filenamesvchost.exe
size33792 (0x8400)
md5267ea4ea1ed97d10fa98933910f17812
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavTrojan.IRCBot-3556 FOUND
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x50

DOS stub

00000000: 2a 3b 35 00 00 00 00 00  36 05 00 00 00 00 00 00  |*;5.....6.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections2
TimeDateStamp0x45547345
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion7.10
SizeOfCode0x1a00
SizeOfInitializedData0
SizeOfUninitializedData0
AddressOfEntryPoint0x1abb
BaseOfCode0x1000
BaseOfData0x1000
ImageBase0x1000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion6.1
SubsystemVersion6.1
Reserved10
SizeOfImage0xa000
SizeOfHeaders0x200
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x40000
SizeOfStackCommit0x4000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

Thinstall Virtualization Suite v3.10X (Thinstall Company)

Sections

namevavsizeraw sizeflags
.text0x10000x20000x1c00RWX CODE
.res0x30000x70000x6600RWX CODE

Data Directory

typevasize
EXPORT00
IMPORT0x2a000x3c
RESOURCE00
EXCEPTION00
SECURITY00
BASERELOC0x2a408
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
module_namehintordfunction_name
KERNEL32.dll125ExitProcess
KERNEL32.dll175FormatMessageA
KERNEL32.dll282GetLastError
KERNEL32.dll625SetLastError
KERNEL32.dll699VirtualAlloc
KERNEL32.dll27CloseHandle
KERNEL32.dll470MapViewOfFile
KERNEL32.dll53CreateFileMappingA
KERNEL32.dll703VirtualFree
KERNEL32.dll318GetProcAddress
KERNEL32.dll707VirtualProtect
KERNEL32.dll450LoadLibraryA
KERNEL32.dll294GetModuleHandleA
KERNEL32.dll292GetModuleFileNameA
KERNEL32.dll293GetModuleFileNameW
KERNEL32.dll611SetEnvironmentVariableW
KERNEL32.dll610SetEnvironmentVariableA
KERNEL32.dll722WideCharToMultiByte
KERNEL32.dll688UnmapViewOfFile
KERNEL32.dll774lstrcpynW
KERNEL32.dll279GetFullPathNameW
KERNEL32.dll278GetFullPathNameA
KERNEL32.dll409HeapAlloc
KERNEL32.dll320GetProcessHeap
KERNEL32.dll274GetFileSize
KERNEL32.dll536ReadFile
KERNEL32.dll618SetFilePointer
KERNEL32.dll55CreateFileW
KERNEL32.dll266GetEnvironmentVariableW
KERNEL32.dll52CreateFileA
KERNEL32.dll265GetEnvironmentVariableA
KERNEL32.dll372GetVersion
KERNEL32.dll30207
0c ff 15 3c 1e 40                                 |...<.@          |
KERNEL32.dll60555
81 ec 48 05                                       |..H.            |
KERNEL32.dll65532
ff e9 ff 15 7c 1e 40                              |....|.@         |
KERNEL32.dll23297
be 04 01                                          |...             |
KERNEL32.dll34189
c8 fe ff ff 50 68 0b 1a  40                       |....Ph..@       |
KERNEL32.dll64
85 c0 75 13 8d 85 c8 fe  ff ff 56 50 ff 75 08 ff  |..u.......VP.u..|
15 34 1e 40                                       |.4.@            |
KERNEL32.dll30207
08 ff 15 34 1e 40                                 |...4.@          |
KERNEL32.dll32872
KERNEL32.dll5631
74 1e 40                                          |t.@             |
KERNEL32.dll26704
f7 19 40                                          |..@             |
KERNEL32.dll64184
ff ff 56 50 ff 75 08 ff  15 38 1e 40              |..VP.u...8.@    |
KERNEL32.dll65349
01 53 53 8d 85 c8 fe ff  ff 56 50 8d 85 b8 fa ff  |.SS......VP.....|
ff 6a ff 50 53 53 ff 15  44 1e 40                 |.j.PSS..D.@     |
KERNEL32.dll65530
ff 6a ff 50 53 53 ff 15  44 1e 40                 |.j.PSS..D.@     |
KERNEL32.dll874
53 6a 01 8d 85 b8 fa ff  ff 68                    |Sj.......h      |
KERNEL32.dll33536
f8 ff 89 45 08 75 14 53  53 8d 85 c8 fe ff ff 53  |...E.u.SS......S|
50 6a 02 e8 d9 fb ff ff  83 c4 14 8b 3d 68 1e 40  |Pj..........=h.@|
KERNEL32.dll64473
ff ff 83 c4 14 8b 3d 68  1e 40                    |......=h.@      |
KERNEL32.dll36176
45 dc 6a 10 50 ff 75 08  ff 15 64 1e 40           |E.j.P.u...d.@   |
KERNEL32.dll16414
KERNEL32.dll1407
3b 4d ec 76 18 53 68 e3  19 40                    |;M.v.Sh..@      |
KERNEL32.dll21503
50 6a 0d e8 77 fb ff ff  83 c4 14 8d 45 e0 53 50  |Pj..w.......E.SP|
ff 75 dc ff 75 08 ff d7  ff 75 e4 53 ff 15 5c 1e  |.u..u....u.S..\.|
40                                                |@               |
KERNEL32.dll36116
45 e0 53 50 ff 75 dc ff  75 08 ff d7 ff 75 e4 53  |E.SP.u..u....u.S|
ff 15 5c 1e 40                                    |..\.@           |
KERNEL32.dll7772

@

KERNEL32.dll16409
KERNEL32.dll59405
3b fb ff ff 83 c4 14 8d  45 f4 53 50 ff 75 e4 57  |;.......E.SP.u.W|
ff 75 08 ff 15 64 1e 40                           |.u...d.@        |
KERNEL32.dll30207
08 ff 15 64 1e 40                                 |...d.@          |
KERNEL32.dll62533
3b 45 e4 75 17 80 3f 74  75 12 80 7f 01 68 75 0c  |;E.u..?tu....hu.|
80 7f 02 69 75 06 80 7f  03 6e 74 18 53 68 e3 19  |...iu....nt.Sh..|
40                                                |@               |
KERNEL32.dll32640
01 68 75 0c 80 7f 02 69  75 06 80 7f 03 6e 74 18  |.hu....iu....nt.|
53 68 e3 19 40                                    |Sh..@           |
KERNEL32.dll26707
e3 19 40                                          |..@             |
KERNEL32.dll3434
e8 ee fa ff ff 83 c4 14  38 5d ff 0f 85 7f 02     |........8]..... |
KERNEL32.dll63605
e8 92 fd ff ff 83 c4 0c  53 68 b9 19 40           |........Sh..@   |
KERNEL32.dll64
ff 15 40 1e 40                                    |..@.@           |
KERNEL32.dll51333
fe ff ff 50 68 0b 1a 40                           |...Ph..@        |
USER32.dll446MessageBoxA
USER32.dll26704
f7 19 40                                          |..@             |
offsetsizetypecomment
033792EXE11/10/2006 12:40:37#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







everything is OK