Microsoft (R) COFF Binary File Dumper Version 6.00.8447 Copyright (C) Microsoft Corp 1992-1998. All rights reserved. Dump of file hdspoof.exe PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (i386) 4 number of sections 425AACAA time date stamp Mon Apr 11 12:58:18 2005 0 file pointer to symbol table 0 number of symbols E0 size of optional header 10F characteristics Relocations stripped Executable Line numbers stripped Symbols stripped 32 bit word machine OPTIONAL HEADER VALUES 10B magic # 7.10 linker version 1F000 size of code 1E000 size of initialized data 0 size of uninitialized data 19000 RVA of entry point 19000 base of code D000 base of data 400000 image base 1000 section alignment 200 file alignment 4.00 operating system version 0.00 image version 4.00 subsystem version 0 Win32 version 2C000 size of image 400 size of headers 0 checksum 3 subsystem (Windows CUI) 0 DLL characteristics 100000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit ABDBFFDE loader flags DFFFDDDE number of directories 0 [ 0] RVA [size] of Export Directory 18014 [ 8F] RVA [size] of Import Directory 0 [ 0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 0 [ 0] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Special Directory 0 [ 0] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory 0 [ 0] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of Reserved Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 name 17000 virtual size 1000 virtual address 7800 size of raw data 400 file pointer to raw data 32434550 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data Read Write DUMPBIN : warning LNK4078: multiple "" sections found with different attributes (E0000020) SECTION HEADER #2 name 1000 virtual size 18000 virtual address 1000 size of raw data 7C00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers E0000020 flags Code Execute Read Write Section contains the following imports: kernel32.dll 418000 Import Address Table 418000 Import Name Table 0 time date stamp FFFFFFFF Index of first forwarder reference 0 LoadLibraryA 0 GetProcAddress 0 VirtualAlloc 0 VirtualFree SECTION HEADER #3 name 12000 virtual size 19000 virtual address D1EEBD1E size of raw data 8C00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers E0000020 flags Code Execute Read Write SECTION HEADER #4 name 1000 virtual size 2B000 virtual address 0 size of raw data 1AC00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data Read Write Summary 13000 18000