filename | setup.exe | |
---|---|---|
size | 533000 (0x82208) | |
md5 | 8518f7a7bc9d648ce4f887c90457216d | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xf8 |
Rich Header
lib id | version | times used |
---|---|---|
171 | 30319 | 58 |
158 | 30319 | 20 |
170 | 30319 | 157 |
147 | 30729 | 23 |
1 | 0 | 337 |
158 | 30311 | 1 |
171 | 30311 | 35 |
155 | 30311 | 1 |
154 | 30311 | 1 |
157 | 30311 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0x4e948 | 0x4ea00 | R-X CODE | |
.data | 0x50000 | 0x40ac | 0x1c00 | RW- IDATA | |
.rsrc | 0x55000 | 0x2ca48 | 0x2cc00 | R-- IDATA | |
.reloc | 0x82000 | 0x4740 | 0x4800 | R-- IDATA DISCARDABLE |
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 920 | Process32NextW | |
KERNEL32.dll | 918 | Process32FirstW | |
KERNEL32.dll | 190 | CreateToolhelp32Snapshot | |
KERNEL32.dll | 449 | GetCurrentProcessId | |
KERNEL32.dll | 549 | GetNativeSystemInfo | |
KERNEL32.dll | 1126 | SetFilePointer | |
KERNEL32.dll | 723 | HeapSetInformation | |
KERNEL32.dll | 133 | CreateEventW | |
KERNEL32.dll | 1113 | SetEvent | |
KERNEL32.dll | 1201 | SizeofResource | |
KERNEL32.dll | 852 | LockResource | |
KERNEL32.dll | 833 | LoadResource | |
KERNEL32.dll | 334 | FindResourceW | |
KERNEL32.dll | 676 | GetVersionExW | |
KERNEL32.dll | 100 | CompareStringW | |
KERNEL32.dll | 490 | GetFileAttributesW | |
KERNEL32.dll | 532 | GetModuleFileNameW | |
KERNEL32.dll | 285 | ExpandEnvironmentStringsW | |
KERNEL32.dll | 698 | GlobalFree | |
KERNEL32.dll | 896 | OpenProcess | |
KERNEL32.dll | 624 | GetSystemDirectoryW | |
KERNEL32.dll | 214 | DeleteFileW | |
KERNEL32.dll | 643 | GetTempFileNameW | |
KERNEL32.dll | 645 | GetTempPathW | |
KERNEL32.dll | 840 | LocalFree | |
KERNEL32.dll | 350 | FormatMessageW | |
KERNEL32.dll | 960 | ReadFile | |
KERNEL32.dll | 663 | GetTimeFormatW | |
KERNEL32.dll | 456 | GetDateFormatW | |
KERNEL32.dll | 129 | CreateDirectoryW | |
KERNEL32.dll | 117 | CopyFileW | |
KERNEL32.dll | 1297 | WideCharToMultiByte | |
KERNEL32.dll | 687 | GetWindowsDirectoryW | |
KERNEL32.dll | 627 | GetSystemInfo | |
KERNEL32.dll | 448 | GetCurrentProcess | |
KERNEL32.dll | 476 | GetEnvironmentVariableW | |
KERNEL32.dll | 536 | GetModuleHandleW | |
KERNEL32.dll | 674 | GetVersion | |
KERNEL32.dll | 143 | CreateFileW | |
KERNEL32.dll | 237 | EndUpdateResourceW | |
KERNEL32.dll | 1202 | Sleep | |
KERNEL32.dll | 462 | GetDiskFreeSpaceExW | |
KERNEL32.dll | 209 | DeleteCriticalSection | |
KERNEL32.dll | 181 | CreateThread | |
KERNEL32.dll | 738 | InitializeCriticalSection | |
KERNEL32.dll | 238 | EnterCriticalSection | |
KERNEL32.dll | 825 | LeaveCriticalSection | |
KERNEL32.dll | 870 | MulDiv | |
KERNEL32.dll | 1358 | lstrlenW | |
KERNEL32.dll | 479 | GetExitCodeProcess | |
KERNEL32.dll | 1107 | SetEndOfFile | |
KERNEL32.dll | 659 | GetTickCount | |
KERNEL32.dll | 313 | FindFirstFileW | |
KERNEL32.dll | 325 | FindNextFileW | |
KERNEL32.dll | 302 | FindClose | |
KERNEL32.dll | 691 | GlobalAlloc | |
KERNEL32.dll | 831 | LoadLibraryW | |
KERNEL32.dll | 1246 | UpdateResourceA | |
KERNEL32.dll | 55 | BeginUpdateResourceA | |
KERNEL32.dll | 745 | InterlockedCompareExchange | |
KERNEL32.dll | 331 | FindResourceA | |
KERNEL32.dll | 211 | DeleteFileA | |
KERNEL32.dll | 1357 | lstrlenA | |
KERNEL32.dll | 136 | CreateFileA | |
KERNEL32.dll | 1247 | UpdateResourceW | |
KERNEL32.dll | 56 | BeginUpdateResourceW | |
KERNEL32.dll | 475 | GetEnvironmentVariableA | |
KERNEL32.dll | 1159 | SetStdHandle | |
KERNEL32.dll | 1316 | WriteConsoleW | |
KERNEL32.dll | 722 | HeapReAlloc | |
KERNEL32.dll | 780 | IsValidLocale | |
KERNEL32.dll | 269 | EnumSystemLocalesA | |
KERNEL32.dll | 516 | GetLocaleInfoA | |
KERNEL32.dll | 667 | GetUserDefaultLCID | |
KERNEL32.dll | 724 | HeapSize | |
KERNEL32.dll | 343 | FlushFileBuffers | |
KERNEL32.dll | 428 | GetConsoleMode | |
KERNEL32.dll | 410 | GetConsoleCP | |
KERNEL32.dll | 586 | GetProcessHeap | |
KERNEL32.dll | 871 | MultiByteToWideChar | |
KERNEL32.dll | 813 | LCMapStringW | |
KERNEL32.dll | 617 | GetStringTypeW | |
KERNEL32.dll | 518 | GetLocaleInfoW | |
KERNEL32.dll | 778 | IsValidCodePage | |
KERNEL32.dll | 567 | GetOEMCP | |
KERNEL32.dll | 360 | GetACP | |
KERNEL32.dll | 768 | IsDebuggerPresent | |
KERNEL32.dll | 1235 | UnhandledExceptionFilter | |
KERNEL32.dll | 1216 | TerminateProcess | |
KERNEL32.dll | 715 | HeapAlloc | |
KERNEL32.dll | 772 | IsProcessorFeaturePresent | |
KERNEL32.dll | 633 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 935 | QueryPerformanceCounter | |
KERNEL32.dll | 717 | HeapCreate | |
KERNEL32.dll | 453 | GetCurrentThreadId | |
KERNEL32.dll | 748 | InterlockedExchange | |
KERNEL32.dll | 1212 | SwitchToThread | |
KERNEL32.dll | 514 | GetLastError | |
KERNEL32.dll | 1273 | WaitForSingleObject | |
KERNEL32.dll | 82 | CloseHandle | |
KERNEL32.dll | 581 | GetProcAddress | |
KERNEL32.dll | 354 | FreeLibrary | |
KERNEL32.dll | 1317 | WriteFile | |
KERNEL32.dll | 1139 | SetLastError | |
KERNEL32.dll | 751 | InterlockedIncrement | |
KERNEL32.dll | 1222 | TlsFree | |
KERNEL32.dll | 1224 | TlsSetValue | |
KERNEL32.dll | 1223 | TlsGetValue | |
KERNEL32.dll | 1221 | TlsAlloc | |
KERNEL32.dll | 499 | GetFileType | |
KERNEL32.dll | 739 | InitializeCriticalSectionAndSpinCount | |
KERNEL32.dll | 836 | LocalAlloc | |
KERNEL32.dll | 828 | LoadLibraryA | |
KERNEL32.dll | 945 | RaiseException | |
KERNEL32.dll | 391 | GetCommandLineW | |
KERNEL32.dll | 611 | GetStartupInfoW | |
KERNEL32.dll | 1048 | RtlUnwind | |
KERNEL32.dll | 719 | HeapFree | |
KERNEL32.dll | 747 | InterlockedDecrement | |
KERNEL32.dll | 370 | GetCPInfo | |
KERNEL32.dll | 1189 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 281 | ExitProcess | |
KERNEL32.dll | 612 | GetStdHandle | |
KERNEL32.dll | 353 | FreeEnvironmentStringsW | |
KERNEL32.dll | 474 | GetEnvironmentStringsW | |
KERNEL32.dll | 1135 | SetHandleCount | |
GDI32.dll | 525 | GetStockObject | |
GDI32.dll | 293 | EnumFontFamiliesExW | |
GDI32.dll | 64 | CreateFontIndirectW | |
GDI32.dll | 230 | DeleteObject | |
GDI32.dll | 48 | CreateCompatibleDC | |
GDI32.dll | 459 | GetDeviceCaps | |
GDI32.dll | 509 | GetObjectW | |
GDI32.dll | 227 | DeleteDC | |
GDI32.dll | 631 | SelectObject | |
GDI32.dll | 550 | GetTextMetricsW | |
GDI32.dll | 542 | GetTextExtentPoint32W | |
ole32.dll | 108 | CoUninitialize | |
ole32.dll | 62 | CoInitialize | |
Secur32.dll | 27 | GetComputerObjectNameW | |
SHELL32.dll | 289 | ShellExecuteExW | |
SHELL32.dll | 207 | SHGetMalloc | |
SHELL32.dll | 215 | SHGetPathFromIDListW | |
SHELL32.dll | 223 | SHGetSpecialFolderLocation | |
SHELL32.dll | 290 | ShellExecuteW | |
SHELL32.dll | 286 | ShellExecuteA | |
USER32.dll | 526 | MessageBoxA | |
USER32.dll | 732 | ShowScrollBar | |
USER32.dll | 276 | GetClientRect | |
USER32.dll | 631 | SendMessageA | |
USER32.dll | 644 | SetClassLongW | |
USER32.dll | 715 | SetWindowTextW | |
USER32.dll | 491 | LoadCursorW | |
USER32.dll | 648 | SetCursor | |
USER32.dll | 97 | CreateDialogIndirectParamW | |
USER32.dll | 659 | SetForegroundWindow | |
USER32.dll | 216 | EnableWindow | |
USER32.dll | 300 | GetFocus | |
USER32.dll | 658 | SetFocus | |
USER32.dll | 621 | ScreenToClient | |
USER32.dll | 539 | MoveWindow | |
USER32.dll | 493 | LoadIconW | |
USER32.dll | 656 | SetDlgItemTextW | |
USER32.dll | 636 | SendMessageW | |
USER32.dll | 295 | GetDlgItem | |
USER32.dll | 540 | MsgWaitForMultipleObjects | |
USER32.dll | 563 | PeekMessageW | |
USER32.dll | 461 | IsDialogMessageW | |
USER32.dll | 764 | TranslateMessage | |
USER32.dll | 175 | DispatchMessageW | |
USER32.dll | 166 | DestroyWindow | |
USER32.dll | 735 | ShowWindow | |
USER32.dll | 627 | SendDlgItemMessageW | |
USER32.dll | 412 | GetWindowRect | |
USER32.dll | 748 | SystemParametersInfoW | |
USER32.dll | 245 | ExitWindowsEx | |
USER32.dll | 533 | MessageBoxW | |
USER32.dll | 208 | DrawTextW | |
USER32.dll | 382 | GetSystemMetrics | |
USER32.dll | 289 | GetDC | |
USER32.dll | 292 | GetDialogBaseUnits | |
USER32.dll | 613 | ReleaseDC | |
USER32.dll | 99 | CreateDialogParamW | |
USER32.dll | 495 | LoadImageW | |
CRYPT32.dll | 61 | CertFreeCertificateChain | |
CRYPT32.dll | 116 | CertVerifyCertificateChainPolicy | |
CRYPT32.dll | 69 | CertGetCertificateChain | |
WININET.dll | 116 | InternetCrackUrlW | |
WININET.dll | 109 | InternetCombineUrlW | |
msi.dll | 8 | ||
msi.dll | 150 | ||
msi.dll | 78 | ||
msi.dll | 92 |
ord | entry_va | function_name | |
---|---|---|---|
1 | 0x19c45 | _DecodePointerInternal@4 | |
2 | 0x19c23 | _EncodePointerInternal@4 |
StringTable 040904B0
CompanyName | |
FileDescription | Setup |
FileVersion | 10.0.30319.1 built by: RTMRel |
InternalName | setup.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | setup.exe |
ProductName | |
ProductVersion | 10.0.30319.1 |
VS_FIXEDFILEINFO
FileVersion | 10.0.30319.1 |
ProductVersion | 10.0.30319.1 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 4 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /CN=ShweBo
serial: -1ED555E72281EB5CB35C55129B49A101
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: (Negative)1e:d5:55:e7:22:81:eb:5c:b3:5c:55:12:9b:49:a1:01 Signature Algorithm: md5WithRSAEncryption Issuer: CN=ShweBo Validity Not Before: Nov 3 13:02:23 2012 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=ShweBo Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:b2:85:72:c8:ee:8c:52:81:80:37:61:df:e9:6a: 75:b6:7b:ae:96:48:fc:64:e4:e7:ed:19:00:e7:e2: 59:b3:a2:69:a4:c9:53:73:57:7e:dc:a3:f8:1c:28: 1a:5a:97:a5:83:55:bc:b7:80:9f:b2:dc:96:74:b6: d6:16:de:b0:2c:69:8d:ee:eb:97:a2:04:de:8c:c3: db:d9:b3:ff:32:64:ed:c2:db:f2:cd:87:dd:8a:f4: b0:23:8a:62:0e:d8:eb:4e:10:0f:6b:6e:83:44:5c: c5:90:88:c7:8d:c3:56:c7:b7:31:ce:9d:45:3b:13: 51:dc:15:75:ec:62:70:fb:23 Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.4: critical 0.0.0.. +.....7....... X509v3 Extended Key Usage: Code Signing 2.5.29.1: 09...&.0?p.....D.'l...0.1.0..U....ShweBo...*...~..L...d.^. Signature Algorithm: md5WithRSAEncryption 21:46:87:eb:f7:21:21:f6:c5:00:92:e6:26:02:d8:77:79:25: 01:fc:61:0e:93:f0:3d:4e:6c:54:a3:28:ed:4d:65:fe:99:59: 61:0a:2f:13:ab:b4:ba:be:a6:56:31:b6:98:da:a3:d1:e0:a5: 10:85:a8:8c:d9:1e:23:cd:79:43:ad:02:85:e1:f9:eb:21:39: 56:09:25:88:80:e5:0e:c6:6b:37:f7:49:64:54:a5:9c:7c:ec: 18:f9:a6:71:2f:fe:8e:fb:98:72:19:e5:68:cf:00:2c:a4:2a: c2:b0:07:43:9a:e0:58:13:79:ab:42:b5:2c:d5:13:71:ee:e5: 17:7b
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
2f 21 38 80 75 cc f3 b0 42 55 f2 42 30 21 be 18 |/!8.u...BU.B0!..| 8f dc a0 f5 |.... |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- -40984541421616798889843474368679223553
- RSA-MD5: nil
- CN: ShweBo
- 2012-11-03 13:02:23 UTC: 2039-12-31 23:59:59 UTC
- CN: ShweBo
- #5
- rsaEncryption: nil
- B2:85:72:C8:EE:8C:52:81:80:37:61:DF:E9:6A:75:B6:
7B:AE:96:48:FC:64:E4:E7:ED:19:00:E7:E2:59:B3:A2:
69:A4:C9:53:73:57:7E:DC:A3:F8:1C:28:1A:5A:97:A5:
83:55:BC:B7:80:9F:B2:DC:96:74:B6:D6:16:DE:B0:2C:
69:8D:EE:EB:97:A2:04:DE:8C:C3:DB:D9:B3:FF:32:64:
ED:C2:DB:F2:CD:87:DD:8A:F4:B0:23:8A:62:0E:D8:EB:
4E:10:0F:6B:6E:83:44:5C:C5:90:88:C7:8D:C3:56:C7:
B7:31:CE:9D:45:3B:13:51:DC:15:75:EC:62:70:FB:23: 0x010001
- #6
- 2.5.29.4
- true
- msCodeInd: 0x80
- extendedKeyUsage: codeSigning
- 2.5.29.1
b6 26 82 30 3f 70 8a d1 de f5 cb 44 df 27 6c d0 |.&.0?p.....D.'l.|
- CN: ShweBo
e1 2a aa 18 dd 7e 14 a3 4c a3 aa ed 64 b6 5e ff |.*...~..L...d.^.|
- 2.5.29.4
- RSA-MD5:
21 46 87 eb f7 21 21 f6 c5 00 92 e6 26 02 d8 77 |!F...!!.....&..w| 79 25 01 fc 61 0e 93 f0 3d 4e 6c 54 a3 28 ed 4d |y%..a...=NlT.(.M| 65 fe 99 59 61 0a 2f 13 ab b4 ba be a6 56 31 b6 |e..Ya./......V1.| 98 da a3 d1 e0 a5 10 85 a8 8c d9 1e 23 cd 79 43 |............#.yC| ad 02 85 e1 f9 eb 21 39 56 09 25 88 80 e5 0e c6 |......!9V.%.....| 6b 37 f7 49 64 54 a5 9c 7c ec 18 f9 a6 71 2f fe |k7.IdT..|....q/.| 8e fb 98 72 19 e5 68 cf 00 2c a4 2a c2 b0 07 43 |...r..h..,.*...C| 9a e0 58 13 79 ab 42 b5 2c d5 13 71 ee e5 17 7b |..X.y.B.,..q...{|
- 2
- 1
- #0
- CN: ShweBo
- -40984541421616798889843474368679223553
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- 1.3.6.1.4.1.311.2.1.11: msCodeInd
- messageDigest:
7e 36 f9 6e 3e d9 d6 e3 bb 1d 5e 46 1b 36 bf 37 |~6.n>.....^F.6.7| 9f d4 5d cc |..]. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
1c 58 b9 09 ee d7 ae f4 d5 b3 61 10 48 72 0a 3a |.X........a.Hr.:| 6f 60 95 64 91 b1 a0 44 ad 01 af a7 49 e3 eb 72 |o`.d...D....I..r| 52 de 80 ba a4 d3 4b b6 c0 09 74 48 5d d8 2e 77 |R.....K...tH]..w| 91 a7 a0 37 5f 91 9d be 08 8b bf 35 94 b8 5b 92 |...7_......5..[.| e2 21 fc 1b a7 95 13 a5 ae 2c a3 d9 b7 a9 c0 f5 |.!.......,......| bc 25 d7 04 b9 2e f3 21 2c d6 ad 54 8b f3 bf 82 |.%.....!,..T....| 0d cd fd 37 ba 24 15 fa 5f ee 07 83 f2 54 ee 59 |...7.$.._....T.Y| bc 22 4d e2 31 a0 c0 45 4c bd 18 8b 4e f3 fa 0d |."M.1..EL...N...|
- #0
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK