f065c33c0754ff6983cfee8c7f2b4b9b
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2008-Nov-26 04:48:26 |
| Detected languages |
Chinese - Taiwan
|
| CompanyName | |
| FileDescription | |
| FileVersion | 1.0.1.0 |
| InternalName | |
| LegalCopyright | |
| LegalTrademarks | |
| OriginalFilename | |
| ProductName | |
| ProductVersion | 1.0.0.0 |
| Comments |
Plugin Output
| Info | Matching compiler(s): |
Borland C++ DLL
MASM/TASM - sig1(h) Borland C++ for Win32 1999 |
| Suspicious | The PE is possibly packed. | Section .text is both writable and executable. |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. | The binary may have been compiled on a machine in the UTC+8 timezone. |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x50 |
| e_cp | 0x2 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0xf |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0x1a |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x200 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 8 |
| TimeDateStamp | 2008-Nov-26 04:48:26 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 5.0 |
| SizeOfCode | 0x9a000 |
| SizeOfInitializedData | 0xb000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000013B4 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x9b000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xcc000 |
| SizeOfHeaders | 0x600 |
| Checksum | 0xbcea1 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x2000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.data
.tls
.rdata
.idata
.edata
.rsrc
.reloc
Imports
| ADVAPI32.DLL |
RegCloseKey
RegOpenKeyExA RegQueryValueExA |
|---|---|
| KERNEL32.DLL |
CloseHandle
CompareStringA CreateEventA CreateFileA CreateThread DeleteCriticalSection EnterCriticalSection EnumCalendarInfoA ExitProcess FindClose FindFirstFileA FindResourceA FormatMessageA FreeLibrary FreeResource GetACP GetCPInfo GetCommandLineA GetCurrentProcessId GetCurrentThreadId GetDateFormatA GetDiskFreeSpaceA GetEnvironmentStrings GetFileSize GetFileType GetLastError GetLocalTime GetLocaleInfoA GetModuleFileNameA GetModuleHandleA GetOEMCP GetPrivateProfileStringA GetProcAddress GetProcessHeap GetStartupInfoA GetStdHandle GetStringTypeExA GetStringTypeW GetSystemInfo GetThreadLocale GetTickCount GetVersion GetVersionExA GlobalAddAtomA GlobalAlloc GlobalDeleteAtom GlobalFindAtomA GlobalFree GlobalHandle GlobalLock GlobalReAlloc GlobalUnlock HeapAlloc HeapFree InitializeCriticalSection InterlockedDecrement InterlockedIncrement LeaveCriticalSection LoadLibraryA LoadLibraryExA LoadResource LocalAlloc LocalFree LockResource MulDiv MultiByteToWideChar RaiseException ReadFile ResetEvent RtlUnwind SetConsoleCtrlHandler SetEndOfFile SetErrorMode SetEvent SetFilePointer SetHandleCount SetLastError SetThreadLocale SizeofResource Sleep TlsAlloc TlsFree TlsGetValue TlsSetValue UnhandledExceptionFilter VirtualAlloc VirtualFree VirtualQuery WaitForSingleObject WideCharToMultiByte WriteFile WritePrivateProfileStringA lstrcpyA lstrcpynA lstrlenA |
| COMCTL32.DLL |
ImageList_Add
ImageList_BeginDrag ImageList_Create ImageList_Destroy ImageList_DragEnter ImageList_DragLeave ImageList_DragMove ImageList_DragShowNolock ImageList_Draw ImageList_DrawEx ImageList_EndDrag ImageList_GetBkColor ImageList_GetDragImage ImageList_GetIconSize ImageList_GetImageCount ImageList_Read ImageList_Remove ImageList_ReplaceIcon ImageList_SetBkColor ImageList_SetDragCursorImage ImageList_SetIconSize ImageList_Write |
| COMDLG32.DLL |
GetOpenFileNameA
|
| GDI32.DLL |
BitBlt
CopyEnhMetaFileA CreateBitmap CreateBrushIndirect CreateCompatibleBitmap CreateCompatibleDC CreateDIBSection CreateDIBitmap CreateFontIndirectA CreateHalftonePalette CreatePalette CreatePenIndirect CreateSolidBrush DeleteDC DeleteEnhMetaFile DeleteObject ExcludeClipRect GetBitmapBits GetBrushOrgEx GetClipBox GetCurrentPositionEx GetDCOrgEx GetDIBColorTable GetDIBits GetDeviceCaps GetEnhMetaFileBits GetEnhMetaFileHeader GetEnhMetaFilePaletteEntries GetObjectA GetPaletteEntries GetPixel GetStockObject GetSystemPaletteEntries GetTextExtentPoint32A GetTextMetricsA GetWinMetaFileBits GetWindowOrgEx IntersectClipRect LineTo MaskBlt MoveToEx PatBlt PlayEnhMetaFile RealizePalette RectVisible Rectangle RestoreDC SaveDC SelectObject SelectPalette SetBkColor SetBkMode SetBrushOrgEx SetDIBColorTable SetEnhMetaFileBits SetPixel SetROP2 SetStretchBltMode SetTextColor SetViewportOrgEx SetWinMetaFileBits SetWindowOrgEx StretchBlt UnrealizeObject |
| USER32.DLL |
ActivateKeyboardLayout
AdjustWindowRectEx BeginPaint CallNextHookEx CallWindowProcA CharLowerA CharLowerBuffA CharNextA CharUpperBuffA CheckMenuItem ClientToScreen CreateIcon CreateMenu CreatePopupMenu CreateWindowExA DefFrameProcA DefMDIChildProcA DefWindowProcA DeleteMenu DestroyCursor DestroyIcon DestroyMenu DestroyWindow DispatchMessageA DrawEdge DrawFrameControl DrawIcon DrawIconEx DrawMenuBar DrawTextA EnableMenuItem EnableScrollBar EnableWindow EndPaint EnumThreadWindows EnumWindows EqualRect FillRect FindWindowA FrameRect GetActiveWindow GetCapture GetClassInfoA GetClassNameA GetClientRect GetClipboardData GetCursor GetCursorPos GetDC GetDCEx GetDesktopWindow GetDlgItem GetFocus GetForegroundWindow GetIconInfo GetKeyNameTextA GetKeyState GetKeyboardLayout GetKeyboardLayoutList GetKeyboardState GetKeyboardType GetLastActivePopup GetMenu GetMenuItemCount GetMenuItemID GetMenuItemInfoA GetMenuState GetMenuStringA GetParent GetPropA GetScrollInfo GetScrollPos GetScrollRange GetSubMenu GetSystemMenu GetSystemMetrics GetTopWindow GetWindow GetWindowDC GetWindowLongA GetWindowPlacement GetWindowRect GetWindowTextA GetWindowThreadProcessId InflateRect InsertMenuA InsertMenuItemA IntersectRect InvalidateRect IsChild IsDialogMessageA IsIconic IsRectEmpty IsWindow IsWindowEnabled IsWindowVisible IsZoomed KillTimer LoadBitmapA LoadCursorA LoadIconA LoadKeyboardLayoutA LoadStringA MapVirtualKeyA MapWindowPoints MessageBoxA OemToCharA OffsetRect PeekMessageA PostMessageA PostQuitMessage PtInRect RedrawWindow RegisterClassA RegisterClipboardFormatA RegisterWindowMessageA ReleaseCapture ReleaseDC RemoveMenu RemovePropA ScreenToClient ScrollWindow SendMessageA SetActiveWindow SetCapture SetClassLongA SetCursor SetFocus SetForegroundWindow SetMenu SetMenuItemInfoA SetPropA SetRect SetScrollInfo SetScrollPos SetScrollRange SetTimer SetWindowLongA SetWindowPlacement SetWindowPos SetWindowTextA SetWindowsHookExA ShowCursor ShowOwnedPopups ShowScrollBar ShowWindow SystemParametersInfoA TrackPopupMenu TranslateMDISysAccel TranslateMessage UnhookWindowsHookEx UnregisterClassA UpdateWindow WaitMessage WinHelpA WindowFromPoint wsprintfA GetSysColor |
| OLE32.DLL |
CoCreateInstance
CoGetMalloc CoInitialize CoUninitialize |
| OLEAUT32.DLL |
GetErrorInfo
SafeArrayAccessData SafeArrayCreate SafeArrayGetElement SafeArrayGetLBound SafeArrayGetUBound SafeArrayPtrOfIndex SafeArrayPutElement SafeArrayRedim SafeArrayUnaccessData SysAllocStringLen SysFreeString SysReAllocStringLen SysStringLen VariantChangeType VariantClear VariantCopy VariantCopyInd VariantInit |
Delayed Imports
__GetExceptDLLinfo
| Ordinal | 1 |
|---|---|
| Address | 0x140d |
@@Main@Initialize
| Ordinal | 2 |
|---|---|
| Address | 0x3688 |
@@Main@Finalize
| Ordinal | 3 |
|---|---|
| Address | 0x3698 |
___CPPdebugHook
| Ordinal | 4 |
|---|---|
| Address | 0x9b098 |
_fmMain
| Ordinal | 5 |
|---|---|
| Address | 0xa12ac |
1
2
3
4
5
6
7
1 (#2)
2 (#2)
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
DVCLAL
TFMMAIN
32761
32762
32763
32764
32765
32766
32767
MAINICON
1 (#3)
String Table contents
| Menu '%s' is already being used by another form |
| Docked control must have a name |
| Error removing control from dock tree |
| - Dock zone not found |
| - Dock zone has no control |
| Enter |
| Space |
| PgUp |
| PgDn |
| End |
| Home |
| Left |
| Up |
| Right |
| Down |
| Ins |
| Del |
| Shift+ |
| Ctrl+ |
| Alt+ |
| Clipboard does not support Icons |
| Information |
| Confirm |
| &Yes |
| &No |
| OK |
| Cancel |
| &Help |
| &Abort |
| &Retry |
| &Ignore |
| &All |
| N&o to All |
| Yes to &All |
| BkSp |
| Tab |
| Esc |
| Cannot change Visible in OnShow or OnHide |
| Cannot make a visible window modal |
| Menu index out of range |
| Menu inserted twice |
| Sub-menu is not in menu |
| Not enough timers available |
| GroupIndex cannot be less than a previous menu item's GroupIndex |
| Cannot create form. No MDI forms are currently active |
| A control cannot have itself as its parent |
| Cannot drag a form |
| Metafiles |
| Enhanced Metafiles |
| Icons |
| Bitmaps |
| Warning |
| Error |
| Icon image is not valid |
| Metafile is not valid |
| Cannot change the size of an icon |
| Unsupported clipboard format |
| Out of system resources |
| Canvas does not allow drawing |
| Invalid image size |
| Invalid ImageList |
| Invalid ImageList Index |
| Failed to read ImageList data from stream |
| Failed to write ImageList data to stream |
| Error creating window device context |
| Error creating window class |
| Cannot focus a disabled or invisible window |
| Control '%s' has no parent window |
| Cannot hide an MDI Child Form |
| December |
| Sun |
| Mon |
| Tue |
| Wed |
| Thu |
| Fri |
| Sat |
| Sunday |
| Monday |
| Tuesday |
| Wednesday |
| Thursday |
| Friday |
| Saturday |
| Bitmap image is not valid |
| Aug |
| Sep |
| Oct |
| Nov |
| Dec |
| January |
| February |
| March |
| April |
| May |
| June |
| July |
| August |
| September |
| October |
| November |
| Assertion failed |
| Interface not supported |
| Exception in safecall method |
| %s (%s, line %d) |
| Abstract Error |
| Access violation at address %p in module '%s'. %s of address %p |
| System Error. Code: %d. |
| %s |
| A call to an OS function failed |
| Application is not licensed to use this feature |
| Jan |
| Feb |
| Mar |
| Apr |
| May |
| Jun |
| Jul |
| Invalid variant operation |
| Invalid variant operation ($%.8x) |
| Variant is not an array |
| Custom variant type (%.4x) is out of range |
| Custom variant type (%.4x) already used by %s |
| Custom variant type (%.4x) is not usable |
| Too many custom variant types have been registered |
| Invalid NULL variant operation |
| Could not convert variant of type (%s) into type (%s) |
| Overflow while converting variant of type (%s) into type (%s) |
| Variant overflow |
| Invalid argument |
| Invalid variant type |
| Operation not supported |
| Unexpected variant error |
| External exception %x |
| Stack overflow |
| Control-C hit |
| Privileged instruction |
| Operation aborted |
| Exception %s in module %s at %p. |
| %s%s |
| Application Error |
| Format '%s' invalid or incompatible with argument |
| No argument for format '%s' |
| Variant method calls not supported |
| Read |
| Write |
| Format string too long |
| Error creating variant array |
| Variant array index out of bounds |
| Variant array is locked |
| Invalid variant type conversion |
| Invalid filename |
| Too many open files |
| File access denied |
| Read beyond end of file |
| Disk full |
| Invalid numeric input |
| Division by zero |
| Range check error |
| Integer overflow |
| Invalid floating point operation |
| Floating point division by zero |
| Floating point overflow |
| Floating point underflow |
| Invalid pointer operation |
| Invalid class typecast |
| Access violation at address %p. %s of address %p |
| Stream write error |
| OLE error %.8x |
| Method '%s' not supported by automation object |
| Variant does not reference an automation object |
| Dispatch methods do not support more than 64 parameters |
| '%s' is not a valid integer value |
| '%s' is not a valid floating point value |
| '%s' is not a valid date |
| '%s' is not a valid time |
| '%s' is not a valid date and time |
| '%d.%d' is not a valid timestamp |
| Invalid argument to time encode |
| Invalid argument to date encode |
| Out of memory |
| I/O error %d |
| File not found |
| Invalid property element: %s |
| Invalid property path |
| Invalid property type: %s |
| Invalid property value |
| List capacity out of bounds (%d) |
| List count out of bounds (%d) |
| List index out of bounds (%d) |
| Out of memory while expanding memory stream |
| Error reading %s%s%s: %s |
| Stream read error |
| Property is read-only |
| Resource %s not found |
| %s.Seek not implemented |
| Operation not allowed on sorted list |
| %s not in a class registration group |
| Property %s does not exist |
| Ancestor for '%s' not found |
| Cannot assign a %s to a %s |
| Bits index out of range |
| Can't write to a read-only resource stream |
| CheckSynchronize called from thread $%x, which is NOT the main thread |
| Class %s not found |
| A class named %s already exists |
| List does not allow duplicates ($0%x) |
| A component named %s already exists |
| String list does not allow duplicates |
| Cannot create file %s |
| Cannot open file %s |
| Unable to write to %s |
| Invalid stream format |
| ''%s'' is not a valid component name |
| Invalid property value |
| Unable to load bind parameters |
| Field '%s' is of an unsupported type |
| SQL not supported: %s |
| Execute not supported: %s |
| Operation not allowed on a unidirectional dataset |
| Unassigned variant value |
| Record not found |
| BCD overflow |
| %s is not a valid BCD value |
| Invalid format type for BCD |
| Could not parse SQL TimeStamp string |
| Invalid SQL date/time values |
| Unable to find a Table of Contents |
| No help found for %s |
| No context-sensitive help installed |
| No topic-based help system installed |
| Field '%s' must have a value |
| Field '%s' has no dataset |
| Field '%s' cannot be a calculated or lookup field |
| Field '%s' cannot be modified |
| No index for fields '%s' |
| Index '%s' not found |
| Circular datalinks are not allowed |
| Lookup information for field '%s' is incomplete |
| DataSource cannot be changed |
| Cannot perform this operation on an open dataset |
| Dataset not in edit or insert mode |
| Cannot perform this operation on a closed dataset |
| Nested dataset must inherit from %s |
| False |
| True |
| Parameter '%s' not found |
| Invalid FieldKind |
| Field '%s' is of an unknown type |
| Field name missing |
| Duplicate field name '%s' |
| Field '%s' not found |
| Cannot access field '%s' as type %s |
| Invalid value for field '%s' |
| %g is not a valid value for field '%s'. The allowed range is %g to %g |
| %s is not a valid value for field '%s'. The allowed range is %s to %s |
| '%s' is not a valid integer value for field '%s' |
| '%s' is not a valid boolean value for field '%s' |
| '%s' is not a valid floating point value for field '%s' |
| Type mismatch for field '%s', expecting: %s actual: %s |
| Size mismatch for field '%s', expecting: %d actual: %d |
| Invalid variant type or size for field '%s' |
| Value of field '%s' is out of range |
| Name |
| Value |
| Invalid Enum Value |
| Missing Connection or ConnectionString |
| Filter property cannot be used for detail tables |
| Dataset does not support bookmarks, which are required for multi-record data controls |
| Missing %s property |
| CommandText does not return a result set |
| Error creating object. Please verify that the Microsoft Data Access Components 2.1 (or later) have been properly installed |
| Events are not supported with server side TableDirect cursors |
| Unsupported field type (%s) in field %s |
| A connection component is required for async ExecuteOptions |
| Cannot perform a requery after connection has changed |
| FilterOptions are not supported |
| Recordset is not open |
| Invalid field size |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.0.1.0 |
| ProductVersion | 1.0.1.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | Chinese - Taiwan |
| CompanyName | |
| FileDescription | |
| FileVersion (#2) | 1.0.1.0 |
| InternalName | |
| LegalCopyright | |
| LegalTrademarks | |
| OriginalFilename | |
| ProductName | |
| ProductVersion (#2) | 1.0.0.0 |
| Comments |
| Resource LangID | Chinese - Taiwan |
|---|
TLS Callbacks
| StartAddressOfRawData | 0x4a6000 |
|---|---|
| EndAddressOfRawData | 0x4a60b4 |
| AddressOfIndex | 0x4a1294 |
| AddressOfCallbacks | 0x4a7010 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks | (EMPTY) |