UnPackMe.exe

info
MZ
PE
resources
strings
imports
foremost
hexdump
disasm
log
discuss
donate

filename	UnPackMe.exe
size	168960 (0x29400)
md5	c62e633ce27db8bf5ab5002186687fd0

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x50
blocks_in_file	2
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0xf
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0x1a
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	8
TimeDateStamp	0x2a425e19
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x818e
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0x3f200
SizeOfInitializedData	0xac00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x50000
BaseOfCode	0x1000
BaseOfData	0x41000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	1.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x51000
SizeOfHeaders	0x338
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x4000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

PolyEnE 0.01+ by Lennart Hedlund

Sections

name	va	vsize	raw size	flags
CODE	0x1000	0x3f138	0x25000	RWX CODE IDATA
DATA	0x41000	0xd08	0x800	RWX CODE IDATA
BSS	0x42000	0x821	0	RW-
.idata	0x43000	0x1db6	0xe00	RWX CODE IDATA
.tls	0x45000	0x10	0	RW-
.rdata	0x46000	0x5018	0x200	R-- IDATA SHARED
.rsrc	0x4c000	0x3800	0x2000	RWX CODE IDATA
.Polyene	0x50000	0x70b	0x800	RWX CODE IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x50584	0x96
RESOURCE	0x4c000	0x3800
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x46000	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x445000	0x445010	0x4424d0	0x446010	0	0

show previews

type	name	size
CURSOR	#1	308
CURSOR	#2	308
CURSOR	#3	308
CURSOR	#4	308
CURSOR	#5	308
CURSOR	#6	308
CURSOR	#7	308
ICON	#1	2216
STRING	#4086	604
STRING	#4087	212
STRING	#4088	436
STRING	#4089	1088
STRING	#4090	940
STRING	#4091	852
STRING	#4092	244
STRING	#4093	196
STRING	#4094	724
STRING	#4095	860
STRING	#4096	692
RCDATA	DVCLAL	16
RCDATA	PACKAGEINFO	388
RCDATA	TFORM1	641
GROUP_CURSOR	#32761	20
GROUP_CURSOR	#32762	20
GROUP_CURSOR	#32763	20
GROUP_CURSOR	#32764	20
GROUP_CURSOR	#32765	20
GROUP_CURSOR	#32766	20
GROUP_CURSOR	#32767	20
GROUP_ICON	MAINICON	20

id	lang	string
65360	0	7b 12 bb ed e3 2e ee 46 8a ad f4 28 45 99 59 40 \|{......F...(E.Y@\| 7b 3f 4c 1c 8f da 7e b8 42 ea 8d 57 e6 4b 8c 97 \|{?L...~.B..W.K..\| 2d 7f ea 03 48 f1 85 75 f8 de a9 c0 d1 59 c8 24 \|-...H..u.....Y.$\| 4d 8d e2 b4 29 6b f7 ff 2d 7d 52 8b 78 bb a5 9c \|M...)k..-}R.x...\| f7 55 0f fb 81 20 f7 1e 40 e5 78 2c de 92 34 ef \|.U... ..@.x,..4.\| 3a 21 6f 4b 81 b6 87 e2 af fd e8 1b ed 5c 76 34 \|:!oK.........\v4\| d1 71 40 49 80 b5 ce e9 4e 1c a7 4f e5 f9 6e ff \|.q@I....N..O..n.\| 36 a8 bf 7c e8 6d 66 5a fe f5 65 8f 03 12 40 8f \|6..\|.mfZ..e...@.\| 87 33 96 53 ad 24 1d ff c5 1b 89 84 c9 05 d6 af \|.3.S.$..........\| df f2 d0 bd 74 21 34 3e 22 90 bb dc 5b a3 3a 9a \|....t!4>"...[.:.\| 7e 8f 37 30 9c dc 72 dc 6a 0f ee f0 e7 2b 5c 4e \|~.70..r.j....+\N\| ff ad 5e 8a ae 35 49 43 85 23 3c 6c 60 c7 65 de \|..^..5IC.#.Z\| 41 80 a5 53 28 4a 7f a5 79 1d c0 1f dc 81 7e 4b \|A..S(J..y.....~K\| c7 1f c2 1c 3d 54 8e 20 fe eb c8 fe 82 25 44 dd \|....=T. .....%D.\| 86 31 19 4c 84 b9 4c 67 25 15 7b 4c d9 7f 5c 3c \|.1.L..Lg%.{L..\<\| 03 63 95 2a 68 54 25 b8 14 9a 5b 60 d5 e3 b4 ea \|.c.hT%...[`....\| c9 0f 03 9c e7 9f 7f 83 06 d2 46 0b 00 58 7f a8 \|..........F..X..\| db 54 8d a6 28 a7 11 24 73 fa 69 60 2d 55 0b 91 \|.T..(..$s.i`-U..\| 21 be 43 fb d0 1a e4 8d 65 89 94 81 ae 8b b5 8d \|!.C.....e.......\| 06 8e eb f3 52 40 aa f2 c0 a7 03 63 95 44 78 e2 \|....R@.....c.Dx.\| ff 0b 88 03 1c 38 69 bb b5 68 0a 1f cd 09 d7 ed \|.....8i..h......\| 62 4f 49 f8 54 82 cc 4d f1 f8 a2 94 2a 29 23 ad \|bOI.T..M....)#.\| 53 96 2e f1 5c 28 fc de d7 8c bb 8d 97 ad 7c 9e \|S...\(........\|.\| 1e 08 cd d2 ec 52 9e 44 11 46 be c0 66 7e 3a a7 \|.....R.D.F..f~:.\| 75 8f 93 6a e4 46 5a 02 2a 3e 0d 64 00 3f 4c e7 \|u..j.FZ.*>.d.?L.\| 90 53 49 aa 56 a7 4d 70 71 19 40 1e 8c 9b f0 84 \|.SI.V.Mpq.@.....\| c5 61 94 6e b8 7a e5 8a 97 06 5c 21 81 f5 01 3a \|.a.n.z....\!...:\| e1 d5 96 4d e0 0f dd 58 43 10 24 bd \|...M...XC.$. \|
65376	0	7e 1d 35 54 49 b7 28 4a ee 51 bc 8c c9 0e fe c0 \|~.5TI.(J.Q......\| 37 b7 29 c3 0d 5e 77 e4 08 5c 1e 45 d4 2d 01 26 \|7.)..^w..\.E.-.&\| 23 6b 8a af f4 3f 62 70 da cd 0d 51 41 47 4b ce \|#k...?bp...QAGK.\| 27 f7 48 fa 66 6d 72 2a 7c ff ed e5 42 51 cc 78 \|'.H.fmr*\|...BQ.x\| 96 26 7b 97 67 86 46 88 76 6d b3 82 f6 c6 a6 a6 \|.&{.g.F.vm......\| 31 f0 ce 9e 26 b7 7d db a1 d3 46 bf db 45 3f a2 \|1...&.}...F..E?.\| 69 26 a9 51 4b 75 3f 0a 8f 8c d6 60 61 4c de d6 \|i&.QKu?....`aL..\| 91 0d a7 f5 36 9c a2 7f 2c c5 58 4d f0 97 a5 2c \|....6...,.XM...,\| 8b be 6d 3b ae 84 21 eb 5f 23 10 92 0e b8 86 b9 \|..m;..!._#......\| c6 87 36 89 ca cd d8 34 5e f0 9d e6 79 3d 30 dc \|..6....4^...y=0.\| 46 a1 1b 8c fa 15 52 74 54 8b 49 24 79 60 d0 39 \|F.....RtT.I$y`.9\| f0 a7 57 f1 99 de 7a e8 ce 5b 24 a1 08 bb de 12 \|..W...z..[$.....\| 10 88 59 b3 46 30 9d 48 3b 95 ae 50 ef 49 f5 3d \|..Y.F0.H;..P.I.=\| 6b 7e 4d 97 \|k~M. \|
65392	0	f6 49 78 ef 93 dc 8b 8e 9e ce 3d 0d a0 a2 c1 d8 \|.Ix.......=.....\| 38 7a 3f b0 57 ae ac 75 16 55 b3 74 4a ac 48 f5 \|8z?.W..u.U.tJ.H.\| 8c 75 87 8b a7 46 2a a3 d7 f9 cb 1e 3f b1 d7 65 \|.u...F*.....?..e\| 50 79 21 eb 71 3a e3 76 5c 08 e8 17 cf 81 f4 fd \|Py!.q:.v\.......\| f5 13 ce 03 9d ba 9b 80 d9 04 13 2d a5 a4 cd f9 \|...........-....\| a9 95 6a 3f e7 75 dc 55 d0 68 1c 9a 59 71 35 05 \|..j?.u.U.h..Yq5.\| 3c 57 c0 f8 15 50 d6 d3 95 47 91 17 dd fd b0 07 \|.5+{=b.S...q.\| df 41 ef 32 ad 2e d6 93 8f 58 92 75 8a 3f ee 46 \|.A.2.....X.u.?.F\| 7f 2f 3b 80 9d 06 00 80 05 6b dc 8b 0b 0c 0a 14 \|./;......k......\| 57 a6 4c 04 17 ed 32 ae 51 d1 96 d7 b9 06 7c fc \|W.L...2.Q.....\|.\| 2b 01 0d 09 ef ec 2b 10 4c ee 4f 2e 53 3b 02 e3 \|+.....+.L.O.S;..\| 51 77 35 ee 9d e3 cb 04 3c 94 47 c3 c6 74 90 7d \|Qw5.....<.G..t.}\| d7 50 38 a1 d3 d3 50 e9 45 18 ab 2b 22 11 c2 82 \|.P8...P.E..+"...\| 51 f2 75 76 2c 9d 91 7c b5 8b 5f 5c 6c 4d 4f 4b \|Q.uv,..\|.._\lMOK\| 3d f2 b4 9b c5 0f f3 7e 75 8a 53 54 61 09 60 f4 \|=......~u.STa.`.\| 1d 32 ff 4e 4b 1e 43 48 2f 19 95 c1 2c 7f c0 1d \|.2.NK.CH/...,...\| a3 0f a5 61 8a f9 60 16 39 b7 75 36 c8 d4 4c c2 \|...a..`.9.u6..L.\| 61 e3 7d 65 91 ca bc 57 ca 88 ee 5e 43 ec c7 01 \|a.}e...W...^C...\| b9 5c 73 28 91 7f 3d 96 73 18 30 85 59 fc 6c 14 \|.\s(..=.s.0.Y.l.\| fe 8e e2 78 d2 5e 05 8e 1b 26 6d 0e 0e 04 cf 51 \|...x.^...&m....Q\| 77 7d 31 f1 ad df bd d8 9b df 87 6c 10 d5 50 12 \|w}1........l..P.\| 4a c5 5f f9 6e c3 3d 09 4d 7b 6d c4 71 db b0 26 \|J._.n.=.M{m.q..&\| 18 f8 56 27 73 f3 9c 8e 85 78 cc ff ad 74 48 34 \|..V's....x...tH4\| d0 6d f3 f8 37 41 d6 77 d8 f1 40 9e 9a 07 cb 3c \|.m..7A.w..@....<\| d4 08 04 7d \|...} \|
65408	0	9a 13 3e 67 cc 00 da 00 ff 9f 68 f9 d8 47 8d 10 \|..>g......h..G..\| b9 e4 e4 19 7b 31 17 07 db 8d a6 f6 9f 60 b1 6b \|....{1.......`.k\| c4 6e ac 9b 58 67 88 47 4c 58 11 e4 c6 f8 bb c4 \|.n..Xg.GLX......\| 65 21 1e 24 de 10 d6 9b 53 9e 7d 9d dd 83 00 de \|e!.$....S.}.....\| 7c 8e 51 0c 4a 41 4c 94 2f 58 a0 0b 7e 16 c9 d5 \|\|.Q.JAL./X..~...\| c4 00 12 d8 24 fe 9e a9 d2 8e 2c 67 a8 69 17 3b \|....$.....,g.i.;\| d7 b8 ed 80 a0 d5 1f 76 55 17 56 b3 6f 15 2f 55 \|.......vU.V.o./U\| 76 70 82 96 0d a1 b4 b6 de 95 51 98 2f 4c 4c 41 \|vp........Q./LLA\| dd 13 00 c0 9c b8 27 4a 58 0f a3 9b 00 46 00 9e \|......'JX....F..\| 0e 5b 4b dc c0 d1 ff 57 f6 28 d8 37 1b 1b 2e e0 \|.[K....W.(.7....\| e1 10 6e a0 96 cf d8 1b 23 09 50 ce 5a 5d 6c 38 \|..n.....#.P.Z]l8\| f8 6e 28 72 b8 42 95 a5 bf 17 17 3b 6c ae 09 81 \|.n(r.B.....;l...\| b3 9d af 09 90 9e 88 36 7d 40 cf 10 ad 77 90 55 \|.......6}@...w.U\| 4a 7d c5 e9 c7 0b 23 c1 32 0c 3e 48 25 33 c9 57 \|J}....#.2.>H%3.W\| c1 13 0d 56 89 4f 9a 17 d0 0b 18 8d 14 72 a3 df \|...V.O.......r..\| 38 6f 24 7b 49 a4 dc 5d 2d 1d aa 0b 00 4e a1 78 \|8o${I..]-....N.x\| 4c 09 9b 0e 9d 5b 67 10 56 f3 04 4f 9d c5 42 01 \|L....[g.V..O..B.\| a3 3b 76 14 10 34 d2 38 65 cd 15 a4 4e 00 50 59 \|.;v..4.8e...N.PY\| 07 72 91 0f 30 ca 29 58 3b bf da de 77 50 78 3e \|.r..0.)X;...wPx>\| b8 89 45 c7 c3 4a f7 68 74 5a 72 e2 4a 67 06 45 \|..E..J.htZr.Jg.E\| c4 fb 1c 10 49 61 14 5a 4f 07 72 cc c0 8c be 9d \|....Ia.ZO.r.....\| 19 f7 0a fd 2b 57 ec 9d 3c 81 ec 47 ff 0c ac e7 \|....+W..<..G....\| cc f2 4f e4 ce be e9 64 4c fc 0f 88 0d d6 a5 12 \|..O....dL.......\| 13 14 41 16 17 56 13 ec 0d 59 32 12 dc 15 eb 4b \|..A..V...Y2....K\| a1 33 cc bd 53 bd 00 57 a4 33 1c 12 32 68 37 1c \|.3..S..W.3..2h7.\| 08 0a 18 50 b8 1c ae 51 cb 03 18 17 ef fc 10 0a \|...P...Q........\| f2 af 2e 1a e7 9f 38 dc fc f8 03 07 92 fe 37 1a \|......8.......7.\| e2 a7 8d 07 ed ed f8 19 ed c7 30 af c7 ad e8 07 \|..........0.....\| c9 8d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \|................\| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \|................\| * 00 00 00 00 00 00 00 00 00 00 00 00 50 e8 01 00 \|............P...\| 00 00 c7 58 83 c0 08 eb ff e0 58 eb 01 a9 60 eb \|...X......X...`.\| ff c0 eb ff c8 68 3b 4e 02 00 8b 04 24 83 c4 04 \|.....h;N....$...\| 50 b8 40 00 00 00 91 58 eb 01 69 ff f0 50 e8 01 \|P.@....X..i..P..\| 00 00 00 c7 58 83 c0 08 eb ff e0 58 51 eb ff 15 \|....X......XQ...\| b9 05 45 00 ff f0 50 44 44 8b 74 24 fe 44 44 bf \|..E...PDD.t$.DD.\| 00 10 40 00 87 db 57 87 fb eb 01 0f 5b 87 fb 50 \|..@...W.....[..P\| b8 3b 4e 02 00 93 58 eb 00 eb 01 69 8a 0f 82 c1 \|.;N...X....i....\| ff 32 cb 28 d9 f6 d1 00 d9 80 f1 ff 80 f1 7a 32 \|.2.(..........z2\| cb 02 cb c0 c1 72 88 0e 47 46 eb 01 69 c1 c2 02 \|.....r..GF..i...\| c1 ca 02 ff cb 83 fb 00 0f 85 ce ff ff ff 8b 34 \|...............4\| 24 83 c4 04 eb 01 a9 68 00 10 40 00 8b 3c 24 83 \|$......h..@..<$.\| c4 04 eb ff f6 8b f7 5f 87 f7 eb ff f6 33 c7 57 \|......._.....3.W\| eb 02 bd 30 33 04 24 5f 68 1f 06 45 00 8b 04 24 \|...03.$_h..E...$\|

module_name	hint	function_name
KERNEL32.dll	360	GlobalAlloc
KERNEL32.dll	367	GlobalFree
KERNEL32.dll	425	LoadLibraryA
KERNEL32.dll	297	GetProcAddress
KERNEL32.dll	117	ExitProcess

show previews

offset	size	type	comment
0	168960	EXE	06/19/1992 22:22:17	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

[?] can't find file_offset of VA 0x4e0d4

[?] can't find file_offset of VA 0x4e480

[?] can't find file_offset of VA 0x4e7d4

[?] can't find file_offset of VA 0x4e8c8

[?] can't find file_offset of VA 0x4e98c

[?] can't find file_offset of VA 0x4ec60

[?] can't find file_offset of VA 0x4efbc

[!] string size(9462) > stringtable size(604). truncated to 602

[!] cannot convert "\xBB\xED\xE3.\xEEF\x8A\xAD\xF4(E\x99Y@{?"... to UTF-16

[!] string size(15100) > stringtable size(212). truncated to 210

[!] cannot convert "5TI\xB7(J\xEEQ\xBC\x8C\xC9\x0E\xFE\xC07\xB7"... to UTF-16

[!] string size(37868) > stringtable size(436). truncated to 434

[!] cannot convert "x\xEF\x93\xDC\x8B\x8E\x9E\xCE=\r\xA0\xA2\xC1\xD88z"... to UTF-16

[!] string size(10036) > stringtable size(1088). truncated to 1086

[!] cannot convert ">g\xCC\x00\xDA\x00\xFF\x9Fh\xF9\xD8G\x8D\x10\xB9\xE4"... to UTF-16

[?] can't find file_offset of VA 0x4f270

[?] can't find file_offset of VA 0x4f280

[?] can't find file_offset of VA 0x4f404

[?] can't find file_offset of VA 0x4f688

[?] can't find file_offset of VA 0x4f69c

[?] can't find file_offset of VA 0x4f6b0

[?] can't find file_offset of VA 0x4f6c4

[?] can't find file_offset of VA 0x4f6d8

[?] can't find file_offset of VA 0x4f6ec

[?] can't find file_offset of VA 0x4f700

[?] can't find file_offset of VA 0x424d0