report.pdf.exe

info
MZ
PE
resources
strings
imports
foremost
7zip
hexdump
disasm
log
discuss
donate

filename	report.pdf.exe
size	196096 (0x2fe00)
md5	67e9a4fb3a4eefb4790a1f7fa371bf48

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	6
TimeDateStamp	0x2a425e19
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818e
Magic	0x10b
LinkerVersion	8.0
SizeOfCode	0x2a200
SizeOfInitializedData	0x5600
SizeOfUninitializedData	0
AddressOfEntryPoint	0x17c0
BaseOfCode	0x1000
BaseOfData	0x2c000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x38000
SizeOfHeaders	0x400
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x4000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
CODE	0x1000	0x2a1bc	0x2a200	R-X CODE
DATA	0x2c000	0x2140	0x2200	RW- IDATA
BSS	0x2f000	0x801	0	RW-
.idata	0x30000	0x556	0x600	RW- IDATA
.reloc	0x31000	0x11bc	0x1200	R-- IDATA SHARED
.rsrc	0x33000	0x4a6b	0x1c00	R-- IDATA SHARED

Data Directory

type	va	size
EXPORT	0x30c00	0x487
IMPORT	0x30000	0x556
RESOURCE	0x33000	0x1c00
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x31000	0x11bc
DEBUG	0x35c00	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
DIALOG	2XCOMPUTER	312
DIALOG	CON	190
DIALOG	CRHDUMP	316
DIALOG	DBGVCLNT	262
DIALOG	DISCONNECT	184
DIALOG	HISTORY	586
DIALOG	INSERTCOMMENT	342
DIALOG	IPAADRESS	562
DIALOG	LOVIN	626
DIALOG	NNECTED	224
DIALOG	PRINTING	176
DIALOG	REBOOTLOG	420
DIALOG	WERNING	374
STRING	#2501	58
STRING	#2502	186
STRING	#2503	284
STRING	#2504	188
STRING	#2505	296
STRING	#2506	158

id	lang	string
40005	1033	Save (Ctrl+S)
40018	1033	Capture (Ctrl+E)
40019	1033	Autoscroll (Ctrl+A)
40020	1033	Clear (Ctrl+X)
40023	1033	Filter (Ctrl+L)
40024	1033	Find (Ctrl+F)
40036	1033	Open
40041	1033	Show File System Activity
40042	1033	Show Registry Activity
40044	1033	Show Process and Thread Activity
40045	1033	Highlight (Ctrl+H)
40046	1033	Generate Profiling Events
40051	1033	Jump to Object (Ctrl+J)
40052	1033	Date & Time
40053	1033	Process Name
40054	1033	PID
40055	1033	Operation
40056	1033	Result
40057	1033	Detail
40058	1033	Sequence
40064	1033	Company
40065	1033	Description
40066	1033	Command Line
40067	1033	User
40068	1033	Image Path
40069	1033	Session
40070	1033	Event Complete
40071	1033	Path
40072	1033	TID
40073	1033	Image Load
40074	1033	Frame
40075	1033	Address
40076	1033	Relative Time
40077	1033	Duration
40078	1033	Time of Day
40079	1033	Module
40080	1033	Location
40081	1033	Version
40082	1033	Event Class
40083	1033	Authentication ID
40084	1033	Virtualized
40085	1033	Integrity

module_name	hint	ord	function_name
shell32.dll			SHFreeNameMappings
shell32.dll			SHGetFileInfo
shell32.dll			RealShellExecuteExA
shell32.dll			StrStrIW
shell32.dll			SHGetSettings
shell32.dll			SHSetLocalizedName
shell32.dll			ShellAboutW
advapi32.dll			GetAclInformation
advapi32.dll			GetUserNameA
comctl32.dll			InitMUILanguage
comctl32.dll			CreatePropertySheetPage
comctl32.dll			ImageList_SetDragCursorImage
comctl32.dll			ImageList_GetFlags
user32.dll			SystemParametersInfoW
user32.dll			FindWindowExA
user32.dll			SetLayeredWindowAttributes
user32.dll			CopyImage
user32.dll			wsprintfW
user32.dll			GetAltTabInfoA
user32.dll			GetWindowTextA
user32.dll			GetClipboardOwner
user32.dll			GetDlgItemTextW
user32.dll			CopyAcceleratorTableW
user32.dll			FlashWindow
user32.dll			MessageBoxExW
user32.dll			CheckMenuRadioItem
user32.dll			DispatchMessageA
user32.dll			DestroyWindow
user32.dll			ScreenToClient
user32.dll			GetScrollPos
user32.dll			SendMessageA
user32.dll			LoadCursorFromFileA
user32.dll			SetParent
user32.dll			GetComboBoxInfo
user32.dll			GetLastActivePopup
kernel32.dll			TlsAlloc
kernel32.dll			SetEnvironmentVariableW
kernel32.dll			AttachConsole
kernel32.dll			SetConsoleInputExeNameW
kernel32.dll			GetCurrentProcess
kernel32.dll			WritePrivateProfileStructA
kernel32.dll			FindResourceExW
kernel32.dll			WritePrivateProfileSectionA
kernel32.dll			FoldStringW
kernel32.dll			ReadConsoleA
kernel32.dll			CreateNamedPipeA
kernel32.dll			GetTempPathA
kernel32.dll			GetComputerNameW
kernel32.dll			LoadLibraryA
kernel32.dll			GetProcAddress

show previews

offset	size	type	comment
0	195584	EXE	06/19/1992 22:22:17	#
15c1	15	HTM		#
2fc00	512	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 196096 bytes (192 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x30c00

[?] can't find file_offset of VA 0x35c00

[?] can't find file_offset of VA 0x30c00