Static | ZeroBOX

PE Compile Time

2009-07-14 08:58:32

PE Imphash

a2dad36bd73280726da578eb659d0583

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00002428 0x00002600 6.06454445044
.data 0x00004000 0x00000758 0x00000758 0.458728126161
.rsrc 0x00005000 0x00000950 0x00000a00 4.38010896075
.reloc 0x00006000 0x000002b6 0x00000400 4.0904061228

Resources

Name Offset Size Language Sub-language File type
MUI 0x00005888 0x000000c8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x000054e8 0x000003a0 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000050f0 0x000003f6 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library ADVAPI32.dll:
0xef1000 RegQueryValueW
0xef1004 RegOpenKeyExW
0xef1008 RegCloseKey
Library KERNEL32.dll:
0xef1018 ReadFile
0xef101c CreateFileW
0xef1020 GetExitCodeProcess
0xef1024 WaitForSingleObject
0xef1028 CreateProcessW
0xef1030 GetSystemDirectoryW
0xef1034 GetNativeSystemInfo
0xef1038 IsWow64Process
0xef103c GetCurrentProcess
0xef1040 GetCommandLineW
0xef1044 lstrlenW
0xef1048 GetProcAddress
0xef104c GetModuleHandleW
0xef1050 GetLastError
0xef1054 FreeLibrary
0xef1058 SetFilePointer
0xef105c LoadLibraryExW
0xef1060 WideCharToMultiByte
0xef1064 SetErrorMode
0xef1068 FormatMessageW
0xef106c LocalAlloc
0xef1070 HeapSetInformation
0xef1074 TerminateProcess
0xef107c GetCurrentProcessId
0xef1080 GetCurrentThreadId
0xef1084 GetTickCount
0xef108c GetModuleHandleA
0xef1094 GetStartupInfoW
0xef109c Sleep
0xef10a4 InterlockedExchange
0xef10a8 CloseHandle
0xef10ac lstrcmpW
Library USER32.dll:
0xef10b4 CharNextW
0xef10b8 LoadStringW
Library msvcrt.dll:
0xef10c0 _initterm
0xef10c4 _amsg_exit
0xef10c8 __setusermatherr
0xef10cc __p__commode
0xef10d0 __p__fmode
0xef10d4 __set_app_type
0xef10d8 _wcmdln
0xef10e0 _controlfp
0xef10e4 exit
0xef10e8 ?terminate@@YAXXZ
0xef10ec __argc
0xef10f0 _XcptFilter
0xef10f4 wcsncpy_s
0xef10f8 memset
0xef10fc _exit
0xef1100 _cexit
0xef1104 __wgetmainargs
0xef1108 __wargv
0xef110c strcat_s
0xef1110 swprintf_s
0xef1114 _wsplitpath_s
0xef1118 wcscat_s
0xef111c wcscpy_s
Library ole32.dll:
0xef1130 OleUninitialize
0xef1134 OleInitialize
Library ntdll.dll:
0xef1128 RtlImageNtHeader
Library COMCTL32.dll:
0xef1010 None

!This program cannot be run in DOS mode.
`.data
@.reloc
ADVAPI32.dll
KERNEL32.dll
USER32.dll
msvcrt.dll
ole32.dll
ntdll.dll
COMCTL32.dll
DllInstall
SetProcessDPIAware
DllRegisterServerEx
DllRegisterServerExW
RSDS;m
regsvr32.pdb
PVVVVVVS
QWWWWWW
tlHHtEHt3
VVVVVj
VVVVVj
PVVVVVVS
PVVVVVVS
DVVVVSj
RegCloseKey
RegQueryValueW
RegOpenKeyExW
ADVAPI32.dll
CloseHandle
SetFilePointer
ReadFile
CreateFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
Wow64EnableWow64FsRedirection
GetSystemDirectoryW
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
GetCommandLineW
lstrlenW
GetProcAddress
GetModuleHandleW
GetLastError
FreeLibrary
lstrcmpW
LoadLibraryExW
WideCharToMultiByte
SetErrorMode
FormatMessageW
LocalAlloc
HeapSetInformation
KERNEL32.dll
CharNextW
LoadStringW
USER32.dll
wcsncpy_s
memset
wcscpy_s
wcscat_s
_wsplitpath_s
swprintf_s
strcat_s
__wargv
__argc
__wgetmainargs
_cexit
_XcptFilter
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
?terminate@@YAXXZ
_except_handler4_common
_controlfp
OleUninitialize
OleInitialize
ole32.dll
RtlImageNtHeader
NtSetInformationProcess
ntdll.dll
COMCTL32.dll
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DllRegisterServer
DllUnregisterServer
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.RegSvr32"
type="win32"
<description>Microsoft Register Server</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
processorArchitecture="x86"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
@1L1P1 3$3d3h3
3$4D4q4
7^7d7m7t7
7.8=8b8j8
:5:L:e:m:r:
;X;i;x;
; <{<2=<=G=
=">Q>h>
?%?M?m?
1!1M1S1t1
3O3W3i3~3
535R5[5v5
6`6j6p6y6
7^7j7p7w7
8R8^8j8
;J;m;z;
<$<+<2<:<B<J<V<_<d<j<t<}<
RegSvr32
DllInstall
\regsvr32.exe
user32.dll
AutoRegister
0x%08lx
Excessive # of DLL's on cmdline
/n must be used with the /i switch
DllRegisterServer
DllUnregisterServer
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Microsoft(C) Register Server
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
REGSVR32
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
REGSVR32.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
No antivirus signatures available.
No IRMA results available.