пятница, 25 мая 2012 г.
60d90841fd54026958091e3d2d9ede07
FileName: 1040812_60d90841fd54026958091e3d2d9ede07.exe
Size : 1040812
Md5 : 60d90841fd54026958091e3d2d9ede07
PEiD : None
Virus Total Result:
nProtect -> Trojan.Generic.7449487
McAfee -> Generic.grp!im
K7AntiVirus -> Riskware
VirusBuster -> Riskware.RiskWare!4PZDb8i6Py4
NOD32 -> Win32/RiskWare.HackAV.IU
Norman -> W32/Redosdru.LS
TrendMicro-HouseCall -> TROJ_SPNR.0BEK12
Avast -> Win32:PUP-gen [PUP]
eSafe -> Win32.Redosdru.Id
BitDefender -> Trojan.Generic.7449487
Emsisoft -> Backdoor.Win32.Zegost!IK
Comodo -> UnclassifiedMalware
F-Secure -> Trojan.Generic.7449487
VIPRE -> Trojan-Dropper.Win32.Resdro.b (v) (not malicious)
TrendMicro -> TROJ_SPNR.0BEK12
McAfee-GW-Edition -> Generic.grp!im
Antiy-AVL -> Trojan/win32.agent.gen
Microsoft -> HackTool:Win32/Keygen
GData -> Trojan.Generic.7449487
Ikarus -> Backdoor.Win32.Zegost
Fortinet -> W32/Redosdru.ID!tr
AVG -> Fat-Obfuscated
Panda -> Generic Trojan
FileInfo:
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0xD8
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0xD8 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0xDC 0x0 Machine: 0x14C
0xDE 0x2 NumberOfSections: 0x5
0xE0 0x4 TimeDateStamp: 0x4B1AE3C6 [Sat Dec 05 22:50:46 2009 UTC]
0xE4 0x8 PointerToSymbolTable: 0x0
0xE8 0xC NumberOfSymbols: 0x0
0xEC 0x10 SizeOfOptionalHeader: 0xE0
0xEE 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER]
0xF0 0x0 Magic: 0x10B
0xF2 0x2 MajorLinkerVersion: 0x6
0xF3 0x3 MinorLinkerVersion: 0x0
0xF4 0x4 SizeOfCode: 0x5C00
0xF8 0x8 SizeOfInitializedData: 0x1D400
0xFC 0xC SizeOfUninitializedData: 0x400
0x100 0x10 AddressOfEntryPoint: 0x323C
0x104 0x14 BaseOfCode: 0x1000
0x108 0x18 BaseOfData: 0x7000
0x10C 0x1C ImageBase: 0x400000
0x110 0x20 SectionAlignment: 0x1000
0x114 0x24 FileAlignment: 0x200
0x118 0x28 MajorOperatingSystemVersion: 0x4
0x11A 0x2A MinorOperatingSystemVersion: 0x0
0x11C 0x2C MajorImageVersion: 0x6
0x11E 0x2E MinorImageVersion: 0x0
0x120 0x30 MajorSubsystemVersion: 0x4
0x122 0x32 MinorSubsystemVersion: 0x0
0x124 0x34 Reserved1: 0x0
0x128 0x38 SizeOfImage: 0x44000
0x12C 0x3C SizeOfHeaders: 0x400
0x130 0x40 CheckSum: 0x0
0x134 0x44 Subsystem: 0x2
0x136 0x46 DllCharacteristics: 0x8000
0x138 0x48 SizeOfStackReserve: 0x100000
0x13C 0x4C SizeOfStackCommit: 0x1000
0x140 0x50 SizeOfHeapReserve: 0x100000
0x144 0x54 SizeOfHeapCommit: 0x1000
0x148 0x58 LoaderFlags: 0x0
0x14C 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x1D0 0x0 Name: .text
0x1D8 0x8 Misc: 0x5A5A
0x1D8 0x8 Misc_PhysicalAddress: 0x5A5A
0x1D8 0x8 Misc_VirtualSize: 0x5A5A
0x1DC 0xC VirtualAddress: 0x1000
0x1E0 0x10 SizeOfRawData: 0x5C00
0x1E4 0x14 PointerToRawData: 0x400
0x1E8 0x18 PointerToRelocations: 0x0
0x1EC 0x1C PointerToLinenumbers: 0x0
0x1F0 0x20 NumberOfRelocations: 0x0
0x1F2 0x22 NumberOfLinenumbers: 0x0
0x1F4 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 6.417698 (Min=0.0, Max=8.0)
MD5 hash: 0bc2ffd32265a08d72b795b18265828d
SHA-1 hash: dd2a446014a37556f39173b802c63a4e46e09366
SHA-256 hash: c5ee0a2892a4f9c317f9b33bfc3531e0235faa9a2a3b4c41bd71d39e4fd87d6f
SHA-512 hash: 1fed15e79ce6b713452fdb29ab866a00741850eec6c0078150abb72dfdb261e8a92f75b695c9218b46954dc315d6dd76cbc2758f571a02c5fc88a0c3b2f3f168
[IMAGE_SECTION_HEADER]
0x1F8 0x0 Name: .rdata
0x200 0x8 Misc: 0x1190
0x200 0x8 Misc_PhysicalAddress: 0x1190
0x200 0x8 Misc_VirtualSize: 0x1190
0x204 0xC VirtualAddress: 0x7000
0x208 0x10 SizeOfRawData: 0x1200
0x20C 0x14 PointerToRawData: 0x6000
0x210 0x18 PointerToRelocations: 0x0
0x214 0x1C PointerToLinenumbers: 0x0
0x218 0x20 NumberOfRelocations: 0x0
0x21A 0x22 NumberOfLinenumbers: 0x0
0x21C 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.181627 (Min=0.0, Max=8.0)
MD5 hash: f179218a059068529bdb4637ef5fa28e
SHA-1 hash: 6035d27db526131eb0f29aee60cfcdbb5072ed7d
SHA-256 hash: f80bf00310bd25e46e26c4b2042fa8215c3e5ce759947fe081d25b454dfc0fbe
SHA-512 hash: 054d33b3647aa099fb0fb3665877d6809969419ded2726975e74a37e778b59ae44361f7b419801f3b49da5044d505f63bd3c2bc9df1f2691bc699aa993ab17df
[IMAGE_SECTION_HEADER]
0x220 0x0 Name: .data
0x228 0x8 Misc: 0x1AF98
0x228 0x8 Misc_PhysicalAddress: 0x1AF98
0x228 0x8 Misc_VirtualSize: 0x1AF98
0x22C 0xC VirtualAddress: 0x9000
0x230 0x10 SizeOfRawData: 0x400
0x234 0x14 PointerToRawData: 0x7200
0x238 0x18 PointerToRelocations: 0x0
0x23C 0x1C PointerToLinenumbers: 0x0
0x240 0x20 NumberOfRelocations: 0x0
0x242 0x22 NumberOfLinenumbers: 0x0
0x244 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.709027 (Min=0.0, Max=8.0)
MD5 hash: 975304d6dd6c4a4f076b15511e2bbbc0
SHA-1 hash: 1f65340672c91ffd0f2583ff104beaece43c7855
SHA-256 hash: 1e9a47766ca6c6ff180369d74d6db2eea7fd80b802eb3c8f1c1da79cfcafebc7
SHA-512 hash: 4e2979878825876521b77f049dcb2dfc85a7e08a9286b4cb952c36376de4230718d003754b30164b391fd7a2a8a40e4fb0c09343ca3d08617b0d4100cdf6487c
[IMAGE_SECTION_HEADER]
0x248 0x0 Name: .ndata
0x250 0x8 Misc: 0x1A000
0x250 0x8 Misc_PhysicalAddress: 0x1A000
0x250 0x8 Misc_VirtualSize: 0x1A000
0x254 0xC VirtualAddress: 0x24000
0x258 0x10 SizeOfRawData: 0x0
0x25C 0x14 PointerToRawData: 0x0
0x260 0x18 PointerToRelocations: 0x0
0x264 0x1C PointerToLinenumbers: 0x0
0x268 0x20 NumberOfRelocations: 0x0
0x26A 0x22 NumberOfLinenumbers: 0x0
0x26C 0x24 Characteristics: 0xC0000080
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 0.000000 (Min=0.0, Max=8.0)
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
[IMAGE_SECTION_HEADER]
0x270 0x0 Name: .rsrc
0x278 0x8 Misc: 0x59A8
0x278 0x8 Misc_PhysicalAddress: 0x59A8
0x278 0x8 Misc_VirtualSize: 0x59A8
0x27C 0xC VirtualAddress: 0x3E000
0x280 0x10 SizeOfRawData: 0x5A00
0x284 0x14 PointerToRawData: 0x7600
0x288 0x18 PointerToRelocations: 0x0
0x28C 0x1C PointerToLinenumbers: 0x0
0x290 0x20 NumberOfRelocations: 0x0
0x292 0x22 NumberOfLinenumbers: 0x0
0x294 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.972795 (Min=0.0, Max=8.0)
MD5 hash: 3d1aa7ec82c5df2011cb5becc43f68b4
SHA-1 hash: 25ac6fa496eb59fc0cfe56d8a40c4fbe3c9248f7
SHA-256 hash: f5a1b4b3a1c8e4c07b0241fcfd03cd82d17dd2e8336f74d485c4f138bafefb64
SHA-512 hash: 293402f906c2d447bf3556c320109f4edcd2181ec3b910c566e1fbc883f7269fc0fa7c391354aaf1e7e646d12343b7a54568b3a1213276bb1da6b6ce6c1d29a1
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x158 0x0 VirtualAddress: 0x73A4
0x15C 0x4 Size: 0xB4
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x160 0x0 VirtualAddress: 0x3E000
0x164 0x4 Size: 0x59A8
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x168 0x0 VirtualAddress: 0x0
0x16C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x178 0x0 VirtualAddress: 0x0
0x17C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x180 0x0 VirtualAddress: 0x0
0x184 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x188 0x0 VirtualAddress: 0x0
0x18C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x190 0x0 VirtualAddress: 0x0
0x194 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x198 0x0 VirtualAddress: 0x0
0x19C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x1A0 0x0 VirtualAddress: 0x0
0x1A4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x1A8 0x0 VirtualAddress: 0x0
0x1AC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x1B0 0x0 VirtualAddress: 0x7000
0x1B4 0x4 Size: 0x28C
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x1B8 0x0 VirtualAddress: 0x0
0x1BC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x1C0 0x0 VirtualAddress: 0x0
0x1C4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x1C8 0x0 VirtualAddress: 0x0
0x1CC 0x4 Size: 0x0
----------Version Information----------
[VS_VERSIONINFO]
0xC990 0x0 Length: 0x254
0xC992 0x2 ValueLength: 0x34
0xC994 0x4 Type: 0x0
[VS_FIXEDFILEINFO]
0xC9B8 0x0 Signature: 0xFEEF04BD
0xC9BC 0x4 StrucVersion: 0x0
0xC9C0 0x8 FileVersionMS: 0x10004
0xC9C4 0xC FileVersionLS: 0x20000
0xC9C8 0x10 ProductVersionMS: 0x10004
0xC9CC 0x14 ProductVersionLS: 0x20000
0xC9D0 0x18 FileFlagsMask: 0x0
0xC9D4 0x1C FileFlags: 0x0
0xC9D8 0x20 FileOS: 0x4
0xC9DC 0x24 FileType: 0x1
0xC9E0 0x28 FileSubtype: 0x0
0xC9E4 0x2C FileDateMS: 0x0
0xC9E8 0x30 FileDateLS: 0x0
[StringFileInfo]
0xC9EC 0x0 Length: 0x1B4
0xC9EE 0x2 ValueLength: 0x0
0xC9F0 0x4 Type: 0x0
[VarFileInfo]
0xCBA0 0x0 Length: 0x44
0xCBA2 0x2 ValueLength: 0x0
0xCBA4 0x4 Type: 0x0
----------Imported symbols----------
[IMAGE_IMPORT_DESCRIPTOR]
0x63A4 0x0 OriginalFirstThunk: 0x74B8
0x63A4 0x0 Characteristics: 0x74B8
0x63A8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63AC 0x8 ForwarderChain: 0x0
0x63B0 0xC Name: 0x7AD4
0x63B4 0x10 FirstThunk: 0x7060
KERNEL32.dll.CompareFileTime Hint[57]
KERNEL32.dll.SearchPathA Hint[731]
KERNEL32.dll.GetShortPathNameA Hint[437]
KERNEL32.dll.GetFullPathNameA Hint[361]
KERNEL32.dll.MoveFileA Hint[622]
KERNEL32.dll.SetCurrentDirectoryA Hint[778]
KERNEL32.dll.GetFileAttributesA Hint[350]
KERNEL32.dll.GetLastError Hint[369]
KERNEL32.dll.CreateDirectoryA Hint[75]
KERNEL32.dll.SetFileAttributesA Hint[793]
KERNEL32.dll.Sleep Hint[854]
KERNEL32.dll.GetTickCount Hint[479]
KERNEL32.dll.CreateFileA Hint[83]
KERNEL32.dll.GetFileSize Hint[355]
KERNEL32.dll.GetModuleFileNameA Hint[381]
KERNEL32.dll.GetCurrentProcess Hint[322]
KERNEL32.dll.CopyFileA Hint[67]
KERNEL32.dll.ExitProcess Hint[185]
KERNEL32.dll.SetFileTime Hint[799]
KERNEL32.dll.GetTempPathA Hint[469]
KERNEL32.dll.GetCommandLineA Hint[272]
KERNEL32.dll.SetErrorMode Hint[789]
KERNEL32.dll.LoadLibraryA Hint[594]
KERNEL32.dll.lstrcpynA Hint[969]
KERNEL32.dll.GetDiskFreeSpaceA Hint[333]
KERNEL32.dll.GlobalUnlock Hint[522]
KERNEL32.dll.GlobalLock Hint[515]
KERNEL32.dll.CreateThread Hint[111]
KERNEL32.dll.CreateProcessA Hint[102]
KERNEL32.dll.RemoveDirectoryA Hint[708]
KERNEL32.dll.GetTempFileNameA Hint[467]
KERNEL32.dll.lstrlenA Hint[972]
KERNEL32.dll.lstrcatA Hint[957]
KERNEL32.dll.GetSystemDirectoryA Hint[449]
KERNEL32.dll.GetVersion Hint[488]
KERNEL32.dll.CloseHandle Hint[52]
KERNEL32.dll.lstrcmpiA Hint[963]
KERNEL32.dll.lstrcmpA Hint[960]
KERNEL32.dll.ExpandEnvironmentStringsA Hint[188]
KERNEL32.dll.GlobalFree Hint[511]
KERNEL32.dll.GlobalAlloc Hint[504]
KERNEL32.dll.WaitForSingleObject Hint[912]
KERNEL32.dll.GetExitCodeProcess Hint[346]
KERNEL32.dll.GetModuleHandleA Hint[383]
KERNEL32.dll.LoadLibraryExA Hint[595]
KERNEL32.dll.GetProcAddress Hint[416]
KERNEL32.dll.FreeLibrary Hint[248]
KERNEL32.dll.MultiByteToWideChar Hint[629]
KERNEL32.dll.WritePrivateProfileStringA Hint[937]
KERNEL32.dll.GetPrivateProfileStringA Hint[412]
KERNEL32.dll.WriteFile Hint[932]
KERNEL32.dll.ReadFile Hint[693]
KERNEL32.dll.MulDiv Hint[628]
KERNEL32.dll.SetFilePointer Hint[795]
KERNEL32.dll.FindClose Hint[206]
KERNEL32.dll.FindNextFileA Hint[220]
KERNEL32.dll.FindFirstFileA Hint[210]
KERNEL32.dll.DeleteFileA Hint[131]
KERNEL32.dll.GetWindowsDirectoryA Hint[499]
[IMAGE_IMPORT_DESCRIPTOR]
0x63B8 0x0 OriginalFirstThunk: 0x75C4
0x63B8 0x0 Characteristics: 0x75C4
0x63BC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63C0 0x8 ForwarderChain: 0x0
0x63C4 0xC Name: 0x7ED8
0x63C8 0x10 FirstThunk: 0x716C
USER32.dll.EndDialog Hint[198]
USER32.dll.ScreenToClient Hint[561]
USER32.dll.GetWindowRect Hint[372]
USER32.dll.EnableMenuItem Hint[194]
USER32.dll.GetSystemMenu Hint[348]
USER32.dll.SetClassLongA Hint[583]
USER32.dll.IsWindowEnabled Hint[430]
USER32.dll.SetWindowPos Hint[643]
USER32.dll.GetSysColor Hint[346]
USER32.dll.GetWindowLongA Hint[366]
USER32.dll.SetCursor Hint[589]
USER32.dll.LoadCursorA Hint[442]
USER32.dll.CheckDlgButton Hint[56]
USER32.dll.GetMessagePos Hint[316]
USER32.dll.LoadBitmapA Hint[440]
USER32.dll.CallWindowProcA Hint[27]
USER32.dll.IsWindowVisible Hint[433]
USER32.dll.CloseClipboard Hint[66]
USER32.dll.SetClipboardData Hint[586]
USER32.dll.EmptyClipboard Hint[193]
USER32.dll.RegisterClassA Hint[534]
USER32.dll.TrackPopupMenu Hint[676]
USER32.dll.AppendMenuA Hint[8]
USER32.dll.CreatePopupMenu Hint[94]
USER32.dll.GetSystemMetrics Hint[349]
USER32.dll.SetDlgItemTextA Hint[595]
USER32.dll.GetDlgItemTextA Hint[275]
USER32.dll.MessageBoxIndirectA Hint[482]
USER32.dll.CharPrevA Hint[45]
USER32.dll.DispatchMessageA Hint[161]
USER32.dll.PeekMessageA Hint[512]
USER32.dll.DestroyWindow Hint[153]
USER32.dll.CreateDialogParamA Hint[85]
USER32.dll.SetTimer Hint[634]
USER32.dll.SetWindowTextA Hint[646]
USER32.dll.PostQuitMessage Hint[516]
USER32.dll.SetForegroundWindow Hint[599]
USER32.dll.wsprintfA Hint[727]
USER32.dll.SendMessageTimeoutA Hint[574]
USER32.dll.FindWindowExA Hint[228]
USER32.dll.SystemParametersInfoA Hint[665]
USER32.dll.CreateWindowExA Hint[96]
USER32.dll.GetClassInfoA Hint[246]
USER32.dll.DialogBoxParamA Hint[158]
USER32.dll.CharNextA Hint[42]
USER32.dll.OpenClipboard Hint[502]
USER32.dll.ExitWindowsEx Hint[225]
USER32.dll.IsWindow Hint[429]
USER32.dll.GetDlgItem Hint[273]
USER32.dll.SetWindowLongA Hint[640]
USER32.dll.LoadImageA Hint[448]
USER32.dll.GetDC Hint[268]
USER32.dll.EnableWindow Hint[196]
USER32.dll.InvalidateRect Hint[403]
USER32.dll.SendMessageA Hint[571]
USER32.dll.DefWindowProcA Hint[142]
USER32.dll.BeginPaint Hint[13]
USER32.dll.GetClientRect Hint[255]
USER32.dll.FillRect Hint[226]
USER32.dll.DrawTextA Hint[188]
USER32.dll.EndPaint Hint[200]
USER32.dll.ShowWindow Hint[658]
[IMAGE_IMPORT_DESCRIPTOR]
0x63CC 0x0 OriginalFirstThunk: 0x7494
0x63CC 0x0 Characteristics: 0x7494
0x63D0 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63D4 0x8 ForwarderChain: 0x0
0x63D8 0xC Name: 0x7F6A
0x63DC 0x10 FirstThunk: 0x703C
GDI32.dll.SetBkColor Hint[533]
GDI32.dll.GetDeviceCaps Hint[363]
GDI32.dll.DeleteObject Hint[143]
GDI32.dll.CreateBrushIndirect Hint[41]
GDI32.dll.CreateFontIndirectA Hint[58]
GDI32.dll.SetBkMode Hint[534]
GDI32.dll.SetTextColor Hint[572]
GDI32.dll.SelectObject Hint[526]
[IMAGE_IMPORT_DESCRIPTOR]
0x63E0 0x0 OriginalFirstThunk: 0x75A8
0x63E0 0x0 Characteristics: 0x75A8
0x63E4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63E8 0x8 ForwarderChain: 0x0
0x63EC 0xC Name: 0x7FF6
0x63F0 0x10 FirstThunk: 0x7150
SHELL32.dll.SHGetPathFromIDListA Hint[188]
SHELL32.dll.SHBrowseForFolderA Hint[121]
SHELL32.dll.SHGetFileInfoA Hint[172]
SHELL32.dll.ShellExecuteA Hint[263]
SHELL32.dll.SHFileOperationA Hint[154]
SHELL32.dll.SHGetSpecialFolderLocation Hint[195]
[IMAGE_IMPORT_DESCRIPTOR]
0x63F4 0x0 OriginalFirstThunk: 0x7458
0x63F4 0x0 Characteristics: 0x7458
0x63F8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x63FC 0x8 ForwarderChain: 0x0
0x6400 0xC Name: 0x8098
0x6404 0x10 FirstThunk: 0x7000
ADVAPI32.dll.RegQueryValueExA Hint[503]
ADVAPI32.dll.RegSetValueExA Hint[516]
ADVAPI32.dll.RegEnumKeyA Hint[477]
ADVAPI32.dll.RegEnumValueA Hint[481]
ADVAPI32.dll.RegOpenKeyExA Hint[492]
ADVAPI32.dll.RegDeleteKeyA Hint[468]
ADVAPI32.dll.RegDeleteValueA Hint[472]
ADVAPI32.dll.RegCloseKey Hint[459]
ADVAPI32.dll.RegCreateKeyExA Hint[465]
[IMAGE_IMPORT_DESCRIPTOR]
0x6408 0x0 OriginalFirstThunk: 0x7480
0x6408 0x0 Characteristics: 0x7480
0x640C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6410 0x8 ForwarderChain: 0x0
0x6414 0xC Name: 0x80E4
0x6418 0x10 FirstThunk: 0x7028
COMCTL32.dll.ImageList_AddMasked Hint[52]
COMCTL32.dll.ImageList_Destroy Hint[56]
COMCTL32.dll Ordinal[17] (Imported by Ordinal)
COMCTL32.dll.ImageList_Create Hint[55]
[IMAGE_IMPORT_DESCRIPTOR]
0x641C 0x0 OriginalFirstThunk: 0x76D0
0x641C 0x0 Characteristics: 0x76D0
0x6420 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6424 0x8 ForwarderChain: 0x0
0x6428 0xC Name: 0x8138
0x642C 0x10 FirstThunk: 0x7278
ole32.dll.CoTaskMemFree Hint[101]
ole32.dll.OleInitialize Hint[238]
ole32.dll.OleUninitialize Hint[261]
ole32.dll.CoCreateInstance Hint[16]
[IMAGE_IMPORT_DESCRIPTOR]
0x6430 0x0 OriginalFirstThunk: 0x76C0
0x6430 0x0 Characteristics: 0x76C0
0x6434 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6438 0x8 ForwarderChain: 0x0
0x643C 0xC Name: 0x8184
0x6440 0x10 FirstThunk: 0x7268
VERSION.dll.GetFileVersionInfoSizeA Hint[1]
VERSION.dll.GetFileVersionInfoA Hint[0]
VERSION.dll.VerQueryValueA Hint[10]
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0x7600 0x0 Characteristics: 0x0
0x7604 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7608 0x8 MajorVersion: 0x0
0x760A 0xA MinorVersion: 0x0
0x760C 0xC NumberOfNamedEntries: 0x0
0x760E 0xE NumberOfIdEntries: 0x6
Id: [0x2] (RT_BITMAP)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7610 0x0 Name: 0x2
0x7614 0x4 OffsetToData: 0x80000040
[IMAGE_RESOURCE_DIRECTORY]
0x7640 0x0 Characteristics: 0x0
0x7644 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7648 0x8 MajorVersion: 0x0
0x764A 0xA MinorVersion: 0x0
0x764C 0xC NumberOfNamedEntries: 0x0
0x764E 0xE NumberOfIdEntries: 0x1
Id: [0x6E]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7650 0x0 Name: 0x6E
0x7654 0x4 OffsetToData: 0x80000138
[IMAGE_RESOURCE_DIRECTORY]
0x7738 0x0 Characteristics: 0x0
0x773C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7740 0x8 MajorVersion: 0x0
0x7742 0xA MinorVersion: 0x0
0x7744 0xC NumberOfNamedEntries: 0x0
0x7746 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7748 0x0 Name: 0x409
0x774C 0x4 OffsetToData: 0x300
[IMAGE_RESOURCE_DATA_ENTRY]
0x7900 0x0 OffsetToData: 0x3E430
0x7904 0x4 Size: 0x666
0x7908 0x8 CodePage: 0x0
0x790C 0xC Reserved: 0x0
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7618 0x0 Name: 0x3
0x761C 0x4 OffsetToData: 0x80000058
[IMAGE_RESOURCE_DIRECTORY]
0x7658 0x0 Characteristics: 0x0
0x765C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7660 0x8 MajorVersion: 0x0
0x7662 0xA MinorVersion: 0x0
0x7664 0xC NumberOfNamedEntries: 0x0
0x7666 0xE NumberOfIdEntries: 0x3
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7668 0x0 Name: 0x1
0x766C 0x4 OffsetToData: 0x80000150
[IMAGE_RESOURCE_DIRECTORY]
0x7750 0x0 Characteristics: 0x0
0x7754 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7758 0x8 MajorVersion: 0x0
0x775A 0xA MinorVersion: 0x0
0x775C 0xC NumberOfNamedEntries: 0x0
0x775E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7760 0x0 Name: 0x409
0x7764 0x4 OffsetToData: 0x310
[IMAGE_RESOURCE_DATA_ENTRY]
0x7910 0x0 OffsetToData: 0x3EA98
0x7914 0x4 Size: 0x25A8
0x7918 0x8 CodePage: 0x0
0x791C 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7670 0x0 Name: 0x2
0x7674 0x4 OffsetToData: 0x80000168
[IMAGE_RESOURCE_DIRECTORY]
0x7768 0x0 Characteristics: 0x0
0x776C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7770 0x8 MajorVersion: 0x0
0x7772 0xA MinorVersion: 0x0
0x7774 0xC NumberOfNamedEntries: 0x0
0x7776 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7778 0x0 Name: 0x409
0x777C 0x4 OffsetToData: 0x320
[IMAGE_RESOURCE_DATA_ENTRY]
0x7920 0x0 OffsetToData: 0x41040
0x7924 0x4 Size: 0x10A8
0x7928 0x8 CodePage: 0x0
0x792C 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7678 0x0 Name: 0x3
0x767C 0x4 OffsetToData: 0x80000180
[IMAGE_RESOURCE_DIRECTORY]
0x7780 0x0 Characteristics: 0x0
0x7784 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7788 0x8 MajorVersion: 0x0
0x778A 0xA MinorVersion: 0x0
0x778C 0xC NumberOfNamedEntries: 0x0
0x778E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7790 0x0 Name: 0x409
0x7794 0x4 OffsetToData: 0x330
[IMAGE_RESOURCE_DATA_ENTRY]
0x7930 0x0 OffsetToData: 0x420E8
0x7934 0x4 Size: 0x468
0x7938 0x8 CodePage: 0x0
0x793C 0xC Reserved: 0x0
Id: [0x5] (RT_DIALOG)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7620 0x0 Name: 0x5
0x7624 0x4 OffsetToData: 0x80000080
[IMAGE_RESOURCE_DIRECTORY]
0x7680 0x0 Characteristics: 0x0
0x7684 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7688 0x8 MajorVersion: 0x0
0x768A 0xA MinorVersion: 0x0
0x768C 0xC NumberOfNamedEntries: 0x0
0x768E 0xE NumberOfIdEntries: 0xC
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7690 0x0 Name: 0x67
0x7694 0x4 OffsetToData: 0x80000198
[IMAGE_RESOURCE_DIRECTORY]
0x7798 0x0 Characteristics: 0x0
0x779C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77A0 0x8 MajorVersion: 0x0
0x77A2 0xA MinorVersion: 0x0
0x77A4 0xC NumberOfNamedEntries: 0x0
0x77A6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77A8 0x0 Name: 0x409
0x77AC 0x4 OffsetToData: 0x340
[IMAGE_RESOURCE_DATA_ENTRY]
0x7940 0x0 OffsetToData: 0x42550
0x7944 0x4 Size: 0x120
0x7948 0x8 CodePage: 0x0
0x794C 0xC Reserved: 0x0
Id: [0x68]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7698 0x0 Name: 0x68
0x769C 0x4 OffsetToData: 0x800001B0
[IMAGE_RESOURCE_DIRECTORY]
0x77B0 0x0 Characteristics: 0x0
0x77B4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77B8 0x8 MajorVersion: 0x0
0x77BA 0xA MinorVersion: 0x0
0x77BC 0xC NumberOfNamedEntries: 0x0
0x77BE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77C0 0x0 Name: 0x409
0x77C4 0x4 OffsetToData: 0x350
[IMAGE_RESOURCE_DATA_ENTRY]
0x7950 0x0 OffsetToData: 0x42670
0x7954 0x4 Size: 0x158
0x7958 0x8 CodePage: 0x0
0x795C 0xC Reserved: 0x0
Id: [0x69]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76A0 0x0 Name: 0x69
0x76A4 0x4 OffsetToData: 0x800001C8
[IMAGE_RESOURCE_DIRECTORY]
0x77C8 0x0 Characteristics: 0x0
0x77CC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77D0 0x8 MajorVersion: 0x0
0x77D2 0xA MinorVersion: 0x0
0x77D4 0xC NumberOfNamedEntries: 0x0
0x77D6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77D8 0x0 Name: 0x409
0x77DC 0x4 OffsetToData: 0x360
[IMAGE_RESOURCE_DATA_ENTRY]
0x7960 0x0 OffsetToData: 0x427C8
0x7964 0x4 Size: 0x202
0x7968 0x8 CodePage: 0x0
0x796C 0xC Reserved: 0x0
Id: [0x6A]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76A8 0x0 Name: 0x6A
0x76AC 0x4 OffsetToData: 0x800001E0
[IMAGE_RESOURCE_DIRECTORY]
0x77E0 0x0 Characteristics: 0x0
0x77E4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x77E8 0x8 MajorVersion: 0x0
0x77EA 0xA MinorVersion: 0x0
0x77EC 0xC NumberOfNamedEntries: 0x0
0x77EE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x77F0 0x0 Name: 0x409
0x77F4 0x4 OffsetToData: 0x370
[IMAGE_RESOURCE_DATA_ENTRY]
0x7970 0x0 OffsetToData: 0x429D0
0x7974 0x4 Size: 0xF8
0x7978 0x8 CodePage: 0x0
0x797C 0xC Reserved: 0x0
Id: [0x6B]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76B0 0x0 Name: 0x6B
0x76B4 0x4 OffsetToData: 0x800001F8
[IMAGE_RESOURCE_DIRECTORY]
0x77F8 0x0 Characteristics: 0x0
0x77FC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7800 0x8 MajorVersion: 0x0
0x7802 0xA MinorVersion: 0x0
0x7804 0xC NumberOfNamedEntries: 0x0
0x7806 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7808 0x0 Name: 0x409
0x780C 0x4 OffsetToData: 0x380
[IMAGE_RESOURCE_DATA_ENTRY]
0x7980 0x0 OffsetToData: 0x42AC8
0x7984 0x4 Size: 0xA0
0x7988 0x8 CodePage: 0x0
0x798C 0xC Reserved: 0x0
Id: [0x6F]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76B8 0x0 Name: 0x6F
0x76BC 0x4 OffsetToData: 0x80000210
[IMAGE_RESOURCE_DIRECTORY]
0x7810 0x0 Characteristics: 0x0
0x7814 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7818 0x8 MajorVersion: 0x0
0x781A 0xA MinorVersion: 0x0
0x781C 0xC NumberOfNamedEntries: 0x0
0x781E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7820 0x0 Name: 0x409
0x7824 0x4 OffsetToData: 0x390
[IMAGE_RESOURCE_DATA_ENTRY]
0x7990 0x0 OffsetToData: 0x42B68
0x7994 0x4 Size: 0xEE
0x7998 0x8 CodePage: 0x0
0x799C 0xC Reserved: 0x0
Id: [0xCB]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76C0 0x0 Name: 0xCB
0x76C4 0x4 OffsetToData: 0x80000228
[IMAGE_RESOURCE_DIRECTORY]
0x7828 0x0 Characteristics: 0x0
0x782C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7830 0x8 MajorVersion: 0x0
0x7832 0xA MinorVersion: 0x0
0x7834 0xC NumberOfNamedEntries: 0x0
0x7836 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7838 0x0 Name: 0x409
0x783C 0x4 OffsetToData: 0x3A0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79A0 0x0 OffsetToData: 0x42C58
0x79A4 0x4 Size: 0x120
0x79A8 0x8 CodePage: 0x0
0x79AC 0xC Reserved: 0x0
Id: [0xCC]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76C8 0x0 Name: 0xCC
0x76CC 0x4 OffsetToData: 0x80000240
[IMAGE_RESOURCE_DIRECTORY]
0x7840 0x0 Characteristics: 0x0
0x7844 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7848 0x8 MajorVersion: 0x0
0x784A 0xA MinorVersion: 0x0
0x784C 0xC NumberOfNamedEntries: 0x0
0x784E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7850 0x0 Name: 0x409
0x7854 0x4 OffsetToData: 0x3B0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79B0 0x0 OffsetToData: 0x42D78
0x79B4 0x4 Size: 0x158
0x79B8 0x8 CodePage: 0x0
0x79BC 0xC Reserved: 0x0
Id: [0xCD]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76D0 0x0 Name: 0xCD
0x76D4 0x4 OffsetToData: 0x80000258
[IMAGE_RESOURCE_DIRECTORY]
0x7858 0x0 Characteristics: 0x0
0x785C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7860 0x8 MajorVersion: 0x0
0x7862 0xA MinorVersion: 0x0
0x7864 0xC NumberOfNamedEntries: 0x0
0x7866 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7868 0x0 Name: 0x409
0x786C 0x4 OffsetToData: 0x3C0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79C0 0x0 OffsetToData: 0x42ED0
0x79C4 0x4 Size: 0x202
0x79C8 0x8 CodePage: 0x0
0x79CC 0xC Reserved: 0x0
Id: [0xCE]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76D8 0x0 Name: 0xCE
0x76DC 0x4 OffsetToData: 0x80000270
[IMAGE_RESOURCE_DIRECTORY]
0x7870 0x0 Characteristics: 0x0
0x7874 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7878 0x8 MajorVersion: 0x0
0x787A 0xA MinorVersion: 0x0
0x787C 0xC NumberOfNamedEntries: 0x0
0x787E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7880 0x0 Name: 0x409
0x7884 0x4 OffsetToData: 0x3D0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79D0 0x0 OffsetToData: 0x430D8
0x79D4 0x4 Size: 0xF8
0x79D8 0x8 CodePage: 0x0
0x79DC 0xC Reserved: 0x0
Id: [0xCF]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76E0 0x0 Name: 0xCF
0x76E4 0x4 OffsetToData: 0x80000288
[IMAGE_RESOURCE_DIRECTORY]
0x7888 0x0 Characteristics: 0x0
0x788C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7890 0x8 MajorVersion: 0x0
0x7892 0xA MinorVersion: 0x0
0x7894 0xC NumberOfNamedEntries: 0x0
0x7896 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7898 0x0 Name: 0x409
0x789C 0x4 OffsetToData: 0x3E0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79E0 0x0 OffsetToData: 0x431D0
0x79E4 0x4 Size: 0xA0
0x79E8 0x8 CodePage: 0x0
0x79EC 0xC Reserved: 0x0
Id: [0xD3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x76E8 0x0 Name: 0xD3
0x76EC 0x4 OffsetToData: 0x800002A0
[IMAGE_RESOURCE_DIRECTORY]
0x78A0 0x0 Characteristics: 0x0
0x78A4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78A8 0x8 MajorVersion: 0x0
0x78AA 0xA MinorVersion: 0x0
0x78AC 0xC NumberOfNamedEntries: 0x0
0x78AE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78B0 0x0 Name: 0x409
0x78B4 0x4 OffsetToData: 0x3F0
[IMAGE_RESOURCE_DATA_ENTRY]
0x79F0 0x0 OffsetToData: 0x43270
0x79F4 0x4 Size: 0xEE
0x79F8 0x8 CodePage: 0x0
0x79FC 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7628 0x0 Name: 0xE
0x762C 0x4 OffsetToData: 0x800000F0
[IMAGE_RESOURCE_DIRECTORY]
0x76F0 0x0 Characteristics: 0x0
0x76F4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x76F8 0x8 MajorVersion: 0x0
0x76FA 0xA MinorVersion: 0x0
0x76FC 0xC NumberOfNamedEntries: 0x0
0x76FE 0xE NumberOfIdEntries: 0x1
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7700 0x0 Name: 0x67
0x7704 0x4 OffsetToData: 0x800002B8
[IMAGE_RESOURCE_DIRECTORY]
0x78B8 0x0 Characteristics: 0x0
0x78BC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78C0 0x8 MajorVersion: 0x0
0x78C2 0xA MinorVersion: 0x0
0x78C4 0xC NumberOfNamedEntries: 0x0
0x78C6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78C8 0x0 Name: 0x409
0x78CC 0x4 OffsetToData: 0x400
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A00 0x0 OffsetToData: 0x43360
0x7A04 0x4 Size: 0x30
0x7A08 0x8 CodePage: 0x0
0x7A0C 0xC Reserved: 0x0
Id: [0x10] (RT_VERSION)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7630 0x0 Name: 0x10
0x7634 0x4 OffsetToData: 0x80000108
[IMAGE_RESOURCE_DIRECTORY]
0x7708 0x0 Characteristics: 0x0
0x770C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7710 0x8 MajorVersion: 0x0
0x7712 0xA MinorVersion: 0x0
0x7714 0xC NumberOfNamedEntries: 0x0
0x7716 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7718 0x0 Name: 0x1
0x771C 0x4 OffsetToData: 0x800002D0
[IMAGE_RESOURCE_DIRECTORY]
0x78D0 0x0 Characteristics: 0x0
0x78D4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78D8 0x8 MajorVersion: 0x0
0x78DA 0xA MinorVersion: 0x0
0x78DC 0xC NumberOfNamedEntries: 0x0
0x78DE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78E0 0x0 Name: 0x0
0x78E4 0x4 OffsetToData: 0x410
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A10 0x0 OffsetToData: 0x43390
0x7A14 0x4 Size: 0x254
0x7A18 0x8 CodePage: 0x0
0x7A1C 0xC Reserved: 0x0
Id: [0x18] (RT_MANIFEST)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7638 0x0 Name: 0x18
0x763C 0x4 OffsetToData: 0x80000120
[IMAGE_RESOURCE_DIRECTORY]
0x7720 0x0 Characteristics: 0x0
0x7724 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7728 0x8 MajorVersion: 0x0
0x772A 0xA MinorVersion: 0x0
0x772C 0xC NumberOfNamedEntries: 0x0
0x772E 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7730 0x0 Name: 0x1
0x7734 0x4 OffsetToData: 0x800002E8
[IMAGE_RESOURCE_DIRECTORY]
0x78E8 0x0 Characteristics: 0x0
0x78EC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x78F0 0x8 MajorVersion: 0x0
0x78F2 0xA MinorVersion: 0x0
0x78F4 0xC NumberOfNamedEntries: 0x0
0x78F6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x78F8 0x0 Name: 0x409
0x78FC 0x4 OffsetToData: 0x420
[IMAGE_RESOURCE_DATA_ENTRY]
0x7A20 0x0 OffsetToData: 0x435E8
0x7A24 0x4 Size: 0x3BA
0x7A28 0x8 CodePage: 0x0
0x7A2C 0xC Reserved: 0x0
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий