codex.dll - o()xxxx[{::::::::::::::::::::::::::::::::::>

info
MZ
PE
resources
imports
exports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	codex.dll
size	106272 (0x19f20)
md5	fa85069d9d5426b38cf0bd2fc933084d

type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

Rich Header

lib id	version	times used
225	21005	62
223	21005	27
224	21005	177
203	65501	10
257	23918	5
1	0	90
228	40629	6
220	40629	1
219	21005	1
222	40629	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x577aa96f
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x2102
Magic	0x10b
LinkerVersion	12.0
SizeOfCode	0x19000
SizeOfInitializedData	0x1000
SizeOfUninitializedData	0x31000
AddressOfEntryPoint	0x4a7d0
BaseOfCode	0x32000
BaseOfData	0x4b000
ImageBase	0x10000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	6.0
ImageVersion	0.0
SubsystemVersion	6.0
Reserved1	0
SizeOfImage	0x4c000
SizeOfHeaders	0x1000
CheckSum	0x22d99
Subsystem	2
DllCharacteristics	0x140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPX v2.00-V2.90 (Markus Oberhumer & Laszlo Molnar & John Reiser)

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

name	va	vsize	raw size	flags
UPX0	0x1000	0x31000	0	RWX UDATA
UPX1	0x32000	0x19000	0x18c00	RWX IDATA
.rsrc	0x4b000	0x1000	0xa00	RW- IDATA

Data Directory

type	va	size
EXPORT	0x4b810	0x60
IMPORT	0x4b610	0x200
RESOURCE	0x4b000	0x610
EXCEPTION	0	0
SECURITY	0x19a00	0x520
BASERELOC	0x4b870	0x10
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x4a9bc	0x48
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
VERSION	#1	740	0
VERSION	#1	692	0

module_name	hint	ord	function_name
KERNEL32.DLL			LoadLibraryA
KERNEL32.DLL			GetProcAddress
KERNEL32.DLL			VirtualProtect
KERNEL32.DLL			VirtualAlloc
KERNEL32.DLL			VirtualFree
GameOverlayRenderer.dll			ValveHookScreenshots
ntdll.dll			RtlUnwind
PSAPI.DLL			EnumProcessModules
SHELL32.dll			SHGetFolderPathA
SHLWAPI.dll			PathFindFileNameA
steamclient.dll			VR_InitInternal

ord	entry_va	function_name
1	0x32266	ShellExecuteA
2	0x32244	ShellExecuteW

module_name	wus.dll
flags	0
timestamp	2016-07-04 18:22:38
version	0.0
ordinal_base	1
nFunctions	2
nNames	2
Names(2)	0x4b840
Functions(2)	0x4b838
NameOrdinals(2)	0x4b848

StringTable 040904B0

LegalCopyright	Copyright (C) NisCkxU544c
InternalName	WUS
FileVersion
CompanyName	ACME Corporation
ProductVersion	01.00.00.01
FileDescription	o()xxxx[{::::::::::::::::::::::::::::::::::>
Source Control ID	1337
ProductName	WUS

StringTable 040904B0

CompanyName	ACME Corporation
FileDescription	o()xxxx[{::::::::::::::::::::::::::::::::::>
FileVersion	1, 0, 0, 1
InternalName	WUS
LegalCopyright	Copyright (C) 2016
ProductName	WUS
ProductVersion	1, 0, 0, 1

VS_FIXEDFILEINFO

FileVersion	1.0.0.0
ProductVersion	1.0.0.1
StrucVersion	0x10000
FileFlagsMask	0x17
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

VS_FIXEDFILEINFO

FileVersion	1.0.0.1
ProductVersion	1.0.0.1
StrucVersion	0x10000
FileFlagsMask	0x17
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=\x00W\x00U\x00S\x00!

serial: -76712FD9738DA768BD06AAF4018C31D9

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)76:71:2f:d9:73:8d:a7:68:bd:06:aa:f4:01:8c:31:d9
        Signature Algorithm: sha1WithRSA
        Issuer: CN=\x00W\x00U\x00S\x00!
        Validity
            Not Before: Jun 30 22:00:00 2014 GMT
            Not After : Dec 31 22:00:00 2087 GMT
        Subject: CN=\x00W\x00U\x00S\x00!
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:94:8a:49:9f:b1:d3:99:00:26:f2:e5:05:50:70:
                    09:27:18:88:6a:56:ae:17:5c:19:01:55:ec:27:0e:
                    90:e6:fe:31:f5:fa:10:73:f7:58:48:c2:4f:c9:00:
                    5c:8d:51:73:43:6b:b8:6a:4b:a8:aa:90:20:8f:3d:
                    2b:7d:61:bb:02:13:39:c3:88:2c:3b:70:02:85:11:
                    39:c8:17:f3:3d:51:3d:26:6b:e1:82:e6:95:9b:63:
                    12:94:f1:6c:42:e7:89:6d:2b:b8:f0:a8:d7:89:e1:
                    99:39:12:75:f3:c7:71:ba:b0:8c:ce:10:fe:ec:27:
                    e7:db:67:85:8b:f0:db:7a:f5:9e:c1:87:74:56:3a:
                    f7:a6:c5:c7:ed:86:63:7e:73:e3:a5:28:73:62:a0:
                    04:22:c1:e2:56:98:23:42:19:62:fa:4f:6f:24:d5:
                    6c:89:9a:92:03:c9:00:5f:f2:fb:cb:af:7a:c8:19:
                    ab:0c:30:f7:37:ce:19:11:21:34:eb:5e:7a:cf:82:
                    d8:44:62:9b:a9:f9:6e:10:cf:df:f6:e5:36:d3:56:
                    d1:cb:bb:41:ae:7f:88:28:74:24:e3:c9:71:65:e4:
                    2b:c3:78:96:be:e0:b5:e4:85:c7:bf:95:33:42:4e:
                    e5:17:79:82:e2:68:f0:1b:66:37:85:e8:9f:7e:89:
                    ac:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1: 
                0;..u......p.8..\g|...0.1.0...U.....W.U.S.!.....&.rX.B.U..s.'
    Signature Algorithm: sha1WithRSA
    Signature Value:
        15:0e:f5:93:fe:4c:53:13:64:fe:6f:e9:ee:aa:85:f7:43:4e:
        57:fc:f3:ef:cc:86:0f:48:c9:57:38:26:e4:9f:70:94:26:1f:
        76:e7:5d:06:f5:d3:73:e5:6c:0d:52:b3:a2:df:d7:2a:30:8a:
        96:55:e5:d7:5a:64:27:e6:10:6b:dc:2b:e9:88:08:5a:8c:86:
        7e:1e:46:18:72:ba:52:35:0c:b6:97:9e:9c:e8:98:b5:aa:32:
        99:7e:d2:be:d6:cb:e1:14:11:fa:2f:8b:64:78:04:65:48:62:
        08:4a:c3:ba:dc:eb:a5:36:a1:76:26:11:fb:e4:42:91:c9:37:
        82:d0:3e:eb:c6:8c:d6:9e:fd:83:9c:b5:b7:5c:e4:2c:5f:1f:
        ba:03:fa:26:85:7a:63:e5:1b:8f:31:af:6b:c5:e7:8d:7e:bb:
        d7:72:11:bb:86:76:10:e9:59:ba:4f:97:3c:cd:b3:e4:e4:45:
        d7:1a:02:b4:12:a0:ea:b8:39:23:44:90:8b:8c:36:c0:fc:4d:
        26:18:ee:2a:d4:4c:27:bd:d8:41:54:5e:85:13:15:96:66:c3:
        c6:8e:46:79:d3:ec:56:7c:f6:8b:69:2a:98:0a:59:8e:57:0b:
        22:c8:2e:1d:be:6a:c4:2f:8e:44:ba:7d:5e:c5:9a:e4:98:b5:
        7f:3d:1e:ac

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15
- :

SHA1

81 97 cf 23 0f 35 b2 df 9a a8 9b 9f e7 ee 45 32 |...#.5........E2| c4 a9 5f 0c |.._. |

2
- -157436603549159170985849493119660995033
- RSA-SHA1-2: nil
- CN:
```
00 57 00 55 00 53 00 21                           |.W.U.S.!        |
```
- 2014-06-30 22:00:00 UTC: 2087-12-31 22:00:00 UTC
- CN:
```
00 57 00 55 00 53 00 21                           |.W.U.S.!        |
```
- #5
  - rsaEncryption: nil
  - 94:8A:49:9F:B1:D3:99:00:26:F2:E5:05:50:70:09:27:
    18:88:6A:56:AE:17:5C:19:01:55:EC:27:0E:90:E6:FE:
    31:F5:FA:10:73:F7:58:48:C2:4F:C9:00:5C:8D:51:73:
    43:6B:B8:6A:4B:A8:AA:90:20:8F:3D:2B:7D:61:BB:02:
    13:39:C3:88:2C:3B:70:02:85:11:39:C8:17:F3:3D:51:
    3D:26:6B:E1:82:E6:95:9B:63:12:94:F1:6C:42:E7:89:
    6D:2B:B8:F0:A8:D7:89:E1:99:39:12:75:F3:C7:71:BA:
    B0:8C:CE:10:FE:EC:27:E7:DB:67:85:8B:F0:DB:7A:F5:
    9E:C1:87:74:56:3A:F7:A6:C5:C7:ED:86:63:7E:73:E3:
    A5:28:73:62:A0:04:22:C1:E2:56:98:23:42:19:62:FA:
    4F:6F:24:D5:6C:89:9A:92:03:C9:00:5F:F2:FB:CB:AF:
    7A:C8:19:AB:0C:30:F7:37:CE:19:11:21:34:EB:5E:7A:
    CF:82:D8:44:62:9B:A9:F9:6E:10:CF:DF:F6:E5:36:D3:
    56:D1:CB:BB:41:AE:7F:88:28:74:24:E3:C9:71:65:E4:
    2B:C3:78:96:BE:E0:B5:E4:85:C7:BF:95:33:42:4E:E5:
    17:79:82:E2:68:F0:1B:66:37:85:E8:9F:7E:89:AC:77: 0x010001
- 2.5.29.1
  - 75 9e 06 ad e5 9e dd 70 a7 38 05 97 5c 67 7c a9 |u......p.8..\g|.|
    - CN:
```
00 57 00 55 00 53 00 21                           |.W.U.S.!        |
```
    - 89 8e d0 26 8c 72 58 97 42 f9 55 0b fe 73 ce 27 |...&.rX.B.U..s.'|

RSA-SHA1-2:

15 0e f5 93 fe 4c 53 13  64 fe 6f e9 ee aa 85 f7  |.....LS.d.o.....|
43 4e 57 fc f3 ef cc 86  0f 48 c9 57 38 26 e4 9f  |CNW......H.W8&..|
70 94 26 1f 76 e7 5d 06  f5 d3 73 e5 6c 0d 52 b3  |p.&.v.]...s.l.R.|
a2 df d7 2a 30 8a 96 55  e5 d7 5a 64 27 e6 10 6b  |...*0..U..Zd'..k|
dc 2b e9 88 08 5a 8c 86  7e 1e 46 18 72 ba 52 35  |.+...Z..~.F.r.R5|
0c b6 97 9e 9c e8 98 b5  aa 32 99 7e d2 be d6 cb  |.........2.~....|
e1 14 11 fa 2f 8b 64 78  04 65 48 62 08 4a c3 ba  |..../.dx.eHb.J..|
dc eb a5 36 a1 76 26 11  fb e4 42 91 c9 37 82 d0  |...6.v&...B..7..|
3e eb c6 8c d6 9e fd 83  9c b5 b7 5c e4 2c 5f 1f  |>..........\.,_.|
ba 03 fa 26 85 7a 63 e5  1b 8f 31 af 6b c5 e7 8d  |...&.zc...1.k...|
7e bb d7 72 11 bb 86 76  10 e9 59 ba 4f 97 3c cd  |~..r...v..Y.O.<.|
b3 e4 e4 45 d7 1a 02 b4  12 a0 ea b8 39 23 44 90  |...E........9#D.|
8b 8c 36 c0 fc 4d 26 18  ee 2a d4 4c 27 bd d8 41  |..6..M&..*.L'..A|
54 5e 85 13 15 96 66 c3  c6 8e 46 79 d3 ec 56 7c  |T^....f...Fy..V||
f6 8b 69 2a 98 0a 59 8e  57 0b 22 c8 2e 1d be 6a  |..i*..Y.W."....j|
c4 2f 8e 44 ba 7d 5e c5  9a e4 98 b5 7f 3d 1e ac  |./.D.}^......=..|

CN:

00 57 00 55 00 53 00 21                           |.W.U.S.!        |

-157436603549159170985849493119660995033

SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

65 46 a4 2a 0e f7 d6 c7  e7 b4 9f 96 75 2b f2 9d  |eF.*........u+..|
74 7a 25 3e                                       |tz%>            |

rsaEncryption:

8e 16 a6 55 d8 ca 21 69  49 f1 8a 37 5d b1 7a de  |...U..!iI..7].z.|
b9 e8 2f 91 e4 85 e9 b8  a0 b9 ca 74 58 b4 20 ea  |../........tX. .|
e9 71 cb 3b af 77 76 bf  f7 44 2e 6f a6 8a a6 58  |.q.;.wv..D.o...X|
4a c9 72 65 13 74 35 16  09 29 a2 81 7c fc 13 07  |J.re.t5..)..|...|
a1 39 bc 1c a7 87 d1 4b  56 ab 94 33 4d 65 4d 04  |.9.....KV..3MeM.|
96 38 9f 81 29 c1 21 16  5c 02 1d de dd bd f9 e4  |.8..).!.\.......|
bb e3 e0 76 70 d7 0e 0e  2d 7e 63 6b 5a e7 20 ed  |...vp...-~ckZ. .|
98 3b ec 20 fe 21 52 ff  78 42 24 03 e2 af dc 5b  |.;. .!R.xB$....[|
f0 0c 6e 4f e0 07 17 d6  c3 5a c8 25 6a 45 4a 03  |..nO.....Z.%jEJ.|
8a d8 45 f7 db 57 d9 8c  52 2e 31 ba f7 dd 2f be  |..E..W..R.1.../.|
a7 86 c4 2a a9 79 0c 1a  e3 7f 38 18 6f bc 4f 66  |...*.y....8.o.Of|
83 18 63 65 d0 b3 64 67  2b cb 8c a1 c9 23 45 7a  |..ce..dg+....#Ez|
36 f7 bc 7e 5e b5 a6 3a  11 39 5d 94 de 8a e8 16  |6..~^..:.9].....|
a4 02 18 ef 5d 65 22 86  c7 17 05 0e 44 a7 a5 92  |....]e".....D...|
64 8b cd 75 37 58 10 0a  21 c3 5e c1 39 7b 8f f6  |d..u7X..!.^.9{..|
c9 9b 1b 0d d6 90 c7 f6  26 90 fc d1 5d d1 e0 dc  |........&...]...|

show previews

offset	size	type	comment
0	104960	DLL	07/04/2016 18:22:39	#
15c1	15	HTM		#
19a00	1312	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK

codex.dll-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 040904B0

StringTable 040904B0

VS_FIXEDFILEINFO

VS_FIXEDFILEINFO

Signers (1)

Certificates (1)

codex.dll
-