filenameVirus.Win9x.Anxiety.1586
size42590 (0xa65e)
md55707abcacd83d6429c5c060ff5c7b213
typeMS-DOS executable PE32 executable (console) Intel 80386, for MS Windows, MZ for MS-DOS
mimetypeapplication/x-dosexec
clamavWin.Trojan.W-41 FOUND
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file0x2e
num_relocs7
header_paragraphs0x83
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0x200
checksum0
ip0x7ce
cs0x1c7
reloc_table_offset0x1e
overlay_number0
reserved00x85001c707d00001
oem_id0x1c7
oem_info0x8a0
reserved20x175101c7
reserved30x1b5b01c7
reserved40x1c6501c7
reserved50x1c8c01c7
reserved60x1c7
lfanew0x5e90

DOS stub

00000000: 53 54 41 43 4b 20 20 20  53 54 41 43 4b 20 20 20  |STACK   STACK   |
*
00000200: 00 00 00 00 00 00 00 00  00 00 00 00 ff ff ff ff  |................|
00000210: 00 00 00 00 00 00 00 00  ff ff ff ff 00 00 00 00  |................|
00000220: 00 00 00 00 ff ff ff ff  00 00 00 00 00 00 00 00  |................|
00000230: ff ff ff ff ff ff ff ff  00 00 00 00 00 00 00 0d  |................|
00000240: 0a 00 00 00 00 00 00 0a  00 00 00 2c 00 2e 00 2d  |...........,...-|
00000250: 00 3a 00 01 24 24 24 24  24 24 24 24 24 24 24 24  |.:..$$$$$$$$$$$$|
00000260: 24 24 24 24 24 24 24 24  24 24 24 24 24 24 24 24  |$$$$$$$$$$$$$$$$|
*
00000290: 24 24 24 24 24 00 00 00  00 45 4e 55 00 00 00 00  |$$$$$....ENU....|
000002a0: 00 00 00 00 4c 41 4e 47  3d 4c 41 4e 47 53 50 45  |....LANG=LANGSPE|
000002b0: 43 3d 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |C=..............|
000002c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000:

PE Header

SignaturePE
Machine0x14c
NumberOfSections5
TimeDateStamp0x2ff36f6a
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10e
Magic0x10b
LinkerVersion2.50
SizeOfCode0x1400
SizeOfInitializedData0x2a00
SizeOfUninitializedData0
AddressOfEntryPoint0xd25e
BaseOfCode0x7000
BaseOfData0x9000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion1.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0xe25e
SizeOfHeaders0x6200
CheckSum0xb7d3
Subsystem3
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.text0x70000x13700x1400R-X CODE
.data0x90000x5e50x600RW- IDATA
.idata0xa0000x4540x600R-- IDATA
.rsrc0xb0000x19600x1a00R-- IDATA
.reloc�0xd0000x125e0xa5eRWX IDATA

Data Directory

typevasize
EXPORT00
IMPORT0xa0000x454
RESOURCE0xb0000x1960
EXCEPTION00
SECURITY00
BASERELOC0xd0000x1e4
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
STRING#147880
STRING#26700
VERSION#18280
idlangstring
11033Insufficient memory
21033Invalid date
31033Invalid parameter - %1
41033Copies files and directory trees.%n%nXCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/W]%n [/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U]%n [/K] [/N]%n%n source Specifies the file(s) to copy.%n destination Specifies the location and/or name of new files.%n /A Copies files with the archive attribute set,%n doesn't change the attribute.%n /M Copies files with the archive attribute set,%n turns off the archive attribute.%n /D:date Copies files changed on or after the specified date.%n If no date is given, copies only those files whose%n source time is newer than the destination time.%n /P Prompts you before creating each destination file.%n /S Copies directories and subdirectories except empty ones.%n /E Copies directories and subdirectories, including empty ones.%n Same as /S /E. May be used to modify /T.%n /W Prompts you to press a key before copying.%n /C Continues copying even if errors occur.%n /I If destination does not exist and copying more than one file,%n assumes that destination must be a directory.%n /Q Does not display file names while copying.%n /F Displays full source and destination file names while copying.%n /L Displays files that would be copied.%n /H Copies hidden and system files also.%n /R Overwrites read-only files.%n /T Creates directory structure, but does not copy files. Does not%n include empty directories or subdirectories. /T /E includes%n empty directories and subdirectories.%n /U Updates the files that already exist in destination.%n /K Copies attributes. Normal Xcopy will reset read-only attributes.%n /Y Overwrites existing files without prompting.%n /-Y Prompts you before overwriting existing files.%n /N Copy using the generated short names.
51033Invalid number of parameters
61033File not found - %1
71033Invalid drive specification
81033Invalid path
91033Path too long
101033Error copying file %1 to %2
111033Unable to create directory %1
121033Does %1 specify a file name%nor directory name on the target%n(F = file, D = directory)?
131033FD
141033%1 (Y/N)?
151033YN
161033Press any key to begin copying file(s)
181033%1!9d! File(s) copied%n
191033%1!9d! File(s)%n
201033%1%n
211033Warning: File too large to be copied%n
221033Warning: Not all files were found/copied because the resulting path and/or filename would have been too long%n
231033Cannot perform a cyclic copy
241033File cannot be copied onto itself
251033Overwrite %1 (Yes/No/All)?
261033YNA
module_namehintordfunction_name
KERNEL32.dll266GetLogicalDrives
KERNEL32.dll53CopyFileA
KERNEL32.dll390InterlockedIncrement
KERNEL32.dll152FindClose
KERNEL32.dll581SetLastError
KERNEL32.dll260GetLastError
KERNEL32.dll44CompareFileTime
KERNEL32.dll505RtlMoveMemory
KERNEL32.dll706lstrlenA
KERNEL32.dll688_lwrite
KERNEL32.dll313GetStdHandle
KERNEL32.dll171FormatMessageA
KERNEL32.dll270GetModuleHandleA
KERNEL32.dll687_lread
KERNEL32.dll118ExitProcess
KERNEL32.dll262GetLocaleInfoA
KERNEL32.dll417LocalAlloc
KERNEL32.dll341GetUserDefaultLCID
KERNEL32.dll419LocalFileTimeToFileTime
KERNEL32.dll608SystemTimeToFileTime
KERNEL32.dll697lstrcmpiA
KERNEL32.dll254GetFullPathNameA
KERNEL32.dll700lstrcpyA
KERNEL32.dll654WideCharToMultiByte
KERNEL32.dll193GetCommandLineW
KERNEL32.dll388InterlockedDecrement
KERNEL32.dll389InterlockedExchange
KERNEL32.dll573SetFileApisToOEM
KERNEL32.dll542SetConsoleCtrlHandler
KERNEL32.dll552SetConsoleMode
KERNEL32.dll56CreateDirectoryA
KERNEL32.dll346GetVolumeInformationA
KERNEL32.dll574SetFileAttributesA
KERNEL32.dll248GetFileAttributesA
KERNEL32.dll156FindFirstFileA
KERNEL32.dll159FindNextFileA
KERNEL32.dll1073171356
KERNEL32.dll1073339521
KERNEL32.dll1073259782
KERNEL32.dll1073177391
KERNEL32.dll1073208010
KERNEL32.dll1073228319
KERNEL32.dll1073180764
KERNEL32.dll1073183594
KERNEL32.dll1073181265
KERNEL32.dll1073334944
KERNEL32.dll1073174096
KERNEL32.dll1073180855
KERNEL32.dll1073181817
KERNEL32.dll1073181409
KERNEL32.dll1073262512
KERNEL32.dll1073216529
KERNEL32.dll1073170692
KERNEL32.dll1073191600
KERNEL32.dll1073183759
KERNEL32.dll1073336829
KERNEL32.dll1073181030
KERNEL32.dll1073182657
KERNEL32.dll1073181088
KERNEL32.dll1073183471
KERNEL32.dll1073300103
KERNEL32.dll1073224585
KERNEL32.dll1073309226
KERNEL32.dll1073342207
KERNEL32.dll1073343553
KERNEL32.dll1073342408
KERNEL32.dll1073183913
KERNEL32.dll1073183067
KERNEL32.dll1073182796
KERNEL32.dll1073182828
KERNEL32.dll1073182867
KERNEL32.dll1073182923
USER32.dll360LoadStringA
USER32.dll42CharUpperA
USER32.dll38CharToOemA
USER32.dll1073105676
USER32.dll1073102933
USER32.dll1073105656

StringTable 040904E4

CompanyNameMicrosoft Corporation
FileDescriptionWindows File Copy Program
FileVersion4.00.950
InternalNameXCOPY32
LegalCopyrightCopyright © Microsoft Corp. 1994-1995
OriginalFilenameXCOPY32.EXE
ProductNameMicrosoft® Windows® Operating System
ProductVersion4.00.950

VS_FIXEDFILEINFO

FileVersion4.0.0.950
ProductVersion4.0.0.950
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x10001
FileType1
FileSubtype0
offsetsizetypecomment
15c115HTM#
15d037006BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 42590 bytes (42 KiB)



Errors: 1
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] DOS stub size too big (22112), limiting to 0x1000