Download Link: hxxp://nostale.omg.com.tw/activex/macrowell.cab

File Name: macrowell.cab

VirusTotal Result: 7/31 (22.59%)
AVG 7.5.0.516 2008.04.10 Adware Generic2.JGR
BitDefender 7.2 2008.04.10 Adware.BHO
Fortinet 3.14.0.0 2008.04.10 Adware/BHO
Ikarus T3.1.1.26 2008.04.10 not-a-virus:AdWare.Win32.BHO.cz
Panda 9.0.0.4 2008.04.10 Adware/WebSearch
Prevx1 V2 2008.04.10 PSW.OnlineGames.JGR
VBA32 3.12.6.4 2008.04.06 AdWare.Win32.BHO.cz

File Info:
File size: 187189 bytes
MD5...: 9ee6000285ddb980ef76ed7af1f2b5ec
SHA1..: b6bb0653eb9207aae1f0625453124df58aa319d8
SHA256: 1d5edd9dc5a8d9445318facda7d1c331a2d140ed402070a522600289a6da75f9
SHA512: 3cdb6049c32ad5a8146906c44ebf89d2f6165e3b68c26b4de9eb6f1e395ea1d7
76eefa833aa09e1c1647fc5fdbd0259525c1f7eb1c62f209aec5c1583379f151
Prevx info:
http://info.prevx.com/aboutprogramtext. ... 006A0F941B

Archive preview
Modified Size File name
8/6/2006 6:30:42 PM 677 B MacroWell.inf MD5: A38E9D4B4E0647048558654ACCF545C8
8/6/2006 6:30:06 PM 364 KB RegExe.ocx MD5: C9A6ABC1B20DDE47928C74D2B21693BF

File Name: RegExe.ocx

File Info:
.text:10001000 ; Format : Portable executable for 80386 (PE)
.text:10001000 ; Imagebase : 10000000
.text:10001000 ; Section 1. (virtual address 00001000)
.text:10001000 ; Virtual size : 0003C224 ( 246308.)
.text:10001000 ; Section size in file : 0003D000 ( 249856.)
.text:10001000 ; Offset to raw data for section: 00001000
.text:10001000 ; Flags 60000020: Text Executable Readable

Number of Objects = 0005 (dec), Imagebase = 10000000h

Object01: .text RVA: 00001000 Offset: 00001000 Size: 0003D000 Flags: 60000020
Object02: .rdata RVA: 0003E000 Offset: 0003E000 Size: 00010000 Flags: 40000040
Object03: .data RVA: 0004E000 Offset: 0004E000 Size: 00003000 Flags: C0000040
Object04: .rsrc RVA: 00055000 Offset: 00051000 Size: 00002000 Flags: 40000040
Object05: .reloc RVA: 00057000 Offset: 00053000 Size: 00008000 Flags: 42000040

Number of Imported Modules = 10 (decimal)

Import Module 001: KERNEL32.dll
Import Module 002: USER32.dll
Import Module 003: GDI32.dll
Import Module 004: comdlg32.dll
Import Module 005: WINSPOOL.DRV
Import Module 006: ADVAPI32.dll
Import Module 007: SHELL32.dll
Import Module 008: SHLWAPI.dll
Import Module 009: ole32.dll
Import Module 010: OLEAUT32.dll

Exported Functions:
Name Address
----------------------------
DllCanUnloadNow 1003B067
DllGetClassObject 1003B02C
DllRegisterServer 10001040
DllUnregisterServer 100010D0
DllEntryPoint 100273F4

Number of Dialogs = 2 (decimal)
Name: DialogID_0001, # of Controls=004, Caption:"ܼ RegExe Control", ClassName:""
001 - ControlID:FFFF, Control Class:"STATIC" Control Text:""
002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"RegExe Control, H, 1.0"
003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright (C) 2006, "
004 - ControlID:0001, Control Class:"BUTTON" Control Text:""
Name: DialogID_00C8, # of Controls=001, Caption:"", ClassName:""
001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"TODO: (q¹J"