Skip to content

Instantly share code, notes, and snippets.

@msm-code

msm-code/kkk

Created May 30, 2017 11:13
Show Gist options
  • Save msm-code/4a51af1a349a24135a6d9b5b13a4e3a2 to your computer and use it in GitHub Desktop.
Save msm-code/4a51af1a349a24135a6d9b5b13a4e3a2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kkk
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x7EA
0x4 0x4 e_cp: 0xC000
0x6 0x6 e_crlc: 0x8C07
0x8 0x8 e_cparhdr: 0x8EC8
0xA 0xA e_minalloc: 0x8ED8
0xC 0xC e_maxalloc: 0x8EC0
0xE 0xE e_ss: 0x31D0
0x10 0x10 e_sp: 0xFBE4
0x12 0x12 e_csum: 0xBEFC
0x14 0x14 e_ip: 0x40
0x16 0x16 e_cs: 0x20AC
0x18 0x18 e_lfarlc: 0x74C0
0x1A 0x1A e_ovno: 0xB409
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0xC031
0x26 0x26 e_oeminfo: 0x16CD
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0x82
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0x82 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0x86 0x0 Machine: 0x8664
0x88 0x2 NumberOfSections: 0x4
0x8A 0x4 TimeDateStamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC]
0x8E 0x8 PointerToSymbolTable: 0x0
0x92 0xC NumberOfSymbols: 0x1
0x96 0x10 SizeOfOptionalHeader: 0xA0
0x98 0x12 Characteristics: 0x206
Flags: IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_DEBUG_STRIPPED, IMAGE_FILE_LINE_NUMS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER64]
0x9A 0x0 Magic: 0x20B
0x9C 0x2 MajorLinkerVersion: 0x2
0x9D 0x3 MinorLinkerVersion: 0x14
0x9E 0x4 SizeOfCode: 0x6C21B0
0xA2 0x8 SizeOfInitializedData: 0x0
0xA6 0xC SizeOfUninitializedData: 0xF69C50
0xAA 0x10 AddressOfEntryPoint: 0x4810
0xAE 0x14 BaseOfCode: 0x200
0xB2 0x18 ImageBase: 0x0
0xBA 0x20 SectionAlignment: 0x20
0xBE 0x24 FileAlignment: 0x20
0xC2 0x28 MajorOperatingSystemVersion: 0x0
0xC4 0x2A MinorOperatingSystemVersion: 0x0
0xC6 0x2C MajorImageVersion: 0x0
0xC8 0x2E MinorImageVersion: 0x0
0xCA 0x30 MajorSubsystemVersion: 0x0
0xCC 0x32 MinorSubsystemVersion: 0x0
0xCE 0x34 Reserved1: 0x0
0xD2 0x38 SizeOfImage: 0x162C000
0xD6 0x3C SizeOfHeaders: 0x200
0xDA 0x40 CheckSum: 0x0
0xDE 0x44 Subsystem: 0xA
0xE0 0x46 DllCharacteristics: 0x0
0xE2 0x48 SizeOfStackReserve: 0x0
0xEA 0x50 SizeOfStackCommit: 0x0
0xF2 0x58 SizeOfHeapReserve: 0x0
0xFA 0x60 SizeOfHeapCommit: 0x0
0x102 0x68 LoaderFlags: 0x0
0x106 0x6C NumberOfRvaAndSizes: 0x6
DllCharacteristics:
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x13A 0x0 Name: .setup
0x142 0x8 Misc: 0x43E0
0x142 0x8 Misc_PhysicalAddress: 0x43E0
0x142 0x8 Misc_VirtualSize: 0x43E0
0x146 0xC VirtualAddress: 0x200
0x14A 0x10 SizeOfRawData: 0x43E0
0x14E 0x14 PointerToRawData: 0x200
0x152 0x18 PointerToRelocations: 0x0
0x156 0x1C PointerToLinenumbers: 0x0
0x15A 0x20 NumberOfRelocations: 0x0
0x15C 0x22 NumberOfLinenumbers: 0x0
0x15E 0x24 Characteristics: 0x60500020
Flags: IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
Entropy: 6.179880 (Min=0.0, Max=8.0)
MD5 hash: eb81d84d14af30863829f116203e0462
SHA-1 hash: 571ea9b1be536b3e530d6017d38541c2ddbe6df9
SHA-256 hash: c8e807d165929b1e99dd185af897e86d5e08e1944e46b9fac66e7663357cf87f
SHA-512 hash: 41d21b5cc637614ed02311d57b614f602006eb8c8bfb476d74c749e74130ddb3ec6436d1c755735e1b15b24685b497ca45b63977200b224b027b69083a098f03
[IMAGE_SECTION_HEADER]
0x162 0x0 Name: .reloc
0x16A 0x8 Misc: 0x20
0x16A 0x8 Misc_PhysicalAddress: 0x20
0x16A 0x8 Misc_VirtualSize: 0x20
0x16E 0xC VirtualAddress: 0x45E0
0x172 0x10 SizeOfRawData: 0x20
0x176 0x14 PointerToRawData: 0x45E0
0x17A 0x18 PointerToRelocations: 0x0
0x17E 0x1C PointerToLinenumbers: 0x0
0x182 0x20 NumberOfRelocations: 0x0
0x184 0x22 NumberOfLinenumbers: 0x0
0x186 0x24 Characteristics: 0x42100040
Flags: IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
Entropy: 0.597455 (Min=0.0, Max=8.0)
MD5 hash: e28090232bba7df12fedf4446882bb12
SHA-1 hash: 7d2841f9034b162ed09bff271cd67ff6ac620a3b
SHA-256 hash: 53fb7c2d6c7e6ac75066c81b707bec5ca44794abae5e2279bdd7e1cddad57a92
SHA-512 hash: af56df824b05ef6e8da02506a3fab86ed6684d2adacd5592676fcfdc1a55248420a35a8be1318941596e4755968f03f387787b3c7f48b90a6c7164c719e253db
[IMAGE_SECTION_HEADER]
0x18A 0x0 Name: .text
0x192 0x8 Misc: 0x6BDDB0
0x192 0x8 Misc_PhysicalAddress: 0x6BDDB0
0x192 0x8 Misc_VirtualSize: 0x6BDDB0
0x196 0xC VirtualAddress: 0x4600
0x19A 0x10 SizeOfRawData: 0x6BDDB0
0x19E 0x14 PointerToRawData: 0x4600
0x1A2 0x18 PointerToRelocations: 0x0
0x1A6 0x1C PointerToLinenumbers: 0x0
0x1AA 0x20 NumberOfRelocations: 0x0
0x1AC 0x22 NumberOfLinenumbers: 0x0
0x1AE 0x24 Characteristics: 0x60500020
Flags: IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
Entropy: 7.996385 (Min=0.0, Max=8.0)
MD5 hash: 26c8e9e9c8c5e802e296ae90f9f2369a
SHA-1 hash: 2883c7097b87e58df79065bec112126fb84436cc
SHA-256 hash: 26694f2d2ec342092c9d073be5705580d58906eb04b24bb994157ef2218c4a7a
SHA-512 hash: 71596e06e8524141e1dc01eed0118f7720767ef209042a007f99735790f81c1e5c28c679ca484f1b21e634f9866c054bdf7789440e7e6f1fd2e3a1bc9b7e43e2
[IMAGE_SECTION_HEADER]
0x1B2 0x0 Name: .bss
0x1BA 0x8 Misc: 0xF69C50
0x1BA 0x8 Misc_PhysicalAddress: 0xF69C50
0x1BA 0x8 Misc_VirtualSize: 0xF69C50
0x1BE 0xC VirtualAddress: 0x6C23B0
0x1C2 0x10 SizeOfRawData: 0x0
0x1C6 0x14 PointerToRawData: 0x0
0x1CA 0x18 PointerToRelocations: 0x0
0x1CE 0x1C PointerToLinenumbers: 0x0
0x1D2 0x20 NumberOfRelocations: 0x0
0x1D4 0x22 NumberOfLinenumbers: 0x0
0x1D6 0x24 Characteristics: 0xC8000080
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
Entropy: 0.000000 (Min=0.0, Max=8.0)
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x10A 0x0 VirtualAddress: 0x0
0x10E 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x112 0x0 VirtualAddress: 0x0
0x116 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x11A 0x0 VirtualAddress: 0x0
0x11E 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x122 0x0 VirtualAddress: 0x0
0x126 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x12A 0x0 VirtualAddress: 0x0
0x12E 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x132 0x0 VirtualAddress: 0x0
0x136 0x4 Size: 0x0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment