data.exe - Win.Trojan.FakeAV-168

info
MZ
PE
resources
imports
foremost
7zip
signature
hexdump
disasm
log
discuss
donate

filename	data.exe
size	317952 (0x4da00)
md5	8626242719c85dfbd4eb6541c7e321e0

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	Win.Trojan.FakeAV-168 FOUND
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

Rich Header

lib id	version	times used
150	20413	6
149	30729	10
132	30729	2
4	8447	18
110	50727	1
147	30729	8
123	50727	19
1	0	1339
131	30729	241
148	21022	1
145	30729	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x4d2db3de
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10f
Magic	0x10b
LinkerVersion	5.0
SizeOfCode	0x800
SizeOfInitializedData	0x2200
SizeOfUninitializedData	0
AddressOfEntryPoint	0x10bc
BaseOfCode	0x1000
BaseOfData	0x2000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0xb3000
SizeOfHeaders	0x400
CheckSum	0x53200
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x7a1	0x800	R-X CODE
.rdata	0x2000	0xab8	0xc00	RW- IDATA
.data	0x3000	0xae000	0x400	RW- IDATA
.rsrc	0xb1000	0x115c	0x1200	R-- IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x20c8	0x64
RESOURCE	0xb1000	0x115c
EXCEPTION	0	0
SECURITY	0x3a00	0x200
BASERELOC	0	0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x2ab8	0x18
LOAD_CONFIG	0x3c00	0x100
Bound_IAT	0	0
IAT	0x2000	0xc8
Delay_IAT	0	0
CLR_Header	0	0
	0x3d00	0x100

TLS

raw start	raw end	index	callbks	zero fill	flags
0x402ad0	0x402af8	0x402af8	0x402afc	0	0

show previews

type	name	size	cp
ICON	#1	4264	0
GROUP_ICON	#500	20	0

module_name	hint	function_name
KERNEL32.dll	183	HeapCreate
KERNEL32.dll	195	FileTimeToLocalFileTime
KERNEL32.dll	332	GetDriveTypeA
KERNEL32.dll	151	EnterCriticalSection
KERNEL32.dll	433	GetStdHandle
KERNEL32.dll	772	SetErrorMode
KERNEL32.dll	666	RaiseException
KERNEL32.dll	512	GlobalUnlock
KERNEL32.dll	600	LockResource
KERNEL32.dll	264	LoadLibraryExA
KERNEL32.dll	755	SetConsoleOutputCP
KERNEL32.dll	247	GetACP
KERNEL32.dll	361	GetLastError
KERNEL32.dll	50	CloseHandle
KERNEL32.dll	641	VirtualProtect
KERNEL32.dll	496	GlobalDeleteAtom
KERNEL32.dll	542	InterlockedExchange
KERNEL32.dll	501	GlobalFree
KERNEL32.dll	492	GlobalAddAtomA
KERNEL32.dll	835	Sleep
KERNEL32.dll	364	GetLocaleInfoA
USER32.dll	201	EndPaint
USER32.dll	14	BeginPaint
USER32.dll	268	GetCursorPos
USER32.dll	208	GetActiveWindow
USER32.dll	710	ValidateRect
USER32.dll	557	ShowWindow
USER32.dll	319	GetWindow
USER32.dll	66	ClipCursor
USER32.dll	309	GetMenuItemInfoA
USER32.dll	189	DrawTextA
USER32.dll	467	ReleaseDC
USER32.dll	437	IsIconic
USER32.dll	330	GetWindowTextA
USER32.dll	253	GetClassNameA
USER32.dll	326	GetParent
USER32.dll	495	OemToCharW
USER32.dll	247	GetFocus
USER32.dll	248	SetForegroundWindow
USER32.dll	179	DrawEdge
HTTPAPI.dll	2	HttpAddUrl
HTTPAPI.dll	7	HttpCreateHttpHandle
HTTPAPI.dll	42	HttpTerminate
HTTPAPI.dll	20	HttpInitialize
HTTPAPI.dll	33	HttpRemoveUrl
WLDAP32.dll	11	ldap_add

OpenSSL (terse)
ASN.1 (verbose)

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444198913, wRevision=46431, wCertificateType=64600, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=342871802, wRevision=46919, wCertificateType=62810, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1016256487, wRevision=34367, wCertificateType=59999, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=611971345, wRevision=38192, wCertificateType=600, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=697355785, wRevision=37715, wCertificateType=854, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=864800012, wRevision=42845, wCertificateType=51504, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1050271460, wRevision=45142, wCertificateType=59464, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1067514115, wRevision=38692, wCertificateType=52799, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1183314203, wRevision=38692, wCertificateType=51266, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1183313693, wRevision=34612, wCertificateType=61746, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=947574246, wRevision=34622, wCertificateType=61224, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=529853458, wRevision=39471, wCertificateType=63787, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=813945608, wRevision=39263, wCertificateType=63532, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=813945608, wRevision=39007, wCertificateType=64297, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=312536546, wRevision=38234, wCertificateType=58449, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=211472143, wRevision=37718, wCertificateType=64083, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=360180451, wRevision=38751, wCertificateType=1350, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=259711979, wRevision=39008, wCertificateType=1608, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=159706346, wRevision=34886, wCertificateType=60504, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=225896164, wRevision=49218, wCertificateType=57396, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=780719342, wRevision=45395, wCertificateType=53554, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444397565, wRevision=45351, wCertificateType=53810, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=427490048, wRevision=42536, wCertificateType=52774, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1133432592, wRevision=46134, wCertificateType=62307, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=965536739, wRevision=45883, wCertificateType=59236, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=41769, wCertificateType=58722, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=660988182, wRevision=42537, wCertificateType=54867, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=446235143, wRevision=41255, wCertificateType=65336, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=631242243, wRevision=38700, wCertificateType=63801, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=311159322, wRevision=40740, wCertificateType=63554, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=260761625, wRevision=41251, wCertificateType=64836, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=327935008, wRevision=38951, wCertificateType=568, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=346160650, wRevision=36927, wCertificateType=55621, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=346150115, wRevision=36154, wCertificateType=62539, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=679732244, wRevision=47683, wCertificateType=52577, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1080413931, wRevision=38965, wCertificateType=59459, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=913690606, wRevision=31806, wCertificateType=39438, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1675572988, wRevision=26165, wCertificateType=35081, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1659124970, wRevision=25393, wCertificateType=59404, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=936387791, wRevision=30362, wCertificateType=61988, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=480776614, wRevision=29851, wCertificateType=59675, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1120940201, wRevision=29813, wCertificateType=62485, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=1053894564, wRevision=31611, wCertificateType=62748, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

No certificates in

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=964095238, wRevision=39227, wCertificateType=54611, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444198913, wRevision=46431, wCertificateType=64600, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=342871802, wRevision=46919, wCertificateType=62810, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1016256487, wRevision=34367, wCertificateType=59999, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=611971345, wRevision=38192, wCertificateType=600, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=697355785, wRevision=37715, wCertificateType=854, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=864800012, wRevision=42845, wCertificateType=51504, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1050271460, wRevision=45142, wCertificateType=59464, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1067514115, wRevision=38692, wCertificateType=52799, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1082846750, wRevision=38947, wCertificateType=52799, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1183314203, wRevision=38692, wCertificateType=51266, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1183313693, wRevision=34612, wCertificateType=61746, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=947574246, wRevision=34622, wCertificateType=61224, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=529853458, wRevision=39471, wCertificateType=63787, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=813945608, wRevision=39263, wCertificateType=63532, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=813945608, wRevision=39007, wCertificateType=64297, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=312536546, wRevision=38234, wCertificateType=58449, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=211472143, wRevision=37718, wCertificateType=64083, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=343337699, wRevision=39774, wCertificateType=64083, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=360180451, wRevision=38751, wCertificateType=1350, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=259711979, wRevision=39008, wCertificateType=1608, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=159706346, wRevision=34886, wCertificateType=60504, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=225896164, wRevision=49218, wCertificateType=57396, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=780719342, wRevision=45395, wCertificateType=53554, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444397565, wRevision=45351, wCertificateType=53810, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=427490048, wRevision=42536, wCertificateType=52774, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1133432592, wRevision=46134, wCertificateType=62307, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=965536739, wRevision=45883, wCertificateType=59236, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=42281, wCertificateType=59236, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=660988184, wRevision=41769, wCertificateType=58722, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=660988182, wRevision=42537, wCertificateType=54867, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=446235143, wRevision=41255, wCertificateType=65336, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=631242243, wRevision=38700, wCertificateType=63801, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=311159322, wRevision=40740, wCertificateType=63554, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=260761625, wRevision=41251, wCertificateType=64836, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=327935008, wRevision=38951, wCertificateType=568, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=346160650, wRevision=36927, wCertificateType=55621, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=346150115, wRevision=36154, wCertificateType=62539, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=444526105, wRevision=38952, wCertificateType=62539, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=679732244, wRevision=47683, wCertificateType=52577, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1080413931, wRevision=38965, wCertificateType=59459, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=913690606, wRevision=31806, wCertificateType=39438, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1675572988, wRevision=26165, wCertificateType=35081, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1659124970, wRevision=25393, wCertificateType=59404, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=936387791, wRevision=30362, wCertificateType=61988, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=480776614, wRevision=29851, wCertificateType=59675, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1120940201, wRevision=29813, wCertificateType=62485, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=1053894564, wRevision=31611, wCertificateType=62748, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

Cannot call to_der on

#<struct PEdump::WIN_CERTIFICATE dwLength=431954389, wRevision=27756, wCertificateType=62731, data=nil>

show previews

offset	size	type	comment
0	11776	EXE	01/12/2011 13:59:58	#
15c1	15	HTM		#
2e00	306176	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 317952 bytes (311 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

[?] can't find file_offset of VA 0x3c00

[?] can't find file_offset of VA 0x3d00

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

[!] PEdump::WIN_CERTIFICATE: too big length 964095238

[!] PEdump::WIN_CERTIFICATE: too big length 444198913

[!] PEdump::WIN_CERTIFICATE: too big length 342871802

[!] PEdump::WIN_CERTIFICATE: too big length 1016256487

[!] PEdump::WIN_CERTIFICATE: too big length 611971345

[!] PEdump::WIN_CERTIFICATE: too big length 697355785

[!] PEdump::WIN_CERTIFICATE: too big length 864800012

[!] PEdump::WIN_CERTIFICATE: too big length 1050271460

[!] PEdump::WIN_CERTIFICATE: too big length 1067514115

[!] PEdump::WIN_CERTIFICATE: too big length 1082846750

[!] PEdump::WIN_CERTIFICATE: too big length 1183314203

[!] PEdump::WIN_CERTIFICATE: too big length 1183313693

[!] PEdump::WIN_CERTIFICATE: too big length 947574246

[!] PEdump::WIN_CERTIFICATE: too big length 529853458

[!] PEdump::WIN_CERTIFICATE: too big length 813945608

[!] PEdump::WIN_CERTIFICATE: too big length 312536546

[!] PEdump::WIN_CERTIFICATE: too big length 211472143

[!] PEdump::WIN_CERTIFICATE: too big length 343337699

[!] PEdump::WIN_CERTIFICATE: too big length 360180451

[!] PEdump::WIN_CERTIFICATE: too big length 259711979

[!] PEdump::WIN_CERTIFICATE: too big length 159706346

[!] PEdump::WIN_CERTIFICATE: too big length 225896164

[!] PEdump::WIN_CERTIFICATE: too big length 780719342

[!] PEdump::WIN_CERTIFICATE: too big length 444397565

[!] PEdump::WIN_CERTIFICATE: too big length 427490048

[!] PEdump::WIN_CERTIFICATE: too big length 1133432592

[!] PEdump::WIN_CERTIFICATE: too big length 965536739

[!] PEdump::WIN_CERTIFICATE: too big length 660988184

[!] PEdump::WIN_CERTIFICATE: too big length 660988182

[!] PEdump::WIN_CERTIFICATE: too big length 446235143

[!] PEdump::WIN_CERTIFICATE: too big length 631242243

[!] PEdump::WIN_CERTIFICATE: too big length 311159322

[!] PEdump::WIN_CERTIFICATE: too big length 260761625

[!] PEdump::WIN_CERTIFICATE: too big length 327935008

[!] PEdump::WIN_CERTIFICATE: too big length 346160650

[!] PEdump::WIN_CERTIFICATE: too big length 346150115

[!] PEdump::WIN_CERTIFICATE: too big length 444526105

[!] PEdump::WIN_CERTIFICATE: too big length 679732244

[!] PEdump::WIN_CERTIFICATE: too big length 1080413931

[!] PEdump::WIN_CERTIFICATE: too big length 913690606

[!] PEdump::WIN_CERTIFICATE: too big length 1675572988

[!] PEdump::WIN_CERTIFICATE: too big length 1659124970

[!] PEdump::WIN_CERTIFICATE: too big length 936387791

[!] PEdump::WIN_CERTIFICATE: too big length 480776614

[!] PEdump::WIN_CERTIFICATE: too big length 1120940201

[!] PEdump::WIN_CERTIFICATE: too big length 1053894564

[!] PEdump::WIN_CERTIFICATE: too big length 431954389

data.exe- Win.Trojan.FakeAV-168

MZ Header

Rich Header

DOS stub

PE Header

Sections

Data Directory

TLS

data.exe
- Win.Trojan.FakeAV-168