filenameWartune_Mini_Client.exe
size1781336 (0x1b2e58)
md5de88dcf424c251fc0f9e22e451e99f7c
typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf0

Rich Header

lib idversiontimes used
1583031943
17030319181
17130319377
1313072918
1473072939
10782
1753031921
154303191
157303191

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x5208cae8
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x102
Magic0x10b
LinkerVersion10.0
SizeOfCode0x173000
SizeOfInitializedData0x40000
SizeOfUninitializedData0x174000
AddressOfEntryPoint0x2e79f0
BaseOfCode0x175000
BaseOfData0x2e8000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.1
ImageVersion0.0
SubsystemVersion5.1
Reserved10
SizeOfImage0x328000
SizeOfHeaders0x1000
CheckSum0x1b5f52
Subsystem2
DllCharacteristics0x8140
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v0.89.6 - v1.02 / v1.05 - v1.22

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x1740000RWX UDATA
UPX10x1750000x1730000x172e00RWX IDATA
.rsrc0x2e80000x400000x3f800RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x3272ec0x460
RESOURCE0x2e80000x3f2ec
EXCEPTION00
SECURITY0x1b2a000x458
BASERELOC0x32774c0x10
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x2e7bdc0x48
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
FLASH#233222250
PNG#139103680
PNG#2106810580
CURSOR#73080
CURSOR#81800
CURSOR#93080
CURSOR#103080
CURSOR#113080
CURSOR#123080
CURSOR#133080
CURSOR#143080
CURSOR#153080
CURSOR#163080
CURSOR#173080
CURSOR#183080
CURSOR#193080
CURSOR#203080
CURSOR#213080
CURSOR#223080
BITMAP#16213060
BITMAP#16313060
BITMAP#16413060
BITMAP#16513060
BITMAP#20151420
BITMAP#20251420
BITMAP#20351420
BITMAP#20451420
BITMAP#205936420
BITMAP#20651420
BITMAP#20751420
BITMAP#20851420
BITMAP#20951420
BITMAP#309941840
BITMAP#309963240
ICON#11539560
ICON#2676240
ICON#3169360
ICON#496400
ICON#542640
ICON#611280
MENU#1301280
DIALOG#1021860
DIALOG#1034040
DIALOG#1323480
DIALOG#141760
DIALOG#10117280
DIALOG#10204360
DIALOG#307212260
DIALOG#30734520
STRING#9520
STRING#2049660
STRING#3841780
STRING#3842440
STRING#38431320
STRING#38574520
STRING#38583340
STRING#38592700
STRING#3860800
STRING#3865680
STRING#38661040
STRING#38674340
STRING#38682440
STRING#3869360
STRING#38874220
GROUP_CURSOR#30977340
GROUP_CURSOR#30998200
GROUP_CURSOR#30999200
GROUP_CURSOR#31000200
GROUP_CURSOR#31001200
GROUP_CURSOR#31002200
GROUP_CURSOR#31003200
GROUP_CURSOR#31004200
GROUP_CURSOR#31005200
GROUP_CURSOR#31006200
GROUP_CURSOR#31007200
GROUP_CURSOR#31008200
GROUP_CURSOR#31009200
GROUP_CURSOR#31010200
GROUP_CURSOR#31011200
GROUP_ICON#128900
VERSION#17680
#240#1023120
#240#10114900
#240#10201700
idlangstring
1282052
ff bf 8e 5d d2 10 1a 2f  4d 68 5c 9a dc 08 10 2e  |...].../Mh\.....|
f4 a3 9d 3f 7d 81 11 e3  dc 39 31 94 44 c1 ff 7f  |...?}....91.D...|
d0 d9 fe 83 ce 70 9d f7  7a fe 58 a2 32 b5 f3 0c  |.....p..z.X.2...|
30 ce 50 ff                                       |0.P.            |
327682052
6a 7a b6 78 57 d6 0a 42  34 62 8c 81 49 bf 71 f1  |jz.xW..B4b..I.q.|
7c df 46 b2 39 0e ff ff  57 1b 8c 83 1a f4 e2 92  ||.F.9...W.......|
6a 8d bc c9 42 54 a4 ef  c7 ce 48 5b 06 5c e0 ff  |j...BT....H[.\..|
ff ff 2d 50 76 a5 0b 88  cd d8 b0 a7 94 95 7e 69  |..-Pv.........~i|
c5 da                                             |..              |
614402052﹓毒⢿憇短繀퉅ꟻ枱炙וֹ垦ﹿ䟩￿ⱟ糦韱돾宿砽컸꘶巯럗韕悁䉬畧꼧䔁䊚찼菋Ǥ
614562052墓瓟珽ᅍꙪ誻䈷傝⨔楄䤵초ﺒ迿漪컽㭟㴹贽簟ꇰ
614722052
16 b0 53 3a 5d ee 68 04  a0 c8 3a ff ff 05 c2 59  |..S:].h...:....Y|
8e 52 49 e7 a9 53 2d ac  a4 04 f8 82 df eb 44 da  |.RI..S-.......D.|
ed 36 e1 ff 3b 2e fa f5  ab d7 da 05 6e 2d 59 21  |.6..;.......n-Y!|
c0 a1 b1 d8 1c 09 a8 b1  d5 df c6 ff ff 1d ff cd  |................|
76 1b a6 32 44 24 ac 74  e0 17 c0 bd fc e4 a1 84  |v..2D$.t........|
d3 57 e2 a6 0d 86 69 0f  c4 f8 ff 6f fa 66 16 90  |.W....i....o.f..|
cf b5 f0 ce 4f a5 3c 7d  43 f2 ba 6e 36 af 6b 40  |....O.<}C..n6.k@|
fe b4 7e 66 ff 37 54 09  1c c3 16 84 6e 6c 4e d5  |..~f.7T.....nlN.|
cd 56 61 44                                       |.VaD            |
616962052
33 ac 78 52 9d 59 aa ad  37 24 bc 78 5d a5 81 ff  |3.xR.Y..7$.x]...|
ff 3f 7b 67 41 e8 a6 06  92 0f 02 55 5a 36 c8 d2  |.?{gA......UZ6..|
84 d9 82 ff ff ff 7f 48  20 2c 66 26 21 cf 64 20  |.......H ,f&!.d |
cf b1 c7 a6 c1 ef 10 96  c6 db 94 59 55 09 1d 01  |...........YU...|
85 1f e9 01 9f 2f ed 05  f8 86 0d 02 48 96 8b 84  |...../......H...|
40 46 b8 6e 38 1a fc f5  ff bf e2 ff b1 3c f9 e6  |@F.n8........<..|
89 3c ac 9b e6 c5 d5 de  5c 9f c9 cd f5 b9 b5 d1  |.<......\.......|
b5 b5 7a 71 8e 8d ff 6f  16 84 5b 20 7d 6b 1b e9  |..zq...o..[ }k..|
9e be 5d 0f f2 9d 69 97  e8 db ff ff 17 ef 40 95  |..]...i.......@.|
36 b5 54 aa b5 6c 3e 06  ff 23 d5 cf a6 6f 06 6b  |6.T..l>..#...o.k|
37 44 55 c6 34 fe 5f 25  f0 a0 a2 a5 c1 7f fd 8c  |7DU.4._%........|
aa 5e 61 2c 56 ff ff bf  10 30 ab c9 c8 d5 15 24  |.^a,V....0.....$|
95 b5 32 93 49 50 0d 80  77 8c 34 63 da eb 9a 22  |..2.IP..w.4c..."|
ff ff ff ff e0 2a 7b f0  3a 0d ec 8e ea 64 33 18  |.....*{.:....d3.|
0b 36 ec ce 9c 72 6b 54  5b 27 1e ba 6a c0 f4 eb  |.6...rkT['..j...|
f8 4c c5 95 ef 22 80 ff  8b d0 8b b3 b9 a0 ef e3  |.L..."..........|
ee 2c 52 e7 b7 bc ff ff  ff ff fa 44 a4 8e 81 12  |.,R........D....|
ed 43 3d d4 5e 7e f0 33  f9 ca f7 7f 5d 56 8f 1f  |.C=.^~.3....]V..|
c8 58 13 cf 61 1c 98 50  48 73 a0 00 14 fe a9 ff  |.X..a..PHs......|
0c 71 0b f0 20 22 ce ff  ff bb 28 e6 1e 18 34 2f  |.q.. "....(...4/|
ad 72 cc 84 c2 37 d3 4e  ef 99 9b b3 1b 34 ff ff  |.r...7.N.....4..|
ff ff 2a 16 dd 65 35 c5  85 09 94 19 15 19 50 52  |..*..e5.......PR|
d2 d7 95 52 cc 02 7c 44  e2 87 a0 45 25 3d 71 08  |...R..|D...E%=q.|
59 27 e1 ff ff ff a2 b8  c3 f0 34 91 40 bd a0 0b  |Y'........4.@...|
6f 22 3a df 84 15 60 6a  49 6c 30 38 3a 6e fe a8  |o":...`jIl08:n..|
1b ff 7f 95 a9 b2 78 74  1e a0 1e 0a 8e c5 2f 26  |......xt....../&|
6b 69 ae ca 41 fa c5 1a  33 24 fd ff 41 67 60 80  |ki..A...3$..Ag`.|
dd 1c 9b 00 ad 2a 24 90  76 8d c0 ff ff ff 7f f9  |.....*$.v.......|
b6 75 e1 20                                       |.u.             |
617122052
2b 58 d9 fa d3 95 d4 f7  ab b6 66 31 47 62 64 b7  |+X........f1Gbd.|
aa ff ff ff ff 27 4c ac  90 50 ce 39 52 dc 1c 76  |.....'L..P.9R..v|
86 0c e7 46 56 36 63 c2  88 a9 c1 a4 27 6f 39 fe  |...FV6c.....'o9.|
79 3e c2 62 60 ff ff ff  ff d7 27 1a 39 9d ce e0  |y>.b`.....'.9...|
85 f3 1f de 38 7d df 04  01 e0 81 34 12 06 d6 14  |....8}.....4....|
d4 52 b3 53 ce dc 95 72  1e c1 78 d7 ff 9a 52 92  |.R.S...r..x...R.|
cd ff 0e 64 65 d9 f3 36  2c 28 e4 26 ff ff ff 6a  |...de..6,(.&...j|
02 1f 76 ec 16 8d 4d 59  d5 ba 6d 03 3a 48 78 ff  |..v...MY..m.:Hx.|
9a b4 a1 bb 4a d3 60 57  d1 ff 7f 01 f4 24 6c d4  |....J.`W.....$l.|
af 66 ce 7f 4b 82 b0 c7  2f 38 b6 22 ec 76 14 ae  |.f..K.../8.".v..|
b5 ff ff ff ff 88 eb 1b  3f 68 d1 0c 3e 21 e3 1b  |........?h..>!..|
59 c9 8f d6 dd 40 41 00  89 aa 45 49 25 7a ac 6c  |Y....@A...EI%z.l|
b0 39 61 82 69 82 5d b6  f5 6a 66 85 c1 d6 a5 33  |.9a.i.]..jf....3|
ac ff ff ff ff 9b ae 04  08 c1 88 35 b2 b0 60 49  |...........5..`I|
98 f2 93 9c 7c 66 ae f4  94 49 66 42 16 dc 3b 8a  |....|f...IfB..;.|
fb 9f c1 61 1d ff 5f f5  ff a1 44 83 49 3a ca 67  |...a.._...D.I:.g|
fa 99 e0 dc d0 7c 30 36  d8 2b 8a 68 93 71 43 ec  |.....|06.+.h.qC.|
6c da 98 ff ff ff ff bf  ca 68 3c 43 21 54 cf da  |l........h
617282052
ff ff 4f 95 99 f2 ab 1a  d8 98 43 f5 b2 55 fc 45  |..O.......C..U.E|
f6 08 9a c9 2a a7 13 79  16 80 45 05 0b 16 d1 31  |....*..y..E....1|
29 24 0b e0 a4 a8 ae 5e  4e 02 6e 90 fe ff ff 23  |)$.....^N.n....#|
2e 68 84 47 17 f0 62 05  09 83 cf 0c 80 36 6a 95  |.h.G..b......6j.|
de 02 12 fa 8b 78 ff ff  bf 83 bc 44 8c 6d ea 49  |.....x.....D.m.I|
7a ef ec bd 37 c8 44 6a  0a 5a 85 b0 17 37 29 cb  |z...7.Dj.Z...7).|
13 6f 36 f0 ff 93 0e 35  59 eb 97 94 07 0d 4d 81  |.o6....5Y.....M.|
c7 28 e8 31 12 62 ff 06  53 fa e3 44 fe 10 4c 2c  |.(.1.b..S..D..L,|
65 e4 e0 8c 9c f3 42 42  77 fd ff ff aa 43 00 72  |e.....BBw....C.r|
99 4d d7 0a bb a7 f0 42  10 8a 14 50 ae da 5d b4  |.M.....B...P..].|
8b 43 54 37 01 2e ff ff  ff ff c1 68 d5 75 4b 70  |.CT7.......h.uKp|
b9 17 bb ba 91 3e 47 e7  1c 18 83 0d 6a 59 2b 36  |.....>G.....jY+6|
1a e5 64 3c 0d 50 51 35  69 29 ff 7f 07 8c b6 0e  |..d<.PQ5i)......|
b1 ca 73 df f1 dd 82 34  5d 1a 87 00 a6 6d f5 df  |..s....4]....m..|
fe 2f fa 3c d2 20 1b cf  7e cc bc c5 69 f3 d3 c3  |./.<. ..~...i...|
8b a7 75 f5 d8 72 3f 4a  33 d9 54 a5 a9 ff d6 12  |..u..r?J3.T.....|
41 42 d3 f2 c0 39 c3 e8  db ff ff 37 48 40        |AB...9.....7H@  |
617442052
90 ff ff ff ff 03 21 06  a3 a9 2c e1 3e 23 54 b6  |......!...,.>#T.|
d4 8b c3 20 43 1a 04 ad  d1 dd 68 06 5a 14 36 b0  |... C.....h.Z.6.|
20 c7 02 06 ac 04 0b fe  ff 8d 8e ff 46 2e 05 a0  | ...........F...|
29 b1 18 4d 12 eb 2a 8a  c8 02 bb c4 7f c7 7f 01  |)..M..*.........|
5e fd 2c b8 7b a2 a2 ab  44 7b 4e 1a 54 66 a2 74  |^.,.{...D{N.Tf.t|
618242052ꉲ퓡剓䍷⫐㗥⟒앤ୟ뾶酡>㎍￿￿晤ꎁ㞻뒣籇㺶ȋ⨡ᕝ雊땪説삏掸
618402052
d5 ca 86 1c 35 a6 83 ff  ff df f0 84 aa 56 2b d2  |....5........V+.|
a5 2c 2f 71 ca 0d a6 e1  b2 b7 a6 53 61 41 4a b6  |.,/q.......SaAJ.|
84 c7 38 02 86 37 7d c3  ff c5 d7 ee a3 3e c3 38  |..8..7}......>.8|
de d6 77 e6 1e 4e 24 e4  cb ec 8e 64 6c da d0 ff  |..w..N$....dl...|
ff e3 47 a0 b2 4c 83 2c  eb 32 91 3b 48 f8 48 a0  |..G..L.,.2.;H.H.|
5c 66 68 45 fc ff bf 4a  c4 58 15 d1 d6 c0 d4 e0  |\fhE...J.X......|
26 c1 91 bb 7a 85 dd 16                           |&...z...        |
618562052
e4 53 d5 5d 21 50 9a 01  11 0f b5 bd 80 ee ff ff  |.S.]!P..........|
ff ff 59 ed 81 7a f2 dc  09 b9 d7 97 88 bf 04 39  |..Y..z.........9|
fd 8b 74 40 a4 c1 6a fe  75 c1 b0 3e 0f 8e f5 67  |..t@..j.u..>...g|
f4 08 4a 80 fa ff b9 f7  4d 35 01 91 1f fe ed ff  |..J.....M5......|
7e 78 f2 ca ff ff ff ff  9f bc f3 57 fe ea 7f 1b  |~x.........W....|
d7 eb ff a2 26 20 ef d4  50 b0 ef 4a 09 3b e5 c6  |....& ..P..J.;..|
d5 d9 51 e7 48 3f c6 74  ff ff ff ff 74 b8 3e 58  |..Q.H?.t....t.>X|
76 65 ba 56 20 46 cd 0c  72 4d 1a 8a f2 0a b4 7b  |ve.V F..rM.....{|
31 8c e3 62 b7 db 29 37  bd fb c6 37 ff d5 c2 ff  |1..b..)7...7....|
be 7e f8 ef fd fb 7f 3d  fe 4f 22 5d 7f f4 d1 c7  |.~.....=.O"]....|
c3 a4 64 f5 ff 95 10 f4  ba e2 6a c2 0e c8 d1 20  |..d.......j.... |
54 5d fd 1f 54 b5 ff ff  ff ff f0 3b a0 fe 1a 28  |T]..T......;...(|
a6 02 57 e4 71 2c 67 a7  a7 45 bb 20 c3 30 61 3d  |..W.q,g..E. .0a=|
20 18 80 25 b4 bf 6d a8  6c 4d 3f 08 fd ff ea 81  | ..%..m.lM?.....|
b8 d9 6c 26 23 8a 29 58  ac fe f3 e5 e2 c4 7b ff  |..l&#.)X......{.|
ff ff ff b0 96 30 9c d4  3f 9f ba 0d 89 4d 54 62  |.....0..?....MTb|
7a 0b 1d 5f 95 62 a4 89  4a 51 57 ec ae 2e 8e d3  |z.._.b..JQW.....|
8d e4 a7 ff 37 fc ff 2b  b8 a6 cb d0 d7 c4 62 02  |....7..+......b.|
99 2a 1c f6 6a 72 c9 88  1a 51 e9 66 f5 c9 2b ab  |.*..jr...Q.f..+.|
16 18 ff ff ff 3d 7b 64  53 51 bb 21 1b c2 56 d6  |.....={dSQ.!..V.|
35 81 d1 6a 7f 08 33 5f  c9 4d db f6 b8 ff 6f 58  |5..j..3_.M....oX|
45 20 ec 75 e0 32 77 7e  88 e5 d8 b1 11 d0 5d 72  |E .u.2w~......]r|
0f 8d 36 f1 ff 2d 5a 27  e6 13 d4 da 27 db 38 01  |..6..-Z'....'.8.|
af 60 db ff ff ff ff 86  a7 12 79 f5 7e 10 be 2b  |.`........y.~..+|
b5 a5 06 fc a9 6e 28 8f  ea 01 75 fc f0 4d b9 3d  |.....n(...u..M.=|
38 96 ab fa 7d d7 75 2f  c0 ff ff 23 1c 94 1c fe  |8...}.u/...#....|
c9 c7 f8 be e9 f5 4b 2c  e2 f4 d6 d7 44 04 6c dd  |......K,....D.l.|
8a de                                             |..              |
618722052
f4 f7 ca c9 c9 cd 46 1a  93 db 1b db 20 0e 1e 49  |......F..... ..I|
38 aa ff ff ff af a0 a5  94 d7 67 f8 85 a0 36 92  |8.........g...6.|
bb 51 83 92 b8 ec c1 3d  50 83 44 38 ae 47 76 32  |.Q.....=P.D8.Gv2|
f6 dc 4b e8 f8 57 fc 4d  21 a9 fe 52 f3 cc 62 d5  |..K..W.M!..R..b.|
77 b2 5a a2 73 25 f4 6b  ff 7f d7 05 42 0f 3b d1  |w.Z.s%.k....B.;.|
06 4d 1c 26 f5 af 28 76  60 a3 53 70 57 13 22 d5  |.M.&..(v`.SpW.".|
ff ff 0b f0 7c cf 93 e1  16 09 a8 85 92 98 2a 1b  |....|.........*.|
5c 17 dd f8 c1 fb 12 6b  50 0d 3e 3b 28 fd ff 84  |\......kP.>;(...|
12 f6 0e 4f 10 1c ff c9  ef ff 63 f9 d6 f2 d9 be  |...O......c.....|
ff 85 b0 f4 be 40 40 5d  e6 75 a4 ec 27 44 fb 30  |.....@@].u..'D.0|
4a 62 ff 77 81 c6 ba ad  8e 73 77 3b 86 ca 48 c3  |Jb.w.....sw;..H.|
eb 07 6c e2 d5 30 f0 ff  26 fb da e3 cf a3 9e b0  |..l..0..&.......|
5a ed d5 ea 44 48 ff ff  ff ff 38 81 8d 16 90 3f  |Z...DH....8....?|
c1 13 f2 8d dc fd 20 f4  60 50 fd 0e b6 c1 51 92  |...... .`P....Q.|
e9 fb 46 b6 74 43 26 b8  43 6b ef f8 17 e0 47 05  |..F.tC&.Ck....G.|
49 b8 fe 20                                       |I..             |
618882052︘鯿컀맖₲㓩쇋笞ᰚR͎Ѱ䪪텚
621762052
6b 69 ff df f5 82 62 78  d6 95 7a 8a d4 80 66 7e  |ki....bx..z...f~|
09 54 a8 c3 e3 52 d2 18  0a 4e ff ff ff ff 3c 93  |.T...R...N....<.|
39 46 a8 00 8f ac 66 76  a6 5f 6c ee f4 0e 8f 8a  |9F....fv._l.....|
56 dd 2e 36 17 67 27 66  1a 73 4e 13 4d f0 37 bd  |V..6.g'f.sN.M.7.|
19 d2 d2 1c b8 5f 10 a2  bf 62 7b 7d 07 ff ff 2f  |....._...b{}.../|
f8 ae 29 e7 ef 28 7c 82  aa 71 34 d2 aa 55 c0 19  |..)..(|..q4..U..|
b8 b0 4b 6c 01 7a cf 3d  9a 66 a7 fc 0b fe ed d1  |..Kl.z.=.f......|
95 99 ae 1a f6 67 ad f6  96 84 e2 ae cf c5 86 9d  |.....g..........|
8c 98 ec e3 92 f1 ff 17  c8 ca 9e fc 94 8e 32 da  |..............2.|
11 9d c8 b4 5c 53 c6 38  fd ff ff 2f e6 0b 57 42  |....\S.8.../..WB|
b2 33 ce 03 28 b9 2d 6c  bf 72 13 cb ce d4 00 9b  |.3..(.-l.r......|
a0 c9 a2 a7 4f 48 22 ff  ff ff 06 54 02 1d e2 ec  |....OH"....T....|
28 6e f0 39 76 4e a8 cc  3c c2 98 72 45 2e 4e 81  |(n.9vN..<..rE.N.|
77 52 a0 01 6f ff ff ff  aa 07 91 a6 80 c5 ce 52  |wR..o..........R|
ea f7 3a f1 54 31 94 fd  f1 b7 b9 37 07 d6 4c 42  |..:.T1.....7..LB|
c6 58 e7 60 46 c5 ae ff  8a a5 5a 47 45 db 49 f3  |.X.`F.....ZGE.I.|
50 ac f3 9b 50 92 ad 1a  eb ff ff 7f 91 c0 e4 2f  |P...P........../|
3a 98 bb f9 97 04 2a 35  5a 31 af 67 52 34 31 4b  |:.....*5Z1.gR41K|
32 59 fb 44 35 2e e0 af  b8 bd 08 19 5a 60 4b aa  |2Y.D5.......Z`K.|
75 a6 90 c8 75 3a 69 9d  68 e3 4f f0 ff ab 0d ee  |u...u:i.h.O.....|
c6 f5 1f 52 e3 a7 18 c4  cc 94 e5 5c 22 b8 fd ff  |...R.......\"...|
d5 30 9e b6 8a 7e 8c 8b  d6 81 73 1c b5 16 25 ba  |.0...~....s...%.|
c6 e9 fc 7f 37 04 fa 89  ad 9f 9c e9 38 6f 89 ba  |....7.......8o..|
17 6c b0 27 2f 78 87 20  7a 71 3e 07 aa 32 5e 26  |.l.'/x. zq>..2^&|
14 5a d4 c5 90 f5 18 7c  1f 1b 08 9a 16 64 ff ff  |.Z.....|.....d..|
57 c2 b2 e1 fb 77 68 58  a0 9a 17 8a 61 d9 50 22  |W....whX....a.P"|
0e 79 c2 3c 10 12                                 |.y.<..          |
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
KERNEL32.DLLExitProcess
ADVAPI32.dllRegEnumKeyW
COMCTL32.dllInitCommonControlsEx
COMDLG32.dllGetFileTitleW
GDI32.dllSaveDC
gdiplus.dllGdipFree
IMM32.dllImmGetContext
MSIMG32.dllAlphaBlend
ole32.dllDoDragDrop
OLEACC.dllLresultFromObject
OLEAUT32.dll4
oledlg.dllOleUIBusyW
SHELL32.dllDragFinish
SHLWAPI.dllPathIsUNCW
urlmon.dllURLDownloadToFileW
USER32.dllGetDC
WININET.dllInternetOpenA
WINMM.dllPlaySoundW
WINSPOOL.DRVClosePrinter

StringTable 040904b0

CompanyName7Road
FileDescriptionWartune Mini Login
FileVersion1.0.0.1
InternalNameSQClient.exe
LanguageEnglish
LegalCopyrightProficient City Limited
OriginalFilenameSQClient.exe
ProductNameWartune Mini Login
ProductVersion1.0.0.1

VS_FIXEDFILEINFO

FileVersion1.0.0.1
ProductVersion1.0.0.1
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0

Signers (1)

issuer: /C=US/O=/OU=/CN=Proficient City Limited
serial: 2D31383730396135353A31343035373535306233663A2D38303030

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:31:38:37:30:39:61:35:35:3a:31:34:30:35:37:35:35:30:62:33:66:3a:2d:38:30:30:30
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=, OU=, CN=Proficient City Limited
        Validity
            Not Before: Aug  6 05:52:05 2013 GMT
            Not After : Aug  7 05:52:05 2038 GMT
        Subject: C=US, O=, OU=, CN=Proficient City Limited
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:a4:b1:8e:e6:c3:19:f0:41:5b:27:f7:a9:65:f4:
                    c5:b1:a7:83:81:13:61:cd:03:0c:e7:0a:4d:e6:2c:
                    a2:5c:ff:7d:46:44:5f:2c:9a:4c:42:52:20:60:1e:
                    31:df:fd:5e:ec:3e:86:a4:1a:ea:75:29:a1:a9:36:
                    cb:a7:0b:c9:4b:d2:d2:8f:41:ad:4e:73:30:d7:54:
                    96:d6:ec:ea:30:31:fa:7f:ef:6b:1c:7d:28:9c:13:
                    a0:c9:a4:8d:2a:3b:6c:6e:97:7b:c0:69:21:5f:67:
                    b9:95:32:9b:a4:4d:5b:d5:e5:24:30:bb:7e:17:f9:
                    75:24:38:d6:ce:d1:e4:f9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
    Signature Algorithm: sha1WithRSAEncryption
         5b:f5:8b:9d:5d:6b:05:39:24:f9:94:96:40:a0:87:25:07:01:
         6c:c7:53:7c:04:cd:7d:e8:58:d1:15:f4:b8:20:51:63:0f:f9:
         db:2e:fe:a8:d3:5e:55:17:b0:5c:7b:16:ec:f9:ef:eb:25:83:
         48:20:96:8d:fb:fa:d7:ac:37:c8:b5:8a:d3:cc:08:09:0b:d2:
         f2:22:47:4a:57:f6:5c:97:f3:30:2e:b1:38:6f:57:ce:02:f9:
         67:7a:51:76:08:ea:21:79:3a:c8:04:22:d2:00:61:43:7b:7c:
         c1:6f:0c:87:50:94:6c:7c:a4:6d:b1:11:7f:47:52:23:54:f4:
         d2:46
pkcs7-signedData
  • 1
    • SHA1: nil
    • 1.3.6.1.4.1.311.2.1.4
      • #0
        • 1.3.6.1.4.1.311.2.1.15
          • : 
            00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |
        • SHA1
          • fa a2 bf 55 80 71 83 d1  ee e1 18 4e eb b8 b5 8d  |...U.q.....N....|
fb 2f 6e 02                                       |./n.            |
    • Certificate #2
      • 2
        • 2D:31:38:37:30:39:61:35:35:3A:31:34:30:35:37:35:
          35:30:62:33:66:3A:2D:38:30:30:30
        • RSA-SHA1: nil
        • Issuer
          • C: US
          • O:
          • OU:
          • CN: Proficient City Limited
        • 2013-08-06 05:52:05 UTC: 2038-08-07 05:52:05 UTC
        • Subject
          • C: US
          • O:
          • OU:
          • CN: Proficient City Limited
        • #5
          • rsaEncryption: nil
          • A4:B1:8E:E6:C3:19:F0:41:5B:27:F7:A9:65:F4:C5:B1:
            A7:83:81:13:61:CD:03:0C:E7:0A:4D:E6:2C:A2:5C:FF:
            7D:46:44:5F:2C:9A:4C:42:52:20:60:1E:31:DF:FD:5E:
            EC:3E:86:A4:1A:EA:75:29:A1:A9:36:CB:A7:0B:C9:4B:
            D2:D2:8F:41:AD:4E:73:30:D7:54:96:D6:EC:EA:30:31:
            FA:7F:EF:6B:1C:7D:28:9C:13:A0:C9:A4:8D:2A:3B:6C:
            6E:97:7B:C0:69:21:5F:67:B9:95:32:9B:A4:4D:5B:D5:
            E5:24:30:BB:7E:17:F9:75:24:38:D6:CE:D1:E4:F9:91            : 0x010001
        • extendedKeyUsage: codeSigning
      • RSA-SHA1: 
        5b f5 8b 9d 5d 6b 05 39  24 f9 94 96 40 a0 87 25  |[...]k.9$...@..%|
07 01 6c c7 53 7c 04 cd  7d e8 58 d1 15 f4 b8 20  |..l.S|..}.X.... |
51 63 0f f9 db 2e fe a8  d3 5e 55 17 b0 5c 7b 16  |Qc.......^U..\{.|
ec f9 ef eb 25 83 48 20  96 8d fb fa d7 ac 37 c8  |....%.H ......7.|
b5 8a d3 cc 08 09 0b d2  f2 22 47 4a 57 f6 5c 97  |........."GJW.\.|
f3 30 2e b1 38 6f 57 ce  02 f9 67 7a 51 76 08 ea  |.0..8oW...gzQv..|
21 79 3a c8 04 22 d2 00  61 43 7b 7c c1 6f 0c 87  |!y:.."..aC{|.o..|
50 94 6c 7c a4 6d b1 11  7f 47 52 23 54 f4 d2 46  |P.l|.m...GR#T..F|
    • Signer
      • 1
      • unnamed
        • #0
          • C: US
          • O:
          • OU:
          • CN: Proficient City Limited
        • 2D:31:38:37:30:39:61:35:35:3A:31:34:30:35:37:35:
          35:30:62:33:66:3A:2D:38:30:30:30
      • SHA1: nil
      • #3
        • 1.3.6.1.4.1.311.2.1.12
          • nil
        • contentType: 1.3.6.1.4.1.311.2.1.4
        • 1.3.6.1.4.1.311.2.1.11: msCodeInd
        • messageDigest: 
          62 1a 5f 5d 4d aa 2a 15  9a 02 2b c1 12 6a 07 cb  |b._]M.*...+..j..|
28 6b ab 36                                       |(k.6            |
      • rsaEncryption: 
        3e eb a7 a7 5e 90 d3 5c  86 78 13 60 ef 24 99 2b  |>...^..\.x.`.$.+|
d5 89 6b c1 7b bc 9b 56  02 db b5 7e c1 d2 36 58  |..k.{..V...~..6X|
22 37 ec 07 cd c8 fe fb  53 6e 5c 30 a8 49 a3 08  |"7......Sn\0.I..|
1a a2 fd 8e 81 e1 1e 8c  17 4a d2 73 ca 8b 8a 5b  |.........J.s...[|
ba 10 10 b2 b4 7b 47 8c  26 10 9e 10 db 39 01 71  |.....{G.&....9.q|
63 5f 87 09 09 52 72 2b  2e ac da 8e 01 69 8e be  |c_...Rr+.....i..|
e8 03 9f 05 1f a7 32 e1  15 b0 25 a5 5c 45 2d 10  |......2...%.\E-.|
a6 12 89 38 f5 5f 94 83  00 b0 ec 9c 75 ab d1 f4  |...8._......u...|
offsetsizetypecomment
01780224EXE08/12/2013 11:45:44#
15c115HTM#
174308153956PNG(256 x 256)#
1b2a001112PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[!] string size(98302) > stringtable size(52). truncated to 50
[!] cannot convert "\x8E]\xD2\x10\x1A/Mh\\\x9A\xDC\b\x10.\xF4\xA3"... to UTF-16
[!] string size(62676) > stringtable size(66). truncated to 64
[!] cannot convert "\xB6xW\xD6\nB4b\x8C\x81I\xBFq\xF1|\xDF"... to UTF-16
[!] string size(93940) > stringtable size(78). truncated to 76
[!] string size(126206) > stringtable size(44). truncated to 42
[!] string size(90156) > stringtable size(132). truncated to 130
[!] cannot convert "S:]\xEEh\x04\xA0\xC8:\xFF\xFF\x05\xC2Y\x8ER"... to UTF-16
[!] string size(88166) > stringtable size(452). truncated to 450
[!] cannot convert "xR\x9DY\xAA\xAD7$\xBCx]\xA5\x81\xFF\xFF?"... to UTF-16
[!] string size(45142) > stringtable size(334). truncated to 332
[!] cannot convert "\xD9\xFA\xD3\x95\xD4\xF7\xAB\xB6f1Gbd\xB7\xAA\xFF"... to UTF-16
[!] string size(131070) > stringtable size(270). truncated to 268
[!] cannot convert "O\x95\x99\xF2\xAB\x1A\xD8\x98C\xF5\xB2U\xFCE\xF6\b"... to UTF-16
[!] string size(130848) > stringtable size(80). truncated to 78
[!] cannot convert "\xFF\xFF\xFF\x03!\x06\xA3\xA9,\xE1>#T\xB6\xD4\x8B"... to UTF-16
[!] string size(56326) > stringtable size(68). truncated to 66
[!] string size(103850) > stringtable size(104). truncated to 102
[!] cannot convert "\x86\x1C5\xA6\x83\xFF\xFF\xDF\xF0\x84\xAAV+\xD2\xA5,"... to UTF-16
[!] string size(42952) > stringtable size(434). truncated to 432
[!] cannot convert "\xD5]!P\x9A\x01\x11\x0F\xB5\xBD\x80\xEE\xFF\xFF\xFF\xFF"... to UTF-16
[!] string size(126952) > stringtable size(244). truncated to 242
[!] cannot convert "\xCA\xC9\xC9\xCDF\x1A\x93\xDB\e\xDB \x0E\x1EI8\xAA"... to UTF-16
[!] string size(8056) > stringtable size(36). truncated to 34
[!] string size(53974) > stringtable size(422). truncated to 420
[!] cannot convert "\xFF\xDF\xF5\x82bx\xD6\x95z\x8A\xD4\x80f~\tT"... to UTF-16
[!] refusing to read CURDIRENTRY beyond resource size