-
Notifications
You must be signed in to change notification settings - Fork 19
/
exe-pbw7x.trid.xml
159 lines (159 loc) · 5 KB
/
exe-pbw7x.trid.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<TrID ver="2.00">
<Info>
<FileType>Win32 Executable PowerBASIC/Win 7.x</FileType>
<Ext>EXE</Ext>
<Mime>application/octet-stream</Mime>
<ExtraInfo>
<Rem></Rem>
<RefURL>http://www.powerbasic.com/products/pbdll32/</RefURL>
</ExtraInfo>
<User>Marco Pontello</User>
<E-Mail>marcopon@gmail.com</E-Mail>
<Home>http://mark0.net</Home>
</Info>
<General>
<FileNum>94</FileNum>
<Refine>4 by Marco Pontello - 1 by Marco Pontello - 1 by Marco Pontello</Refine>
<CheckStrings>True</CheckStrings>
<Date>
<Year>2015</Year>
<Month>3</Month>
<Day>15</Day>
</Date>
<Time>
<Hour>20</Hour>
<Min>21</Min>
<Sec>15</Sec>
</Time>
<Creator>TrIDScan/Py v2.00</Creator>
</General>
<FrontBlock>
<Pattern>
<Bytes>4D5A0A000200000004000F00FFFF0000C00000000000000040000000000000000000000000000000000000000000000000000000000000000000000080000000B409BA10000E1FCD21B8014CCD2190905468697320697320612057696E33322070726F6772616D2E0D0A24000000000000000000000000000000000000000000504500004C01</Bytes>
<ASCII> M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! . . T h i s i s a W i n 3 2 p r o g r a m . . . $ . . . . . . . . . . . . . . . . . . . . . P E . . L</ASCII>
<Pos>0</Pos>
</Pattern>
<Pattern>
<Bytes>00393000</Bytes>
<ASCII> . 9 0</ASCII>
<Pos>135</Pos>
</Pattern>
<Pattern>
<Bytes>0000000000000000E000</Bytes>
<Pos>140</Pos>
</Pattern>
<Pattern>
<Bytes>000000</Bytes>
<Pos>179</Pos>
</Pattern>
<Pattern>
<Bytes>0400000000000000040000000000000000</Bytes>
<Pos>192</Pos>
</Pattern>
<Pattern>
<Bytes>0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Bytes>
<Pos>294</Pos>
</Pattern>
<Pattern>
<Bytes>002E74657874002020</Bytes>
<ASCII> . . t e x t</ASCII>
<Pos>375</Pos>
</Pattern>
<Pattern>
<Bytes>0000040000000000000000000000000000</Bytes>
<Pos>395</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>413</Pos>
</Pattern>
<Pattern>
<Bytes>2E64617461002020</Bytes>
<ASCII> . d a t a</ASCII>
<Pos>416</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000000000000000400000C02E6C696E6B002020</Bytes>
<ASCII> . . . . . . . . . . . . . @ . . . . l i n k</ASCII>
<Pos>439</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000000000000000400000C02E72</Bytes>
<ASCII> . . . . . . . . . . . . . @ . . . . r</ASCII>
<Pos>479</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000000000000000400000</Bytes>
<ASCII> . . . . . . . . . . . . . @</ASCII>
<Pos>519</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>583</Pos>
</Pattern>
<Pattern>
<Bytes>000000</Bytes>
<Pos>586</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>591</Pos>
</Pattern>
<Pattern>
<Bytes>000000</Bytes>
<Pos>594</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000000000000000</Bytes>
<Pos>599</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>613</Pos>
</Pattern>
<Pattern>
<Bytes>00000000</Bytes>
<Pos>621</Pos>
</Pattern>
<Pattern>
<Bytes>000000</Bytes>
<Pos>626</Pos>
</Pattern>
<Pattern>
<Bytes>000000000000</Bytes>
<Pos>631</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000000000000000</Bytes>
<Pos>639</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>653</Pos>
</Pattern>
<Pattern>
<Bytes>0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Bytes>
<Pos>656</Pos>
</Pattern>
</FrontBlock>
<GlobalStrings>
<String>$'''''''''''''''''''''PE''L</String>
<String>THIS IS A WIN32 PROGRAM.</String>
<String>GETMODULEHANDLEA</String>
<String>SAFEARRAYCREATE</String>
<String>REGOPENKEYEXA</String>
<String>COINITIALIZE</String>
<String>KERNEL32.DLL</String>
<String>OLEAUT32.DLL</String>
<String>ADVAPI32.DLL</String>
<String>EXITPROCESS</String>
<String>OLE32.DLL</String>
<String>ALALLOC</String>
<String>ALFREE</String>
<String>.RLOC</String>
<String>.DATA</String>
<String>.LINK</String>
<String>ERROR</String>
<String>.TEXT</String>
</GlobalStrings>
</TrID>