filenamefax0010029826052014.scr
size305664 (0x4aa00)
md5d51669798d55ef5089da476a0cdf9c15
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xd0

Rich Header

lib idversiontimes used
584479502781
2727413762615
10816810813466
6173511665442
1084479109524
48047393222

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections5
TimeDateStamp0x4d9accde
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion6.0
SizeOfCode0x1a600
SizeOfInitializedData0x30000
SizeOfUninitializedData0
AddressOfEntryPoint0x190d4
BaseOfCode0x1000
BaseOfData0x1c000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion7.3
SubsystemVersion4.0
Reserved10
SizeOfImage0x5a000
SizeOfHeaders0x400
CheckSum0x5447e
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPolyX v0.1 (Delikon)

Sections

namevavsizeraw sizeflags
.text�0x10000x1a57c0x1a600R-X CODE
.dataX�0x1c0000x1811c0xc200RW- IDATA
.rdataj0x350000x39240x3a00R-- IDATA
.rsrc(Z0x390000x1edd00x1ee00R-- IDATA
.reloc�0x580000x20000x1600R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0x353140xdc
RESOURCE0x390000x1edd0
EXCEPTION00
SECURITY00
BASERELOC0x580000x157c
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x212940x70
Bound_IAT00
IAT0x350000x314
Delay_IAT00
CLR_Header00
typenamesizecp
CURSOR#3873730
CURSOR#9614600
BITMAP#3493510
BITMAP#997520
BITMAP#1403910
BITMAP#8672860
BITMAP#6983650
ICON#142640
ICON#211280
ICON#3169360
ICON#4676240
ICON#596400
ICON#10034020
ICON#2193760
ICON#4621510
ICON#6333240
ICON#1082240
ICON#3624560
ICON#652330
ICON#6862330
MENU#4284970
MENU#7522090
MENU#3031510
STRING#891820
STRING#1413270
STRING#10215210
STRING#6481350
STRING#1733120
STRING#8081120
STRING#5342000
STRING#3443310
STRING#3971380
FONT#493220
FONT#6044830
ACCELERATORS#6541070
ACCELERATORS#4561470
ACCELERATORS#214490
ACCELERATORS#8753600
ACCELERATORS#4082580
ACCELERATORS#8412000
RCDATA#6874720
RCDATA#5101140
RCDATA#9692570
RCDATA#8571660
RCDATA#4663050
RCDATA#795830
RCDATA#736270
MESSAGETABLE#2482860
MESSAGETABLE#9774670
MESSAGETABLE#3633900
#13#4594020
#13#1161340
#13#2743110
#13#8733580
#13#423420
GROUP_ICON#1760
VERSION#18200
DLGINCLUDE#5831170
DLGINCLUDE#6262920
DLGINCLUDE#6855010
DLGINCLUDE#9023760
DLGINCLUDE#9665280
DLGINCLUDE#783970
DLGINCLUDE#7122550
DLGINCLUDE#174720
DLGINCLUDE#889890
DLGINCLUDE#5084500
#18#412770
#18#2081890
PLUGPLAY#545230
PLUGPLAY#283700
PLUGPLAY#8624810
VXD#7171980
VXD#682440
VXD#78410
VXD#5851400
VXD#716430
VXD#8794070
ANICURSOR#1381110
ANICURSOR#2421110
ANICURSOR#805750
ANIICON#81460
ANIICON#3214370
ANIICON#7722470
ANIICON#130660
ANIICON#214330
ANIICON#751780
idlangstring
142404108趑뽕巇ᗄ틥狺疓ꙃⰨᤞ쎀ᘹ┥
22403081
ac 01 02 43 45 3d 7b a4  6d d5 1f 07 6d 3a 5d 0b  |...CE={.m...m:].|
08 44 2f 49 63 4b 88 f7  f8 fa 34 47 c2 f1 ef 41  |.D/IcK....4G...A|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00 00 00 00 00 00 00                              |.......         |
163203081
36 c0 a4 cd 09 e7 25 19  1e 0e 13 dd 14 35 18 60  |6.....%......5.`|
87 e2 fc 2c 23 74 33 c9  1f 76 a3 99 f0 35 9d 44  |...,#t3..v...5.D|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00 00 00 00 00 00 00 00  00                       |.........       |
103524108
dc b6 a1 0f e3 a8 36 9a  96 10 b9 3c 10 a1 7d 5b  |......6....<..}[|
f4 b6 5c 2d c2 e7 02 e7  55 9d 36 8a da 4f ad 19  |..\-....U.6..O..|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00 00 00 00 00 00 00                              |.......         |
27523081Џᡑ硺뙧膅⟲媽塏὘룑冪
129124108
41 6a 09 15 ce ac cd 35  ea 4e b9 1d 49 6d 02 63  |Aj.....5.N..Im.c|
be 8b 87 85 bf c5 fc 71  8a c2 bd b4 35 fe fb da  |.......q....5...|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
85284108옗볾ڊᒻ灧줼䟾ꡓ綤ì⥺枣
54884108
59 06 15 6a f9 74 c5 bb  53 84 77 50 5e 12 26 d4  |Y..j.t..S.wP^.&.|
e1 5e 7c 3f 5e ce d0 1e  7e a5 e5 a5 84 ae ef 4b  |.^|?^...~......K|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00 00 00 00 00 00 00 00  00 00 00                 |...........     |
63364108먂擂갨뤃袼붺摩൤ꏄ䯞ꃹ൙ꦺ
module_namehintordfunction_name
QUERY.dllLoadBinaryFilter
QUERY.dllSvcEntry_CiSvc
QUERY.dllCIRestrictionToFullTree
QUERY.dllCIState
QUERY.dllCITextToFullTreeEx
QUERY.dllSetupCacheEx
QUERY.dllLoadTextFilter
QUERY.dllInitializeCIISAPIPerformanceData
QUERY.dllCIMakeICommand
QUERY.dllSetupCache
QUERY.dllCiSvcMain
QUERY.dllDoneCIPerformanceData
QUERY.dllCITextToSelectTree
QUERY.dllDoneFILTERPerformanceData
QUERY.dllBeginCacheTransaction
QUERY.dllInitializeFILTERPerformanceData
QUERY.dllSetCatalogState
QUERY.dllCollectCIISAPIPerformanceData
QUERY.dllCollectFILTERPerformanceData
QUERY.dllCITextToFullTree
QUERY.dllCollectCIPerformanceData
TAPI32.dlllineGetAgentActivityListA
TAPI32.dlllineProxyMessage
TAPI32.dlllineCompleteTransfer
TAPI32.dlllineGetTranslateCapsW
TAPI32.dllphoneDevSpecific
TAPI32.dlllineOpenA
TAPI32.dllinternalConfig
TAPI32.dllphoneGetButtonInfoW
TAPI32.dlllineRemoveFromConference
TAPI32.dllMMCGetServerConfig
TAPI32.dlllineGetDevCapsA
TAPI32.dlllineSetupConferenceA
TAPI32.dllphoneInitializeExW
TAPI32.dllphoneSetGain
TAPI32.dlltapiRequestMediaCallA
TAPI32.dlllineSetTollListW
TAPI32.dlllineGetAddressCapsW
TAPI32.dlllineAddProviderA
TAPI32.dllphoneSetData
TAPI32.dlllineSecureCall
TAPI32.dlllineDialA
TAPI32.dlllineGetQueueInfo
TAPI32.dlllineRedirectW
TAPI32.dllphoneGetIDA
TAPI32.dlllineSetAgentState
TAPI32.dllphoneShutdown
TAPI32.dlllineClose
TAPI32.dlllineSetCallQualityOfService
TAPI32.dllphoneSetHookSwitch
TAPI32.dlllinePrepareAddToConferenceW
TAPI32.dlllineGetIDA
TAPI32.dlllineConfigDialogA
KERNEL32.dllRemoveDirectoryA
KERNEL32.dllGetProcessTimes
MPR.dllWNetGetLastErrorW
MPR.dllWNetDisconnectDialog
MPR.dllWNetGetResourceInformationW
MPR.dllWNetAddConnection2W
MPR.dllWNetDisconnectDialog1W
MPR.dllWNetCloseEnum
MPR.dllWNetAddConnection3W
MPR.dllWNetCancelConnectionA
MPR.dllWNetSetLastErrorA
MPR.dllWNetGetNetworkInformationA
MPR.dllWNetOpenEnumA
MPR.dllWNetGetUserA
MPR.dllWNetGetUniversalNameW
MPR.dllWNetGetResourceParentW
MPR.dllWNetGetProviderNameA
MPR.dllWNetGetUserW
USER32.dllwvsprintfA
SECUR32.dllDeleteSecurityPackageA
SECUR32.dllImportSecurityContextW
SECUR32.dllCompleteAuthToken
SECUR32.dllAcceptSecurityContext
SECUR32.dllGetComputerObjectNameW
SECUR32.dllUnsealMessage
SECUR32.dllAddCredentialsA
SECUR32.dllAcquireCredentialsHandleA
SECUR32.dllLsaRegisterLogonProcess
SECUR32.dllVerifySignature
SECUR32.dllSaslGetProfilePackageW
SECUR32.dllQuerySecurityContextToken
SECUR32.dllInitSecurityInterfaceW
SECUR32.dllLsaUnregisterPolicyChangeNotification
SECUR32.dllQueryCredentialsAttributesW
SECUR32.dllApplyControlToken
SECUR32.dllRevertSecurityContext
SECUR32.dllAddSecurityPackageW
SECUR32.dllLsaCallAuthenticationPackage
SECUR32.dllEncryptMessage
SECUR32.dllTranslateNameW
SECUR32.dllSaslInitializeSecurityContextW
RPCRT4.dllRpcSmSwapClientAllocFree
RPCRT4.dllRpcServerUseProtseqIfA
RPCRT4.dllRpcAsyncCompleteCall
RPCRT4.dllRpcMgmtStopServerListening
RPCRT4.dllRpcBindingInqAuthInfoW
RPCRT4.dllI_RpcConnectionSetSockBuffSize
RPCRT4.dllRpcSmSetThreadHandle
RPCRT4.dllNdrRpcSsDefaultFree
RPCRT4.dllIUnknown_AddRef_Proxy
RPCRT4.dllNdrXmitOrRepAsFree
RPCRT4.dllI_RpcDeleteMutex
RPCRT4.dllRpcBindingSetObject
RPCRT4.dllNdrFullPointerQueryPointer
RPCRT4.dllRpcCertGeneratePrincipalNameW
RPCRT4.dllRpcSmDisableAllocate
RPCRT4.dllNdrConformantArrayMemorySize
RPCRT4.dllMesEncodeFixedBufferHandleCreate
RPCRT4.dllNdrConformantVaryingArrayBufferSize
RPCRT4.dllI_RpcBCacheFree
RPCRT4.dllI_RpcTransDatagramAllocate2
RPCRT4.dllNdrComplexStructFree
RPCRT4.dllNdrFixedArrayBufferSize
RPCRT4.dllNdrComplexArrayMemorySize
RPCRT4.dllNdrServerInitializeUnmarshall
RPCRT4.dllRpcCancelThread
RPCRT4.dllRpcSsSetThreadHandle
RPCRT4.dllNdrDllCanUnloadNow
RPCRT4.dllNdrUserMarshalBufferSize
RPCRT4.dllRpcBindingInqAuthInfoExA
RPCRT4.dllNdrConformantStructUnmarshall
CRYPTUI.dllCryptUIDlgSelectStoreW
CRYPTUI.dllCryptUIDlgSelectCertificateA
CRYPTUI.dllCryptUIDlgViewSignerInfoA
CRYPTUI.dllCryptUIDlgViewCertificatePropertiesA
CRYPTUI.dllCryptUIWizDigitalSign
CRYPTUI.dllACUIProviderInvokeUI
CRYPTUI.dllCryptUIDlgViewSignerInfoW
CRYPTUI.dllCryptUIFreeViewSignaturesPagesW
CRYPTUI.dllCryptUIFreeCertificatePropertiesPagesW
CRYPTUI.dllCryptUIWizFreeDigitalSignContext
CRYPTUI.dllCryptUIFreeCertificatePropertiesPagesA
CRYPTUI.dllCryptUIDlgSelectStoreA
CRYPTUI.dllCryptUIDlgViewCertificatePropertiesW
CRYPTUI.dllCryptUIDlgViewCRLA
CRYPTUI.dllCryptUIDlgFreeCAContext
CRYPTUI.dllCryptUIDlgViewCTLA
CRYPTUI.dllCryptUIGetViewSignaturesPagesW
CRYPTUI.dllCryptUIDlgViewCTLW
CRYPTUI.dllCryptUIStartCertMgr
WINTRUST.dllCryptCATCDFEnumAttributes
WINTRUST.dllHTTPSFinalProv
WINTRUST.dllCryptCATEnumerateMember
WINTRUST.dllWintrustGetRegPolicyFlags
WINTRUST.dllWVTAsn1SpcLinkDecode
WINTRUST.dllWVTAsn1SpcSigInfoEncode
WINTRUST.dllWinVerifyTrust
WINTRUST.dllmscat32DllUnregisterServer
WINTRUST.dllCryptCATCDFEnumMembersByCDFTagEx
WINTRUST.dllTrustDecode
WINTRUST.dllWVTAsn1SpcSpOpusInfoEncode
WINTRUST.dllMsCatConstructHashTag
WINTRUST.dllIsCatalogFile
WINTRUST.dllWTHelperGetFileName
WINTRUST.dllWTHelperProvDataFromStateData
WINTRUST.dllWintrustAddActionID
WINTRUST.dllWintrustCertificateTrust
WINTRUST.dllCryptSIPPutSignedDataMsg
WINTRUST.dllWVTAsn1SpcLinkEncode
WINTRUST.dllWVTAsn1SpcIndirectDataContentDecode
WINTRUST.dllWVTAsn1SpcPeImageDataDecode
WINTRUST.dllWTHelperCertIsSelfSigned
WINTRUST.dllOfficeInitializePolicy
WINTRUST.dllCryptCATEnumerateAttr
WINTRUST.dllCryptCATAdminAddCatalog
WINTRUST.dllSoftpubLoadSignature
WTSAPI32.dllWTSTerminateProcess
WTSAPI32.dllWTSSetUserConfigW
WTSAPI32.dllWTSDisconnectSession
WTSAPI32.dllWTSSetSessionInformationW
WTSAPI32.dllWTSSetUserConfigA
WTSAPI32.dllWTSFreeMemory
WTSAPI32.dllWTSQuerySessionInformationW
WTSAPI32.dllWTSCloseServer
WTSAPI32.dllWTSVirtualChannelQuery
WTSAPI32.dllWTSSendMessageW
WTSAPI32.dllWTSSendMessageA
WTSAPI32.dllWTSVirtualChannelClose
WTSAPI32.dllWTSQueryUserConfigW
WTSAPI32.dllWTSVirtualChannelWrite
WTSAPI32.dllWTSQueryUserConfigA
WTSAPI32.dllWTSOpenServerW
WTSAPI32.dllWTSSetSessionInformationA
WTSAPI32.dllWTSEnumerateSessionsA

StringTable 040904B0

CompanyNameChime Softwares
ProductVersion10
FileVersion10, 6, 7
InternalNamePeso
LegalTrademarksFaceqa Rovygy Xok Okekoca Cyjod Xikos Vivopak Usezeb
LegalCopyright  2004
OriginalFilenameUyjamqdnj.exe
ProductNamePesys
FileDescriptionAgil Wyzeny Oviwu

VS_FIXEDFILEINFO

FileVersion10.6.0.0
ProductVersion10.6.0.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
0305664EXE04/05/2011 08:03:42#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(41950) > stringtable size(82). truncated to 80
[!] string size(856) > stringtable size(327). truncated to 325
[!] cannot convert "\x02CE={\xA4m\xD5\x1F\am:]\v\bD"... to UTF-16
[!] string size(98412) > stringtable size(521). truncated to 519
[!] cannot convert "\xA4\xCD\t\xE7%\x19\x1E\x0E\x13\xDD\x145\x18`\x87\xE2"... to UTF-16
[!] string size(93624) > stringtable size(135). truncated to 133
[!] cannot convert "\xA1\x0F\xE3\xA86\x9A\x96\x10\xB9<\x10\xA1}[\xF4\xB6"... to UTF-16
[!] string size(33232) > stringtable size(312). truncated to 310
[!] string size(54402) > stringtable size(112). truncated to 110
[!] cannot convert "\t\x15\xCE\xAC\xCD5\xEAN\xB9\x1DIm\x02c\xBE\x8B"... to UTF-16
[!] string size(44902) > stringtable size(200). truncated to 198
[!] string size(3250) > stringtable size(331). truncated to 329
[!] cannot convert "\x15j\xF9t\xC5\xBBS\x84wP^\x12&\xD4\xE1^"... to UTF-16
[!] string size(67032) > stringtable size(138). truncated to 136
[?] invalid VS_VERSIONINFO child type "w\x00F\x00t\x00"