filenameProcessPaymentechDailyFiles.exe
size442115 (0x6bf03)
md5f3900079c5964b2ec273fb7883fe31ec
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x50
blocks_in_file2
num_relocs0
header_paragraphs4
min_extra_paragraphs0xf
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0x1a
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x100

DOS stub

00000000: ba 10 00 0e 1f b4 09 cd  21 b8 01 4c cd 21 90 90  |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f  67 72 61 6d 20 6d 75 73  |This program mus|
00000020: 74 20 62 65 20 72 75 6e  20 75 6e 64 65 72 20 57  |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37  00 00 00 00 00 00 00 00  |in32..$7........|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0:

PE Header

SignaturePE
Machine0x14c
NumberOfSections0xa
TimeDateStamp0x2a425e19
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x818e
Magic0x10b
LinkerVersion2.25
SizeOfCode0x10dc00
SizeOfInitializedData0x27c00
SizeOfUninitializedData0
AddressOfEntryPoint0x13d001
BaseOfCode0x1000
BaseOfData0x10f000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x140000
SizeOfHeaders0x400
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x4000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

Aspack v2.12b (Alexey Solodovnikov)

This file is packed with ASPack. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
CODE0x10000x10e0000x62200RW- IDATA
DATA0x10f0000x40000x1800RW- IDATA
BSS0x1130000x20000RW- IDATA
.idata0x1150000x40000x1200RW- IDATA
.tls0x1190000x10000RW- IDATA
.rdata0x11a0000x10000x200RW- IDATA
.reloc0x11b0000x120000RW- IDATA
.rsrc0x12d0000x100000x4e00RW- IDATA
.aspack0x13d0000x20000x1800RW- IDATA
.adata0x13f0000x10000RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x13dfac0x40c
RESOURCE0x12d0000xf600
EXCEPTION00
SECURITY00
BASERELOC0x13df548
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS0x13df3c0x18
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
00x100000

TLS

raw
start		raw
end		indexcallbkszero
fill		flags
0x5190000x5190200x50f0f00x51a01000
typenamesizecp
CURSOR#13080
CURSOR#23080
CURSOR#33080
CURSOR#43080
CURSOR#53080
CURSOR#63080
CURSOR#73080
BITMAPBBABORT4640
BITMAPBBALL4840
BITMAPBBCANCEL4640
BITMAPBBCLOSE4640
BITMAPBBHELP4640
BITMAPBBIGNORE4640
BITMAPBBNO4640
BITMAPBBOK4640
BITMAPBBRETRY4640
BITMAPBBYES4640
BITMAPCDROM1920
BITMAPCLOSEDFOLDER2240
BITMAPCURRENTFOLDER2240
BITMAPEXECUTABLE2240
BITMAPFLOPPY1920
BITMAPHARD1920
BITMAPKNOWNFILE2240
BITMAPNETWORK1920
BITMAPOPENFOLDER2240
BITMAPPREVIEWGLYPH2320
BITMAPRAM1920
BITMAPTDDEMLMANAGER3920
BITMAPUNKNOWNFILE2240
ICON#17440
DIALOGDLGTEMPLATE820
STRING#18763480
STRING#18773640
STRING#18784040
STRING#18794040
STRING#18803340
STRING#18813900
STRING#18823640
STRING#18834120
STRING#18841120
STRING#19384740
STRING#193911040
STRING#19408160
STRING#407114520
STRING#407210960
STRING#40738800
STRING#407411440
STRING#40759520
STRING#40768760
STRING#40777480
STRING#40789920
STRING#40795040
STRING#40804560
STRING#40812320
STRING#408210800
STRING#40833800
STRING#40842320
STRING#40853120
STRING#40868720
STRING#408710280
STRING#40889280
STRING#40899000
STRING#40909440
STRING#40912400
STRING#40921920
STRING#40937280
STRING#409410800
STRING#40957800
STRING#40968120
RCDATADVCLAL160
RCDATAPACKAGEINFO22920
RCDATATCOMPONENTABOUTBOX18700
RCDATATDDEMLCMDDEFFORM11770
RCDATATDDEMLDEBUGFORM10310
RCDATATFRMFTPSTATUS5310
RCDATATFRMINPUT12950
RCDATATFRMMACROSCRIPT21840
RCDATATFRMMESSAGE7890
RCDATATSERVICEDEFFORM31670
RCDATATSHARELISTFORM70060
GROUP_CURSOR#32761200
GROUP_CURSOR#32762200
GROUP_CURSOR#32763200
GROUP_CURSOR#32764200
GROUP_CURSOR#32765200
GROUP_CURSOR#32766200
GROUP_CURSOR#32767200
GROUP_ICONMAINICON200
idlangstring
300000
8b 0a 0c 22 3c 68 97 76  14 ce a0 bc 55 fd a1 5f  |..." .|
37 90 96 c9 f0 79 0e 1e  42 83 03 c5 99 5f 8c 3a  |7....y..B...._.:|
dc 46 d9 fa ab 02 36 cd  80 53 e9 fe fa d8 a9 bf  |.F....6..S......|
22 9f 93 76 80 14 f4 fd  e5 86 b7 34 97 a1 02 a4  |"..v.......4....|
07 9f 38 4d 60 1f b0 47  82 6b 64 44 7d 54 89 2a  |..8M`..G.kdD}T.*|
b2 20 76 50 a2 be ce 1d  bb 02 bf ef e9 ec a7 09  |. vP............|
1b b4 0e d1 7b 34 53 bf  6a a2 97 14 38 14 1b b2  |....{4S.j...8...|
68 f2 c5 3a 17 e6 7b 74  61 6f 8b 09              |h..:..{tao..    |
300160
d0 40 4a bc 77 12 87 d5  27 af 5c 25 21 84 3f 96  |.@J.w...'.\%!.?.|
dd c7 41 bb c0 2f 07 50  b9 b6 48 ab 31 95 fb 55  |..A../.P..H.1..U|
9e 1c 9f c3 ef 20 ca 93  96 55 c9 00 86 c4 16 ac  |..... ...U......|
b8 18 6b 70 d6 c2 1e 4b  78 49 3c c9 2f c5 35 8e  |..kp...KxI<./.5.|
84 62 95 3f 30 c4 56 96  04 e5 63 ea bc 2a 5c 24  |.b.?0.V...c..*\$|
28 db 1e 00 41 8b e9 ce  2e de 78 55 1f 20 24 67  |(...A.....xU. $g|
95 09 b0 ed 22 5d b5 d7  a3 5c 85 1f d4 f1 4e 48  |...."]...\....NH|
98 1c 78 20 8b a6 df 2d  f7 65 89 ab 1f f9 67 bb  |..x ...-.e....g.|
45 bd 55 bf 6c 6f 2f 4b  38 e1 ae e3 dc 70 fc 1a  |E.U.lo/K8....p..|
ff 2c ff c4 0c f7 ea 68  4c 6d 3a 22 0f 2c 5f ee  |.,.....hLm:".,_.|
d0 7e f7 ee fc 81 2f d7  58 48 fe 32 c2 43 58 a8  |.~..../.XH.2.CX.|
2c 44 0a d2 b6 8b 33 d5  ee a9 f1 6b e2 be 2f 7b  |,D....3....k../{|
de ab ff c4 67 a4 cd 07  d8 68 b6 b4 07 cb e9 81  |....g....h......|
f8 7e 8e 09 9f 17 d4 dd  c2 6c 7e b0 20 e6 39 bb  |.~.......l~. .9.|
fc 57 10 93 5e 05 24 ec  4b 72 e6 97 ed ad 50 0a  |.W..^.$.Kr....P.|
f4 9f 2f 9d cc 43 7c ec  62 7f 0a 7e 55 6b c8 04  |../..C|.b..~Uk..|
b3 be 06 4f 3f b8 b6 79  a7 4e a7 73 6f 99 42 b4  |...O?..y.N.so.B.|
58 df 88 f8 63 b8 b7 79  d4 f3 f7 8b 7e 04 e9 b5  |X...c..y....~...|
7b 67 96 9f f7 e5 ae ef  87 12 b3 b0 bf f2 ae 7a  |{g.............z|
b0 ad 86 c3 e1 96 19 c6  18 c1 20 b0 b8 c4 34 6b  |.......... ...4k|
0f f0 5b dd 1e a3 55 cb  72 af 98 be 08 e7 c4 0c  |..[...U.r.......|
72 8e ed 19 89 08 cc e7  03 aa a2 c2 cc ff d3 21  |r..............!|
16 b5 3d d1 9d f6 01 f3  10 a3 19 64              |..=........d    |
300320
91 16 e7 2f d7 62 9f 9d  f3 e0 d7 47 7b c0 16 b7  |.../.b.....G{...|
c5 94 91 b5 e0 e5 90 ac  4e 85 92 00 86 4c d1 fd  |........N....L..|
33 c4 2c 13 6a 8b ca 38  c3 30 07 71 19 29 7b 98  |3.,.j..8.0.q.){.|
66 22 29 86 52 b7 93 e9  4c 4c f0 ec 09 5e 55 5c  |f").R...LL...^U\|
53 7e 9c 1f 0d 40 8f ab  bb d5 2a 13 fe 39 9b f5  |S~...@....*..9..|
fc f7 6b 84 87 6f 68 ce  0c 25 4c d7 dd f9 45 e7  |..k..oh..%L...E.|
a1 02 bc e6 02 74 b9 b1  f0 b3 c7 64 ea 12 06 05  |.....t.....d....|
e2 3f 80 0b 9b 76 5e 28  5d d5 e2 19 8c eb b3 c4  |.?...v^(].......|
41 98 cd 84 75 88 e3 c4  2e 5a 58 4c af 50 d0 f9  |A...u....ZXL.P..|
8b 05 8f 11 70 f0 34 54  7b f9 8d 7c 34 c7 71 a9  |....p.4T{..|4.q.|
f6 c7 bd d0 f8 d9 ce c7  e6 4f 2f f1 05 f7 50 63  |.........O/...Pc|
27 34 f3 dd 09 9f 2c ef  db fb 2d e7 02 10 d7 1e  |'4....,...-.....|
11 0e 06 27 b8 0f 42 74  03 0c d5 1a c1 82 71 09  |...'..Bt......q.|
fb 17 5b e0 9a 53 dc 31  f6 87 21 2e 00 ac 68 ce  |..[..S.1..!...h.|
6d 44 8c 71 57 02 b1 59  05 6e 51 45 12 74 20 0d  |mD.qW..Y.nQE.t .|
37 f9 94 a2 b8 8a 90 f9  0f 74 1d fb be fa df 55  |7........t.....U|
b3 1e f7 e2 e5 de 7a bc  64 2c f5 d9 62 95 9e 1e  |......z.d,..b...|
09 bd 7b b7 8a 5c ef 57  8d f6 1e ed f7 14 f5 10  |..{..\.W........|
05 8b ee 35 eb b4 f8 bd  5e 5f 15 11 c7 a8 5e 2c  |...5....^_....^,|
96 13 2c 74 56 c6 3c bc  66 23 c6 29 e3 10 17 b4  |..,tV.<.f#.)....|
56 c5 47 2d 7c 22 0d 1d  2c 9a 9f 21 f7 81 df 16  |V.G-|"..,..!....|
ba 16 04 30 8b 92 0f 55  48 e5 69 86 63 7b 56 af  |...0...UH.i.c{V.|
c7 dc 63 85 e6 3c f5 6f  bb 2c 48 6d 14 47 7d 17  |..c..<.o.,Hm.G}.|
c1 57 5a 87 6e 91 cd e3  08 39 71 82 b8 32 d2 44  |.WZ.n....9q..2.D|
56 91 39 50 59 4c f8 2b  03 68 2e 75 bb 6a 09 0e  |V.9PYL.+.h.u.j..|
92 d3 15 1e                                       |....            |
300480
37 a2 b0 c8 ef a6 3b c2  7f e9 13 62 74 21 27 22  |7.....;....bt!'"|
0d 1e 57 90 9b 13 2b 7d  e7 74 db be 6b d4 f3 f2  |..W...+}.t..k...|
ad 19 42 3c dc ac 17 e6  58 95 e0 ee 83 c7 8e f2  |..B<....X.......|
48 49 82 70 a0 5c 9b 06  12 6b 8a 5b f7 95 b4 9a  |HI.p.\...k.[....|
ee eb 94 73 ab 53 a4 28  d8 3b 2a 09 10 cb f1 58  |...s.S.(.;*....X|
3c ba 74 60 a0 43 48 f0  7f 82 f5 0d e3 58 7f e5  |<.t`.CH......X..|
5c 06 bd 79 72 be de db  23 ed 47 02 40 f1 87 28  |\..yr...#.G.@..(|
65 9f 2e c3 a3 08 11 24  c8 e2 b0 a9 fc 90 d0 fb  |e......$........|
22 27 f7 3f be 5e 29 bd  c2 89 72 91 c0 c2 2e e9  |"'.?.^)...r.....|
fd de bf 85 5a ec e5 30  79 9e 73 2b fe 56 3f 85  |....Z..0y.s+.V?.|
43 f8 8e 1e 59 46 13 54  01 73 84 2b 1f fe f8 d2  |C...YF.T.s.+....|
fe 50 f7 3b f7 b4 0c 6a  c7 36 e1 f2 2d 78 e5 dd  |.P.;...j.6..-x..|
c5 63 eb ff 29 e3 ca fb  72 be d5 53 9e fa 2e 4b  |.c..)...r..S...K|
7d a8 22 ee 16 57 f4 b8  b1 11 d9 df ad 33 89 94  |}."..W.......3..|
f5 b2 77 00 5e 6b 73 07  cb d2 2b 71 b6 5e 92 74  |..w.^ks...+q.^.t|
fa 7e 82 7e 48 f1 c4 c8  6a 4b e7 97 e1 eb 11 31  |.~.~H...jK.....1|
f0 f1 10 d7 98 a6 f6 d8  f2 b8 71 43 bc 99 d9 70  |..........qC...p|
58 b0 75 2d 49 bd 7a 9b  c2 38 7f db e8 67 78 56  |X.u-I.z..8...gxV|
3d 92 ea 95 61 b5 bf c1  16 db f4 1b ac 22 fd 78  |=...a........".x|
de 29 c4 1d 3b eb 41 f2  a3 07 9e c7 ea cf 95 ff  |.)..;.A.........|
f7 5d 53 f9 5a 33 c1 6a  2d a9 12 f2 fb ae 0a be  |.]S.Z3.j-.......|
08 47 54 ab df 57 e3 37  85 73 0e cf e0 df a8 4f  |.GT..W.7.s.....O|
98 1a dc db 41 f5 ee 80  99 d0 ae aa 4a a8 21 2e  |....A.......J.!.|
f2 a7 a2 a2 ab 56 c4 21  c5 b2 d1 4a bc b3 12 9f  |.....V.!...J....|
1e fc 2f 18 fc 65 84 8d  56 fc 95 54 38 cf 17 e4  |../..e..V..T8...|
4a 87 8c fa                                       |J...            |
300640
ec 8a 25 91 df f1 c4 de  09 f2 dc 4d e9 23 7f b9  |..%........M.#..|
58 7e 8d 3b c7 36 aa 8b  01 5a 58 9a 1a 9a 19 1a  |X~.;.6...ZX.....|
da ac 61 66 10 58 2e c9  26 f8 c1 eb 1d ff da f8  |..af.X..&.......|
b8 a2 23 53 fd 68 48 9d  18 8e 56 02 5a 9e a3 17  |..#S.hH...V.Z...|
fc 25 99 11 69 ef 8e 4e  16 7b be 1f ac 40 f7 5c  |.%..i..N.{...@.\|
32 de e6 ed 66 ac 19 ce  0c b7 af 5c 18 ff db e1  |2...f......\....|
1d c3 a5 33 f7 ae 0a 47  23 7a f1 4e f7 39 73 ff  |...3...G#z.N.9s.|
e2 07 66 64 43 32 00 00  05 57 ce 17 76 4d 9b 24  |..fdC2...W..vM.$|
d9 c3 67 26 50 c1 17 50  ac 46 db 25 5b 2b 54 90  |..g&P..P.F.%[+T.|
6c 8b 16 5b 21 66 da a8  28 3b 26 c7 80 c9 64 27  |l..[!f..(;&...d'|
16 ce ba 0a 8a f4 bc 01  7f 83 5e 84 44 44 11 17  |..........^.DD..|
a1 42 83 d2 f5 bd 0b d2  88 a0 8f 4b d8 82 20 f4  |.B.........K.. .|
21 75 dd c9 f2 0b 37 10  52 47 a5 17 b1 ec 80 bd  |!u....7.RG......|
2f 3e 12 f0 78 0a 5a d6  da db 24 5b 19 6d fa ac  |/>..x.Z...$[.m..|
57 06 22 e1 1b 57 45 2a  42 d4 5d 1e 37 46 a0 e1  |W."..WE*B.].7F..|
45 b7 01 46 e0 ea 26 1a  8d b8 4a d5 f8 d5 6b 84  |E..F..&...J...k.|
8f 0d 25 41 e8 51 1f ff  ff d3 7d fb cf 7c fb 3d  |..%A.Q....}..|.=|
f7 f6 7d 99 f6 ee cd 30  34 27 9c fc c6 3b 36 f5  |..}....04'...;6.|
2e 62 50 5f 8f 7b 4f f0  d9 74 4c e5 6e 95 f2 cb  |.bP_.{O..tL.n...|
45 3e d8 07 e8 2f 9e 41  8f 28 fa e9 6b 3b be f1  |E>.../.A.(..k;..|
df 79 7f d4 3f 2d f0 07  71 e4 ba cd 55 5d        |.y..?-..q...U]  |
300800
12 13 dd 04 2d 69 f0 a7  7c 96 7f 7c 25 6a 6e 0a  |....-i..|..|%jn.|
e8 c6 04 25 13 33 fa 7a  81 bb af 4c 4f 08 32 5b  |...%.3.z...LO.2[|
7a 82 58 4c ed eb 6e 53  05 94 ff 9f ff ac b8 81  |z.XL..nS........|
d4 a1 92 98 07 35 93 42  01 e1 7b 72 8b f6 c7 a6  |.....5.B..{r....|
cb f2 8b e9 06 a9 de 5d  58 8e 0a e3 8e 1f 2b 03  |.......]X.....+.|
0c 2d 93 ac 71 4e ce d3  2c b4 38 ba bc 84 96 fc  |.-..qN..,.8.....|
1b 6e 24 60 71 0c d1 09  78 ce 50 e2 54 ee 6a b1  |.n$`q...x.P.T.j.|
6d ac 5d 4e 86 91 7f 06  76 32 01 fa 2e b4 d0 75  |m.]N....v2.....u|
d9 54 a4 20 15 4f 56 95  69 a0 cf 1e d9 7a 9d 8c  |.T. .OV.i....z..|
3d 4f 89 7a ac f7 ea 4d  85 62 81 b8 75 3e 65 a2  |=O.z...M.b..u>e.|
fd f6 38 46 c3 39 80 6e  4d 59 76 1c a7 c4 b1 56  |..8F.9.nMYv....V|
31 db 2b 7a 6e aa 87 12  b2 ad 37 e4 c0 b6 7a 0f  |1.+zn.....7...z.|
f4 fd 9e 94 48 f1 b0 d1  e2 09 6d 8d 39 2d 5f 64  |....H.....m.9-_d|
66 df 03 9e 43 86 4a de  94 10 97 20 f7 60 86 0e  |f...C.J.... .`..|
41 22 04 44 75 8f ec 80  bb fb 0f 88 42 79 9b b8  |A".Du.......By..|
2f 48 a1 6c 49 e1 8c 33  08 f6 c4 f1 c8 40 85 94  |/H.lI..3.....@..|
03 b1 2b 39 e4 0a 06 28  37 a8 99 47 83 cb 60 bb  |..+9...(7..G..`.|
d2 e2 7d e2 0b f2 a4 20  53 87 d2 10 ef 0f 5d 0f  |..}.... S.....].|
4e bc 39 37 84 32 23 2b  fa 87 9c 3e 5b 21 5d f4  |N.97.2#+...>[!].|
51 f2 33 3d 3b bd 7a 9b  fd 1d ca eb 59 97 b8 df  |Q.3=;.z.....Y...|
f4 43 07 41 10 b6 f1 1e  12 c6 ee 4a 5c aa 4a 5b  |.C.A.......J\.J[|
9c 98 55 ab cb 33 da 59  8c e5 9b bb e8 e8 be c5  |..U..3.Y........|
1b 7a 0b 83 75 6b b5 cd  81 fa 3c e3 71 d2 bf 36  |.z..uk....<.q..6|
59 12 42 ba 2d bc 30 cb  e2 84 9a c5 84 5c de 35  |Y.B.-.0......\.5|
12 d3 04 f6 6f 52                                 |....oR          |
300960
7e 93 c0 0c 6e cf 3f 30  cd 01 42 51 75 e0 db c7  |~...n.?0..BQu...|
11 17 34 c3 51 33 65 4a  e1 f1 b7 1b bb 95 f0 62  |..4.Q3eJ.......b|
54 08 5e 15 63 55 4f 39  77 d6 af 4b b9 ef 32 50  |T.^.cUO9w..K..2P|
70 08 56 17 27 49 65 66  7f c0 d3 d2 38 5c 1f 99  |p.V.'Ief....8\..|
6b eb 68 40 3b c8 2e ad  86 1d 94 ff 7d cf e3 52  |k.h@;.......}..R|
41 ab dc 34 16 1d 88 f3  ab 2f 88 a7 b2 19 95 67  |A..4...../.....g|
77 88 36 3a 9d 27 c7 97  50 59 3c 67 8d af 77 46  |w.6:.'..PY.j.].il...\a._.|
82 63 8d 11 70 40 ca db  8d 42 d1 e5 45 7a b3 b1  |.c..p@...B..Ez..|
a1 b1 03 e5 37 82 6a 45  fd 0a ef 44 03 05 6c 9d  |....7.jE...D..l.|
6e d4 fb c2 53 14 0a 6e  38 e1 b9 e2 9a 2b 40 17  |n...S..n8....+@.|
c5 bc 3b 8d 1e 62 0e 95  65 60 6d 9f 28 1e 61 20  |..;..b..e`m.(.a |
93 ab 83 0c 43 4c 1d 0d  3c f5 c0 bf 71 4e 91 7d  |....CL..<...qN.}|
d6 d9 4a ab f0 2f 00 56  5e 8a 73 e3 be 40 d8 63  |..J../.V^.s..@.c|
4e 1d 39 2f 32 ae e8 4c  73 43 38 db 17 b2 f7 3d  |N.9/2..LsC8....=|
3d 67 98 a9 ca 82 71 f5  be a8 62 83 63 f7 0a 1d  |=g....q...b.c...|
24 cb bc 82 0b 20 c6 7e  8e 40 76 bc 39 64 f3 88  |$.... .~.@v.9d..|
47 7f 8f 1c 11 e4 66 dc  6c b7 a2 02 55 29 46 f0  |G.....f.l...U)F.|
87 4d dd 89 79 9f 4a e1  97 31 f5 9d 4e 5d aa 6d  |.M..y.J..1..N].m|
d9 95 ce 5d a6 35 d0 4a  77 32 86 51 72 d5 2f 48  |...].5.Jw2.Qr./H|
a2 c9 ab 81 43 ac 22 a3  c1 59 27 3f              |....C."..Y'?    |
301120
a2 69 fe f2 d9 07 e0 b7  2b 24 0e 39 b9 39 c3 08  |.i......+$.9.9..|
f6 03 a2 86 e9 61 bd 85  39 4b 8d b9 2a c9 5d aa  |.....a..9K..*.].|
03 3e 98 08 8d 45 7b 35  8a 11 ea 7e c2 b2 67 dd  |.>...E{5...~..g.|
cf 9f 7a b7 ba c2 93 e3  a0 0b e3 47 a9 e2 d1 9e  |..z........G....|
24 a5 3d c3 b8 76 c5 95  9a b1 ca 64 b6 7d 44 f2  |$.=..v.....d.}D.|
83 06 df df 01 85 b6 74  2b ea e9 51 47 6d 47 76  |.......t+..QGmGv|
06 db be fe be 9c 2c 5e  8b f1 6b ed d7 25 5f 97  |......,^..k..%_.|
d7 9e 42 34 b4 37 79 d2  59 f6 05 47 22 79 31 aa  |..B4.7y.Y..G"y1.|
62 81 ca 17 38 79 46 68  30 69 03 d9 a6 25 b1 12  |b...8yFh0i...%..|
89 c2 9a 96 b3 48 e0 88  90 d5 50 a4 3a fc a1 a5  |.....H....P.:...|
77 a8 99 83 7a 72 de bd  d8 18 88 04 46 04 ef cc  |w...zr......F...|
fb a6 5f f5 6c 13 ba b9  b1 90 c6 7c 36 bc 9e 1d  |.._.l......|6...|
48 b8 db 41 d0 14 0b 0b  0c 2b 5c 7d 6f df 09 1d  |H..A.....+\}o...|
35 06 22 90 82 56 3b 19  7e f8 a9 05 da c2 44 91  |5."..V;.~.....D.|
dc 57 9d 51 5a bb 72 55  87 d9 22 5a e3 8c e3 c2  |.W.QZ.rU.."Z....|
e6 13 4c ab 5b 8a f3 91  79 ca dd e3 28 96 be 01  |..L.[...y...(...|
d5 bf 53 6e 2e 3b da 8c  cc 9b 69 30 14 ab be 30  |..Sn.;....i0...0|
86 b6 dd 24 da 3a 89 3a  44 84 d7 b0 55 6c 27 c1  |...$.:.:D...Ul'.|
76 fe 32 52 cd 2e 57 37  43 47 75 2a 8e 0f d1 01  |v.2R..W7CGu*....|
ae 3e 0c c1 31 42 c9 9b  81 9c e0 0f c6 a3 98 64  |.>..1B.........d|
4d 3a 18 33 27 da b6 69  b7 79 3b eb 73 6a 06 05  |M:.3'..i.y;.sj..|
40 b1 8d 0d 90 98 5d 31  88 58 5a c8 15 9c 83 65  |@.....]1.XZ....e|
95 ff b3 21 4b 22 37 24  24 2e 99 2d 60 cf 72 58  |...!K"7$$..-`.rX|
06 eb 84 86 94 a5 15 11  42 02 2a 41 09 c4 c9 55  |........B.*A...U|
6d 61 b8 d6 b0 fc 89 20  72 57 4b 2f 76 f7 49 eb  |ma..... rWK/v.I.|
bf 59 cf 0c 17 4d a4 17  f7 96 7e 5b              |.Y...M....~[    |
301280
d8 a4 34 79 f5 21 99 66  e6 d6 18 b9 51 c0 44 83  |..4y.!.f....Q.D.|
38 51 5b a0 f1 d9 e2 4d  24 bf 36 22 98 d0 31 c1  |8Q[....M$.6"..1.|
88 90 a3 1a 0b 6f 05 7d  38 0d 69 26 f4 39 ad 55  |.....o.}8.i&.9.U|
00 04 03 11 a1 2b f3 9d  ee 23 6a 32 30 ee 50 6c  |.....+...#j20.Pl|
7e 51 66 b2 78 5d 44 07  16 08 e4 86 4a 44 97 0a  |~Qf.x]D.....JD..|
8b 61 be 0c d5 16 ab 32  33 2a 97 c2 48 5f 1d 2c  |.a.....23*..H_.,|
1f 2f b8 59 9f 95 e1 8f  ce a7 2d 50 ac d9 38 a0  |./.Y......-P..8.|
309920
42 02 e2 e8 73 c3 5a 13  4f 79 ae a2 2c ea ff 52  |B...s.Z.Oy..,..R|
b8 18 f1 df db 37 0a 16  d7 38 ff 30 d6 2d cd cb  |.....7...8.0.-..|
fe 25 7f 33 0a 47 95 34  f4 ee 1a 8a 8a 7b b6 e0  |.%.3.G.4.....{..|
73 83 f1 01 58 f7 a1 4d  87 76 be ab ce a7 6d 95  |s...X..M.v....m.|
69 29 37 37 b8 4c e1 6e  eb ea 5d 8b 9c 55 8a 3a  |i)77.L.n..]..U.:|
85 f6 e9 20 42 b7 e7 13  5c 8b 6d 0b ca ba 04 53  |... B...\.m....S|
b7 e9 9a a8 37 9c cd fb  4e dd 46 1c 49 9f 7b 4a  |....7...N.F.I.{J|
d9 d3 dd c7 f6 37 55 c0  5b b0 12 42 bb 3d 57 61  |.....7U.[..B.=Wa|
02 30 da 2c 23 1e 0c 14  bb 95 f9 37 d6 c6 43 4f  |.0.,#......7..CO|
a4 4b c1 82 ef d6 32 91  30 63 03 6d 1c 40 88 6b  |.K....2.0c.m.@.k|
37 ab 7e ba 50 b9 c4 19  a2 e8 01 78 66 15 f6 56  |7.~.P......xf..V|
5f 27 ff d0 4d a2 6e f1  a6 93 7a 46 b9 57 7d 03  |_'..M.n...zF.W}.|
dd 8a 47 83 32 79 f1 8f  66 9c c8 0a 4c 90 48 55  |..G.2y..f...L.HU|
cb fc d1 1f f6 18 c3 85  3c ff 10 ce 1d a4 b6 1a  |........<.......|
62 60 fe 66 b1 87 22 4f  dc 6f b3 83 ef 72 98 9e  |b`.f.."O.o...r..|
4e 5f c1 fc a3 42 34 e8  5e c4 e5 26 e8 48 29 a9  |N_...B4.^..&.H).|
4e 61 6a 16 91 a5 ca 9e  0f 6c 64 c3 af 04 70 e2  |Naj......ld...p.|
24 39 77 42 2d 6e 40 c8  97 28 0b de 33 0c 79 2f  |$9wB-n@..(..3.y/|
8b 0a b3 8d 9e a0 47 1d  41 9e f1 26 20 8e 18 22  |......G.A..& .."|
8b 43 98 f1 fc 1f 12 46  c2 8e 36 90 85 0f 91 ed  |.C.....F..6.....|
c9 11 84 62 2e 7c 79 15  85 7f 2f 16 08 e0 41 88  |...b.|y.../...A.|
4d 52 4f ad 66 e7 a0 b7  34 47 f5 42 6c 2b dd 2a  |MRO.f...4G.Bl+.*|
ea a3 21 1a 94 a7 51 7f  5f 5f c5 58 79 5f 9d c3  |..!...Q.__.Xy_..|
36 58 e5 1f 34 28 c1 16  d2 5f 77 c4 5c 99 33 1a  |6X..4(..._w.\.3.|
3a 6a 47 84 79 c5 49 30  75 e6 80 56 6c 3a e1 47  |:jG.y.I0u..Vl:.G|
3f 99 65 e4 da 62 3d 86  bc 23 1a 93 8a 7b a8 3a  |?.e..b=..#...{.:|
a1 4c f4 9a 4c dd 37 9e  44 e4 f2 e3 7d 5d 08 f2  |.L..L.7.D...}]..|
7c 67 e4 f2 e3 3a 63 9d  00 0c 65 a2 1e 63 56 ab  ||g...:c...e..cV.|
15 fb 12 16 81 4a 75 9c  2b c2 5d 26 64 fa b5 9f  |.....Ju.+.]&d...|
d3 4c 33 ed 16 58 96 c3  21 a2                    |.L3..X..!.      |
310080
fd 52 7b 95 58 16 17 39  63 46 c8 af 40 c3 c8 25  |.R{.X..9cF..@..%|
fd 19 f1 e0 13 b2 a1 50  7a 03 14 25 cb 38 56 35  |.......Pz..%.8V5|
18 e5 b4 a6 4d 6a d1 46  b5 e5 c2 8f 53 ba 27 dd  |....Mj.F....S.'.|
9b 0c 08 8c 08 fa 82 34  ea 7d 4f 11 eb 11 37 bf  |.......4.}O...7.|
b4 55 96 2e 64 5b c1 88  e0 88 b0 bd 29 b1 bb c9  |.U..d[......)...|
5b ab 24 f2 22 bb 58 df  90 45 cf 26 69 cd ee 72  |[.$.".X..E.&i..r|
05 3c d0 5b 3b 99 5d 1c  9f b9 18 2e 68 9d 96 82  |.<.[;.].....h...|
26 84 da df 14 02 e1 c3  01 53 7c bd a2 1b e4 f4  |&........S|.....|
21 81 ca a5 ef 87 f6 af  18 34 66 f5 52 e0 ad 13  |!........4f.R...|
64 ac 20 20 f2 59 bf 25  c8 1c dc 42 ff 83 33 d0  |d.  .Y.%...B..3.|
64 c3 96 8d fe ff b8 2f  a4 07 6a cd 0e 3b 23 5d  |d....../..j..;#]|
56 e1 5c 65 59 e8 12 6a  30 9f 9f 33 3e 87 a3 db  |V.\eY..j0..3>...|
47 81 08 d1 e4 0d b2 20  35 43 c4 9e b2 5f 9b a5  |G...... 5C..._..|
f7 10 05 2b 82 08 c3 f0  8d 37 7c 8d 47 b3 6f 9d  |...+.....7|.G.o.|
4f 2a 33 5a 72 cd 55 ff  b9 85 b0 36 55 f5 b6 be  |O*3Zr.U....6U...|
38 36 90 fb 84 03 0d 9d  20 db 14 0d ae 17 10 36  |86...... ......6|
3c fa e7 ca 7c d5 43 7e  03 ab 6b 9c 16 43 74 4b  |<...|.C~..k..CtK|
5b d2 16 f4 ec aa 0f d4  b8 38 3d 72 3c c9 cb 08  |[........8=r<...|
af fa f7 aa 59 fd a7 5e  72 87 e6 0e 0a 7e f6 3b  |....Y..^r....~.;|
a4 ea 98 46 c4 f3 a8 61  12 ab f6 70 78 39 dc 63  |...F...a...px9.c|
dd 6b 82 a1 de ff c8 f8  a3 de 32 12 43 46 9b 55  |.k........2.CF.U|
75 c4 0c 38 c5 0d 27 fc  81 d4 8f 61 ad 32 03 10  |u..8..'....a.2..|
00 48 05 e0 01 50 02 b0  07 e1 ba ff ff 83 ac 00  |.H...P..........|
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00 00 00 00 00 00 00 00  00 00 00 00 90 90 60 e8  |..............`.|
03 00 00 00 e9 eb 04 5d  45 55 c3 e8 01 00 00 00  |.......]EU......|
eb 5d bb ec ff ff ff 03  dd 81 eb 00 d0 13 00 83  |.]..............|
bd 22 04 00 00 00 89 9d  22 04 00 00 0f 85 65 03  |."......".....e.|
00 00 8d 85 2e 04 00 00  50 ff 95 4c 0f 00 00 89  |........P..L....|
85 26 04 00 00 8b f8 8d  5d 5e 53 50 ff 95 48 0f  |.&......]^SP..H.|
00 00 89 85 4c 05 00 00  8d 5d 6b 53 57 ff 95 48  |....L....]kSW..H|
0f 00 00 89 85 50 05 00  00 8d 45 77 ff e0 56 69  |.....P....Ew..Vi|
72 74 75 61 6c 41 6c 6c  6f 63 00 56 69 72 74 75  |rtualAlloc.Virtu|
61 6c 46 72 65 65 00 8b  9d 30 05 00 00 0b db 74  |alFree...0.....t|
0a 8b 03 87 85 34 05 00  00 89 03 8d b5 68 05 00  |.....4.......h..|
00 83 3e 00 0f 84 21 01  00 00 6a 04 68 00 10 00  |..>...!...j.h...|
00 68 00 18 00 00 6a 00  ff 95 4c 05 00 00 89 85  |.h....j...L.....|
56 01 00 00 8b 46 04 05  0e 01 00 00 6a 04 68 00  |V....F......j.h.|
10 00 00 50 6a 00 ff 95  4c 05 00 00 89 85 52 01  |...Pj...L.....R.|
00 00 56 8b 1e 03 9d 22  04 00 00 ff b5 56 01 00  |..V....".....V..|
00 ff 76 04 50 53 e8 6d  05 00 00 b3 00 80 fb 00  |..v.PS.m........|
75 5e fe 85 ec 00 00 00  8b 3e 03 bd 22 04 00 00  |u^.......>.."...|
ff 37 c6 07 c3 ff d7 8f  07 50 51 56 53 8b c8 83  |.7.......PQVS...|
e9 06 8b b5 52 01 00 00  33 db 0b c9 74 2e 78 2c  |....R...3...t.x,|
ac 3c e8 74 0a eb 00 3c  e9 74 04 43 49 eb eb 8b  |.<.t...<.t.CI...|
06 eb 00 80 3e 24 75 f3  24 00 c1 c0 18 2b c3 89  |....>$u.$....+..|
06 83 c3 05 83 c6 04 83  e9 05 eb ce 5b 5e 59 58  |............[^YX|
eb 08 00 00 00 00 00 00  00 00 8b c8 8b 3e 03 bd  |.............>..|
22 04 00 00 8b b5 52 01  00 00 c1 f9 02 f3 a5 8b  |".....R.........|
c8 83 e1 03 f3 a4 5e 68  00 80 00 00 6a 00 ff b5  |......^h....j...|
52 01 00 00 ff 95 50 05  00 00 83 c6 08 83 3e 00  |R.....P.......>.|
0f 85 1e ff ff ff 68 00  80 00 00 6a 00 ff b5 56  |......h....j...V|
01 00 00 ff 95 50 05 00  00 8b 9d 30 05 00 00 0b  |.....P.....0....|
db 74 08 8b 03 87 85 34  05 00 00 8b 95 22 04 00  |.t.....4....."..|
00 8b 85 2c 05 00 00 2b  d0 74 79 8b c2 c1 e8 10  |...,...+.ty.....|
33 db 8b b5 38 05 00 00  03 b5 22 04 00 00 83 3e  |3...8....."....>|
00 74 61 8b 4e 04 83 e9  08 d1 e9 8b 3e 03 bd 22  |.ta.N.......>.."|
04 00 00 83 c6 08 66 8b  1e c1 eb 0c 83 fb 01 74  |......f........t|
0c 83 fb 02 74 16 83 fb  03 74 20 eb 2c 66 8b 1e  |....t....t .,f..|
module_namehintordfunction_name
kernel32.dllGetProcAddress
kernel32.dllGetModuleHandleA
kernel32.dllLoadLibraryA
user32.dllGetKeyboardType
advapi32.dllRegQueryValueExA
oleaut32.dllSysFreeString
advapi32.dllRegSetValueExA
version.dllVerQueryValueA
gdi32.dllUnrealizeObject
user32.dllCreateWindowExA
oleaut32.dllSafeArrayPtrOfIndex
ole32.dllCreateStreamOnHGlobal
oleaut32.dllCreateErrorInfo
comctl32.dllImageList_SetIconSize
winspool.drvOpenPrinterA
shell32.dllShell_NotifyIconA
comdlg32.dllPrintDlgA
user32.dllDdeCmpStringHandles
wow32.dllWOWGetVDMPointerUnfix
winmm.dllPlaySoundA
offsetsizetypecomment
0440320EXE06/19/1992 22:22:17#
15c115HTM#
6b8001795BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 442115 bytes (432 KiB)



Errors: 1
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x132024
[?] can't find file_offset of VA 0x132354
[?] can't find file_offset of VA 0x132900
[?] can't find file_offset of VA 0x132d48
[?] can't find file_offset of VA 0x1330b8
[?] can't find file_offset of VA 0x133530
[?] can't find file_offset of VA 0x1338e8
[?] can't find file_offset of VA 0x133c54
[?] can't find file_offset of VA 0x133f40
[?] can't find file_offset of VA 0x134320
[?] can't find file_offset of VA 0x134518
[?] can't find file_offset of VA 0x1346e0
[?] can't find file_offset of VA 0x1347c8
[?] can't find file_offset of VA 0x134c00
[?] can't find file_offset of VA 0x134d7c
[?] can't find file_offset of VA 0x134e64
[?] can't find file_offset of VA 0x134f9c
[?] can't find file_offset of VA 0x135304
[?] can't find file_offset of VA 0x135708
[?] can't find file_offset of VA 0x135aa8
[?] can't find file_offset of VA 0x135e2c
[?] can't find file_offset of VA 0x1361dc
[?] can't find file_offset of VA 0x1362cc
[?] can't find file_offset of VA 0x13638c
[?] can't find file_offset of VA 0x136664
[?] can't find file_offset of VA 0x136a9c
[?] can't find file_offset of VA 0x136da8
[!] string size(5398) > stringtable size(348). truncated to 346
[!] cannot convert "\f\"<h\x97v\x14\xCE\xA0\xBCU\xFD\xA1_\x8E\x9B"... to UTF-16
[!] string size(33184) > stringtable size(364). truncated to 362
[!] cannot convert "J\xBCw\x12\x87\xD5'\xAF\\%!\x84?\x96\xDD\xC7"... to UTF-16
[!] string size(11554) > stringtable size(404). truncated to 402
[!] cannot convert "\xE7/\xD7b\x9F\x9D\xF3\xE0\xD7G{\xC0\x16\xB7\xC5\x94"... to UTF-16
[!] string size(83054) > stringtable size(404). truncated to 402
[!] cannot convert "\xB0\xC8\xEF\xA6;\xC2\x7F\xE9\x13bt!'\"\r\x1E"... to UTF-16
[!] string size(71128) > stringtable size(334). truncated to 332
[!] cannot convert "%\x91\xDF\xF1\xC4\xDE\t\xF2\xDCM\xE9#\x7F\xB9X~"... to UTF-16
[!] string size(9764) > stringtable size(390). truncated to 388
[!] cannot convert "\xDD\x04-i\xF0\xA7|\x96\x7F|%jn\n\xE8\xC6"... to UTF-16
[!] string size(75516) > stringtable size(364). truncated to 362
[!] cannot convert "\xC0\fn\xCF?0\xCD\x01BQu\xE0\xDB\xC7\x11\x17"... to UTF-16
[!] string size(54084) > stringtable size(412). truncated to 410
[!] cannot convert "\xFE\xF2\xD9\a\xE0\xB7+$\x0E9\xB99\xC3\b\xF6\x03"... to UTF-16
[!] string size(84400) > stringtable size(112). truncated to 110
[!] cannot convert "4y\xF5!\x99f\xE6\xD6\x18\xB9Q\xC0D\x838Q"... to UTF-16
[!] string size(1156) > stringtable size(474). truncated to 472
[!] cannot convert "\xE2\xE8s\xC3Z\x13Oy\xAE\xA2,\xEA\xFFR\xB8\x18"... to UTF-16
[!] string size(42490) > stringtable size(1104). truncated to 1102
[!] cannot convert "{\x95X\x16\x179cF\xC8\xAF@\xC3\xC8%\xFD\x19"... to UTF-16
[?] can't find file_offset of VA 0x1370d4
[?] can't find file_offset of VA 0x1370e4
[?] can't find file_offset of VA 0x1379d8
[?] can't find file_offset of VA 0x138128
[?] can't find file_offset of VA 0x1385c4
[?] can't find file_offset of VA 0x1389cc
[?] can't find file_offset of VA 0x138be0
[?] can't find file_offset of VA 0x1390f0
[?] can't find file_offset of VA 0x139978
[?] can't find file_offset of VA 0x139c90
[?] can't find file_offset of VA 0x13a8f0
[?] can't find file_offset of VA 0x13c450
[?] can't find file_offset of VA 0x13c464
[?] can't find file_offset of VA 0x13c478
[?] can't find file_offset of VA 0x13c48c
[?] can't find file_offset of VA 0x13c4a0
[?] can't find file_offset of VA 0x13c4b4
[?] can't find file_offset of VA 0x13c4c8
[?] can't find file_offset of VA 0x0