filenameSderni_upx.exe
size21504 (0x5400)
md5bba1fd0096b9f079cc68149ce3aef33d
typePE32 executable (Windows CE) ARM, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf8

Rich Header

lib idversiontimes used
110507251
4896153
002
109507253
8930642
8920649
10108
110605111
124507271
120507271

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x1c0
NumberOfSections4
TimeDateStamp0x4c791e94
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x103
Magic0x10b
LinkerVersion8.0
SizeOfCode0x3400
SizeOfInitializedData0x1c00
SizeOfUninitializedData0x8000
AddressOfEntryPoint0xc080
BaseOfCode0x9000
BaseOfData0xd000
ImageBase0x10000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.10
Reserved10
SizeOfImage0x10000
SizeOfHeaders0x400
CheckSum0
Subsystem9
DllCharacteristics0
SizeOfStackReserve0x10000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX?

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x80000RWX UDATA
UPX10x90000x34000x3400RWX IDATA
UPX20xd0000x2000x200R-- IDATA
.rsrc0xe0000x1a000x1a00R-- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0xd0000x124
RESOURCE0xe0000x18a4
EXCEPTION0x70000x110
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#2022240
ICON#142640
MENU#1002740
MENU#1121660
MENU#40012320
DIALOG#1145960
DIALOG#207900
DIALOG#4156820
DIALOG#416900
DIALOG#4002414080
STRING#77600
STRING#85900
STRING#13460
STRING#14600
STRING#202680
STRING#261900
STRING#33900
STRING#2501560
RCDATA#100320
RCDATA#112320
RCDATA#40012320
GROUP_ICON#200200
VERSION#17000
idlangstring
961049
82 e9 c4 8f 38 9f 09 b3  55 62 63 a3 b3 5a 3a df  |....8...Ubc..Z:.|
4f 0d 00 00 da 4e 87 03  ef 9f 37 98 01 9e 13 b0  |O....N....7.....|
10 a3 cb 82 0b 82 7a 27  20 67 53 a3 7a b2 10 c0  |......z' gS.z...|
e0 0e e7 16 d7 a5 6f 05  b1 17 ca e8 0f d4 1b 30  |......o........0|
d7 dd ff e0 84 a2 a7 3d  1b 84 43 a8 da d3 f6 04  |.......=..C.....|
43 d8 17 18 06 93 02 a3  a4 53 c3 f7 a1 4b bb 0a  |C........S...K..|
62 4f c3 50 e3 53 93 d1  f1 2f 58 c0 d3 ed 7f e3  |bO.P.S.../X.....|
f3 82 3f fb 17 f0 0b 98  37 c7 20 33 02 d7 5b 13  |..?.....7. 3..[.|
a9 4b 15 d7 9b ed 1b 51  d0 83 9b 41 08 33 38 b0  |.K.....Q...A.38.|
00 57 63 4b d8 43 0f 30  90 cf 2b 0f 90 45 69 ac  |.WcK.C.0..+..Ei.|
03 9f 0f 4f 20 82 d4 87  63 cb 5e 60 0f c3 87 6b  |...O ...c.^`...k|
40 0f e8 1b 93 07 82 38  d0 db d5 3f e1 0d bb 6e  |@......8...?...n|
4c 63 09 4f 9e 0b 11 8b  fd 90 a0 e1 00 00 54 53  |Lc.O..........TS|
f3 62 da 08 d0 1f 68 9b  35 cf b1 27 80 5b e3 10  |.b....h.5..'.[..|
a2 49 43 47 5b eb 88 55  ff 23 01 70 57 e2 b2 f5  |.ICG[..U.#.pW...|
30 c6 e0 f7 5c 93 39 ff  76 3b e2 84 10 3f 50 34  |0...\.9.v;...?P4|
bb b0 32 37 f4 df 1c 87  3c f3 4f 7b 7e 03 13 05  |..27....<.O{~...|
9b 53 1b 42 2c 27 f8 47  40 82 e3 74 37 e3 93 33  |.S.B,'.G@..t7..3|
92 33 16 98 93 43 e7 0f  7f 42 bb 22 60 07 70 43  |.3...C...B."`.pC|
05 1b 4b 93 2a 1e 63 e0  0f 5b 93 0a 5a 63 d6 0f  |..K.*.c..[..Zc..|
4f b4 9f 4f bb 38 53 3f  07 93 86 43 3f b0 3c 0b  |O..O.8S?...C?.<.|
6e 24 07 78 1f 3d 9b ec  13 0b 3d 86 1f 2b c3 0b  |n$.x.=....=..+..|
0e 20 c0 23 45 75 9b 98  52 7f 6c 1f 38 fc 99 17  |. .#Eu..R.l.8...|
42 a7 ee ea dc 07 7b 13  63 ec cc 0b 17 57 d8 d8  |B.....{.c....W..|
0b 0b 57 03 b9 bc 17 16  77 ec ea b0 1f 17 37 d8  |..W.....w.....7.|
94 2b 0b 0b 03 60 77 1d  70 c2 2b 17 5f ea 64 60  |.+...`w.p.+._.d`|
3f 28 f6 9f 97 1d 44 80  4b b0 3f 0e 20 c0 1f 5e  |?(....D.K.?. ..^|
33 ac 6f 0e 37 18 23 08  07 60 d4 63 ca 6f 34 3b  |3.o.7.#..`.c.o4;|
4e f3 04 07 40 c2 6f fa  87 dc e1 d7 e3 9b bf d5  |N...@.o.........|
38 8b 9b a7 1a 3e ea a0  13 cf 6c fb 03 18 1b bb  |8....>....l.....|
21 70 03 c8 d7 e0 a4 71  0b 81 d7 b8 4b 78 d3 09  |!p.....q....Kx..|
27 71 ea 84 32 67 74 b7  61 8f 81 3f ee 04 1f 6a  |'q..2gt.a..?...j|
13 d8 c3 ea e5 f7 a3 8f  17 62 26 d5 ec 4e a7 03  |.........b&..N..|
df 87 17 a3 b7 74 e0 e3  3a 7f ea af ea 3d c3 e8  |.....t..:....=..|
0b 65 af aa 8b 41 3b 4e  d7 a7 37 18 43 30 e3 21  |.e...A;N..7.C0.!|
a3 bf 13 a0 06 01 22 07  21 23 b1 06 cc b0 6f a4  |......".!#....o.|
58 c3 20 25 13 c0 88 1d  d0 dd 31 27 6f 40 03 77  |X. %......1'o@.w|
5c 3c 03 0b d7 ae 64 07  ba 58 03 50 69 9c a6 80  |\<....d..X.Pi...|
02 5f b9 27 d7 07 cc 03  4d b0 f0 34 88 0c 10 04  |._.'....M..4....|
a7 38 5c 09 04 41 74 7b  04 4d 63 02 47 b3 61 00  |.8\..At{.Mc.G.a.|
60 1b 60 cc 25 57 d6 c4  10 1b e2 41 0e d0 ff f5  |`.`.%W.....A....|
f7 02 35 ef ff d1 e3 ac  72 67 35 5b b4 17 fc 09  |..5.....rg5[....|
4b a3 43 ec f9 0b 44 d1  7f d0 26 1f ac 23 78 60  |K.C...D...&..#x`|
84 e5 10 1b d1 db 1b 11  6c 37 50 b6 0b 00 4b 71  |........l7P...Kq|
45 4b 17 58 06 73 20 e1  9f 3f 4b 00 83 e5 83 01  |EK.X.s ..?K.....|
73 a0 9f 36 8f 72 18 9b  2e 0b 94 e5 12 9f 37 13  |s..6.r........7.|
af 77 52 db ae af 5c 73  f5 0f 8b 73 3f d6 77 0b  |.wR...\s...s?.w.|
bf 59 7f e1 60 36 17 31                           |.Y..`6.1        |
1121049
bf 53 e1 f0 58 2d e9 c7  1c b0 07 07 97 47 93 43  |.S..X-.......G.C|
01 fb 09 6b d1 34 eb f2  72 23 0d cb d1 e1 05 27  |...k.4..r#.....'|
8f 07 8d 00 37 89 ff f4  46 1f 80 55 27 6c 1e 0b  |....7...F..U'l..|
4a 1b 0b b3 9d 0b 0a 0c  17 09 97 9f 07 f0 e3 a8  |J...............|
1b e9 b3 c3 8f 0e d3 ab  91 a6 b8 90 e5 73 71 3f  |.............sq?|
cf d3 17 86 20 b3 a8 18  5a 7b fe 77 3b 0b 34 37  |.... ...Z{.w;.47|
77 c3 40 bd e8 50 d7 83  b8 cb 5d c0 03 c4 34 c8  |w.@..P....]...4.|
c9 47 c7 1b 6e e1 01 63  41 c2 03 c4 b7 30 fb 7e  |.G..n..cA....0.~|
e3 00 f0 a0 96 47 50 8d  6b 6c 17 55 6a ff ad 83  |.....GP.kl.Uj...|
4e 33 00 f1 4b cd 53 0e  f6 ff ea f0 41 d7 ab aa  |N3..K.S.....A...|
5b af 01 11 b7 0b 02 d7  5d b8 6b 07 b6 0c 0f 40  |[.......].k....@|
e6 03 47 dd c1 97 53 b7  e3 87 00 1a 02 a7 89 b7  |..G...S.........|
ee 96 0f 56 cb a0 ec 17  88 50 06 4b 28 5c 3f 40  |...V.....P.K(\?@|
e2 72 63 16 1b 00 35 93  a2 2f d5 0f 38 07 03 8f  |.rc...5../..8...|
16 43 b5 db ad 2f 1f d2  44 e2 b8 8d 53 57 e7 5a  |.C.../..D...SW.Z|
2a 07 d8 13 9c bd 6b 4f  5b 30 4a c7 85 87 ee 86  |*.....kO[0J.....|
e5 3c 6f b0 34 e7 6e 28  0b da 20 00 57 f6 f3 4b  |.
1921049ᱠཿ႗폘戀⤺ၸ଀瀌좀౬聨㳈㠌좀ఴ耬⣈
2081049켠㮆숁홋୲ᆱ䃰⠰Ὗ⟃㾶㽫悠⠫՗ဃ侠꼰灯សʣ䯨ᩴ淳࿾끐໡胃
3041049
01 0e ea f0 a0 01 5e 93  2d e5 0c ba 73 28 c1 1b  |......^.-...s(..|
c0 08 c0 b6 47 18 0b 0c  04 d2 14 2d 13 ae 3f 7b  |....G......-..?{|
6a 27 9b 37 f0 9d a3 e4  57 ee f0 97 8b 64 54 a0  |j'.7....W....dT.|
30 97 67 3c 50 4b cf 0b  ad 3a 7b c1 64 40 d1 03  |0.g
4001049殸睇『ீ㑤㠆摀ؼ䁀䑤䠆摀ٌ䁐呤堆摀ٜ䁠摤栆摀٬䁰瑤砆摀ټ䂀葤蠆摀ڌ䂐鑤順摀ڜ䂠ꑤ꠆摀ڬ䂰둤理꼐받ė산ᤋDŽ𴀙送᧠Ǥ送᧰Ǵﰙ뀁꜀Лċ࢐ఙ送ᤐĔᢐᰙ送ᬠ眐뀁଄⨑䭣剓뉟⌔欅ᝏ䁩矀䙖僿⃡
5121049
1c 10 9d df 16 00 9d 05  64 6c 0f 0b 17 db 6d 42  |........dl....mB|
00 8b b1 61 3f 12 2f dd  5e 07 fc 42 93 d0 ea b4  |...a?./.^..B....|
2f 01 28 a2 1a bf 88 e0  03 21 33 c6 84 93 03 88  |/.(......!3.....|
60 0b 32 a4 03 a0 20 32  9c 03 98 20 32 94 03 90  |`.2... 2... 2...|
20 32 8c 03 b0 20 32 ac  03 28 18 db 0d 24 80 0b  | 2... 2..(...$..|
c8 20 0c 1c d0 e0 75 e8  d0 d1                    |. ....u...      |
400001049
13 da db 12 ad 33 c2 11  05 c3 e1 11 37 04 5d b3  |.....3......7.].|
23 23 6a 63 33 54 86 e1  2f d4 15 00 b8 07 13 00  |##jc3T../.......|
15 cb a1 03 13 5a 03 d8  7f 13 05 7f 77 13 8d 15  |.....Z......w...|
67 68 23 9b 4a 55 e3 e0                           |gh#.JU..        |
module_namehintordfunction_name
COREDLL.dllLoadLibraryW
COREDLL.dllGetProcAddressA
COREDLL.dllCacheSync
AYGSHELL.dll56
cellcore.dll130
CEMAPI.dllMAPILogonEx
WS2.dllrecv

StringTable 041904b0

CompanyNameBArtWell
FileDescriptionSderni.Ru uploader
FileVersion1.6
InternalNameSderni
LegalCopyrightCopyright © 2008-2010 by BArtWell
OriginalFilenameSderni.exe
ProductName Sderni
ProductVersion1.6

VS_FIXEDFILEINFO

FileVersion1.6.0.0
ProductVersion1.6.0.0
StrucVersion0x10000
FileFlagsMask0x17
FileFlags0
FileOS4
FileType1
FileSubtype0
offsetsizetypecomment
021504EXE08/28/2010 14:35:00#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x8520
[?] can't find file_offset of VA 0x8a20
[?] can't find file_offset of VA 0x8774
[?] can't find file_offset of VA 0x8a7c
[?] can't find file_offset of VA 0x8ad8
[!] string size(119556) > stringtable size(760). truncated to 758
[!] cannot convert "\xC4\x8F8\x9F\t\xB3Ubc\xA3\xB3Z:\xDFO\r"... to UTF-16
[!] string size(42878) > stringtable size(590). truncated to 588
[!] cannot convert "\xE1\xF0X-\xE9\xC7\x1C\xB0\a\a\x97G\x93C\x01\xFB"... to UTF-16
[!] string size(36600) > stringtable size(46). truncated to 44
[!] string size(39352) > stringtable size(60). truncated to 58
[!] string size(7170) > stringtable size(268). truncated to 266
[!] cannot convert "\xEA\xF0\xA0\x01^\x93-\xE5\f\xBAs(\xC1\e\xC0\b"... to UTF-16
[!] string size(100608) > stringtable size(190). truncated to 188
[!] string size(8248) > stringtable size(90). truncated to 88
[!] cannot convert "\x9D\xDF\x16\x00\x9D\x05dl\x0F\v\x17\xDBmB\x00\x8B"... to UTF-16
[!] string size(111654) > stringtable size(56). truncated to 54
[!] cannot convert "\xDB\x12\xAD3\xC2\x11\x05\xC3\xE1\x117\x04]\xB3##"... to UTF-16
[?] can't find file_offset of VA 0x7000