filename | log.exe | |
---|---|---|
size | 27775 (0x6c7f) | |
md5 | 82566dcfa78ba07214ecf305e814d4c9 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xf0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
This file is packed with ASPack. Analysis will be incomplete without unpacking. |
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x23fac | 0x228 | |
RESOURCE | 0x22000 | 0xb00 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0x23f54 | 8 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 | |
0 | 0x100000 |
id | lang | string |
---|---|---|
0 | 2052 | b6 d1 a9 ec cd 13 c2 24 d0 4d 88 58 87 75 69 6c |.......$.M.X.uil| 15 a4 e8 a4 b6 d7 7f b2 50 b3 15 28 d5 34 d4 a9 |........P..(.4..| b4 1a b5 b5 c4 41 05 35 4a 78 25 38 00 d8 3e 59 |.....A.5Jx%8..>Y| 20 d3 c4 a9 36 66 ab 6e 4a 48 d3 68 e2 db 04 63 | ...6f.nJH.h...c| cd 49 1b 20 db a6 68 6d 55 cc 1d d0 f4 62 26 05 |.I. ..hmU....b&.| c5 11 e6 6f 55 2f b7 5c ad fd 13 db d3 4b e1 7d |...oU/.\.....K.}| 84 f6 ec ce 5f f0 da e0 00 e8 41 02 b3 29 1f a2 |...._.....A..)..| 3b 6a 2c f5 f8 5e 6b cd 52 69 31 19 a0 8c 88 9c |;j,..^k.Ri1.....| 78 a9 19 2f 97 59 d4 12 87 6d fe 4a da de 7d fa |x../.Y...m.J..}.| 1d f7 da 6c 8e 71 bb ec 85 81 7e 1f 5b 52 d8 23 |...l.q....~.[R.#| 50 2a 12 bd bb 45 fb d9 88 52 6f 81 f9 3e 62 51 |P*...E...Ro..>bQ| fb 06 ce df ca 87 67 d8 d4 4c e5 eb 37 0d 30 79 |......g..L..7.0y| 46 fa 42 ba 1a e1 12 e4 65 c8 57 1e db 93 31 20 |F.B.....e.W...1 | 5d 58 89 33 7f 34 b2 87 3e 17 89 0c 64 46 d2 17 |]X.3.4..>...dF..| 91 34 9f d4 7a 23 0f 6b cb 7f d5 ea f5 ee 60 ea |.4..z#.k......`.| fa f4 1b f2 7a 59 5b 39 cd a7 56 0c b1 17 64 1e |....zY[9..V...d.| ee 97 9b 84 79 47 eb 27 6c e0 6f b2 09 c9 5a ca |....yG.'l.o...Z.| 86 fc ab f2 af ca bf 2b 84 00 00 00 00 00 00 00 |.......+........| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * |
module_name | hint | ord | function_name |
---|---|---|---|
kernel32.dll | GetProcAddress | ||
kernel32.dll | GetModuleHandleA | ||
kernel32.dll | LoadLibraryA | ||
user32.dll | GetMessageA | ||
advapi32.dll | AdjustTokenPrivileges | ||
wininet.dll | InternetCloseHandle | ||
dnsapi.dll | DnsFlushResolverCache | ||
shlwapi.dll | PathMatchSpecA | ||
msvcrt.dll | memmove | ||
ws2_32.dll | 11 | ||
icmp.dll | IcmpCloseHandle | ||
shell32.dll | SHGetSpecialFolderPathA |
StringTable 080404B0
CompanyName | Microsoft Corporation |
FileDescription | Ports Class Installer |
FileVersion | 5.1.2600.0 (xpclient.010817-1148) |
InternalName | MsPorts |
LegalCopyright | (C) Microsoft Corporation. All rights reserved. |
OriginalFilename | MsPorts.dll |
ProductName | Microsoft(R) Windows(R) Operating System |
ProductVersion | 5.1.2600.0 |
VS_FIXEDFILEINFO
FileVersion | 5.1.2600.0 |
ProductVersion | 5.1.2600.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 2 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0x226fc
[!] string size(107372) > stringtable size(384). truncated to 382
[!] cannot convert "\xA9\xEC\xCD\x13\xC2$\xD0M\x88X\x87uil\x15\xA4"... to UTF-16
[?] can't find file_offset of VA 0x0