API tools faq
paste
Advertisement
Guest User

"qicon changer.exe" v1.0 PEStudio analysis

a guest
Sep 17th, 2013
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 12.13 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <!--this document has been created with PeStudio Version 3.61-->
  3. <assembly name="qicon changer.exe">
  4. <characteristics>
  5. <image_size_in_bytes>1934848</image_size_in_bytes>
  6. <image_version>n/a</image_version>
  7. </characteristics>
  8. <today>
  9. <time>17/09/2013</time>
  10. <date>13:16:53</date>
  11. </today>
  12. <file_header>
  13. <image_signature>Windows Application</image_signature>
  14. <target_cpu>Intel 386 or later</target_cpu>
  15. <sections_number>10</sections_number>
  16. <creation_time>Tue Mar 13 17:04:34 2012
  17. </creation_time>
  18. <characteristics hexadecimal="0x0000818E">
  19. <relocations_stripped>No</relocations_stripped>
  20. <large_address_aware>No</large_address_aware>
  21. <executable>Yes</executable>
  22. <architecture_32bit>Yes</architecture_32bit>
  23. <uniprocessor_only>No</uniprocessor_only>
  24. <system_image>No</system_image>
  25. <dynamic_link_library>No</dynamic_link_library>
  26. <debug_stripped>No</debug_stripped>
  27. <copy_from_removable_media>No</copy_from_removable_media>
  28. <copy_from_network>No</copy_from_network>
  29. </characteristics>
  30. </file_header>
  31. <evidences>
  32. <entry_point_outside_code_section>No</entry_point_outside_code_section>
  33. <import_address_table_too_small>Yes</import_address_table_too_small>
  34. <image_imports_obsolete_functions>No</image_imports_obsolete_functions>
  35. <image_exports_obsolete_functions>No</image_exports_obsolete_functions>
  36. <image_contains_caves>Yes</image_contains_caves>
  37. <number_of_imported_symbols_too_small>Yes</number_of_imported_symbols_too_small>
  38. <image_checksum_empty>Yes</image_checksum_empty>
  39. <image_digitally_signed>No</image_digitally_signed>
  40. <image_bound>Yes</image_bound>
  41. <image_binds_libraries_dynamically>No</image_binds_libraries_dynamically>
  42. <image_uses_static_thread_local_storage>No</image_uses_static_thread_local_storage>
  43. <image_is_large_address_space_aware>No</image_is_large_address_space_aware>
  44. <image_creates_processes>No</image_creates_processes>
  45. <image_compressed_or_encrypted>No</image_compressed_or_encrypted>
  46. <number_of_sections_suspicious>No</number_of_sections_suspicious>
  47. <image_file_has_been_renamed>No</image_file_has_been_renamed>
  48. <image_has_non_standard_section_names>Yes</image_has_non_standard_section_names>
  49. <size_of_dos_stub_is_unusual>No</size_of_dos_stub_is_unusual>
  50. <unusual_resources_types>No</unusual_resources_types>
  51. <resources_bigger_than_code>No</resources_bigger_than_code>
  52. <image_is_a_com_server>No</image_is_a_com_server>
  53. <image_is_aslr_aware>No</image_is_aslr_aware>
  54. <image_is_dep_aware>No</image_is_dep_aware>
  55. </evidences>
  56. <sections count="10">
  57. <section>
  58. <name>.text</name>
  59. <virtual_size>1526536 (bytes)</virtual_size>
  60. <virtual_address>0x00001000</virtual_address>
  61. <size_of_raw_data>1526784 (bytes)</size_of_raw_data>
  62. <pointer_to_raw_data>0x00000400</pointer_to_raw_data>
  63. <cave_size>248 (bytes)</cave_size>
  64. <contains_initialized_data>No</contains_initialized_data>
  65. <contains_uninitialized_data>No</contains_uninitialized_data>
  66. <contains_extented_relocations>No</contains_extented_relocations>
  67. <can_be_discarded>No</can_be_discarded>
  68. <can_be_cached>No</can_be_cached>
  69. <can_be_paged>Yes</can_be_paged>
  70. <can_be_shared>No</can_be_shared>
  71. <can_be_executed>Yes</can_be_executed>
  72. <can_be_read>Yes</can_be_read>
  73. <can_be_written_to>No</can_be_written_to>
  74. </section>
  75. <section>
  76. <name>.itext</name>
  77. <virtual_size>4944 (bytes)</virtual_size>
  78. <virtual_address>0x00176000</virtual_address>
  79. <size_of_raw_data>5120 (bytes)</size_of_raw_data>
  80. <pointer_to_raw_data>0x00175000</pointer_to_raw_data>
  81. <cave_size>176 (bytes)</cave_size>
  82. <contains_initialized_data>No</contains_initialized_data>
  83. <contains_uninitialized_data>No</contains_uninitialized_data>
  84. <contains_extented_relocations>No</contains_extented_relocations>
  85. <can_be_discarded>No</can_be_discarded>
  86. <can_be_cached>No</can_be_cached>
  87. <can_be_paged>Yes</can_be_paged>
  88. <can_be_shared>No</can_be_shared>
  89. <can_be_executed>Yes</can_be_executed>
  90. <can_be_read>Yes</can_be_read>
  91. <can_be_written_to>No</can_be_written_to>
  92. </section>
  93. <section>
  94. <name>.data</name>
  95. <virtual_size>34124 (bytes)</virtual_size>
  96. <virtual_address>0x00178000</virtual_address>
  97. <size_of_raw_data>34304 (bytes)</size_of_raw_data>
  98. <pointer_to_raw_data>0x00176400</pointer_to_raw_data>
  99. <cave_size>180 (bytes)</cave_size>
  100. <contains_initialized_data>Yes</contains_initialized_data>
  101. <contains_uninitialized_data>No</contains_uninitialized_data>
  102. <contains_extented_relocations>No</contains_extented_relocations>
  103. <can_be_discarded>No</can_be_discarded>
  104. <can_be_cached>No</can_be_cached>
  105. <can_be_paged>Yes</can_be_paged>
  106. <can_be_shared>No</can_be_shared>
  107. <can_be_executed>No</can_be_executed>
  108. <can_be_read>Yes</can_be_read>
  109. <can_be_written_to>Yes</can_be_written_to>
  110. </section>
  111. <section>
  112. <name>.bss</name>
  113. <virtual_size>31328 (bytes)</virtual_size>
  114. <virtual_address>0x00181000</virtual_address>
  115. <size_of_raw_data>0 (bytes)</size_of_raw_data>
  116. <pointer_to_raw_data>0x0017EA00</pointer_to_raw_data>
  117. <cave_size>0 (bytes)</cave_size>
  118. <contains_initialized_data>No</contains_initialized_data>
  119. <contains_uninitialized_data>No</contains_uninitialized_data>
  120. <contains_extented_relocations>No</contains_extented_relocations>
  121. <can_be_discarded>No</can_be_discarded>
  122. <can_be_cached>No</can_be_cached>
  123. <can_be_paged>Yes</can_be_paged>
  124. <can_be_shared>No</can_be_shared>
  125. <can_be_executed>No</can_be_executed>
  126. <can_be_read>Yes</can_be_read>
  127. <can_be_written_to>Yes</can_be_written_to>
  128. </section>
  129. <section>
  130. <name>.idata</name>
  131. <virtual_size>13674 (bytes)</virtual_size>
  132. <virtual_address>0x00189000</virtual_address>
  133. <size_of_raw_data>13824 (bytes)</size_of_raw_data>
  134. <pointer_to_raw_data>0x0017EA00</pointer_to_raw_data>
  135. <cave_size>150 (bytes)</cave_size>
  136. <contains_initialized_data>Yes</contains_initialized_data>
  137. <contains_uninitialized_data>No</contains_uninitialized_data>
  138. <contains_extented_relocations>No</contains_extented_relocations>
  139. <can_be_discarded>No</can_be_discarded>
  140. <can_be_cached>No</can_be_cached>
  141. <can_be_paged>Yes</can_be_paged>
  142. <can_be_shared>No</can_be_shared>
  143. <can_be_executed>No</can_be_executed>
  144. <can_be_read>Yes</can_be_read>
  145. <can_be_written_to>Yes</can_be_written_to>
  146. </section>
  147. <section>
  148. <name>.didata</name>
  149. <virtual_size>928 (bytes)</virtual_size>
  150. <virtual_address>0x0018D000</virtual_address>
  151. <size_of_raw_data>1024 (bytes)</size_of_raw_data>
  152. <pointer_to_raw_data>0x00182000</pointer_to_raw_data>
  153. <cave_size>96 (bytes)</cave_size>
  154. <contains_initialized_data>Yes</contains_initialized_data>
  155. <contains_uninitialized_data>No</contains_uninitialized_data>
  156. <contains_extented_relocations>No</contains_extented_relocations>
  157. <can_be_discarded>No</can_be_discarded>
  158. <can_be_cached>No</can_be_cached>
  159. <can_be_paged>Yes</can_be_paged>
  160. <can_be_shared>No</can_be_shared>
  161. <can_be_executed>No</can_be_executed>
  162. <can_be_read>Yes</can_be_read>
  163. <can_be_written_to>Yes</can_be_written_to>
  164. </section>
  165. <section>
  166. <name>.tls</name>
  167. <virtual_size>60 (bytes)</virtual_size>
  168. <virtual_address>0x0018E000</virtual_address>
  169. <size_of_raw_data>0 (bytes)</size_of_raw_data>
  170. <pointer_to_raw_data>0x00182400</pointer_to_raw_data>
  171. <cave_size>0 (bytes)</cave_size>
  172. <contains_initialized_data>No</contains_initialized_data>
  173. <contains_uninitialized_data>No</contains_uninitialized_data>
  174. <contains_extented_relocations>No</contains_extented_relocations>
  175. <can_be_discarded>No</can_be_discarded>
  176. <can_be_cached>No</can_be_cached>
  177. <can_be_paged>Yes</can_be_paged>
  178. <can_be_shared>No</can_be_shared>
  179. <can_be_executed>No</can_be_executed>
  180. <can_be_read>Yes</can_be_read>
  181. <can_be_written_to>Yes</can_be_written_to>
  182. </section>
  183. <section>
  184. <name>.rdata</name>
  185. <virtual_size>24 (bytes)</virtual_size>
  186. <virtual_address>0x0018F000</virtual_address>
  187. <size_of_raw_data>512 (bytes)</size_of_raw_data>
  188. <pointer_to_raw_data>0x00182400</pointer_to_raw_data>
  189. <cave_size>488 (bytes)</cave_size>
  190. <contains_initialized_data>Yes</contains_initialized_data>
  191. <contains_uninitialized_data>No</contains_uninitialized_data>
  192. <contains_extented_relocations>No</contains_extented_relocations>
  193. <can_be_discarded>No</can_be_discarded>
  194. <can_be_cached>No</can_be_cached>
  195. <can_be_paged>Yes</can_be_paged>
  196. <can_be_shared>No</can_be_shared>
  197. <can_be_executed>No</can_be_executed>
  198. <can_be_read>Yes</can_be_read>
  199. <can_be_written_to>No</can_be_written_to>
  200. </section>
  201. <section>
  202. <name>.reloc</name>
  203. <virtual_size>107184 (bytes)</virtual_size>
  204. <virtual_address>0x00190000</virtual_address>
  205. <size_of_raw_data>107520 (bytes)</size_of_raw_data>
  206. <pointer_to_raw_data>0x00182600</pointer_to_raw_data>
  207. <cave_size>336 (bytes)</cave_size>
  208. <contains_initialized_data>Yes</contains_initialized_data>
  209. <contains_uninitialized_data>No</contains_uninitialized_data>
  210. <contains_extented_relocations>No</contains_extented_relocations>
  211. <can_be_discarded>Yes</can_be_discarded>
  212. <can_be_cached>No</can_be_cached>
  213. <can_be_paged>Yes</can_be_paged>
  214. <can_be_shared>No</can_be_shared>
  215. <can_be_executed>No</can_be_executed>
  216. <can_be_read>Yes</can_be_read>
  217. <can_be_written_to>No</can_be_written_to>
  218. </section>
  219. <section>
  220. <name>.rsrc</name>
  221. <virtual_size>244736 (bytes)</virtual_size>
  222. <virtual_address>0x001AB000</virtual_address>
  223. <size_of_raw_data>244736 (bytes)</size_of_raw_data>
  224. <pointer_to_raw_data>0x0019CA00</pointer_to_raw_data>
  225. <cave_size>0 (bytes)</cave_size>
  226. <contains_initialized_data>Yes</contains_initialized_data>
  227. <contains_uninitialized_data>No</contains_uninitialized_data>
  228. <contains_extented_relocations>No</contains_extented_relocations>
  229. <can_be_discarded>No</can_be_discarded>
  230. <can_be_cached>No</can_be_cached>
  231. <can_be_paged>Yes</can_be_paged>
  232. <can_be_shared>No</can_be_shared>
  233. <can_be_executed>No</can_be_executed>
  234. <can_be_read>Yes</can_be_read>
  235. <can_be_written_to>No</can_be_written_to>
  236. </section>
  237. </sections>
  238. <directories>
  239. <directory>
  240. <name>import_libraries</name>
  241. <section>.idata</section>
  242. <virtual_addresss>0x189000</virtual_addresss>
  243. <size>13674 (bytes)</size>
  244. <is_valid>Yes</is_valid>
  245. </directory>
  246. <directory>
  247. <name>resources</name>
  248. <section>.rsrc</section>
  249. <virtual_addresss>0x1AB000</virtual_addresss>
  250. <size>244736 (bytes)</size>
  251. <is_valid>Yes</is_valid>
  252. </directory>
  253. <directory>
  254. <name>relocations</name>
  255. <section>.reloc</section>
  256. <virtual_addresss>0x190000</virtual_addresss>
  257. <size>107184 (bytes)</size>
  258. <is_valid>Yes</is_valid>
  259. </directory>
  260. <directory>
  261. <name>thread_local_storage</name>
  262. <section>.rdata</section>
  263. <virtual_addresss>0x18F000</virtual_addresss>
  264. <size>24 (bytes)</size>
  265. <is_valid>Yes</is_valid>
  266. </directory>
  267. <directory>
  268. <name>import_address_table</name>
  269. <section>.idata</section>
  270. <virtual_addresss>0x1899CC</virtual_addresss>
  271. <size>2108 (bytes)</size>
  272. <is_valid>Yes</is_valid>
  273. </directory>
  274. <directory>
  275. <name>delay_loaded_imports</name>
  276. <section>.didata</section>
  277. <virtual_addresss>0x18D000</virtual_addresss>
  278. <size>928 (bytes)</size>
  279. <is_valid>Yes</is_valid>
  280. </directory>
  281. </directories>
  282. <libraries count="0"/>
  283. <debuggers>
  284. <debugger>n/a</debugger>
  285. </debuggers>
  286. <imported_symbols count="0">
  287. <symbol>n/a</symbol>
  288. <symbol>n/a</symbol>
  289. <symbol>n/a</symbol>
  290. </imported_symbols>
  291. <exported_symbols count="0">
  292. <symbol>n/a</symbol>
  293. </exported_symbols>
  294. <manifest>
  295. <assemblies count="1">
  296. <assembly>
  297. <name>Microsoft.Windows.Common-Controls</name>
  298. <version>win32</version>
  299. <version>6.0.0.0</version>
  300. <token>6595b64144ccf1df</token>
  301. <language>*</language>
  302. </assembly>
  303. </assemblies>
  304. </manifest>
  305. <resources count="8">
  306. <resource>
  307. <name>Cursor</name>
  308. <size_in_bytes>308</size_in_bytes>
  309. <instances>7</instances>
  310. </resource>
  311. <resource>
  312. <name>Bitmap</name>
  313. <size_in_bytes>464</size_in_bytes>
  314. <instances>120</instances>
  315. </resource>
  316. <resource>
  317. <name>Icon</name>
  318. <size_in_bytes>1128</size_in_bytes>
  319. <instances>7</instances>
  320. </resource>
  321. <resource>
  322. <name>String Table</name>
  323. <size_in_bytes>1152</size_in_bytes>
  324. <instances>19</instances>
  325. </resource>
  326. <resource>
  327. <name>Binary</name>
  328. <size_in_bytes>16</size_in_bytes>
  329. <instances>4</instances>
  330. </resource>
  331. <resource>
  332. <name>Cursor Group</name>
  333. <size_in_bytes>20</size_in_bytes>
  334. <instances>7</instances>
  335. </resource>
  336. <resource>
  337. <name>Icon Group</name>
  338. <size_in_bytes>104</size_in_bytes>
  339. <instances>1</instances>
  340. </resource>
  341. <resource>
  342. <name>Manifest</name>
  343. <size_in_bytes>850</size_in_bytes>
  344. <instances>1</instances>
  345. </resource>
  346. </resources>
  347. </assembly>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!