DXgBpgLJH12.exe.bin

info
MZ
PE
resources
strings
imports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	DXgBpgLJH12.exe.bin
size	344064 (0x54000)
md5	dca99f7e9b6f29e80f4af8482e7a841b

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xd8

Rich Header

lib id	version	times used
123	50727	11
1	0	22
131	21022	1
0	0	2
148	21022	1
145	21022	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x56d5df21
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x103
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0x37200
SizeOfInitializedData	0x1cc00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1000
BaseOfCode	0x1000
BaseOfData	0x39000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x58000
SizeOfHeaders	0x400
CheckSum	0
Subsystem	2
DllCharacteristics	0x8000
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x3718a	0x37200	R-X CODE
.rdata	0x39000	0x812c	0x8200	R-- IDATA
.data	0x42000	0x5034	0x5000	RW- IDATA
.rsrc	0x48000	0xf7e8	0xf800	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x40e88	0x78
RESOURCE	0x48000	0xf7e8
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x39000	0x6c
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
MAD	CALIBRATE	20
MAD	EXCEPT	1056
BITMAP	MEIBIG	4136
BITMAP	MEICANTCONTINUE	1064
BITMAP	MEICLOSE	1064
BITMAP	MEICONTINUE	1064
BITMAP	MEIPLWAIT	4136
BITMAP	MEIPRINT	1064
BITMAP	MEIRESTART	1064
BITMAP	MEISAVE	1064
BITMAP	MEISEND	1064
BITMAP	MEISEND32	4136
BITMAP	MEISHOW	1064
ICON	#1	3752
ICON	#2	2216
ICON	#3	1384
ICON	#4	9640
ICON	#5	4264
ICON	#6	1128
STRING	#4094	514
STRING	#4095	808
STRING	#4096	798
RCDATA	DVCLAL	16
RCDATA	PACKAGEINFO	120
RCDATA	TFRMWIZARD	7984
RCDATA	TMADEXCEPT	2956
RCDATA	TMECONTACTFORM	843
RCDATA	TMEDETAILSFORM	551
RCDATA	TMESCRSHOTFORM	646
GROUP_ICON	AMAINICON	90
VERSION	#1	784
VERSION	#1	784

id	lang	string
65488	0	@DDoctor_Finish
65489	0	@SetCent_Never
65490	0	@DDoctor_Step_d
65491	0	@DDoctor_Checking_file_system
65492	0	@DDoctor_Checking_files_and
65493	0	@DDoctor_Checking_files
65494	0	@DDoctor_Checking_indexes
65495	0	@DDoctor_Checking_security_descriptors
65496	0	@DDoctor_Checking_file_data
65497	0	@DDoctor_Checking_free_space
65504	0	@DDoctor_No_errors_found
65505	0	@DDoctor_Errors_were_corrected
65506	0	@CFormsCmp_Restart_required
65507	0	@DDoctor_No_analysis
65508	0	@DDoctor_Analysis_complete
65509	0	@OCM_Restart_Windows
65510	0	@DDoctor_Restart_now_and
65511	0	@DDoctor_Perform_analysis_the
65512	0	@DDoctor_Restart_now_and_1
65513	0	@DDoctor_Complete_analysis_on
65514	0	@DDoctor_Windows_will_now
65515	0	@DDoctor_Windows_will_now_1
65516	0	@DDoctor_The_analysis_will
65517	0	@DDoctor_The_analysis_will_1
65518	0	@DDoctor_Drive
65519	0	@DDoctor_Next
65520	0	@DDoctor_No_drives_have
65521	0	@DDoctor_No_drives_selected
65522	0	@DDoctor_Initializing_drive
65523	0	@DDoctor_Analyzed_drive
65524	0	@DDoctor_Windows_restart_required
65525	0	@DDoctor_Not_supported
65526	0	@DDoctor_No_errors_were
65527	0	@DDoctor_All_errors_were
65528	0	@DDoctor_Is_in_use
65529	0	@DDoctor_Windows_must_restart
65530	0	@DDoctor_The_file_system
65531	0	@DDoctor_The_drive_is
65532	0	@DDoctor_No_disk_is
65533	0	@DDoctor_The_drive_is_1
65534	0	@DDoctor_Access_to_the
65535	0	@DDoctor_The_analysis_has

module_name	hint	function_name
KERNEL32.dll	1045	SetUnhandledExceptionFilter
KERNEL32.dll	629	GetVersionExA
KERNEL32.dll	571	GetStdHandle
KERNEL32.dll	673	HeapFree
KERNEL32.dll	502	GetModuleHandleA
KERNEL32.dll	367	GetCommandLineA
KERNEL32.dll	260	ExitProcess
KERNEL32.dll	505	GetModuleHandleW
KERNEL32.dll	1109	VirtualAllocEx
KERNEL32.dll	669	HeapAlloc
KERNEL32.dll	1165	WriteFile
USER32.dll	470	LoadIconA
USER32.dll	438	IsClipboardFormatAvailable
USER32.dll	276	GetClipboardViewer
USER32.dll	432	IsCharAlphaW
USER32.dll	193	DrawMenuBar
GDI32.dll	205	DeleteDC
COMDLG32.dll	14	GetSaveFileNameW
COMDLG32.dll	12	GetOpenFileNameW
COMDLG32.dll	10	GetFileTitleW
ADVAPI32.dll	601	RegOpenKeyA
ADVAPI32.dll	615	RegQueryValueExA

StringTable 040704B0

Comments	@CompanyName
eUp Software	NFileDescription
eUp Disk Doctor	<FileVersion
0.1000.340	r'LegalCopyright
yright © AVG Netherlands B. V. 2011	LLegalTrademarks
eUp Utilities™	LProductName
eUp Utilities 2014	@ProductVersion
0.1000.340	D

StringTable 040904B0

Comments	@CompanyName
eUp Software	NFileDescription
eUp Disk Doctor	<FileVersion
0.1000.340	r'LegalCopyright
yright © AVG Netherlands B. V. 2011	LLegalTrademarks
eUp Utilities™	LProductName
eUp Utilities 2014	@ProductVersion
0.1000.340	D

VS_FIXEDFILEINFO

FileVersion	14.0.1000.340
ProductVersion	14.0.1000.340
StrucVersion	0x10000
FileFlagsMask	0x17
FileFlags	0
FileOS	0x40004
FileType	0
FileSubtype	0

show previews

offset	size	type	comment
0	344064	EXE	03/01/2016 18:27:45	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK