NO$GBA.EXE - Nocash GBA Emulator

info
MZ
PE
resources
imports
foremost
7zip
version info
hexdump
disasm
log
discuss
donate

filename	NO$GBA.EXE
size	191042 (0x2ea42)
md5	57192a7bf068d0a441258a67c058c8f5

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x1d4
blocks_in_file	3
num_relocs	0
header_paragraphs	0x20
min_extra_paragraphs	0x11
max_extra_paragraphs	0xffff
ss	0x3e
sp	0x100
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0x6a7220fb0001
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x600

DOS stub

00000000: 0e 1f be 11 00 ac cd 29  ac 3c 00 75 f9 b4 4c cd  |.......).<.u..L.|
00000010: 21 20 20 da c4 c4 c4 c4  c4 c4 c4 c4 c4 c4 c4 c4  |!  .............|
00000020: c4 c4 c4 c4 c4 c4 c4 c4  c4 c4 c4 c4 c4 c4 c4 c4  |................|
*
00000050: c4 c4 c4 c4 c4 c4 c4 c4  c4 bf 0d 0a 20 20 b3 20  |............  . |
00000060: 20 20 20 20 20 20 20 4e  4f 24 47 42 41 2c 20 6e  |       NO$GBA, n|
00000070: 6f 63 61 73 68 20 47 42  41 20 65 6d 75 6c 61 74  |ocash GBA emulat|
00000080: 6f 72 2c 20 63 6f 70 79  72 69 67 68 74 20 4d 61  |or, copyright Ma|
00000090: 72 74 69 6e 20 4b 6f 72  74 68 2e 20 20 20 20 20  |rtin Korth.     |
000000a0: 20 20 20 20 b3 0d 0a 20  20 b3 20 20 20 53 6f 72  |    ...  .   Sor|
000000b0: 72 79 2c 20 74 68 69 73  20 76 65 72 73 69 6f 6e  |ry, this version|
000000c0: 20 6f 66 20 4e 4f 24 47  42 41 20 72 65 71 75 69  | of NO$GBA requi|
000000d0: 72 65 73 20 77 69 6e 64  6f 77 73 20 4e 54 2c 20  |res windows NT, |
000000e0: 39 35 2c 20 39 38 2c 20  65 74 63 2e 20 20 20 b3  |95, 98, etc.   .|
000000f0: 0d 0a 20 20 b3 49 66 20  79 6f 75 20 64 6f 6e 27  |..  .If you don'|
00000100: 74 20 68 61 76 65 20 77  69 6e 64 6f 77 73 2c 20  |t have windows, |
00000110: 6f 72 20 6a 75 73 74 20  64 6f 6e 27 74 20 6c 69  |or just don't li|
00000120: 6b 65 20 69 74 2c 20 70  6c 65 61 73 65 20 64 6f  |ke it, please do|
00000130: 77 6e 6c 6f 61 64 20 74  68 65 b3 0d 0a 20 20 b3  |wnload the...  .|
00000140: 20 20 74 72 75 73 74 79  20 44 4f 53 20 76 65 72  |  trusty DOS ver|
00000150: 73 69 6f 6e 20 6f 66 20  4e 4f 24 47 42 41 20 61  |sion of NO$GBA a|
00000160: 74 20 68 74 74 70 3a 2f  2f 6e 6f 63 61 73 68 2e  |t http://nocash.|
00000170: 65 6d 75 62 61 73 65 2e  64 65 2f 67 62 61 2e 68  |emubase.de/gba.h|
00000180: 74 6d 20 20 20 b3 0d 0a  20 20 c0 c4 c4 c4 c4 c4  |tm   ...  ......|
00000190: c4 c4 c4 c4 c4 c4 c4 c4  c4 c4 c4 c4 c4 c4 c4 c4  |................|
*
000001d0: d9 0d 0a 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000400:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x92ba42b7
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818f
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0x24000
SizeOfInitializedData	0x2000
SizeOfUninitializedData	0xd8000
AddressOfEntryPoint	0xfc100
BaseOfCode	0xd9000
BaseOfData	0xfd000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	1.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0xff000
SizeOfHeaders	0x800
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x2000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0xd8000	0	RWX UDATA
UPX1	0xd9000	0x24000	0x23400	RWX IDATA
.rsrc	0xfd000	0x2000	0x1600	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xfe38c	0x1e4
RESOURCE	0xfd000	0x138c
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	248
ICON	#2	296
ICON	#3	744
ICON	#4	1640
ICON	#5	744
ICON	#6	744
GROUP_ICON	ICON1	62
GROUP_ICON	ICON2	20
GROUP_ICON	ICONXED	20
VERSION	#1	632

module_name	hint	ord	function_name
KERNEL32.DLL			LoadLibraryA
KERNEL32.DLL			GetProcAddress
KERNEL32.DLL			ExitProcess
ADVAPI32.dll			OpenServiceA
COMCTL32.DLL			PropertySheetA
COMDLG32.dll			GetSaveFileNameA
GDI32.dll			TextOutA
SHELL32.DLL			ShellExecuteA
USER32.dll			GetDC
WINMM.dll			joyGetPos

StringTable 040904b0

FileVersion	Windows version
FileDescription	Nocash GBA Emulator
InternalName	NO$GBA
LegalCopyright	Copyright © 2001,2002 Martin Korth
OriginalFilename	NO$GBA.EXE
ProductName	No$gba

VS_FIXEDFILEINFO

FileVersion	0.0.0.0
ProductVersion	0.0.0.0
StrucVersion	0x10000
FileFlagsMask	0
FileFlags	0
FileOS	0
FileType	0
FileSubtype	0

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	185458	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 191042 bytes (187 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[!] refusing to read ICODIRENTRY beyond resource size

NO$GBA.EXE-