39302.exe

info
MZ
PE
imports
foremost
hexdump
disasm
log
discuss
donate

filename	39302.exe
size	188928 (0x2e200)
md5	7717b9758f41217756a908f6efaa5062

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 61 74 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |at program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	5
TimeDateStamp	0x530503fe
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	6.0
SizeOfCode	0x1a00
SizeOfInitializedData	0x2c400
SizeOfUninitializedData	0
AddressOfEntryPoint	0x118f
BaseOfCode	0x1000
BaseOfData	0x3000
ImageBase	0x1000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x30000
SizeOfHeaders	0x400
CheckSum	0x1606f
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x19bc	0x1a00	R-X CODE
.rdata	0x3000	0xe56	0x1000	R-- IDATA
.data	0x4000	0xcec	0xe00	RW- IDATA
.rsrc	0x5000	0x29f60	0x2a000	R-- IDATA
.reloc	0x2f000	0x5c0	0x600	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x364c	0x8c
RESOURCE	0x2ec00	0x360
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x2f000	0x5c0
DEBUG	0x3e14	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x3500	0x24c
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
shell32.dll	365	SHGetFolderPathA
shell32.dll	278	DragAcceptFiles
shell32.dll	445	StrChrA
shell32.dll	279	DragFinish
shell32.dll	342	SHCreateShellItem
shell32.dll	358	SHGetDataFromIDListA
shell32.dll	290	ExtractIconA
shell32.dll	297	FreeIconList
shell32.dll	361	SHGetDiskFreeSpaceA
shell32.dll	284	DragQueryPoint
shell32.dll	295	FindExecutableA
shell32.dll	384	SHGetMalloc
shell32.dll	428	ShellAboutA
shell32.dll	195	SHFree
shell32.dll	360	SHGetDesktopFolder
dciman32.DLL	1	DCIBeginAccess
dciman32.DLL	2	DCICloseProvider
dciman32.DLL	6	DCIDestroy
dciman32.DLL	9	DCIEnum
dciman32.DLL
dciman32.DLL	26739	ell32.dll
dciman32.DLL	26469	inAccess
dciman32.DLL	25971	Provider
wtsapi32.dll	35	WTSQueryUserToken
wtsapi32.dll	25	WTSOpenServerA
wtsapi32.dll	53	WTSVirtualChannelClose
wtsapi32.dll	9	WTSEnumerateProcessesA
wtsapi32.dll	56	WTSVirtualChannelPurgeInput
wtsapi32.dll	38	WTSSendMessageA
wtsapi32.dll	36	WTSRegisterSessionNotification
wtsapi32.dll	50	WTSTerminateProcess
wtsapi32.dll	19	WTSFreeMemory
wtsapi32.dll	42	WTSSetSessionInformationA
wtsapi32.dll	29264	ocess
wtsapi32.dll	29545	terSessionNotification
wtsapi32.dll	21591	SSetSessionInformationA
wtsapi32.dll	24947	geA
wtsapi32.dll	29295	y
wtsapi32.dll	29541	sesA
wtsapi32.dll	25966	lClose
wtsapi32.dll	17220	IDestroy
kernel32.dll	330	FindNextVolumeW
kernel32.dll	517	GetLocalTime
kernel32.dll	450	GetCurrentProcess
kernel32.dll	126	CreateDirectoryA
kernel32.dll	1112	SetEnvironmentVariableW
kernel32.dll	1111	SetEnvironmentVariableA
kernel32.dll	484	IsBadStringPtrA
kernel32.dll	507	GetFullPathNameW
kernel32.dll	349	FoldStringA
kernel32.dll	574	GetPrivateProfileIntW
kernel32.dll	749	InterlockedDecrement
kernel32.dll	518	GetLocaleInfoA
kernel32.dll	1356	lstrcpynW
kernel32.dll	1346	lstrcmpA
kernel32.dll	928	QueryDosDeviceA
kernel32.dll	1224	TlsGetValue
kernel32.dll	308	FindFirstFileA
kernel32.dll	462	GetDiskFreeSpaceA
kernel32.dll	662	GetTickCount
kernel32.dll	893	OpenMutexA
kernel32.dll	318	FindFirstVolumeA
kernel32.dll	1035	ReplaceFileA
kernel32.dll	213	DeleteFileA
kernel32.dll	1203	SleepEx
kernel32.dll	223	DeviceIoControl
kernel32.dll	597	GetProcessVersion
kernel32.dll	1307	WriteConsoleA
kernel32.dll	205	GetProcAddress
kernel32.dll	610	GetShortPathNameA
kernel32.dll	633	GetSystemTime
kernel32.dll	133	CreateEventW
kernel32.dll	294	FileTimeToSystemTime
kernel32.dll	1113	SetErrorMode
kernel32.dll	588	GetProcessHeap
kernel32.dll	449	GetCurrentDirectoryW
kernel32.dll	173	CreateSemaphoreW
kernel32.dll	516	GetLastError
kernel32.dll	950	ReadConsoleW
kernel32.dll	536	GetModuleHandleW
kernel32.dll	479	GetEnvironmentVariableA
kernel32.dll	25972	EventW
kernel32.dll	65	06 02 47 65 74 4c 6f 63 61 6c 65 49 6e 66 6f 41 \|..GetLocaleInfoA\|
kernel32.dll	21349	paceA
kernel32.dll	27748	eW
kernel32.dll	24950	teProfileIntW
kernel32.dll	18789	ntW
kernel32.dll	22099	irtualChannelPurgeInput
kernel32.dll	22393
kernel32.dll	108	fb 01 47 65 74 46 75 6c 6c 50 61 74 68 4e 61 6d \|..GetFullPathNam\| 65 57 \|eW \|
kernel32.dll	25959	Input
kernel32.dll		4a 01 46 69 6e 64 4e 65 78 74 56 6f 6c 75 6d 65 \|J.FindNextVolume\| 57 \|W \|
kernel32.dll	29285	yDosDeviceA
kernel32.dll	28271	mentVariableW
kernel32.dll		df \|. \|
kernel32.dll	29298	or
kernel32.dll	28261	MutexA
kernel32.dll	29271	iteConsoleA
kernel32.dll	26950	ndFirstFileA
kernel32.dll	29795	oryA
kernel32.dll	25965
kernel32.dll	27759	umeA
kernel32.dll	25927	tCurrentDirectoryW
kernel32.dll	25965	ToSystemTime
kernel32.dll	27756
kernel32.dll	25972	rlockedDecrement
kernel32.dll	25927	tProcessHeap
kernel32.dll	25927	tEnvironmentVariableA
kernel32.dll		42 05 6c 73 74 72 63 6d 70 41 \|B.lstrcmpA \|
kernel32.dll	25964	A
kernel32.dll	25972	ProfileIntW
kernel32.dll	21364	hortPathNameA
kernel32.dll	28281	W
kernel32.dll	65	c8 04 54 6c 73 47 65 74 56 61 6c 75 65 \|..TlsGetValue \|
kernel32.dll	25455	ess
kernel32.dll	26994	ngA
kernel32.dll	16751
kernel32.dll	29806
kernel32.dll	25942	rsion
kernel32.dll	28502	lumeW
dbnmpntw.dll	6	ConnectionVer
dbnmpntw.dll	4	ConnectionClose
dbnmpntw.dll	3	ConnectionWrite
dbnmpntw.dll	2	ConnectionRead
dbnmpntw.dll	5	ConnectionError
dbnmpntw.dll	29806	W
dbnmpntw.dll	25927	tPrivateProfileIntW
dbnmpntw.dll	24950	teProfileIntW
dbnmpntw.dll		03 \|. \|
dbnmpntw.dll	101	04 \|. \|

show previews

offset	size	type	comment
0	188928	EXE	02/19/2014 19:20:30	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find resource section for va=0x2ec00