filename | Virus.Win9x.Anxiety.1586 | |
---|---|---|
size | 42590 (0xa65e) | |
md5 | 5707abcacd83d6429c5c060ff5c7b213 | |
type | MS-DOS executable PE32 executable (console) Intel 80386, for MS Windows, MZ for MS-DOS | |
mimetype | application/x-dosexec | |
clamav | Win.Trojan.W-41 FOUND | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 0x2e |
num_relocs | 7 |
header_paragraphs | 0x83 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0x200 |
checksum | 0 |
ip | 0x7ce |
cs | 0x1c7 |
reloc_table_offset | 0x1e |
overlay_number | 0 |
reserved0 | 0x85001c707d00001 |
oem_id | 0x1c7 |
oem_info | 0x8a0 |
reserved2 | 0x175101c7 |
reserved3 | 0x1b5b01c7 |
reserved4 | 0x1c6501c7 |
reserved5 | 0x1c8c01c7 |
reserved6 | 0x1c7 |
lfanew | 0x5e90 |
DOS stub
00000000: 53 54 41 43 4b 20 20 20 53 54 41 43 4b 20 20 20 |STACK STACK | * 00000200: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff |................| 00000210: 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 |................| 00000220: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 |................| 00000230: ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 0d |................| 00000240: 0a 00 00 00 00 00 00 0a 00 00 00 2c 00 2e 00 2d |...........,...-| 00000250: 00 3a 00 01 24 24 24 24 24 24 24 24 24 24 24 24 |.:..$$$$$$$$$$$$| 00000260: 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 |$$$$$$$$$$$$$$$$| * 00000290: 24 24 24 24 24 00 00 00 00 45 4e 55 00 00 00 00 |$$$$$....ENU....| 000002a0: 00 00 00 00 4c 41 4e 47 3d 4c 41 4e 47 53 50 45 |....LANG=LANGSPE| 000002b0: 43 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |C=..............| 000002c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00001000:
PE Header
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x7000 | 0x1370 | 0x1400 | R-X CODE | |
.data | 0x9000 | 0x5e5 | 0x600 | RW- IDATA | |
.idata | 0xa000 | 0x454 | 0x600 | R-- IDATA | |
.rsrc | 0xb000 | 0x1960 | 0x1a00 | R-- IDATA | |
.reloc � | 0xd000 | 0x125e | 0xa5e | RWX IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0xa000 | 0x454 | |
RESOURCE | 0xb000 | 0x1960 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0xd000 | 0x1e4 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
1 | 1033 | Insufficient memory |
2 | 1033 | Invalid date |
3 | 1033 | Invalid parameter - %1 |
4 | 1033 | Copies files and directory trees.%n%nXCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/W]%n [/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U]%n [/K] [/N]%n%n source Specifies the file(s) to copy.%n destination Specifies the location and/or name of new files.%n /A Copies files with the archive attribute set,%n doesn't change the attribute.%n /M Copies files with the archive attribute set,%n turns off the archive attribute.%n /D:date Copies files changed on or after the specified date.%n If no date is given, copies only those files whose%n source time is newer than the destination time.%n /P Prompts you before creating each destination file.%n /S Copies directories and subdirectories except empty ones.%n /E Copies directories and subdirectories, including empty ones.%n Same as /S /E. May be used to modify /T.%n /W Prompts you to press a key before copying.%n /C Continues copying even if errors occur.%n /I If destination does not exist and copying more than one file,%n assumes that destination must be a directory.%n /Q Does not display file names while copying.%n /F Displays full source and destination file names while copying.%n /L Displays files that would be copied.%n /H Copies hidden and system files also.%n /R Overwrites read-only files.%n /T Creates directory structure, but does not copy files. Does not%n include empty directories or subdirectories. /T /E includes%n empty directories and subdirectories.%n /U Updates the files that already exist in destination.%n /K Copies attributes. Normal Xcopy will reset read-only attributes.%n /Y Overwrites existing files without prompting.%n /-Y Prompts you before overwriting existing files.%n /N Copy using the generated short names. |
5 | 1033 | Invalid number of parameters |
6 | 1033 | File not found - %1 |
7 | 1033 | Invalid drive specification |
8 | 1033 | Invalid path |
9 | 1033 | Path too long |
10 | 1033 | Error copying file %1 to %2 |
11 | 1033 | Unable to create directory %1 |
12 | 1033 | Does %1 specify a file name%nor directory name on the target%n(F = file, D = directory)? |
13 | 1033 | FD |
14 | 1033 | %1 (Y/N)? |
15 | 1033 | YN |
16 | 1033 | Press any key to begin copying file(s) |
18 | 1033 | %1!9d! File(s) copied%n |
19 | 1033 | %1!9d! File(s)%n |
20 | 1033 | %1%n |
21 | 1033 | Warning: File too large to be copied%n |
22 | 1033 | Warning: Not all files were found/copied because the resulting path and/or filename would have been too long%n |
23 | 1033 | Cannot perform a cyclic copy |
24 | 1033 | File cannot be copied onto itself |
25 | 1033 | Overwrite %1 (Yes/No/All)? |
26 | 1033 | YNA |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 266 | GetLogicalDrives | |
KERNEL32.dll | 53 | CopyFileA | |
KERNEL32.dll | 390 | InterlockedIncrement | |
KERNEL32.dll | 152 | FindClose | |
KERNEL32.dll | 581 | SetLastError | |
KERNEL32.dll | 260 | GetLastError | |
KERNEL32.dll | 44 | CompareFileTime | |
KERNEL32.dll | 505 | RtlMoveMemory | |
KERNEL32.dll | 706 | lstrlenA | |
KERNEL32.dll | 688 | _lwrite | |
KERNEL32.dll | 313 | GetStdHandle | |
KERNEL32.dll | 171 | FormatMessageA | |
KERNEL32.dll | 270 | GetModuleHandleA | |
KERNEL32.dll | 687 | _lread | |
KERNEL32.dll | 118 | ExitProcess | |
KERNEL32.dll | 262 | GetLocaleInfoA | |
KERNEL32.dll | 417 | LocalAlloc | |
KERNEL32.dll | 341 | GetUserDefaultLCID | |
KERNEL32.dll | 419 | LocalFileTimeToFileTime | |
KERNEL32.dll | 608 | SystemTimeToFileTime | |
KERNEL32.dll | 697 | lstrcmpiA | |
KERNEL32.dll | 254 | GetFullPathNameA | |
KERNEL32.dll | 700 | lstrcpyA | |
KERNEL32.dll | 654 | WideCharToMultiByte | |
KERNEL32.dll | 193 | GetCommandLineW | |
KERNEL32.dll | 388 | InterlockedDecrement | |
KERNEL32.dll | 389 | InterlockedExchange | |
KERNEL32.dll | 573 | SetFileApisToOEM | |
KERNEL32.dll | 542 | SetConsoleCtrlHandler | |
KERNEL32.dll | 552 | SetConsoleMode | |
KERNEL32.dll | 56 | CreateDirectoryA | |
KERNEL32.dll | 346 | GetVolumeInformationA | |
KERNEL32.dll | 574 | SetFileAttributesA | |
KERNEL32.dll | 248 | GetFileAttributesA | |
KERNEL32.dll | 156 | FindFirstFileA | |
KERNEL32.dll | 159 | FindNextFileA | |
KERNEL32.dll | 1073171356 | ||
KERNEL32.dll | 1073339521 | ||
KERNEL32.dll | 1073259782 | ||
KERNEL32.dll | 1073177391 | ||
KERNEL32.dll | 1073208010 | ||
KERNEL32.dll | 1073228319 | ||
KERNEL32.dll | 1073180764 | ||
KERNEL32.dll | 1073183594 | ||
KERNEL32.dll | 1073181265 | ||
KERNEL32.dll | 1073334944 | ||
KERNEL32.dll | 1073174096 | ||
KERNEL32.dll | 1073180855 | ||
KERNEL32.dll | 1073181817 | ||
KERNEL32.dll | 1073181409 | ||
KERNEL32.dll | 1073262512 | ||
KERNEL32.dll | 1073216529 | ||
KERNEL32.dll | 1073170692 | ||
KERNEL32.dll | 1073191600 | ||
KERNEL32.dll | 1073183759 | ||
KERNEL32.dll | 1073336829 | ||
KERNEL32.dll | 1073181030 | ||
KERNEL32.dll | 1073182657 | ||
KERNEL32.dll | 1073181088 | ||
KERNEL32.dll | 1073183471 | ||
KERNEL32.dll | 1073300103 | ||
KERNEL32.dll | 1073224585 | ||
KERNEL32.dll | 1073309226 | ||
KERNEL32.dll | 1073342207 | ||
KERNEL32.dll | 1073343553 | ||
KERNEL32.dll | 1073342408 | ||
KERNEL32.dll | 1073183913 | ||
KERNEL32.dll | 1073183067 | ||
KERNEL32.dll | 1073182796 | ||
KERNEL32.dll | 1073182828 | ||
KERNEL32.dll | 1073182867 | ||
KERNEL32.dll | 1073182923 | ||
USER32.dll | 360 | LoadStringA | |
USER32.dll | 42 | CharUpperA | |
USER32.dll | 38 | CharToOemA | |
USER32.dll | 1073105676 | ||
USER32.dll | 1073102933 | ||
USER32.dll | 1073105656 |
StringTable 040904E4
CompanyName | Microsoft Corporation |
FileDescription | Windows File Copy Program |
FileVersion | 4.00.950 |
InternalName | XCOPY32 |
LegalCopyright | Copyright © Microsoft Corp. 1994-1995 |
OriginalFilename | XCOPY32.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 4.00.950 |
VS_FIXEDFILEINFO
FileVersion | 4.0.0.950 |
ProductVersion | 4.0.0.950 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x10001 |
FileType | 1 |
FileSubtype | 0 |
Scanning the drive for archives: 1 file, 42590 bytes (42 KiB) Errors: 1
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] DOS stub size too big (22112), limiting to 0x1000