| filename | pidgen.exe | |
|---|---|---|
| size | 2467840 (0x25a800) | |
| md5 | 582e559b506da952eddbda4d8db799e7 | |
| type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | scan pending | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x50 |
| blocks_in_file | 2 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0xf |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0x1a |
| reserved0 | 0x726a30fb0000 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x200 |
DOS stub
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001c0:
PE Header
Packer / Compiler
UPX Modified >> *$igBy Ahmed18 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x881000 | 0 | RWX UDATA | |
| UPX1 | 0x882000 | 0x23f000 | 0x23ee00 | RWX IDATA | |
| .rsrc | 0xac1000 | 0x1c000 | 0x1b600 | RW- IDATA |
Data Directory
TLS
| raw start | raw end | index | callbks | zero fill | flags | |
|---|---|---|---|---|---|---|
| 0xec0bac | 0xec0c9c | 0x7f311c | 0 | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| KERNEL32.DLL | ExitProcess | ||
| ADVAPI32.DLL | RegCloseKey | ||
| COMCTL32.DLL | 17 | ||
| COMDLG32.DLL | GetOpenFileNameW | ||
| GDI32.DLL | Arc | ||
| GDIPLUS.DLL | 1 | ||
| OLE32.DLL | IsEqualGUID | ||
| OLEACC.DLL | LresultFromObject | ||
| OLEAUT32.DLL | 8 | ||
| SHELL32.DLL | ShellExecuteW | ||
| USER32.DLL | GetDC | ||
| VERSION.DLL | VerQueryValueW | ||
| WININET.DLL | InternetOpenA | ||
| WINMM.DLL | sndPlaySoundW | ||
| WINSPOOL.DRV | 203 |
StringTable 040904E4
| CompanyName | Janek2012 |
| FileDescription | The Ultimate PID Checker |
| FileVersion | 1.1.3.590 |
| LegalCopyright | Janek2012 |
| ProductVersion | 1.0.0.0 |
VS_FIXEDFILEINFO
| FileVersion | 1.1.3.590 |
| ProductVersion | 1.0.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 4 |
| FileType | 1 |
| FileSubtype | 0 |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x43e80c
[?] can't find file_offset of VA 0x43e940
[?] can't find file_offset of VA 0x43ea74
[?] can't find file_offset of VA 0x43eba8
[?] can't find file_offset of VA 0x43ecdc
[?] can't find file_offset of VA 0x43ee10
[?] can't find file_offset of VA 0x43ef44
[?] can't find file_offset of VA 0x43f078
[?] can't find file_offset of VA 0x43f1ac
[?] can't find file_offset of VA 0x43f37c
[?] can't find file_offset of VA 0x43f560
[?] can't find file_offset of VA 0x43f730
[?] can't find file_offset of VA 0x43f900
[?] can't find file_offset of VA 0x43fad0
[?] can't find file_offset of VA 0x43fca0
[?] can't find file_offset of VA 0x43fe70
[?] can't find file_offset of VA 0x440040
[?] can't find file_offset of VA 0x440210
[?] can't find file_offset of VA 0x4403e0
[?] can't find file_offset of VA 0x4404c8
[?] can't find file_offset of VA 0x4405b0
[?] can't find file_offset of VA 0x440698
[?] can't find file_offset of VA 0x440780
[?] can't find file_offset of VA 0x440868
[?] can't find file_offset of VA 0x440950
[?] can't find file_offset of VA 0x440a38
[?] can't find file_offset of VA 0x440b20
[?] can't find file_offset of VA 0x440c08
[?] can't find file_offset of VA 0x440cf0
[?] can't find file_offset of VA 0x440dd8
[?] can't find file_offset of VA 0x440ec0
[?] can't find file_offset of VA 0x440fa8
[?] can't find file_offset of VA 0x441090
[?] can't find file_offset of VA 0x441178
[?] can't find file_offset of VA 0x441260
[?] can't find file_offset of VA 0x441348
[?] can't find file_offset of VA 0x441430
[?] can't find file_offset of VA 0x441518
[?] can't find file_offset of VA 0x441600
[?] can't find file_offset of VA 0x4416e8
[?] can't find file_offset of VA 0x441d50
[?] can't find file_offset of VA 0x4423b8
[?] can't find file_offset of VA 0x442a20
[?] can't find file_offset of VA 0x443088
[?] can't find file_offset of VA 0x4436f0
[?] can't find file_offset of VA 0x443c18
[?] can't find file_offset of VA 0x444140
[?] can't find file_offset of VA 0x444668
[?] can't find file_offset of VA 0x444b90
[?] can't find file_offset of VA 0x445134
[?] can't find file_offset of VA 0x4456d8
[?] can't find file_offset of VA 0x445c7c
[?] can't find file_offset of VA 0x446220
[?] can't find file_offset of VA 0x4467c4
[?] can't find file_offset of VA 0x446d68
[?] can't find file_offset of VA 0x447590
[?] can't find file_offset of VA 0x4477c0
[?] can't find file_offset of VA 0x4479f0
[?] can't find file_offset of VA 0x447c20
[?] can't find file_offset of VA 0x447e50
[?] can't find file_offset of VA 0x448080
[?] can't find file_offset of VA 0x4482b0
[?] can't find file_offset of VA 0x4484e0
[?] can't find file_offset of VA 0x448710
[?] can't find file_offset of VA 0x448940
[?] can't find file_offset of VA 0x448b70
[?] can't find file_offset of VA 0x448da0
[?] can't find file_offset of VA 0x448fd0
[?] can't find file_offset of VA 0x449200
[?] can't find file_offset of VA 0x449430
[?] can't find file_offset of VA 0x449660
[?] can't find file_offset of VA 0x449890
[?] can't find file_offset of VA 0x449ac0
[?] can't find file_offset of VA 0x449cf0
[?] can't find file_offset of VA 0x449ec8
[?] can't find file_offset of VA 0x44a0a0
[?] can't find file_offset of VA 0x44a278
[?] can't find file_offset of VA 0x44a450
[?] can't find file_offset of VA 0x44a628
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x462b44
[?] can't find file_offset of VA 0x462b98
[?] can't find file_offset of VA 0x462bec
[?] can't find file_offset of VA 0x462cfc
[?] can't find file_offset of VA 0x463038
[?] can't find file_offset of VA 0x4633fc
[?] can't find file_offset of VA 0x46374c
[?] can't find file_offset of VA 0x463b50
[?] can't find file_offset of VA 0x464448
[?] can't find file_offset of VA 0x464f34
[?] can't find file_offset of VA 0x465374
[?] can't find file_offset of VA 0x465778
[?] can't find file_offset of VA 0x465b04
[?] can't find file_offset of VA 0x465f7c
[?] can't find file_offset of VA 0x46642c
[?] can't find file_offset of VA 0x4667a0
[?] can't find file_offset of VA 0x46685c
[?] can't find file_offset of VA 0x466964
[?] can't find file_offset of VA 0x466c7c
[?] can't find file_offset of VA 0x466f50
[?] can't find file_offset of VA 0x467378
[?] can't find file_offset of VA 0x467720
[?] too many errors getting resource data, stopped on 0 of 1
[!] refusing to read CURDIRENTRY beyond resource size
[?] can't find file_offset of VA 0x3f311c
[?] can't find file_offset of VA 0x43b000
[?] can't find file_offset of VA 0x43a000
[?] can't find file_offset of VA 0x43b000