filename | Uninstall.exe | |
---|---|---|
size | 172544 (0x2a200) | |
md5 | b8c003c19aaa028acaa2013bfda4e34b | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | scan pending | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x50 |
blocks_in_file | 2 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0xf |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0x1a |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x100 |
DOS stub
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0:
PE Header
Packer / Compiler
This file is packed with ASPack. Analysis will be incomplete without unpacking. |
Sections
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x461000 | 0x461010 | 0x45d710 | 0x462010 | 0 | 0 |
id | lang | string |
---|---|---|
65328 | 0 | a2 74 80 99 36 43 4e 58 50 8a b9 68 c6 02 fe b4 |.t..6CNXP..h....| 37 b0 4c 5d 0b c8 e7 ae 5b 9c 99 ce 14 78 88 a1 |7.L]....[....x..| 80 ee 1c c4 af eb 98 fd cd 94 5f 0d 90 96 c7 fc |.........._.....| af 79 ca 67 fe a6 13 24 5a 37 a6 e5 7a 22 80 07 |.y.g...$Z7..z"..| cb d8 3c 95 10 a7 55 97 40 1a 04 82 9b 10 40 46 |..<...U.@.....@F| 61 a5 4d d1 ca 5e 9f 26 1e bb 88 4f 24 a3 3d f4 |a.M..^.&...O$.=.| 9e 70 53 02 a3 11 53 d6 18 42 b3 c5 38 3a c3 53 |.pS...S..B..8:.S| ea 60 a7 13 74 23 ca 20 0d ba ec bc cc fa 20 92 |.`..t#. ...... .| 02 3b d9 ca a9 12 1b 3d f9 1c ae 64 34 07 50 e6 |.;.....=...d4.P.| ea 3d 2a b3 cc b8 a1 89 43 ef c7 62 f1 37 b9 30 |.=*.....C..b.7.0| 21 bf d5 82 23 f8 39 89 9c b7 66 9c c6 60 da 30 |!...#.9...f..`.0| cd a0 ed 70 83 f8 fe 7b 8a a3 92 88 26 d0 d1 89 |...p...{....&...| 24 8e 0a 1c f0 5c d3 3b ea 87 85 46 85 63 80 f8 |$....\.;...F.c..| a6 50 a3 9c 59 e7 17 2a 6c 53 ea 5e a6 5d 18 68 |.P..Y..*lS.^.].h| 05 09 1b 31 fc c8 e6 91 21 43 b7 7e c5 f2 e8 cd |...1....!C.~....| a2 3e 19 c5 67 14 61 0c e4 e3 66 26 e9 4c 89 b2 |.>..g.a...f&.L..| 46 b2 4a 7f a0 68 53 ac 39 03 07 99 f3 02 06 8a |F.J..hS.9.......| 69 19 da 33 9b d7 7d a8 f4 76 28 d1 f0 84 12 4a |i..3..}..v(....J| 5e 53 c2 24 d6 dc b0 6d 87 e7 a5 42 41 3b 50 f7 |^S.$...m...BA;P.| 48 cc ff 5d 23 54 7c c9 49 c3 df 9e 3a c2 df c9 |H..]#T|.I...:...| fd f0 19 9e 65 02 11 16 60 30 b3 61 23 d7 33 0a |....e...`0.a#.3.| bd ba e8 b3 6c 3e e8 76 4e ce 2c 69 59 d1 05 0e |....l>.vN.,iY...| 55 0f f8 6d 65 32 62 1e 71 3e fe 13 ea 9a 33 10 |U..me2b.q>....3.| 68 f8 92 d3 5c f2 9f e3 cc 04 79 9a c9 a4 58 4c |h...\.....y...XL| a2 00 85 a3 3a fc ba 31 17 48 cc 7a ba ab e2 39 |....:..1.H.z...9| fa 37 ad f2 ca 32 18 8e 2f c6 58 1f 5d f4 67 ba |.7...2../.X.].g.| ef 3a ff e8 3a ef 2f 91 71 c0 99 97 33 8d 87 99 |.:..:./.q...3...| 70 fb 1d 0d de 97 6c b0 53 62 96 ca 94 2d 32 85 |p.....l.Sb...-2.| 11 6c 81 4b ce 4b 5d f3 a1 23 94 39 51 2f 31 33 |.l.K.K]..#.9Q/13| 41 ff 4e fb 6c 83 f4 78 d0 b3 e2 04 5e 22 69 21 |A.N.l..x....^"i!| a0 d0 1e 54 18 36 88 50 f6 42 1e 34 95 74 79 06 |...T.6.P.B.4.ty.| db b2 7c d4 a1 99 09 ec 76 33 db 44 b7 b4 24 02 |..|.....v3.D..$.| e5 02 0c f1 f1 4a e0 2f 3d ff 33 21 9d 14 f9 6f |.....J./=.3!...o| 88 08 63 08 44 42 8c bd dc e0 99 21 50 19 36 70 |..c.DB.....!P.6p| 28 93 2d ea c6 18 3e 6d 1a 40 85 2f 7a c9 c9 99 |(.-...>m.@./z...| 92 cb e5 a6 79 c3 19 49 29 83 52 73 37 8d 88 f1 |....y..I).Rs7...| 94 48 c4 b7 f3 21 67 05 bc d2 f7 6c 7f ea dd e9 |.H...!g....l....| 0e 64 dc e0 50 f1 52 a6 a4 0d 1b 40 93 ba 84 8c |.d..P.R....@....| 39 bf 20 77 03 d7 90 45 cb 08 74 c2 30 8d 8a 14 |9. w...E..t.0...| b3 67 d8 88 89 74 29 03 6c 62 f1 68 90 9a 39 e1 |.g...t).lb.h..9.| 60 90 18 67 7c 9a 2a 5c 3c e0 42 24 97 6e 6a 03 |`..g|.*\<.B$.nj.| 87 ca f3 b7 8d a5 b6 cd 14 02 f3 39 29 d1 45 a8 |...........9).E.| 9d f3 5f 58 ac 33 8a e9 50 43 6e 2f 4a e5 61 fc |.._X.3..PCn/J.a.| a0 6b d9 1e 20 7a e6 e4 44 c9 b9 a6 83 bb 20 5e |.k.. z..D..... ^| 59 03 74 e1 cc d1 78 9a 96 a4 01 56 cf 72 5f 5f |Y.t...x....V.r__| 9c 4b 78 75 3a 03 81 55 83 a5 12 be 4b b3 ff dc |.Kxu:..U....K...| 4f 94 f4 4d 32 3f f6 b8 72 7f 7e a4 f0 62 2a 96 |O..M2?..r.~..b*.| 0b 25 8b b2 58 86 4b 10 e9 60 b8 14 7f 38 00 00 |.%..X.K..`...8..| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * |
module_name | hint | ord | function_name |
---|---|---|---|
kernel32.dll | GetProcAddress | ||
kernel32.dll | GetModuleHandleA | ||
kernel32.dll | LoadLibraryA | ||
user32.dll | GetKeyboardType | ||
advapi32.dll | RegQueryValueExA | ||
oleaut32.dll | SysFreeString | ||
advapi32.dll | RegSetValueExA | ||
gdi32.dll | UnrealizeObject | ||
user32.dll | WindowFromPoint | ||
oleaut32.dll | SafeArrayPtrOfIndex | ||
ole32.dll | CoUninitialize | ||
oleaut32.dll | GetErrorInfo | ||
comctl32.dll | ImageList_SetIconSize | ||
shell32.dll | ShellExecuteA |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x6b70c
[?] can't find file_offset of VA 0x6b7f4
[?] can't find file_offset of VA 0x6bad8
[?] can't find file_offset of VA 0x6bef8
[?] can't find file_offset of VA 0x6c27c
[?] can't find file_offset of VA 0x6c69c
[?] can't find file_offset of VA 0x6c7fc
[?] can't find file_offset of VA 0x6c8e8
[?] can't find file_offset of VA 0x6caf4
[?] can't find file_offset of VA 0x6ceb0
[?] can't find file_offset of VA 0x6d20c
[!] string size(59716) > stringtable size(864). truncated to 862
[!] cannot convert "\x80\x996CNXP\x8A\xB9h\xC6\x02\xFE\xB47\xB0"... to UTF-16
[?] can't find file_offset of VA 0x6d4d8
[?] can't find file_offset of VA 0x6d4e8
[?] can't find file_offset of VA 0x6d6ec
[?] can't find file_offset of VA 0x6d904
[?] can't find file_offset of VA 0x6d918
[?] can't find file_offset of VA 0x6d92c
[?] can't find file_offset of VA 0x6d940
[?] can't find file_offset of VA 0x6d954
[?] can't find file_offset of VA 0x6d968
[?] can't find file_offset of VA 0x6d97c
[?] can't find file_offset of VA 0x5d710
[?] can't find file_offset of VA 0x0