пятница, 25 мая 2012 г.
e7339cb1edf8b85fe8da00a9e022a5db
FileName: 1012922_e7339cb1edf8b85fe8da00a9e022a5db.exe
Size : 1012922
Md5 : e7339cb1edf8b85fe8da00a9e022a5db
PEiD : None
Virus Total Result:
NOD32 -> Win32/InstallMonetizer
ClamAV -> Adware.Downware-1
DrWeb -> Adware.Downware.193
VIPRE -> Trojan.Win32.Generic!BT
AntiVir -> Adware/Downware.C
Fortinet -> W32/InstallMonetizer
FileInfo:
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0xD8
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0xD8 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0xDC 0x0 Machine: 0x14C
0xDE 0x2 NumberOfSections: 0x5
0xE0 0x4 TimeDateStamp: 0x4B1AE3CC [Sat Dec 05 22:50:52 2009 UTC]
0xE4 0x8 PointerToSymbolTable: 0x0
0xE8 0xC NumberOfSymbols: 0x0
0xEC 0x10 SizeOfOptionalHeader: 0xE0
0xEE 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER]
0xF0 0x0 Magic: 0x10B
0xF2 0x2 MajorLinkerVersion: 0x6
0xF3 0x3 MinorLinkerVersion: 0x0
0xF4 0x4 SizeOfCode: 0x5E00
0xF8 0x8 SizeOfInitializedData: 0x28400
0xFC 0xC SizeOfUninitializedData: 0x400
0x100 0x10 AddressOfEntryPoint: 0x30FA
0x104 0x14 BaseOfCode: 0x1000
0x108 0x18 BaseOfData: 0x7000
0x10C 0x1C ImageBase: 0x400000
0x110 0x20 SectionAlignment: 0x1000
0x114 0x24 FileAlignment: 0x200
0x118 0x28 MajorOperatingSystemVersion: 0x4
0x11A 0x2A MinorOperatingSystemVersion: 0x0
0x11C 0x2C MajorImageVersion: 0x6
0x11E 0x2E MinorImageVersion: 0x0
0x120 0x30 MajorSubsystemVersion: 0x4
0x122 0x32 MinorSubsystemVersion: 0x0
0x124 0x34 Reserved1: 0x0
0x128 0x38 SizeOfImage: 0x66000
0x12C 0x3C SizeOfHeaders: 0x400
0x130 0x40 CheckSum: 0x0
0x134 0x44 Subsystem: 0x2
0x136 0x46 DllCharacteristics: 0x8000
0x138 0x48 SizeOfStackReserve: 0x100000
0x13C 0x4C SizeOfStackCommit: 0x1000
0x140 0x50 SizeOfHeapReserve: 0x100000
0x144 0x54 SizeOfHeapCommit: 0x1000
0x148 0x58 LoaderFlags: 0x0
0x14C 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x1D0 0x0 Name: .text
0x1D8 0x8 Misc: 0x5C4C
0x1D8 0x8 Misc_PhysicalAddress: 0x5C4C
0x1D8 0x8 Misc_VirtualSize: 0x5C4C
0x1DC 0xC VirtualAddress: 0x1000
0x1E0 0x10 SizeOfRawData: 0x5E00
0x1E4 0x14 PointerToRawData: 0x400
0x1E8 0x18 PointerToRelocations: 0x0
0x1EC 0x1C PointerToLinenumbers: 0x0
0x1F0 0x20 NumberOfRelocations: 0x0
0x1F2 0x22 NumberOfLinenumbers: 0x0
0x1F4 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 6.440106 (Min=0.0, Max=8.0)
MD5 hash: 856b32eb77dfd6fb67f21d6543272da5
SHA-1 hash: 6597c511c2ee72f68f5246460f0683dae16dcade
SHA-256 hash: c6c2b4f41d6598b94106de36b422dd84534fd9a11d84b2b6a47b3be49524c750
SHA-512 hash: ab63000ac3d79ebc7f89635d65cd81e60160d5f208b2b87016413cd021116a5420ffc1eddfec7e6c1906654946fb739f90cd041a53cc2b92ebb3f23919fd51b5
[IMAGE_SECTION_HEADER]
0x1F8 0x0 Name: .rdata
0x200 0x8 Misc: 0x129C
0x200 0x8 Misc_PhysicalAddress: 0x129C
0x200 0x8 Misc_VirtualSize: 0x129C
0x204 0xC VirtualAddress: 0x7000
0x208 0x10 SizeOfRawData: 0x1400
0x20C 0x14 PointerToRawData: 0x6200
0x210 0x18 PointerToRelocations: 0x0
0x214 0x1C PointerToLinenumbers: 0x0
0x218 0x20 NumberOfRelocations: 0x0
0x21A 0x22 NumberOfLinenumbers: 0x0
0x21C 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.046835 (Min=0.0, Max=8.0)
MD5 hash: dc77f8a1e6985a4361c55642680ddb4f
SHA-1 hash: 3d397ee25b2dd83ab741c67375880151cae94ed8
SHA-256 hash: 576cdd5bc72421d008c86f056d0727c54cc8b3ec0961e5d0462af48278543d51
SHA-512 hash: 24a96101a9aa268f5cddf58a5cea87c2ffbe0bd1e1b11c3408cdfb2cd3b5fd8eb36b739b5de796e8fb5bd118917e2eca4ba72502d6c64007e87c37e3381aee09
[IMAGE_SECTION_HEADER]
0x220 0x0 Name: .data
0x228 0x8 Misc: 0x25C58
0x228 0x8 Misc_PhysicalAddress: 0x25C58
0x228 0x8 Misc_VirtualSize: 0x25C58
0x22C 0xC VirtualAddress: 0x9000
0x230 0x10 SizeOfRawData: 0x400
0x234 0x14 PointerToRawData: 0x7600
0x238 0x18 PointerToRelocations: 0x0
0x23C 0x1C PointerToLinenumbers: 0x0
0x240 0x20 NumberOfRelocations: 0x0
0x242 0x22 NumberOfLinenumbers: 0x0
0x244 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.801004 (Min=0.0, Max=8.0)
MD5 hash: 7922d4ce117d7d5b3ac2cffe4b0b5e4f
SHA-1 hash: 4e56bb1994226ae0285c7adee470777262de2c99
SHA-256 hash: 97773fd68ac3aebb9795c59dc00c5dbc0c992ce0c3c2ef90bfff27eb1cd72b3d
SHA-512 hash: 3e64d43144ed740a982f3c75d41c0a65b3ac1879a6783ea0efa3d101fdaf8407090387275e67934e7b81dd307c161360fe72d3e68d471b0835b249424e5fc33b
[IMAGE_SECTION_HEADER]
0x248 0x0 Name: .ndata
0x250 0x8 Misc: 0x33000
0x250 0x8 Misc_PhysicalAddress: 0x33000
0x250 0x8 Misc_VirtualSize: 0x33000
0x254 0xC VirtualAddress: 0x2F000
0x258 0x10 SizeOfRawData: 0x0
0x25C 0x14 PointerToRawData: 0x0
0x260 0x18 PointerToRelocations: 0x0
0x264 0x1C PointerToLinenumbers: 0x0
0x268 0x20 NumberOfRelocations: 0x0
0x26A 0x22 NumberOfLinenumbers: 0x0
0x26C 0x24 Characteristics: 0xC0000080
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 0.000000 (Min=0.0, Max=8.0)
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
[IMAGE_SECTION_HEADER]
0x270 0x0 Name: .rsrc
0x278 0x8 Misc: 0x3F00
0x278 0x8 Misc_PhysicalAddress: 0x3F00
0x278 0x8 Misc_VirtualSize: 0x3F00
0x27C 0xC VirtualAddress: 0x62000
0x280 0x10 SizeOfRawData: 0x4000
0x284 0x14 PointerToRawData: 0x7A00
0x288 0x18 PointerToRelocations: 0x0
0x28C 0x1C PointerToLinenumbers: 0x0
0x290 0x20 NumberOfRelocations: 0x0
0x292 0x22 NumberOfLinenumbers: 0x0
0x294 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 0.886793 (Min=0.0, Max=8.0)
MD5 hash: 8b088a1f19e5d23785f20be01fc6b5e1
SHA-1 hash: cf08fb09497412ee6abef3b7a681c14c4ab67547
SHA-256 hash: d524bd2a00db22703ed2ec7e9fa950c99a95ade98f4866bd799d12ace9148973
SHA-512 hash: 910986c2433d22882ea9de258f3c9d76150d30fcf815e03b6488c5257f055d0cea13ae83b8327217bbd40bada2956a0a1d9bf35edf46e25504e6bd8e17e7979a
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x158 0x0 VirtualAddress: 0x74B0
0x15C 0x4 Size: 0xB4
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x160 0x0 VirtualAddress: 0x62000
0x164 0x4 Size: 0x3F00
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x168 0x0 VirtualAddress: 0x0
0x16C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x178 0x0 VirtualAddress: 0x0
0x17C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x180 0x0 VirtualAddress: 0x0
0x184 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x188 0x0 VirtualAddress: 0x0
0x18C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x190 0x0 VirtualAddress: 0x0
0x194 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x198 0x0 VirtualAddress: 0x0
0x19C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x1A0 0x0 VirtualAddress: 0x0
0x1A4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x1A8 0x0 VirtualAddress: 0x0
0x1AC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x1B0 0x0 VirtualAddress: 0x7000
0x1B4 0x4 Size: 0x28C
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x1B8 0x0 VirtualAddress: 0x0
0x1BC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x1C0 0x0 VirtualAddress: 0x0
0x1C4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x1C8 0x0 VirtualAddress: 0x0
0x1CC 0x4 Size: 0x0
----------Imported symbols----------
[IMAGE_IMPORT_DESCRIPTOR]
0x66B0 0x0 OriginalFirstThunk: 0x75C4
0x66B0 0x0 Characteristics: 0x75C4
0x66B4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x66B8 0x8 ForwarderChain: 0x0
0x66BC 0xC Name: 0x7BE0
0x66C0 0x10 FirstThunk: 0x7060
KERNEL32.dll.CompareFileTime Hint[57]
KERNEL32.dll.SearchPathA Hint[731]
KERNEL32.dll.GetShortPathNameA Hint[437]
KERNEL32.dll.GetFullPathNameA Hint[361]
KERNEL32.dll.MoveFileA Hint[622]
KERNEL32.dll.SetCurrentDirectoryA Hint[778]
KERNEL32.dll.GetFileAttributesA Hint[350]
KERNEL32.dll.GetLastError Hint[369]
KERNEL32.dll.CreateDirectoryA Hint[75]
KERNEL32.dll.SetFileAttributesA Hint[793]
KERNEL32.dll.Sleep Hint[854]
KERNEL32.dll.GetTickCount Hint[479]
KERNEL32.dll.GetFileSize Hint[355]
KERNEL32.dll.GetModuleFileNameA Hint[381]
KERNEL32.dll.GetCurrentProcess Hint[322]
KERNEL32.dll.CopyFileA Hint[67]
KERNEL32.dll.ExitProcess Hint[185]
KERNEL32.dll.GetWindowsDirectoryA Hint[499]
KERNEL32.dll.SetFileTime Hint[799]
KERNEL32.dll.GetCommandLineA Hint[272]
KERNEL32.dll.SetErrorMode Hint[789]
KERNEL32.dll.LoadLibraryA Hint[594]
KERNEL32.dll.lstrcpynA Hint[969]
KERNEL32.dll.GetDiskFreeSpaceA Hint[333]
KERNEL32.dll.GlobalUnlock Hint[522]
KERNEL32.dll.GlobalLock Hint[515]
KERNEL32.dll.CreateThread Hint[111]
KERNEL32.dll.CreateProcessA Hint[102]
KERNEL32.dll.RemoveDirectoryA Hint[708]
KERNEL32.dll.CreateFileA Hint[83]
KERNEL32.dll.GetTempFileNameA Hint[467]
KERNEL32.dll.lstrlenA Hint[972]
KERNEL32.dll.lstrcatA Hint[957]
KERNEL32.dll.GetSystemDirectoryA Hint[449]
KERNEL32.dll.GetVersion Hint[488]
KERNEL32.dll.CloseHandle Hint[52]
KERNEL32.dll.lstrcmpiA Hint[963]
KERNEL32.dll.lstrcmpA Hint[960]
KERNEL32.dll.ExpandEnvironmentStringsA Hint[188]
KERNEL32.dll.GlobalFree Hint[511]
KERNEL32.dll.GlobalAlloc Hint[504]
KERNEL32.dll.WaitForSingleObject Hint[912]
KERNEL32.dll.GetExitCodeProcess Hint[346]
KERNEL32.dll.GetModuleHandleA Hint[383]
KERNEL32.dll.LoadLibraryExA Hint[595]
KERNEL32.dll.GetProcAddress Hint[416]
KERNEL32.dll.FreeLibrary Hint[248]
KERNEL32.dll.MultiByteToWideChar Hint[629]
KERNEL32.dll.WritePrivateProfileStringA Hint[937]
KERNEL32.dll.GetPrivateProfileStringA Hint[412]
KERNEL32.dll.WriteFile Hint[932]
KERNEL32.dll.ReadFile Hint[693]
KERNEL32.dll.MulDiv Hint[628]
KERNEL32.dll.SetFilePointer Hint[795]
KERNEL32.dll.FindClose Hint[206]
KERNEL32.dll.FindNextFileA Hint[220]
KERNEL32.dll.FindFirstFileA Hint[210]
KERNEL32.dll.DeleteFileA Hint[131]
KERNEL32.dll.GetTempPathA Hint[469]
[IMAGE_IMPORT_DESCRIPTOR]
0x66C4 0x0 OriginalFirstThunk: 0x76D0
0x66C4 0x0 Characteristics: 0x76D0
0x66C8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x66CC 0x8 ForwarderChain: 0x0
0x66D0 0xC Name: 0x7FE4
0x66D4 0x10 FirstThunk: 0x716C
USER32.dll.EndDialog Hint[198]
USER32.dll.ScreenToClient Hint[561]
USER32.dll.GetWindowRect Hint[372]
USER32.dll.EnableMenuItem Hint[194]
USER32.dll.GetSystemMenu Hint[348]
USER32.dll.SetClassLongA Hint[583]
USER32.dll.IsWindowEnabled Hint[430]
USER32.dll.SetWindowPos Hint[643]
USER32.dll.GetSysColor Hint[346]
USER32.dll.GetWindowLongA Hint[366]
USER32.dll.SetCursor Hint[589]
USER32.dll.LoadCursorA Hint[442]
USER32.dll.CheckDlgButton Hint[56]
USER32.dll.GetMessagePos Hint[316]
USER32.dll.LoadBitmapA Hint[440]
USER32.dll.CallWindowProcA Hint[27]
USER32.dll.IsWindowVisible Hint[433]
USER32.dll.CloseClipboard Hint[66]
USER32.dll.SetClipboardData Hint[586]
USER32.dll.EmptyClipboard Hint[193]
USER32.dll.RegisterClassA Hint[534]
USER32.dll.TrackPopupMenu Hint[676]
USER32.dll.AppendMenuA Hint[8]
USER32.dll.CreatePopupMenu Hint[94]
USER32.dll.GetSystemMetrics Hint[349]
USER32.dll.SetDlgItemTextA Hint[595]
USER32.dll.GetDlgItemTextA Hint[275]
USER32.dll.MessageBoxIndirectA Hint[482]
USER32.dll.CharPrevA Hint[45]
USER32.dll.DispatchMessageA Hint[161]
USER32.dll.PeekMessageA Hint[512]
USER32.dll.DestroyWindow Hint[153]
USER32.dll.CreateDialogParamA Hint[85]
USER32.dll.SetTimer Hint[634]
USER32.dll.SetWindowTextA Hint[646]
USER32.dll.PostQuitMessage Hint[516]
USER32.dll.SetForegroundWindow Hint[599]
USER32.dll.wsprintfA Hint[727]
USER32.dll.SendMessageTimeoutA Hint[574]
USER32.dll.FindWindowExA Hint[228]
USER32.dll.SystemParametersInfoA Hint[665]
USER32.dll.CreateWindowExA Hint[96]
USER32.dll.GetClassInfoA Hint[246]
USER32.dll.DialogBoxParamA Hint[158]
USER32.dll.CharNextA Hint[42]
USER32.dll.OpenClipboard Hint[502]
USER32.dll.ExitWindowsEx Hint[225]
USER32.dll.IsWindow Hint[429]
USER32.dll.GetDlgItem Hint[273]
USER32.dll.SetWindowLongA Hint[640]
USER32.dll.LoadImageA Hint[448]
USER32.dll.GetDC Hint[268]
USER32.dll.EnableWindow Hint[196]
USER32.dll.InvalidateRect Hint[403]
USER32.dll.SendMessageA Hint[571]
USER32.dll.DefWindowProcA Hint[142]
USER32.dll.BeginPaint Hint[13]
USER32.dll.GetClientRect Hint[255]
USER32.dll.FillRect Hint[226]
USER32.dll.DrawTextA Hint[188]
USER32.dll.EndPaint Hint[200]
USER32.dll.ShowWindow Hint[658]
[IMAGE_IMPORT_DESCRIPTOR]
0x66D8 0x0 OriginalFirstThunk: 0x75A0
0x66D8 0x0 Characteristics: 0x75A0
0x66DC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x66E0 0x8 ForwarderChain: 0x0
0x66E4 0xC Name: 0x8076
0x66E8 0x10 FirstThunk: 0x703C
GDI32.dll.SetBkColor Hint[533]
GDI32.dll.GetDeviceCaps Hint[363]
GDI32.dll.DeleteObject Hint[143]
GDI32.dll.CreateBrushIndirect Hint[41]
GDI32.dll.CreateFontIndirectA Hint[58]
GDI32.dll.SetBkMode Hint[534]
GDI32.dll.SetTextColor Hint[572]
GDI32.dll.SelectObject Hint[526]
[IMAGE_IMPORT_DESCRIPTOR]
0x66EC 0x0 OriginalFirstThunk: 0x76B4
0x66EC 0x0 Characteristics: 0x76B4
0x66F0 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x66F4 0x8 ForwarderChain: 0x0
0x66F8 0xC Name: 0x8102
0x66FC 0x10 FirstThunk: 0x7150
SHELL32.dll.SHGetPathFromIDListA Hint[188]
SHELL32.dll.SHBrowseForFolderA Hint[121]
SHELL32.dll.SHGetFileInfoA Hint[172]
SHELL32.dll.ShellExecuteA Hint[263]
SHELL32.dll.SHFileOperationA Hint[154]
SHELL32.dll.SHGetSpecialFolderLocation Hint[195]
[IMAGE_IMPORT_DESCRIPTOR]
0x6700 0x0 OriginalFirstThunk: 0x7564
0x6700 0x0 Characteristics: 0x7564
0x6704 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6708 0x8 ForwarderChain: 0x0
0x670C 0xC Name: 0x81A4
0x6710 0x10 FirstThunk: 0x7000
ADVAPI32.dll.RegQueryValueExA Hint[503]
ADVAPI32.dll.RegSetValueExA Hint[516]
ADVAPI32.dll.RegEnumKeyA Hint[477]
ADVAPI32.dll.RegEnumValueA Hint[481]
ADVAPI32.dll.RegOpenKeyExA Hint[492]
ADVAPI32.dll.RegDeleteKeyA Hint[468]
ADVAPI32.dll.RegDeleteValueA Hint[472]
ADVAPI32.dll.RegCloseKey Hint[459]
ADVAPI32.dll.RegCreateKeyExA Hint[465]
[IMAGE_IMPORT_DESCRIPTOR]
0x6714 0x0 OriginalFirstThunk: 0x758C
0x6714 0x0 Characteristics: 0x758C
0x6718 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x671C 0x8 ForwarderChain: 0x0
0x6720 0xC Name: 0x81F0
0x6724 0x10 FirstThunk: 0x7028
COMCTL32.dll.ImageList_AddMasked Hint[52]
COMCTL32.dll.ImageList_Destroy Hint[56]
COMCTL32.dll Ordinal[17] (Imported by Ordinal)
COMCTL32.dll.ImageList_Create Hint[55]
[IMAGE_IMPORT_DESCRIPTOR]
0x6728 0x0 OriginalFirstThunk: 0x77DC
0x6728 0x0 Characteristics: 0x77DC
0x672C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6730 0x8 ForwarderChain: 0x0
0x6734 0xC Name: 0x8244
0x6738 0x10 FirstThunk: 0x7278
ole32.dll.CoTaskMemFree Hint[101]
ole32.dll.OleInitialize Hint[238]
ole32.dll.OleUninitialize Hint[261]
ole32.dll.CoCreateInstance Hint[16]
[IMAGE_IMPORT_DESCRIPTOR]
0x673C 0x0 OriginalFirstThunk: 0x77CC
0x673C 0x0 Characteristics: 0x77CC
0x6740 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6744 0x8 ForwarderChain: 0x0
0x6748 0xC Name: 0x8290
0x674C 0x10 FirstThunk: 0x7268
VERSION.dll.GetFileVersionInfoSizeA Hint[1]
VERSION.dll.GetFileVersionInfoA Hint[0]
VERSION.dll.VerQueryValueA Hint[10]
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0x7A00 0x0 Characteristics: 0x0
0x7A04 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7A08 0x8 MajorVersion: 0x0
0x7A0A 0xA MinorVersion: 0x0
0x7A0C 0xC NumberOfNamedEntries: 0x0
0x7A0E 0xE NumberOfIdEntries: 0x4
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A10 0x0 Name: 0x3
0x7A14 0x4 OffsetToData: 0x80000030
[IMAGE_RESOURCE_DIRECTORY]
0x7A30 0x0 Characteristics: 0x0
0x7A34 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7A38 0x8 MajorVersion: 0x0
0x7A3A 0xA MinorVersion: 0x0
0x7A3C 0xC NumberOfNamedEntries: 0x0
0x7A3E 0xE NumberOfIdEntries: 0x7
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A40 0x0 Name: 0x1
0x7A44 0x4 OffsetToData: 0x800000D0
[IMAGE_RESOURCE_DIRECTORY]
0x7AD0 0x0 Characteristics: 0x0
0x7AD4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7AD8 0x8 MajorVersion: 0x0
0x7ADA 0xA MinorVersion: 0x0
0x7ADC 0xC NumberOfNamedEntries: 0x0
0x7ADE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7AE0 0x0 Name: 0x409
0x7AE4 0x4 OffsetToData: 0x1F0
[IMAGE_RESOURCE_DATA_ENTRY]
0x7BF0 0x0 OffsetToData: 0x622B0
0x7BF4 0x4 Size: 0x10A8
0x7BF8 0x8 CodePage: 0x0
0x7BFC 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A48 0x0 Name: 0x2
0x7A4C 0x4 OffsetToData: 0x800000E8
[IMAGE_RESOURCE_DIRECTORY]
0x7AE8 0x0 Characteristics: 0x0
0x7AEC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7AF0 0x8 MajorVersion: 0x0
0x7AF2 0xA MinorVersion: 0x0
0x7AF4 0xC NumberOfNamedEntries: 0x0
0x7AF6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7AF8 0x0 Name: 0x409
0x7AFC 0x4 OffsetToData: 0x200
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C00 0x0 OffsetToData: 0x63358
0x7C04 0x4 Size: 0xEA8
0x7C08 0x8 CodePage: 0x0
0x7C0C 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A50 0x0 Name: 0x3
0x7A54 0x4 OffsetToData: 0x80000100
[IMAGE_RESOURCE_DIRECTORY]
0x7B00 0x0 Characteristics: 0x0
0x7B04 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B08 0x8 MajorVersion: 0x0
0x7B0A 0xA MinorVersion: 0x0
0x7B0C 0xC NumberOfNamedEntries: 0x0
0x7B0E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B10 0x0 Name: 0x409
0x7B14 0x4 OffsetToData: 0x210
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C10 0x0 OffsetToData: 0x64200
0x7C14 0x4 Size: 0x8A8
0x7C18 0x8 CodePage: 0x0
0x7C1C 0xC Reserved: 0x0
Id: [0x4]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A58 0x0 Name: 0x4
0x7A5C 0x4 OffsetToData: 0x80000118
[IMAGE_RESOURCE_DIRECTORY]
0x7B18 0x0 Characteristics: 0x0
0x7B1C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B20 0x8 MajorVersion: 0x0
0x7B22 0xA MinorVersion: 0x0
0x7B24 0xC NumberOfNamedEntries: 0x0
0x7B26 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B28 0x0 Name: 0x409
0x7B2C 0x4 OffsetToData: 0x220
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C20 0x0 OffsetToData: 0x64AA8
0x7C24 0x4 Size: 0x568
0x7C28 0x8 CodePage: 0x0
0x7C2C 0xC Reserved: 0x0
Id: [0x5]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A60 0x0 Name: 0x5
0x7A64 0x4 OffsetToData: 0x80000130
[IMAGE_RESOURCE_DIRECTORY]
0x7B30 0x0 Characteristics: 0x0
0x7B34 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B38 0x8 MajorVersion: 0x0
0x7B3A 0xA MinorVersion: 0x0
0x7B3C 0xC NumberOfNamedEntries: 0x0
0x7B3E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B40 0x0 Name: 0x409
0x7B44 0x4 OffsetToData: 0x230
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C30 0x0 OffsetToData: 0x65010
0x7C34 0x4 Size: 0x468
0x7C38 0x8 CodePage: 0x0
0x7C3C 0xC Reserved: 0x0
Id: [0x6]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A68 0x0 Name: 0x6
0x7A6C 0x4 OffsetToData: 0x80000148
[IMAGE_RESOURCE_DIRECTORY]
0x7B48 0x0 Characteristics: 0x0
0x7B4C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B50 0x8 MajorVersion: 0x0
0x7B52 0xA MinorVersion: 0x0
0x7B54 0xC NumberOfNamedEntries: 0x0
0x7B56 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B58 0x0 Name: 0x409
0x7B5C 0x4 OffsetToData: 0x240
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C40 0x0 OffsetToData: 0x65478
0x7C44 0x4 Size: 0x2E8
0x7C48 0x8 CodePage: 0x0
0x7C4C 0xC Reserved: 0x0
Id: [0x7]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A70 0x0 Name: 0x7
0x7A74 0x4 OffsetToData: 0x80000160
[IMAGE_RESOURCE_DIRECTORY]
0x7B60 0x0 Characteristics: 0x0
0x7B64 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B68 0x8 MajorVersion: 0x0
0x7B6A 0xA MinorVersion: 0x0
0x7B6C 0xC NumberOfNamedEntries: 0x0
0x7B6E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B70 0x0 Name: 0x409
0x7B74 0x4 OffsetToData: 0x250
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C50 0x0 OffsetToData: 0x65760
0x7C54 0x4 Size: 0x128
0x7C58 0x8 CodePage: 0x0
0x7C5C 0xC Reserved: 0x0
Id: [0x5] (RT_DIALOG)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A18 0x0 Name: 0x5
0x7A1C 0x4 OffsetToData: 0x80000078
[IMAGE_RESOURCE_DIRECTORY]
0x7A78 0x0 Characteristics: 0x0
0x7A7C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7A80 0x8 MajorVersion: 0x0
0x7A82 0xA MinorVersion: 0x0
0x7A84 0xC NumberOfNamedEntries: 0x0
0x7A86 0xE NumberOfIdEntries: 0x3
Id: [0x69]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A88 0x0 Name: 0x69
0x7A8C 0x4 OffsetToData: 0x80000178
[IMAGE_RESOURCE_DIRECTORY]
0x7B78 0x0 Characteristics: 0x0
0x7B7C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B80 0x8 MajorVersion: 0x0
0x7B82 0xA MinorVersion: 0x0
0x7B84 0xC NumberOfNamedEntries: 0x0
0x7B86 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7B88 0x0 Name: 0x409
0x7B8C 0x4 OffsetToData: 0x260
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C60 0x0 OffsetToData: 0x65888
0x7C64 0x4 Size: 0x202
0x7C68 0x8 CodePage: 0x0
0x7C6C 0xC Reserved: 0x0
Id: [0x6A]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A90 0x0 Name: 0x6A
0x7A94 0x4 OffsetToData: 0x80000190
[IMAGE_RESOURCE_DIRECTORY]
0x7B90 0x0 Characteristics: 0x0
0x7B94 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7B98 0x8 MajorVersion: 0x0
0x7B9A 0xA MinorVersion: 0x0
0x7B9C 0xC NumberOfNamedEntries: 0x0
0x7B9E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7BA0 0x0 Name: 0x409
0x7BA4 0x4 OffsetToData: 0x270
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C70 0x0 OffsetToData: 0x65A90
0x7C74 0x4 Size: 0xF8
0x7C78 0x8 CodePage: 0x0
0x7C7C 0xC Reserved: 0x0
Id: [0x6F]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A98 0x0 Name: 0x6F
0x7A9C 0x4 OffsetToData: 0x800001A8
[IMAGE_RESOURCE_DIRECTORY]
0x7BA8 0x0 Characteristics: 0x0
0x7BAC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7BB0 0x8 MajorVersion: 0x0
0x7BB2 0xA MinorVersion: 0x0
0x7BB4 0xC NumberOfNamedEntries: 0x0
0x7BB6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7BB8 0x0 Name: 0x409
0x7BBC 0x4 OffsetToData: 0x280
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C80 0x0 OffsetToData: 0x65B88
0x7C84 0x4 Size: 0xEE
0x7C88 0x8 CodePage: 0x0
0x7C8C 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A20 0x0 Name: 0xE
0x7A24 0x4 OffsetToData: 0x800000A0
[IMAGE_RESOURCE_DIRECTORY]
0x7AA0 0x0 Characteristics: 0x0
0x7AA4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7AA8 0x8 MajorVersion: 0x0
0x7AAA 0xA MinorVersion: 0x0
0x7AAC 0xC NumberOfNamedEntries: 0x0
0x7AAE 0xE NumberOfIdEntries: 0x1
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7AB0 0x0 Name: 0x67
0x7AB4 0x4 OffsetToData: 0x800001C0
[IMAGE_RESOURCE_DIRECTORY]
0x7BC0 0x0 Characteristics: 0x0
0x7BC4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7BC8 0x8 MajorVersion: 0x0
0x7BCA 0xA MinorVersion: 0x0
0x7BCC 0xC NumberOfNamedEntries: 0x0
0x7BCE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7BD0 0x0 Name: 0x409
0x7BD4 0x4 OffsetToData: 0x290
[IMAGE_RESOURCE_DATA_ENTRY]
0x7C90 0x0 OffsetToData: 0x65C78
0x7C94 0x4 Size: 0x68
0x7C98 0x8 CodePage: 0x0
0x7C9C 0xC Reserved: 0x0
Id: [0x18] (RT_MANIFEST)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7A28 0x0 Name: 0x18
0x7A2C 0x4 OffsetToData: 0x800000B8
[IMAGE_RESOURCE_DIRECTORY]
0x7AB8 0x0 Characteristics: 0x0
0x7ABC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7AC0 0x8 MajorVersion: 0x0
0x7AC2 0xA MinorVersion: 0x0
0x7AC4 0xC NumberOfNamedEntries: 0x0
0x7AC6 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7AC8 0x0 Name: 0x1
0x7ACC 0x4 OffsetToData: 0x800001D8
[IMAGE_RESOURCE_DIRECTORY]
0x7BD8 0x0 Characteristics: 0x0
0x7BDC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7BE0 0x8 MajorVersion: 0x0
0x7BE2 0xA MinorVersion: 0x0
0x7BE4 0xC NumberOfNamedEntries: 0x0
0x7BE6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7BE8 0x0 Name: 0x409
0x7BEC 0x4 OffsetToData: 0x2A0
[IMAGE_RESOURCE_DATA_ENTRY]
0x7CA0 0x0 OffsetToData: 0x65CE0
0x7CA4 0x4 Size: 0x220
0x7CA8 0x8 CodePage: 0x0
0x7CAC 0xC Reserved: 0x0
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий