| / Chip 2003 November
/ CHIP_CD_2003-11.iso / start.exe
| < prev |
| UPX Packed | 2002-05-06 | 2.5 KB |
MacOS 8.1
|
Win98
|
DOS
view JSON data
|
view as text| Confidence | Program | Detection | Match Type | Support |
|---|---|---|---|---|
| 100% | dexvert | UPX Packed (archive/upxPacked) | magic | Supported |
| 100% | dexvert | MS-DOS/Windows or OS/2 Executable (executable/exe) | magic | Supported |
| 1% | dexvert | Yoda's Crypte Protected (archive/yodasCrypterProtected) | magic | Unsupported |
| 1% | dexvert | Ady's GLUE Packed (archive/adysGLUEPacked) | ext | Unsupported |
| 1% | dexvert | BlacK FiST Packed (archive/blackFiSTPacked) | ext | Unsupported |
| 1% | dexvert | CauseWay Compressor Packed (archive/causeWayCompressorPacked) | ext | Unsupported |
| 1% | dexvert | CExe Packed (archive/cExePacked) | ext | Unsupported |
| 1% | dexvert | cIPHATOR Protected (archive/ciphatorProtected) | ext | Unsupported |
| 1% | dexvert | CRYPACK Protected (archive/crypackProtected) | ext | Unsupported |
| 1% | dexvert | CRYPTEXE Protected (archive/cryptexeProtected) | ext | Unsupported |
| 1% | dexvert | Crypt Light Show Protected (archive/cryptLightShowProtected) | ext | Unsupported |
| 1% | dexvert | DaRKSToP Protected (archive/darkstopProtected) | ext | Unsupported |
| 1% | dexvert | DiskImager SFX Image (archive/diskImagerSFXImage) | ext | Unsupported |
| 1% | dexvert | Dismember EXE CRYPT Protected (archive/dismemberProtected) | ext | Unsupported |
| 1% | dexvert | DJP Packed (archive/djpPacked) | ext | Unsupported |
| 1% | dexvert | .NETZ Packed (archive/dotNETZPacked) | ext | Unsupported |
| 1% | dexvert | DSHIELD Protected (archive/dshieldProtected) | ext | Unsupported |
| 1% | dexvert | Exe32Pack Packed (archive/exe32PackPacked) | ext | Unsupported |
| 1% | dexvert | EXE Manager Protected (archive/exeManagerProtected) | ext | Unsupported |
| 1% | dexvert | EXETOOLS Protected (archive/exetoolsProtected) | ext | Unsupported |
| 1% | dexvert | EZip Packed (archive/ezipPacked) | ext | Unsupported |
| 1% | dexvert | FSG Packed (archive/fsgPacked) | ext | Unsupported |
| 1% | dexvert | HackStop Protected (archive/hackStopProtected) | ext | Unsupported |
| 1% | dexvert | JMCryptExe Protected (archive/jmCryptExeProtected) | ext | Unsupported |
| 1% | dexvert | kkrunchy Packed (archive/kkcrunchPacked) | ext | Unsupported |
| 1% | dexvert | mbp SHRINK Packed (archive/mbpSHRINKPacked) | ext | Unsupported |
| 1% | dexvert | MEGALITE Packed (archive/megalitePacked) | ext | Unsupported |
| 1% | dexvert | Mess Protected (archive/messProtected) | ext | Unsupported |
| 1% | dexvert | Mew Packed (archive/mewPacked) | ext | Unsupported |
| 1% | dexvert | MPRESS Packed (archive/mpressPacked) | ext | Unsupported |
| 1% | dexvert | NOS Packer Packed (archive/nosPackerPacked) | ext | Unsupported |
| 1% | dexvert | NTShell Protected (archive/ntShellProtected) | ext | Unsupported |
| 1% | dexvert | Pack Master Packed (archive/packMasterPacked) | ext | Unsupported |
| 1% | dexvert | PE Diminisher Packed (archive/peDiminisherPacked) | ext | Unsupported |
| 1% | dexvert | Petite Packed (archive/petitePacked) | ext | Unsupported |
| 1% | dexvert | PeX Packed (archive/pexPacked) | ext | Unsupported |
| 1% | dexvert | PKLITE32 Packed (archive/pklite32Packed) | ext | Unsupported |
| 1% | dexvert | PowerBatch Packed (archive/powerBatchPacked) | ext | Unsupported |
| 1% | dexvert | protector Protected (archive/protectorProtected) | ext | Unsupported |
| 1% | dexvert | py2exe Packed (archive/py2exePacked) | ext | Unsupported |
| 1% | dexvert | PyInstaller Packed (archive/pyInstallerPacked) | ext | Unsupported |
| 1% | dexvert | Scramb Packed (archive/scrambPacked) | ext | Unsupported |
| 1% | dexvert | SECURE Protected (archive/secureProtected) | ext | Unsupported |
| 1% | dexvert | Shrinker Packed (Windows) (archive/shrinkerWindowsPacked) | ext | Unsupported |
| 1% | dexvert | Spoon Studio Packed (archive/spoonStudioPacked) | ext | Unsupported |
| 1% | dexvert | tElock Packed (archive/telockPacked) | ext | Unsupported |
| 1% | dexvert | The Builder Packed (archive/theBuilderPacked) | ext | Unsupported |
| 1% | dexvert | The Patcher Packed (archive/thePatcherPacked) | ext | Unsupported |
| 1% | dexvert | 32Lite Packed (archive/thirtyTwoLitePacked) | ext | Unsupported |
| 1% | dexvert | TinyProt Protected (archive/tinyProtProtected) | ext | Unsupported |
| 1% | dexvert | (Win)Upack Packed (archive/winUpackPacked) | ext | Unsupported |
| 1% | dexvert | MS-DOS PMODE extender executable (executable/msdosPMODEExtenderExecutable) | ext | Unsupported |
| 1% | dexvert | Sony Playstation Executable (executable/sonyPlaystationExe) | ext | Unsupported |
| 1% | dexvert | Novell Netware Virtual Loadable Module (other/novellNetwareVirtualLoadableModule) | ext | Unsupported |
| 100% | file | PE32 executable for MS Windows 4.00 (GUI), Intel i386, UPX compressed, 3 sections | default | |
| 99% | file | data | default | |
| 34% | TrID | UPX compressed Win32 Executable | default | |
| 34% | TrID | Win32 EXE Yoda's Crypter | default | |
| 8% | TrID | Win32 Dynamic Link Library (generic) | default | |
| 6% | TrID | Win16 NE executable (generic) | default | |
| 5% | TrID | Win32 Executable (generic) | default | |
| 100% | siegfried | fmt/899 Windows Portable Executable (32 bit) | default | |
| 100% | gt2 | Ist eine ausf�hrbare Win32 Datei | default | |
| 100% | detectItEasy | Packer: UPX(1.08)[NRV,brute] | default | |
| 100% | binwalkID | Microsoft executable, portable (PE) | default | |
| 100% | xdgMime | application/vnd.microsoft.portable-executable | default (weak) |
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 4d 5a 90 00 03 00 00 00 | 04 00 00 00 ff ff 00 00 |MZ......|........|
|00000010| b8 00 00 00 00 00 00 00 | 40 00 00 00 00 00 00 00 |........|@.......|
|00000020| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000030| 00 00 00 00 00 00 00 00 | 00 00 00 00 80 00 00 00 |........|........|
|00000040| 0e 1f ba 0e 00 b4 09 cd | 21 b8 01 4c cd 21 54 68 |........|!..L.!Th|
|00000050| 69 73 20 70 72 6f 67 72 | 61 6d 20 63 61 6e 6e 6f |is progr|am canno|
|00000060| 74 20 62 65 20 72 75 6e | 20 69 6e 20 44 4f 53 20 |t be run| in DOS |
|00000070| 6d 6f 64 65 2e 0d 0d 0a | 24 00 00 00 00 00 00 00 |mode....|$.......|
|00000080| 50 45 00 00 4c 01 03 00 | 7b 5f f8 3a 00 00 00 00 |PE..L...|{_.:....|
|00000090| 00 00 00 00 e0 00 0f 01 | 0b 01 01 03 00 10 00 00 |........|........|
|000000a0| 00 10 00 00 00 40 00 00 | 30 54 00 00 00 50 00 00 |.....@..|0T...P..|
|000000b0| 00 60 00 00 00 00 40 00 | 00 10 00 00 00 02 00 00 |.`....@.|........|
|000000c0| 01 00 00 00 00 00 00 00 | 04 00 00 00 00 00 00 00 |........|........|
|000000d0| 00 70 00 00 00 10 00 00 | 00 00 00 00 02 00 00 00 |.p......|........|
|000000e0| 00 00 10 00 00 10 00 00 | 00 00 10 00 00 10 00 00 |........|........|
|000000f0| 00 00 00 00 10 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000100| 00 60 00 00 d8 00 00 00 | 00 00 00 00 00 00 00 00 |.`......|........|
|00000110| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000120| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000130| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000140| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000150| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000160| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000170| 00 00 00 00 00 00 00 00 | 55 50 58 30 00 00 00 00 |........|UPX0....|
|00000180| 00 40 00 00 00 10 00 00 | 00 00 00 00 00 02 00 00 |.@......|........|
|00000190| 00 00 00 00 00 00 00 00 | 00 00 00 00 80 00 00 e0 |........|........|
|000001a0| 55 50 58 31 00 00 00 00 | 00 10 00 00 00 50 00 00 |UPX1....|.....P..|
|000001b0| 00 06 00 00 00 02 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000001c0| 00 00 00 00 40 00 00 e0 | 55 50 58 32 00 00 00 00 |....@...|UPX2....|
|000001d0| 00 10 00 00 00 60 00 00 | 00 02 00 00 00 08 00 00 |.....`..|........|
|000001e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 40 00 00 c0 |........|....@...|
|000001f0| 31 2e 30 38 00 55 50 58 | 21 0c 09 02 0a 23 d2 4c |1.08.UPX|!....#.L|
|00000200| 06 19 b5 89 50 20 32 00 | 00 0f 04 00 00 20 10 00 |....P 2.|..... ..|
|00000210| 00 26 00 00 d9 fe ff f2 | ff 31 c0 40 8b 4c 24 04 |.&......|.1.@.L$.|
|00000220| f7 41 04 06 00 74 0f 8b | 44 24 08 8b 54 24 10 89 |.A...t..|D$..T$..|
|00000230| 02 b8 03 b9 ff 77 ef 10 | c3 53 56 57 12 10 50 6a |.....w..|.SVW..Pj|
|00000240| fe 68 00 10 40 00 64 ff | 35 15 ff db dd b9 06 89 |.h..@.d.|5.......|
|00000250| 25 19 20 8b 58 2f 70 0c | 83 fe ff 74 20 3b 74 7f |%. .X/p.|...t ;t.|
|00000260| d9 dc ff 24 24 74 1a 8d | 34 76 8b 0c b3 54 17 48 |...$$t..|4v...T.H|
|00000270| 7c b3 04 00 75 d7 77 ff | bf ff ff 54 b3 08 eb d1 ||...u.w.|...T....|
|00000280| 64 8f 05 35 83 c4 0c 5f | 5e 5b c3 55 89 e5 5c 55 |d..5..._|^[.U..\U|
|00000290| 6a 00 37 6f ef 6e 01 68 | 92 5a ff 75 08 e8 1c 03 |j.7o.n.h|.Z.u....|
|000002a0| c8 5d 89 ec 5d 6f ff df | dd c3 fc 20 83 ec 08 23 |.]..]o..|... ...#|
|000002b0| 8b 5d 0c 8b 45 08 a3 30 | 20 25 89 1d 34 6f ed c7 |.]..E..0| %..4o..|
|000002c0| 76 05 f7 40 ae 75 72 89 | 45 f8 19 ac 45 fc a3 ff |v..@.ur.|E...E...|
|000002d0| 6e bf 7d 16 8d 0d 89 43 | fc 8b 73 2d 7b 08 91 62 |n.}....C|..s-{..b|
|000002e0| 8d 0c 76 dd da bf 6c 81 | 8f 74 3a 56 55 8d 6b 10 |..v...l.|.t:VU.k.|
|000002f0| 86 0b 5d 5e b7 74 bb df | 4d 09 c0 74 28 78 31 25 |..]^.t..|M..t(x1%|
|00000300| 53 e8 91 76 04 1d ee 77 | cb 58 56 0c 1c 08 36 8b |S..v...w|.XV...6.|
|00000310| 04 8f 8b 43 0c 30 7e 17 | fe b9 08 25 0f 34 8f eb |...C.0~.|...%.4..|
|00000320| ac 2c eb 71 47 6a ff ed | ba b7 c3 2a 0c bc c7 05 |.,.qGj..|...*....|
|00000330| 10 7a 0b 0f 6a 0b e7 b0 | 9b d9 40 04 04 5f 75 21 |.z..j...|..@.._u!|
|00000340| 19 08 6e ef 1e 90 08 07 | b8 01 12 eb 27 83 f8 a1 |..n.....|....'...|
|00000350| 2a 50 4e 36 ec 15 50 24 | 1e 0d 03 f8 ba 0f 21 e6 |*PN6..P$|......!.|
|00000360| 94 28 0f 83 3d 2c 1a 00 | cf de de c3 3e e8 a1 0e |.(..=,..|....>...|
|00000370| 72 ff e0 58 10 d7 64 a1 | dd 0c 87 a1 5d 35 9e 68 |r..X..d.|....]5.h|
|00000380| 1c 1b 55 b3 10 84 66 9a | 50 aa 49 10 36 d8 f7 7d |..U...f.|P.I.6..}|
|00000390| 89 65 e8 68 28 1a 24 04 | 20 6a d4 75 6d 2f b2 bd |.e.h(.$.| j.um/..|
|000003a0| 14 05 24 16 34 14 f0 f7 | 2f 83 87 40 18 31 c9 89 |..$.4...|/..@.1..|
|000003b0| 4d fc 50 0d e0 c9 c3 e7 | dc df d7 fd a3 51 c3 6a |M.P.....|.....Q.j|
|000003c0| 81 ec 48 7c 59 1c ad e1 | ff ff a4 89 c6 80 3e 22 |..H|Y...|......>"|
|000003d0| 75 15 46 31 ff eb 01 47 | 0f be 04 3e 67 05 e6 db |u.F1...G|...>g...|
|000003e0| 32 64 6f 12 f2 eb 12 13 | 20 c6 0b 00 d9 ce fd bb |2do.....| .......|
|000003f0| 47 14 80 3c 3e 20 74 f9 | 89 fb 07 3c 47 43 3b 67 |G..<> t.|...<GC;g|
|00000400| f8 85 4d 0e 37 89 d8 01 | f0 f1 3e ee 0b 6f f8 8d |..M.7...|..>..o..|
|00000410| 5c 37 01 f4 50 8d 85 f4 | ee ff 50 68 04 8c 34 6c |\7..P...|..Ph..4l|
|00000420| 7f bf 56 8a b0 3d 0a 77 | 4e 8b 1c c6 7e 3c 35 7c |..V..=.w|N...~<5||
|00000430| 67 2b 8c 22 b8 1c ec b7 | c7 bb 7b 7b 8c 0e 3c c4 |g+."....|..{{..<.|
|00000440| 4a 89 85 c8 0c 89 9d cc | 05 b8 ec ec 9e 4a 0b 85 |J.......|.....J..|
|00000450| d0 33 34 17 de 60 6a fb | 03 2c 8c c9 c2 10 00 26 |.34..`j.|.,.....&|
|00000460| 25 e8 83 30 08 97 30 90 | 90 72 51 00 c7 ce 3c fc |%..0..0.|.rQ...<.|
|00000470| cb 80 3f 23 6a 22 89 f8 | 40 50 d3 10 ab ee 6d ac |..?#j"..|@P....m.|
|00000480| 75 bb 29 1b ec 3f eb fa | eb 1c d1 ed 64 ef b0 07 |u.)..?..|....d...|
|00000490| d0 f3 f0 0e 74 f3 ab 2b | fc b5 7f 4b bc 6a 01 57 |....t..+|...K.j.W|
|000004a0| 09 44 02 38 5f 75 6f 0c | c8 96 64 f4 0b f8 fc 01 |.D.8_uo.|..d.....|
|000004b0| b9 e4 80 00 31 0c 90 01 | 19 90 10 14 18 61 93 01 |....1...|.....a..|
|000004c0| 19 1c 20 00 39 60 00 55 | 53 00 55 21 f5 03 80 ec |.. .9`.U|S.U!....|
|000004d0| bc 28 00 6c 13 d8 31 25 | 03 c8 95 f8 c8 97 9c 28 |.(.l..1%|.......(|
|000004e0| 6c 0b 28 31 3c 0c 58 d3 | 35 50 03 64 78 17 84 db |l.(1<.X.|5P.dx...|
|000004f0| 34 4d d7 94 03 9c a8 b0 | bc 31 43 50 08 0c 00 33 |4M......|.1CP...3|
|00000500| 60 6e 4a 0e 30 40 14 13 | 03 00 66 26 2c 1b 28 03 |`nJ.0@..|..f&,.(.|
|00000510| 2d 0a 00 83 2c 0a 90 10 | 91 10 ff b2 39 8a 70 f4 |-...,...|....9.p.|
|00000520| 20 01 47 65 74 43 6f 6d | ec ff 91 ff 6d 61 6e 64 | .GetCom|....mand|
|00000530| 4c 69 6e 65 41 46 75 6c | 6c 50 61 74 68 4e 61 6d |LineAFul|lPathNam|
|00000540| 11 fe d7 dd 1e 4d 6f 64 | 13 65 48 25 6c 11 52 74 |.....Mod|.eH%l.Rt|
|00000550| 6c 55 6e 77 be cd 66 db | 2f 64 48 7d 0c 21 5f 5f |lUnw..f.|/dH}.!__|
|00000560| 27 61 ee ad fc df 14 41 | 72 67 73 00 01 65 78 69 |'a.....A|rgs..exi|
|00000570| 74 3f 6d 73 65 07 db 37 | ff e5 72 61 69 00 01 73 |t?mse..7|..rai..s|
|00000580| 69 67 6e 61 6c 74 72 63 | 68 72 85 88 db bf fd 34 |ignaltrc|hr.....4|
|00000590| e8 53 68 65 72 45 78 65 | 63 75 74 65 06 41 ce 7f |.SherExe|cute.A..|
|000005a0| 79 42 8d 50 45 4c 01 03 | 00 7b 5f f8 3a eb 82 cc |yB.PEL..|.{_.:...|
|000005b0| ff 14 e0 00 0f 01 0b 01 | 07 06 13 67 5f d7 3d cb |........|...g_.=.|
|000005c0| 11 04 10 03 20 0d 40 0b | 02 b2 c3 06 73 55 33 04 |.... .@.|....sU3.|
|000005d0| 3c 40 0c 04 cb ce dc 1e | 34 10 07 d9 d9 06 d2 4f |<@......|4......O|
|000005e0| 10 28 1c 00 df bb 30 14 | 2e 03 78 74 ce ab 10 b8 |.(....0.|..xt....|
|000005f0| 5b d8 60 07 04 23 ea 60 | 2e 64 d8 d9 a4 5b a3 61 |[.`..#.`|.d...[.a|
|00000600| 10 38 07 0a 27 b2 37 bb | 5b f2 c0 2e 69 28 cb d3 |.8..'.7.|[...i(..|
|00000610| be 67 2e 6c 0c 27 60 1b | 00 a4 00 00 00 e0 07 00 |.g.l.'`.|........|
|00000620| 48 00 00 ff 00 00 00 00 | 00 00 00 00 00 00 00 00 |H.......|........|
|00000630| 60 be 15 50 40 00 8d be | eb bf ff ff 57 83 cd ff |`..P@...|....W...|
|00000640| eb 10 90 90 90 90 90 90 | 8a 06 46 88 07 47 01 db |........|..F..G..|
|00000650| 75 07 8b 1e 83 ee fc 11 | db 72 ed b8 01 00 00 00 |u.......|.r......|
|00000660| 01 db 75 07 8b 1e 83 ee | fc 11 db 11 c0 01 db 73 |..u.....|.......s|
|00000670| ef 75 09 8b 1e 83 ee fc | 11 db 73 e4 31 c9 83 e8 |.u......|..s.1...|
|00000680| 03 72 0d c1 e0 08 8a 06 | 46 83 f0 ff 74 74 89 c5 |.r......|F...tt..|
|00000690| 01 db 75 07 8b 1e 83 ee | fc 11 db 11 c9 01 db 75 |..u.....|.......u|
|000006a0| 07 8b 1e 83 ee fc 11 db | 11 c9 75 20 41 01 db 75 |........|..u A..u|
|000006b0| 07 8b 1e 83 ee fc 11 db | 11 c9 01 db 73 ef 75 09 |........|....s.u.|
|000006c0| 8b 1e 83 ee fc 11 db 73 | e4 83 c1 02 81 fd 00 f3 |.......s|........|
|000006d0| ff ff 83 d1 01 8d 14 2f | 83 fd fc 76 0f 8a 02 42 |......./|...v...B|
|000006e0| 88 07 47 49 75 f7 e9 63 | ff ff ff 90 8b 02 83 c2 |..GIu..c|........|
|000006f0| 04 89 07 83 c7 04 83 e9 | 04 77 f1 01 cf e9 4c ff |........|.w....L.|
|00000700| ff ff 5e 89 f7 b9 13 00 | 00 00 8a 07 47 2c e8 3c |..^.....|....G,.<|
|00000710| 01 77 f7 80 3f 00 75 f2 | 8b 07 8a 5f 04 66 c1 e8 |.w..?.u.|..._.f..|
|00000720| 08 c1 c0 10 86 c4 29 f8 | 80 eb e8 01 f0 89 07 83 |......).|........|
|00000730| c7 05 89 d8 e2 d9 8d be | 00 30 00 00 8b 07 09 c0 |........|.0......|
|00000740| 74 3c 8b 5f 04 8d 84 30 | 00 50 00 00 01 f3 50 83 |t<._...0|.P....P.|
|00000750| c7 08 ff 96 50 50 00 00 | 95 8a 07 47 08 c0 74 dc |....PP..|...G..t.|
|00000760| 89 f9 57 48 f2 ae 55 ff | 96 54 50 00 00 09 c0 74 |..WH..U.|.TP....t|
|00000770| 07 89 03 83 c3 04 eb e1 | ff 96 58 50 00 00 61 e9 |........|..XP..a.|
|00000780| 47 bc ff ff 00 00 00 00 | 00 00 00 00 00 00 00 00 |G.......|........|
|00000790| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000007f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000800| 00 00 00 00 00 00 00 00 | 00 00 00 00 70 60 00 00 |........|....p`..|
|00000810| 50 60 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |P`......|........|
|00000820| 7d 60 00 00 60 60 00 00 | 00 00 00 00 00 00 00 00 |}`..``..|........|
|00000830| 00 00 00 00 88 60 00 00 | 68 60 00 00 00 00 00 00 |.....`..|h`......|
|00000840| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000850| 94 60 00 00 a2 60 00 00 | b2 60 00 00 00 00 00 00 |.`...`..|.`......|
|00000860| c0 60 00 00 00 00 00 00 | c6 60 00 00 00 00 00 00 |.`......|.`......|
|00000870| 4b 45 52 4e 45 4c 33 32 | 2e 44 4c 4c 00 43 52 54 |KERNEL32|.DLL.CRT|
|00000880| 44 4c 4c 2e 44 4c 4c 00 | 53 48 45 4c 4c 33 32 2e |DLL.DLL.|SHELL32.|
|00000890| 44 4c 4c 00 00 00 4c 6f | 61 64 4c 69 62 72 61 72 |DLL...Lo|adLibrar|
|000008a0| 79 41 00 00 47 65 74 50 | 72 6f 63 41 64 64 72 65 |yA..GetP|rocAddre|
|000008b0| 73 73 00 00 45 78 69 74 | 50 72 6f 63 65 73 73 00 |ss..Exit|Process.|
|000008c0| 00 00 65 78 69 74 00 00 | 53 68 65 6c 6c 45 78 65 |..exit..|ShellExe|
|000008d0| 63 75 74 65 45 78 41 00 | 00 00 00 00 00 00 00 00 |cuteExA.|........|
|000008e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000008f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000900| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000910| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000920| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000930| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000940| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000950| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000960| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000970| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000980| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000990| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000a00| 00 00 00 00 20 00 00 00 | 00 00 00 00 20 00 00 00 |.... ...|.... ...|
|00000a10| 00 10 00 00 00 16 00 00 | 00 20 00 00 00 26 00 00 |........|. ...&..|
+--------+-------------------------+-------------------------+--------+--------+