filenamecastleattack2.exe
size26833382 (0x19971e6)
md5b59a38ab3ed21e485ca458aaf535b659
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xe8

Rich Header

lib idversiontimes used
1180471
14729921
10804785
9321799
10140
1189664
1089661
617351

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections4
TimeDateStamp0x413ffc3a
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion6.0
SizeOfCode0x7000
SizeOfInitializedData0x13000
SizeOfUninitializedData0
AddressOfEntryPoint0x3705
BaseOfCode0x1000
BaseOfData0x8000
ImageBase0x20000000
SectionAlignment0x1000
FileAlignment0x1000
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x1d000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ v6.0

Sections

namevavsizeraw sizeflags
.text0x10000x681a0x7000R-X CODE
.rdata0x80000x120a0x2000R-- IDATA
.data0xa0000x453c0x3000RW- IDATA
.rsrc0xf0000xd1940xe000R-- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x87480x64
RESOURCE0xf0000xd194
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x80000x1fc
Delay_IAT00
CLR_Header00
typenamesizecp
ICON#116401252
ICON#116401252
ICON#27441252
ICON#27441252
ICON#32961252
ICON#32961252
ICON#437521252
ICON#437521252
ICON#522161252
ICON#522161252
ICON#613841252
ICON#613841252
ICON#796401252
ICON#796401252
ICON#842641252
ICON#842641252
ICON#911281252
ICON#911281252
STRING#636801252
GROUP_ICONPROJECTOR1321252
VERSION#117881252
idlangstring
10001033Application Error
10011033This application cannot start as it cannot create needed files. There may not be enough free disk space.
10021033This application cannot run, as it could not find the shared library MSVCRT.DLL.
10031033This application requires Shockwave Player 10, which is not installed. Click OK to download it.
10041033This application cannot run.
module_namehintordfunction_name
KERNEL32.dll494GlobalAlloc
KERNEL32.dll77CreateFileA
KERNEL32.dll941_lwrite
KERNEL32.dll936_lclose
KERNEL32.dll938_llseek
KERNEL32.dll939_lopen
KERNEL32.dll940_lread
KERNEL32.dll937_lcreat
KERNEL32.dll778SetErrorMode
KERNEL32.dll512GlobalUnlock
KERNEL32.dll505GlobalLock
KERNEL32.dll211FindNextFileA
KERNEL32.dll201FindFirstFileA
KERNEL32.dll698RemoveDirectoryA
KERNEL32.dll197FindClose
KERNEL32.dll124DeleteFileA
KERNEL32.dll459GetTempPathA
KERNEL32.dll546InterlockedIncrement
KERNEL32.dll542InterlockedDecrement
KERNEL32.dll437GetStringTypeW
KERNEL32.dll434GetStringTypeA
KERNEL32.dll571LCMapStringW
KERNEL32.dll570LCMapStringA
KERNEL32.dll619MultiByteToWideChar
KERNEL32.dll395GetOEMCP
KERNEL32.dll245GetACP
KERNEL32.dll252GetCPInfo
KERNEL32.dll784SetFilePointer
KERNEL32.dll229FlushFileBuffers
KERNEL32.dll812SetStdHandle
KERNEL32.dll528HeapReAlloc
KERNEL32.dll69CreateDirectoryA
KERNEL32.dll501GlobalFree
KERNEL32.dll479GetVersionExA
KERNEL32.dll314GetCurrentProcess
KERNEL32.dll361GetLastError
KERNEL32.dll439GetSystemDefaultLangID
KERNEL32.dll906WinExec
KERNEL32.dll584LoadLibraryA
KERNEL32.dll312GetCurrentDirectoryA
KERNEL32.dll441GetSystemDirectoryA
KERNEL32.dll375GetModuleHandleA
KERNEL32.dll767SetCurrentDirectoryA
KERNEL32.dll408GetProcAddress
KERNEL32.dll239FreeLibrary
KERNEL32.dll373GetModuleFileNameA
KERNEL32.dll105CreateThread
KERNEL32.dll46CloseHandle
KERNEL32.dll342GetFileAttributesA
KERNEL32.dll175ExitProcess
KERNEL32.dll849TerminateProcess
KERNEL32.dll431GetStartupInfoA
KERNEL32.dll264GetCommandLineA
KERNEL32.dll478GetVersion
KERNEL32.dll537InitializeCriticalSection
KERNEL32.dll122DeleteCriticalSection
KERNEL32.dll143EnterCriticalSection
KERNEL32.dll583LeaveCriticalSection
KERNEL32.dll524HeapFree
KERNEL32.dll866UnhandledExceptionFilter
KERNEL32.dll237FreeEnvironmentStringsA
KERNEL32.dll238FreeEnvironmentStringsW
KERNEL32.dll905WideCharToMultiByte
KERNEL32.dll333GetEnvironmentStrings
KERNEL32.dll335GetEnvironmentStringsW
KERNEL32.dll793SetHandleCount
KERNEL32.dll433GetStdHandle
KERNEL32.dll350GetFileType
KERNEL32.dll318GetCurrentThreadId
KERNEL32.dll857TlsSetValue
KERNEL32.dll854TlsAlloc
KERNEL32.dll797SetLastError
KERNEL32.dll856TlsGetValue
KERNEL32.dll336GetEnvironmentVariableA
KERNEL32.dll522HeapDestroy
KERNEL32.dll520HeapCreate
KERNEL32.dll888VirtualFree
KERNEL32.dll716RtlUnwind
KERNEL32.dll918WriteFile
KERNEL32.dll518HeapAlloc
KERNEL32.dll885VirtualAlloc
USER32.dll225ExitWindowsEx
USER32.dll458LoadStringA
USER32.dll478MessageBoxA
USER32.dll516PostThreadMessageA
USER32.dll447LoadImageA
USER32.dll2AdjustWindowRectEx
USER32.dll270GetDesktopWindow
USER32.dll372GetWindowRect
USER32.dll96CreateWindowExA
USER32.dll657ShowWindow
USER32.dll698UpdateWindow
USER32.dll441LoadCursorA
USER32.dll533RegisterClassA
USER32.dll314GetMessageA
USER32.dll153DestroyWindow
USER32.dll681TranslateMessage
USER32.dll161DispatchMessageA
USER32.dll13BeginPaint
USER32.dll200EndPaint
USER32.dll268GetDC
USER32.dll403InvalidateRect
USER32.dll553ReleaseDC
USER32.dll142DefWindowProcA
USER32.dll366GetWindowLongA
USER32.dll639SetWindowLongA
USER32.dll515PostQuitMessage
GDI32.dll405GetObjectA
GDI32.dll45CreateCompatibleDC
GDI32.dll526SelectObject
GDI32.dll18BitBlt
GDI32.dll140DeleteDC
GDI32.dll69CreatePalette
GDI32.dll527SelectPalette
GDI32.dll594UnrealizeObject
GDI32.dll499RealizePalette
GDI32.dll143DeleteObject
ADVAPI32.dll426OpenProcessToken
ADVAPI32.dll333LookupPrivilegeValueA
ADVAPI32.dll28AdjustTokenPrivileges
ADVAPI32.dll482RegOpenKeyExA
ADVAPI32.dll491RegQueryValueA
ADVAPI32.dll457RegCloseKey

StringTable 040904b0

CompanyNameMacromedia, Inc.
FileDescriptionMacromedia Projector
FileVersion10.1r11
InternalNameProjector
LegalCopyrightCopyright © 1985-2004 Macromedia, Inc.
LegalTrademarksDirector® is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc.
OriginalFilenameProjector.exe
ProductNameDirector MX 2004
ProductVersion10.1

StringTable 040904E4

CompanyNameMacromedia, Inc.
FileDescriptionMacromedia Projector
FileVersion10.1r11
InternalNameProjector
LegalCopyrightCopyright © 1985-2004 Macromedia, Inc.
LegalTrademarksDirector® is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc.
OriginalFilenameProjector.exe
ProductNameDirector MX 2004
ProductVersion10.1

VS_FIXEDFILEINFO

FileVersion10.1.0.11
ProductVersion10.1.0.11
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
0110592EXE09/09/2004 06:46:18#
15c115HTM#
1b124151552DLL09/09/2004 06:46:12#
401241495040DLL09/09/2004 06:03:02#
1ad124630784DLL09/09/2004 05:52:28#
247124266240DLL12/04/1998 01:03:22#
89dc8b223151JPG#
8d621724514JPG#
8dc8771180JPG#
8dd56b4796JPG#
8e07ab19061JPG#
8e68af38832JPG#
8f22b11162JPG#
8f30fb988JPG#
8f45e31594JPG#
8f95b31596JPG#
9085371870JPG#
91afd11820JPG#
91b7091797JPG#
91be241326JPG#
91c367782JPG#
92008731708JPG#
9311d31497JPG#
93e9431822JPG#
93f0771597JPG#
93f6c71759JPG#
942ba7643JPG#
945cff1257JPG#
946713940JPG#
9482db1180JPG#
94cd2f3429JPG#
951aef1705JPG#
953ac54833JPG#
9557b14833JPG#
9579a54833JPG#
959b914833JPG#
95b8594833JPG#
95d5514833JPG#
95f21d4833JPG#
960e914833JPG#
962b154833JPG#
964ad94833JPG#
96ff853217JPG#
978c82895JPG#
97e6bd1197JPG#
98a82f1893JPG#
98fd03782JPG#
993ff5158104JPG#
9c7ceb38832JPG#
9d1b5324514JPG#
9d881b38832JPG#
9ee2cb1690JPG#
9f34b3782JPG#
9f5ccf1180JPG#
9fc5e714781JPG#
a0174314781JPG#
a07b8314781JPG#
a0f3e31180JPG#
a10be714781JPG#
a18f5d738JPG#
a19e21745JPG#
a1acdd741JPG#
a1afc216237092BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 26833382 bytes (26 MiB)



Errors: 1
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







everything is OK