filename2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3
size412672 (0x64c00)
md5e28a0ed74e78e75710b0d46742e407e3
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xd8

Rich Header

lib idversiontimes used
1492102223
13121022115
1473072913
10278
1322102234
148210221
145210221

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections4
TimeDateStamp0x563a2d19
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x103
Magic0x10b
LinkerVersion9.0
SizeOfCode0x22a00
SizeOfInitializedData0x41e00
SizeOfUninitializedData0
AddressOfEntryPoint0x16142
BaseOfCode0x1000
BaseOfData0x24000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.0
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x88000
SizeOfHeaders0x400
CheckSum0
Subsystem2
DllCharacteristics0x8000
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

namevavsizeraw sizeflags
.text0x10000x229660x22a00R-X CODE
.rdata0x240000x38020x3a00R-- IDATA
.data0x280000x27aa80x7000RW- IDATA
.rsrc0x500000x372a40x37400R-- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x2601c0x8c
RESOURCE0x500000x372a4
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x25b700x40
Bound_IAT00
IAT0x240000x458
Delay_IAT00
CLR_Header00
typenamesizecp
BITMAP#912054681252
ICON#196401252
ICON#242641252
ICON#311281252
STRING#40911041252
STRING#40922121252
STRING#40931641252
STRING#40946841252
STRING#40958441252
STRING#40966601252
GROUP_ICONMAINICON481252
VERSION#19201252
MANIFEST#110141252
idlangstring
654401033Friday
654411033Saturday
654421033Invalid file name - %s
654561033September
654571033October
654581033November
654591033December
654601033Sun
654611033Mon
654621033Tue
654631033Wed
654641033Thu
654651033Fri
654661033Sat
654671033Sunday
654681033Monday
654691033Tuesday
654701033Wednesday
654711033Thursday
654721033May
654731033Jun
654741033Jul
654751033Aug
654761033Sep
654771033Oct
654781033Nov
654791033Dec
654801033January
654811033February
654821033March
654831033April
654841033May
654851033June
654861033July
654871033August
654881033Invalid variant type conversion
654891033Invalid variant operation
654901033Invalid argument
654911033External exception %x
654921033Assertion failed
654931033Interface not supported
654941033Exception in safecall method
654951033Object lock not owned
654961033Monitor support function not initialized
654971033%s (%s, line %d)
654981033Abstract Error
654991033Access violation at address %p in module '%s'. %s of address %p
655001033Jan
655011033Feb
655021033Mar
655031033Apr
655041033Invalid class typecast
655051033Access violation at address %p. %s of address %p
655061033Access violation
655071033Stack overflow
655081033Control-C hit
655091033Privileged instruction
655101033Operation aborted
655111033Exception %s in module %s at %p. %s%s
655121033Application Error
655131033Format '%s' invalid or incompatible with argument
655141033No argument for format '%s'
655151033Variant method calls not supported
655161033Read
655171033Write
655181033Error creating variant or safe array
655191033Variant or safe array index out of bounds
655201033Out of memory
655211033I/O error %d
655221033File not found
655231033Too many open files
655241033File access denied
655251033Read beyond end of file
655261033Disk full
655271033Invalid numeric input
655281033Division by zero
655291033Range check error
655301033Integer overflow
655311033Invalid floating point operation
655321033Floating point division by zero
655331033Floating point overflow
655341033Floating point underflow
655351033Invalid pointer operation
module_namehintordfunction_name
USER32.dll625ScrollWindowEx
USER32.dll94CreateDesktopW
USER32.dll276GetClientRect
USER32.dll590RegisterClassW
USER32.dll774UnregisterClassW
USER32.dll164DestroyMenu
USER32.dll491LoadCursorW
USER32.dll380GetSysColorBrush
USER32.dll220EndPaint
USER32.dll14BeginPaint
USER32.dll613ReleaseDC
USER32.dll289GetDC
USER32.dll71ClientToScreen
USER32.dll424GrayStringW
USER32.dll207DrawTextExW
USER32.dll208DrawTextW
USER32.dll750TabbedTextOutW
USER32.dll420GetWindowThreadProcessId
USER32.dll648SetCursor
USER32.dll349GetMessageW
USER32.dll764TranslateMessage
USER32.dll288GetCursorPos
USER32.dll796ValidateRect
USER32.dll567PostQuitMessage
USER32.dll735ShowWindow
USER32.dll715SetWindowTextW
USER32.dll461IsDialogMessageW
USER32.dll65CheckRadioButton
USER32.dll672SetMenuItemBitmaps
USER32.dll333GetMenuCheckMarkDimensions
USER32.dll487LoadBitmapW
USER32.dll535ModifyMenuW
USER32.dll214EnableMenuItem
USER32.dll611RegisterWindowMessageW
USER32.dll493LoadIconW
USER32.dll627SendDlgItemMessageW
USER32.dll809WinHelpW
USER32.dll264GetCapture
USER32.dll719SetWindowsHookExW
USER32.dll28CallNextHookEx
USER32.dll272GetClassLongW
USER32.dll685SetPropW
USER32.dll363GetPropW
USER32.dll617RemovePropW
USER32.dll301GetForegroundWindow
USER32.dll324GetLastActivePopup
USER32.dll175DispatchMessageW
USER32.dll768UnhookWindowsHookEx
USER32.dll348GetMessageTime
USER32.dll347GetMessagePos
USER32.dll563PeekMessageW
USER32.dll521MapWindowPoints
USER32.dll317GetKeyState
USER32.dll668SetMenu
USER32.dll480IsWindowVisible
USER32.dll785UpdateWindow
USER32.dll216EnableWindow
USER32.dll63CheckMenuItem
USER32.dll554OpenInputDesktop
USER32.dll799VkKeyScanExA
USER32.dll533MessageBoxW
USER32.dll110CreateWindowExW
USER32.dll269GetClassInfoExW
USER32.dll270GetClassInfoW
USER32.dll379GetSysColor
USER32.dll3AdjustWindowRectEx
USER32.dll156DefWindowProcW
USER32.dll30CallWindowProcW
USER32.dll85CopyRect
USER32.dll576PtInRect
USER32.dll331GetMenu
USER32.dll747SystemParametersInfoA
USER32.dll411GetWindowPlacement
USER32.dll412GetWindowRect
USER32.dll418GetWindowTextLengthW
USER32.dll419GetWindowTextW
USER32.dll626SendDlgItemMessageA
USER32.dll698SetThreadDesktop
USER32.dll744SwitchDesktop
USER32.dll74CloseDesktop
USER32.dll636SendMessageW
USER32.dll566PostMessageW
USER32.dll382GetSystemMetrics
USER32.dll465IsIconic
USER32.dll300GetFocus
USER32.dll389GetTopWindow
USER32.dll406GetWindowLongW
USER32.dll274GetClassNameW
USER32.dll398GetWindow
USER32.dll708SetWindowLongW
USER32.dll710SetWindowPos
USER32.dll659SetForegroundWindow
USER32.dll218EndDialog
USER32.dll354GetNextDlgTabItem
USER32.dll356GetParent
USER32.dll476IsWindowEnabled
USER32.dll658SetFocus
USER32.dll342GetMenuState
USER32.dll338GetMenuItemID
USER32.dll337GetMenuItemCount
USER32.dll378GetSubMenu
USER32.dll291GetDesktopWindow
USER32.dll256GetActiveWindow
USER32.dll639SetActiveWindow
USER32.dll97CreateDialogIndirectParamW
USER32.dll166DestroyWindow
USER32.dll475IsWindow
USER32.dll295GetDlgItem
USER32.dll292GetDialogBaseUnits
USER32.dll530MessageBoxIndirectW
USER32.dll62CheckDlgButton
USER32.dll263GetAsyncKeyState
USER32.dll612ReleaseCapture
USER32.dll172DialogBoxParamW
USER32.dll421GetWindowWord
USER32.dll82CopyAcceleratorTableW
USER32.dll294GetDlgCtrlID
USER32.dll332GetMenuBarInfo
USER32.dll462IsDlgButtonChecked
USER32.dll341GetMenuItemRect
SHELL32.dll188SHGetFileInfoA
ole32.dll303OleGetClipboard
GDI32.dll669SetPixelV
GDI32.dll632SelectPalette
GDI32.dll301EqualRgn
GDI32.dll510GetOutlineTextMetricsA
GDI32.dll694StrokePath
GDI32.dll508GetObjectType
GDI32.dll229DeleteMetaFile
GDI32.dll227DeleteDC
GDI32.dll481GetGlyphIndicesW
GDI32.dll680SetViewportExtEx
COMCTL32.dll17
KERNEL32.dll664GetTimeZoneInformation
KERNEL32.dll390GetCommandLineA
KERNEL32.dll1273WaitForSingleObject
KERNEL32.dll1297WideCharToMultiByte
KERNEL32.dll715HeapAlloc
KERNEL32.dll719HeapFree
KERNEL32.dll1048RtlUnwind
KERNEL32.dll945RaiseException
KERNEL32.dll722HeapReAlloc
KERNEL32.dll1202Sleep
KERNEL32.dll281ExitProcess
KERNEL32.dll724HeapSize
KERNEL32.dll1189SetUnhandledExceptionFilter
KERNEL32.dll612GetStdHandle
KERNEL32.dll531GetModuleFileNameA
KERNEL32.dll353FreeEnvironmentStringsW
KERNEL32.dll474GetEnvironmentStringsW
KERNEL32.dll1135SetHandleCount
KERNEL32.dll499GetFileType
KERNEL32.dll610GetStartupInfoA
KERNEL32.dll717HeapCreate
KERNEL32.dll1260VirtualFree
KERNEL32.dll935QueryPerformanceCounter
KERNEL32.dll633GetSystemTimeAsFileTime
KERNEL32.dll1216TerminateProcess
KERNEL32.dll1235UnhandledExceptionFilter
KERNEL32.dll768IsDebuggerPresent
KERNEL32.dll611GetStartupInfoW
KERNEL32.dll360GetACP
KERNEL32.dll567GetOEMCP
KERNEL32.dll778IsValidCodePage
KERNEL32.dll813LCMapStringW
KERNEL32.dll1257VirtualAlloc
KERNEL32.dll739InitializeCriticalSectionAndSpinCount
KERNEL32.dll811LCMapStringA
KERNEL32.dll614GetStringTypeA
KERNEL32.dll617GetStringTypeW
KERNEL32.dll667GetUserDefaultLCID
KERNEL32.dll516GetLocaleInfoA
KERNEL32.dll269EnumSystemLocalesA
KERNEL32.dll780IsValidLocale
KERNEL32.dll410GetConsoleCP
KERNEL32.dll428GetConsoleMode
KERNEL32.dll1306WriteConsoleA
KERNEL32.dll432GetConsoleOutputCP
KERNEL32.dll1316WriteConsoleW
KERNEL32.dll136CreateFileA
KERNEL32.dll1112SetErrorMode
KERNEL32.dll343FlushFileBuffers
KERNEL32.dll1126SetFilePointer
KERNEL32.dll1357lstrlenA
KERNEL32.dll1222TlsFree
KERNEL32.dll209DeleteCriticalSection
KERNEL32.dll843LocalReAlloc
KERNEL32.dll1224TlsSetValue
KERNEL32.dll352FreeEnvironmentStringsA
KERNEL32.dll738InitializeCriticalSection
KERNEL32.dll701GlobalHandle
KERNEL32.dll705GlobalReAlloc
KERNEL32.dll238EnterCriticalSection
KERNEL32.dll1223TlsGetValue
KERNEL32.dll825LeaveCriticalSection
KERNEL32.dll697GlobalFlags
KERNEL32.dll533GetModuleHandleA
KERNEL32.dll105ConvertDefaultLocale
KERNEL32.dll254EnumResourceLanguagesW
KERNEL32.dll1345lstrcmpA
KERNEL32.dll518GetLocaleInfoW
KERNEL32.dll453GetCurrentThreadId
KERNEL32.dll690GlobalAddAtomW
KERNEL32.dll695GlobalFindAtomW
KERNEL32.dll693GlobalDeleteAtom
KERNEL32.dll831LoadLibraryW
KERNEL32.dll100CompareStringW
KERNEL32.dll828LoadLibraryA
KERNEL32.dll1346lstrcmpW
KERNEL32.dll536GetModuleHandleW
KERNEL32.dll581GetProcAddress
KERNEL32.dll675GetVersionExA
KERNEL32.dll1139SetLastError
KERNEL32.dll691GlobalAlloc
KERNEL32.dll350FormatMessageW
KERNEL32.dll1358lstrlenW
KERNEL32.dll870MulDiv
KERNEL32.dll702GlobalLock
KERNEL32.dll709GlobalUnlock
KERNEL32.dll698GlobalFree
KERNEL32.dll357FreeResource
KERNEL32.dll871MultiByteToWideChar
KERNEL32.dll447GetCurrentDirectoryW
KERNEL32.dll867MoveFileW
KERNEL32.dll514GetLastError
KERNEL32.dll840LocalFree
KERNEL32.dll896OpenProcess
KERNEL32.dll168CreateProcessW
KERNEL32.dll467GetDriveTypeW
KERNEL32.dll687GetWindowsDirectoryW
KERNEL32.dll676GetVersionExW
KERNEL32.dll448GetCurrentProcess
KERNEL32.dll1323WritePrivateProfileStringW
KERNEL32.dll578GetPrivateProfileStringW
KERNEL32.dll302FindClose
KERNEL32.dll325FindNextFileW
KERNEL32.dll214DeleteFileW
KERNEL32.dll313FindFirstFileW
KERNEL32.dll920Process32NextW
KERNEL32.dll918Process32FirstW
KERNEL32.dll190CreateToolhelp32Snapshot
KERNEL32.dll449GetCurrentProcessId
KERNEL32.dll836LocalAlloc
KERNEL32.dll391GetCommandLineW
KERNEL32.dll659GetTickCount
KERNEL32.dll472GetEnvironmentStrings
KERNEL32.dll751InterlockedIncrement
KERNEL32.dll747InterlockedDecrement
KERNEL32.dll1110SetEnvironmentVariableA
KERNEL32.dll97CompareStringA
KERNEL32.dll1221TlsAlloc
KERNEL32.dll1159SetStdHandle
KERNEL32.dll1037RequestDeviceWakeup
KERNEL32.dll154CreateMemoryResourceNotification
KERNEL32.dll452GetCurrentThread
KERNEL32.dll943QueueUserAPC
KERNEL32.dll280EscapeCommFunction
KERNEL32.dll370GetCPInfo
KERNEL32.dll1201SizeofResource
KERNEL32.dll852LockResource
KERNEL32.dll833LoadResource
KERNEL32.dll334FindResourceW
KERNEL32.dll1121SetFileAttributesW
KERNEL32.dll143CreateFileW
KERNEL32.dll496GetFileSize
KERNEL32.dll960ReadFile
KERNEL32.dll1317WriteFile
KERNEL32.dll82CloseHandle
KERNEL32.dll572GetPrivateProfileIntW
KERNEL32.dll830LoadLibraryExW
KERNEL32.dll354FreeLibrary
KERNEL32.dll532GetModuleFileNameW

StringTable 040904B0

CompanyNameMicrosoft Corporation
FileDescriptionSystem Integrity Check and Repair
FileVersion6.1.7600.16385 (win7_rtm.090713-1255)
InternalNamesfc.exe
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenamesfc.exe
ProductNameMicrosoft® Windows® Operating System
ProductVersion6.1.7600.16385

VS_FIXEDFILEINFO

FileVersion6.1.7600.16385
ProductVersion6.1.7600.16385
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
0412672EXE11/04/2015 16:06:49#
15c115HTM#
2db243879BMP(3879 x 48)#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER