filename | trendmonitor__.exe | |
---|---|---|
size | 1268224 (0x135a00) | |
md5 | 09a1308ba295fcb2aea792c4459a143e | |
type | MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows, MZ for MS-DOS | |
mimetype | application/x-dosexec | |
clamav | scan pending | |
virustotal | → scan with virustotal.com | |
histogram |
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0x10000 | 0xf400 | RWX CODE | |
.rsrc | 0x11000 | 0x1c000 | 0x1bc00 | RW- IDATA | |
.text | 0x2d000 | 0x1000 | 0 | RWX CODE | |
.data | 0x2e000 | 0x10b000 | 0x10a600 | RW- IDATA | |
.idata | 0x139000 | 0x1000 | 0x200 | RW- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x139000 | 0xec | |
RESOURCE | 0x11000 | 0x1ba20 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
40002 | 1033 | Rem0te Scr4en |
40003 | 1033 | Rem0te Scr4en View |
40004 | 1033 | Telnet |
40005 | 1033 | Redirect |
40006 | 1033 | File |
40007 | 1033 | No c0nnecti0ns |
40008 | 1033 | Inc0ming '%s' type connection from %s. Do you allow this connection ? |
module_name | hint | ord | function_name |
---|---|---|---|
kernel32.dll | VirtualFree | ||
kernel32.dll | WideCharToMultiByte | ||
kernel32.dll | GetEnvironmentStringsW | ||
kernel32.dll | GetProcAddress |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK