83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee - NetResView.exe

info
MZ
PE
resources
strings
imports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee
size	44544 (0xae00)
md5	7a0c1017e6b5bb5dc776b3b883a1d0e0

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe0

Rich Header

lib id	version	times used
64	9210	3
28	9178	11
25	9210	2
93	4035	19
1	0	265
114	50727	24
124	50727	1
120	50727	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x5272bad6
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	8.0
SizeOfCode	0x8000
SizeOfInitializedData	0x4000
SizeOfUninitializedData	0xd000
AddressOfEntryPoint	0x152f0
BaseOfCode	0xe000
BaseOfData	0x16000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x1a000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0xd000	0	RWX UDATA
UPX1	0xe000	0x8000	0x7600	RWX IDATA
.rsrc	0x16000	0x4000	0x3400	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x19034	0x260
RESOURCE	0x16000	0x3034
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
CURSOR	#1	308	1252
BITMAP	#104	1000	1252
BITMAP	#133	216	1252
BITMAP	#134	216	1252
ICON	#2	2216	1252
ICON	#3	1384	1252
ICON	#4	1384	1252
ICON	#5	1384	1252
ICON	#6	1384	1252
ICON	#7	1384	1252
MENU	#102	932	1252
MENU	#104	506	1252
MENU	#108	18	1252
DIALOG	#105	162	1252
DIALOG	#107	662	1252
DIALOG	#112	250	1252
DIALOG	#113	1036	1252
DIALOG	#1096	822	1252
STRING	#1	364	1252
STRING	#32	280	1252
STRING	#63	208	1252
STRING	#64	166	1252
STRING	#126	142	1252
STRING	#132	290	1252
STRING	#138	172	1252
STRING	#139	58	1252
ACCELERATORS	#103	72	1252
GROUP_CURSOR	#103	20	1252
GROUP_ICON	#101	34	1252
GROUP_ICON	#102	20	1252
GROUP_ICON	#109	20	1252
GROUP_ICON	#110	20	1252
GROUP_ICON	#111	20	1252
VERSION	#1	712	1252
MANIFEST	#1	362	1252

id	lang	string
0	1033	ca 01 0b 60 41 9e b9 e8 ed 73 21 e7 18 75 14 0f \|...`A....s!..u..\| af 5a ce cd 59 d3 3a 2c 54 35 54 34 68 d4 30 e1 \|.Z..Y.:,T5T4h.0.\| 30 db 08 48 32 3c 01 58 72 a3 d2 1c 9c cb dc bd \|0..H2<.Xr.......\| 0c 08 de 79 31 98 e0 e8 a0 ae ed e2 4e 44 8d 94 \|...y1.......ND..\| 16 c8 52 87 4d be a7 df 10 1d 20 79 03 cd 42 c3 \|..R.M..... y..B.\| b5 46 cc 55 c2 38 10 0c 72 2b 0e 27 0c 33 db 8c \|.F.U.8..r+.'.3..\| 1e 5d 35 a9 28 69 67 38 04 19 e3 84 51 d3 d7 1a \|.]5.(ig8....Q...\| 3c 9d d9 38 44 36 40 38 89 88 8e b1 ee 3b 34 d3 \|<..8D6@8.....;4.\| 22 5c 09 d7 1f b8 07 b3 9d 8c 06 94 00 2b 3e a3 \|"\...........+>.\| e9 ce 6c 90 d4 09 60 68 06 ef 03 5c ee 1e 6e 9d \|..l...`h...\..n.\| 03 6c 36 08 15 ef 6c 19 64 40 50 23 c9 77 20 b7 \|.l6...l.d@P#.w .\| 4f d7 8b 7e e6 ee ee 3c 45 44 2b c8 3d 44 68 04 \|O..~...
496	1033	5b 56 c4 35 fb 46 e4 cc 84 52 f9 c8 1b f6 57 62 \|[V.5.F...R....Wb\| 60 2e 11 3d f7 de 6e 36 33 c8 cd 0a 3a 22 30 41 \|`..=..n63...:"0A\| 23 76 b3 a5 e9 36 38 20 93 83 b2 00 87 b9 42 87 \|#v...68 ......B.\| 3c 4b 78 01 5f d1 47 c3 5d b6 08 50 b7 8a 4e 2d \|
992	1033	da 10 de 02 df 6b db 11 e2 17 e0 1b c9 33 da 46 \|.....k.......3.F\| 3b 7a cb 72 e6 5b a1 78 87 ef bb 25 03 c1 33 c7 \|;z.r.[.x...%..3.\| a3 08 5f 2d cb 2c bc c8 0d bb d6 a5 03 73 7c 00 \|.._-.,.......s\|.\| 4e 47 83 0c 1c 70 39 72 c9 0d 90 00 be 70 0c be \|NG...p9r.....p..\| 23 82 54 26 6c 94 43 78 37 13 50 03 03 45 09 04 \|#.T&l.Cx7.P..E..\| 06 d7 e1 5d 16 68 24 3c 0b ea 03 26 5e 51 0d 0e \|...].h$<...&^Q..\| 5d 1b 02 de 3d f4 1b 23 5f 8a 03 3c 3c 62 34 25 \|]...=..#_..<b....$.\| 25 0b 44 0c 56 76 83 c6 06 94 21 68 d0 6a 3d e1 \|%.D.Vv....!h.j=.\| 2f e4 e6 af 31 25 0b 3c 26 05 68 54 05 eb 1e d8 \|/...1%.<&.hT....\| d6 ea 1a 3c 0a 02 4a 5c 17 03 f7 5c 7c fb 25 b4 \|...<..J\...\\|.%.\| 88 06 46 80 3b bf 03 43 eb 85 03 50 b5 d7 8c ed \|..F.;..C...P....\| 7d 91 3a 19 23 e2 69 74 fe fe 92 23 27 0b ee fd \|}.:.#.it...#'...\|
1008	1033	䧽ᛐ੕糿ᔬ衟彽缈뼃蜹귽쉔蠍琞桺糸济梊灁繆餢덤荐üﲿ鸪蜧Ъ甊⼩橈䈺蛎㛵ᰌ鉛똠뾎词䌌䮒㱅뼠銀獝ਲ਼ച␜▿닜Ⱁৼ졚ᲅऀ⃻粃ጣ﷽䍓℆D撊Ꭱ䨭魰ఀ㞀ᓬ䯛㋔닉⤥㔘봘㒀﵌㐅㍞
2000	1033	88 ba 82 09 4e aa 06 d2 7c 2b f7 48 20 b3 11 b0 \|....N...\|+.H ...\| 55 8a 10 34 fd 2a b7 df 8e 88 a7 83 c7 ca 14 02 \|U..4...........\| 0a 60 45 30 10 88 16 78 77 38 02 17 39 54 cd 5e \|.`E0...xw8..9T.^\| 72 74 bf eb 06 2a c9 66 b3 83 4d 77 fc a7 2c 89 \|rt....f..Mw..,.\| d4 5c 8d 90 80 ed 7a 31 da 88 a0 e0 a0 83 96 64 \|.\....z1.......d\| 64 33 f1 cc ff 25 10 56 05 0c 08 97 cc c8 73 14 \|d3...%.V......s.\| b3 10 0c 9c 20 ee 5d c1 6c 4f 57 06 0e 24 fe 0d \|.... .].lOW..$..\| 68 95 d9 1d 78 12 40 99 9c 8c c7 00 0e 16 bd 9a \|h...x.@.........\| 10 83 59 48 1c 19 7b ba c3 4f b3 04 05 00 \|..YH..{..O.... \|
2096	1033	32 32 32 f2 f8 f4 f0 ec 32 32 32 32 e8 d4 d0 cc \|222.....2222....\| 32 32 32 32 c8 c4 c0 bc f3 3b 32 32 b8 b0 ac b2 \|2222.....;22....\| 6b a8 b2 68 12 f4 cd 2c 6a 70 68 90 b3 44 88 8a \|k..h...,jph..D..\| 41 35 25 f2 d3 17 fa 5f 35 81 38 4d 5a 75 1f 8b \|A5%...._5.8MZu..\| 48 3c 41 81 39 50 45 4f 11 bc 41 41 12 14 18 3d \|HQ.5P\| 0c ea 01 b9 ca 43 ee eb 34 e4 fb db 82 b2 1e d0 \|.....C..4.......\| 68 58 35 34 bb 5b ff db 11 a1 a0 71 30 89 75 cc \|hX54.[.....q0.u.\| 80 3e ef 3a 46 08 8a 06 0d c8 d7 f5 3a c3 74 04 \|.>.:F.......:.t.\| fd f2 12 04 20 be 6c b6 ad f5 d7 b4 51 88 50 b0 \|.... .l.....Q.P.\| f6 45 b4 01 b7 42 07 05 89 77 b8 04 2b 20 76 15 \|.E...B...w..+ v.\| e2 16 \|.. \|
2192	1033	塸歐ꂎ䑣膨惡怶ꖃ苤❖ꊲ脁쟹篠᯷ൄଇ䶉傀轑孋妒뵙綀ˤ릳±ᰮ֪ᴠ亃ࣆ⡃䈷鹇ᢳ늘͕霄糂꺅﹈챨퇽ࣛ᪭ꅤ伀襤ܥ惥ﶳ褒ͬ⮍۠Ќ䗍玵ॎٰᤀ愀穻家䶅⿰复儑족񂂳砅존죈烈桬쵤죈峈
2208	1033	58 54 60 cc 4b 9f a2 62 00 05 73 0e 0f 03 b6 4b \|XT`.K..b..s....K\| ad 88 c4 83 8c 94 8b 9f c3 df 12 06 02 43 bb e9 \|.............C..\| 1a 2d 6e 74 d6 7a 04 05 26 ec a2 8b c4 33 54 50 \|.-nt.z..&....3TP\| d8 0c 8b 47 ce 27 db 93 d9 5a \|...G.'...Z \|

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		VirtualProtect
KERNEL32.DLL		VirtualAlloc
KERNEL32.DLL		VirtualFree
KERNEL32.DLL		ExitProcess
ADVAPI32.dll		RegDeleteKeyA
COMCTL32.dll	17
comdlg32.dll		FindTextA
GDI32.dll		SetBkMode
MPR.dll		WNetCloseEnum
msvcrt.dll		exit
SHELL32.dll		ShellExecuteA
USER32.dll		GetDC
WS2_32.dll	115

StringTable 040904b0

CompanyName	NirSoft
FileDescription	NetResView
FileVersion	1.27
InternalName	NetResView
LegalCopyright	Copyright © 2005 - 2013 Nir Sofer
OriginalFilename	NetResView.exe
ProductName	NetResView
ProductVersion	1.27

VS_FIXEDFILEINFO

FileVersion	1.2.7.0
ProductVersion	1.2.7.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
0	44544	EXE	10/31/2013 20:17:26	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[!] string size(916) > stringtable size(364). truncated to 362

[!] cannot convert "\v`A\x9E\xB9\xE8\xEDs!\xE7\x18u\x14\x0F\xAFZ"... to UTF-16

[!] string size(44214) > stringtable size(280). truncated to 278

[!] cannot convert "\xC45\xFBF\xE4\xCC\x84R\xF9\xC8\e\xF6Wb`."... to UTF-16

[!] string size(8628) > stringtable size(208). truncated to 206

[!] cannot convert "\xDE\x02\xDFk\xDB\x11\xE2\x17\xE0\e\xC93\xDAF;z"... to UTF-16

[!] string size(129530) > stringtable size(166). truncated to 164

[!] string size(95504) > stringtable size(142). truncated to 140

[!] cannot convert "\x82\tN\xAA\x06\xD2|+\xF7H \xB3\x11\xB0U\x8A"... to UTF-16

[!] string size(25700) > stringtable size(290). truncated to 288

[!] cannot convert "2\xF2\xF8\xF4\xF0\xEC2222\xE8\xD4\xD0\xCC22"... to UTF-16

[!] string size(125910) > stringtable size(172). truncated to 170

[!] string size(43184) > stringtable size(58). truncated to 56

[!] cannot convert "`\xCCK\x9F\xA2b\x00\x05s\x0E\x0F\x03\xB6K\xAD\x88"... to UTF-16

[!] refusing to read CURDIRENTRY beyond resource size

83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee-