| filename | RPCollectDump_tmlisten_30P_10Sec.exe | |
|---|---|---|
| size | 3922604 (0x3bdaac) | |
| md5 | cc59b88021e8148d82b780dca6bf72ef | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x120 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 259 | 25203 | 16 |
| 261 | 25203 | 174 |
| 260 | 25203 | 23 |
| 199 | 41118 | 2 |
| 259 | 26131 | 23 |
| 261 | 26131 | 65 |
| 260 | 26131 | 34 |
| 262 | 25203 | 1 |
| 147 | 30729 | 6 |
| 257 | 25203 | 15 |
| 1 | 0 | 289 |
| 260 | 26433 | 4 |
| 261 | 26433 | 82 |
| 255 | 26433 | 1 |
| 151 | 0 | 2 |
| 258 | 26433 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
TLS
| raw start | raw end | index | callbks | zero fill | flags | |
|---|---|---|---|---|---|---|
| 0x4d55f4 | 0x4d55fc | 0x4e6474 | 0x4b4538 | 0 | 0x300000 |
| id | lang | string |
|---|---|---|
| 7 | 1033 | Extraction Failed |
| 8 | 1033 | File is corrupt |
| 9 | 1033 | Cannot create folder '{0}' |
| 69 | 1033 | Decompressing |
| 70 | 1033 | Cancel |
| 71 | 1033 | Unable to create temporary folder |
| 72 | 1033 | Unable to open file |
| 75 | 1033 | Do you want to cancel the installation? |
StringTable 040904b0
| FileDescription | SFXSetup program |
| FileVersion | 6.7.0.1175 |
| InternalName | SFXSetup.exe |
| LegalCopyright | Copyright (C) 2019 Trend Micro Incorporated. All rights reserved. |
| OriginalFilename | SFXSetup.exe |
| CompanyName | Trend Micro Inc. |
| CoverageBuild | None |
| CompileOption | None |
| BuildType | None |
| SpecialBuild | 1175 |
| PrivateBuild | Build 1175 - None |
| LegalTrademarks | Copyright (C) Trend Micro Inc. |
| ProductVersion | 6.7 |
| LegalCopyright | Copyright (C) 2019 Trend Micro Incorporated. All rights reserved. |
| FileVersion | 6.7.0.1175 |
| PrivateBuild | 1175 |
| ProductName | Trend Micro WFBSS |
| ProductVersion | 6.7 |
VS_FIXEDFILEINFO
| FileVersion | 6.7.0.1175 |
| ProductVersion | 6.7.0.1175 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 2 |
| FileSubtype | 0 |
Scanning the drive for archives: 1 file, 3922604 bytes (3831 KiB) -- Type = 7z Offset = 997044 Physical Size = 2925560 Headers Size = 601 Method = LZMA:12m BCJ2 Solid = + Blocks = 2 Date Time Attr Size Compressed Name ------------------- ----- ------------ ------------ ------------------------ 2020-06-23 03:24:18 ....A 129 119244 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/dump.ini 2019-04-16 09:07:33 ....A 92 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/ofcdebug.ini 2019-04-16 08:58:43 ....A 44 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/run.ini 2020-06-23 03:23:02 ....A 182 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/upload.ini 2019-04-01 07:59:14 ....A 219596 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/curl-ca-bundle.crt 2019-04-08 06:48:26 ....A 307768 2805715 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/7z.exe 2019-04-09 10:56:34 ....A 587984 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/7za.exe 2019-04-09 10:56:34 ....A 3599056 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/curl.exe 2019-04-16 09:40:48 ....A 137936 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/pribytes32.exe 2019-04-16 09:43:02 ....A 161488 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/pribytes64.exe 2019-04-16 08:43:30 ....A 649936 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/procdump.exe 2019-04-16 08:47:17 ....A 340176 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/procdump64.exe 2019-07-10 04:43:47 ....A 1067424 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/RPCollectFile.exe 2019-04-08 06:48:39 ....A 1167552 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/7z.dll 2019-04-09 10:56:34 ....A 945872 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/libcurl.dll 2019-04-09 10:56:45 ....A 0 0 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec/files.txt 2020-06-23 03:32:12 D.... 0 0 RPCollectDump_tmlisten_30P_10Sec/RPCollectDump_tmlisten_30P_10Sec 2020-06-23 03:32:12 D.... 0 0 RPCollectDump_tmlisten_30P_10Sec ------------------- ----- ------------ ------------ ------------------------ 2020-06-23 03:32:12 9185235 2924959 16 files, 2 folders
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0xe6474