file2.exe

info
MZ
PE
resources
imports
foremost
7zip
hexdump
disasm
log
discuss
donate

filename	file2.exe
size	140800 (0x22600)
md5	d4be32074847a64d01c8d6b19f7274c5

type	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0xc352
blocks_in_file	0x4328
num_relocs	0x4229
header_paragraphs	0x5265
min_extra_paragraphs	0x216f
max_extra_paragraphs	0x4550
ss	0
sp	0x14c
checksum	4
ip	0x5e19
cs	0x2a42
reloc_table_offset	0
overlay_number	0
reserved0	0x838f00e000000000
oem_id	0x10b
oem_info	0x1902
reserved2	0x55e00
reserved3	0x13000
reserved4	0
reserved5	0xac05f
reserved6	0x1000
lfanew	0xc

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x2a425e19
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x838f
Magic	0x10b
LinkerVersion	2.25
SizeOfCode	0x55e00
SizeOfInitializedData	0x13000
SizeOfUninitializedData	0
AddressOfEntryPoint	0xac05f
BaseOfCode	0x1000
BaseOfData	0xc
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	1.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0xcdf000
SizeOfHeaders	0x200
CheckSum	0
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x4000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

BeRoEXEPacker v1.00 (BeRo)

Sections

name	va	vsize	raw size	flags
packerBY	0x1000	0xaa001	0	RWX UDATA
bero^fr	0xac000	0x21400	0x21400	RWX IDATA
.rsrc	0xce000	0	0xe44	RW- IDATA
b@0ok.de	0xcf000	0xc10000	0	RWX UDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xac000	0x5f
RESOURCE	0xce000	0xe44
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0xcd3e8	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x49a000	0x49a010	0x45a4d0	0	0	0

show previews

type	name	size
CURSOR	#1	308
CURSOR	#2	308
CURSOR	#3	308
CURSOR	#4	308
CURSOR	#5	308
CURSOR	#6	308
CURSOR	#7	308
CURSOR	#8	308
BITMAP	BBABORT	464
BITMAP	BBALL	484
BITMAP	BBCANCEL	464
BITMAP	BBCLOSE	464
BITMAP	BBHELP	464
BITMAP	BBIGNORE	464
BITMAP	BBNO	464
BITMAP	BBOK	464
BITMAP	BBRETRY	464
BITMAP	BBYES	464
BITMAP	SPINDOWN	152
BITMAP	SPINUP	152
ICON	#1	744
STRING	#4084	868
STRING	#4085	640
STRING	#4086	224
STRING	#4087	300
STRING	#4088	656
STRING	#4089	1028
STRING	#4090	996
STRING	#4091	912
STRING	#4092	236
STRING	#4093	208
STRING	#4094	676
STRING	#4095	860
STRING	#4096	692
RCDATA	DVCLAL	16
RCDATA	PACKAGEINFO	468
RCDATA	TFORMABOUT	3262
RCDATA	TFORMADVANCEDINFO	3219
RCDATA	TFORMMAIN	4384
RCDATA	TFORMOPTIONS	1708
GROUP_CURSOR	HAND	20
GROUP_CURSOR	#32761	20
GROUP_CURSOR	#32762	20
GROUP_CURSOR	#32763	20
GROUP_CURSOR	#32764	20
GROUP_CURSOR	#32765	20
GROUP_CURSOR	#32766	20
GROUP_CURSOR	#32767	20
GROUP_ICON	MAINICON	20

module_name	hint	ord	function_name
kernel32.dll			LoadLibraryA
kernel32.dll			GetProcAddress

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	135216	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 140800 bytes (138 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] DOS stub offset beyond EOF: 337488

[?] can't find file_offset of VA 0xa3b40

[?] can't find file_offset of VA 0xa3c74

[?] can't find file_offset of VA 0xa3da8

[?] can't find file_offset of VA 0xa3edc

[?] can't find file_offset of VA 0xa4010

[?] can't find file_offset of VA 0xa4144

[?] can't find file_offset of VA 0xa4278

[?] can't find file_offset of VA 0xa43ac

[?] can't find file_offset of VA 0xa44e0

[?] can't find file_offset of VA 0xa46b0

[?] can't find file_offset of VA 0xa4894

[?] can't find file_offset of VA 0xa4a64

[?] can't find file_offset of VA 0xa4c34

[?] can't find file_offset of VA 0xa4e04

[?] can't find file_offset of VA 0xa4fd4

[?] can't find file_offset of VA 0xa51a4

[?] can't find file_offset of VA 0xa5374

[?] can't find file_offset of VA 0xa5544

[?] can't find file_offset of VA 0xa5714

[?] can't find file_offset of VA 0xa57ac

[?] can't find file_offset of VA 0xa5b2c

[?] can't find file_offset of VA 0xa5e90

[?] can't find file_offset of VA 0xa6110

[?] can't find file_offset of VA 0xa61f0

[?] can't find file_offset of VA 0xa631c

[?] can't find file_offset of VA 0xa65ac

[?] can't find file_offset of VA 0xa69b0

[?] can't find file_offset of VA 0xa6d94

[?] can't find file_offset of VA 0xa7124

[?] can't find file_offset of VA 0xa7210

[?] can't find file_offset of VA 0xa72e0

[?] can't find file_offset of VA 0xa7584

[?] can't find file_offset of VA 0xa78e0

[?] can't find file_offset of VA 0xa7b94

[?] can't find file_offset of VA 0xa7ba4

[?] can't find file_offset of VA 0xa7d78

[?] can't find file_offset of VA 0xa8a38

[?] can't find file_offset of VA 0xa96cc

[?] can't find file_offset of VA 0xaa7ec

[?] can't find file_offset of VA 0xaae98

[?] can't find file_offset of VA 0xaaeac

[?] can't find file_offset of VA 0xaaec0

[?] can't find file_offset of VA 0xaaed4

[?] can't find file_offset of VA 0xaaee8

[?] can't find file_offset of VA 0xaaefc

[?] can't find file_offset of VA 0xaaf10

[?] can't find file_offset of VA 0xaaf24

[?] can't find file_offset of VA 0x5a4d0

[?] DOS stub offset beyond EOF: 337488