-
Notifications
You must be signed in to change notification settings - Fork 19
/
exe-ped01.trid.xml
80 lines (80 loc) · 1.86 KB
/
exe-ped01.trid.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<TrID ver="2.00">
<Info>
<FileType>PE Diminisher v0.1 compressed Win32 Executable</FileType>
<Ext>EXE</Ext>
<Mime>application/octet-stream</Mime>
<ExtraInfo>
<Rem>PE Diminisher is a simple PE packer.</Rem>
<RefURL>http://www.compression.ru/arctest/self/ped.htm</RefURL>
</ExtraInfo>
<User>Marco Pontello</User>
<E-Mail>marcopon@gmail.com</E-Mail>
<Home>http://mark0.net</Home>
</Info>
<General>
<FileNum>22</FileNum>
<CheckStrings>True</CheckStrings>
<Date>
<Year>2015</Year>
<Month>3</Month>
<Day>15</Day>
</Date>
<Time>
<Hour>20</Hour>
<Min>21</Min>
<Sec>15</Sec>
</Time>
<Creator>TrIDScan/Py v2.00</Creator>
</General>
<FrontBlock>
<Pattern>
<Bytes>4D5A</Bytes>
<ASCII> M Z</ASCII>
<Pos>0</Pos>
</Pattern>
<Pattern>
<Bytes>00</Bytes>
<Pos>3</Pos>
</Pattern>
<Pattern>
<Bytes>0000000400</Bytes>
<Pos>5</Pos>
</Pattern>
<Pattern>
<Bytes>00FFFF0000</Bytes>
<Pos>11</Pos>
</Pattern>
<Pattern>
<Bytes>000000000000004000</Bytes>
<ASCII> . . . . . . . @</ASCII>
<Pos>17</Pos>
</Pattern>
<Pattern>
<Bytes>000000000000000000000000000000000000000000000000000000000000000000</Bytes>
<Pos>27</Pos>
</Pattern>
<Pattern>
<Bytes>0000</Bytes>
<Pos>62</Pos>
</Pattern>
<Pattern>
<Bytes>CD21B8014CCD21</Bytes>
<ASCII> . ! . . L . !</ASCII>
<Pos>71</Pos>
</Pattern>
<Pattern>
<Bytes>00000000000000</Bytes>
<Pos>121</Pos>
</Pattern>
</FrontBlock>
<GlobalStrings>
<String>KERNEL32.DLL''''GETPROCADDRESS'''GETMODULEHANDLEA'''LOADLIBRARYA</String>
<String>KERNEL32.DLL'VIRTUALALLOC'VIRTUALFREE</String>
<String>.TERAPHY</String>
<String>SQRVWU</String>
<String>PE''L</String>
<String>DATA</String>
<String>TEXT</String>
<String>THIS</String>
</GlobalStrings>
</TrID>