05 80 12 64 36 8d 5d  33 10 df 32 37 eb c8 d7  |....d6.]3..27...|
e6 b0 52 6f 12 3b 55 1c  54 77 19 36 d0 0a b4 e3  |..Ro.;U.Tw.6....|
1a b0 1d ef 0b d9 61 c8  3e e7 80 28 83 d8 53 8b  |......a.>..(..S.|
69 d4 d0 10 ec e8 bb 5c  29 62 4e fd 95 ed ae cf  |i......\)bN.....|
37 df 2b d9 41 1c 1c 3b  cb 72 ad 6d f1 bf d3 cf  |7.+.A..;.r.m....|
2b cb 8a 19 88 1f 8a 59  56 41 06 03 0c 85 dd 1d  |+......YVA......|
a0 02 eb 2d 2d 03 cb bb  9d b6 2d 5c db 2f 39 3f  |...--.....-\./9?|
32 4f 29 07 8b 2e f7 cd  5d 8a 1b 25 79 1c 49 75  |2O).....]..%y.Iu|
f2 24 4d e0 de da 6b 47  3f 38 a2 08 75 f5 9a 6e  |.$M...kG?8..u..n|
b3 43 d8 e5 eb 1a 7d 8a  8b 15 88 0f 13 85 ba d6  |.C....}.........|
34 84 1b 81 85 c9 e9 a7  4f b4 79 c5 72 11 1a a5  |4.......O.y.r...|
c7 40 73 6d bb 63 17 0b  12 22 27 8b da 2b ee c1  |.@sm.c..."'..+..|
5a d1 9a 2b f4 3b d9 73  02 21 52 79 e8 6a f1 ed  |Z..+.;.s.!Ry.j..|
df 47 d9 c1 e3 03 2b d3  89 56 be 55 f8 03 ca 67  |.G....+..V.U...g|
b4 ad 4a 47 17 d1 2b 46  46 50 a2 76 f0 b5 68 6b  |..JG..+FFP.v..hk|
ae 41 5f e3 74 3e d6 9a  e5 f9 46 fa ef f9 cf 86  |.A_.t>....F.....|
43 05 cc 14 7b 2b f9 45  38 47 ee e9 e8 ad e5 3f  |C...{+.E8G.....?|
38 01 48 47 18 43 90 15  32 95 99 8c 44 fd da bf  |8.HG.C..2...D...|
29 d2 58 4b 1f 04                                 |).XK..          |

module_name	hint	ord	function_name
KERNEL32.DLL			LoadLibraryA
KERNEL32.DLL			GetProcAddress
KERNEL32.DLL			ExitProcess
GDI32.dll			DeleteObject
ole32.dll			CoInitialize
SHELL32.dll			ShellExecuteA
USER32.dll			SetFocus

show previews

offset	size	type	comment
0	14336	EXE	08/07/2008 16:08:46	#
15c1	15	HTM		#
3804	451655	ZIP		#

Scanning the drive for archives:
1 file, 465995 bytes (456 KiB)


--
Type = zip
Offset = 14340
Physical Size = 451655

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2004-11-27 13:40:15 ....A           92           88  __config.sfx
2008-08-28 07:46:51 ....A       205312       199212  setup.exe
2008-08-08 09:05:23 ....A          526          330  __config.rtf
2005-12-07 09:13:09 ....A         6656         4934  Uninstall.exe
2008-08-28 10:44:32 ....A        50688        18595  wksxcnv.xla
2008-08-20 09:40:35 ....A         8840         3525  wksxinfo.rtf
2001-04-03 09:40:22 ....A        19456         6419  RemoveWksBars.xla
2001-06-21 20:52:46 ....A           50           50  RL-Software Website.url
2008-08-18 07:56:26 ....A       135680       123851  WKSXCNV.dll
2008-08-28 11:17:51 ....A        63851        56490  info.chm
2008-08-28 11:16:23 ....A        44164        36629  rlorder.chm
------------------- ----- ------------ ------------  ------------------------
2008-08-28 11:17:51             535315       450123  11 files

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[!] string size(14196) > stringtable size(528). truncated to 526

[!] cannot convert "@\x84\xE8\r\b \xDE \xDB\x90\xCD\x17\x1C\a\xAA\b"... to UTF-16

[!] string size(27830) > stringtable size(342). truncated to 340

[!] cannot convert "\x03\x7F\xC0\xDA\xEB\x809\xEB\xC4P\t\x1E\xD9Zs\xDB"... to UTF-16