voobys.exe

info
MZ
PE
resources
strings
imports
foremost
7zip
hexdump
disasm
log
discuss
donate

filename	voobys.exe
size	43072020 (0x2913a14)
md5	8ed74770c96d56579eec9e31e9db898a

type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, RAR self-extracting archive
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x200

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x41ceda00
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	5.0
SizeOfCode	0xb000
SizeOfInitializedData	0x2000
SizeOfUninitializedData	0x16000
AddressOfEntryPoint	0x21be0
BaseOfCode	0x17000
BaseOfData	0x22000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x24000
SizeOfHeaders	0x1000
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x2000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0x16000	0	RWX UDATA
UPX1	0x17000	0xb000	0xae00	RWX IDATA
.rsrc	0x22000	0x2000	0x1c00	RW- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x2393c	0x1dc
RESOURCE	0x22000	0x193c
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
BITMAP	#101	2998
ICON	#1	296
ICON	#2	1384
ICON	#3	744
ICON	#4	2216
DIALOG	ASKNEXTVOL	642
DIALOG	GETPASSWORD1	314
DIALOG	LICENSEDLG	232
DIALOG	RENAMEDLG	302
DIALOG	REPLACEFILEDLG	824
DIALOG	STARTDLG	546
STRING	#7	556
STRING	#8	886
STRING	#9	530
STRING	#10	638
RCDATA	DVCLAL	16
GROUP_ICON	#100	62
MANIFEST	#1	531

id	lang	string
96	1049	0d b0 45 11 f7 c6 31 56 d8 b0 02 55 2c d1 e0 53 \|..E...1V...U,..S\| a4 5a c9 eb 10 98 da c1 82 e0 04 72 f2 d5 43 ad \|.Z.........r..C.\| 5b 64 bf 1d 74 23 3b a9 89 f8 b8 c1 08 e2 87 70 \|[d..t#;........p\| 4a c4 a4 6f e0 77 2d 04 77 1f fa 10 7e 0b 83 c6 \|J..o.w-.w...~...\| f0 e4 08 4a 64 a1 6f 31 1a b8 25 b1 14 0f 08 3e \|...Jd.o1..%....>\| ca 55 f1 9d 3d ad 12 42 13 20 08 0e b4 67 0f ed \|.U..=..B. ...g..\| a0 8c dc 93 9a 15 4c 67 ab 53 3a a0 bf 06 f4 19 \|......Lg.S:.....\| 3b b3 dc cc 08 88 67 d1 d9 07 e4 d0 f6 61 bf 82 \|;.....g......a..\| 8e 96 65 01 12 d3 18 f6 68 54 0c 73 34 48 f2 1e \|..e.....hT.s4H..\| b6 d6 e1 b7 b6 83 3e 8b 91 59 ab b9 a9 f0 07 be \|......>..Y......\| 70 32 12 8a 94 11 11 88 91 6e 0a dc 95 62 8f e1 \|p2.......n...b..\| 40 08 8a 0a 44 1d bc 01 6b 77 3f e8 0c 12 ef 81 \|@...D...kw?.....\| 80 03 f8 09 06 03 fa ea c1 67 6b 25 34 01 8b 81 \|.........gk%4...\| a1 df b6 25 58 c3 1a ce fa af 20 20 8b 45 04 2b \|...%X..... .E.+\| 5c e0 46 cd 45 00 56 df ff c1 d2 0e 4a aa 89 da \|\.F.E.V.....J...\| 1b 33 07 03 d1 1d 5f ea 6f e3 63 6f d7 f5 81 c7 \|.3...._.o.co....\| 70 5d 17 3b c2 73 d3 b1 8e d6 44 2f 01 a1 80 0f \|p].;.s....D/....\| 92 42 00 36 cc 16 bb 8b 6a 91 7c 4a 21 08 80 2e \|.B.6....j.\|J!...\| b4 2d 94 f0 80 d0 0d c0 55 c2 80 96 83 6d 89 8c \|.-......U....m..\| 20 6e 07 bf 01 7b 3b 76 ec 17 c6 94 01 ff 84 eb \| n...{;v........\| 5d 22 07 89 81 39 71 d9 4a 05 88 26 fa 29 17 e7 \|]"...9q.J..&.)..\| 20 de 46 61 81 44 5b 20 b7 c9 c4 37 3b 0a 8a 90 \| .Fa.D[ ...7;...\| d8 10 0e 91 58 36 16 a1 68 34 1d cd 5b d8 8b 85 \|....X6..h4..[...\| 6b b6 f7 6c 88 da 37 5e 84 11 1a 35 ac 31 83 e8 \|k..l..7^...5.1..\| db 2f 7c 63 50 64 af 50 0c 01 d4 48 10 2b 48 0c \|./\|cPd.P...H.+H.\| 0b 48 a5 1b 1c 54 db 60 f5 6f eb f8 3c 19 8c dd \|.H...T.`.o..<...\| b3 88 22 81 3e 33 c6 16 ff 80 3b 18 1b 13 4e 31 \|..".>3....;...N1\| 93 74 20 d9 ba 63 23 cb 83 0a a3 78 05 08 06 70 \|.t ..c#....x...p\| 12 f1 fb ec 8b 62 d0 03 93 15 33 d0 3f ed 08 de \|.....b....3.?...\| bb 99 72 a8 81 bb 0f 0b 73 1a 3a 03 ff 4a bd 23 \|..r.....s.:..J.#\| b0 01 f7 d9 e6 67 84 87 85 7e ae b4 1d 75 82 ba \|.....g...~...u..\| 5c de bc e6 28 42 a5 5e 16 08 b5 58 58 64 32 0f \|\...(B.^...XXd2.\| 16 a2 6b c4 c1 f8 fe 74 c2 37 f8 2c 1a 1f 58 68 \|..k....t.7.,..Xh\| 90 25 f3 8a 50 b6 d7 51 c7 a6 84 46 ac 83 0c 12 \|.%..P..Q...F....\| 5c 58 fb de 47 b6 30 75 28 11 3a 02 \|\X..G.0u(.:. \|
112	1049	60 7b 11 6a c7 da 17 b8 10 41 02 f9 9b b7 3a 16 \|`{.j.....A....:.\| 9f 83 eb 6b 03 fa 8c ea 6c 0a 46 2d 58 3c 5b 20 \|...k....l.F-X<[ \| 79 45 48 43 90 48 a4 5e bb 24 7f 32 c8 3f c7 17 \|yEHC.H.^.$.2.?..\| ff 07 8b 4f 65 f4 8a 00 5b eb 6d 67 69 e1 8b da \|...Oe...[.mgi...\| 3c 47 43 ab 6c 84 02 d4 e8 f5 50 d2 a1 6a c3 a4 \|...G,.N\| 08 f7 c3 b7 ed 0c 28 3e c6 94 10 6b 07 0f 09 2b \|......(>...k...+\| cf 0f fd ee 02 0d 6c 0d d0 3b 2d 0f 9f c1 6b ff \|......l..;-...k.\| 0b d8 1a a2 0c aa 34 d1 19 4e 77 ec 24 d8 f8 cf \|......4..Nw.$...\| e5 c9 12 8b 88 62 0d b1 59 b0 2a 27 17 e5 88 47 \|.....b..Y.'...G\| ff c1 0e 78 37 3a 8a 4a 02 d3 ff 89 7c 42 59 95 \|...x7:.J....\|BY.\| fb a3 47 29 0a 83 0b 5e 16 45 87 dd 03 11 89 88 \|..G)...^.E......\| 5e 6e 11 bc bf de 80 07 b7 8d 90 40 bc 85 06 08 \|^n.........@....\| 1c 4b 5b 46 0f a3 a2 23 c3 c0 fa a3 42 c0 05 3b \|.K[F...#....B..;\| c2 c3 c2 df 0b 99 3a a9 74 ea 12 d7 d1 b0 81 17 \|......:.t.......\| 01 2f 02 50 ff ec f9 70 40 71 75 d7 8b b3 c9 01 \|./.P...p@qu.....\| 76 34 51 04 fa 4f c6 89 47 9d c0 58 3e c3 47 07 \|v4Q..O..G..X>.G.\| c2 fa 82 c4 85 5a f0 71 3b 03 b8 8d a4 ce dd 80 \|.....Z.q;.......\| 03 c2 73 eb 05 58 11 e2 c2 03 da b6 78 66 81 09 \|..s..X......xf..\| 7d ed a1 d0 9b 70 2c f8 7e b0 f6 5e a8 c0 05 b4 \|}....p,.~..^....\| 6e 07 73 31 21 a2 5b ec ec 08 fe b1 8a 51 2a f0 \|n.s1!.[......Q.\| 8e 6d af 23 0d ff 11 06 01 11 25 7d b7 6a d5 16 \|.m.#......%}.j..\| fe db 70 d2 e2 14 88 65 19 c3 b1 26 8b 39 2f 4a \|..p....e...&.9/J\| c1 75 70 54 9a 4a 46 94 f3 2c 80 e3 e1 cc f3 fe \|.upT.JF..,......\| c3 4c 8b 62 1f 1d e9 44 eb 58 4d 83 7c 8a 64 3c \|.L.b...D.XM.\|.d<\| f7 ca 16 95 03 71 fa 1e a5 f2 06 c1 0a 1c 35 c2 \|.....q........5.\| d9 98 df dc 03 2d e4 2c 6d 33 62 ed e5 9c 02 19 \|.....-.,m3b.....\| 16 40 c0 c6 e3 eb 4e 14 03 1c 24 98 d2 0f a0 8b \|.@....N...$.....\| cd 74 2c 34 8a 87 b7 14 bc 50 77 05 65 c2 f7 f7 \|.t,4.....Pw.e...\| 1f 0f 83 f8 03 4e 10 dc 82 8b 58 08 cb 12 a5 81 \|.....N....X.....\| f2 8b c6 3b 75 d3 6d a9 44 eb 52 3a 32 74 5a 3b \|...;u.m.D.R:2tZ;\| 88 6f ba 70 8a 0e 3a 62 75 f6 30 3a 46 fb 72 48 \|.o.p..:bu.0:F.rH\| 0d a6 8f 5e 23 14 8d 56 e7 18 82 0e 14 4e 1d 32 \|...^#..V.....N.2\| 52 6c 1c 20 bf f5 d5 d9 e7 a4 16 02 14 42 7b 18 \|Rl. .........B{.\| 78 b5 bd 3a d0 8d 06 20 8e 82 57 db 9b 74 73 73 \|x..:... ..W..tss\| 1b 80 55 02 7d 4a 13 4b 85 ee 62 02 88 20 62 6d \|..U.}J.K..b.. bm\| d1 be 7d 00 17 89 5c 42 1f 09 80 ad db ce cf 01 \|..}...\B........\| 1c c8 8b ce c8 f2 81 97 c6 89 42 87 87 da b1 3e \|..........B....>\| 2c b2 84 0b 04 7d \|,....} \|
128	1049	26 5a 22 de 07 f5 ff 87 05 f8 88 f0 06 88 95 12 \|&Z".............\| 0a 33 3b 87 e8 4b 6d 3c 6f 41 20 83 df 03 02 92 \|.3;..Km\| 34 c4 2c 76 58 9d ee 99 1e 4c c8 02 10 60 80 d9 \|4.,vX....L...`..\| 21 27 10 4d 6d 0f 3b 3e a8 7b 04 24 e6 01 87 4b \|!'.Mm.;>.{.$...K\| 23 c5 18 72 df b8 77 03 3b 51 cd 0f 96 c2 57 fc \|#..r..w.;Q....W.\| 5e e0 f0 0e 1d 0e ce 36 66 23 d0 14 38 e3 95 ee \|^......6f#..8...\| 12 90 66 68 60 c2 06 03 e5 45 fe da 7a 2c 18 a0 \|..fh`....E..z,..\| fb 43 2a a4 50 10 3d 96 d5 c9 ad 86 84 50 89 54 \|.C*.P.=......P.T\| 59 1d 28 86 6a 3c 97 bd 00 b3 a6 8a 94 94 00 eb \|Y.(.j<..........\| 5b 8b 5e 08 a7 8b f5 45 5c 11 01 86 57 93 91 11 \|[.^....E\...W...\| 3d 96 96 e2 a2 61 a4 e1 eb 25 bd 50 04 2f ca 11 \|=....a...%.P./..\| e2 99 13 cd 8e 45 d1 a5 b7 19 a2 c8 4a ee f7 14 \|.....E......J...\| 5f c9 44 cd c1 89 06 bb 03 f7 db 54 61 fa 92 5c \|_.D........Ta..\\| 3c 1e 73 05 63 47 dd 8b ad fa 04 78 09 e0 97 90 \|<.s.cG.....x....\| e5 ed bc 81 ef 0c 03 0f 97 f2 d1 66 89 fc 68 cd \|...........f..h.\| 05 17 eb 66 af 83 c1 a8 8f 97 1a 70 12 af c1 03 \|...f.......p....\| b2 ca 0c 27 a2 6f 34 49 3b c1 73 1f 2d f2 d3 11 \|...'.o4I;.s.-...\| 2e e5 34 55 0f 93 40 c8 41 d7 ad 2d b5 db 03 cc \|..4U..@.A..-....\| eb 39 \|.9 \|
144	1049	f2 27 18 54 17 e8 6c 23 e6 5b 3b c6 0b b4 f6 5f \|.'.T..l#.[;...._\| 63 73 01 4e 03 ce 1b 3a e3 d6 56 30 b4 65 39 65 \|cs.N...:..V0.e9e\| 03 6d 3d df 0c f4 eb 8b f5 ed 03 f6 8c b6 45 89 \|.m=...........E.\| 56 02 2d bd b5 4f cd 0e 88 b3 98 2b 8b 5b cc 9f \|V.-..O.....+.[..\| 93 a9 80 23 55 85 c9 1f 65 71 7a d6 2c 0f 1b eb \|...#U...eqz.,...\| 0e c7 58 20 42 0d e0 87 dc 0e 60 c0 61 d4 92 7f \|..X B.....`.a...\| 4b d2 2b 17 fa 0c cf 26 50 f3 00 4c 0a c9 f2 c8 \|K.+....&P..L....\| b2 94 dc 34 01 00 1c 40 d1 8b 78 76 4c 20 e0 80 \|...4...@..xvL ..\| af e5 58 40 6c 76 57 89 5c 57 ec 9c 9c 6c 06 68 \|..X@lvW.\W...l.h\| 69 6a 6f 16 42 48 c0 9b 9d 86 19 a8 de 8b 13 47 \|ijo.BH.........G\| d7 00 35 f4 1a 86 49 34 50 02 26 37 f7 58 59 a1 \|..5...I4P.&7.XY.\| 78 1a f8 de 37 7b 4b c3 93 0f 98 c4 ae 74 07 ec \|x...7{K......t..\| c2 0f 00 2f 94 f0 e1 05 42 2a 4a 02 fc a4 77 04 \|.../....BJ...w.\| 12 b0 ef 56 25 06 f4 aa 09 27 68 d6 20 a8 c7 36 \|...V%....'h. ..6\| 2a 57 b3 c6 f6 75 19 30 61 c2 49 aa eb 0d 24 22 \|W...u.0a.I...$"\| b6 a9 ce 0a 5a d1 5c 88 ea 1d e7 46 2d 98 a0 ac \|....Z.\....F-...\| ef 10 9b cd ff 02 0f 98 b0 55 a4 2b d9 8b cb 81 \|.........U.+....\| f9 fc fe 3f 81 67 bf d7 45 bf b8 15 0f 73 75 21 \|...?.g..E....su!\| ff 5e fb 2c b8 80 05 36 b0 03 f3 13 07 a3 ec 17 \|.^.,...6........\| 22 05 41 88 1e eb 20 21 db 52 cd fe 4a 75 dd eb \|".A... !.R..Ju..\| 37 8b d9 1a 39 ff 56 8b 67 1f 22 62 60 5b 1c 3e \|7...9.V.g."b`[.>\| 3f 43 3a 82 7a 67 19 89 0c 2e c2 08 16 5c 0a 83 \|?C:.zg.......\..\| 75 c9 0b b7 35 a0 ad 91 30 b0 30 31 05 b8 11 ad \|u...5...0.01....\| 0a 1c 35 31 01 3e 06 f4 88 6b c6 31 02 0b d9 7d \|..51.>...k.1...}\| f7 bd 43 eb 4a 6a fe 05 3b 5a 24 73 61 22 bd bc \|..C.Jj..;Z$sa"..\| bc 04 14 73 31 0c 73 19 08 73 0a 07 6d d8 4b b4 \|...s1.s..s..m.K.\| 56 06 d8 be 02 09 18 46 c6 00 ea 10 73 07 af 7f \|V......F....s...\| 78 e7 a7 d9 de 12 1c 73 13 17 18 05 67 be 06 e5 \|x......s....g...\| f9 69 b6 60 12 20 07 54 be 08 4d f9 e9 9e ed 34 \|.i.`. .T..M....4\| 73 2b 2f 2c 28 1c 09 37 be 0a 7b 7e 9a ed 30 12 \|s+/,(..7..{~..0.\| 30 0b 24 be 0c 1d 2a 24 a0 9a 67 3c 38 0d 1b 29 \|0.$...$..g<8..)\| 4c 44 64 0e bc d9 f8 4b 85 60 48 3b b5 07 c1 ff \|LDd....K.`H;....\| 03 01 38 f8 ff bb e0 c2 c3 b9 10 dc 04 b2 2b ce \|..8...........+.\| d3 e8 03 44 b2 44 3b 16 14 7f 95 38 21 84 82 84 \|...D.D;....8!...\| 97 29 88 2e 06 81 b4 6c a1 d8 04 fc 83 3d ac a5 \|.).....l.....=..\| 27 43 33 9b ad 8a 41 d0 be ba 75 7b 77 a1 1a ae \|'C3...A...u{w...\| 85 a8 19 88 90 98 a6 05 46 40 4f fd 54 b1 51 bd \|........F@O.T.Q.\| 20 e5 03 fd 06 3b 2a 2e c1 02 e8 7c 2a 7c d9 ce \| ....;....\|\|..\| c6 bb ba 3a 42 98 04 13 7c c9 4a 74 da 83 46 96 \|...:B...\|.Jt..F.\| 2a 68 39 d6 64 0a 98 55 31 56 bc 3a 09 a8 \|h9.d..U1V.:.. \|

module_name	ord	function_name
KERNEL32.DLL		LoadLibraryA
KERNEL32.DLL		GetProcAddress
KERNEL32.DLL		ExitProcess
ADVAPI32.DLL		RegCloseKey
COMCTL32.DLL	17
COMDLG32.DLL		GetOpenFileNameA
GDI32.DLL		DeleteObject
OLE32.DLL		OleInitialize
SHELL32.DLL		SHGetMalloc
USER32.DLL		SetMenu

show previews

offset	size	type	comment
0	52736	EXE	12/26/2004 15:34:24	#
15c1	15	HTM		#
ce00	51207	RAR	Password Protected:Encrypted Headers!	#
19607	42968077	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 43072020 bytes (42 MiB)


--
Type = Rar
Offset = 52736
Physical Size = 43019284
Solid = -
Blocks = 8
Multivolume = -
Volumes = 1

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2007-11-02 20:05:49 ....A          145          131  Settings.ini
2011-08-21 04:20:59 ....A       472064       154965  setup.exe
2003-09-30 13:22:10 ....A         1632          809  Config.ini
2007-10-23 22:01:36 ....A     23510720     23480403  dotnetfx.exe
2011-08-21 04:21:16 ....A     14069760     13392894  VoobysSetup2011.msi
2007-10-23 22:00:58 ....A      1827008      1788539  langpack.exe
2007-10-23 22:36:00 ....A      2585872      2530000  WindowsInstaller-KB893803-v2-x86.exe
2007-10-23 22:35:38 ....A      1709160      1670954  instmsia.exe
------------------- ----- ------------ ------------  ------------------------
2011-08-21 04:21:16           44176361     43018695  8 files

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[!] string size(90138) > stringtable size(556). truncated to 554

[!] cannot convert "E\x11\xF7\xC61V\xD8\xB0\x02U,\xD1\xE0S\xA4Z"... to UTF-16

[!] string size(63168) > stringtable size(886). truncated to 884

[!] cannot convert "\x11j\xC7\xDA\x17\xB8\x10A\x02\xF9\x9B\xB7:\x16\x9F\x83"... to UTF-16

[!] string size(46156) > stringtable size(530). truncated to 528

[!] cannot convert "\"\xDE\a\xF5\xFF\x87\x05\xF8\x88\xF0\x06\x88\x95\x12\n3"... to UTF-16

[!] string size(20452) > stringtable size(638). truncated to 636

[!] cannot convert "\x18T\x17\xE8l#\xE6[;\xC6\v\xB4\xF6_cs"... to UTF-16