
Victim: Belka.exe - some russian VB Junk (Word Game)


1. Binary dump:

sh.com ascii.pat Belka.exe > LogFile.txt

00000000  MZ
00000003  
0000000E  
00000011  
0000003D  
00000043  
00000046    
00000048  !
0000004A  L
0000004D  !This program cannot be run in DOS mode.


2. Some, but printable:

sh.com ascii.pat Belka.exe -p > LogFile.txt

00000000  MZ
00000003  .........
0000000E  ..
00000011  .......@...................................
0000003D  .....
00000043  ..
00000046  .
00000048  !
0000004A  .L
0000004D  !This program cannot be run in DOS mode....$.......


3. Plain English:

sh.com english.pat Belka.exe > LogFile.txt

00000000  MZ
0000004B  L
0000004E  This
00000053  program
0000005B  cannot
00000062  be
00000065  run
00000069  in
0000006C  DOS
00000070  mode


4. Unicode English:

sh.com english.pat Belka.exe -e > LogFile.txt

0003E0F6  VS
0003E0FC  VERSION
0003E10C  INFO
0003E14C  D
0003E152  VarFileInfo
0003E172  Translation
0003E196  StringFileInfo
0003E1C6  B
0003E1D2  CompanyName
0003E1EC  RBS
0003E1FA  ProductName
0003E214  Belka
0003E226  FileVersion
0003E252  ProductVersion
0003E282  InternalName
0003E29C  Belka
0003E2AE  OriginalFilename
0003E2D0  Belka
0003E2DC  exe


5. Plain Russian (5+ chrs only):

sh.com rus-win-1251.pat Belka.exe 5 > LogFile.txt

00007351  ਧ
0000735A  㪢
000073A7  ᪠
000073B1  ᨭ
000073FE  ᪠
0000745A  ⪨
000075D6  室
0000762B  
0000767E  ᪠
00007688  롮
000076D5  ⪨
00007729  ⪨
00007732  롮
0000777F  䠢
00007787  롮
000077D5  
00007828  ࠢ
0000787D  


6. Unicode Russian (5+ chrs only):

sh.com rus-unicode.pat Belka.exe -r 5 > LogFile.txt

000183C8  
000183D6  
000183F4  ਧ
00018406  㪢
00018418  ਧ
0001842A  㪢
00018442  
00018450  㧭
0001845E  
00018474  
00018488  ࠥ
000184BA  ᫮
000184DC  
000184F2  ⮪
00018504  ࠥ
00018538  
0001854A  ᫮
000188B4  ⢮
000188CA  
000188EA  
00018902  
0001891E  ࠫ
0001894A  ᪠
00018970  롨
0001898C  㪢
0001899C  
