| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | EncryptedRegView_2.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | babaa99e455ec6f316f3a465950d861d2e32c350 |
| MD5: | 3929a985d6f89ccc7bd01152739ea70a |
| First Seen Date: | 2017-03-04 13:05:23.454096 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2017-03-04 13:05:23.454096 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 4 |
| compilation time stamp | 0x58B9DFE9 [Fri Mar 3 21:28:09 2017 UTC] |
| LegalCopyright | Copyright \xa9 2016 -2017 Nir Sofer |
| InternalName | EncryptedRegView |
| FileVersion | 1.01 |
| CompanyName | NirSoft |
| ProductName | EncryptedRegView |
| ProductVersion | 1.01 |
| FileDescription | EncryptedRegView |
| OriginalFilename | EncryptedRegView.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x40f4a8 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 114896 |
| sha256 | c9e1ec582d2c138eb9868ba7d73a38c4281e8b1b70de3d5fd2550bbdec705ac9 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xe8ee | 0xea00 | 6.340328 | - |
| .rdata | 0x10000 | 0x3330 | 0x3400 | 4.885652 | - |
| .data | 0x14000 | 0x1954 | 0x400 | 3.119491 | - |
| .rsrc | 0x16000 | 0x6ae8 | 0x6c00 | 4.981394 | - |
-
msvcrt.dll
- _controlfp
- _except_handler3
- __set_app_type
- __p__fmode
- _wcmdln
- exit
- _cexit
- _XcptFilter
- _exit
- _c_exit
- __p__commode
- __dllonexit
- _wcslwr
- strlen
- qsort
- _purecall
- _itow
- _wcsnicmp
- malloc
- _adjust_fdiv
- __setusermatherr
- _initterm
- __wgetmainargs
- _onexit
- wcscmp
- free
- _memicmp
- wcschr
- modf
- wcstoul
- wcsrchr
- _wcsicmp
- ??2@YAPAXI@Z
- ??3@YAXPAX@Z
- wcslen
- memcmp
- memcpy
- _ultow
- wcscpy
- memset
- wcscat
- _snwprintf
- wcsncat
-
COMCTL32.dll
- None
- ImageList_Add
- ImageList_AddMasked
- ImageList_SetImageCount
- CreateStatusWindowW
- CreateToolbarEx
- ImageList_ReplaceIcon
- ImageList_Create
-
VERSION.dll
- VerQueryValueW
- GetFileVersionInfoSizeW
- GetFileVersionInfoW
-
CRYPT32.dll
- CryptUnprotectData
-
KERNEL32.dll
- GetModuleHandleA
- EnumResourceTypesW
- OpenProcess
- GetStartupInfoW
- EnumResourceNamesW
- WritePrivateProfileStringW
- GetPrivateProfileIntW
- GetPrivateProfileStringW
- GetStdHandle
- SetErrorMode
- ReadProcessMemory
- GetCurrentProcessId
- DeleteFileW
- GetTickCount
- FreeLibrary
- LoadLibraryW
- GetProcAddress
- GetLastError
- LocalAlloc
- GetFileSize
- CloseHandle
- LocalFree
- GetModuleHandleW
- GetDriveTypeW
- GetLogicalDrives
- CompareFileTime
- CreateThread
- GetWindowsDirectoryW
- FindResourceW
- WriteFile
- ReadFile
- LoadResource
- GetModuleFileNameW
- CreateFileW
- LockResource
- LoadLibraryExW
- MultiByteToWideChar
- GlobalAlloc
- lstrlenW
- GetSystemDirectoryW
- lstrcpyW
- WideCharToMultiByte
- GlobalUnlock
- GetTempPathW
- GetCurrentProcess
- GetTempFileNameW
- SizeofResource
- GlobalLock
- FindNextFileW
- FindFirstFileW
- FormatMessageW
- GetVersionExW
- FindClose
- GetFileAttributesW
- ExitProcess
-
USER32.dll
- LoadMenuW
- ReleaseCapture
- FillRect
- SetCapture
- GetFocus
- DrawTextExW
- TranslateMessage
- IsDialogMessageW
- ChildWindowFromPoint
- LoadCursorW
- GetMessageW
- GetSysColorBrush
- ShowWindow
- SendMessageW
- SetDlgItemTextW
- GetDlgItemTextW
- InvalidateRect
- GetSystemMetrics
- GetWindowRect
- GetWindowPlacement
- DeferWindowPos
- GetDlgItemInt
- SetDlgItemInt
- GetWindow
- CreateWindowExW
- BeginPaint
- GetClientRect
- EndPaint
- DrawFrameControl
- SendDlgItemMessageW
- EndDialog
- SetWindowLongW
- SetWindowTextW
- GetDlgItem
- UpdateWindow
- RegisterClassW
- PostMessageW
- MessageBoxW
- TranslateAcceleratorW
- SetMenu
- SetWindowPos
- LoadAcceleratorsW
- DefWindowProcW
- LoadImageW
- LoadIconW
- GetSysColor
- GetWindowLongW
- EndDeferWindowPos
- BeginDeferWindowPos
- SetFocus
- GetParent
- GetMenu
- GetSubMenu
- GetDC
- EmptyClipboard
- EnableMenuItem
- ReleaseDC
- MoveWindow
- GetClassNameW
- OpenClipboard
- CheckMenuItem
- GetMenuStringW
- GetMenuItemCount
- ScreenToClient
- SetClipboardData
- EnableWindow
- MapWindowPoints
- GetCursorPos
- CloseClipboard
- SetCursor
- ModifyMenuW
- GetMenuItemInfoW
- GetDlgCtrlID
- DestroyMenu
- DialogBoxParamW
- CreateDialogParamW
- EnumChildWindows
- LoadStringW
- GetDesktopWindow
- DestroyWindow
- GetWindowTextW
- GetKeyState
- DispatchMessageW
- RegisterWindowMessageW
- TrackPopupMenu
- PostQuitMessage
- CallWindowProcW
-
GDI32.dll
- GetTextExtentPoint32W
- GetStockObject
- SetBkColor
- GetDeviceCaps
- PatBlt
- CreateSolidBrush
- DeleteDC
- GetPixel
- SetPixel
- SelectObject
- CreateCompatibleDC
- GetObjectW
- SetTextColor
- CreateFontIndirectW
- SetBkMode
- DeleteObject
-
comdlg32.dll
- FindTextW
- GetSaveFileNameW
-
ADVAPI32.dll
- RegEnumValueW
- RegCloseKey
- GetTokenInformation
- OpenProcessToken
- RegOpenKeyExW
- RegEnumKeyExW
- RegQueryValueExW
-
SHELL32.dll
- ShellExecuteW
- ShellExecuteExW
- SHGetFileInfoW
RT_CURSOR
RT_BITMAP
RT_ICON
RT_MENU
RT_DIALOG
RT_STRING
RT_ACCELERATOR
RT_GROUP_CURSOR
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST