filenameReg2exe.exe
size44032 (0xac00)
md54ac57418ec1585b3ad984b935a3b6f0c
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xc8

Rich Header

lib idversiontimes used
1472991
987839
1397821

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x43fb4950
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion6.0
SizeOfCode0xa000
SizeOfInitializedData0x2000
SizeOfUninitializedData0x13000
AddressOfEntryPoint0x1d090
BaseOfCode0x14000
BaseOfData0x1e000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion2.25
SubsystemVersion4.0
Reserved10
SizeOfImage0x20000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x130000RWX UDATA
UPX10x140000xa0000x9200RWX IDATA
.rsrc0x1e0000x20000x1600RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x1f4540x9c
RESOURCE0x1e0000x1454
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BINSELFREG.EXE174081200
BITMAP#100135441200
ICON#300012961200
ICON#300027441200
ICON#3000316401200
STRING#11301200
STRING#75621200
STRING#82401200
STRING#92341200
STRING#103221200
STRING#112481200
GROUP_ICON#1481200
VERSION#110521200
MANIFEST#15110
idlangstring
01033
46 5c aa 11 ea e4 52 44  e0 e8 18 52 0f c7 cc d8  |F\....RD...R....|
12 2e 11 08 2d 97 fa ff  7f 53 0c 04 af d0 2a 2c  |....-....S....*,|
61 91 cb 58 0d b8 94 75  e8 d5 6d f0 d6 b4 30 6f  |a..X...u..m...0o|
f4 ff ff 5f c8 c9 b7 27  ec c0 da fb dc c3 cf 57  |..._...'.......W|
e6 8b 07 d7 08 64 86 3e  1f e9 20 f8 ff 6f fd 32  |.....d.>.. ..o.2|
94 30 30 1f 2f a0 60 85  53 eb 6b 8d f5 32 1b 39  |.00./.`.S.k..2.9|
90 35 45 a0 4b 1b ff ff  ff df 33 1b 00 39 c8 01  |.5E.K.....3..9..|
17 1b 14 1b 99 91 12 96  ef 2f 44 2c 79 28 18 35  |........./D,y(.5|
8f d8                                             |..              |
961033
5a 3f c8 ff 5b 7d e1 75  03 89 cf 17 96 fd ee 56  |Z?..[}.u.......V|
31 f0 c8 f0 19 eb 17 35  fe 71 81 a5 fe 6d 32 61  |1......5.q...m2a|
18 d7 33 20 58 09 92 fc  35 5b fc 12 6f 3e 66 c1  |..3 X...5[..o>f.|
20 49 a5 d8 1c a2 c7 a2  f6 4b fd 2f fc aa 08 51  | I.......K./...Q|
1a 29 58 05 65 e4 00 a1  e4 ed 71 7b 91 2d a1 ab  |.)X.e.....q{.-..|
16 ed ed 8f 07 ec 0b 33  c5 ce a1 38 80 36 fa ff  |.......3...8.6..|
7f b2 44 ba b4 bd 1c 2f  1a f7 c6 fc 10 ef b9 81  |..D..../........|
ce 4b 8f 5c a8 0d 37 2a  f5 97 4d 81 6f 9b 3b dd  |.K.\..7*..M.o.;.|
e6 55 fa 58 c8 ff 5f a2  c4 89 65 e6 b7 f6 11 87  |.U.X.._...e.....|
d0 05 18 d4 6a c9 2c 5b  a9 fe c2 ff ff 90 e2 39  |....j.,[.......9|
8d c8 ec 2c db f2 d6 8b  19 2b 45 c8 14 08 d4 a1  |...,.....+E.....|
dc da 02 b3 66 4d 46 40  ff 25 f2 6b 9f d2 bd ef  |....fMF@.%.k....|
d6 dd 1f af ff df 28 fc  7a 39 1f 7e 03 e7 71 13  |......(.z9.~..q.|
70 6b 96 29 14 b9 af 31  d2 29 16 b7 ff 37 fa e2  |pk.)...1.)...7..|
37 36 9c c2 8c d1 6a 0c  4f 2e 79 06 6c 9f 32 18  |76....j.O.y.l.2.|
00 44 b7 17 fe ff ff e9  4a 10 31 38 db 71 02 45  |.D......J.18.q.E|
03 16 66 68 36 24 70 b1  4b 98 cd 4d 44 c0 7d 29  |..fh6$p.K..MD.})|
51 fe ff ff ad bf 95 7e  0c 83 bd 05 1e 67 bc ff  |Q......~.....g..|
b5 0c e8 81 d8 6f c1 a3  18 1d d2 d0 29 fa ff ff  |.....o......)...|
ff ad 21 96 5b 83 12 03  01 c0 dd 21 cc 71 80 9c  |..!.[......!.q..|
2c d4 18 10 c8 d6 36 1e  25 97 65 6f ff ff db 05  |,.....6.%.eo....|
09 da 2c 8b cb 10 e6 fc  ee 78 24 41 e8 62 20 a3  |..,......x$A.b .|
20 f1 14 52 0d 28 1f 16  45 ff ff 18 96 3b 37 de  | ..R.(..E....;7.|
6e b3 2d 93 f0 25 05 11  3d 04 03 72 1b fd b7 fa  |n.-..%..=..r....|
22 f4 56 21 14 18 f9 97  7c 37 9d 63 f0 2c 16 04  |".V!....|7.c.,..|
f5 1b fd c7 43 04 8b 6a  da ac 16 b0 c2 ec 43 06  |....C..j......C.|
17 f8 6f 4a 40 02 09 2f  9d 2d 98 c7 ab bc 04 c2  |..oJ@../.-......|
df 62 8b ff 0e 08 a8 fd  91 87 17 0a c8 06 33 73  |.b............3s|
04 02 6a f0 ff 37 f8 68  e3 5b 07 30 0c 78 4b 4b  |..j..7.h.[.0.xKK|
63 bc df dd d8 07 39 b7  75 05 72 ff ff 2f 2c 97  |c.....9.u.r../,.|
8b 48 22 c6 d6 48 e0 65  a3 b1 17 6c 7f ce a3 a4  |.H"..H.e...l....|
a1 68 c9 36 bc 7f 81 ff  ff c8 64 41 92 f3 ef d8  |.h.6......dA....|
2c 88 54 4b 99 6c ee b0  b1 5a f0 a8 1f 35 73 21  |,.TK.l...Z...5s!|
0e 85 fe df fa 0d 9c 28  cc 16 9f 02 a6 23 ba 5c  |.......(.....#.\|
a0 bb 7b e6 1c 6c 28 ff  42 2d fe e8 49 c1 68 40  |..{..l(.B-..I.h@|
80 23                                             |.#              |
1121033䢷홑徱៺飸崐ᝇ瘍셻ᘲ✛區7￿諿┒岕獰漰㻡棃蔔櫠ㅹ욃㰐뷻锐뮹￳ꗿ䇹걸쉨晀쏅٨和ꂏ衤᰿ꡠ䓦௡˼覅첇ኆఆꔍ￾᭾鎍ሒ똅Ἕԕ濾죴⚺碌콋瑑읱쉯뾥ꗑ﨏୦ネ鲤ඡᏖ￿햿ޑ㓥㠃轃㷷⣨䎹樼ᴾ䀉ェ뿿㱂╺꧲烒䊿ﶏ樖ᨃ橄攆ﱋ㟿䏺祈ᶷ⻤昦ħⴥ
1281033
e8 dd 15 69 b6 41 3e 7f  83 ff 2f e8 d3 08 68 44  |...i.A>.../...hD|
48 f2 63 ff 7c 22 e8 bf  ac 6a 23 e8 b5 09 50 ff  |H.c.|"...j#...P.|
7f e3 ff 6a 3b e8 ab f7  7d 23 3f 54 6a 3c b8 58  |...j;...}#?Tj<.X|
a6 34 dc 24 5d 1a e8 ba  dc 14 14 19 a9 ff ff 52  |.4.$]..........R|
ff 06 66 b7 11 09 06 e1  01 c4 72 f7 ba b0 06 38  |..f.......r....8|
5f 24 91 b2 31 18 c1 b4  c0 2f f4 ff ff 6f 86 e0  |_$..1..../...o..|
7b 30 43 31 25 12 a1 50  81 de 54 2c 6c f8 4e 98  |{0C1%..P..T,l.N.|
c4 ee 86 bb f8 80 ff 6f  f5 39 7c 2e 97 22 eb 8d  |.......o.9|.."..|
63 04 65 f4 40 49 c7 7b  74 36 ff ff df 02 70 e1  |c.e.@I.{t6....p.|
19 2a 6f a0 9b 6b 14 25  46 08 bf c0 75 7d 14 c1  |.*o..k.%F...u}..|
ef ed d6 ff ff 12 c5 7b  ef d7 11 05 17 ad 7d fc  |.......{......}.|
a3 8c f1 33 0b a0 f8 8b  28 ff ff ff ff 14 39 fc  |...3....(.....9.|
8b e4 10 b2 f8 30 14 3c  e1 33 61 8e 01 c7 02 e5  |.....0.<.3a.....|
f8 1b 6f b1 b7 5b 2b 7f  0a 06 0d 74 1e 7f fb a5  |..o..[+....t....|
ff 20 09 25 0f 8c 22 fe  be b9                    |. .%.."...      |
1441033
28 0f 8f e7 8e 85 7c 03  3b 99 6b ff 7f 81 ff 07  |(.....|.;.k.....|
80 63 47 e8 72 0d 96 87  e1 84 5a 11 31 1f 30 1c  |.cG.r.....Z.1.0.|
03 fa 77 b1 73 10 68 ff  6f f0 ff 84 93 3a 6d cf  |..w.s.h.o....:m.|
bc cd 1c 95 62 24 03 75  a6 f6 d9 6e 5b 43 14 cc  |....b$.u...n[C..|
02 50 06 d4 c2 ff 6f 1a  82 2c f2 48 f3 00 06 75  |.P....o..,.H...u|
23 07 1c 83 e8 ba 4a ff  6f 5d aa aa 10 f8 0a d3  |#.....J.o]......|
b5 8a 67 f8 3a 9a a7 9e  bb 6c 93 ff ff 6f fc 66  |..g.:....l...o.f|
90 13 23 02 4f b2 7c 21  ec a2 28 05 73 14 a4 99  |..#.O.|!..(.s...|
c0 0e 83 9e 27 08 b2 2b  1b 25 16 7a 89 b6 19 45  |....'..+.%.z...E|
a2 9b 60 2f 05 e9 97 fe  ff 41 03 79 2b 11 c8 00  |..`/.....A.y+...|
b6 68 85 9e 02 64 21 05  75 6a 41 fc 96 0d cf ff  |.h...d!.ujA.....|
df 78 61 79 ef ef 4b 81  dc a2 18 a6 ac f0 22 e1  |.xay..K.......".|
20 e4 eb 5e 3e ff ff bf  f1 9f 6b 43 c7 b0 46 d3  | ..^>.....kC..F.|
02 d0 75 0b 3b d2 d3 3d  63 11 94 eb 32 13 15 29  |..u.;..=c...2..)|
d4 44 f7 f8 ff ff ff 0d  32 32 b1 1f 23 c4 04 14  |.D......22..#...|
ec d9 c0 e4 b6 0c 7f 33  54 3c 01 5a f4 cb 8b 4c  |.......3T<.Z...L|
f2 b6 55 ba ff db 97 58  bb 30 e9 0a 04 04 74 5e  |..U....X.0....t^|
c2 47 f4 07 75 3b 54 41  3a ff ff ff ff 79 4b fb  |.G..u;TA:....yK.|
ed f6 d2 75 e2 69 10 02  22 18 2b 0f 3b 41 4c 7d  |...u.i..".+.;AL}|
0b 0a 23 1f b6 1b 4c 1d  eb 14 15 54 7e 05 a8 ff  |..#...L....T~...|
ff 09                                             |..              |
1601033
e7 19 33 4c 02 05 08 75  31 e4 79 60 0d 84 50 c2  |..3L...u1.y`..P.|
bf db e8 03 18 93 4c 87  06 03 04 35 87 2c 63 8f  |......L....5.,c.|
08 e4 da 0b fc ff 1c 9e  eb ce b2 4c 14 50 0a 50  |...........L.P.P|
1d 4c 8c 0e cf 15 58 39  b7 ff f6 b7 cc 06 81 9d  |.L....X9........|
6f f2 08 1f 42 4c 17 92  e7 14 03 1c 15 58 e0 ff  |o...BL.......X..|
4b 5f ea 45 0f 86 90 57  d1 ed c2 f0 c8 74 14 0c  |K_.E...W.....t..|
75 0f 16 09 36 eb 37 f8  ff 7f 12 75 0c 56 6d 0f  |u...6.7....u.Vm.|
43 d1 17 80 d6 aa b0 b7  14 29 1f 70 f6 ff 2f fc  |C........).p../.|
7f c2 52 58 29 57 0f 3c  c3 60 a9 94 50 f0 46 6d  |..RX)W.<.`..P.Fm|
a4 6e 25 04 21 13 10 90  47 05 16 fe b7 09 37 b0  |.n%.!...G.....7.|
93 0f 3d 6e 24 2e 76 e0  42 c9 d3 f5 bf f0 ff 12  |..=n$.v.B.......|
f6 0f 5c 0b 99 6d 13 b7  38 eb 1a a1 0a 12 e3 c4  |..\..m..8.......|
c8 02 df 0e 0b fd 12 ff  2f d6 75 07 c2 08 f0 64  |......../.u....d|
f3 cb 26 74 68 99 8b 75  aa 0f be fd ff ff bf 38  |..&th..u.......8|
6d 37 09 a6 2d 68 1e 39  3e ee 7e c7 a5 80 83 7e  |m7..-h.9>.~....~|
36 11 ff 76 04 e8 87 24                           |6..v...$        |
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLExitProcess
MSVBVM60.DLL619

StringTable 040904B0

CommentsPublished under the GNU General Public License; homepage: http://www.ctuser.net; Compressed with upx: http://upx.sourceforge.net
CompanyNamectuser
FileDescriptionReg2exe 'converter'
LegalCopyrightCopyright 2001-2006 by Jan Vorel
ProductNameReg2exe 'converter'
FileVersion2.25.2006.0220
ProductVersion2.25.2006.0220
InternalNameReg2exe
OriginalFilenameReg2exe.exe

VS_FIXEDFILEINFO

FileVersion2.25.2006.220
ProductVersion2.25.2006.220
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS4
FileType1
FileSubtype0
offsetsizetypecomment
044032EXE02/21/2006 17:09:36#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] can't find file_offset of VA 0x12378
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(47244) > stringtable size(130). truncated to 128
[!] cannot convert "\xAA\x11\xEA\xE4RD\xE0\xE8\x18R\x0F\xC7\xCC\xD8\x12."... to UTF-16
[!] string size(32436) > stringtable size(562). truncated to 560
[!] cannot convert "\xC8\xFF[}\xE1u\x03\x89\xCF\x17\x96\xFD\xEEV1\xF0"... to UTF-16
[!] string size(7684) > stringtable size(240). truncated to 238
[!] string size(113616) > stringtable size(234). truncated to 232
[!] cannot convert "\x15i\xB6A>\x7F\x83\xFF/\xE8\xD3\bhDH\xF2"... to UTF-16
[!] string size(7760) > stringtable size(322). truncated to 320
[!] cannot convert "\x8F\xE7\x8E\x85|\x03;\x99k\xFF\x7F\x81\xFF\a\x80c"... to UTF-16
[!] string size(13262) > stringtable size(248). truncated to 246
[!] cannot convert "3L\x02\x05\bu1\xE4y`\r\x84P\xC2\xBF\xDB"... to UTF-16