File Type Description :	Portable Executable (PE)
Entry Point RVA: 	0001BFE0h
Entry Point RAW: 	0001B3E0h

FILE CHARACTERISTICS : 
		Relocation info stripped from file
		File is executable  (i.e. no unresolved external references)
		LARGE_ADDRESS_AWARE (can handle >2Gb Addresses)
FILE HEADER :

	Machine:                      	8664h (AMD64 (K8))
	Number of Sections:           	0004h
	Time Date Stamp:              	45D6923Ch  -> 17/02/2007  08:27:24  
	Symbols Pointer:              	00000000h
	Number Of Symbols:            	00000000h
	Size Of Optional Header:      	00F0h
	Flags:                        	0023h

OPTIONAL HEADER :
	Magic                         	020Bh ( PE32+ : 64-bit ready ) 
	Linker version                	8.00
	Size of code                  	0002A400h
	Size of initialized data      	00013400h
	Size of uninitialized data    	00000000h
	Address of Entry Point (RVA)  	0001BFE0h
	Base of code                  	00001000h
	Image base                    	0000000100000000h
	Section Alignment             	00001000h
	File Alignment                	00000200h
	Required OS version           	5.02
	Image version                 	5.02
	Subsystem version             	5.02
	Reserved1                     	0
	Size of image                 	00041000h ( 266240 bytes)
	Size of headers               	00000400h
	Checksum                      	00048658h
	Subsystem                     	0002h (Image runs in the Windows GUI subsystem)
	DLL Characteristics           	8000h
	                              	Image is Terminal Server aware
	Size of Stack Reserve         	0000000000080000h
	Size of Stack Commit          	0000000000002000h
	Size of Heap Reserve          	0000000000100000h
	Size of Heap Commit           	0000000000001000h
	loader flags                  	00000000h (obsolete)
	Number of Data Directory      	00000010h

DATA DIRECTORY (Virtual Address and Size)
	Export Directory  	rva: 00000000h  	size: 00000000h
	Import Directory  	rva: 000293A8h  	size: 000000DCh
	Resource Directory  	rva: 00035000h  	size: 0000B980h
	Exception table  	rva: 00032000h  	size: 0000204Ch
	Security table  	rva: 00000000h  	size: 00000000h
	Base Relocation table  	rva: 00000000h  	size: 00000000h
	Debug Directory  	rva: 00001980h  	size: 0000001Ch
	Architecture Specific Data  	rva: 00000000h  	size: 00000000h
	Global Pointer  	rva: 00000000h  	size: 00000000h
	TLS Directory  	rva: 00000000h  	size: 00000000h
	Load config table  	rva: 00000000h  	size: 00000000h
	Bound Import table  	rva: 00000000h  	size: 00000000h
	Import Address Table  	rva: 00001000h  	size: 00000980h
	Delay import descriptor  	rva: 0002908Ch  	size: 000000C0h
	COM descriptor  	rva: 00000000h  	size: 00000000h
	unused        	rva: 00000000h  	size: 00000000h

SECTION TABLE
01 .text     
	VirtSize: 	0002A28Ah  VirtAddr:      	00001000h
	raw data offs:   	00000400h  raw data size: 	0002A400h
	relocation offs: 	00000000h  relocations:   	00000000h
	line # offs:     	00000000h  line #'s:      	00000000h
	characteristics: 	60000020h
	CODE  EXECUTE  READ  ALIGN_DEFAULT(16)  
02 .data     
	VirtSize: 	00005678h  VirtAddr:      	0002C000h
	raw data offs:   	0002A800h  raw data size: 	00001A00h
	relocation offs: 	00000000h  relocations:   	00000000h
	line # offs:     	00000000h  line #'s:      	00000000h
	characteristics: 	C0000040h
	INITIALIZED_DATA  READ  WRITE  ALIGN_DEFAULT(16)  
03 .pdata    
	VirtSize: 	0000204Ch  VirtAddr:      	00032000h
	raw data offs:   	0002C200h  raw data size: 	00002200h
	relocation offs: 	00000000h  relocations:   	00000000h
	line # offs:     	00000000h  line #'s:      	00000000h
	characteristics: 	40000040h
	INITIALIZED_DATA  READ  ALIGN_DEFAULT(16)  
04 .rsrc     
	VirtSize: 	0000B980h  VirtAddr:      	00035000h
	raw data offs:   	0002E400h  raw data size: 	0000BA00h
	relocation offs: 	00000000h  relocations:   	00000000h
	line # offs:     	00000000h  line #'s:      	00000000h
	characteristics: 	40000040h
	INITIALIZED_DATA  READ  ALIGN_DEFAULT(16)  

IMPORTS TABLE:
   ADVAPI32.dll
	Import Lookup Table RVA:  	00029488h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	00029E6Ch
	Import Address Table RVA: 	00001000h
	First thunk RVA: 	00001000h
	Ordn  	Name
	-----	-----
	 466 	RegCreateKeyExW
	 517 	RegSetValueExW
	 459 	RegCloseKey
	 493 	RegOpenKeyExW
	 504 	RegQueryValueExW
	 320 	IsValidSid
	  28 	AdjustTokenPrivileges
	 433 	OpenThreadToken
	 336 	LookupPrivilegeValueW
	 428 	OpenProcessToken
	 492 	RegOpenKeyExA
	 503 	RegQueryValueExA

   KERNEL32.dll
	Import Lookup Table RVA:  	000295D8h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002A57Eh
	Import Address Table RVA: 	00001150h
	First thunk RVA: 	00001150h
	Ordn  	Name
	-----	-----
	 642 	OpenProcess
	 575 	IsWow64Process
	 407 	GetPriorityClass
	 419 	GetProcessAffinityMask
	 825 	SetProcessAffinityMask
	 972 	lstrcmpW
	 797 	SetEvent
	  83 	CreateEventW
	 861 	Sleep
	 282 	GetComputerNameW
	 251 	FreeLibrary
	 590 	LoadLibraryA
	 671 	QueryPerformanceCounter
	 460 	GetSystemTimeAsFileTime
	 885 	UnhandledExceptionFilter
	 849 	SetUnhandledExceptionFilter
	 734 	RtlVirtualUnwind
	 727 	RtlLookupFunctionEntry
	 720 	RtlCaptureContext
	 491 	GetVersionExA
	 442 	GetStartupInfoW
	 188 	ExitProcess
	 385 	GetModuleHandleA
	 939 	WriteFile
	 443 	GetStdHandle
	 383 	GetModuleFileNameA
	 733 	RtlUnwindEx
	 384 	GetModuleFileNameW
	 249 	FreeEnvironmentStringsA
	 344 	GetEnvironmentStrings
	 250 	FreeEnvironmentStringsW
	 346 	GetEnvironmentStringsW
	 275 	GetCommandLineA
	 276 	GetCommandLineW
	 811 	SetHandleCount
	 361 	GetFileType
	 441 	GetStartupInfoA
	  54 	CloseHandle
	 874 	TlsAlloc
	 815 	SetLastError
	 328 	GetCurrentThread
	 875 	TlsFree
	 877 	TlsSetValue
	 625 	MultiByteToWideChar
	 541 	HeapSetInformation
	 532 	HeapCreate
	 589 	LeaveCriticalSection
	 155 	EnterCriticalSection
	 549 	InitializeCriticalSection
	 256 	GetACP
	 405 	GetOEMCP
	 263 	GetCPInfo
	 803 	SetFilePointer
	 444 	GetStringTypeA
	 923 	WideCharToMultiByte
	 447 	GetStringTypeW
	 374 	GetLocaleInfoA
	 576 	LCMapStringA
	 577 	LCMapStringW
	 830 	SetStdHandle
	 909 	VirtualProtect
	 904 	VirtualAlloc
	 455 	GetSystemInfo
	 911 	VirtualQuery
	 241 	FlushFileBuffers
	 388 	GetModuleHandleW
	 562 	IsBadWritePtr
	 113 	CreateThread
	 418 	GetProcAddress
	 593 	LoadLibraryW
	 324 	GetCurrentDirectoryW
	 325 	GetCurrentProcess
	 869 	TerminateProcess
	 975 	lstrcmpiW
	 401 	GetNumberFormatW
	 481 	GetTickCount
	 984 	lstrlenW
	 542 	HeapSize
	 540 	HeapReAlloc
	 247 	FormatMessageW
	 827 	SetProcessShutdownParameters
	 702 	ReleaseMutex
	 326 	GetCurrentProcessId
	 662 	ProcessIdToSessionId
	 371 	GetLastError
	 100 	CreateMutexW
	 824 	SetPriorityClass
	 492 	GetVersionExW
	 919 	WaitForSingleObject
	 375 	GetLocaleInfoW
	 108 	CreateProcessW
	 876 	TlsGetValue
	 192 	ExpandEnvironmentStringsW
	 130 	DelayLoadFailureHook
	 329 	GetCurrentThreadId
	 536 	HeapFree
	 421 	GetProcessHeap
	 530 	HeapAlloc
	 600 	LocalFree
	 596 	LocalAlloc
	 132 	DeleteCriticalSection
	 141 	DeviceIoControl

   ntdll.dll
	Import Lookup Table RVA:  	00029DC0h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002A620h
	Import Address Table RVA: 	00001938h
	First thunk RVA: 	00001938h
	Ordn  	Name
	-----	-----
	 876 	RtlTimeToElapsedTimeFields
	 302 	NtQuerySystemInformation
	 380 	NtShutdownSystem
	 767 	RtlNtStatusToDosError
	 241 	NtOpenFile
	 216 	NtInitiatePowerAction
	 259 	NtPowerInformation
	 681 	RtlInitUnicodeString

   GDI32.dll
	Import Lookup Table RVA:  	00029528h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002A782h
	Import Address Table RVA: 	000010A0h
	First thunk RVA: 	000010A0h
	Ordn  	Name
	-----	-----
	  61 	CreateFontIndirectW
	 344 	GetCharWidth32W
	  44 	CreateCompatibleBitmap
	 140 	DeleteDC
	  45 	CreateCompatibleDC
	 573 	SetTextColor
	 535 	SetBkMode
	 503 	Rectangle
	 408 	GetObjectW
	 357 	GetCurrentObject
	  18 	BitBlt
	 462 	LineTo
	 466 	MoveToEx
	 527 	SelectObject
	 143 	DeleteObject
	 422 	GetStockObject
	  71 	CreatePen
	  80 	CreateSolidBrush
	  75 	CreateRectRgn
	 364 	GetDeviceCaps
	 438 	GetTextExtentPoint32W

   USER32.dll
	Import Lookup Table RVA:  	00029988h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B01Ch
	Import Address Table RVA: 	00001500h
	First thunk RVA: 	00001500h
	Ordn  	Name
	-----	-----
	 521 	PostThreadMessageW
	 376 	GetWindowRect
	 273 	GetDialogBaseUnits
	 355 	GetThreadDesktop
	 351 	GetSystemMetrics
	 348 	GetSysColor
	 450 	LoadIconW
	 639 	SetTimer
	 194 	EnableMenuItem
	 178 	DrawEdge
	 425 	IsIconic
	  13 	BeginPaint
	 200 	EndPaint
	 311 	GetMenuItemInfoW
	 346 	GetShellWindow
	 665 	ShowWindow
	  12 	BeginDeferWindowPos
	 144 	DeferWindowPos
	 197 	EndDeferWindowPos
	 452 	LoadImageW
	 150 	DestroyIcon
	 308 	GetMenuItemCount
	 558 	RemoveMenu
	 151 	DestroyMenu
	 460 	LoadMenuW
	 616 	SetMenuItemInfoW
	 225 	ExitWindowsEx
	 242 	GetAsyncKeyState
	 467 	LockWorkStation
	 272 	GetDesktopWindow
	 153 	DestroyWindow
	 440 	KillTimer
	 508 	OpenIcon
	 604 	SetForegroundWindow
	 438 	IsZoomed
	 347 	GetSubMenu
	 647 	SetWindowLongPtrW
	 495 	MoveWindow
	 481 	MessageBeep
	 519 	PostQuitMessage
	 442 	LoadAcceleratorsW
	 555 	RegisterWindowMessageW
	 230 	FindWindowW
	 383 	GetWindowThreadProcessId
	   5 	AllowSetForegroundWindow
	 578 	SendMessageTimeoutW
	 489 	MessageBoxW
	  86 	CreateDialogParamW
	 320 	GetMessageW
	 687 	TranslateAcceleratorW
	 421 	IsDialogMessageW
	 689 	TranslateMessage
	 162 	DispatchMessageW
	 226 	FillRect
	  97 	CreateWindowExW
	 191 	DrawTextW
	 406 	InvalidateRect
	 707 	UpdateWindow
	 370 	GetWindowLongPtrW
	 274 	GetDlgCtrlID
	 603 	SetFocus
	  56 	CheckDlgButton
	 422 	IsDlgButtonChecked
	 198 	EndDialog
	 159 	DialogBoxParamW
	 627 	SetScrollInfo
	 343 	GetScrollInfo
	 628 	SetScrollPos
	 283 	GetGuiResources
	 432 	IsWindow
	 196 	EnableWindow
	 684 	TrackPopupMenuEx
	 382 	GetWindowTextW
	 280 	GetFocus
	 612 	SetMenuDefaultItem
	 221 	EnumWindowStationsW
	 424 	IsHungAppWindow
	 252 	GetClassLongPtrW
	 511 	OpenWindowStationW
	 330 	GetProcessWindowStation
	 621 	SetProcessWindowStation
	  69 	CloseWindowStation
	 207 	EnumDesktopsW
	 507 	OpenDesktopW
	 638 	SetThreadDesktop
	  67 	CloseDesktop
	 222 	EnumWindows
	 364 	GetWindow
	 436 	IsWindowVisible
	 404 	InternalGetWindowText
	 518 	PostMessageW
	 298 	GetLastActivePopup
	 671 	SwitchToThisWindow
	 677 	TileWindows
	  30 	CascadeWindows
	 666 	ShowWindowAsync
	 201 	EndTask
	 269 	GetCursorPos
	 327 	GetParent
	 601 	SetDlgItemTextW
	 381 	GetWindowTextLengthW
	 594 	SetCursor
	 448 	LoadCursorW
	 625 	SetRect
	 281 	GetForegroundWindow
	 579 	SendMessageW
	 477 	MapWindowPoints
	 275 	GetDlgItem
	 610 	SetMenu
	 650 	SetWindowPos
	 257 	GetClientRect
	 145 	DeleteMenu
	  57 	CheckMenuItem
	  58 	CheckMenuRadioItem
	 302 	GetMenu
	 654 	SetWindowTextW
	 463 	LoadStringW
	 540 	RegisterClassW
	 249 	GetClassInfoW
	 557 	ReleaseDC
	 270 	GetDC
	 673 	SystemParametersInfoW
	 493 	MonitorFromRect
	 291 	GetKeyState
	  28 	CallWindowProcW
	 648 	SetWindowLongW
	 371 	GetWindowLongW
	 143 	DefWindowProcW
	 368 	GetWindowLongA

   iphlpapi.dll
	Import Lookup Table RVA:  	00029D98h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B086h
	Import Address Table RVA: 	00001910h
	First thunk RVA: 	00001910h
	Ordn  	Name
	-----	-----
	  59 	GetNumberOfInterfaces
	  41 	GetIfEntry
	 110 	NhGetInterfaceNameFromDeviceGuid
	  46 	GetInterfaceInfo

   COMCTL32.dll
	Import Lookup Table RVA:  	000294F0h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B102h
	Import Address Table RVA: 	00001068h
	First thunk RVA: 	00001068h
	Ordn  	Name
	-----	-----
	  17 	
	  81 	ImageList_Remove
	  88 	ImageList_SetIconSize
	  56 	ImageList_Create
	  83 	ImageList_ReplaceIcon
	   8 	CreateStatusWindowW

   SHLWAPI.dll
	Import Lookup Table RVA:  	00029950h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B132h
	Import Address Table RVA: 	000014C8h
	First thunk RVA: 	000014C8h
	Ordn  	Name
	-----	-----
	 273 	StrStrIW
	 437 	
	 413 	
	 247 	StrFormatByteSizeW

   SHELL32.dll
	Import Lookup Table RVA:  	00029910h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B160h
	Import Address Table RVA: 	00001488h
	First thunk RVA: 	00001488h
	Ordn  	Name
	-----	-----
	 276 	Shell_NotifyIconW
	 245 	
	 259 	ShellAboutW
	  61 	
	 100 	
	 236 	
	 241 	

   Secur32.dll
	Import Lookup Table RVA:  	00029978h	 (Unbound IAT)
	TimeDateStamp: 	00000000h   
	ForwarderChain: 	00000000h
	DLL Name RVA: 	0002B17Eh
	Import Address Table RVA: 	000014F0h
	First thunk RVA: 	000014F0h
	Ordn  	Name
	-----	-----
	  25 	GetUserNameExW


DELAYED IMPORT TABLE:
   WTSAPI32.dll
	Characteristics:  	00000001h
		Address fields treated as RVAs
	DLL Name RVA: 	00002A80h
	Module Handle Address RVA: 	0002E920h
	Import Address Table RVA: 	0002D940h
	Import Name Table RVA: 	000291A0h
	Bound address pointer: 	00029310h
	Bound address pointer copy: 	00000000h
	TimeDateStamp: 	00000000h   
	Ordn  	Name
	-----	-----
	   0 	WTSDisconnectSession

   WINSTA.dll
	Characteristics:  	00000001h
		Address fields treated as RVAs
	DLL Name RVA: 	00002A90h
	Module Handle Address RVA: 	0002E928h
	Import Address Table RVA: 	0002D918h
	Import Name Table RVA: 	00029178h
	Bound address pointer: 	00029348h
	Bound address pointer copy: 	00000000h
	TimeDateStamp: 	00000000h   
	Ordn  	Name
	-----	-----
	   0 	WinStationShadow

   MSGINA.dll
	Characteristics:  	00000001h
		Address fields treated as RVAs
	DLL Name RVA: 	00002AA0h
	Module Handle Address RVA: 	0002E930h
	Import Address Table RVA: 	0002D8F0h
	Import Name Table RVA: 	00029150h
	Bound address pointer: 	00029370h
	Bound address pointer copy: 	00000000h
	TimeDateStamp: 	00000000h   
	Ordn  	Name
	-----	-----
	NA 	<invalid name>
	   0 	

   UTILDLL.dll
	Characteristics:  	00000001h
		Address fields treated as RVAs
	DLL Name RVA: 	00002CB0h
	Module Handle Address RVA: 	0002E9E0h
	Import Address Table RVA: 	0002D900h
	Import Name Table RVA: 	00029160h
	Bound address pointer: 	00029380h
	Bound address pointer copy: 	00000000h
	TimeDateStamp: 	00000000h   
	Ordn  	Name
	-----	-----
	   0 	CachedGetUserFromSid

   ole32.dll
	Characteristics:  	00000001h
		Address fields treated as RVAs
	DLL Name RVA: 	00002CC0h
	Module Handle Address RVA: 	0002E9E8h
	Import Address Table RVA: 	0002D978h
	Import Name Table RVA: 	000291D8h
	Bound address pointer: 	00029398h
	Bound address pointer copy: 	00000000h
	TimeDateStamp: 	00000000h   
	Ordn  	Name
	-----	-----
	   0 	CLSIDFromString


DOS HEADER
Header Information :

	Signature :	5A4Dh 
	Bytes on last page of file :	0090h 
	Total Pages in File :	0003h 
	Relocation Items :	0000h 
	Size of header in paragraphs :	0004h 
	Minimum Extra Paragraphs :	0000h 
	Maximum Extra Paragraphs :	FFFFh 
	Initial Stack Segment :	0000h 
	Initial Stack Pointer :	00B8h 
	Complemented Checksum :	0000h 
	Initial Instruction Pointer :	0000h 
	Initial Code Segment :	0000h 
	Relocation Table Offset :	0040h 
	Overlay Number :	0000h 

Extra Header Information :
	Reserved WORD 0:	0000h 
	Reserved WORD 1:	0000h 
	Reserved WORD 2:	0000h 
	Reserved WORD 3:	0000h 
	OEM identifier :	0000h 
	OEM information :	0000h 
	Reserved WORD 0:	0000h 
	Reserved WORD 1:	0000h 
	Reserved WORD 2:	0000h 
	Reserved WORD 3:	0000h 
	Reserved WORD 4:	0000h 
	Reserved WORD 5:	0000h 
	Reserved WORD 6:	0000h 
	Reserved WORD 7:	0000h 
	Reserved WORD 8:	0000h 
	Reserved WORD 9:	0000h 
	New Header Address :	000000E0h 
	Memory Needed :	1680 B ( 1 KB )



