filename | mysteryfile.exe | |
---|---|---|
size | 62456 (0xf3f8) | |
md5 | 8f6a8a6faf6c876634042c2fabb186ef | |
type | PE Unknown PE signature 0x10b0 (Windows CE) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe8 |
Rich Header
lib id | version | times used |
---|---|---|
125 | 50727 | 16 |
110 | 50727 | 25 |
109 | 50727 | 74 |
93 | 4035 | 5 |
1 | 0 | 78 |
114 | 50727 | 1 |
124 | 50727 | 1 |
120 | 50727 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
USER32.dll | 486 | MessageBoxW | |
KERNEL32.dll | 529 | HeapCreate | |
KERNEL32.dll | 533 | HeapFree | |
KERNEL32.dll | 488 | GetVersionExA | |
KERNEL32.dll | 527 | HeapAlloc | |
KERNEL32.dll | 419 | GetProcessHeap | |
KERNEL32.dll | 860 | TerminateProcess | |
KERNEL32.dll | 322 | GetCurrentProcess | |
KERNEL32.dll | 876 | UnhandledExceptionFilter | |
KERNEL32.dll | 840 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 568 | IsDebuggerPresent | |
KERNEL32.dll | 416 | GetProcAddress | |
KERNEL32.dll | 383 | GetModuleHandleA | |
KERNEL32.dll | 185 | ExitProcess | |
KERNEL32.dll | 930 | WriteFile | |
KERNEL32.dll | 441 | GetStdHandle | |
KERNEL32.dll | 381 | GetModuleFileNameA | |
KERNEL32.dll | 382 | GetModuleFileNameW | |
KERNEL32.dll | 246 | FreeEnvironmentStringsA | |
KERNEL32.dll | 628 | MultiByteToWideChar | |
KERNEL32.dll | 341 | GetEnvironmentStrings | |
KERNEL32.dll | 247 | FreeEnvironmentStringsW | |
KERNEL32.dll | 369 | GetLastError | |
KERNEL32.dll | 343 | GetEnvironmentStringsW | |
KERNEL32.dll | 272 | GetCommandLineA | |
KERNEL32.dll | 273 | GetCommandLineW | |
KERNEL32.dll | 803 | SetHandleCount | |
KERNEL32.dll | 358 | GetFileType | |
KERNEL32.dll | 439 | GetStartupInfoA | |
KERNEL32.dll | 129 | DeleteCriticalSection | |
KERNEL32.dll | 867 | TlsGetValue | |
KERNEL32.dll | 865 | TlsAlloc | |
KERNEL32.dll | 868 | TlsSetValue | |
KERNEL32.dll | 866 | TlsFree | |
KERNEL32.dll | 555 | InterlockedIncrement | |
KERNEL32.dll | 807 | SetLastError | |
KERNEL32.dll | 326 | GetCurrentThreadId | |
KERNEL32.dll | 551 | InterlockedDecrement | |
KERNEL32.dll | 531 | HeapDestroy | |
KERNEL32.dll | 897 | VirtualFree | |
KERNEL32.dll | 674 | QueryPerformanceCounter | |
KERNEL32.dll | 478 | GetTickCount | |
KERNEL32.dll | 323 | GetCurrentProcessId | |
KERNEL32.dll | 457 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 592 | LeaveCriticalSection | |
KERNEL32.dll | 152 | EnterCriticalSection | |
KERNEL32.dll | 593 | LoadLibraryA | |
KERNEL32.dll | 546 | InitializeCriticalSection | |
KERNEL32.dll | 852 | Sleep | |
KERNEL32.dll | 260 | GetCPInfo | |
KERNEL32.dll | 253 | GetACP | |
KERNEL32.dll | 403 | GetOEMCP | |
KERNEL32.dll | 574 | IsValidCodePage | |
KERNEL32.dll | 895 | VirtualAlloc | |
KERNEL32.dll | 537 | HeapReAlloc | |
KERNEL32.dll | 726 | RtlUnwind | |
KERNEL32.dll | 539 | HeapSize | |
KERNEL32.dll | 372 | GetLocaleInfoA | |
KERNEL32.dll | 914 | WideCharToMultiByte | |
KERNEL32.dll | 442 | GetStringTypeA | |
KERNEL32.dll | 445 | GetStringTypeW | |
KERNEL32.dll | 579 | LCMapStringA | |
KERNEL32.dll | 580 | LCMapStringW |
Signers (1)
issuer: /CN=SystApplSecur rulz OK!
serial: -0C059ABB5288F76EB6A09FD0700433FF
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: (Negative)0c:05:9a:bb:52:88:f7:6e:b6:a0:9f:d0:70:04:33:ff Signature Algorithm: md5WithRSAEncryption Issuer: CN=SystApplSecur rulz OK! Validity Not Before: Mar 29 18:06:26 2008 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=SysTApplSecur rulz OK! Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:a1:6c:cd:02:f1:25:75:be:25:f0:d0:26:d4:be: 73:c6:59:07:43:26:34:db:b7:70:fb:fe:cd:49:4d: 9a:db:98:9b:6b:34:d5:ab:a5:7b:14:3f:ce:76:75: 43:7c:b3:d7:e6:bc:38:08:4e:11:81:c8:5a:05:1c: 27:ab:ab:2e:b9:cf:9a:a8:ce:79:5a:fe:78:af:69: f3:62:10:f5:e4:50:99:29:96:a6:9a:84:79:e2:b4: bb:9a:70:f2:58:f4:9a:84:48:d3:0f:b5:1e:91:4e: b1:e1:d8:1d:48:03:56:ee:75:7b:8a:c3:04:e9:fa: 32:7b:38:00:f8:96:3f:dc:83 Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.1: 0I........l=.I.J%#\..#0!1.0...U....SystApplSecur rulz OK!....eD.w..I_`/.... Signature Algorithm: md5WithRSAEncryption 09:1d:8c:b5:15:a5:b8:ae:d6:f5:f8:61:00:36:c7:7a:43:46: 52:78:52:da:6a:f2:cd:35:47:eb:5c:a8:fe:f2:00:69:78:8b: df:3a:e0:00:93:59:72:3b:d4:08:5d:81:87:77:81:26:df:eb: 3d:0c:f0:a7:e4:e3:c8:6e:65:e1:e4:09:f0:76:33:e1:ce:3f: 31:9a:d0:5a:1b:8a:f6:d2:dd:e8:6e:15:9a:82:dc:e4:f0:60: f3:d0:09:96:39:4e:46:59:82:4b:22:e5:e0:0b:dd:81:38:fc: fc:36:41:e7:dd:df:d8:22:2e:c4:f5:6a:9b:00:d1:ad:4c:7c: 1c:89
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
07 e6 36 fe a4 98 fc 50 10 3d 85 37 87 d7 09 c9 |..6....P.=.7....| bd 60 8b 9c |.`.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- -15979835766000370321305451016795468799
- RSA-MD5: nil
- CN: SystApplSecur rulz OK!
- 2008-03-29 18:06:26 UTC: 2039-12-31 23:59:59 UTC
- CN: SysTApplSecur rulz OK!
- #5
- rsaEncryption: nil
- A1:6C:CD:02:F1:25:75:BE:25:F0:D0:26:D4:BE:73:C6:
59:07:43:26:34:DB:B7:70:FB:FE:CD:49:4D:9A:DB:98:
9B:6B:34:D5:AB:A5:7B:14:3F:CE:76:75:43:7C:B3:D7:
E6:BC:38:08:4E:11:81:C8:5A:05:1C:27:AB:AB:2E:B9:
CF:9A:A8:CE:79:5A:FE:78:AF:69:F3:62:10:F5:E4:50:
99:29:96:A6:9A:84:79:E2:B4:BB:9A:70:F2:58:F4:9A:
84:48:D3:0F:B5:1E:91:4E:B1:E1:D8:1D:48:03:56:EE:
75:7B:8A:C3:04:E9:FA:32:7B:38:00:F8:96:3F:DC:83: 0x010001
- 2.5.29.1
8b a4 df 90 a0 86 6c 3d a6 49 b6 4a 25 23 5c e8 |......l=.I.J%#\.|
- CN: SystApplSecur rulz OK!
f3 fa 65 44 ad 77 08 91 49 5f 60 2f 8f fb cc 01 |..eD.w..I_`/....|
- RSA-MD5:
09 1d 8c b5 15 a5 b8 ae d6 f5 f8 61 00 36 c7 7a |...........a.6.z| 43 46 52 78 52 da 6a f2 cd 35 47 eb 5c a8 fe f2 |CFRxR.j..5G.\...| 00 69 78 8b df 3a e0 00 93 59 72 3b d4 08 5d 81 |.ix..:...Yr;..].| 87 77 81 26 df eb 3d 0c f0 a7 e4 e3 c8 6e 65 e1 |.w.&..=......ne.| e4 09 f0 76 33 e1 ce 3f 31 9a d0 5a 1b 8a f6 d2 |...v3..?1..Z....| dd e8 6e 15 9a 82 dc e4 f0 60 f3 d0 09 96 39 4e |..n......`....9N| 46 59 82 4b 22 e5 e0 0b dd 81 38 fc fc 36 41 e7 |FY.K".....8..6A.| dd df d8 22 2e c4 f5 6a 9b 00 d1 ad 4c 7c 1c 89 |..."...j....L|..|
- 2
- 1
- #0
- CN: SystApplSecur rulz OK!
- -15979835766000370321305451016795468799
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
46 78 eb 3f 36 6f 6d 3a 08 67 8b 1d 9b d7 18 b5 |Fx.?6om:.g......| 02 d6 7b e9 |..{. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
80 0d 10 3d 51 8a af ed b6 83 67 9d c4 e6 23 ac |...=Q.....g...#.| 19 63 8b f9 1e b9 1f aa cc d4 ed 7b a4 04 9e f1 |.c.........{....| bc cd 65 44 f2 e1 bb 25 70 b8 d9 6f bc 99 3d ad |..eD...%p..o..=.| b5 a3 c4 36 03 3b f3 69 29 de 62 28 8a fb 0e 45 |...6.;.i).b(...E| 1a 5c 1d bf b7 ee c9 a2 86 8b b8 59 f0 1c 43 82 |.\.........Y..C.| 4e f8 f3 99 9b 83 6e 5f 29 04 96 c4 53 0a 6d ec |N.....n_)...S.m.| 85 e7 ed 46 38 e1 41 0e 5f 27 da 0c ed 58 71 22 |...F8.A._'...Xq"| ce 01 d1 ef 50 e4 24 9d 8b d8 ae 50 3f 1a c9 9c |....P.$....P?...|
- #0
Scanning the drive for archives: 1 file, 62456 bytes (61 KiB) Errors: 1
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK