PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 2,86 MBSHA-256 Hash: 56871751C7A0D4572AB89AC447730258AFE15F747741E65A9677FB0798D159CB SHA-1 Hash: C5CA1D25F454501CF09A3CB5EB91768C8EC10E64 MD5 Hash: A4A503EA33686000763F1E254E6C64E2 Imphash: D5B65D33871BA08B4FDAA5D9C6A28787 MajorOSVersion: 5 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 250100 SizeOfHeaders: 400 SizeOfImage: 36A000 ImageBase: 400000 Architecture: x86 ImportTable: 2EA000 IAT: 2EACF0 Characteristics: 8D8F TimeDateStamp: 572CDC20 Date: 06/05/2016 18:02:08 File Type: EXE Number Of Sections: 9 ASLR: Disabled Section Names: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .rsrc Number Of Executable Sections: 2 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 24C800 | 1000 | 24C6D4 |
|
|
| .itext | 0x60000020 Code Executable Readable |
24CC00 | 2200 | 24E000 | 2194 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
24EE00 | 11000 | 251000 | 10F74 |
|
|
| .bss | 0xC0000000 Readable Writeable |
25FE00 | 0 | 262000 | 8722C |
|
|
| .idata | 0xC0000040 Initialized Data Readable Writeable |
25FE00 | 4800 | 2EA000 | 467A |
|
|
| .didata | 0xC0000040 Initialized Data Readable Writeable |
264600 | 400 | 2EF000 | 3A6 |
|
|
| .tls | 0xC0000000 Readable Writeable |
264A00 | 0 | 2F0000 | 4C |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
264A00 | 200 | 2F1000 | 18 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
264C00 | 77C00 | 2F2000 | 77C00 |
|
|
| Description |
| Language: English (United States) (ID=0x409) CodePage: Western European (Windows 1252) (0x4E4) Unusual Chars Found In Description File - (Polymorphic patterns or unicode characters) |
| Entry Point |
The section number (2) - (.itext) have the Entry Point Information -> EntryPoint (calculated) - 24ED00 Code -> 558BEC83C4F053B8984F6400E827B2DBFF8B1D741B66008B03C6405901E86E73EAFF8B03C64059008B03E8E99EE9FF8B03BA Assembler |PUSH EBP |MOV EBP, ESP |ADD ESP, -0X10 |PUSH EBX |MOV EAX, 0X644F98 |CALL 0XFFDBC238 |MOV EBX, DWORD PTR [0X661B74] |MOV EAX, DWORD PTR [EBX] |MOV BYTE PTR [EAX + 0X59], 1 |CALL 0XFFEA8390 |MOV EAX, DWORD PTR [EBX] |MOV BYTE PTR [EAX + 0X59], 0 |MOV EAX, DWORD PTR [EBX] |CALL 0XFFE9AF18 |MOV EAX, DWORD PTR [EBX] |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Borland Delphi 7 Detect It Easy (die) • PE: compiler: Embarcadero Delphi(2010)[-] • PE: linker: Turbo Linker(2.25*,Delphi)[-] • Entropy: 6.39037 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateToolhelp32Snapshot | Possible Call API By Name | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | ReadProcessMemory | Possible Call API By Name | Reads data from an area of memory in a specified process. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| SHELL32.DLL | ShellExecuteW | Performs a run operation on a specific file. |
| NtosKrnl.exe | ZwTerminateProcess | Possible Call API By Name | Terminates a process. |
| Windows REG |
| System\@ |
| Windows REG (UNICODE) |
| SOFTWARE\Microsoft\Windows NT\CurrentVersion SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%s Software\CodeGear\Locales Software\Borland\Locales Software\Borland\Delphi\Locales SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009 SOFTWARE\Microsoft\IdentityCRL\UserExtendedProperties SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Software\Citrix\GoToAssist\ConnectionInfo\LastGood\0000 SYSTEM\CurrentControlSet\Control\Keyboard Layouts\ System\CurrentControlSet\Control\Keyboard Layouts\%.8x SYSTEM\CurrentControlSet\Control\ProductOptions SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName SYSTEM\CurrentControlSet\Enum\IDE SYSTEM\CurrentControlSet\Enum\IDE\ SYSTEM\CurrentControlSet\Enum\SCSI SYSTEM\CurrentControlSet\Enum\SCSI\ SYSTEM\CurrentControlSet\Control\Class SYSTEM\CurrentControlSet\Services\Class \System\CurrentControlSet\Control\ComputerName |
| File Access |
| shell32.dll windowscodecs.dll DWMAPI.DLL uxtheme.dll user32.dll GDI32.DLL oleacc.dll winmm.dll kernel32.dll wsock32.dll ole32.dll comdlg32.dll oleaut32.dll comctl32.dll advapi32.dll version.dll msimg32.dll Glyph.Dat Dialog.Filter?HP Digital Imaging Thumbnail databases|*.db;*.dat Dialog.Filter!Index.dat|Index.dat Dialog.Filter!Index.dat HintAnalyze Index.DAT Analyze Index.DAT Picture.Dat CaptionIndex.DAT alLeftPicture.Dat .dat Temp WinDir AppData |
| File Access (UNICODE) |
| OS.Log INDEX.DAT kernel32.dll comctl32.dll PSAPI.dll netapi32.dll wtsapi32.dll NTDLL.DLL advapi32.dll explorer.exe SHELL32.DLL PSAPI.DLL SLWGA.DLL USER32.DLL KERNEL32.DLL olepro32.dll gdiplus.dll dspdf.dll ntdll.dll user32.dll imm32.dll RICHED20.DLL msimg32.dll uxtheme.dll ole32.dll oleaut32.dll Index.DAT WFA - Index.DAT IE5\index.dat index.dat Temp |
| Interest's Words |
| ToolBar Encrypt Decrypt PassWord <html <head <body <table <meta exec netsh attrib start pause hostname sdelete shutdown cacls netstat systeminfo ping expand replace setx |
| Interest's Words (UNICODE) |
| ToolBar Encrypt Encryption PassWord exec attrib start shutdown systeminfo ping expand replace |
| URLs (UNICODE) |
| http://www.w3.org/2001/XMLSchema http://www.mitec.cz http://www.delphiarea.com |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (WSACleanup) |
| Text | Unicode | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Unicode | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Encryption (Blowfish) |
| Text | Unicode | Encryption (Blowfish) |
| Text | Ascii | Encryption (Twofish) |
| Text | Unicode | Encryption (Twofish) |
| Text | Ascii | Encryption API (WinCrypt) |
| Text | Unicode | Encryption API (CryptAcquireContext) |
| Text | Unicode | Encryption API (CryptReleaseContext) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Unicode | Anti-Analysis VM (GlobalMemoryStatusEx) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Unicode | Anti-Analysis VM (GetVersion) |
| Text | Unicode | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingW) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Unicode | Stealth (ReadProcessMemory) |
| Text | Unicode | Stealth (NtUnmapViewOfSection) |
| Text | Unicode | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (OpenEventW) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Unicode | Keyboard Key (Alt+) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (UpArrow) |
| Text | Ascii | Process of gathering information about network resources (Enumeration) |
| Text | Unicode | Unauthorized movement of funds or data (Transfer) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Entry Point | Hex Pattern | Borland Delphi 4.0 |
| Entry Point | Hex Pattern | Borland Delphi v3.0 |
| Entry Point | Hex Pattern | Borland Delphi v6.0 - v7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Entry Point | Hex Pattern | TrueVision Targa Graphics format |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \UNICODEDATA\CASE\0 | 2F4444 | 723F | 267044 | 5108000041000001610000016100000000420000016200000162000000004300000163000001630000000044000001640000 | Q...A...a...a....B...b...b....C...c...c....D...d.. |
| \UNICODEDATA\CATEGORIES\0 | 2FB684 | 7EBD | 26E284 | 005B0200004100005A0000C00000D60000D80000DE0000000100000100020100020100040100040100060100060100080100 | .[...A..Z......................................... |
| \UNICODEDATA\COMBINING\0 | 303544 | 6A8 | 276144 | 0109340300380300D41C00D41C00E21C00E81C00D22000D32000D82000DA2000E52000E62000EA2000EB2000390A01390A01 | ..4..8............... .. .. .. .. .. .. .. .9..9.. |
| \UNICODEDATA\COMPOSITION\0 | 303BEC | AF7D | 2767EC | 591100008403000210200000010300B400000210200000010300DC02000210200000030300AF00000210200000040300E3FF | Y........ .......... .......... .......... ....... |
| \UNICODEDATA\DECOMPOSITION\0 | 30EB6C | D3CF | 28176C | B7150000A000000102200000A800000210200000080300AA00000108610000AF00000210200000040300B200000108320000 | ......... ....... ..........a....... ..........2.. |
| \UNICODEDATA\NUMBERS\0 | 31BF3C | 14C5 | 28EB3C | 7000000000010000000100000001000000020000000100000003000000010000000400000001000000050000000100000006 | p................................................. |
| \CURSOR\1\1033 | 31D404 | 134 | 290004 | 000000002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\2\1033 | 31D538 | 134 | 290138 | 000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\3\1033 | 31D66C | 134 | 29026C | 000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\4\1033 | 31D7A0 | 134 | 2903A0 | 0E000C002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\5\1033 | 31D8D4 | 134 | 2904D4 | 10000E002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\6\1033 | 31DA08 | 134 | 290608 | 000000002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\7\1033 | 31DB3C | 134 | 29073C | 020002002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\8\1031 | 31DC70 | 2EC | 290870 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\9\1031 | 31DF5C | 2EC | 290B5C | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\10\1031 | 31E248 | 2EC | 290E48 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\11\1031 | 31E534 | 2EC | 291134 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\12\1031 | 31E820 | 134 | 291420 | 0F000E002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\13\1033 | 31E954 | 134 | 291554 | 0F000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\14\0 | 31EA88 | 134 | 291688 | 0E0010002800000020000000400000000100010000000000000000000000000000000000020000000200000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\15\1033 | 31EBBC | 134 | 2917BC | 0F000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\16\0 | 31ECF0 | 134 | 2918F0 | 0F0010002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\17\0 | 31EE24 | 134 | 291A24 | 060010002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\18\1031 | 31EF58 | 134 | 291B58 | 100010002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\19\1031 | 31F08C | 2EC | 291C8C | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\20\1031 | 31F378 | 2EC | 291F78 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\21\1031 | 31F664 | 2EC | 292264 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\22\1031 | 31F950 | 2EC | 292550 | 1000100028000000200000004000000001000400000000008002000000000000000000000000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\23\1031 | 31FC3C | 2EC | 29283C | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\24\1031 | 31FF28 | 2EC | 292B28 | 1000100028000000200000004000000001000400000000008002000000000000000000001000000000000000000000000000 | ....(... ...@..................................... |
| \CURSOR\25\1033 | 320214 | 134 | 292E14 | 070001002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \BITMAP\BBABORT\1033 | 320348 | 1D0 | 292F48 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBALL\1033 | 320518 | 1E4 | 293118 | 28000000240000001300000001000400000000007C0100000000000000000000100000000000000000000000000080000080 | (...$...............|............................. |
| \BITMAP\BBCANCEL\1033 | 3206FC | 1D0 | 2932FC | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBCLOSE\1033 | 3208CC | 1D0 | 2934CC | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBHELP\1033 | 320A9C | 1D0 | 29369C | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBIGNORE\1033 | 320C6C | 1D0 | 29386C | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBNO\1033 | 320E3C | 1D0 | 293A3C | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBOK\1033 | 32100C | 1D0 | 293C0C | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBRETRY\1033 | 3211DC | 1D0 | 293DDC | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBYES\1033 | 3213AC | 1D0 | 293FAC | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\CDROM\1033 | 32157C | C0 | 29417C | 28000000100000000B0000000100040000000000580000000000000000000000100000001000000000000000000080000080 | (...................X............................. |
| \BITMAP\CLOSEDFOLDER\1033 | 32163C | E0 | 29423C | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\CURRENTFOLDER\1033 | 32171C | E0 | 29431C | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\EXECUTABLE\1033 | 3217FC | E0 | 2943FC | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\FLOPPY\1033 | 3218DC | C0 | 2944DC | 28000000100000000B0000000100040000000000580000000000000000000000100000001000000000000000000080000080 | (...................X............................. |
| \BITMAP\HARD\1033 | 32199C | C0 | 29459C | 28000000100000000B0000000100040000000000580000000000000000000000100000001000000000000000000080000080 | (...................X............................. |
| \BITMAP\KNOWNFILE\1033 | 321A5C | E0 | 29465C | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\NETWORK\1033 | 321B3C | C0 | 29473C | 28000000100000000B0000000100040000000000580000000000000000000000100000001000000000000000000080000080 | (...................X............................. |
| \BITMAP\OPENFOLDER\1033 | 321BFC | E0 | 2947FC | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\PREVIEWGLYPH\1033 | 321CDC | E8 | 2948DC | 2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\RAM\1033 | 321DC4 | C0 | 2949C4 | 28000000100000000B0000000100040000000000580000000000000000000000100000001000000000000000000080000080 | (...................X............................. |
| \BITMAP\UNKNOWNFILE\1033 | 321E84 | E0 | 294A84 | 28000000100000000F0000000100040000000000780000000000000000000000100000001000000000000000000080000080 | (...................x............................. |
| \BITMAP\VT_CHECK_DARK\0 | 321F64 | CE8 | 294B64 | 2800000090010000100000000100040000000000800C00000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_CHECK_LIGHT\0 | 322C4C | CE8 | 29584C | 2800000090010000100000000100040000000000800C00000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_FLAT\0 | 323934 | CE8 | 296534 | 2800000090010000100000000100040000000000800C00000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_MOVEALL\0 | 32461C | 268 | 29721C | 28000000200000002000000001000400000000000002000000000000000000000000000000000000FFFFFF0000FFFF00FF00 | (... ... ......................................... |
| \BITMAP\VT_MOVEEW\0 | 324884 | 268 | 297484 | 28000000200000002000000001000400000000000002000000000000000000000000000000000000FFFFFF0000FFFF00FF00 | (... ... ......................................... |
| \BITMAP\VT_MOVENS\0 | 324AEC | 268 | 2976EC | 28000000200000002000000001000400000000000002000000000000000000000000000000000000FFFFFF0000FFFF00FF00 | (... ... ......................................... |
| \BITMAP\VT_TICK_DARK\0 | 324D54 | CE8 | 297954 | 2800000090010000100000000100040000000000800C00000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_TICK_LIGHT\0 | 325A3C | CE8 | 29863C | 2800000090010000100000000100040000000000800C00000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_UTILITIES\0 | 326724 | D28 | 299324 | 2800000090000000100000000100080000000000000900000000000000000000000000000000000000000000FFFFFF00FF00 | (................................................. |
| \BITMAP\VT_XP\0 | 32744C | 4B2A | 29A04C | 280000009001000010000000010018000000000000000000120B0000120B00000000000000000000FF00FFFF00FFFF00FFFF | (................................................. |
| \BITMAP\VT_XPBUTTONMINUS\0 | 32BF78 | 126 | 29EB78 | 280000000900000009000000010018000000000000000000120B0000120B00000000000000000000D3C2B0B59878B59878B5 | (............................................x..x. |
| \BITMAP\VT_XPBUTTONPLUS\0 | 32C0A0 | 126 | 29ECA0 | 280000000900000009000000010018000000000000000000120B0000120B00000000000000000000D3C2B0B59878B59878B5 | (............................................x..x. |
| \ICON\1\1029 | 32C1C8 | 10A8 | 29EDC8 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \DIALOG\DLGTEMPLATE\0 | 32D270 | 52 | 29FE70 | 44040054000000000100000000003C014C0000000000000008004D0053002000530061006E00730020005300650072006900660000000000000002400000000000000000CC004C005F04FFFF820000000000 | D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@..........L._......... |
| \DIALOG\TEXTFILEDLG\0 | 32D2C4 | 52 | 29FEC4 | 44040054000000000100000000003C014C0000000000000008004D0053002000530061006E007300200053006500720069006600000000000000024000000000000000003C0137005F04FFFF820000000000 | D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@........<.7._......... |
| \STRING\4060\0 | 32D318 | 3A0 | 29FF18 | 24004600690065006C0064002000270025007300270020006900730020006F006600200061006E00200075006E0073007500 | $.F.i.e.l.d. .'.%.s.'. .i.s. .o.f. .a.n. .u.n.s.u. |
| \STRING\4061\0 | 32D6B8 | 358 | 2A02B8 | 23004E00650073007400650064002000640061007400610073006500740020006D00750073007400200069006E0068006500 | .N.e.s.t.e.d. .d.a.t.a.s.e.t. .m.u.s.t. .i.n.h.e. |
| \STRING\4062\0 | 32DA10 | 460 | 2A0610 | 1C004600690065006C0064002000270025007300270020006D00750073007400200068006100760065002000610020007600 | ..F.i.e.l.d. .'.%.s.'. .m.u.s.t. .h.a.v.e. .a. .v. |
| \STRING\4063\0 | 32DE70 | 534 | 2A0A70 | 110049006E00760061006C006900640020004600690065006C0064004B0069006E00640020004600690065006C0064002000 | ..I.n.v.a.l.i.d. .F.i.e.l.d.K.i.n.d. .F.i.e.l.d. . |
| \STRING\4064\0 | 32E3A4 | 534 | 2A0FA4 | 2600430061006E006E006F00740020006300680061006E006700650020007400680065002000730069007A00650020006F00 | &.C.a.n.n.o.t. .c.h.a.n.g.e. .t.h.e. .s.i.z.e. .o. |
| \STRING\4065\0 | 32E8D8 | 228 | 2A14D8 | 0E00530065006C0065006300740069006F006E00200074006500780074000B0042007500740074006F006E00200066006100 | ..S.e.l.e.c.t.i.o.n. .t.e.x.t...B.u.t.t.o.n. .f.a. |
| \STRING\4066\0 | 32EB00 | 238 | 2A1700 | 0900500061006C006500200042006C007500650008004C006100760065006E0064006500720009005300630072006F006C00 | ..P.a.l.e. .B.l.u.e...L.a.v.e.n.d.e.r...S.c.r.o.l. |
| \STRING\4067\0 | 32ED38 | 128 | 2A1938 | 0C004C00690067006800740020004F00720061006E00670065000900530065006100200047007200650065006E000A004C00 | ..L.i.g.h.t. .O.r.a.n.g.e...S.e.a. .G.r.e.e.n...L. |
| \STRING\4068\0 | 32EE60 | 130 | 2A1A60 | 0B004D006F006E0065007900200067007200650065006E00080053006B007900200062006C00750065000500430072006500 | ..M.o.n.e.y. .g.r.e.e.n...S.k.y. .b.l.u.e...C.r.e. |
| \STRING\4069\0 | 32EF90 | D4 | 2A1B90 | 050042006C00610063006B0006004D00610072006F006F006E00050047007200650065006E000B004F006C00690076006500 | ..B.l.a.c.k...M.a.r.o.o.n...G.r.e.e.n...O.l.i.v.e. |
| \STRING\4070\0 | 32F064 | 568 | 2A1C64 | 43003300720064002D006C006500760065006C002000630061006300680065003A002000320020004D004200790074006500 | C.3.r.d.-.l.e.v.e.l. .c.a.c.h.e.:. .2. .M.B.y.t.e. |
| \STRING\4071\0 | 32F5CC | 870 | 2A21CC | 530049006E0073007400720075006300740069006F006E00200054004C0042003A002000320020004D004200790074006500 | S.I.n.s.t.r.u.c.t.i.o.n. .T.L.B.:. .2. .M.B.y.t.e. |
| \STRING\4072\0 | 32FE3C | 914 | 2A2A3C | 3A0049006E0073007400720075006300740069006F006E00200054004C0042003A00200032004D002F0034004D0020007000 | :.I.n.s.t.r.u.c.t.i.o.n. .T.L.B.:. .2.M./.4.M. .p. |
| \STRING\4073\0 | 330750 | 750 | 2A3350 | 470049006E0073007400720075006300740069006F006E00200054004C0042003A00200032002D004D004200790074006500 | G.I.n.s.t.r.u.c.t.i.o.n. .T.L.B.:. .2.-.M.B.y.t.e. |
| \STRING\4074\0 | 330EA0 | 844 | 2A3AA0 | 450032006E0064002D006C006500760065006C002000630061006300680065003A00200035003100320020004B0042007900 | E.2.n.d.-.l.e.v.e.l. .c.a.c.h.e.:. .5.1.2. .K.B.y. |
| \STRING\4075\0 | 3316E4 | A58 | 2A42E4 | 450032006E00640020006C006500760065006C002000630061006300680065003A00200032003500360020004B0042007900 | E.2.n.d. .l.e.v.e.l. .c.a.c.h.e.:. .2.5.6. .K.B.y. |
| \STRING\4076\0 | 33213C | 794 | 2A4D3C | 16004600610069006C0065006400200074006F00200063007200650061007400650020006500760065006E00740014004600 | ..F.a.i.l.e.d. .t.o. .c.r.e.a.t.e. .e.v.e.n.t...F. |
| \STRING\4077\0 | 3328D0 | 4E0 | 2A54D0 | 37004400690073007000610074006300680020006D006500740068006F0064007300200064006F0020006E006F0074002000 | 7.D.i.s.p.a.t.c.h. .m.e.t.h.o.d.s. .d.o. .n.o.t. . |
| \STRING\4078\0 | 332DB0 | 2B0 | 2A59B0 | 050041005300430049004900070055006E00690063006F00640065001200420069006700200045006E006400690061006E00 | ..A.S.C.I.I...U.n.i.c.o.d.e...B.i.g. .E.n.d.i.a.n. |
| \STRING\4079\0 | 333060 | 3C4 | 2A5C60 | 2B004F007000650072006100740069006F006E0020006E006F007400200073007500700070006F0072007400650064002000 | +.O.p.e.r.a.t.i.o.n. .n.o.t. .s.u.p.p.o.r.t.e.d. . |
| \STRING\4080\0 | 333424 | 1B4 | 2A6024 | 020055007000050052006900670068007400040044006F0077006E00030049006E0073000300440065006C00060053006800 | ..U.p...R.i.g.h.t...D.o.w.n...I.n.s...D.e.l...S.h. |
| \STRING\4081\0 | 3335D8 | C8 | 2A61D8 | 060026005200650074007200790007002600490067006E006F00720065000400260041006C006C000A004E0026006F002000 | ..&.R.e.t.r.y...&.I.g.n.o.r.e...&.A.l.l...N.&.o. . |
| \STRING\4082\0 | 3336A0 | 118 | 2A62A0 | 1200430061006E006E006F0074002000640072006100670020006100200066006F0072006D0009004D006500740061006600 | ..C.a.n.n.o.t. .d.r.a.g. .a. .f.o.r.m...M.e.t.a.f. |
| \STRING\4083\0 | 3337B8 | 268 | 2A63B8 | 1D005000720069006E007400650072002000730065006C006500630074006500640020006900730020006E006F0074002000 | ..P.r.i.n.t.e.r. .s.e.l.e.c.t.e.d. .i.s. .n.o.t. . |
| \STRING\4084\0 | 333A20 | 3D4 | 2A6620 | 24004500720072006F00720020006300720065006100740069006E0067002000770069006E0064006F007700200064006500 | $.E.r.r.o.r. .c.r.e.a.t.i.n.g. .w.i.n.d.o.w. .d.e. |
| \STRING\4085\0 | 333DF4 | 394 | 2A69F4 | 140049006E00760061006C0069006400200070006900780065006C00200066006F0072006D00610074000D0049006E007600 | ..I.n.v.a.l.i.d. .p.i.x.e.l. .f.o.r.m.a.t...I.n.v. |
| \STRING\4086\0 | 334188 | 3B0 | 2A6D88 | 1A0027002700250073002700270020006900730020006E006F007400200061002000760061006C0069006400200064006100 | ..'.'.%.s.'.'. .i.s. .n.o.t. .a. .v.a.l.i.d. .d.a. |
| \STRING\4087\0 | 334538 | 408 | 2A7138 | 1700250073002E005300650065006B0020006E006F007400200069006D0070006C0065006D0065006E007400650064002400 | ..%.s...S.e.e.k. .n.o.t. .i.m.p.l.e.m.e.n.t.e.d.$. |
| \STRING\4088\0 | 334940 | 378 | 2A7540 | 150049006E00760061006C00690064002000700072006F007000650072007400790020007000610074006800190049006E00 | ..I.n.v.a.l.i.d. .p.r.o.p.e.r.t.y. .p.a.t.h...I.n. |
| \STRING\4089\0 | 334CB8 | 408 | 2A78B8 | 2A00430061006E0027007400200077007200690074006500200074006F0020006100200072006500610064002D006F006E00 | *.C.a.n.'.t. .w.r.i.t.e. .t.o. .a. .r.e.a.d.-.o.n. |
| \STRING\4090\0 | 3350C0 | 26C | 2A7CC0 | 06004D006F006E006400610079000700540075006500730064006100790009005700650064006E0065007300640061007900 | ..M.o.n.d.a.y...T.u.e.s.d.a.y...W.e.d.n.e.s.d.a.y. |
| \STRING\4091\0 | 33532C | B8 | 2A7F2C | 03004D006100790004004A0075006E00650004004A0075006C00790006004100750067007500730074000900530065007000 | ..M.a.y...J.u.n.e...J.u.l.y...A.u.g.u.s.t...S.e.p. |
| \STRING\4092\0 | 3353E4 | 9C | 2A7FE4 | 03004A0061006E00030046006500620003004D0061007200030041007000720003004D006100790003004A0075006E000300 | ..J.a.n...F.e.b...M.a.r...A.p.r...M.a.y...J.u.n... |
| \STRING\4093\0 | 335480 | 380 | 2A8080 | 100049006E00760061006C0069006400200061007200670075006D0065006E007400140049006E00760061006C0069006400 | ..I.n.v.a.l.i.d. .a.r.g.u.m.e.n.t...I.n.v.a.l.i.d. |
| \STRING\4094\0 | 335800 | 498 | 2A8400 | 050057007200690074006500160046006F0072006D0061007400200073007400720069006E006700200074006F006F002000 | ..W.r.i.t.e...F.o.r.m.a.t. .s.t.r.i.n.g. .t.o.o. . |
| \STRING\4095\0 | 335C98 | 338 | 2A8898 | 170046006C006F006100740069006E006700200070006F0069006E00740020006F0076006500720066006C006F0077001800 | ..F.l.o.a.t.i.n.g. .p.o.i.n.t. .o.v.e.r.f.l.o.w... |
| \STRING\4096\0 | 335FD0 | 2F0 | 2A8BD0 | 2800270025007300270020006900730020006E006F007400200061002000760061006C0069006400200066006C006F006100 | (.'.%.s.'. .i.s. .n.o.t. .a. .v.a.l.i.d. .f.l.o.a. |
| \RCDATA\CHARTABLE\1033 | 3362C0 | 82E8 | 2A8EC0 | 1800000018220000B82C0000C8420000C8640000E86800000000100020003000400050006000700080009000A000B000C000 | ....."...,...B...d...h...... .0.@.P..p........... |
| \RCDATA\DVCLAL\0 | 33E5A8 | 10 | 2B11A8 | 263D4F38C28237B8F3244203179B3A83 | &=O8..7..$B...:. |
| \RCDATA\PACKAGEINFO\0 | 33E5B8 | 9E8 | 2B11B8 | 000010CC00000000D5000000013F5746410010B64442436F6D6D6F6E5479706573000081537973496E69740000C753797374 | .............?WFA...DBCommonTypes...SysInit...Syst |
| \RCDATA\TDLGABOUT\0 | 33EFA0 | 4A3B | 2B1BA0 | 545046300954646C6741626F757408646C6741626F7574044C656674034C0103546F70032D010B426F726465725374796C65 | TPF0.TdlgAbout.dlgAbout.Left.L..Top.-..BorderStyle |
| \RCDATA\TDLGMSGBOX\0 | 3439DC | 6F88 | 2B65DC | 545046300A54646C674D7367426F7809646C674D7367426F78044C65667403270103546F7003BE010743617074696F6E0607 | TPF0.TdlgMsgBox.dlgMsgBox.Left.'..Top....Caption.. |
| \RCDATA\TDLG_WFA_DETAILS\0 | 34A964 | 805 | 2BD564 | 545046301054646C675F7766615F44657461696C730F646C675F7766615F44657461696C73044C656674020003546F700200 | TPF0.Tdlg_wfa_Details.dlg_wfa_Details.Left...Top.. |
| \RCDATA\TDLG_WFA_OS\0 | 34B16C | 1505 | 2BDD6C | 545046300B54646C675F7766615F4F530A646C675F7766615F4F53044C656674020003546F7002000743617074696F6E0619 | TPF0.Tdlg_wfa_OS.dlg_wfa_OS.Left...Top...Caption.. |
| \RCDATA\TMDI_WFA_ACDS\0 | 34C674 | 1DF1 | 2BF274 | 545046300D546D64695F7766615F414344530C6D64695F7766615F41434453044C65667403120103546F7003EC0107436170 | TPF0.Tmdi_wfa_ACDS.mdi_wfa_ACDS.Left....Top....Cap |
| \RCDATA\TMDI_WFA_FASTSTONE\0 | 34E468 | 1DFE | 2C1068 | 5450463012546D64695F7766615F4661737453746F6E65116D64695F7766615F4661737453746F6E65044C65667403120103 | TPF0.Tmdi_wfa_FastStone.mdi_wfa_FastStone.Left.... |
| \RCDATA\TMDI_WFA_HPDI\0 | 350268 | 1DF9 | 2C2E68 | 545046300D546D64695F7766615F485044490C6D64695F7766615F48504449044C65667403120103546F7003EC0107436170 | TPF0.Tmdi_wfa_HPDI.mdi_wfa_HPDI.Left....Top....Cap |
| \RCDATA\TMDI_WFA_IDA\0 | 352064 | 1D02 | 2C4C64 | 545046300C546D64695F7766615F4944410B6D64695F7766615F494441044C65667403030103546F70034B01074361707469 | TPF0.Tmdi_wfa_IDA.mdi_wfa_IDA.Left....Top.K..Capti |
| \RCDATA\TMDI_WFA_LA\0 | 353D68 | 152B | 2C6968 | 545046300B546D64695F7766615F4C410A6D64695F7766615F4C41044C65667403030103546F70034B010743617074696F6E | TPF0.Tmdi_wfa_LA.mdi_wfa_LA.Left....Top.K..Caption |
| \RCDATA\TMDI_WFA_PA\0 | 355294 | 1442 | 2C7E94 | 545046300B546D64695F7766615F50410A6D64695F7766615F5041044C65667403030103546F70034B010743617074696F6E | TPF0.Tmdi_wfa_PA.mdi_wfa_PA.Left....Top.K..Caption |
| \RCDATA\TMDI_WFA_PICASA\0 | 3566D8 | 1D55 | 2C92D8 | 545046300F546D64695F7766615F5069636173610E6D64695F7766615F506963617361044C65667403120103546F7003EC01 | TPF0.Tmdi_wfa_Picasa.mdi_wfa_Picasa.Left....Top... |
| \RCDATA\TMDI_WFA_RBA\0 | 358430 | 1B96 | 2CB030 | 545046300C546D64695F7766615F5242410B6D64695F7766615F524241044C65667403030103546F70034B01074361707469 | TPF0.Tmdi_wfa_RBA.mdi_wfa_RBA.Left....Top.K..Capti |
| \RCDATA\TMDI_WFA_TA\0 | 359FC8 | 15B0 | 2CCBC8 | 545046300B546D64695F7766615F54410A6D64695F7766615F5441044C65667403120103546F7003EC010743617074696F6E | TPF0.Tmdi_wfa_TA.mdi_wfa_TA.Left....Top....Caption |
| \RCDATA\TWND_WFA_MAIN\0 | 35B578 | B7DF | 2CE178 | 545046300D54776E645F7766615F4D61696E0C776E645F7766615F4D61696E044C656674030B0103546F7003EA0007436170 | TPF0.Twnd_wfa_Main.wnd_wfa_Main.Left....Top....Cap |
| \RCDATA\TWND_WFA_PP\0 | 366D58 | 2244 | 2D9958 | 545046300B54776E645F7766615F50500A776E645F7766615F5050044C656674031A0103546F7003C4000743617074696F6E | TPF0.Twnd_wfa_PP.wnd_wfa_PP.Left....Top....Caption |
| \GROUP_CURSOR\CAT_DRAG_COPY\1033 | 368F9C | 14 | 2DBB9C | 0000020001002000400001000100340100000100 | ...... .@.....4..... |
| \GROUP_CURSOR\CURSOR_GRAB\1033 | 368FB0 | 14 | 2DBBB0 | 0000020001002810200040000000340100000D00 | ......(. .@...4..... |
| \GROUP_CURSOR\CURSOR_HAND\1033 | 368FC4 | 14 | 2DBBC4 | 0000020001002810200040000000340100000F00 | ......(. .@...4..... |
| \GROUP_CURSOR\JVDRAGCURSOR\0 | 368FD8 | 14 | 2DBBD8 | 0000020001002000400001000100340100001000 | ...... .@.....4..... |
| \GROUP_CURSOR\JVHANDCURSOR\0 | 368FEC | 14 | 2DBBEC | 0000020001002000400001000100340100001100 | ...... .@.....4..... |
| \GROUP_CURSOR\VT_HEADERSPLIT\0 | 369000 | 14 | 2DBC00 | 0000020001002810000040000000340100000C00 | ......(...@...4..... |
| \GROUP_CURSOR\VT_MOVEALL\0 | 369014 | 14 | 2DBC14 | 0000020001002810000040000000340100001200 | ......(...@...4..... |
| \GROUP_CURSOR\VT_MOVEE\0 | 369028 | 14 | 2DBC28 | 0000020001002810000040000000EC0200001300 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVEEW\0 | 36903C | 14 | 2DBC3C | 0000020001002810000040000000EC0200000A00 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVEN\0 | 369050 | 14 | 2DBC50 | 0000020001002810000040000000EC0200001400 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVENE\0 | 369064 | 14 | 2DBC64 | 0000020001002810000040000000EC0200001500 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVENS\0 | 369078 | 14 | 2DBC78 | 0000020001002810000040000000EC0200000B00 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVENW\0 | 36908C | 14 | 2DBC8C | 0000020001002810000040000000EC0200000800 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVES\0 | 3690A0 | 14 | 2DBCA0 | 0000020001002810000040000000EC0200000900 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVESE\0 | 3690B4 | 14 | 2DBCB4 | 0000020001002810FFFF40000000EC0200001600 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVESW\0 | 3690C8 | 14 | 2DBCC8 | 000002000100281000FF40000000EC0200001700 | ......(...@......... |
| \GROUP_CURSOR\VT_MOVEW\0 | 3690DC | 14 | 2DBCDC | 0000020001002810000040000000EC0200001800 | ......(...@......... |
| \GROUP_CURSOR\VT_VERTSPLIT\0 | 3690F0 | 14 | 2DBCF0 | 0000020001002000200001000100340100000E00 | ...... . .....4..... |
| \GROUP_CURSOR\32761\1033 | 369104 | 14 | 2DBD04 | 0000020001002000400001000100340100001900 | ...... .@.....4..... |
| \GROUP_CURSOR\32762\1033 | 369118 | 14 | 2DBD18 | 0000020001002000400001000100340100000200 | ...... .@.....4..... |
| \GROUP_CURSOR\32763\1033 | 36912C | 14 | 2DBD2C | 0000020001002000400001000100340100000300 | ...... .@.....4..... |
| \GROUP_CURSOR\32764\1033 | 369140 | 14 | 2DBD40 | 0000020001002000400001000100340100000400 | ...... .@.....4..... |
| \GROUP_CURSOR\32765\1033 | 369154 | 14 | 2DBD54 | 0000020001002000400001000100340100000500 | ...... .@.....4..... |
| \GROUP_CURSOR\32766\1033 | 369168 | 14 | 2DBD68 | 0000020001002000400001000100340100000600 | ...... .@.....4..... |
| \GROUP_CURSOR\32767\1033 | 36917C | 14 | 2DBD7C | 0000020001002000400001000100340100000700 | ...... .@.....4..... |
| \GROUP_ICON\MAINICON\1029 | 369190 | 14 | 2DBD90 | 0000010001002020000001002000A81000000100 | ...... .... ....... |
| \VERSION\1\1029 | 3691A4 | 374 | 2DBDA4 | 740334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000600 | t.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1029 | 369518 | 352 | 2DC118 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| \24\1\1033 | 36986C | 2F0 | 2DC46C | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • winspool.drv • shell32.dll • user32.dll • INDEX.DAT • .LNK • advapi32.dll • C:\DevTools\Comps\VT\Source\VirtualTrees.pas • http://www.mitec.cz • kernel32.dll • OS.CSD • NTDLL.DLL • wtsapi32.dll • netapi32.dll • ole32.dll • comctl32.dll • msimg32.dll • USER32.DLL • uxtheme.dll • oleaut32.dll • .bss • .tls • TaskDialogIndirect • .wmf • RICHED20.DLL • imm32.dll • PSAPI.dll • ntdll.dll • http://www.w3.org/2001/XMLSchema • explorer.exe • index.dat • Content.IE5\index.dat • ccRightToLeftccRightToLeftArabicccRightToLeftEmbeddingccRightToLeftOverrideccPopDirectionalFormatccEuropeanNumberccEuropeanNumberSeparatorccEuropeanNumberTerminatorccArabicNumberccCommonNumberSeparatorccBoundaryNeutralccSegmentSeparatorccWhiteSpaceccOtherNeutrals • M:\Win32\Common\MiTeC_GraphUtils.pas • %s - http://www.delphiarea.com • dspdf.dll • gdiplus.dll • .lnk • olepro32.dll • .txt • *.lnk • :\cGetComments • DaDTTinyDBLoginForm90cCreateNew • MnTinyDB • Database Login • .dat • KERNEL32.DLL • SLWGA.DLL • PSAPI.DLL • SHELL32.DLL • RegCloseKeyuser32.dll • CharNextWkernel32.dll • CloseHandlekernel32.dll • gdi32.dll • version.dll • CloseHandleadvapi32.dll • SysFreeStringole32.dll • Sleepole32.dll • VariantInitshell32.dll • comdlg32.dll • wsock32.dll • inet_ntoakernel32.dll • timeGetTimeoleacc.dll • windowscodecs.dll • HintAnalyze Index.DAT • 2.6.4.0 • 2.0.0.0 |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 8FF | 43004017 | .text | CALL [static] | Indirect call to absolute memory address |
| 1B34 | 6EADD4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B3C | 6EADD0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B44 | 6EADCC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B4C | 6EADC8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B54 | 6EADC4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B5C | 6EADC0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B64 | 6EADBC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B6C | 6EADB8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B74 | 6EADB4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B7C | 6EADB0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B84 | 6EAD18 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B8C | 6EADAC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B94 | 6EADAC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1B9C | 6EADA8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BA4 | 6EADA4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BAC | 6EADA0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BB4 | 6EAD14 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BBC | 6EAD9C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BC4 | 6EAD98 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BCC | 6EAD94 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BD4 | 6EAD90 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BDC | 6EAD8C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BE4 | 6EAD88 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BEC | 6EAD84 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BF4 | 6EAD80 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1BFC | 6EAD7C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C04 | 6EAD78 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C0C | 6EAD74 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C14 | 6EAD70 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C1C | 6EAD6C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C24 | 6EAD68 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C2C | 6EAD10 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C34 | 6EAD64 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C3C | 6EAD60 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C44 | 6EAD5C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C4C | 6EAD08 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C54 | 6EAD04 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C5C | 6EAD00 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C64 | 6EAD58 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C6C | 6EAD54 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C74 | 6EACF8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C7C | 6EACF4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C84 | 6EACF0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C8C | 6EAD50 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C94 | 6EAD4C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1C9C | 6EAD48 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1CA4 | 6EAD44 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1CAC | 6EAD40 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1CE0 | 6EAD3C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1CE8 | 6EAD38 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1CF0 | 6EAD34 | .text | JMP [static] | Indirect jump to absolute memory address |
| 38E4 | 65176C | .text | CALL [static] | Indirect call to absolute memory address |
| 38FC | 651760 | .text | CALL [static] | Indirect call to absolute memory address |
| 3918 | 651764 | .text | CALL [static] | Indirect call to absolute memory address |
| 3939 | 651768 | .text | CALL [static] | Indirect call to absolute memory address |
| 3952 | 651764 | .text | CALL [static] | Indirect call to absolute memory address |
| 396B | 651760 | .text | CALL [static] | Indirect call to absolute memory address |
| 39DF | 662020 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A1E | 662008 | .text | CALL [static] | Indirect call to absolute memory address |
| 3E65 | 662034 | .text | CALL [static] | Indirect call to absolute memory address |
| 4CE0 | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4CFE | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D16 | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D88 | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4DA8 | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4DC5 | 662014 | .text | CALL [static] | Indirect call to absolute memory address |
| 4EA2 | 662018 | .text | CALL [static] | Indirect call to absolute memory address |
| 4FA7 | 662010 | .text | CALL [static] | Indirect call to absolute memory address |
| 502A | 662018 | .text | CALL [static] | Indirect call to absolute memory address |
| 51D0 | 662018 | .text | CALL [static] | Indirect call to absolute memory address |
| 528E | 662014 | .text | JMP [static] | Indirect jump to absolute memory address |
| 5414 | 662018 | .text | CALL [static] | Indirect call to absolute memory address |
| 57C7 | 662348 | .text | CALL [static] | Indirect call to absolute memory address |
| 5916 | 662030 | .text | CALL [static] | Indirect call to absolute memory address |
| 596F | 66202C | .text | CALL [static] | Indirect call to absolute memory address |
| 59CE | 651034 | .text | CALL [static] | Indirect call to absolute memory address |
| 5A1E | 651038 | .text | CALL [static] | Indirect call to absolute memory address |
| 7851 | 651010 | .text | CALL [static] | Indirect call to absolute memory address |
| 79B5 | 651014 | .text | CALL [static] | Indirect call to absolute memory address |
| 7A91 | 651018 | .text | CALL [static] | Indirect call to absolute memory address |
| 8AA7 | FF | .text | JMP [static] | Indirect jump to absolute memory address |
| 8F0F | 664B4C | .text | CALL [static] | Indirect call to absolute memory address |
| 8F2C | 664B4C | .text | CALL [static] | Indirect call to absolute memory address |
| 8F4D | 664B54 | .text | CALL [static] | Indirect call to absolute memory address |
| 8FAF | 664B50 | .text | CALL [static] | Indirect call to absolute memory address |
| 900C | 664B50 | .text | CALL [static] | Indirect call to absolute memory address |
| 903F | 664B50 | .text | CALL [static] | Indirect call to absolute memory address |
| A17C | 6EAD30 | .text | JMP [static] | Indirect jump to absolute memory address |
| A1D4 | 6EAD2C | .text | JMP [static] | Indirect jump to absolute memory address |
| A1DC | 6EAD28 | .text | JMP [static] | Indirect jump to absolute memory address |
| A1E4 | 6EAD24 | .text | JMP [static] | Indirect jump to absolute memory address |
| A1EC | 6EAD20 | .text | JMP [static] | Indirect jump to absolute memory address |
| A21C | 651044 | .text | JMP [static] | Indirect jump to absolute memory address |
| A390 | 6519F0 | .text | CALL [static] | Indirect call to absolute memory address |
| A3B8 | 6519F0 | .text | CALL [static] | Indirect call to absolute memory address |
| A3E9 | 6519EC | .text | CALL [static] | Indirect call to absolute memory address |
| A456 | 6519F0 | .text | CALL [static] | Indirect call to absolute memory address |
| A4D0 | 6519EC | .text | CALL [static] | Indirect call to absolute memory address |
| A516 | 6519F0 | .text | CALL [static] | Indirect call to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1688347 | 56,2722% |
| Null Byte Code | 608627 | 20,2854% |
© 2026 All rights reserved.