log.exe - MsPorts.dll - Ports Class Installer

info
MZ
PE
resources
strings
imports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	log.exe
size	27775 (0x6c7f)
md5	82566dcfa78ba07214ecf305e814d4c9

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf0

Rich Header

lib id	version	times used
4	8168	2
12	7291	1
95	4035	2
14	7299	2
4	8047	2
11	9782	3
93	4035	21
1	0	125
0	0	1
11	8168	60

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	7
TimeDateStamp	0x52ac7cbd
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	6.0
SizeOfCode	0xc000
SizeOfInitializedData	0x14e00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x26000
BaseOfCode	0x1000
BaseOfData	0xd000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x2607f
SizeOfHeaders	0x400
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

ASPack?

This file is packed with ASPack. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xc000	0x3e00	RW- IDATA
.rdata	0xd000	0x1000	0x600	RW- IDATA
.data	0xe000	0x14000	0x800	RW- IDATA
.rsrc	0x22000	0x1000	0x600	RW- IDATA
.aspack	0x23000	0x2000	0x1600	RW- IDATA
.adata	0x25000	0x1000	0	RW- IDATA
.KOREA	0x26000	0x7f	0x7f	R-X CODE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x23fac	0x228
RESOURCE	0x22000	0xb00
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x23f54	8
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0
	0	0x100000

show previews

type	name	size
DIALOG	#15	596
STRING	#1	384
STRING	#2	76
STRING	#4	356
STRING	#5	116
VERSION	#1	912

lang

string

2052

b6 d1 a9 ec cd 13 c2 24  d0 4d 88 58 87 75 69 6c  |.......$.M.X.uil|
15 a4 e8 a4 b6 d7 7f b2  50 b3 15 28 d5 34 d4 a9  |........P..(.4..|
b4 1a b5 b5 c4 41 05 35  4a 78 25 38 00 d8 3e 59  |.....A.5Jx%8..>Y|
20 d3 c4 a9 36 66 ab 6e  4a 48 d3 68 e2 db 04 63  | ...6f.nJH.h...c|
cd 49 1b 20 db a6 68 6d  55 cc 1d d0 f4 62 26 05  |.I. ..hmU....b&.|
c5 11 e6 6f 55 2f b7 5c  ad fd 13 db d3 4b e1 7d  |...oU/.\.....K.}|
84 f6 ec ce 5f f0 da e0  00 e8 41 02 b3 29 1f a2  |...._.....A..)..|
3b 6a 2c f5 f8 5e 6b cd  52 69 31 19 a0 8c 88 9c  |;j,..^k.Ri1.....|
78 a9 19 2f 97 59 d4 12  87 6d fe 4a da de 7d fa  |x../.Y...m.J..}.|
1d f7 da 6c 8e 71 bb ec  85 81 7e 1f 5b 52 d8 23  |...l.q....~.[R.#|
50 2a 12 bd bb 45 fb d9  88 52 6f 81 f9 3e 62 51  |P*...E...Ro..>bQ|
fb 06 ce df ca 87 67 d8  d4 4c e5 eb 37 0d 30 79  |......g..L..7.0y|
46 fa 42 ba 1a e1 12 e4  65 c8 57 1e db 93 31 20  |F.B.....e.W...1 |
5d 58 89 33 7f 34 b2 87  3e 17 89 0c 64 46 d2 17  |]X.3.4..>...dF..|
91 34 9f d4 7a 23 0f 6b  cb 7f d5 ea f5 ee 60 ea  |.4..z#.k......`.|
fa f4 1b f2 7a 59 5b 39  cd a7 56 0c b1 17 64 1e  |....zY[9..V...d.|
ee 97 9b 84 79 47 eb 27  6c e0 6f b2 09 c9 5a ca  |....yG.'l.o...Z.|
86 fc ab f2 af ca bf 2b  84 00 00 00 00 00 00 00  |.......+........|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*

module_name	ord	function_name
kernel32.dll		GetProcAddress
kernel32.dll		GetModuleHandleA
kernel32.dll		LoadLibraryA
user32.dll		GetMessageA
advapi32.dll		AdjustTokenPrivileges
wininet.dll		InternetCloseHandle
dnsapi.dll		DnsFlushResolverCache
shlwapi.dll		PathMatchSpecA
msvcrt.dll		memmove
ws2_32.dll	11
icmp.dll		IcmpCloseHandle
shell32.dll		SHGetSpecialFolderPathA

StringTable 080404B0

CompanyName	Microsoft Corporation
FileDescription	Ports Class Installer
FileVersion	5.1.2600.0 (xpclient.010817-1148)
InternalName	MsPorts
LegalCopyright	(C) Microsoft Corporation. All rights reserved.
OriginalFilename	MsPorts.dll
ProductName	Microsoft(R) Windows(R) Operating System
ProductVersion	5.1.2600.0

VS_FIXEDFILEINFO

FileVersion	5.1.2600.0
ProductVersion	5.1.2600.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	2
FileSubtype	0

show previews

offset	size	type	comment
0	27775	EXE	12/14/2013 15:43:57	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x226fc

[!] string size(107372) > stringtable size(384). truncated to 382

[!] cannot convert "\xA9\xEC\xCD\x13\xC2$\xD0M\x88X\x87uil\x15\xA4"... to UTF-16

[?] can't find file_offset of VA 0x0

log.exe- MsPorts.dll - Ports Class Installer