| filename | PatchEngine.exe | |
|---|---|---|
| size | 14368 (0x3820) | |
| md5 | f4e76a5f6ea94483b54e074efaac27c9 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 - v1.22 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xa000 | 0 | RWX UDATA | |
| .data | 0xb000 | 0x3000 | 0x2c00 | RWX IDATA | |
| .rsrc | 0xe000 | 0x1000 | 0xa00 | RW- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0xe7b0 | 0x178 | |
| RESOURCE | 0xe000 | 0x7b0 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0 | 0 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
| type | name | size | cp | |
|---|---|---|---|---|
| ICON | #1 | 744 | 0 | |
| ICON | #2 | 744 | 0 | |
| DIALOG | #100 | 1728 | 0 | |
| DIALOG | #199 | 900 | 0 | |
| STRING | #1 | 308 | 0 | |
| GROUP_ICON | #121 | 20 | 0 | |
| GROUP_ICON | #999 | 20 | 0 |
| id | lang | string |
|---|---|---|
| 0 | 1031 | 3d 24 1a 00 9f bd bd 87 3e e8 a1 0e 72 ff e0 58 |=$......>...r..X|
10 d7 64 a1 42 bb 19 0e 5d 35 9e 68 14 1b 55 66 |..d.B...]5.h..Uf|
21 08 cd 9a 50 aa 49 10 6d b0 ef fb 89 65 e8 68 |!...P.I.m....e.h|
20 1a 1c 04 18 6a 90 75 db 5e 64 7b 14 05 1c 16 | ....j.u.^d{....|
34 0c 87 c3 df bf 3c 2e a0 18 31 c9 89 4d fc 50 |4.....<...1..M.P|
2a b4 c9 c3 fd 77 8c d0 5e a3 51 08 a0 28 20 7d |*....w..^.Q..( }|
08 6a 7b c3 58 c3 28 6a 7d d8 23 c0 16 8d 05 44 |.j{.X.(j}.#....D|
40 45 ec da 77 bf 45 dc c7 45 e4 1e 2c 89 7d e8 |@E..w.E..E..,.}.|
89 3d 8c 74 00 7f 9b cb f6 33 0e 59 30 b8 1e f0 |.=.t.....3.Y0...|
f4 06 8d 35 f7 cb f7 dd ce 8a 2e 75 fc 6a 79 57 |...5.......u.jyW|
1a c4 ec 8d 75 d8 56 0b 8c 6d 6e c7 e8 1f 80 1d |....u.V..mn.....|
ea 01 64 1c 4c de fe 66 2f 10 c9 c2 10 7d d4 8b |..d.L..f/....}..|
75 0c 81 14 68 cd 76 b7 36 e6 41 1f 10 88 ac 68 |u...h.v.6.A....h|
ad 0e 68 01 db 76 e3 5b 80 92 3c 5c 18 57 03 10 |..h..v.[..<\.W..|
43 56 ff bf fd 6d 05 fc 11 54 89 fa a8 f9 19 c9 |CV...m...T......|
f2 ae f7 d9 8d 41 fe 89 d7 31 de 3c 74 ff db 39 |.....A...1. |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | ExitProcess | ||
| ADVAPI32.DLL | RegCloseKey | ||
| COMDLG32.DLL | GetFileTitleA | ||
| CRTDLL.DLL | exit | ||
| SHELL32.DLL | ExtractIconA | ||
| USER32.DLL | DrawIcon |
Scanning the drive for archives: 1 file, 14368 bytes (15 KiB) Errors: 1
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0xa7b8
[?] can't find file_offset of VA 0xae78
[!] string size(18554) > stringtable size(308). truncated to 306
[!] cannot convert "\x1A\x00\x9F\xBD\xBD\x87>\xE8\xA1\x0Er\xFF\xE0X\x10\xD7"... to UTF-16
[?] can't find file_offset of VA 0xa7a4