Audition.exe

info
MZ
PE
imports
foremost
hexdump
disasm
log
discuss
donate

filename	Audition.exe
size	60928 (0xee00)
md5	610d0634cce8473e41fdb31917727059

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x50

DOS stub

00000000: 3a 1c 57 09 00 00 00 00  98 04 00 00 00 00 00 00  |:.W.............|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	2
TimeDateStamp	0x470d9498
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10e
Magic	0x10b
LinkerVersion	7.10
SizeOfCode	0x1a00
SizeOfInitializedData	0
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1abb
BaseOfCode	0x1000
BaseOfData	0x1000
ImageBase	0x48000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x975000
SizeOfHeaders	0x200
CheckSum	0x93d6b6
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

Thinstall Virtualization Suite v3.10X (Thinstall Company)

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x2000	0x1c00	RWX CODE
.res	0x3000	0x972000	0xd000	RWX CODE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x2a00	0x3c
RESOURCE	0	0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x2a40	8
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
KERNEL32.dll	125	ExitProcess
KERNEL32.dll	175	FormatMessageA
KERNEL32.dll	282	GetLastError
KERNEL32.dll	625	SetLastError
KERNEL32.dll	699	VirtualAlloc
KERNEL32.dll	27	CloseHandle
KERNEL32.dll	470	MapViewOfFile
KERNEL32.dll	53	CreateFileMappingA
KERNEL32.dll	703	VirtualFree
KERNEL32.dll	318	GetProcAddress
KERNEL32.dll	707	VirtualProtect
KERNEL32.dll	450	LoadLibraryA
KERNEL32.dll	294	GetModuleHandleA
KERNEL32.dll	292	GetModuleFileNameA
KERNEL32.dll	293	GetModuleFileNameW
KERNEL32.dll	611	SetEnvironmentVariableW
KERNEL32.dll	610	SetEnvironmentVariableA
KERNEL32.dll	722	WideCharToMultiByte
KERNEL32.dll	688	UnmapViewOfFile
KERNEL32.dll	774	lstrcpynW
KERNEL32.dll	279	GetFullPathNameW
KERNEL32.dll	278	GetFullPathNameA
KERNEL32.dll	409	HeapAlloc
KERNEL32.dll	320	GetProcessHeap
KERNEL32.dll	274	GetFileSize
KERNEL32.dll	536	ReadFile
KERNEL32.dll	618	SetFilePointer
KERNEL32.dll	55	CreateFileW
KERNEL32.dll	266	GetEnvironmentVariableW
KERNEL32.dll	52	CreateFileA
KERNEL32.dll	265	GetEnvironmentVariableA
KERNEL32.dll	372	GetVersion
KERNEL32.dll	30207	0c ff 15 3c 1e \|...<. \|
KERNEL32.dll	60555	81 ec 48 05 \|..H. \|
KERNEL32.dll	65532	ff e9 ff 15 7c 1e \|....\|. \|
KERNEL32.dll	23297	be 04 01 \|... \|
KERNEL32.dll	34189	c8 fe ff ff 50 68 0b 1a \|....Ph.. \|
KERNEL32.dll	18432	85 c0 75 13 8d 85 c8 fe ff ff 56 50 ff 75 08 ff \|..u.......VP.u..\| 15 34 1e \|.4. \|
KERNEL32.dll	30207	08 ff 15 34 1e \|...4. \|
KERNEL32.dll	32872
KERNEL32.dll	5631	74 1e \|t. \|
KERNEL32.dll	26704	f7 19 \|.. \|
KERNEL32.dll	64184	ff ff 56 50 ff 75 08 ff 15 38 1e \|..VP.u...8. \|
KERNEL32.dll	65349	01 53 53 8d 85 c8 fe ff ff 56 50 8d 85 b8 fa ff \|.SS......VP.....\| ff 6a ff 50 53 53 ff 15 44 1e \|.j.PSS..D. \|
KERNEL32.dll	65530	ff 6a ff 50 53 53 ff 15 44 1e \|.j.PSS..D. \|
KERNEL32.dll	874	53 6a 01 8d 85 b8 fa ff ff 68 \|Sj.......h \|
KERNEL32.dll	33608	f8 ff 89 45 08 75 14 53 53 8d 85 c8 fe ff ff 53 \|...E.u.SS......S\| 50 6a 02 e8 d9 fb ff ff 83 c4 14 8b 3d 68 1e \|Pj..........=h. \|
KERNEL32.dll	64473	ff ff 83 c4 14 8b 3d 68 1e \|......=h. \|
KERNEL32.dll	36176	45 dc 6a 10 50 ff 75 08 ff 15 64 1e \|E.j.P.u...d. \|
KERNEL32.dll	30	48 8b 4d e4 89 45 ec 33 c0 03 4d dc 13 45 e0 3b \|H.M..E.3..M..E.;\| 45 f0 7c 1f 7f 05 3b 4d ec 76 18 53 68 e3 19 \|E.\|...;M.v.Sh.. \|
KERNEL32.dll	1407	3b 4d ec 76 18 53 68 e3 19 \|;M.v.Sh.. \|
KERNEL32.dll	21503	50 6a 0d e8 77 fb ff ff 83 c4 14 8d 45 e0 53 50 \|Pj..w.......E.SP\| ff 75 dc ff 75 08 ff d7 ff 75 e4 53 ff 15 5c 1e \|.u..u....u.S..\.\|
KERNEL32.dll	36116	45 e0 53 50 ff 75 dc ff 75 08 ff d7 ff 75 e4 53 \|E.SP.u..u....u.S\| ff 15 5c 1e \|..\. \|
KERNEL32.dll	7772
KERNEL32.dll	25	48 8d 85 c8 fe ff ff 53 50 6a 0d e8 3b fb ff ff \|H......SPj..;...\| 83 c4 14 8d 45 f4 53 50 ff 75 e4 57 ff 75 08 ff \|....E.SP.u.W.u..\| 15 64 1e \|.d. \|
KERNEL32.dll	59405	3b fb ff ff 83 c4 14 8d 45 f4 53 50 ff 75 e4 57 \|;.......E.SP.u.W\| ff 75 08 ff 15 64 1e \|.u...d. \|
KERNEL32.dll	30207	08 ff 15 64 1e \|...d. \|
KERNEL32.dll	62533	3b 45 e4 75 17 80 3f 74 75 12 80 7f 01 68 75 0c \|;E.u..?tu....hu.\| 80 7f 02 69 75 06 80 7f 03 6e 74 18 53 68 e3 19 \|...iu....nt.Sh..\|
KERNEL32.dll	32640	01 68 75 0c 80 7f 02 69 75 06 80 7f 03 6e 74 18 \|.hu....iu....nt.\| 53 68 e3 19 \|Sh.. \|
KERNEL32.dll	26707	e3 19 \|.. \|
KERNEL32.dll	3434	e8 ee fa ff ff 83 c4 14 38 5d ff 0f 85 7f 02 \|........8]..... \|
KERNEL32.dll	63605	e8 92 fd ff ff 83 c4 0c 53 68 b9 19 \|........Sh.. \|
KERNEL32.dll	18432	ff 15 40 1e \|..@. \|
KERNEL32.dll	51333	fe ff ff 50 68 0b 1a \|...Ph.. \|
USER32.dll	446	MessageBoxA
USER32.dll	26704	f7 19 \|.. \|

show previews

offset	size	type	comment
0	60928	EXE	10/11/2007 03:12:24	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK