пятница, 25 мая 2012 г.
60d90841fd54026958091e3d2d9ede07
FileName: 1040812_60d90841fd54026958091e3d2d9ede07.exe
Size : 1040812
Md5 : 60d90841fd54026958091e3d2d9ede07
PEiD : None
Virus Total Result:
nProtect -> Trojan.Generic.7449487
McAfee -> Generic.grp!im
K7AntiVirus -> Riskware
VirusBuster -> Riskware.RiskWare!4PZDb8i6Py4
NOD32 -> Win32/RiskWare.HackAV.IU
Norman -> W32/Redosdru.LS
TrendMicro-HouseCall -> TROJ_SPNR.0BEK12
Avast -> Win32:PUP-gen [PUP]
eSafe -> Win32.Redosdru.Id
BitDefender -> Trojan.Generic.7449487
Emsisoft -> Backdoor.Win32.Zegost!IK
Comodo -> UnclassifiedMalware
F-Secure -> Trojan.Generic.7449487
VIPRE -> Trojan-Dropper.Win32.Resdro.b (v) (not malicious)
TrendMicro -> TROJ_SPNR.0BEK12
McAfee-GW-Edition -> Generic.grp!im
Antiy-AVL -> Trojan/win32.agent.gen
Microsoft -> HackTool:Win32/Keygen
GData -> Trojan.Generic.7449487
Ikarus -> Backdoor.Win32.Zegost
Fortinet -> W32/Redosdru.ID!tr
AVG -> Fat-Obfuscated
Panda -> Generic Trojan
FileInfo:
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0xD8
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0xD8 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0xDC 0x0 Machine: 0x14C
0xDE 0x2 NumberOfSections: 0x5
0xE0 0x4 TimeDateStamp: 0x4B1AE3C6 [Sat Dec 05 22:50:46 2009 UTC]
0xE4 0x8 PointerToSymbolTable: 0x0
0xE8 0xC NumberOfSymbols: 0x0
0xEC 0x10 SizeOfOptionalHeader: 0xE0
0xEE 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER]
0xF0 0x0 Magic: 0x10B
0xF2 0x2 MajorLinkerVersion: 0x6
0xF3 0x3 MinorLinkerVersion: 0x0
0xF4 0x4 SizeOfCode: 0x5C00
0xF8 0x8 SizeOfInitializedData: 0x1D400
0xFC 0xC SizeOfUninitializedData: 0x400
0x100 0x10 AddressOfEntryPoint: 0x323C
0x104 0x14 BaseOfCode: 0x1000
0x108 0x18 BaseOfData: 0x7000
0x10C 0x1C ImageBase: 0x400000
0x110 0x20 SectionAlignment: 0x1000
0x114 0x24 FileAlignment: 0x200
0x118 0x28 MajorOperatingSystemVersion: 0x4
0x11A 0x2A MinorOperatingSystemVersion: 0x0
0x11C 0x2C MajorImageVersion: 0x6
0x11E 0x2E MinorImageVersion: 0x0
0x120 0x30 MajorSubsystemVersion: 0x4
0x122 0x32 MinorSubsystemVersion: 0x0
0x124 0x34 Reserved1: 0x0
0x128 0x38 SizeOfImage: 0x44000
0x12C 0x3C SizeOfHeaders: 0x400
0x130 0x40 CheckSum: 0x0
0x134 0x44 Subsystem: 0x2
0x136 0x46 DllCharacteristics: 0x8000
0x138 0x48 SizeOfStackReserve: 0x100000
0x13C 0x4C SizeOfStackCommit: 0x1000
0x140 0x50 SizeOfHeapReserve: 0x100000
0x144 0x54 SizeOfHeapCommit: 0x1000
0x148 0x58 LoaderFlags: 0x0
0x14C 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x1D0 0x0 Name: .text
0x1D8 0x8 Misc: 0x5A5A
0x1D8 0x8 Misc_PhysicalAddress: 0x5A5A
0x1D8 0x8 Misc_VirtualSize: 0x5A5A
0x1DC 0xC VirtualAddress: 0x1000
0x1E0 0x10 SizeOfRawData: 0x5C00
0x1E4 0x14 PointerToRawData: 0x400
0x1E8 0x18 PointerToRelocations: 0x0
0x1EC 0x1C PointerToLinenumbers: 0x0
0x1F0 0x20 NumberOfRelocations: 0x0
0x1F2 0x22 NumberOfLinenumbers: 0x0
0x1F4 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 6.417698 (Min=0.0, Max=8.0)
MD5 hash: 0bc2ffd32265a08d72b795b18265828d
SHA-1 hash: dd2a446014a37556f39173b802c63a4e46e09366
SHA-256 hash: c5ee0a2892a4f9c317f9b33bfc3531e0235faa9a2a3b4c41bd71d39e4fd87d6f
SHA-512 hash: 1fed15e79ce6b713452fdb29ab866a00741850eec6c0078150abb72dfdb261e8a92f75b695c9218b46954dc315d6dd76cbc2758f571a02c5fc88a0c3b2f3f168
[IMAGE_SECTION_HEADER]
0x1F8 0x0 Name: .rdata
0x200 0x8 Misc: 0x1190
0x200 0x8 Misc_PhysicalAddress: 0x1190
0x200 0x8 Misc_VirtualSize: 0x1190
0x204 0xC VirtualAddress: 0x7000
0x208 0x10 SizeOfRawData: 0x1200
0x20C 0x14 PointerToRawData: 0x6000
0x210 0x18 PointerToRelocations: 0x0
0x214 0x1C PointerToLinenumbers: 0x0
0x218 0x20 NumberOfRelocations: 0x0
0x21A 0x22 NumberOfLinenumbers: 0x0
0x21C 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.181627 (Min=0.0, Max=8.0)
MD5 hash: f179218a059068529bdb4637ef5fa28e
SHA-1 hash: 6035d27db526131eb0f29aee60cfcdbb5072ed7d
SHA-256 hash: f80bf00310bd25e46e26c4b2042fa8215c3e5ce759947fe081d25b454dfc0fbe
SHA-512 hash: 054d33b3647aa099fb0fb3665877d6809969419ded2726975e74a37e778b59ae44361f7b419801f3b49da5044d505f63bd3c2bc9df1f2691bc699aa993ab17df
[IMAGE_SECTION_HEADER]
0x220 0x0 Name: .data
0x228 0x8 Misc: 0x1AF98
0x228 0x8 Misc_PhysicalAddress: 0x1AF98
0x228 0x8 Misc_VirtualSize: 0x1AF98
0x22C 0xC VirtualAddress: 0x9000
0x230 0x10 SizeOfRawData: 0x400
0x234 0x14 PointerToRawData: 0x7200
0x238 0x18 PointerToRelocations: 0x0
0x23C 0x1C PointerToLinenumbers: 0x0
0x240 0x20 NumberOfRelocations: 0x0
0x242 0x22 NumberOfLinenumbers: 0x0
0x244 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.709027 (Min=0.0, Max=8.0)
MD5 hash: 975304d6dd6c4a4f076b15511e2bbbc0
SHA-1 hash: 1f65340672c91ffd0f2583ff104beaece43c7855
SHA-256 hash: 1e9a47766ca6c6ff180369d74d6db2eea7fd80b802eb3c8f1c1da79cfcafebc7
SHA-512 hash: 4e2979878825876521b77f049dcb2dfc85a7e08a9286b4cb952c36376de4230718d003754b30164b391fd7a2a8a40e4fb0c09343ca3d08617b0d4100cdf6487c
[IMAGE_SECTION_HEADER]
0x248 0x0 Name: .ndata
0x250 0x8 Misc: 0x1A000
0x250 0x8 Misc_PhysicalAddress: 0x1A000
0x250 0x8 Misc_VirtualSize: 0x1A000
0x254 0xC VirtualAddress: 0x24000
0x258 0x10 SizeOfRawData: 0x0
0x25C 0x14 PointerToRawData: 0x0
0x260 0x18 PointerToRelocations: 0x0
0x264 0x1C PointerToLinenumbers: 0x0
0x268 0x20 NumberOfRelocations: 0x0
0x26A 0x22 NumberOfLinenumbers: 0x0
0x26C 0x24 Characteristics: 0xC0000080
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 0.000000 (Min=0.0, Max=8.0)
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
[IMAGE_SECTION_HEADER]
0x270 0x0 Name: .rsrc
0x278 0x8 Misc: 0x59A8
0x278 0x8 Misc_PhysicalAddress: 0x59A8
0x278 0x8 Misc_VirtualSize: 0x59A8
0x27C 0xC VirtualAddress: 0x3E000
0x280 0x10 SizeOfRawData: 0x5A00
0x284 0x14 PointerToRawData: 0x7600
0x288 0x18 PointerToRelocations: 0x0
0x28C 0x1C PointerToLinenumbers: 0x0
0x290 0x20 NumberOfRelocations: 0x0
0x292 0x22 NumberOfLinenumbers: 0x0
0x294 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.972795 (Min=0.0, Max=8.0)
MD5 hash: 3d1aa7ec82c5df2011cb5becc43f68b4
SHA-1 hash: 25ac6fa496eb59fc0cfe56d8a40c4fbe3c9248f7
SHA-256 hash: f5a1b4b3a1c8e4c07b0241fcfd03cd82d17dd2e8336f74d485c4f138bafefb64
SHA-512 hash: 293402f906c2d447bf3556c320109f4edcd2181ec3b910c566e1fbc883f7269fc0fa7c391354aaf1e7e646d12343b7a54568b3a1213276bb1da6b6ce6c1d29a1
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x158 0x0 VirtualAddress: 0x73A4
0x15C 0x4 Size: 0xB4
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x160 0x0 VirtualAddress: 0x3E000
0x164 0x4 Size: 0x59A8
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x168 0x0 VirtualAddress: 0x0
0x16C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x178 0x0 VirtualAddress: 0x0
0x17C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x180 0x0 VirtualAddress: 0x0
0x184 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x188 0x0 VirtualAddress: 0x0
0x18C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x190 0x0 VirtualAddress: 0x0
0x194 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x198 0x0 VirtualAddress: 0x0
0x19C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x1A0 0x0 VirtualAddress: 0x0
0x1A4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x1A8 0x0 VirtualAddress: 0x0
0x1AC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x1B0 0x0 VirtualAddress: 0x7000
0x1B4 0x4 Size: 0x28C
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x1B8 0x0 VirtualAddress: 0x0
0x1BC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x1C0 0x0 VirtualAddress: 0x0
0x1C4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x1C8 0x0 VirtualAddress: 0x0
0x1CC 0x4 Size: 0x0
----------Version Information----------
[VS_VERSIONINFO]
0xC990 0x0 Length: 0x254
0xC992 0x2 ValueLength: 0x34
0xC994 0x4 Type: 0x0
[VS_FIXEDFILEINFO]
0xC9B8 0x0 Signature: 0xFEEF04BD
0xC9BC 0x4 StrucVersion: 0x0
0xC9C0 0x8 FileVersionMS: 0x10004
0xC9C4 0xC FileVersionLS: 0x20000
0xC9C8 0x10 ProductVersionMS: 0x10004
0xC9CC 0x14 ProductVersionLS: 0x20000
0xC9D0 0x18 FileFlagsMask: 0x0
0xC9D4 0x1C FileFlags: 0x0
0xC9D8 0x20 FileOS: 0x4
0xC9DC 0x24 FileType: 0x1
0xC9E0 0x28 FileSubtype: 0x0
0xC9E4 0x2C FileDateMS: 0x0
0xC9E8 0x30 FileDateLS: 0x0
[StringFileInfo]
0xC9EC 0x0 Length: 0x1B4
0xC9EE 0x2 ValueLength: 0x0
0xC9F0 0x4 Type: 0x0
[VarFileInfo]
0xCBA0 0x0 Length: 0x44
0xCBA2 0x2 ValueLength: 0x0
0xCBA4 0x4 Type: 0x0
----------Imported symbols----------
[IMAGE_IMPORT_DESCRIPTOR]
0x63A4 0x0 OriginalFirstThunk: 0x74B8
0x63A4 0x0 Characteristics: 0x74B8
0x63A8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63AC 0x8 ForwarderChain: 0x0
0x63B0 0xC Name: 0x7AD4
0x63B4 0x10 FirstThunk: 0x7060
KERNEL32.dll.CompareFileTime Hint[57]
KERNEL32.dll.SearchPathA Hint[731]
KERNEL32.dll.GetShortPathNameA Hint[437]
KERNEL32.dll.GetFullPathNameA Hint[361]
KERNEL32.dll.MoveFileA Hint[622]
KERNEL32.dll.SetCurrentDirectoryA Hint[778]
KERNEL32.dll.GetFileAttributesA Hint[350]
KERNEL32.dll.GetLastError Hint[369]
KERNEL32.dll.CreateDirectoryA Hint[75]
KERNEL32.dll.SetFileAttributesA Hint[793]
KERNEL32.dll.Sleep Hint[854]
KERNEL32.dll.GetTickCount Hint[479]
KERNEL32.dll.CreateFileA Hint[83]
KERNEL32.dll.GetFileSize Hint[355]
KERNEL32.dll.GetModuleFileNameA Hint[381]
KERNEL32.dll.GetCurrentProcess Hint[322]
KERNEL32.dll.CopyFileA Hint[67]
KERNEL32.dll.ExitProcess Hint[185]
KERNEL32.dll.SetFileTime Hint[799]
KERNEL32.dll.GetTempPathA Hint[469]
KERNEL32.dll.GetCommandLineA Hint[272]
KERNEL32.dll.SetErrorMode Hint[789]
KERNEL32.dll.LoadLibraryA Hint[594]
KERNEL32.dll.lstrcpynA Hint[969]
KERNEL32.dll.GetDiskFreeSpaceA Hint[333]
KERNEL32.dll.GlobalUnlock Hint[522]
KERNEL32.dll.GlobalLock Hint[515]
KERNEL32.dll.CreateThread Hint[111]
KERNEL32.dll.CreateProcessA Hint[102]
KERNEL32.dll.RemoveDirectoryA Hint[708]
KERNEL32.dll.GetTempFileNameA Hint[467]
KERNEL32.dll.lstrlenA Hint[972]
KERNEL32.dll.lstrcatA Hint[957]
KERNEL32.dll.GetSystemDirectoryA Hint[449]
KERNEL32.dll.GetVersion Hint[488]
KERNEL32.dll.CloseHandle Hint[52]
KERNEL32.dll.lstrcmpiA Hint[963]
KERNEL32.dll.lstrcmpA Hint[960]
KERNEL32.dll.ExpandEnvironmentStringsA Hint[188]
KERNEL32.dll.GlobalFree Hint[511]
KERNEL32.dll.GlobalAlloc Hint[504]
KERNEL32.dll.WaitForSingleObject Hint[912]
KERNEL32.dll.GetExitCodeProcess Hint[346]
KERNEL32.dll.GetModuleHandleA Hint[383]
KERNEL32.dll.LoadLibraryExA Hint[595]
KERNEL32.dll.GetProcAddress Hint[416]
KERNEL32.dll.FreeLibrary Hint[248]
KERNEL32.dll.MultiByteToWideChar Hint[629]
KERNEL32.dll.WritePrivateProfileStringA Hint[937]
KERNEL32.dll.GetPrivateProfileStringA Hint[412]
KERNEL32.dll.WriteFile Hint[932]
KERNEL32.dll.ReadFile Hint[693]
KERNEL32.dll.MulDiv Hint[628]
KERNEL32.dll.SetFilePointer Hint[795]
KERNEL32.dll.FindClose Hint[206]
KERNEL32.dll.FindNextFileA Hint[220]
KERNEL32.dll.FindFirstFileA Hint[210]
KERNEL32.dll.DeleteFileA Hint[131]
KERNEL32.dll.GetWindowsDirectoryA Hint[499]
[IMAGE_IMPORT_DESCRIPTOR]
0x63B8 0x0 OriginalFirstThunk: 0x75C4
0x63B8 0x0 Characteristics: 0x75C4
0x63BC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63C0 0x8 ForwarderChain: 0x0
0x63C4 0xC Name: 0x7ED8
0x63C8 0x10 FirstThunk: 0x716C
USER32.dll.EndDialog Hint[198]
USER32.dll.ScreenToClient Hint[561]
USER32.dll.GetWindowRect Hint[372]
USER32.dll.EnableMenuItem Hint[194]
USER32.dll.GetSystemMenu Hint[348]
USER32.dll.SetClassLongA Hint[583]
USER32.dll.IsWindowEnabled Hint[430]
USER32.dll.SetWindowPos Hint[643]
USER32.dll.GetSysColor Hint[346]
USER32.dll.GetWindowLongA Hint[366]
USER32.dll.SetCursor Hint[589]
USER32.dll.LoadCursorA Hint[442]
USER32.dll.CheckDlgButton Hint[56]
USER32.dll.GetMessagePos Hint[316]
USER32.dll.LoadBitmapA Hint[440]
USER32.dll.CallWindowProcA Hint[27]
USER32.dll.IsWindowVisible Hint[433]
USER32.dll.CloseClipboard Hint[66]
USER32.dll.SetClipboardData Hint[586]
USER32.dll.EmptyClipboard Hint[193]
USER32.dll.RegisterClassA Hint[534]
USER32.dll.TrackPopupMenu Hint[676]
USER32.dll.AppendMenuA Hint[8]
USER32.dll.CreatePopupMenu Hint[94]
USER32.dll.GetSystemMetrics Hint[349]
USER32.dll.SetDlgItemTextA Hint[595]
USER32.dll.GetDlgItemTextA Hint[275]
USER32.dll.MessageBoxIndirectA Hint[482]
USER32.dll.CharPrevA Hint[45]
USER32.dll.DispatchMessageA Hint[161]
USER32.dll.PeekMessageA Hint[512]
USER32.dll.DestroyWindow Hint[153]
USER32.dll.CreateDialogParamA Hint[85]
USER32.dll.SetTimer Hint[634]
USER32.dll.SetWindowTextA Hint[646]
USER32.dll.PostQuitMessage Hint[516]
USER32.dll.SetForegroundWindow Hint[599]
USER32.dll.wsprintfA Hint[727]
USER32.dll.SendMessageTimeoutA Hint[574]
USER32.dll.FindWindowExA Hint[228]
USER32.dll.SystemParametersInfoA Hint[665]
USER32.dll.CreateWindowExA Hint[96]
USER32.dll.GetClassInfoA Hint[246]
USER32.dll.DialogBoxParamA Hint[158]
USER32.dll.CharNextA Hint[42]
USER32.dll.OpenClipboard Hint[502]
USER32.dll.ExitWindowsEx Hint[225]
USER32.dll.IsWindow Hint[429]
USER32.dll.GetDlgItem Hint[273]
USER32.dll.SetWindowLongA Hint[640]
USER32.dll.LoadImageA Hint[448]
USER32.dll.GetDC Hint[268]
USER32.dll.EnableWindow Hint[196]
USER32.dll.InvalidateRect Hint[403]
USER32.dll.SendMessageA Hint[571]
USER32.dll.DefWindowProcA Hint[142]
USER32.dll.BeginPaint Hint[13]
USER32.dll.GetClientRect Hint[255]
USER32.dll.FillRect Hint[226]
USER32.dll.DrawTextA Hint[188]
USER32.dll.EndPaint Hint[200]
USER32.dll.ShowWindow Hint[658]
[IMAGE_IMPORT_DESCRIPTOR]
0x63CC 0x0 OriginalFirstThunk: 0x7494
0x63CC 0x0 Characteristics: 0x7494
0x63D0 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63D4 0x8 ForwarderChain: 0x0
0x63D8 0xC Name: 0x7F6A
0x63DC 0x10 FirstThunk: 0x703C
GDI32.dll.SetBkColor Hint[533]
GDI32.dll.GetDeviceCaps Hint[363]
GDI32.dll.DeleteObject Hint[143]
GDI32.dll.CreateBrushIndirect Hint[41]
GDI32.dll.CreateFontIndirectA Hint[58]
GDI32.dll.SetBkMode Hint[534]
GDI32.dll.SetTextColor Hint[572]
GDI32.dll.SelectObject Hint[526]
[IMAGE_IMPORT_DESCRIPTOR]
0x63E0 0x0 OriginalFirstThunk: 0x75A8
0x63E0 0x0 Characteristics: 0x75A8
0x63E4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63E8 0x8 ForwarderChain: 0x0
0x63EC 0xC Name: 0x7FF6
0x63F0 0x10 FirstThunk: 0x7150
SHELL32.dll.SHGetPathFromIDListA Hint[188]
SHELL32.dll.SHBrowseForFolderA Hint[121]
SHELL32.dll.SHGetFileInfoA Hint[172]
SHELL32.dll.ShellExecuteA Hint[263]
SHELL32.dll.SHFileOperationA Hint[154]
SHELL32.dll.SHGetSpecialFolderLocation Hint[195]
[IMAGE_IMPORT_DESCRIPTOR]
0x63F4 0x0 OriginalFirstThunk: 0x7458
0x63F4 0x0 Characteristics: 0x7458
0x63F8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63FC 0x8 ForwarderChain: 0x0
0x6400 0xC Name: 0x8098
0x6404 0x10 FirstThunk: 0x7000
ADVAPI32.dll.RegQueryValueExA Hint[503]
ADVAPI32.dll.RegSetValueExA Hint[516]
ADVAPI32.dll.RegEnumKeyA Hint[477]
ADVAPI32.dll.RegEnumValueA Hint[481]
ADVAPI32.dll.RegOpenKeyExA Hint[492]
ADVAPI32.dll.RegDeleteKeyA Hint[468]
ADVAPI32.dll.RegDeleteValueA Hint[472]
ADVAPI32.dll.RegCloseKey Hint[459]
ADVAPI32.dll.RegCreateKeyExA Hint[465]
[IMAGE_IMPORT_DESCRIPTOR]
0x6408 0x0 OriginalFirstThunk: 0x7480
0x6408 0x0 Characteristics: 0x7480
0x640C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6410 0x8 ForwarderChain: 0x0
0x6414 0xC Name: 0x80E4
0x6418 0x10 FirstThunk: 0x7028
COMCTL32.dll.ImageList_AddMasked Hint[52]
COMCTL32.dll.ImageList_Destroy Hint[56]
COMCTL32.dll Ordinal[17] (Imported by Ordinal)
COMCTL32.dll.ImageList_Create Hint[55]
[IMAGE_IMPORT_DESCRIPTOR]
0x641C 0x0 OriginalFirstThunk: 0x76D0
0x641C 0x0 Characteristics: 0x76D0
0x6420 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6424 0x8 ForwarderChain: 0x0
0x6428 0xC Name: 0x8138
0x642C 0x10 FirstThunk: 0x7278
ole32.dll.CoTaskMemFree Hint[101]
ole32.dll.OleInitialize Hint[238]
ole32.dll.OleUninitialize Hint[261]
ole32.dll.CoCreateInstance Hint[16]
[IMAGE_IMPORT_DESCRIPTOR]
0x6430 0x0 OriginalFirstThunk: 0x76C0
0x6430 0x0 Characteristics: 0x76C0
0x6434 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6438 0x8 ForwarderChain: 0x0
0x643C 0xC Name: 0x8184
0x6440 0x10 FirstThunk: 0x7268
VERSION.dll.GetFileVersionInfoSizeA Hint[1]
VERSION.dll.GetFileVersionInfoA Hint[0]
VERSION.dll.VerQueryValueA Hint[10]
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0x7600 0x0 Characteristics: 0x0
0x7604 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7608 0x8 MajorVersion: 0x0
0x760A 0xA MinorVersion: 0x0
0x760C 0xC NumberOfNamedEntries: 0x0
0x760E 0xE NumberOfIdEntries: 0x6
Id: [0x2] (RT_BITMAP)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7610 0x0 Name: 0x2
0x7614 0x4 OffsetToData: 0x80000040
[IMAGE_RESOURCE_DIRECTORY]
0x7640 0x0 Characteristics: 0x0
0x7644 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7648 0x8 MajorVersion: 0x0
0x764A 0xA MinorVersion: 0x0
0x764C 0xC NumberOfNamedEntries: 0x0
0x764E 0xE NumberOfIdEntries: 0x1
Id: [0x6E]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7650 0x0 Name: 0x6E
0x7654 0x4 OffsetToData: 0x80000138
[IMAGE_RESOURCE_DIRECTORY]
0x7738 0x0 Characteristics: 0x0
0x773C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7740 0x8 MajorVersion: 0x0
0x7742 0xA MinorVersion: 0x0
0x7744 0xC NumberOfNamedEntries: 0x0
0x7746 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7748 0x0 Name: 0x409
0x774C 0x4 OffsetToData: 0x300
[IMAGE_RESOURCE_DATA_ENTRY]
0x7900 0x0 OffsetToData: 0x3E430
0x7904 0x4 Size: 0x666
0x7908 0x8 CodePage: 0x0
0x790C 0xC Reserved: 0x0
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7618 0x0 Name: 0x3
0x761C 0x4 OffsetToData: 0x80000058
[IMAGE_RESOURCE_DIRECTORY]
0x7658 0x0 Characteristics: 0x0
0x765C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7660 0x8 MajorVersion: 0x0
0x7662 0xA MinorVersion: 0x0
0x7664 0xC NumberOfNamedEntries: 0x0
0x7666 0xE NumberOfIdEntries: 0x3
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7668 0x0 Name: 0x1
0x766C 0x4 OffsetToData: 0x80000150
[IMAGE_RESOURCE_DIRECTORY]
0x7750 0x0 Characteristics: 0x0
0x7754 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7758 0x8 MajorVersion: 0x0
0x775A 0xA MinorVersion: 0x0
0x775C 0xC NumberOfNamedEntries: 0x0
0x775E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7760 0x0 Name: 0x409
0x7764 0x4 OffsetToData: 0x310
[IMAGE_RESOURCE_DATA_ENTRY]
0x7910 0x0 OffsetToData: 0x3EA98
0x7914 0x4 Size: 0x25A8
0x7918 0x8 CodePage: 0x0
0x791C 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7670 0x0 Name: 0x2
0x7674 0x4 OffsetToData: 0x80000168
[IMAGE_RESOURCE_DIRECTORY]
0x7768 0x0 Characteristics: 0x0
0x776C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7770 0x8 MajorVersion: 0x0
0x7772 0xA MinorVersion: 0x0
0x7774 0xC NumberOfNamedEntries: 0x0
0x7776 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7778 0x0 Name: 0x409
0x777C 0x4 OffsetToData: 0x320
[IMAGE_RESOURCE_DATA_ENTRY]
0x7920 0x0 OffsetToData: 0x41040
0x7924 0x4 Size: 0x10A8
0x7928 0x8 CodePage: 0x0
0x792C 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7678 0x0 Name: 0x3
0x767C 0x4 OffsetToData: 0x80000180
[IMAGE_RESOURCE_DIRECTORY]
0x7780 0x0 Characteristics: 0x0
0x7784 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7788 0x8 MajorVersion: 0x0
0x778A 0xA MinorVersion: 0x0
0x778C 0xC NumberOfNamedEntries: 0x0
0x778E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7790 0x0 Name: 0x409
0x7794 0x4 OffsetToData: 0x330
[IMAGE_RESOURCE_DATA_ENTRY]
0x7930 0x0 OffsetToData: 0x420E8
0x7934 0x4 Size: 0x468
0x7938 0x8 CodePage: 0x0
0x793C 0xC Reserved: 0x0
Id: [0x5] (RT_DIALOG)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7620 0x0 Name: 0x5
0x7624 0x4 OffsetToData: 0x80000080
[IMAGE_RESOURCE_DIRECTORY]
0x7680 0x0 Characteristics: 0x0
0x7684 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7688 0x8 MajorVersion: 0x0
0x768A 0xA MinorVersion: 0x0
0x768C 0xC NumberOfNamedEntries: 0x0
0x768E 0xE NumberOfIdEntries: 0xC
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7690 0x0 Name: 0x67
0x7694 0x4 OffsetToData: 0x80000198
[IMAGE_RESOURCE_DIRECTORY]
0x7798 0x0 Characteristics: 0x0
0x779C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77A0 0x8 MajorVersion: 0x0
0x77A2 0xA MinorVersion: 0x0
0x77A4 0xC NumberOfNamedEntries: 0x0
0x77A6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77A8 0x0 Name: 0x409
0x77AC 0x4 OffsetToData: 0x340
[IMAGE_RESOURCE_DATA_ENTRY]
0x7940 0x0 OffsetToData: 0x42550
0x7944 0x4 Size: 0x120
0x7948 0x8 CodePage: 0x0
0x794C 0xC Reserved: 0x0
Id: [0x68]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7698 0x0 Name: 0x68
0x769C 0x4 OffsetToData: 0x800001B0
[IMAGE_RESOURCE_DIRECTORY]
0x77B0 0x0 Characteristics: 0x0
0x77B4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77B8 0x8 MajorVersion: 0x0
0x77BA 0xA MinorVersion: 0x0
0x77BC 0xC NumberOfNamedEntries: 0x0
0x77BE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77C0 0x0 Name: 0x409
0x77C4 0x4 OffsetToData: 0x350
[IMAGE_RESOURCE_DATA_ENTRY]
0x7950 0x0 OffsetToData: 0x42670
0x7954 0x4 Size: 0x158
0x7958 0x8 CodePage: 0x0
0x795C 0xC Reserved: 0x0
Id: [0x69]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76A0 0x0 Name: 0x69
0x76A4 0x4 OffsetToData: 0x800001C8
[IMAGE_RESOURCE_DIRECTORY]
0x77C8 0x0 Characteristics: 0x0
0x77CC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77D0 0x8 MajorVersion: 0x0
0x77D2 0xA MinorVersion: 0x0
0x77D4 0xC NumberOfNamedEntries: 0x0
0x77D6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77D8 0x0 Name: 0x409
0x77DC 0x4 OffsetToData: 0x360
[IMAGE_RESOURCE_DATA_ENTRY]
0x7960 0x0 OffsetToData: 0x427C8
0x7964 0x4 Size: 0x202
0x7968 0x8 CodePage: 0x0
0x796C 0xC Reserved: 0x0
Id: [0x6A]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76A8 0x0 Name: 0x6A
0x76AC 0x4 OffsetToData: 0x800001E0
[IMAGE_RESOURCE_DIRECTORY]
0x77E0 0x0 Characteristics: 0x0
0x77E4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77E8 0x8 MajorVersion: 0x0
0x77EA 0xA MinorVersion: 0x0
0x77EC 0xC NumberOfNamedEntries: 0x0
0x77EE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77F0 0x0 Name: 0x409
0x77F4 0x4 OffsetToData: 0x370
[IMAGE_RESOURCE_DATA_ENTRY]
0x7970 0x0 OffsetToData: 0x429D0
0x7974 0x4 Size: 0xF8
0x7978 0x8 CodePage: 0x0
0x797C 0xC Reserved: 0x0
Id: [0x6B]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76B0 0x0 Name: 0x6B
0x76B4 0x4 OffsetToData: 0x800001F8
[IMAGE_RESOURCE_DIRECTORY]
0x77F8 0x0 Characteristics: 0x0
0x77FC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7800 0x8 MajorVersion: 0x0
0x7802 0xA MinorVersion: 0x0
0x7804 0xC NumberOfNamedEntries: 0x0
0x7806 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7808 0x0 Name: 0x409
0x780C 0x4 OffsetToData: 0x380
[IMAGE_RESOURCE_DATA_ENTRY]
0x7980 0x0 OffsetToData: 0x42AC8
0x7984 0x4 Size: 0xA0
0x7988 0x8 CodePage: 0x0
0x798C 0xC Reserved: 0x0
Id: [0x6F]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76B8 0x0 Name: 0x6F
0x76BC 0x4 OffsetToData: 0x80000210
[IMAGE_RESOURCE_DIRECTORY]
0x7810 0x0 Characteristics: 0x0
0x7814 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7818 0x8 MajorVersion: 0x0
0x781A 0xA MinorVersion: 0x0
0x781C 0xC NumberOfNamedEntries: 0x0
0x781E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7820 0x0 Name: 0x409
0x7824 0x4 OffsetToData: 0x390
[IMAGE_RESOURCE_DATA_ENTRY]
0x7990 0x0 OffsetToData: 0x42B68
0x7994 0x4 Size: 0xEE
0x7998 0x8 CodePage: 0x0
0x799C 0xC Reserved: 0x0
Id: [0xCB]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76C0 0x0 Name: 0xCB
0x76C4 0x4 OffsetToData: 0x80000228
[IMAGE_RESOURCE_DIRECTORY]
0x7828 0x0 Characteristics: 0x0
0x782C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7830 0x8 MajorVersion: 0x0
0x7832 0xA MinorVersion: 0x0
0x7834 0xC NumberOfNamedEntries: 0x0
0x7836 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7838 0x0 Name: 0x409
0x783C 0x4 OffsetToData: 0x3A0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79A0 0x0 OffsetToData: 0x42C58
0x79A4 0x4 Size: 0x120
0x79A8 0x8 CodePage: 0x0
0x79AC 0xC Reserved: 0x0
Id: [0xCC]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76C8 0x0 Name: 0xCC
0x76CC 0x4 OffsetToData: 0x80000240
[IMAGE_RESOURCE_DIRECTORY]
0x7840 0x0 Characteristics: 0x0
0x7844 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7848 0x8 MajorVersion: 0x0
0x784A 0xA MinorVersion: 0x0
0x784C 0xC NumberOfNamedEntries: 0x0
0x784E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7850 0x0 Name: 0x409
0x7854 0x4 OffsetToData: 0x3B0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79B0 0x0 OffsetToData: 0x42D78
0x79B4 0x4 Size: 0x158
0x79B8 0x8 CodePage: 0x0
0x79BC 0xC Reserved: 0x0
Id: [0xCD]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76D0 0x0 Name: 0xCD
0x76D4 0x4 OffsetToData: 0x80000258
[IMAGE_RESOURCE_DIRECTORY]
0x7858 0x0 Characteristics: 0x0
0x785C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7860 0x8 MajorVersion: 0x0
0x7862 0xA MinorVersion: 0x0
0x7864 0xC NumberOfNamedEntries: 0x0
0x7866 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7868 0x0 Name: 0x409
0x786C 0x4 OffsetToData: 0x3C0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79C0 0x0 OffsetToData: 0x42ED0
0x79C4 0x4 Size: 0x202
0x79C8 0x8 CodePage: 0x0
0x79CC 0xC Reserved: 0x0
Id: [0xCE]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76D8 0x0 Name: 0xCE
0x76DC 0x4 OffsetToData: 0x80000270
[IMAGE_RESOURCE_DIRECTORY]
0x7870 0x0 Characteristics: 0x0
0x7874 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7878 0x8 MajorVersion: 0x0
0x787A 0xA MinorVersion: 0x0
0x787C 0xC NumberOfNamedEntries: 0x0
0x787E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7880 0x0 Name: 0x409
0x7884 0x4 OffsetToData: 0x3D0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79D0 0x0 OffsetToData: 0x430D8
0x79D4 0x4 Size: 0xF8
0x79D8 0x8 CodePage: 0x0
0x79DC 0xC Reserved: 0x0
Id: [0xCF]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76E0 0x0 Name: 0xCF
0x76E4 0x4 OffsetToData: 0x80000288
[IMAGE_RESOURCE_DIRECTORY]
0x7888 0x0 Characteristics: 0x0
0x788C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7890 0x8 MajorVersion: 0x0
0x7892 0xA MinorVersion: 0x0
0x7894 0xC NumberOfNamedEntries: 0x0
0x7896 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7898 0x0 Name: 0x409
0x789C 0x4 OffsetToData: 0x3E0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79E0 0x0 OffsetToData: 0x431D0
0x79E4 0x4 Size: 0xA0
0x79E8 0x8 CodePage: 0x0
0x79EC 0xC Reserved: 0x0
Id: [0xD3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76E8 0x0 Name: 0xD3
0x76EC 0x4 OffsetToData: 0x800002A0
[IMAGE_RESOURCE_DIRECTORY]
0x78A0 0x0 Characteristics: 0x0
0x78A4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78A8 0x8 MajorVersion: 0x0
0x78AA 0xA MinorVersion: 0x0
0x78AC 0xC NumberOfNamedEntries: 0x0
0x78AE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78B0 0x0 Name: 0x409
0x78B4 0x4 OffsetToData: 0x3F0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79F0 0x0 OffsetToData: 0x43270
0x79F4 0x4 Size: 0xEE
0x79F8 0x8 CodePage: 0x0
0x79FC 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7628 0x0 Name: 0xE
0x762C 0x4 OffsetToData: 0x800000F0
[IMAGE_RESOURCE_DIRECTORY]
0x76F0 0x0 Characteristics: 0x0
0x76F4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x76F8 0x8 MajorVersion: 0x0
0x76FA 0xA MinorVersion: 0x0
0x76FC 0xC NumberOfNamedEntries: 0x0
0x76FE 0xE NumberOfIdEntries: 0x1
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7700 0x0 Name: 0x67
0x7704 0x4 OffsetToData: 0x800002B8
[IMAGE_RESOURCE_DIRECTORY]
0x78B8 0x0 Characteristics: 0x0
0x78BC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78C0 0x8 MajorVersion: 0x0
0x78C2 0xA MinorVersion: 0x0
0x78C4 0xC NumberOfNamedEntries: 0x0
0x78C6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78C8 0x0 Name: 0x409
0x78CC 0x4 OffsetToData: 0x400
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A00 0x0 OffsetToData: 0x43360
0x7A04 0x4 Size: 0x30
0x7A08 0x8 CodePage: 0x0
0x7A0C 0xC Reserved: 0x0
Id: [0x10] (RT_VERSION)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7630 0x0 Name: 0x10
0x7634 0x4 OffsetToData: 0x80000108
[IMAGE_RESOURCE_DIRECTORY]
0x7708 0x0 Characteristics: 0x0
0x770C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7710 0x8 MajorVersion: 0x0
0x7712 0xA MinorVersion: 0x0
0x7714 0xC NumberOfNamedEntries: 0x0
0x7716 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7718 0x0 Name: 0x1
0x771C 0x4 OffsetToData: 0x800002D0
[IMAGE_RESOURCE_DIRECTORY]
0x78D0 0x0 Characteristics: 0x0
0x78D4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78D8 0x8 MajorVersion: 0x0
0x78DA 0xA MinorVersion: 0x0
0x78DC 0xC NumberOfNamedEntries: 0x0
0x78DE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78E0 0x0 Name: 0x0
0x78E4 0x4 OffsetToData: 0x410
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A10 0x0 OffsetToData: 0x43390
0x7A14 0x4 Size: 0x254
0x7A18 0x8 CodePage: 0x0
0x7A1C 0xC Reserved: 0x0
Id: [0x18] (RT_MANIFEST)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7638 0x0 Name: 0x18
0x763C 0x4 OffsetToData: 0x80000120
[IMAGE_RESOURCE_DIRECTORY]
0x7720 0x0 Characteristics: 0x0
0x7724 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7728 0x8 MajorVersion: 0x0
0x772A 0xA MinorVersion: 0x0
0x772C 0xC NumberOfNamedEntries: 0x0
0x772E 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7730 0x0 Name: 0x1
0x7734 0x4 OffsetToData: 0x800002E8
[IMAGE_RESOURCE_DIRECTORY]
0x78E8 0x0 Characteristics: 0x0
0x78EC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78F0 0x8 MajorVersion: 0x0
0x78F2 0xA MinorVersion: 0x0
0x78F4 0xC NumberOfNamedEntries: 0x0
0x78F6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78F8 0x0 Name: 0x409
0x78FC 0x4 OffsetToData: 0x420
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A20 0x0 OffsetToData: 0x435E8
0x7A24 0x4 Size: 0x3BA
0x7A28 0x8 CodePage: 0x0
0x7A2C 0xC Reserved: 0x0
676a5f9d20852cde7e84bd52365adeaf
FileName: 103132_676a5f9d20852cde7e84bd52365adeaf.exe
Size : 103132
Md5 : 676a5f9d20852cde7e84bd52365adeaf
PEiD : None
Virus Total Result:
TheHacker -> Trojan/Agent.gen
NOD32 -> LNK/URL.B
Norman -> W32/Suspicious_Gen4.AGAEO
ClamAV -> PUA.IRC-Client.mIRC-37
Kaspersky -> HEUR:Trojan.RAR.Clicker.a
Emsisoft -> Riskware.AdWare.WinLNK!IK
Comodo -> Heur.Packed.Unknown
AntiVir -> Adware/WinLNK.Clicker.c.39
Ikarus -> not-a-virus:AdWare.WinLNK
Fortinet -> Adware/WinLNK_Clicker
FileInfo:
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x50
0x4 0x4 e_cp: 0x2
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0xF
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x1A
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0x200
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0x200 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0x204 0x0 Machine: 0x14C
0x206 0x2 NumberOfSections: 0x4
0x208 0x4 TimeDateStamp: 0x45084BDE [Wed Sep 13 18:20:14 2006 UTC]
0x20C 0x8 PointerToSymbolTable: 0x0
0x210 0xC NumberOfSymbols: 0x0
0x214 0x10 SizeOfOptionalHeader: 0xE0
0x216 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER]
0x218 0x0 Magic: 0x10B
0x21A 0x2 MajorLinkerVersion: 0x5
0x21B 0x3 MinorLinkerVersion: 0x0
0x21C 0x4 SizeOfCode: 0x13000
0x220 0x8 SizeOfInitializedData: 0x7000
0x224 0xC SizeOfUninitializedData: 0x0
0x228 0x10 AddressOfEntryPoint: 0x1000
0x22C 0x14 BaseOfCode: 0x1000
0x230 0x18 BaseOfData: 0x14000
0x234 0x1C ImageBase: 0x400000
0x238 0x20 SectionAlignment: 0x1000
0x23C 0x24 FileAlignment: 0x200
0x240 0x28 MajorOperatingSystemVersion: 0x4
0x242 0x2A MinorOperatingSystemVersion: 0x0
0x244 0x2C MajorImageVersion: 0x0
0x246 0x2E MinorImageVersion: 0x0
0x248 0x30 MajorSubsystemVersion: 0x4
0x24A 0x32 MinorSubsystemVersion: 0x0
0x24C 0x34 Reserved1: 0x0
0x250 0x38 SizeOfImage: 0x20000
0x254 0x3C SizeOfHeaders: 0x400
0x258 0x40 CheckSum: 0x0
0x25C 0x44 Subsystem: 0x2
0x25E 0x46 DllCharacteristics: 0x0
0x260 0x48 SizeOfStackReserve: 0x100000
0x264 0x4C SizeOfStackCommit: 0x2000
0x268 0x50 SizeOfHeapReserve: 0x100000
0x26C 0x54 SizeOfHeapCommit: 0x1000
0x270 0x58 LoaderFlags: 0x0
0x274 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics:
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x2F8 0x0 Name: .text
0x300 0x8 Misc: 0x13000
0x300 0x8 Misc_PhysicalAddress: 0x13000
0x300 0x8 Misc_VirtualSize: 0x13000
0x304 0xC VirtualAddress: 0x1000
0x308 0x10 SizeOfRawData: 0x12E00
0x30C 0x14 PointerToRawData: 0x600
0x310 0x18 PointerToRelocations: 0x0
0x314 0x1C PointerToLinenumbers: 0x0
0x318 0x20 NumberOfRelocations: 0x0
0x31A 0x22 NumberOfLinenumbers: 0x0
0x31C 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 6.467879 (Min=0.0, Max=8.0)
MD5 hash: 1d4618da7a4f5e7c206b4514d99c02cc
SHA-1 hash: 2e1d32bcb88cf11c72d027a1dd0498c32f5ff702
SHA-256 hash: 7afaa91ad34a9d6815a2204109235e7073556817b8f3288629a100d3ea1c1cc4
SHA-512 hash: 326a18bacb614b1610b2f76918f77880af481f10a90fd759df784f13ef069869cff2562ff39946f7febe52d3133a5577283be0bb0ba4536752b8dafbcb21353b
[IMAGE_SECTION_HEADER]
0x320 0x0 Name: .data
0x328 0x8 Misc: 0x7000
0x328 0x8 Misc_PhysicalAddress: 0x7000
0x328 0x8 Misc_VirtualSize: 0x7000
0x32C 0xC VirtualAddress: 0x14000
0x330 0x10 SizeOfRawData: 0xA00
0x334 0x14 PointerToRawData: 0x13400
0x338 0x18 PointerToRelocations: 0x0
0x33C 0x1C PointerToLinenumbers: 0x0
0x340 0x20 NumberOfRelocations: 0x0
0x342 0x22 NumberOfLinenumbers: 0x0
0x344 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.756219 (Min=0.0, Max=8.0)
MD5 hash: 030369e9393240e022bc421ed04dc685
SHA-1 hash: e008cd506baa5ffeb9eedcf47c10de99523b5dbc
SHA-256 hash: a65bd22e2f6b9220dc30dd01c4544984352d26cc64f54340c90a64f28e09e810
SHA-512 hash: 0450e795b3c26a28e65c82946ae5001c015f3a612b9c539edd1d65ca770b73259a48f85bb4e7d8e08a847995c234b20e8b0f24db2daf6f9754fb51ff30fb2d28
[IMAGE_SECTION_HEADER]
0x348 0x0 Name: .idata
0x350 0x8 Misc: 0x1000
0x350 0x8 Misc_PhysicalAddress: 0x1000
0x350 0x8 Misc_VirtualSize: 0x1000
0x354 0xC VirtualAddress: 0x1B000
0x358 0x10 SizeOfRawData: 0x1000
0x35C 0x14 PointerToRawData: 0x13E00
0x360 0x18 PointerToRelocations: 0x0
0x364 0x1C PointerToLinenumbers: 0x0
0x368 0x20 NumberOfRelocations: 0x0
0x36A 0x22 NumberOfLinenumbers: 0x0
0x36C 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.053993 (Min=0.0, Max=8.0)
MD5 hash: c274ffd22986d8fbe298e4856812e616
SHA-1 hash: 214ff8bbfa09bc39defc91c7c660c11af551f794
SHA-256 hash: 47ea199be37258d17f6b291308a5c500449391182f29fde5d8ee900487f55d3d
SHA-512 hash: ea2bf5563ac7a83a0e611077e7e239d15b3e28b9189f8e1ca2a6a0c64df79ffd349f240ccc1a23e543043cede8eb19af3887e7c4bde1e23530eb92580b599cca
[IMAGE_SECTION_HEADER]
0x370 0x0 Name: .rsrc
0x378 0x8 Misc: 0x4000
0x378 0x8 Misc_PhysicalAddress: 0x4000
0x378 0x8 Misc_VirtualSize: 0x4000
0x37C 0xC VirtualAddress: 0x1C000
0x380 0x10 SizeOfRawData: 0x3C00
0x384 0x14 PointerToRawData: 0x14E00
0x388 0x18 PointerToRelocations: 0x0
0x38C 0x1C PointerToLinenumbers: 0x0
0x390 0x20 NumberOfRelocations: 0x0
0x392 0x22 NumberOfLinenumbers: 0x0
0x394 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.588117 (Min=0.0, Max=8.0)
MD5 hash: 9ad436b47cd2be62e6aaa82236e585ee
SHA-1 hash: b8653780b5f789bfa1f64ab2dd7685af2db9835c
SHA-256 hash: 0ad7c86e18d4147965b2bdc8fd3fdfdca43cc117bf145f25168346b4e6203738
SHA-512 hash: 3998148d0a06edc66f0d9675a22381af61b29079f43675998f0fd4d78ea26a186d2bd01cbbbac4032f19726ae93dbb8b04c8aff639c6e071bdfb17885a11a5c6
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x278 0x0 VirtualAddress: 0x0
0x27C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x280 0x0 VirtualAddress: 0x1B000
0x284 0x4 Size: 0xFB5
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x288 0x0 VirtualAddress: 0x1C000
0x28C 0x4 Size: 0x3C00
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x290 0x0 VirtualAddress: 0x0
0x294 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x298 0x0 VirtualAddress: 0x0
0x29C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x2A0 0x0 VirtualAddress: 0x0
0x2A4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x2A8 0x0 VirtualAddress: 0x0
0x2AC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x2B0 0x0 VirtualAddress: 0x0
0x2B4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x2B8 0x0 VirtualAddress: 0x0
0x2BC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x2C0 0x0 VirtualAddress: 0x0
0x2C4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x2C8 0x0 VirtualAddress: 0x0
0x2CC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x2D0 0x0 VirtualAddress: 0x0
0x2D4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x2D8 0x0 VirtualAddress: 0x0
0x2DC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x2E0 0x0 VirtualAddress: 0x0
0x2E4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x2E8 0x0 VirtualAddress: 0x0
0x2EC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x2F0 0x0 VirtualAddress: 0x0
0x2F4 0x4 Size: 0x0
----------Imported symbols----------
[IMAGE_IMPORT_DESCRIPTOR]
0x13E00 0x0 OriginalFirstThunk: 0x1B0B4
0x13E00 0x0 Characteristics: 0x1B0B4
0x13E04 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E08 0x8 ForwarderChain: 0x0
0x13E0C 0xC Name: 0x1B584
0x13E10 0x10 FirstThunk: 0x1B0E0
ADVAPI32.DLL.AdjustTokenPrivileges Hint[0]
ADVAPI32.DLL.LookupPrivilegeValueA Hint[0]
ADVAPI32.DLL.OpenProcessToken Hint[0]
ADVAPI32.DLL.RegCloseKey Hint[0]
ADVAPI32.DLL.RegCreateKeyExA Hint[0]
ADVAPI32.DLL.RegOpenKeyExA Hint[0]
ADVAPI32.DLL.RegQueryValueExA Hint[0]
ADVAPI32.DLL.RegSetValueExA Hint[0]
ADVAPI32.DLL.SetFileSecurityA Hint[0]
ADVAPI32.DLL.SetFileSecurityW Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E14 0x0 OriginalFirstThunk: 0x1B10C
0x13E14 0x0 Characteristics: 0x1B10C
0x13E18 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E1C 0x8 ForwarderChain: 0x0
0x13E20 0xC Name: 0x1B591
0x13E24 0x10 FirstThunk: 0x1B21C
KERNEL32.DLL.CloseHandle Hint[0]
KERNEL32.DLL.CompareStringA Hint[0]
KERNEL32.DLL.CreateDirectoryA Hint[0]
KERNEL32.DLL.CreateDirectoryW Hint[0]
KERNEL32.DLL.CreateFileA Hint[0]
KERNEL32.DLL.CreateFileW Hint[0]
KERNEL32.DLL.DeleteFileA Hint[0]
KERNEL32.DLL.DeleteFileW Hint[0]
KERNEL32.DLL.DosDateTimeToFileTime Hint[0]
KERNEL32.DLL.ExitProcess Hint[0]
KERNEL32.DLL.ExpandEnvironmentStringsA Hint[0]
KERNEL32.DLL.FileTimeToLocalFileTime Hint[0]
KERNEL32.DLL.FileTimeToSystemTime Hint[0]
KERNEL32.DLL.FindClose Hint[0]
KERNEL32.DLL.FindFirstFileA Hint[0]
KERNEL32.DLL.FindFirstFileW Hint[0]
KERNEL32.DLL.FindNextFileA Hint[0]
KERNEL32.DLL.FindNextFileW Hint[0]
KERNEL32.DLL.FindResourceA Hint[0]
KERNEL32.DLL.FreeLibrary Hint[0]
KERNEL32.DLL.GetCPInfo Hint[0]
KERNEL32.DLL.GetCommandLineA Hint[0]
KERNEL32.DLL.GetCurrentDirectoryA Hint[0]
KERNEL32.DLL.GetCurrentProcess Hint[0]
KERNEL32.DLL.GetDateFormatA Hint[0]
KERNEL32.DLL.GetFileAttributesA Hint[0]
KERNEL32.DLL.GetFileAttributesW Hint[0]
KERNEL32.DLL.GetFileType Hint[0]
KERNEL32.DLL.GetFullPathNameA Hint[0]
KERNEL32.DLL.GetLastError Hint[0]
KERNEL32.DLL.GetLocaleInfoA Hint[0]
KERNEL32.DLL.GetModuleFileNameA Hint[0]
KERNEL32.DLL.GetModuleHandleA Hint[0]
KERNEL32.DLL.GetNumberFormatA Hint[0]
KERNEL32.DLL.GetProcAddress Hint[0]
KERNEL32.DLL.GetProcessHeap Hint[0]
KERNEL32.DLL.GetStdHandle Hint[0]
KERNEL32.DLL.GetTempPathA Hint[0]
KERNEL32.DLL.GetTickCount Hint[0]
KERNEL32.DLL.GetTimeFormatA Hint[0]
KERNEL32.DLL.GetVersionExA Hint[0]
KERNEL32.DLL.GlobalAlloc Hint[0]
KERNEL32.DLL.HeapAlloc Hint[0]
KERNEL32.DLL.HeapFree Hint[0]
KERNEL32.DLL.HeapReAlloc Hint[0]
KERNEL32.DLL.IsDBCSLeadByte Hint[0]
KERNEL32.DLL.LoadLibraryA Hint[0]
KERNEL32.DLL.LocalFileTimeToFileTime Hint[0]
KERNEL32.DLL.MoveFileA Hint[0]
KERNEL32.DLL.MoveFileExA Hint[0]
KERNEL32.DLL.MultiByteToWideChar Hint[0]
KERNEL32.DLL.ReadFile Hint[0]
KERNEL32.DLL.SetCurrentDirectoryA Hint[0]
KERNEL32.DLL.SetEndOfFile Hint[0]
KERNEL32.DLL.SetEnvironmentVariableA Hint[0]
KERNEL32.DLL.SetFileAttributesA Hint[0]
KERNEL32.DLL.SetFileAttributesW Hint[0]
KERNEL32.DLL.SetFilePointer Hint[0]
KERNEL32.DLL.SetFileTime Hint[0]
KERNEL32.DLL.SetLastError Hint[0]
KERNEL32.DLL.Sleep Hint[0]
KERNEL32.DLL.SystemTimeToFileTime Hint[0]
KERNEL32.DLL.WaitForSingleObject Hint[0]
KERNEL32.DLL.WideCharToMultiByte Hint[0]
KERNEL32.DLL.WriteFile Hint[0]
KERNEL32.DLL.lstrcmpiA Hint[0]
KERNEL32.DLL.lstrlenA Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E28 0x0 OriginalFirstThunk: 0x1B32C
0x13E28 0x0 Characteristics: 0x1B32C
0x13E2C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E30 0x8 ForwarderChain: 0x0
0x13E34 0xC Name: 0x1B59E
0x13E38 0x10 FirstThunk: 0x1B334
COMCTL32.DLL Ordinal[17] (Imported by Ordinal)
[IMAGE_IMPORT_DESCRIPTOR]
0x13E3C 0x0 OriginalFirstThunk: 0x1B33C
0x13E3C 0x0 Characteristics: 0x1B33C
0x13E40 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E44 0x8 ForwarderChain: 0x0
0x13E48 0xC Name: 0x1B5AB
0x13E4C 0x10 FirstThunk: 0x1B348
COMDLG32.DLL.CommDlgExtendedError Hint[0]
COMDLG32.DLL.GetOpenFileNameA Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E50 0x0 OriginalFirstThunk: 0x1B354
0x13E50 0x0 Characteristics: 0x1B354
0x13E54 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E58 0x8 ForwarderChain: 0x0
0x13E5C 0xC Name: 0x1B5B8
0x13E60 0x10 FirstThunk: 0x1B35C
GDI32.DLL.DeleteObject Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E64 0x0 OriginalFirstThunk: 0x1B364
0x13E64 0x0 Characteristics: 0x1B364
0x13E68 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E6C 0x8 ForwarderChain: 0x0
0x13E70 0xC Name: 0x1B5C2
0x13E74 0x10 FirstThunk: 0x1B388
SHELL32.DLL.SHBrowseForFolderA Hint[0]
SHELL32.DLL.SHChangeNotify Hint[0]
SHELL32.DLL.SHFileOperationA Hint[0]
SHELL32.DLL.SHGetFileInfoA Hint[0]
SHELL32.DLL.SHGetMalloc Hint[0]
SHELL32.DLL.SHGetSpecialFolderLocation Hint[0]
SHELL32.DLL.ShellExecuteExA Hint[0]
SHELL32.DLL.SHGetPathFromIDListA Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E78 0x0 OriginalFirstThunk: 0x1B3AC
0x13E78 0x0 Characteristics: 0x1B3AC
0x13E7C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E80 0x8 ForwarderChain: 0x0
0x13E84 0xC Name: 0x1B5CE
0x13E88 0x10 FirstThunk: 0x1B480
USER32.DLL.CharToOemA Hint[0]
USER32.DLL.CharToOemBuffA Hint[0]
USER32.DLL.CharUpperA Hint[0]
USER32.DLL.CopyRect Hint[0]
USER32.DLL.CreateWindowExA Hint[0]
USER32.DLL.DefWindowProcA Hint[0]
USER32.DLL.DestroyIcon Hint[0]
USER32.DLL.DestroyWindow Hint[0]
USER32.DLL.DialogBoxParamA Hint[0]
USER32.DLL.DispatchMessageA Hint[0]
USER32.DLL.EnableWindow Hint[0]
USER32.DLL.EndDialog Hint[0]
USER32.DLL.FindWindowExA Hint[0]
USER32.DLL.GetClassNameA Hint[0]
USER32.DLL.GetClientRect Hint[0]
USER32.DLL.GetDlgItem Hint[0]
USER32.DLL.GetDlgItemTextA Hint[0]
USER32.DLL.GetMessageA Hint[0]
USER32.DLL.GetParent Hint[0]
USER32.DLL.GetSysColor Hint[0]
USER32.DLL.GetSystemMetrics Hint[0]
USER32.DLL.GetWindow Hint[0]
USER32.DLL.GetWindowLongA Hint[0]
USER32.DLL.GetWindowRect Hint[0]
USER32.DLL.GetWindowTextA Hint[0]
USER32.DLL.IsWindow Hint[0]
USER32.DLL.IsWindowVisible Hint[0]
USER32.DLL.LoadBitmapA Hint[0]
USER32.DLL.LoadCursorA Hint[0]
USER32.DLL.LoadIconA Hint[0]
USER32.DLL.LoadStringA Hint[0]
USER32.DLL.MapWindowPoints Hint[0]
USER32.DLL.MessageBoxA Hint[0]
USER32.DLL.OemToCharA Hint[0]
USER32.DLL.OemToCharBuffA Hint[0]
USER32.DLL.PeekMessageA Hint[0]
USER32.DLL.PostMessageA Hint[0]
USER32.DLL.RegisterClassExA Hint[0]
USER32.DLL.SendDlgItemMessageA Hint[0]
USER32.DLL.SendMessageA Hint[0]
USER32.DLL.SetDlgItemTextA Hint[0]
USER32.DLL.SetFocus Hint[0]
USER32.DLL.SetMenu Hint[0]
USER32.DLL.SetWindowLongA Hint[0]
USER32.DLL.SetWindowPos Hint[0]
USER32.DLL.SetWindowTextA Hint[0]
USER32.DLL.ShowWindow Hint[0]
USER32.DLL.TranslateMessage Hint[0]
USER32.DLL.UpdateWindow Hint[0]
USER32.DLL.WaitForInputIdle Hint[0]
USER32.DLL.wsprintfA Hint[0]
USER32.DLL.wvsprintfA Hint[0]
[IMAGE_IMPORT_DESCRIPTOR]
0x13E8C 0x0 OriginalFirstThunk: 0x1B554
0x13E8C 0x0 Characteristics: 0x1B554
0x13E90 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x13E94 0x8 ForwarderChain: 0x0
0x13E98 0xC Name: 0x1B5D9
0x13E9C 0x10 FirstThunk: 0x1B56C
OLE32.DLL.CLSIDFromString Hint[0]
OLE32.DLL.CoCreateInstance Hint[0]
OLE32.DLL.CreateStreamOnHGlobal Hint[0]
OLE32.DLL.OleInitialize Hint[0]
OLE32.DLL.OleUninitialize Hint[0]
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0x14E00 0x0 Characteristics: 0x0
0x14E04 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14E08 0x8 MajorVersion: 0x0
0x14E0A 0xA MinorVersion: 0x0
0x14E0C 0xC NumberOfNamedEntries: 0x0
0x14E0E 0xE NumberOfIdEntries: 0x7
Id: [0x2] (RT_BITMAP)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E10 0x0 Name: 0x2
0x14E14 0x4 OffsetToData: 0x80000048
[IMAGE_RESOURCE_DIRECTORY]
0x14E48 0x0 Characteristics: 0x0
0x14E4C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14E50 0x8 MajorVersion: 0x0
0x14E52 0xA MinorVersion: 0x0
0x14E54 0xC NumberOfNamedEntries: 0x0
0x14E56 0xE NumberOfIdEntries: 0x1
Id: [0x65]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E58 0x0 Name: 0x65
0x14E5C 0x4 OffsetToData: 0x80000148
[IMAGE_RESOURCE_DIRECTORY]
0x14F48 0x0 Characteristics: 0x0
0x14F4C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F50 0x8 MajorVersion: 0x0
0x14F52 0xA MinorVersion: 0x0
0x14F54 0xC NumberOfNamedEntries: 0x0
0x14F56 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F58 0x0 Name: 0x419
0x14F5C 0x4 OffsetToData: 0x2F8
[IMAGE_RESOURCE_DATA_ENTRY]
0x150F8 0x0 OffsetToData: 0x1C4B0
0x150FC 0x4 Size: 0xBB6
0x15100 0x8 CodePage: 0x0
0x15104 0xC Reserved: 0x0
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E18 0x0 Name: 0x3
0x14E1C 0x4 OffsetToData: 0x80000060
[IMAGE_RESOURCE_DIRECTORY]
0x14E60 0x0 Characteristics: 0x0
0x14E64 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14E68 0x8 MajorVersion: 0x0
0x14E6A 0xA MinorVersion: 0x0
0x14E6C 0xC NumberOfNamedEntries: 0x0
0x14E6E 0xE NumberOfIdEntries: 0x4
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E70 0x0 Name: 0x1
0x14E74 0x4 OffsetToData: 0x80000160
[IMAGE_RESOURCE_DIRECTORY]
0x14F60 0x0 Characteristics: 0x0
0x14F64 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F68 0x8 MajorVersion: 0x0
0x14F6A 0xA MinorVersion: 0x0
0x14F6C 0xC NumberOfNamedEntries: 0x0
0x14F6E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F70 0x0 Name: 0x419
0x14F74 0x4 OffsetToData: 0x308
[IMAGE_RESOURCE_DATA_ENTRY]
0x15108 0x0 OffsetToData: 0x1D068
0x1510C 0x4 Size: 0x128
0x15110 0x8 CodePage: 0x0
0x15114 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E78 0x0 Name: 0x2
0x14E7C 0x4 OffsetToData: 0x80000178
[IMAGE_RESOURCE_DIRECTORY]
0x14F78 0x0 Characteristics: 0x0
0x14F7C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F80 0x8 MajorVersion: 0x0
0x14F82 0xA MinorVersion: 0x0
0x14F84 0xC NumberOfNamedEntries: 0x0
0x14F86 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F88 0x0 Name: 0x419
0x14F8C 0x4 OffsetToData: 0x318
[IMAGE_RESOURCE_DATA_ENTRY]
0x15118 0x0 OffsetToData: 0x1D190
0x1511C 0x4 Size: 0x568
0x15120 0x8 CodePage: 0x0
0x15124 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E80 0x0 Name: 0x3
0x14E84 0x4 OffsetToData: 0x80000190
[IMAGE_RESOURCE_DIRECTORY]
0x14F90 0x0 Characteristics: 0x0
0x14F94 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F98 0x8 MajorVersion: 0x0
0x14F9A 0xA MinorVersion: 0x0
0x14F9C 0xC NumberOfNamedEntries: 0x0
0x14F9E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14FA0 0x0 Name: 0x419
0x14FA4 0x4 OffsetToData: 0x328
[IMAGE_RESOURCE_DATA_ENTRY]
0x15128 0x0 OffsetToData: 0x1D6F8
0x1512C 0x4 Size: 0x2E8
0x15130 0x8 CodePage: 0x0
0x15134 0xC Reserved: 0x0
Id: [0x4]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E88 0x0 Name: 0x4
0x14E8C 0x4 OffsetToData: 0x800001A8
[IMAGE_RESOURCE_DIRECTORY]
0x14FA8 0x0 Characteristics: 0x0
0x14FAC 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14FB0 0x8 MajorVersion: 0x0
0x14FB2 0xA MinorVersion: 0x0
0x14FB4 0xC NumberOfNamedEntries: 0x0
0x14FB6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14FB8 0x0 Name: 0x419
0x14FBC 0x4 OffsetToData: 0x338
[IMAGE_RESOURCE_DATA_ENTRY]
0x15138 0x0 OffsetToData: 0x1D9E0
0x1513C 0x4 Size: 0x8A8
0x15140 0x8 CodePage: 0x0
0x15144 0xC Reserved: 0x0
Id: [0x5] (RT_DIALOG)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E20 0x0 Name: 0x5
0x14E24 0x4 OffsetToData: 0x80000090
[IMAGE_RESOURCE_DIRECTORY]
0x14E90 0x0 Characteristics: 0x0
0x14E94 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14E98 0x8 MajorVersion: 0x0
0x14E9A 0xA MinorVersion: 0x0
0x14E9C 0xC NumberOfNamedEntries: 0x6
0x14E9E 0xE NumberOfIdEntries: 0x0
Name: [ASKNEXTVOL]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EA0 0x0 Name: 0x80000418
0x14EA4 0x4 OffsetToData: 0x800001C0
[IMAGE_RESOURCE_DIRECTORY]
0x14FC0 0x0 Characteristics: 0x0
0x14FC4 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14FC8 0x8 MajorVersion: 0x0
0x14FCA 0xA MinorVersion: 0x0
0x14FCC 0xC NumberOfNamedEntries: 0x0
0x14FCE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14FD0 0x0 Name: 0x419
0x14FD4 0x4 OffsetToData: 0x348
[IMAGE_RESOURCE_DATA_ENTRY]
0x15148 0x0 OffsetToData: 0x1E288
0x1514C 0x4 Size: 0x282
0x15150 0x8 CodePage: 0x0
0x15154 0xC Reserved: 0x0
Name: [GETPASSWORD1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EA8 0x0 Name: 0x8000042E
0x14EAC 0x4 OffsetToData: 0x800001D8
[IMAGE_RESOURCE_DIRECTORY]
0x14FD8 0x0 Characteristics: 0x0
0x14FDC 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14FE0 0x8 MajorVersion: 0x0
0x14FE2 0xA MinorVersion: 0x0
0x14FE4 0xC NumberOfNamedEntries: 0x0
0x14FE6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14FE8 0x0 Name: 0x419
0x14FEC 0x4 OffsetToData: 0x358
[IMAGE_RESOURCE_DATA_ENTRY]
0x15158 0x0 OffsetToData: 0x1E50C
0x1515C 0x4 Size: 0x13A
0x15160 0x8 CodePage: 0x0
0x15164 0xC Reserved: 0x0
Name: [LICENSEDLG]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EB0 0x0 Name: 0x80000448
0x14EB4 0x4 OffsetToData: 0x800001F0
[IMAGE_RESOURCE_DIRECTORY]
0x14FF0 0x0 Characteristics: 0x0
0x14FF4 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14FF8 0x8 MajorVersion: 0x0
0x14FFA 0xA MinorVersion: 0x0
0x14FFC 0xC NumberOfNamedEntries: 0x0
0x14FFE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15000 0x0 Name: 0x419
0x15004 0x4 OffsetToData: 0x368
[IMAGE_RESOURCE_DATA_ENTRY]
0x15168 0x0 OffsetToData: 0x1E648
0x1516C 0x4 Size: 0xE8
0x15170 0x8 CodePage: 0x0
0x15174 0xC Reserved: 0x0
Name: [RENAMEDLG]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EB8 0x0 Name: 0x8000045E
0x14EBC 0x4 OffsetToData: 0x80000208
[IMAGE_RESOURCE_DIRECTORY]
0x15008 0x0 Characteristics: 0x0
0x1500C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15010 0x8 MajorVersion: 0x0
0x15012 0xA MinorVersion: 0x0
0x15014 0xC NumberOfNamedEntries: 0x0
0x15016 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15018 0x0 Name: 0x419
0x1501C 0x4 OffsetToData: 0x378
[IMAGE_RESOURCE_DATA_ENTRY]
0x15178 0x0 OffsetToData: 0x1E730
0x1517C 0x4 Size: 0x12E
0x15180 0x8 CodePage: 0x0
0x15184 0xC Reserved: 0x0
Name: [REPLACEFILEDLG]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EC0 0x0 Name: 0x80000472
0x14EC4 0x4 OffsetToData: 0x80000220
[IMAGE_RESOURCE_DIRECTORY]
0x15020 0x0 Characteristics: 0x0
0x15024 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15028 0x8 MajorVersion: 0x0
0x1502A 0xA MinorVersion: 0x0
0x1502C 0xC NumberOfNamedEntries: 0x0
0x1502E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15030 0x0 Name: 0x419
0x15034 0x4 OffsetToData: 0x388
[IMAGE_RESOURCE_DATA_ENTRY]
0x15188 0x0 OffsetToData: 0x1E860
0x1518C 0x4 Size: 0x338
0x15190 0x8 CodePage: 0x0
0x15194 0xC Reserved: 0x0
Name: [STARTDLG]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EC8 0x0 Name: 0x80000490
0x14ECC 0x4 OffsetToData: 0x80000238
[IMAGE_RESOURCE_DIRECTORY]
0x15038 0x0 Characteristics: 0x0
0x1503C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15040 0x8 MajorVersion: 0x0
0x15042 0xA MinorVersion: 0x0
0x15044 0xC NumberOfNamedEntries: 0x0
0x15046 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15048 0x0 Name: 0x419
0x1504C 0x4 OffsetToData: 0x398
[IMAGE_RESOURCE_DATA_ENTRY]
0x15198 0x0 OffsetToData: 0x1EB98
0x1519C 0x4 Size: 0x222
0x151A0 0x8 CodePage: 0x0
0x151A4 0xC Reserved: 0x0
Id: [0x6] (RT_STRING)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E28 0x0 Name: 0x6
0x14E2C 0x4 OffsetToData: 0x800000D0
[IMAGE_RESOURCE_DIRECTORY]
0x14ED0 0x0 Characteristics: 0x0
0x14ED4 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14ED8 0x8 MajorVersion: 0x0
0x14EDA 0xA MinorVersion: 0x0
0x14EDC 0xC NumberOfNamedEntries: 0x0
0x14EDE 0xE NumberOfIdEntries: 0x4
Id: [0x7]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EE0 0x0 Name: 0x7
0x14EE4 0x4 OffsetToData: 0x80000250
[IMAGE_RESOURCE_DIRECTORY]
0x15050 0x0 Characteristics: 0x0
0x15054 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15058 0x8 MajorVersion: 0x0
0x1505A 0xA MinorVersion: 0x0
0x1505C 0xC NumberOfNamedEntries: 0x0
0x1505E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15060 0x0 Name: 0x419
0x15064 0x4 OffsetToData: 0x3A8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151A8 0x0 OffsetToData: 0x1EDBC
0x151AC 0x4 Size: 0x22C
0x151B0 0x8 CodePage: 0x0
0x151B4 0xC Reserved: 0x0
Id: [0x8]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EE8 0x0 Name: 0x8
0x14EEC 0x4 OffsetToData: 0x80000268
[IMAGE_RESOURCE_DIRECTORY]
0x15068 0x0 Characteristics: 0x0
0x1506C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15070 0x8 MajorVersion: 0x0
0x15072 0xA MinorVersion: 0x0
0x15074 0xC NumberOfNamedEntries: 0x0
0x15076 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15078 0x0 Name: 0x419
0x1507C 0x4 OffsetToData: 0x3B8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151B8 0x0 OffsetToData: 0x1EFE8
0x151BC 0x4 Size: 0x3B2
0x151C0 0x8 CodePage: 0x0
0x151C4 0xC Reserved: 0x0
Id: [0x9]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EF0 0x0 Name: 0x9
0x14EF4 0x4 OffsetToData: 0x80000280
[IMAGE_RESOURCE_DIRECTORY]
0x15080 0x0 Characteristics: 0x0
0x15084 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x15088 0x8 MajorVersion: 0x0
0x1508A 0xA MinorVersion: 0x0
0x1508C 0xC NumberOfNamedEntries: 0x0
0x1508E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x15090 0x0 Name: 0x419
0x15094 0x4 OffsetToData: 0x3C8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151C8 0x0 OffsetToData: 0x1F39C
0x151CC 0x4 Size: 0x212
0x151D0 0x8 CodePage: 0x0
0x151D4 0xC Reserved: 0x0
Id: [0xA]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14EF8 0x0 Name: 0xA
0x14EFC 0x4 OffsetToData: 0x80000298
[IMAGE_RESOURCE_DIRECTORY]
0x15098 0x0 Characteristics: 0x0
0x1509C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x150A0 0x8 MajorVersion: 0x0
0x150A2 0xA MinorVersion: 0x0
0x150A4 0xC NumberOfNamedEntries: 0x0
0x150A6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x150A8 0x0 Name: 0x419
0x150AC 0x4 OffsetToData: 0x3D8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151D8 0x0 OffsetToData: 0x1F5B0
0x151DC 0x4 Size: 0x27E
0x151E0 0x8 CodePage: 0x0
0x151E4 0xC Reserved: 0x0
Id: [0xA] (RT_RCDATA)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E30 0x0 Name: 0xA
0x14E34 0x4 OffsetToData: 0x80000100
[IMAGE_RESOURCE_DIRECTORY]
0x14F00 0x0 Characteristics: 0x0
0x14F04 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F08 0x8 MajorVersion: 0x0
0x14F0A 0xA MinorVersion: 0x0
0x14F0C 0xC NumberOfNamedEntries: 0x1
0x14F0E 0xE NumberOfIdEntries: 0x0
Name: [DVCLAL]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F10 0x0 Name: 0x800004A2
0x14F14 0x4 OffsetToData: 0x800002B0
[IMAGE_RESOURCE_DIRECTORY]
0x150B0 0x0 Characteristics: 0x0
0x150B4 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x150B8 0x8 MajorVersion: 0x0
0x150BA 0xA MinorVersion: 0x0
0x150BC 0xC NumberOfNamedEntries: 0x0
0x150BE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x150C0 0x0 Name: 0x0
0x150C4 0x4 OffsetToData: 0x3E8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151E8 0x0 OffsetToData: 0x1F830
0x151EC 0x4 Size: 0x10
0x151F0 0x8 CodePage: 0x0
0x151F4 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E38 0x0 Name: 0xE
0x14E3C 0x4 OffsetToData: 0x80000118
[IMAGE_RESOURCE_DIRECTORY]
0x14F18 0x0 Characteristics: 0x0
0x14F1C 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F20 0x8 MajorVersion: 0x0
0x14F22 0xA MinorVersion: 0x0
0x14F24 0xC NumberOfNamedEntries: 0x0
0x14F26 0xE NumberOfIdEntries: 0x1
Id: [0x64]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F28 0x0 Name: 0x64
0x14F2C 0x4 OffsetToData: 0x800002C8
[IMAGE_RESOURCE_DIRECTORY]
0x150C8 0x0 Characteristics: 0x0
0x150CC 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x150D0 0x8 MajorVersion: 0x0
0x150D2 0xA MinorVersion: 0x0
0x150D4 0xC NumberOfNamedEntries: 0x0
0x150D6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x150D8 0x0 Name: 0x419
0x150DC 0x4 OffsetToData: 0x3F8
[IMAGE_RESOURCE_DATA_ENTRY]
0x151F8 0x0 OffsetToData: 0x1F840
0x151FC 0x4 Size: 0x3E
0x15200 0x8 CodePage: 0x0
0x15204 0xC Reserved: 0x0
Id: [0x18] (RT_MANIFEST)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14E40 0x0 Name: 0x18
0x14E44 0x4 OffsetToData: 0x80000130
[IMAGE_RESOURCE_DIRECTORY]
0x14F30 0x0 Characteristics: 0x0
0x14F34 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x14F38 0x8 MajorVersion: 0x0
0x14F3A 0xA MinorVersion: 0x0
0x14F3C 0xC NumberOfNamedEntries: 0x0
0x14F3E 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x14F40 0x0 Name: 0x1
0x14F44 0x4 OffsetToData: 0x800002E0
[IMAGE_RESOURCE_DIRECTORY]
0x150E0 0x0 Characteristics: 0x0
0x150E4 0x4 TimeDateStamp: 0x352E0287 [Fri Apr 10 11:29:11 1998 UTC]
0x150E8 0x8 MajorVersion: 0x0
0x150EA 0xA MinorVersion: 0x0
0x150EC 0xC NumberOfNamedEntries: 0x0
0x150EE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x150F0 0x0 Name: 0x419
0x150F4 0x4 OffsetToData: 0x408
[IMAGE_RESOURCE_DATA_ENTRY]
0x15208 0x0 OffsetToData: 0x1F880
0x1520C 0x4 Size: 0x213
0x15210 0x8 CodePage: 0x0
0x15214 0xC Reserved: 0x0
Подписаться на:
Комментарии (Atom)