filename | 83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee | |
---|---|---|
size | 44544 (0xae00) | |
md5 | 7a0c1017e6b5bb5dc776b3b883a1d0e0 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 - v1.22 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
UPX0 | 0x1000 | 0xd000 | 0 | RWX UDATA | |
UPX1 | 0xe000 | 0x8000 | 0x7600 | RWX IDATA | |
.rsrc | 0x16000 | 0x4000 | 0x3400 | RW- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x19034 | 0x260 | |
RESOURCE | 0x16000 | 0x3034 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
0 | 1033 | ca 01 0b 60 41 9e b9 e8 ed 73 21 e7 18 75 14 0f |...`A....s!..u..| af 5a ce cd 59 d3 3a 2c 54 35 54 34 68 d4 30 e1 |.Z..Y.:,T5T4h.0.| 30 db 08 48 32 3c 01 58 72 a3 d2 1c 9c cb dc bd |0..H2<.Xr.......| 0c 08 de 79 31 98 e0 e8 a0 ae ed e2 4e 44 8d 94 |...y1.......ND..| 16 c8 52 87 4d be a7 df 10 1d 20 79 03 cd 42 c3 |..R.M..... y..B.| b5 46 cc 55 c2 38 10 0c 72 2b 0e 27 0c 33 db 8c |.F.U.8..r+.'.3..| 1e 5d 35 a9 28 69 67 38 04 19 e3 84 51 d3 d7 1a |.]5.(ig8....Q...| 3c 9d d9 38 44 36 40 38 89 88 8e b1 ee 3b 34 d3 |<..8D6@8.....;4.| 22 5c 09 d7 1f b8 07 b3 9d 8c 06 94 00 2b 3e a3 |"\...........+>.| e9 ce 6c 90 d4 09 60 68 06 ef 03 5c ee 1e 6e 9d |..l...`h...\..n.| 03 6c 36 08 15 ef 6c 19 64 40 50 23 c9 77 20 b7 |.l6...l.d@P#.w .| 4f d7 8b 7e e6 ee ee 3c 45 44 2b c8 3d 44 68 04 |O..~... |
496 | 1033 | 5b 56 c4 35 fb 46 e4 cc 84 52 f9 c8 1b f6 57 62 |[V.5.F...R....Wb| 60 2e 11 3d f7 de 6e 36 33 c8 cd 0a 3a 22 30 41 |`..=..n63...:"0A| 23 76 b3 a5 e9 36 38 20 93 83 b2 00 87 b9 42 87 |#v...68 ......B.| 3c 4b 78 01 5f d1 47 c3 5d b6 08 50 b7 8a 4e 2d | |
992 | 1033 | da 10 de 02 df 6b db 11 e2 17 e0 1b c9 33 da 46 |.....k.......3.F| 3b 7a cb 72 e6 5b a1 78 87 ef bb 25 03 c1 33 c7 |;z.r.[.x...%..3.| a3 08 5f 2d cb 2c bc c8 0d bb d6 a5 03 73 7c 00 |.._-.,.......s|.| 4e 47 83 0c 1c 70 39 72 c9 0d 90 00 be 70 0c be |NG...p9r.....p..| 23 82 54 26 6c 94 43 78 37 13 50 03 03 45 09 04 |#.T&l.Cx7.P..E..| 06 d7 e1 5d 16 68 24 3c 0b ea 03 26 5e 51 0d 0e |...].h$<...&^Q..| 5d 1b 02 de 3d f4 1b 23 5f 8a 03 3c 3c 62 34 25 |]...=..#_..< |
1008 | 1033 | 䧽ᛐ糿ᔬ衟彽缈뼃蜹귽쉔蠍琞桺糸济梊灁繆餢덤荐üﲿ鸪蜧Ъ甊⼩橈䈺蛎㛵ᰌ鉛똠뾎词䌌䮒㱅뼠銀獝ਲ਼ച␜▿닜Ⱁৼ졚ᲅऀ粃ጣ﷽䍓℆D撊Ꭱ䨭魰ఀ㞀ᓬ䯛㋔닉⤥㔘봘㒀﵌㐅㍞ |
2000 | 1033 | 88 ba 82 09 4e aa 06 d2 7c 2b f7 48 20 b3 11 b0 |....N...|+.H ...| 55 8a 10 34 fd 2a b7 df 8e 88 a7 83 c7 ca 14 02 |U..4.*..........| 0a 60 45 30 10 88 16 78 77 38 02 17 39 54 cd 5e |.`E0...xw8..9T.^| 72 74 bf eb 06 2a c9 66 b3 83 4d 77 fc a7 2c 89 |rt...*.f..Mw..,.| d4 5c 8d 90 80 ed 7a 31 da 88 a0 e0 a0 83 96 64 |.\....z1.......d| 64 33 f1 cc ff 25 10 56 05 0c 08 97 cc c8 73 14 |d3...%.V......s.| b3 10 0c 9c 20 ee 5d c1 6c 4f 57 06 0e 24 fe 0d |.... .].lOW..$..| 68 95 d9 1d 78 12 40 99 9c 8c c7 00 0e 16 bd 9a |h...x.@.........| 10 83 59 48 1c 19 7b ba c3 4f b3 04 05 00 |..YH..{..O.... | |
2096 | 1033 | 32 32 32 f2 f8 f4 f0 ec 32 32 32 32 e8 d4 d0 cc |222.....2222....| 32 32 32 32 c8 c4 c0 bc f3 3b 32 32 b8 b0 ac b2 |2222.....;22....| 6b a8 b2 68 12 f4 cd 2c 6a 70 68 90 b3 44 88 8a |k..h...,jph..D..| 41 35 25 f2 d3 17 fa 5f 35 81 38 4d 5a 75 1f 8b |A5%...._5.8MZu..| 48 3c 41 81 39 50 45 4f 11 bc 41 41 12 14 18 3d |H |
2192 | 1033 | 塸歐ꂎ䑣膨惡怶ꖃ苤❖ꊲ脁쟹篠ൄଇ䶉傀轑孋妒뵙綀ˤ릳±ᰮ֪ᴠ亃ࣆ⡃䈷鹇ᢳ늘͕霄糂꺅﹈챨퇽ࣛ᪭ꅤ伀襤ܥ惥ﶳ褒ͬ⮍۠Ќ䗍玵ॎٰᤀ愀穻家䶅⿰复儑족砅존죈烈桬쵤죈峈 |
2208 | 1033 | 58 54 60 cc 4b 9f a2 62 00 05 73 0e 0f 03 b6 4b |XT`.K..b..s....K| ad 88 c4 83 8c 94 8b 9f c3 df 12 06 02 43 bb e9 |.............C..| 1a 2d 6e 74 d6 7a 04 05 26 ec a2 8b c4 33 54 50 |.-nt.z..&....3TP| d8 0c 8b 47 ce 27 db 93 d9 5a |...G.'...Z | |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.DLL | LoadLibraryA | ||
KERNEL32.DLL | GetProcAddress | ||
KERNEL32.DLL | VirtualProtect | ||
KERNEL32.DLL | VirtualAlloc | ||
KERNEL32.DLL | VirtualFree | ||
KERNEL32.DLL | ExitProcess | ||
ADVAPI32.dll | RegDeleteKeyA | ||
COMCTL32.dll | 17 | ||
comdlg32.dll | FindTextA | ||
GDI32.dll | SetBkMode | ||
MPR.dll | WNetCloseEnum | ||
msvcrt.dll | exit | ||
SHELL32.dll | ShellExecuteA | ||
USER32.dll | GetDC | ||
WS2_32.dll | 115 |
StringTable 040904b0
CompanyName | NirSoft |
FileDescription | NetResView |
FileVersion | 1.27 |
InternalName | NetResView |
LegalCopyright | Copyright © 2005 - 2013 Nir Sofer |
OriginalFilename | NetResView.exe |
ProductName | NetResView |
ProductVersion | 1.27 |
VS_FIXEDFILEINFO
FileVersion | 1.2.7.0 |
ProductVersion | 1.2.7.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(916) > stringtable size(364). truncated to 362
[!] cannot convert "\v`A\x9E\xB9\xE8\xEDs!\xE7\x18u\x14\x0F\xAFZ"... to UTF-16
[!] string size(44214) > stringtable size(280). truncated to 278
[!] cannot convert "\xC45\xFBF\xE4\xCC\x84R\xF9\xC8\e\xF6Wb`."... to UTF-16
[!] string size(8628) > stringtable size(208). truncated to 206
[!] cannot convert "\xDE\x02\xDFk\xDB\x11\xE2\x17\xE0\e\xC93\xDAF;z"... to UTF-16
[!] string size(129530) > stringtable size(166). truncated to 164
[!] string size(95504) > stringtable size(142). truncated to 140
[!] cannot convert "\x82\tN\xAA\x06\xD2|+\xF7H \xB3\x11\xB0U\x8A"... to UTF-16
[!] string size(25700) > stringtable size(290). truncated to 288
[!] cannot convert "2\xF2\xF8\xF4\xF0\xEC2222\xE8\xD4\xD0\xCC22"... to UTF-16
[!] string size(125910) > stringtable size(172). truncated to 170
[!] string size(43184) > stringtable size(58). truncated to 56
[!] cannot convert "`\xCCK\x9F\xA2b\x00\x05s\x0E\x0F\x03\xB6K\xAD\x88"... to UTF-16
[!] refusing to read CURDIRENTRY beyond resource size