MZ Header

Rich Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 040904e4

VS_FIXEDFILEINFO

offsetsizetypecomment
026112EXE12/05/2009 22:50:46#
15c115HTM#
66004446485BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 4472597 bytes (4368 KiB)


--
Type = Nsis
Physical Size = 4472597
Method = LZMA:23
Solid = +
Headers Size = 62496
Embedded Stub Size = 26112
SubType = NSIS-2

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
                    .....        11264      4446481  $PLUGINSDIR/System.dll
                    .....         4096               $PLUGINSDIR/UserInfo.dll
2011-09-20 17:35:14 .....        40787               $0/023.dat
2010-11-26 19:07:20 .....         2181               $0/023v.dat
2010-02-12 17:55:28 .....          660               $0/023w7.dat
2011-06-26 15:16:00 .....          666               $0/AWF.cmd
2012-02-10 18:12:14 .....          690               $0/ActiveDrv.vbs
2012-04-24 00:25:14 .....       170010               $0/AppDataFile.cfx
2012-04-23 15:02:58 .....        26806               $0/AppDataFolder.cfx
2010-04-15 14:11:36 .....         4144               $0/Assoc.cmd
2011-07-19 20:38:32 .....         5194               $0/Auto-RC.cmd
2012-01-03 09:27:24 .....        40960               $0/BFE.dat
2011-11-19 09:14:36 .....         5277               $0/Boot-Rk.cmd
2011-11-19 09:14:26 .....         8400               $0/Boot.bat
2010-07-27 08:55:16 .....          875               $0/BootDrv.vbs
2011-12-31 12:32:26 .....        30919               $0/CF-Script.cmd
2010-10-21 08:45:48 .....         1080               $0/Catch-sub.cmd
2010-08-19 15:16:34 .....         1024               $0/Combo-Fix.sys
2000-08-31 00:00:00 .....       236032               $0/ComboFix-Download.3XE
2011-10-30 11:38:22 .....         8216               $0/Combobatch.bat
2011-07-12 13:19:02 .....        19312               $0/Create.cmd
2012-04-20 06:19:18 .....       594809               $0/Creg.dat
2011-09-01 17:03:18 .....         4564               $0/CregC.cmd
2010-04-17 09:21:48 .....          472               $0/CregC.dat
2000-08-31 00:00:00 .....          746               $0/DPF.str
2011-05-07 11:25:14 .....         1948               $0/DelClsid.bat
2011-05-07 11:25:36 .....         1957               $0/DelClsid64.bat
2012-04-23 15:03:08 .....        15951               $0/DesktopFile.cfx
2010-01-23 05:17:42 .....           46               $0/Dnl.dat
2010-04-18 18:44:24 .....          650               $0/DrvRun.vbs
2005-10-20 12:02:28 .....       163328               $0/ERDNT.e_e
2000-08-31 00:00:00 .....         2815               $0/ERDNTDOS.LOC
2000-08-31 00:00:00 .....         3275               $0/ERDNTWIN.LOC
2005-10-20 12:00:28 .....       394752               $0/ERUNT.3XE
2000-08-31 00:00:00 .....         4090               $0/ERUNT.LOC
2012-03-09 10:29:58 .....        17373               $0/Exe.reg
2011-12-24 09:35:54 .....        11389               $0/FD-SV.cmd
2012-02-19 15:14:44 .....        34257               $0/FIND3M.bat
2011-10-26 16:32:16 .....         5865               $0/FIXLSP.bat
2011-07-19 20:38:32 .....         1115               $0/FKMGen.cmd
2010-09-05 08:52:14 .....           20               $0/FavoriteFolder.cfx
2012-04-17 12:35:32 .....        10058               $0/FavoritesFile.cfx
2000-08-31 00:00:00 .....       145920               $0/FileKill.3XE
2010-08-09 20:32:44 .....          677               $0/Fin.dat
2011-06-03 09:43:34 .....         6090               $0/GetHive.cmd
2010-09-04 23:07:30 .....          224               $0/Imefile.dat
2011-07-14 09:30:12 .....         8096               $0/Install-RC.cmd
2011-07-14 09:29:42 .....         1395               $0/Kill-All.cmd
2010-12-18 16:52:02 .....          315               $0/Ksvchost.vbs
2011-11-05 05:13:06 .....       253091               $0/Lang.bat
2012-04-14 17:42:26 .....        29416               $0/List-B.bat
2012-04-12 15:52:50 .....       269214               $0/List-C.bat
2012-03-30 09:14:44 .....       120809               $0/List-D.bat
2012-04-24 00:25:50 .....      2668050               $0/List.bat
2012-04-23 15:03:10 .....        22037               $0/LocalAppDataFile.cfx
2012-04-17 19:53:48 .....         5824               $0/LocalAppDataFolder.cfx
2000-08-31 00:00:00 .....          225               $0/LocalService.dat
2000-08-31 00:00:00 .....           91               $0/LocalServiceNetworkRestricted.dat
2012-03-16 20:44:48 .....         3818               $0/LocalSettingsFile.cfx
2000-08-31 00:00:00 .....          198               $0/LocalSystemNetworkRestricted.dat
2011-07-28 19:06:10 .....         2862               $0/MoveIt.bat
2012-02-11 04:48:16 .....         8192               $0/MpsSvc.dat
2011-12-25 23:40:08 .....        66359               $0/ND_.bat
2011-12-25 23:39:44 .....        17689               $0/ND_64.bat
2012-04-09 14:22:32 .....        48807               $0/NT-OS.cmd
2000-08-31 00:00:00 .....           88               $0/NetworkService.dat
2009-04-20 04:56:28 .....        60416               $0/NirCmd.3XE
2009-04-20 04:56:28 .....        60416               $0/firefox.exe
2009-04-20 04:56:28 .....        60416               $0/iexplore.exe
2009-04-20 04:56:28 .....        60416               $0/n.pif
2000-08-31 00:00:00 .....        32317               $0/NirCmd.chm
2009-04-20 04:56:26 .....        58880               $0/NirCmdC.3XE
2011-09-23 21:16:50 .....         1378               $0/NirScript.dat
2000-08-31 00:00:00 .....          977               $0/OSid.vbs
2012-04-24 00:25:54 .....        22654               $0/P.cmd
2012-04-23 15:03:14 .....         9261               $0/PersonalFile.cfx
2012-04-16 02:22:14 .....          290               $0/PersonalFolder.cfx
2009-07-05 19:51:10 .....         2992               $0/Policies.dat
2011-08-23 19:04:52 .....         2870               $0/Prep.inf
2012-04-22 12:17:26 .....        28917               $0/ProfilesFile.cfx
2012-03-31 10:33:40 .....         1512               $0/ProfilesFolder.cfx
2012-04-23 15:03:34 .....         8538               $0/ProgramsFile.cfx
2012-04-22 12:15:24 .....        16739               $0/ProgramsFolder.cfx
2000-08-31 00:00:00 .....          404               $0/Purity.dat
2000-08-31 00:00:00 .....         7478               $0/RCLink.dat
2000-08-31 00:00:00 .....         3558               $0/REGDACL.sed
2000-08-31 00:00:00 .....         9203               $0/RegDo.sed
2012-03-30 09:39:02 .....        54060               $0/RegScan.cmd
2012-03-30 09:40:46 .....        20380               $0/RegScan64.cmd
2009-11-14 21:35:16 .....          442               $0/Rkey.cmd
2009-06-10 03:38:44 .....           30               $0/Rust.str
2011-06-23 18:52:40 .....         2147               $0/SRestore.cmd
2009-10-18 04:00:38 .....          585               $0/Safeboot.def.w7.dat
2011-06-26 15:35:12 .....        17077               $0/SetEnvmt.bat
2011-06-23 18:52:40 .....         4634               $0/SnapShot.cmd
2012-04-17 19:54:34 .....         7524               $0/StartMenuFile.cfx
2012-01-29 15:54:12 .....          576               $0/StartMenuFolder.cfx
2012-04-23 15:03:38 .....        23370               $0/StartUpFile.cfx
2011-11-19 09:17:54 .....        20664               $0/SuppScan.cmd
2000-08-31 00:00:00 .....         2176               $0/SvcDrv.vbs
2012-04-22 12:17:30 .....         7737               $0/TemplatesFile.cfx
2012-03-27 10:36:36 .....          138               $0/TemplatesFolder.cfx
2012-01-10 01:47:22 .....         3987               $0/Update-CF.cmd
2012-02-18 19:06:14 .....         9098               $0/VBR.pif
2011-06-22 08:40:36 .....          557               $0/VINFO3
2011-06-22 08:40:32 .....         3819               $0/VInfo
2012-04-20 06:18:04 .....        19268               $0/VInfo2
2010-05-10 15:30:04 .....          308               $0/Vipev.dat
2010-07-31 09:05:38 .....          244               $0/VwinTemp.dacl
2010-12-11 19:38:02 .....         1127               $0/Wmi_rem.vbs
2010-02-02 10:41:38 .....        13090               $0/XPSBoot.reg
2000-08-31 00:00:00 .....         6760               $0/appinit.bad
2009-07-13 15:09:30 .....          602               $0/asp.str
2012-04-10 19:30:26 .....         4621               $0/av.cmd
2010-12-15 15:02:06 .....         2933               $0/av.vbs
2012-04-24 00:26:00 .....      1075256               $0/badclsid.c
2012-03-19 00:14:46 .....        64092               $0/c.bat
2009-04-17 09:37:10 .....       147456               $0/catchme.3XE
2012-04-24 00:26:00 .....       270063               $0/clsid.c
2011-06-06 09:52:50 .....       101376               $0/dd.3XE
2009-05-25 01:59:50 .....         7983               $0/ddsDo.sed
2000-08-31 00:00:00 .....        51200               $0/dumphive.3XE
2000-08-31 00:00:00 .....          303               $0/embedded.sed
2000-08-31 00:00:00 .....        52736               $0/extract.3XE
2010-08-29 20:45:50 .....        38901               $0/ffdefstr.dll
2012-04-24 00:26:00 .....         3175               $0/files.pif
2011-09-23 20:17:22 .....          670               $0/fl0.bat
2000-08-31 00:00:00 .....        80412               $0/grep.3XE
2000-08-31 00:00:00 .....        15360               $0/gsar.3XE
2008-11-18 05:15:14 .....       417136               $0/handle.3XE
2005-08-15 17:54:58 .....         1536               $0/hidec.3XE
2005-08-15 17:54:58 .....         1536               $0/EN-US/iexplore.exe
2009-10-20 09:25:36 .....          954               $0/history.bat
2010-07-14 16:44:50 .....        74529               $0/hwid.pif
2000-08-31 00:00:00 .....         1057               $0/image001.gif
2011-03-09 01:49:06 .....         1374               $0/katch.cmd
2011-10-08 22:59:50 .....         3495               $0/lnkread.vbs
2009-10-24 22:11:34 .....       184320               $0/mbr.3XE
2010-08-29 03:30:24 .....         2141               $0/mbr.chk
2012-04-24 00:26:00 .....         6732               $0/md5sum.pif
2012-04-24 00:26:00 .....           34               $0/md5sum00.pif
2000-08-31 00:00:00 .....        11264               $0/mtee.3XE
2000-08-31 00:00:00 .....            0               $0/mynul.dat
2011-08-26 12:38:54 .....         8543               $0/ncmd.com
2011-08-26 12:38:54 .....         8543               $0/License/ncmd.cfxxe
2009-12-24 08:12:40 .....          283               $0/ndis_combofix.dat
2010-04-14 10:21:30 .....          520               $0/netsvc.bad.dat
2000-08-31 00:00:00 .....          159               $0/netsvc.dat
2000-08-31 00:00:00 .....          481               $0/netsvc.vista.dat
2000-08-31 00:00:00 .....          525               $0/netsvc.xp.dat
2002-09-29 05:01:16 .....       180224               $0/pausep.3XE
2011-06-26 06:45:56 .....       256000               $0/pev.3XE
2011-06-26 06:45:56 .....       256000               $0/License/firefox.exe
2011-06-26 06:45:56 .....       256000               $0/License/iexplore.exe
2011-01-28 01:28:38 .....       102400               $0/pevb.3XE
2010-05-13 08:57:52 .....           64               $0/powp.dat
2006-03-02 15:42:40 .....        73728               $0/pv.com
2010-09-16 20:03:32 .....         1153               $0/region.dat
2009-05-01 14:26:10 .....          587               $0/restore_pt.vbs
2010-11-07 17:20:24 .....       208896               $0/rmbr.3XE
2000-08-31 00:00:00 .....          820               $0/rogues.dat
2000-08-31 00:00:00 .....          287               $0/run2.sed
1999-11-10 16:00:00 .....        38400               $0/s0rt.3XE
2000-08-31 00:00:00 .....          329               $0/safeboot.dat
2009-06-09 18:25:08 .....         1464               $0/safeboot.def.dat
2010-11-26 18:53:30 .....          482               $0/safeboot.def.vista.dat
2000-08-31 00:00:00 .....        98816               $0/sed.3XE
2000-08-31 00:00:00 .....        66172               $0/setpath.3XE
2012-04-22 19:31:56 .....       344653               $0/srizbi.md5
2009-11-28 22:42:26 .....        11987               $0/svc_wht.dat
2000-08-31 00:00:00 .....          555               $0/svchost.dat
2000-08-31 00:00:00 .....          668               $0/svchost.vista.dat
2010-11-27 05:12:00 .....          749               $0/svchost.vista.x64.dat
2009-10-18 04:14:26 .....          956               $0/svchost.w7.dat
2010-11-27 04:19:42 .....         1306               $0/svchost.w7.x64.dat
2000-08-31 00:00:00 .....       518144               $0/swreg.3XE
2000-08-31 00:00:00 .....       406528               $0/swsc.3XE
2000-08-31 00:00:00 .....       212480               $0/swxcacls.3XE
2000-08-31 00:00:00 .....          276               $0/system_ini.dat
1999-11-10 00:00:00 .....        35328               $0/tail.3XE
2009-10-30 05:26:54 .....          633               $0/toolbar.sed
2010-07-26 19:17:22 .....          440               $0/vistaMcode.dat
2012-02-11 11:39:54 .....        21711               $0/vistareg.dat
2010-06-20 20:05:36 .....         7584               $0/vun.dat
2010-07-23 20:20:44 .....          440               $0/w7Mcode.dat
2012-02-11 11:37:08 .....        22516               $0/w7reg.dat
2009-06-21 06:45:40 .....        98948               $0/w_sock.dll
2010-07-22 14:14:44 .....          440               $0/xpmcode.dat
2012-01-04 05:21:26 .....        63263               $0/xpreg.dat
2000-08-31 00:00:00 .....        23773               $0/zDomain.dat
2012-04-22 19:45:08 .....        66745               $0/zhsvc.dat
2000-08-31 00:00:00 .....        68096               $0/zip.3XE
2009-04-01 00:19:38 .....         1070               $0/License/Curl - license.txt
1996-08-18 18:10:00 .....         7385               $0/License/EXTRACT.TXT
2007-11-14 19:36:34 .....          212               $0/License/FI - license.txt
2010-12-19 09:48:22 .....          144               $0/License/UnxUtilsDist.com
2009-04-01 18:38:26 .....        26383               $0/License/UnxUtilsDist.html
2010-12-21 15:32:48 .....          388               $0/License/UnxUtilsDist.pif
2009-04-01 00:40:18 .....         3412               $0/License/Zip - license.txt
2009-04-01 03:38:06 .....          383               $0/License/dumphive-license.txt
2006-10-31 03:06:42 .....          850               $0/License/mtee.txt
2006-04-13 06:06:04 .....        39183               $0/License/pv_5_2_2.zip
2009-04-01 02:34:50 .....        75425               $0/License/streamtools.zip
                    .....         6656               $PLUGINSDIR/nsExec.dll
                    .....         4608               $PLUGINSDIR/ExecCmd.dll
                    .....                            $PLUGINSDIR/Banner.dll
------------------- ----- ------------ ------------  ------------------------
2012-04-24 00:26:00           12495431      4446481  206 files
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

everything is OK