filename | order_id_7836247823678423678462387511111.exe | |
---|---|---|
size | 131072 (0x20000) | |
md5 | 4582ec8423353d7970781a44209d9cbb | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe0 |
Rich Header
lib id | version | times used |
---|---|---|
10 | 8047 | 16449549 |
2 | 7274 | 12124190 |
2 | 7274 | 14221350 |
10 | 8447 | 10027013 |
6 | 1735 | 12845098 |
5 | 8447 | 14942212 |
93 | 2067 | 3932182 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text C | 0x1000 | 0xe089 | 0xe200 | R-X CODE | |
.rdata . | 0x10000 | 0x56fc | 0x5800 | R-- IDATA | |
.data _ | 0x16000 | 0x22608 | 0x9800 | RW- IDATA | |
.rsrc q | 0x39000 | 0x2878 | 0x2a00 | R-- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x10744 | 0x190 | |
RESOURCE | 0x39000 | 0x2878 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0x1d884 | 0x40 | |
Bound_IAT | 0 | 0 | |
IAT | 0x10000 | 0x744 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
3488 | 3081 | 59 b6 9e 8a e0 43 f8 1d d8 ab 41 78 7c 7d 17 c1 |Y....C....Ax|}..| b9 06 83 e5 73 77 51 c6 66 fb d8 cb 8b 09 24 b9 |....swQ.f.....$.| 73 4c 1f de 13 |sL... | |
5920 | 2064 | 89 5d 52 2b 83 f8 84 07 5c 10 38 fc b4 91 01 d8 |.]R+....\.8.....| f2 01 e2 93 89 bc cf 92 65 b0 aa e6 37 7d ee cb |........e...7}..| 97 37 85 a5 8a b4 a4 c2 a7 ee |.7........ | |
4800 | 2064 | 2a 3b 57 3c 5d 79 ca 7a dc 1a 30 21 df 61 23 2d |*;W<]y.z..0!.a#-| 63 52 26 6c fc 69 5a 29 1a 23 26 |cR&l.iZ).#& | |
2800 | 2064 | 擳垰旹쮑㢱掺칮呀怊陭ﭟ訴 |
13824 | 3081 | 74 7b 56 94 ef 19 4c 12 2a 1d d0 c4 e6 2e b2 ad |t{V...L.*.......| 96 73 8c fa c3 43 38 ff 88 c1 cc ee 32 22 ab a6 |.s...C8.....2"..| 42 e9 73 ff c7 5e 38 ea c1 30 3d |B.s..^8..0= | |
15632 | 2064 | 28 a1 44 99 a1 96 35 c6 5e 4e d9 64 90 80 59 5c |(.D...5.^N.d..Y\| 2d e8 78 74 24 |-.xt$ | |
10016 | 3081 | 福ﺥ渭牬窽ꮕཀ珂뻌㚧⬣裹䆡咛哼㸡⤒쭐 |
4768 | 2064 | 74 f7 ac c7 1c a6 da 58 50 15 6a 51 d0 f1 b5 39 |t......XP.jQ...9| 49 cd af 84 ac 11 06 43 41 ae 28 b5 1f 6b 0a aa |I......CA.(..k..| b8 05 8a a5 99 8c 82 eb 94 24 96 8f 41 18 23 |.........$..A.# | |
12416 | 3081 | cf 5e 8e 71 f4 51 da 42 e4 f8 fb 61 cc 2b fd c0 |.^.q.Q.B...a.+..| 4f 8a b9 99 37 7e 0d 60 80 c6 96 d9 da 32 1e 7f |O...7~.`.....2..| ba 5b |.[ | |
7664 | 2064 | fe 20 01 40 ae 9e 14 b1 37 2f bf db 2b e2 a3 c3 |. .@....7/..+...| 5d fd 84 51 8b e3 82 |]..Q... | |
12624 | 3081 | 78 74 57 2c 59 46 2b b7 23 fe f2 6a ff 8a 31 d6 |xtW,YF+.#..j..1.| 01 7a f8 81 a2 ef 42 9c 6e 94 a2 85 bc 0a 87 e2 |.z....B.n.......| 30 92 72 6f 35 |0.ro5 | |
5248 | 2064 | c5 ba c2 5d cb 41 a8 cb 20 f5 13 e8 2f fc 61 85 |...].A.. .../.a.| ac fa b1 58 92 a7 87 14 aa 95 ab 18 62 31 66 cf |...X........b1f.| 5c ef df af a3 df 70 4d b9 b7 2d ed fb 56 |\.....pM..-..V | |
14912 | 3081 | 8a 92 c4 4e 12 c4 3d 74 04 60 10 09 ee be aa b7 |...N..=t.`......| e2 d1 a0 5f fb 1d 76 a0 da 69 79 b0 e4 17 24 |..._..v..iy...$ | |
13600 | 2064 | 27 4f 91 86 fd 29 8a e3 bc 1d 16 10 38 2b 67 14 |'O...)......8+g.| bc 10 e0 06 f5 08 4a |......J | |
13472 | 3081 | 1c cf 17 7a 63 84 98 74 7f 0d 4d 12 c5 3c eb 78 |...zc..t..M..<.x| 57 |W | |
6304 | 3081 | c0 c0 f9 0c 46 4a c5 98 e4 ae b7 0e 9b 6c 9b 18 |....FJ.......l..| 94 2c 61 53 31 07 2d 61 6b dc 2d 3d 37 8d fe 74 |.,aS1.-ak.-=7..t| 7e d0 f4 |~.. | |
2624 | 2064 | 78 df 7e 19 c4 1e 40 e9 fd 6e 3c e9 82 1d 20 3a |x.~...@..n<... :| 15 19 bf cb 35 a5 52 b5 8a 6c be 77 a5 fd 27 ea |....5.R..l.w..'.| c3 73 41 19 e8 a8 3a |.sA...: | |
14336 | 2064 | ➝좚ଅ텘Ϲ✊ꔯ抽熬᪓㾹ᱍⲀ |
6352 | 2064 | c5 e7 a4 fc 70 54 ed d3 66 59 18 5a cb db ea 22 |....pT..fY.Z..."| 62 06 b7 e8 e9 4f 74 be c6 5f 31 c5 a8 d5 53 |b....Ot.._1...S | |
StringTable 040904B0
CompanyName | Warren Software |
ProductVersion | 10 |
FileVersion | 10, 2, 6 |
InternalName | Gelatez |
LegalTrademarks | Iki Usosy Ufel Qyc Ojeg Ukyw |
LegalCopyright | 2004 |
OriginalFilename | Oejrh.exe |
ProductName | Aqawut |
FileDescription | Ylati Xyguba Pigyg |
VS_FIXEDFILEINFO
FileVersion | 10.2.0.0 |
ProductVersion | 10.2.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[!] string size(93362) > stringtable size(37). truncated to 35
[!] cannot convert "\x9E\x8A\xE0C\xF8\x1D\xD8\xABAx|}\x17\xC1\xB9\x06"... to UTF-16
[!] string size(47890) > stringtable size(42). truncated to 40
[!] cannot convert "R+\x83\xF8\x84\a\\\x108\xFC\xB4\x91\x01\xD8\xF2\x01"... to UTF-16
[!] string size(30292) > stringtable size(27). truncated to 25
[!] cannot convert "W<]y\xCAz\xDC\x1A0!\xDFa#-cR"... to UTF-16
[!] string size(72950) > stringtable size(26). truncated to 24
[!] string size(63208) > stringtable size(43). truncated to 41
[!] cannot convert "V\x94\xEF\x19L\x12*\x1D\xD0\xC4\xE6.\xB2\xAD\x96s"... to UTF-16
[!] string size(82512) > stringtable size(21). truncated to 19
[!] cannot convert "D\x99\xA1\x965\xC6^N\xD9d\x90\x80Y\\-\xE8"... to UTF-16
[!] string size(55948) > stringtable size(42). truncated to 40
[!] string size(126696) > stringtable size(47). truncated to 45
[!] cannot convert "\xAC\xC7\x1C\xA6\xDAXP\x15jQ\xD0\xF1\xB59I\xCD"... to UTF-16
[!] string size(48542) > stringtable size(34). truncated to 32
[!] cannot convert "\x8Eq\xF4Q\xDAB\xE4\xF8\xFBa\xCC+\xFD\xC0O\x8A"... to UTF-16
[!] string size(16892) > stringtable size(23). truncated to 21
[!] cannot convert "\x01@\xAE\x9E\x14\xB17/\xBF\xDB+\xE2\xA3\xC3]\xFD"... to UTF-16
[!] string size(59632) > stringtable size(37). truncated to 35
[!] cannot convert "W,YF+\xB7#\xFE\xF2j\xFF\x8A1\xD6\x01z"... to UTF-16
[!] string size(95626) > stringtable size(46). truncated to 44
[!] cannot convert "\xC2]\xCBA\xA8\xCB \xF5\x13\xE8/\xFCa\x85\xAC\xFA"... to UTF-16
[!] string size(75028) > stringtable size(31). truncated to 29
[!] cannot convert "\xC4N\x12\xC4=t\x04`\x10\t\xEE\xBE\xAA\xB7\xE2\xD1"... to UTF-16
[!] string size(40526) > stringtable size(23). truncated to 21
[!] cannot convert "\x91\x86\xFD)\x8A\xE3\xBC\x1D\x16\x108+g\x14\xBC\x10"... to UTF-16
[!] string size(106040) > stringtable size(17). truncated to 15
[!] cannot convert "\x17zc\x84\x98t\x7F\rM\x12\xC5<\xEBxW" to UTF-16
[!] string size(98688) > stringtable size(35). truncated to 33
[!] cannot convert "\xF9\fFJ\xC5\x98\xE4\xAE\xB7\x0E\x9Bl\x9B\x18\x94,"... to UTF-16
[!] string size(114416) > stringtable size(39). truncated to 37
[!] cannot convert "~\x19\xC4\x1E@\xE9\xFDn<\xE9\x82\x1D :\x15\x19"... to UTF-16
[!] string size(69804) > stringtable size(30). truncated to 28
[!] string size(118666) > stringtable size(31). truncated to 29
[!] cannot convert "\xA4\xFCpT\xED\xD3fY\x18Z\xCB\xDB\xEA\"b\x06"... to UTF-16
[!] refusing to read CURDIRENTRY beyond resource size