mysteryfile.exe

info
MZ
PE
resources
imports
foremost
7zip
signature
hexdump
disasm
log
discuss
donate

filename	mysteryfile.exe
size	62456 (0xf3f8)
md5	8f6a8a6faf6c876634042c2fabb186ef

type	PE Unknown PE signature 0x10b0 (Windows CE) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe8

Rich Header

lib id	version	times used
125	50727	16
110	50727	25
109	50727	74
93	4035	5
1	0	78
114	50727	1
124	50727	1
120	50727	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	7
TimeDateStamp	0x47f08fec
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b0
LinkerVersion	8.0
SizeOfCode	0x7000
SizeOfInitializedData	0x8000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1229
BaseOfCode	0x1000
BaseOfData	0x8000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x1000
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x10000
SizeOfHeaders	0x1000
CheckSum	0x133f1
Subsystem	9
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x6326	0x7000	R-X CODE
.rdata	0x8000	0x1be8	0x2000	R-- IDATA
.data	0xa000	0x197c	0x1000	RW- IDATA
foobar1	0xc000	4	0x1000	RW- IDATA
foobar2	0xd000	4	0x1000	RW- IDATA
foobar3	0xe000	4	0x1000	RW- IDATA
.rsrc	0xf000	0x508	0x1000	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x9614	0x3c
RESOURCE	0xf000	0x508
EXCEPTION	0	0
SECURITY	0xf000	0x3f8
BASERELOC	0	0
DEBUG	0x8140	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x92e8	0x40
Bound_IAT	0	0
IAT	0x8000	0x104
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
ICON	#1	744
ICON	#2	296
GROUP_ICON	#102	34

module_name	hint	function_name
USER32.dll	486	MessageBoxW
KERNEL32.dll	529	HeapCreate
KERNEL32.dll	533	HeapFree
KERNEL32.dll	488	GetVersionExA
KERNEL32.dll	527	HeapAlloc
KERNEL32.dll	419	GetProcessHeap
KERNEL32.dll	860	TerminateProcess
KERNEL32.dll	322	GetCurrentProcess
KERNEL32.dll	876	UnhandledExceptionFilter
KERNEL32.dll	840	SetUnhandledExceptionFilter
KERNEL32.dll	568	IsDebuggerPresent
KERNEL32.dll	416	GetProcAddress
KERNEL32.dll	383	GetModuleHandleA
KERNEL32.dll	185	ExitProcess
KERNEL32.dll	930	WriteFile
KERNEL32.dll	441	GetStdHandle
KERNEL32.dll	381	GetModuleFileNameA
KERNEL32.dll	382	GetModuleFileNameW
KERNEL32.dll	246	FreeEnvironmentStringsA
KERNEL32.dll	628	MultiByteToWideChar
KERNEL32.dll	341	GetEnvironmentStrings
KERNEL32.dll	247	FreeEnvironmentStringsW
KERNEL32.dll	369	GetLastError
KERNEL32.dll	343	GetEnvironmentStringsW
KERNEL32.dll	272	GetCommandLineA
KERNEL32.dll	273	GetCommandLineW
KERNEL32.dll	803	SetHandleCount
KERNEL32.dll	358	GetFileType
KERNEL32.dll	439	GetStartupInfoA
KERNEL32.dll	129	DeleteCriticalSection
KERNEL32.dll	867	TlsGetValue
KERNEL32.dll	865	TlsAlloc
KERNEL32.dll	868	TlsSetValue
KERNEL32.dll	866	TlsFree
KERNEL32.dll	555	InterlockedIncrement
KERNEL32.dll	807	SetLastError
KERNEL32.dll	326	GetCurrentThreadId
KERNEL32.dll	551	InterlockedDecrement
KERNEL32.dll	531	HeapDestroy
KERNEL32.dll	897	VirtualFree
KERNEL32.dll	674	QueryPerformanceCounter
KERNEL32.dll	478	GetTickCount
KERNEL32.dll	323	GetCurrentProcessId
KERNEL32.dll	457	GetSystemTimeAsFileTime
KERNEL32.dll	592	LeaveCriticalSection
KERNEL32.dll	152	EnterCriticalSection
KERNEL32.dll	593	LoadLibraryA
KERNEL32.dll	546	InitializeCriticalSection
KERNEL32.dll	852	Sleep
KERNEL32.dll	260	GetCPInfo
KERNEL32.dll	253	GetACP
KERNEL32.dll	403	GetOEMCP
KERNEL32.dll	574	IsValidCodePage
KERNEL32.dll	895	VirtualAlloc
KERNEL32.dll	537	HeapReAlloc
KERNEL32.dll	726	RtlUnwind
KERNEL32.dll	539	HeapSize
KERNEL32.dll	372	GetLocaleInfoA
KERNEL32.dll	914	WideCharToMultiByte
KERNEL32.dll	442	GetStringTypeA
KERNEL32.dll	445	GetStringTypeW
KERNEL32.dll	579	LCMapStringA
KERNEL32.dll	580	LCMapStringW

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=SystApplSecur rulz OK!

serial: -0C059ABB5288F76EB6A09FD0700433FF

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)0c:05:9a:bb:52:88:f7:6e:b6:a0:9f:d0:70:04:33:ff
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=SystApplSecur rulz OK!
        Validity
            Not Before: Mar 29 18:06:26 2008 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=SysTApplSecur rulz OK!
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:a1:6c:cd:02:f1:25:75:be:25:f0:d0:26:d4:be:
                    73:c6:59:07:43:26:34:db:b7:70:fb:fe:cd:49:4d:
                    9a:db:98:9b:6b:34:d5:ab:a5:7b:14:3f:ce:76:75:
                    43:7c:b3:d7:e6:bc:38:08:4e:11:81:c8:5a:05:1c:
                    27:ab:ab:2e:b9:cf:9a:a8:ce:79:5a:fe:78:af:69:
                    f3:62:10:f5:e4:50:99:29:96:a6:9a:84:79:e2:b4:
                    bb:9a:70:f2:58:f4:9a:84:48:d3:0f:b5:1e:91:4e:
                    b1:e1:d8:1d:48:03:56:ee:75:7b:8a:c3:04:e9:fa:
                    32:7b:38:00:f8:96:3f:dc:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1: 
                0I........l=.I.J%#\..#0!1.0...U....SystApplSecur rulz OK!....eD.w..I_`/....
    Signature Algorithm: md5WithRSAEncryption
         09:1d:8c:b5:15:a5:b8:ae:d6:f5:f8:61:00:36:c7:7a:43:46:
         52:78:52:da:6a:f2:cd:35:47:eb:5c:a8:fe:f2:00:69:78:8b:
         df:3a:e0:00:93:59:72:3b:d4:08:5d:81:87:77:81:26:df:eb:
         3d:0c:f0:a7:e4:e3:c8:6e:65:e1:e4:09:f0:76:33:e1:ce:3f:
         31:9a:d0:5a:1b:8a:f6:d2:dd:e8:6e:15:9a:82:dc:e4:f0:60:
         f3:d0:09:96:39:4e:46:59:82:4b:22:e5:e0:0b:dd:81:38:fc:
         fc:36:41:e7:dd:df:d8:22:2e:c4:f5:6a:9b:00:d1:ad:4c:7c:
         1c:89

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

07 e6 36 fe a4 98 fc 50 10 3d 85 37 87 d7 09 c9 |..6....P.=.7....| bd 60 8b 9c |.`.. |

2
- -15979835766000370321305451016795468799
- RSA-MD5: nil
- CN: SystApplSecur rulz OK!
- 2008-03-29 18:06:26 UTC: 2039-12-31 23:59:59 UTC
- CN: SysTApplSecur rulz OK!
- #5
  - rsaEncryption: nil
  - A1:6C:CD:02:F1:25:75:BE:25:F0:D0:26:D4:BE:73:C6:
    59:07:43:26:34:DB:B7:70:FB:FE:CD:49:4D:9A:DB:98:
    9B:6B:34:D5:AB:A5:7B:14:3F:CE:76:75:43:7C:B3:D7:
    E6:BC:38:08:4E:11:81:C8:5A:05:1C:27:AB:AB:2E:B9:
    CF:9A:A8:CE:79:5A:FE:78:AF:69:F3:62:10:F5:E4:50:
    99:29:96:A6:9A:84:79:E2:B4:BB:9A:70:F2:58:F4:9A:
    84:48:D3:0F:B5:1E:91:4E:B1:E1:D8:1D:48:03:56:EE:
    75:7B:8A:C3:04:E9:FA:32:7B:38:00:F8:96:3F:DC:83: 0x010001
- 2.5.29.1
  - 8b a4 df 90 a0 86 6c 3d a6 49 b6 4a 25 23 5c e8 |......l=.I.J%#\.|
    - CN: SystApplSecur rulz OK!
    - f3 fa 65 44 ad 77 08 91 49 5f 60 2f 8f fb cc 01 |..eD.w..I_`/....|

RSA-MD5:

09 1d 8c b5 15 a5 b8 ae  d6 f5 f8 61 00 36 c7 7a  |...........a.6.z|
43 46 52 78 52 da 6a f2  cd 35 47 eb 5c a8 fe f2  |CFRxR.j..5G.\...|
00 69 78 8b df 3a e0 00  93 59 72 3b d4 08 5d 81  |.ix..:...Yr;..].|
87 77 81 26 df eb 3d 0c  f0 a7 e4 e3 c8 6e 65 e1  |.w.&..=......ne.|
e4 09 f0 76 33 e1 ce 3f  31 9a d0 5a 1b 8a f6 d2  |...v3..?1..Z....|
dd e8 6e 15 9a 82 dc e4  f0 60 f3 d0 09 96 39 4e  |..n......`....9N|
46 59 82 4b 22 e5 e0 0b  dd 81 38 fc fc 36 41 e7  |FY.K".....8..6A.|
dd df d8 22 2e c4 f5 6a  9b 00 d1 ad 4c 7c 1c 89  |..."...j....L|..|

#0
- CN: SystApplSecur rulz OK!
- -15979835766000370321305451016795468799
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

46 78 eb 3f 36 6f 6d 3a  08 67 8b 1d 9b d7 18 b5  |Fx.?6om:.g......|
02 d6 7b e9                                       |..{.            |

rsaEncryption:

80 0d 10 3d 51 8a af ed  b6 83 67 9d c4 e6 23 ac  |...=Q.....g...#.|
19 63 8b f9 1e b9 1f aa  cc d4 ed 7b a4 04 9e f1  |.c.........{....|
bc cd 65 44 f2 e1 bb 25  70 b8 d9 6f bc 99 3d ad  |..eD...%p..o..=.|
b5 a3 c4 36 03 3b f3 69  29 de 62 28 8a fb 0e 45  |...6.;.i).b(...E|
1a 5c 1d bf b7 ee c9 a2  86 8b b8 59 f0 1c 43 82  |.\.........Y..C.|
4e f8 f3 99 9b 83 6e 5f  29 04 96 c4 53 0a 6d ec  |N.....n_)...S.m.|
85 e7 ed 46 38 e1 41 0e  5f 27 da 0c ed 58 71 22  |...F8.A._'...Xq"|
ce 01 d1 ef 50 e4 24 9d  8b d8 ae 50 3f 1a c9 9c  |....P.$....P?...|

show previews

offset	size	type	comment
0	61440	EXE	03/31/2008 07:17:00	#
15c1	15	HTM		#
f000	1016	PKCS7	Authenticode Signature	#

Scanning the drive for archives:
1 file, 62456 bytes (61 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK