PESCAN.IO - Analysis Report |
|||||
| File Structure: | |||||
|
|||||
| Information: |
Icon: Size: 2,67 MBSHA-256 Hash: 0F01CA5385BCA26DDFB7D335E84D2377D58063290AD8C2F9EEF66CA1666E3B5D SHA-1 Hash: 026F66DEF6D485C64F86694ED4098104C0906395 MD5 Hash: B8C8428E5EBE6F60433089C391A0063A Imphash: 29307EF77EA94259E99F987498998A8F MajorOSVersion: 5 CheckSum: 002B2F44 EntryPoint (rva): 155684 SizeOfHeaders: 400 SizeOfImage: 2B5000 ImageBase: 400000 Architecture: x86 ImportTable: 1F629C Characteristics: 103 TimeDateStamp: 50A8FBD6 Date: 18/11/2012 15:16:38 File Type: EXE Number Of Sections: 4 ASLR: Disabled Section Names: .text, .rdata, .data, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info: |
| Section Name | Flags | ROffset | RSize | VOffset | VSize |
|---|---|---|---|---|---|
| .text | 60000020 (Executable) | 400 | 188800 | 1000 | 1887F8 |
| .rdata | 40000040 | 188C00 | 6F600 | 18A000 | 6F524 |
| .data | C0000040 (Writeable) | 1F8200 | C800 | 1FA000 | 12F9C |
| .rsrc | 40000040 | 204A00 | A7E00 | 20D000 | A7D7C |
| Description: |
| InternalName: CFF Explorer.exe OriginalFilename: CFF Explorer.exe CompanyName: Daniel Pistelli LegalCopyright: 2012 Daniel Pistelli. All rights reserved. ProductName: CFF Explorer FileVersion: 8.0.0.0 |
| Entry Point: |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 154A84 Code -> E8CFF10000E979FEFFFF8BFF51C701AC1A5D00E852F2000059C38BFF558BEC568BF1E8E3FFFFFFF6450801740756E89709FD • CALL 0X101D4 • JMP 0XE83 • MOV EDI, EDI • PUSH ECX • MOV DWORD PTR [ECX], 0X5D1AAC • CALL 0X1026A • POP ECX • RET • MOV EDI, EDI • PUSH EBP • MOV EBP, ESP • PUSH ESI • MOV ESI, ECX • CALL 0X100A • TEST BYTE PTR [EBP + 8], 1 • JE 0X1034 • PUSH ESI |
| Signatures: |
| Rich Signature Analyzer: Code -> CC427D07882313548823135488231354AFE57E5484231354AFE56854952313548823125449211354815B8654CC231354815B90546E231354967197548B231354AFE57D5481231354815B9754DD2213549671875489231354815B8254892313545269636888231354 Footprint md5 Hash -> F760FFE7B2D26E73F6A7A61E4B6C253A • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler: |
| Compiler: Microsoft Visual C ++ Detect It Easy (die) • PE: library: MFC(-)[static] • PE: compiler: EP:Microsoft Visual C/C++(2008-2010)[EXE32] • PE: compiler: Microsoft Visual C++(2008)[libcmt,wWinMain] • PE: linker: Microsoft Linker(9.0)[EXE32] • Entropy: 6.02419 |
| Suspicious Functions: |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | DeleteFileA | Deletes an existing file. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| SHELL32.DLL | ShellExecuteW | Performs a run operation on a specific file. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| Windows REG (UNICODE): |
| SOFTWARE\NTCore\CFFExplorer Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Software\Microsoft\Windows\CurrentVersion\Policies\Network Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 Software\Classes\ Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun |
| File Access: |
| .exe cmd.exe imagehlp.dll gdiplus.dll OLEAUT32.dll ole32.dll oledlg.dll SHLWAPI.dll COMCTL32.dll SHELL32.dll ADVAPI32.dll COMDLG32.dll GDI32.dll USER32.dll KERNEL32.dll OLEACC.dll RICHED32.DLL .\?.dll;!\?.dll;!\loadall.dll .\?.dll;!\?.dll .\?.dll .bat Temp |
| File Access (UNICODE): |
| Dll Files (*.dll *.dll MachineGetSystemWow64DirectoryKernel32.dll Wow64DisableWow64FsRedirectionKernel32.dll Kernel32.dll gdi32.dll UxTheme.dll kernel32.dll IsWow64Processkernel32.dll SGetMonitorInfoWuser32.dll user32.dll MonitorFromRectuser32.dll GetMenuInfouser32.dll SetMenuInfouser32.dll SetLayeredWindowAttributesUser32.dll GetCurrentThemeNameUxTheme.dll GetWindowThemeUxTheme.dll CloseThemeDataUxTheme.dll wine_get_unix_file_nameuxtheme.dll SetWindowThemeMsimg32.dll dPDIPgPUxTheme.dll Scomctl32.dll Scomdlg32.dll Sshell32.dll ptntdll.dll %s%s.dll SHCreateItemFromParsingNameShell32.dll mfcm90u.dll NotifyWinEventuser32.dll ole32.dll VUCorExitProcessmscoree.dll Exe Files (*.exe *.exe CFF Explorer.exe \winhlp32.exe %sCFF Explorer.exe %sSignatures\%s.txt *.txt Text Files (*.txt Temp |
| Interest's Words: |
| PADDINGX ToolBar exec attrib start pause comspec shutdown systeminfo ping replace |
| Interest's Words (UNICODE): |
| ToolBar exec attrib start expand replace |
| URLs (UNICODE): |
| http://www.ntcore.com/ |
| Payloads: |
| Unusual BP Cave > 15 Bytes - (0xCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC...) |
| Known IP/Domains (UNICODE): |
| gmail.com |
| Strings/Hex Code Found With The File Rules: |
| • Rule Text (Unicode): WinAPI Sockets (bind) • Rule Text (Unicode): WinAPI Sockets (connect) • Rule Text (Unicode): WinAPI Sockets (send) • Rule Text (Ascii): Registry (RegCreateKeyEx) • Rule Text (Ascii): Registry (RegOpenKeyEx) • Rule Text (Ascii): Registry (RegSetValueEx) • Rule Text (Ascii): File (GetTempPath) • Rule Text (Ascii): File (CopyFile) • Rule Text (Unicode): File (CopyFile) • Rule Text (Ascii): File (CreateFile) • Rule Text (Ascii): File (WriteFile) • Rule Text (Ascii): File (ReadFile) • Rule Text (Ascii): Anti-Analysis VM (IsDebuggerPresent) • Rule Text (Ascii): Anti-Analysis VM (GetSystemInfo) • Rule Text (Ascii): Anti-Analysis VM (GetVersion) • Rule Text (Ascii): Stealth (VirtualAlloc) • Rule Text (Ascii): Stealth (VirtualProtect) • Rule Text (Ascii): Execution (CreateProcessA) • Rule Text (Ascii): Execution (CreateProcessW) • Rule Text (Ascii): Execution (ShellExecute) • Rule Text (Unicode): Keyboard Key (Alt+) • Rule Text (Ascii): Keyboard Key (RBUTTON) • Rule Text (Ascii): Keyboard Key (Scroll) • Rule Text (Unicode): Keyboard Key (Scroll) • Rule Text (Ascii): Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV) • Rule Text (Ascii): Malicious rerouting of traffic to an attacker-controlled site (Redirect) • EP Rules: Microsoft Visual C++ 8 • EP Rules: Microsoft Visual C++ 8 • EP Rules: VC8 -> Microsoft Corporation |
| Resources: |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \CURSOR\44\1033 | 20F410 | 134 | 206E10 | 100008002800000020000000400000000100010000000000800000000000000000000000020000000200000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\45\1033 | 20F544 | 134 | 206F44 | 020002002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\46\1033 | 20F678 | B4 | 207078 | 010001002800000010000000200000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(....... ..................................... |
| \CURSOR\47\1033 | 20F72C | 134 | 20712C | 0F0014002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\48\1033 | 20F860 | 134 | 207260 | 100008002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\49\1033 | 20F994 | 134 | 207394 | 0A000E002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\50\1033 | 20FAC8 | 134 | 2074C8 | 15000E002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\51\1033 | 20FBFC | 134 | 2075FC | 0C0012002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\52\1033 | 20FD30 | 134 | 207730 | 140012002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\53\1033 | 20FE64 | 134 | 207864 | 0C000B002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\54\1033 | 20FF98 | 134 | 207998 | 13000A002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\55\1033 | 2100CC | 134 | 207ACC | 10000F002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\56\1033 | 210200 | 134 | 207C00 | 10000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\57\1033 | 210334 | 134 | 207D34 | 0F000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\58\1033 | 210468 | 134 | 207E68 | 10000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\59\1033 | 21059C | 134 | 207F9C | 10000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\60\1033 | 2106D0 | 134 | 2080D0 | 10000F002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \BITMAP\141\1033 | 210804 | 328 | 208204 | 280000001000000010000000010018000000000000030000000000000000000000000000000000000000000688C10688C100 | (................................................. |
| \BITMAP\142\1033 | 210B2C | 328 | 20852C | 2800000010000000100000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (................................................. |
| \BITMAP\143\1033 | 210E54 | 328 | 208854 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (................................................. |
| \BITMAP\144\1033 | 21117C | 328 | 208B7C | 2800000010000000100000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (................................................. |
| \BITMAP\145\1033 | 2114A4 | 168 | 208EA4 | 2800000020000000100000000100040000000000000100000000000000000000100000001000000000000000000080000080 | (... ............................................. |
| \BITMAP\146\1033 | 21160C | 328 | 20900C | 28000000100000001000000001001800000000000003000000000000000000000000000000000000D4CFCCA0948E7E6F6675 | (.............................................~ofu |
| \BITMAP\147\1033 | 211934 | 328 | 209334 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\148\1033 | 211C5C | 328 | 20965C | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\149\1033 | 211F84 | 328 | 209984 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\150\1033 | 2122AC | 328 | 209CAC | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\151\1033 | 2125D4 | 328 | 209FD4 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\152\1033 | 2128FC | 328 | 20A2FC | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFD4CFCCA0948E7E | (................................................~ |
| \BITMAP\153\1033 | 212C24 | 328 | 20A624 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFF55555555555555 | (..........................................UUUUUUU |
| \BITMAP\154\1033 | 212F4C | 1E28 | 20A94C | 28000000A0000000100000000100180000000000001E000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\155\1033 | 214D74 | 328 | 20C774 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFE7E3E2B1A6A07A | (................................................z |
| \BITMAP\163\1033 | 21509C | 328 | 20CA9C | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\165\7177 | 2153C4 | 328 | 20CDC4 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\167\1033 | 2156EC | 528 | 20D0EC | 2800000010000000100000000100080000000000000100000000000000000000000100000001000000000000010101000202 | (................................................. |
| \BITMAP\170\1033 | 215C14 | 528 | 20D614 | 2800000010000000100000000100080000000000000100000000000000000000000100000001000000000000010101000202 | (................................................. |
| \BITMAP\172\1033 | 21613C | 528 | 20DB3C | 2800000010000000100000000100080000000000000100000000000000000000000100000001000000000000010101000202 | (................................................. |
| \BITMAP\188\1033 | 216664 | 328 | 20E064 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\189\1033 | 21698C | 528 | 20E38C | 2800000010000000100000000100080000000000000100000000000000000000000100000001000000000000000080000080 | (................................................. |
| \BITMAP\194\1033 | 216EB4 | 328 | 20E8B4 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FF00FFFF00FFFF00FFFF | (................................................. |
| \BITMAP\200\1033 | 2171DC | 29428 | 20EBDC | 28000000C00D00001000000001001800000000000094020000000000000000000000000000000000FF00FFFF00FFFF00FFFF | (................................................. |
| \BITMAP\203\1033 | 240604 | 528 | 238004 | 2800000010000000100000000100080000000000000100000000000000000000000100000001000000000000800000000080 | (................................................. |
| \BITMAP\212\1033 | 240B2C | 328 | 23852C | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFF | (................................................. |
| \BITMAP\213\1033 | 240E54 | 328 | 238854 | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFFD4CFCCA0948E7E | (................................................~ |
| \BITMAP\214\1033 | 24117C | 328 | 238B7C | 28000000100000001000000001001800000000000003000000000000000000000000000000000000FFFFFF55555555555555 | (..........................................UUUUUUU |
| \BITMAP\30994\1033 | 2414A4 | B8 | 238EA4 | 280000000C0000000A0000000100040000000000500000000000000000000000000000000000000000000000000080000080 | (...................P............................. |
| \BITMAP\30996\1033 | 24155C | 144 | 238F5C | 28000000210000000B0000000100040000000000DC0000000000000000000000000000000000000000000000000080000080 | (...!............................................. |
| \ICON\1\1033 | 2416A0 | 128 | 2390A0 | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\2\1033 | 2417C8 | 568 | 2391C8 | 28000000100000002000000001000800000000004001000000000000000000000000000000000000000000003C45AE002026 | (....... ...........@.......................<E.. & |
| \ICON\3\1033 | 241D30 | 1E8 | 239730 | 2800000018000000300000000100040000000000800100000000000000000000000000000000000000000000000080000080 | (.......0......................................... |
| \ICON\4\1033 | 241F18 | 6C8 | 239918 | 2800000018000000300000000100080000000000A00200000000000000000000000000000000000000000000314198000A0C | (.......0...................................1A.... |
| \ICON\5\1033 | 2425E0 | 2E8 | 239FE0 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\6\1033 | 2428C8 | 8A8 | 23A2C8 | 28000000200000004000000001000800000000008004000000000000000000000000000000000000000000002B35CA008000 | (... ...@...................................+5.... |
| \ICON\7\1033 | 243170 | 668 | 23AB70 | 2800000030000000600000000100040000000000000600000000000000000000000000000000000000000000000080000080 | (...0............................................ |
| \ICON\8\1033 | 2437D8 | EA8 | 23B1D8 | 2800000030000000600000000100080000000000800A00000000000000000000000000000000000000000000000000000000 | (...0............................................ |
| \ICON\9\1033 | 244680 | 2868 | 23C080 | 2800000080000000000100000100040000000000002800000000000000000000000000000000000000000000000080000080 | (....................(............................ |
| \ICON\10\1033 | 246EE8 | 4C28 | 23E8E8 | 2800000080000000000100000100080000000000004800000000000000000000000000000000000000000000000000000000 | (....................H............................ |
| \ICON\11\1033 | 24BB10 | 468 | 243510 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\12\1033 | 24BF78 | 988 | 243978 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\13\1033 | 24C900 | 10A8 | 244300 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\14\1033 | 24D9A8 | 25A8 | 2453A8 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\15\1033 | 24FF50 | 10828 | 247950 | 2800000080000000000100000100200000000000000801000000000000000000000000000000000000000000000000000000 | (............. ................................... |
| \ICON\16\1033 | 260778 | 42028 | 258178 | 280000000001000000020000010020000000000000200400AF1B0000AF1B0000000000000000000000000000000000000000 | (............. ...... ............................ |
| \ICON\17\1033 | 2A27A0 | 568 | 29A1A0 | 28000000100000002000000001000800000000000001000000000000000000000001000000010000000000007E7E7F008000 | (....... ...................................~~.... |
| \ICON\18\1033 | 2A2D08 | 8A8 | 29A708 | 2800000020000000400000000100080000000000000400000000000000000000000100000001000000000000400000008000 | (... ...@...................................@..... |
| \ICON\19\1033 | 2A35B0 | 8A8 | 29AFB0 | 2800000020000000400000000100080000000000800400000000000000000000000000000000000000000000B48E7800D9AB | (... ...@.....................................x... |
| \ICON\20\1033 | 2A3E58 | CA8 | 29B858 | 2800000020000000400000000100180000000000800C00000000000000000000000000000000000000000000000000000000 | (... ...@......................................... |
| \ICON\21\1033 | 2A4B00 | 368 | 29C500 | 2800000010000000200000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (....... ......................................... |
| \ICON\22\1033 | 2A4E68 | 368 | 29C868 | 2800000010000000200000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (....... ......................................... |
| \ICON\23\1033 | 2A51D0 | 368 | 29CBD0 | 2800000010000000200000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (....... ......................................... |
| \ICON\24\1033 | 2A5538 | 368 | 29CF38 | 2800000010000000200000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (....... ......................................... |
| \ICON\25\1033 | 2A58A0 | 8A8 | 29D2A0 | 2800000020000000400000000100080000000000800400000000000000000000000000000000000000000000010000000200 | (... ...@......................................... |
| \ICON\26\1033 | 2A6148 | EA8 | 29DB48 | 2800000030000000600000000100080000000000800A00000000000000000000000000000000000000000000000000000000 | (...0............................................ |
| \ICON\27\1033 | 2A6FF0 | 1628 | 29E9F0 | 2800000040000000800000000100080000000000001200000000000000000000000100000000000000000000800080008000 | (...@............................................. |
| \ICON\28\1033 | 2A8618 | 2E8 | 2A0018 | 2800000020000000400000000100040000000000000200000000000000000000100000001000000000000000000080000080 | (... ...@......................................... |
| \ICON\29\1033 | 2A8900 | 128 | 2A0300 | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\30\1033 | 2A8A28 | 568 | 2A0428 | 28000000100000002000000001000800000000000001000000000000000000000001000000010000000000003499CC003398 | (....... ...................................4...3. |
| \ICON\31\1033 | 2A8F90 | 368 | 2A0990 | 28000000100000002000000001001800000000000003000000000000000000000000000000000000000000FFFFFFFFFFFFFF | (....... ......................................... |
| \ICON\32\1033 | 2A92F8 | 568 | 2A0CF8 | 2800000010000000200000000100080000000000000000000000000000000000000100000000000000000000FFFFFFFFA8A6 | (....... ......................................... |
| \ICON\33\1033 | 2A9860 | 568 | 2A1260 | 280000001000000020000000010008000000000000010000000000000000000000010000000100000000000097979700A9A9 | (....... ......................................... |
| \ICON\34\1033 | 2A9DC8 | 568 | 2A17C8 | 280000001000000020000000010008000000000000010000000000000000000000010000000100000000000080808000C0C0 | (....... ......................................... |
| \ICON\35\1033 | 2AA330 | 368 | 2A1D30 | 28000000100000002000000001001800000000000003000000000000000000000000000000000000000000000000A0948E7E | (....... ........................................~ |
| \ICON\36\1033 | 2AA698 | 568 | 2A2098 | 2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000868686009999 | (....... ......................................... |
| \ICON\37\1033 | 2AAC00 | 568 | 2A2600 | 2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000E7DDD800C9B4 | (....... ......................................... |
| \ICON\38\1033 | 2AB168 | 10A8 | 2A2B68 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\39\1033 | 2AC210 | 10A8 | 2A3C10 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\40\1033 | 2AD2B8 | EA8 | 2A4CB8 | 28000000300000006000000001000800000000000009000000000000000000000001000000010000B0ACB000000000005858 | (...0..........................................XX |
| \ICON\41\1033 | 2AE160 | 568 | 2A5B60 | 2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000867D7D002D1D | (....... ....................................}}.-. |
| \ICON\42\1033 | 2AE6C8 | EA8 | 2A60C8 | 2800000030000000600000000100080000000000000900000000000000000000000100000001000000000000085E18000A65 | (...0..........................................e |
| \ICON\43\1033 | 2AF570 | 368 | 2A6F70 | 2800000010000000200000000100180000000000000300000000000000000000000000000000000000000000000000000000 | (....... ......................................... |
| \MENU\129\1033 | 2AF8D8 | 56 | 2A72D8 | 000000001000460069006C0065000000800012804E0055004C004C0000001000530065007400740069006E00670073000000800012804E0055004C004C00000090003F00000080001080410062006F00750074000000 | ......F.i.l.e.......N.U.L.L.....S.e.t.t.i.n.g.s.......N.U.L.L.....?.......A.b.o.u.t... |
| \DIALOG\128\1040 | 2AF930 | 8A | 2A7330 | C000C88000000000020000000000BA005F00000000004400690061006C006F006700000008004D0053002000530061006E00 | ................_.....D.i.a.l.o.g.....M.S. .S.a.n. |
| \DIALOG\132\1033 | 2AF9BC | 74 | 2A73BC | 0100FFFF0000000000000200480008400100000000001801C5000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\133\1033 | 2AFA30 | A8 | 2A7430 | 0100FFFF000000000000020048000840020000000000BA0097000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\134\1033 | 2AFAD8 | 358 | 2A74D8 | 0100FFFF0000000000000200480008400E000000000078010B010000000000000800900100014D0053002000530068006500 | ............H..@......x...............M.S. .S.h.e. |
| \DIALOG\135\1033 | 2AFE30 | 208 | 2A7830 | 0100FFFF0000000000000000C808CA80040000000000B6004F000000000000000800900100014D0053002000530068006500 | ........................O.............M.S. .S.h.e. |
| \DIALOG\136\1033 | 2B0038 | 94 | 2A7A38 | 0100FFFF0000000000000200480008400200000000001401C3000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\137\1033 | 2B00CC | C8 | 2A7ACC | 0100FFFF0000000000000000C808CA80030000000000D600AF000000000000000800900100014D0053002000530068006500 | ......................................M.S. .S.h.e. |
| \DIALOG\138\1033 | 2B0194 | 148 | 2A7B94 | 0100FFFF0000000000000000C808CA80050000000000D600BE0000000000530065006300740069006F006E00200046006C00 | ..............................S.e.c.t.i.o.n. .F.l. |
| \DIALOG\139\1033 | 2B02DC | 1BC | 2A7CDC | 0100FFFF0000000000000000C808C880050000000000DF002E0000000000410062006F007500740020004300460046002000 | ..............................A.b.o.u.t. .C.F.F. . |
| \DIALOG\140\1033 | 2B0498 | B0 | 2A7E98 | 0100FFFF0000000000000000C808CA80030000000000A9002E000000000000000800900100014D0053002000530068006500 | ......................................M.S. .S.h.e. |
| \DIALOG\141\1033 | 2B0548 | AC | 2A7F48 | 0100FFFF0000000000000200480008400200000000001401C3000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\142\1033 | 2B05F4 | 78 | 2A7FF4 | 0100FFFF0000000000000200480008400100000000003401E6000000000000000800900100014D0053002000530068006500 | ............H..@......4...............M.S. .S.h.e. |
| \DIALOG\143\1033 | 2B066C | 74 | 2A806C | 0100FFFF000000000000000048000840010000000000CE0066000000000000000800900100014D0053002000530068006500 | ............H..@........f.............M.S. .S.h.e. |
| \DIALOG\144\1033 | 2B06E0 | 324 | 2A80E0 | 0100FFFF0000000000000200480008400C00000000005C0108010000000000000800900100014D0053002000530068006500 | ............H..@......\...............M.S. .S.h.e. |
| \DIALOG\146\1033 | 2B0A04 | 40 | 2A8404 | 0100FFFF0000000000000200480008400000000000001601C5000000000000000800900100014D00530020005300680065006C006C00200044006C0067000000 | ............H..@......................M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\174\1033 | 2B0A44 | 40 | 2A8444 | 0100FFFF00000000000001004808CF800000000000006801EF000000000000000800900100014D00530020005300680065006C006C00200044006C0067000000 | ............H.........h...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\175\1033 | 2B0A84 | 130 | 2A8484 | 0100FFFF0000000000000200480008400600000000001401C3000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\187\1033 | 2B0BB4 | 13E | 2A85B4 | 0100FFFF0000000000000000C808C880050000000000BA00310000000000460069006E0064002E002E002E00000008009001 | ........................1.....F.i.n.d............. |
| \DIALOG\189\1033 | 2B0CF4 | C8 | 2A86F4 | 0100FFFF0000000000000000C808CA800300000000007301AE000000000000000800900100014D0053002000530068006500 | ......................s...............M.S. .S.h.e. |
| \DIALOG\190\1033 | 2B0DBC | 124 | 2A87BC | 0100FFFF00000000100005004800CF90050000000000F9011501FFFF8100000000000800000000014D005300200053006800 | ............H...........................M.S. .S.h. |
| \DIALOG\191\1033 | 2B0EE0 | 328 | 2A88E0 | 0100FFFF0000000000000200480438401400000000006A01C5000000000000000800900100014D0053002000530068006500 | ............H.8@......j...............M.S. .S.h.e. |
| \DIALOG\195\1033 | 2B1208 | CA | 2A8C08 | 0100FFFF0000000000000000C800C880020000000000B70076000000000050007200650066006500720065006E0063006500 | ........................v.....P.r.e.f.e.r.e.n.c.e. |
| \DIALOG\197\1033 | 2B12D4 | E0 | 2A8CD4 | 0100FFFF0000000000000000C800C880030000000000BA009B0000000000430068006F006F0073006500200043006C006900 | ..............................C.h.o.o.s.e. .C.l.i. |
| \DIALOG\198\1033 | 2B13B4 | 114 | 2A8DB4 | 0100FFFF0000000000000000C800C880040000000000A900390000000000460069006C006C00200057006900740068002E00 | ........................9.....F.i.l.l. .W.i.t.h... |
| \DIALOG\199\1033 | 2B14C8 | 1BE | 2A8EC8 | 0100FFFF0000000000000000C800C880090000000000A6005900000000004D006F0064006900660079002E002E002E000000 | ........................Y.....M.o.d.i.f.y......... |
| \DIALOG\200\1033 | 2B1688 | 78 | 2A9088 | 0100FFFF0000000000000200480008400100000000001401C3000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\208\1033 | 2B1700 | 174 | 2A9100 | 0100FFFF0000000000000000C808CA800600000000009C005E00000000005200650073006F00750072006300650020005000 | .............................R.e.s.o.u.r.c.e. .P. |
| \DIALOG\209\1033 | 2B1874 | 3E2 | 2A9274 | 0100FFFF0000000000000000C808CA800D00000000002A018E0000000000410064006400200043007500730074006F006D00 | ......................*.......A.d.d. .C.u.s.t.o.m. |
| \DIALOG\210\1033 | 2B1C58 | A4 | 2A9658 | 0100FFFF0000000000000000C808CA80030000000000070142000000000000000800900100014D0053002000530068006500 | ........................B.............M.S. .S.h.e. |
| \DIALOG\211\1033 | 2B1CFC | 78 | 2A96FC | 0100FFFF0000000000000200480008400100000000003401E6000000000000000800900100014D0053002000530068006500 | ............H..@......4...............M.S. .S.h.e. |
| \DIALOG\212\1033 | 2B1D74 | 60 | 2A9774 | 0100FFFF0000000000000200480008400100000000003401E6000000000000000800900100014D00530020005300680065006C006C00200044006C006700000000000000000000004418A1502100AA00EE001F00F6030000FFFF810000000000 | ............H..@......4...............M.S. .S.h.e.l.l. .D.l.g...........D..P!................... |
| \DIALOG\213\1033 | 2B1DD4 | 134 | 2A97D4 | 0100FFFF0000000000000000C808CA800400000000002E017E000000000000000800900100014D0053002000530068006500 | ........................~.............M.S. .S.h.e. |
| \DIALOG\214\1033 | 2B1F08 | 1C0 | 2A9908 | 0100FFFF0000000000000200480008400800000000005C0108010000000000000800900100014D0053002000530068006500 | ............H..@......\...............M.S. .S.h.e. |
| \DIALOG\216\1033 | 2B20C8 | 60 | 2A9AC8 | 0100FFFF0000000000000200480008400100000000001801C5000000000000000800900100014D00530020005300680065006C006C00200044006C00670000000000000000000000C418A1500A001200EE001F00F6030000FFFF810000000000 | ............H..@......................M.S. .S.h.e.l.l. .D.l.g..............P.................... |
| \DIALOG\217\1033 | 2B2128 | 78 | 2A9B28 | 0100FFFF0000000000000200480008400100000000001801C5000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\218\1033 | 2B21A0 | 328 | 2A9BA0 | 0100FFFF0000000000000200480008400E0000000000490117010000000000000800900100014D0053002000530068006500 | ............H..@......I...............M.S. .S.h.e. |
| \DIALOG\219\1033 | 2B24C8 | 5CA | 2A9EC8 | 0100FFFF0000000000000000C808CA800F0000000000BF0194000000000050007200650066006500720065006E0063006500 | ..............................P.r.e.f.e.r.e.n.c.e. |
| \DIALOG\220\1033 | 2B2A94 | 1CC | 2AA494 | 0100FFFF0000000000000000C800C880070000000000E9003C000000000049006E0073006500720074002000410064006400 | ........................<.....I.n.s.e.r.t. .A.d.d. |
| \DIALOG\30721\1033 | 2B2C60 | E8 | 2AA660 | C400C88000000000050009001A00B7004600000000004E0065007700000008004D00530020005300680065006C006C002000 | ................F.....N.e.w.....M.S. .S.h.e.l.l. . |
| \DIALOG\30734\1033 | 2B2D48 | 34 | 2AA748 | C800C88000000000000009001A00B700460000000000000008004D00530020005300680065006C006C00200044006C0067000000 | ................F.........M.S. .S.h.e.l.l. .D.l.g... |
| \STRING\3841\1033 | 2B2D7C | 82 | 2AA77C | 04004F00700065006E00070053006100760065002000410073000F0041006C006C002000460069006C006500730020002800 | ..O.p.e.n...S.a.v.e. .A.s...A.l.l. .F.i.l.e.s. .(. |
| \STRING\3842\1033 | 2B2E00 | 2A | 2AA800 | 000005002600480069006400650000000000000000000000000000000000000000000000000000000000 | ....&.H.i.d.e............................. |
| \STRING\3843\1033 | 2B2E2C | 184 | 2AA82C | 1E004E006F0020006500720072006F00720020006D0065007300730061006700650020006900730020006100760061006900 | ..N.o. .e.r.r.o.r. .m.e.s.s.a.g.e. .i.s. .a.v.a.i. |
| \STRING\3857\1033 | 2B2FB0 | 4E6 | 2AA9B0 | 130049006E0063006F00720072006500630074002000660069006C0065006E0061006D0065002E0018004600610069006C00 | ..I.n.c.o.r.r.e.c.t. .f.i.l.e.n.a.m.e.....F.a.i.l. |
| \STRING\3858\1033 | 2B3498 | 264 | 2AAE98 | 110045006E00740065007200200061006E00200069006E00740065006700650072002E000F0045006E007400650072002000 | ..E.n.t.e.r. .a.n. .i.n.t.e.g.e.r.....E.n.t.e.r. . |
| \STRING\3859\1033 | 2B36FC | 2DA | 2AB0FC | 170055006E00650078007000650063007400650064002000660069006C006500200066006F0072006D00610074002E004F00 | ..U.n.e.x.p.e.c.t.e.d. .f.i.l.e. .f.o.r.m.a.t...O. |
| \STRING\3860\1033 | 2B39D8 | 8A | 2AB3D8 | 1F00250031003A002000250032000A0043006F006E00740069006E00750065002000720075006E006E0069006E0067002000 | ..%.1.:. .%.2...C.o.n.t.i.n.u.e. .r.u.n.n.i.n.g. . |
| \STRING\3865\1033 | 2B3A64 | AC | 2AB464 | 000000000000000000000000000000000000000000000000230055006E00610062006C006500200074006F00200072006500 | .........................U.n.a.b.l.e. .t.o. .r.e. |
| \STRING\3866\1033 | 2B3B10 | DE | 2AB510 | 230055006E00610062006C006500200074006F0020006C006F006100640020006D00610069006C0020007300790073007400 | .U.n.a.b.l.e. .t.o. .l.o.a.d. .m.a.i.l. .s.y.s.t. |
| \STRING\3867\1033 | 2B3BF0 | 4A8 | 2AB5F0 | 12004E006F0020006500720072006F00720020006F0063006300750072007200650064002E002D0041006E00200075006E00 | ..N.o. .e.r.r.o.r. .o.c.c.u.r.r.e.d...-.A.n. .u.n. |
| \STRING\3868\1033 | 2B4098 | 228 | 2ABA98 | 12004E006F0020006500720072006F00720020006F0063006300750072007200650064002E002D0041006E00200075006E00 | ..N.o. .e.r.r.o.r. .o.c.c.u.r.r.e.d...-.A.n. .u.n. |
| \STRING\3869\1033 | 2B42C0 | 2C | 2ABCC0 | 060070006900780065006C007300000000000000000000000000000000000000000000000000000000000000 | ..p.i.x.e.l.s............................... |
| \STRING\3887\1033 | 2B42EC | 42 | 2ABCEC | 0000070055006E0063006800650063006B00050043006800650063006B0005004D006900780065006400000000000000000000000000000000000000000000000000 | ....U.n.c.h.e.c.k...C.h.e.c.k...M.i.x.e.d......................... |
| \GROUP_CURSOR\215\1033 | 2B4330 | 14 | 2ABD30 | 0000020001002000400001000100340100002C00 | ...... .@.....4...,. |
| \GROUP_CURSOR\30977\1033 | 2B4344 | 22 | 2ABD44 | 0000020002002000400001000100340100002D001000200001000100B40000002E00 | ...... .@.....4...-... ........... |
| \GROUP_CURSOR\30998\1033 | 2B4368 | 14 | 2ABD68 | 0000020001002000400001000100340100003400 | ...... .@.....4...4. |
| \GROUP_CURSOR\30999\1033 | 2B437C | 14 | 2ABD7C | 0000020001002000400001000100340100002F00 | ...... .@.....4.../. |
| \GROUP_CURSOR\31000\1033 | 2B4390 | 14 | 2ABD90 | 0000020001002000400001000100340100003300 | ...... .@.....4...3. |
| \GROUP_CURSOR\31001\1033 | 2B43A4 | 14 | 2ABDA4 | 0000020001002000400001000100340100003200 | ...... .@.....4...2. |
| \GROUP_CURSOR\31002\1033 | 2B43B8 | 14 | 2ABDB8 | 0000020001002000400001000100340100003900 | ...... .@.....4...9. |
| \GROUP_CURSOR\31003\1033 | 2B43CC | 14 | 2ABDCC | 0000020001002000400001000100340100003100 | ...... .@.....4...1. |
| \GROUP_CURSOR\31004\1033 | 2B43E0 | 14 | 2ABDE0 | 0000020001002000400001000100340100003600 | ...... .@.....4...6. |
| \GROUP_CURSOR\31005\1033 | 2B43F4 | 14 | 2ABDF4 | 0000020001002000400001000100340100003000 | ...... .@.....4...0. |
| \GROUP_CURSOR\31006\1033 | 2B4408 | 14 | 2ABE08 | 0000020001002000400001000100340100003500 | ...... .@.....4...5. |
| \GROUP_CURSOR\31007\1033 | 2B441C | 14 | 2ABE1C | 0000020001002000400001000100340100003700 | ...... .@.....4...7. |
| \GROUP_CURSOR\31008\1033 | 2B4430 | 14 | 2ABE30 | 0000020001002000400001000100340100003800 | ...... .@.....4...8. |
| \GROUP_CURSOR\31009\1033 | 2B4444 | 14 | 2ABE44 | 0000020001002000400001000100340100003A00 | ...... .@.....4...:. |
| \GROUP_CURSOR\31010\1033 | 2B4458 | 14 | 2ABE58 | 0000020001002000400001000100340100003B00 | ...... .@.....4...;. |
| \GROUP_CURSOR\31011\1033 | 2B446C | 14 | 2ABE6C | 0000020001002000400001000100340100003C00 | ...... .@.....4...<. |
| \GROUP_ICON\1\1033 | 2B4480 | E6 | 2ABE80 | 000001001000101010000100040028010000010010100000010008006805000002001818100001000400E801000003001818 | ..............(.............h..................... |
| \GROUP_ICON\5\1033 | 2B4568 | 14 | 2ABF68 | 0000010001002020000001000800A80800001200 | ...... ............ |
| \GROUP_ICON\138\1033 | 2B457C | 14 | 2ABF7C | 0000010001002020000001000800A80800001300 | ...... ............ |
| \GROUP_ICON\139\1033 | 2B4590 | 14 | 2ABF90 | 0000010001002020000001001800A80C00001400 | ...... ............ |
| \GROUP_ICON\159\1033 | 2B45A4 | 14 | 2ABFA4 | 0000010001001010000001001800680300001500 | ..............h..... |
| \GROUP_ICON\160\1033 | 2B45B8 | 14 | 2ABFB8 | 0000010001001010000001001800680300001600 | ..............h..... |
| \GROUP_ICON\161\1033 | 2B45CC | 14 | 2ABFCC | 0000010001001010000001001800680300001700 | ..............h..... |
| \GROUP_ICON\162\1033 | 2B45E0 | 14 | 2ABFE0 | 0000010001001010000001001800680300001800 | ..............h..... |
| \GROUP_ICON\176\1033 | 2B45F4 | 30 | 2ABFF4 | 0000010003002020000001000800A808000019003030000001000800A80E00001A004040000001000800281600001B00 | ...... ............00............@@......(..... |
| \GROUP_ICON\177\1033 | 2B4624 | 22 | 2AC024 | 0000010002002020100001000400E80200001C001010100001000400280100001D00 | ...... ....................(..... |
| \GROUP_ICON\178\1033 | 2B4648 | 14 | 2AC048 | 0000010001001010000001000800680500001E00 | ..............h..... |
| \GROUP_ICON\179\1033 | 2B465C | 14 | 2AC05C | 0000010001001010000001001800680300001F00 | ..............h..... |
| \GROUP_ICON\180\1033 | 2B4670 | 14 | 2AC070 | 0000010001001010000001000800680500002000 | ..............h... . |
| \GROUP_ICON\181\1033 | 2B4684 | 14 | 2AC084 | 0000010001001010000001000800680500002100 | ..............h...!. |
| \GROUP_ICON\182\1033 | 2B4698 | 14 | 2AC098 | 0000010001001010000001000800680500002200 | ..............h...". |
| \GROUP_ICON\183\1033 | 2B46AC | 14 | 2AC0AC | 0000010001001010000001001800680300002300 | ..............h.... |
| \GROUP_ICON\184\1033 | 2B46C0 | 14 | 2AC0C0 | 0000010001001010000001000800680500002400 | ..............h...$. |
| \GROUP_ICON\191\1033 | 2B46D4 | 14 | 2AC0D4 | 0000010001001010000001000800680500002500 | ..............h...%. |
| \GROUP_ICON\192\1033 | 2B46E8 | 14 | 2AC0E8 | 0000010001002020000001002000A81000002600 | ...... .... .....&. |
| \GROUP_ICON\193\1033 | 2B46FC | 14 | 2AC0FC | 0000010001002020000001002000A81000002700 | ...... .... .....'. |
| \GROUP_ICON\196\1033 | 2B4710 | 14 | 2AC110 | 0000010001003030000001000800A80E00002800 | ......00..........(. |
| \GROUP_ICON\202\1033 | 2B4724 | 14 | 2AC124 | 0000010001001010000001000800680500001100 | ..............h..... |
| \GROUP_ICON\206\1033 | 2B4738 | 14 | 2AC138 | 0000010001001010000001000800680500002900 | ..............h...). |
| \GROUP_ICON\216\1033 | 2B474C | 14 | 2AC14C | 0000010001003030000001000800A80E00002A00 | ......00..........*. |
| \GROUP_ICON\217\1033 | 2B4760 | 14 | 2AC160 | 0000010001001010000001001800680300002B00 | ..............h...+. |
| \VERSION\1\1033 | 2B4774 | 32C | 2AC174 | 2C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1040 | 2B4AA0 | 2D9 | 2AC4A0 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String: |
| • CFF Explorer.exe • 8.0.0.0 • www. • kernel32.dll • UxTheme.dll • gdi32.dll • user32.dll • unbox.any • Kernel32.dll • *.bmp • *.cur • *.ico • .ico • .bmp • %s%s.xml • PLATFORM_INDEPENDENT.xml • *.dll • *.exe • .dll • .exe • .cff • mailto:pistelli@ntcore.com • %sCFF Explorer.exe %%1 • *.cff • C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl • *.txt • %sSignatures\%s.txt • .png • .cur • Dump Section • ldind.ref • stind.ref • ldelem.ref • stelem.ref • packageloaders.\?.lua;!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua • .\?.dll • ;!\?.dll • ;!\loadall.dll • unable to dump given function • DumpSectionGetNumberOfSectionsRebuildImageSize • AfterDumpHeaderFix • MonitorFromRectuser32.dll • GetMenuInfouser32.dll • SetMenuInfouser32.dll • User32.dll • wine_get_unix_file_nameuxtheme.dll • Msimg32.dll • \winhlp32.exe • C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin2.inl • hhctrl.ocx • Scomctl32.dll • Scomdlg32.dll • Sshell32.dll • ntdll.dll • %s%s.dll • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp • @SRICHED32.DLL • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp • mfcm90u.dll • f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp • 'U@R.INI • .HLP • .CHM • ole32.dll • mscoree.dll • cmd.exeCOMSPEC. • KERNEL32.DLL • .com • .bat • .cmd • OLEACC.dll • [CreateDialogIndirectParamW • USER32.dll • WINSPOOL.DRV • COMCTL32.dll • oledlg.dll • .PAX • luac.out • ntcore@gmail.com • www.ntcore.com |
| Extra 4n4lysis: |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1376423 | 49,0929% |
| Null Byte Code | 683213 | 24,3682% |
| NOP Cave Found | 0x9090909090 | Block Count: 2 | Total: 0,0002% |
© 2025 All rights reserved.