parent | zaking.exe | |
---|---|---|
filename | zaking.unpacked.exe | |
size | 1323008 (0x143000) | |
md5 | 8c90cc1023e93ce2aa873cfa17d8a73e | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x6454 | 0x3c | |
RESOURCE | 0 | 0 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0xa000 | 0x41c | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0x6000 | 0xbc | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 553 | IsBadReadPtr | |
KERNEL32.dll | 343 | GetFileAttributesExA | |
KERNEL32.dll | 489 | GetWindowsDirectoryA | |
KERNEL32.dll | 478 | GetVersion | |
KERNEL32.dll | 431 | GetStartupInfoA | |
KERNEL32.dll | 264 | GetCommandLineA | |
KERNEL32.dll | 245 | GetACP | |
KERNEL32.dll | 843 | SuspendThread | |
KERNEL32.dll | 317 | GetCurrentThread | |
KERNEL32.dll | 556 | IsBadWritePtr | |
KERNEL32.dll | 375 | GetModuleHandleA | |
KERNEL32.dll | 434 | GetStringTypeA | |
KERNEL32.dll | 571 | LCMapStringW | |
KERNEL32.dll | 175 | ExitProcess | |
KERNEL32.dll | 849 | TerminateProcess | |
KERNEL32.dll | 314 | GetCurrentProcess | |
KERNEL32.dll | 866 | UnhandledExceptionFilter | |
KERNEL32.dll | 373 | GetModuleFileNameA | |
KERNEL32.dll | 237 | FreeEnvironmentStringsA | |
KERNEL32.dll | 238 | FreeEnvironmentStringsW | |
KERNEL32.dll | 905 | WideCharToMultiByte | |
KERNEL32.dll | 333 | GetEnvironmentStrings | |
KERNEL32.dll | 335 | GetEnvironmentStringsW | |
KERNEL32.dll | 793 | SetHandleCount | |
KERNEL32.dll | 433 | GetStdHandle | |
KERNEL32.dll | 350 | GetFileType | |
KERNEL32.dll | 336 | GetEnvironmentVariableA | |
KERNEL32.dll | 479 | GetVersionExA | |
KERNEL32.dll | 522 | HeapDestroy | |
KERNEL32.dll | 520 | HeapCreate | |
KERNEL32.dll | 888 | VirtualFree | |
KERNEL32.dll | 524 | HeapFree | |
KERNEL32.dll | 716 | RtlUnwind | |
KERNEL32.dll | 919 | WriteFile | |
KERNEL32.dll | 252 | GetCPInfo | |
KERNEL32.dll | 395 | GetOEMCP | |
KERNEL32.dll | 518 | HeapAlloc | |
KERNEL32.dll | 885 | VirtualAlloc | |
KERNEL32.dll | 528 | HeapReAlloc | |
KERNEL32.dll | 408 | GetProcAddress | |
KERNEL32.dll | 584 | LoadLibraryA | |
KERNEL32.dll | 619 | MultiByteToWideChar | |
KERNEL32.dll | 570 | LCMapStringA | |
KERNEL32.dll | 437 | GetStringTypeW | |
KERNEL32.dll | 51551 | c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 |.......E.^_.....| 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d |...F..G..E.^_...| 49 |I | | |
KERNEL32.dll | 1674 | 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d |...F..G..E.^_...| 49 |I | | |
KERNEL32.dll | 18058 | 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 |..G..F..G..E.^_.| c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 |...t1..|9.... | | |
KERNEL32.dll | 31885 | 39 fc f7 c7 03 |9.... | | |
KERNEL32.dll | 33538 | e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 d0 56 |.....r......$..V| 40 |@ | | |
KERNEL32.dll | 64 | 8b ff f7 d9 ff 24 8d 80 56 40 |.....$..V@ | | |
KERNEL32.dll | 954 | ||
KERNEL32.dll | 57475 | 03 2b c8 ff 24 85 d8 55 40 |.+..$..U@ | | |
KERNEL32.dll | 16470 | ||
KERNEL32.dll | 35025 | 47 03 4e c1 e9 02 4f 83 f9 08 72 b6 fd f3 a5 fc |G.N...O...r.....| ff 24 95 d0 56 40 |.$..V@ | | |
KERNEL32.dll | 64677 | ff 24 95 d0 56 40 |.$..V@ | | |
KERNEL32.dll | |||
KERNEL32.dll | 8963 | d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 |..G..F..G..F....| 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 5a ff |.G............Z.| ff ff fd f3 a5 fc ff 24 95 d0 56 40 |.......$..V@ | | |
KERNEL32.dll | 49409 | e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 |...G............| 5a ff ff ff fd f3 a5 fc ff 24 95 d0 56 40 |Z........$..V@ | | |
KERNEL32.dll | 65535 | fd f3 a5 fc ff 24 95 d0 56 40 |.....$..V@ | | |
KERNEL32.dll | 22156 | @ | |
KERNEL32.dll | 17547 | 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 |...D...D...D...D| 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 |...D...D...D...D| 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 |...D...D...D...D| 8e 04 89 44 8f 04 8d 04 8d |...D..... | | |
KERNEL32.dll | 5263 | 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c |.D...D...D...D..| 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 |.D...D...D...D..| 8d 04 8d |... | | |
KERNEL32.dll | 17547 | 8e 04 89 44 8f 04 8d 04 8d |...D..... | | |
KERNEL32.dll | 65419 | e0 56 40 |.V@ | | |
KERNEL32.dll | 51551 | c3 90 8a 46 03 88 47 03 8b 45 08 5e 5f c9 c3 8d |...F..G..E.^_...| 49 |I | | |
KERNEL32.dll | 839 | 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8a 46 |.F..G..E.^_....F| 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 |..G..F..G..F..G.| 8b 45 08 5e 5f c9 c3 cc cc cc cc cc cc cc cc cc |.E.^_...........| cc cc 8b 54 24 0c 8b 4c 24 04 85 d2 74 47 33 c0 |...T$..L$...tG3.| 8a 44 24 08 57 8b f9 83 fa 04 72 2d f7 d9 83 e1 |.D$.W.....r-....| 03 74 08 2b d1 88 07 47 49 75 fa 8b c8 c1 e0 08 |.t.+...GIu......| 03 c1 8b c8 c1 e0 10 03 c1 8b ca 83 e2 03 c1 e9 |................| 02 74 06 f3 ab 85 d2 74 06 88 07 47 4a 75 fa 8b |.t.....t...GJu..| 44 24 08 5f c3 8b 44 24 04 c3 ff 25 80 60 40 |D$._..D$...%.`@ | | |
KERNEL32.dll | 583 | 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 cc cc cc |.F..G..E.^_.....| cc cc cc cc cc cc cc cc 8b 54 24 0c 8b 4c 24 04 |.........T$..L$.| 85 d2 74 47 33 c0 8a 44 24 08 57 8b f9 83 fa 04 |..tG3..D$.W.....| 72 2d f7 d9 83 e1 03 74 08 2b d1 88 07 47 49 75 |r-.....t.+...GIu| fa 8b c8 c1 e0 08 03 c1 8b c8 c1 e0 10 03 c1 8b |................| ca 83 e2 03 c1 e9 02 74 06 f3 ab 85 d2 74 06 88 |.......t.....t..| 07 47 4a 75 fa 8b 44 24 08 5f c3 8b 44 24 04 c3 |.GJu..D$._..D$..| ff 25 80 60 40 |.%.`@ | | |
KERNEL32.dll | 52428 | cc cc cc cc cc cc 8b 54 24 0c 8b 4c 24 04 85 d2 |.......T$..L$...| 74 47 33 c0 8a 44 24 08 57 8b f9 83 fa 04 72 2d |tG3..D$.W.....r-| f7 d9 83 e1 03 74 08 2b d1 88 07 47 49 75 fa 8b |.....t.+...GIu..| c8 c1 e0 08 03 c1 8b c8 c1 e0 10 03 c1 8b ca 83 |................| e2 03 c1 e9 02 74 06 f3 ab 85 d2 74 06 88 07 47 |.....t.....t...G| 4a 75 fa 8b 44 24 08 5f c3 8b 44 24 04 c3 ff 25 |Ju..D$._..D$...%| 80 60 40 |.`@ | | |
KERNEL32.dll | 53893 | 74 47 33 c0 8a 44 24 08 57 8b f9 83 fa 04 72 2d |tG3..D$.W.....r-| f7 d9 83 e1 03 74 08 2b d1 88 07 47 49 75 fa 8b |.....t.+...GIu..| c8 c1 e0 08 03 c1 8b c8 c1 e0 10 03 c1 8b ca 83 |................| e2 03 c1 e9 02 74 06 f3 ab 85 d2 74 06 88 07 47 |.....t.....t...G| 4a 75 fa 8b 44 24 08 5f c3 8b 44 24 04 c3 ff 25 |Ju..D$._..D$...%| 80 60 40 |.`@ | | |
KERNEL32.dll | 1274 | 72 2d f7 d9 83 e1 03 74 08 2b d1 88 07 47 49 75 |r-.....t.+...GIu| fa 8b c8 c1 e0 08 03 c1 8b c8 c1 e0 10 03 c1 8b |................| ca 83 e2 03 c1 e9 02 74 06 f3 ab 85 d2 74 06 88 |.......t.....t..| 07 47 4a 75 fa 8b 44 24 08 5f c3 8b 44 24 04 c3 |.GJu..D$._..D$..| ff 25 80 60 40 |.%.`@ | | |
KERNEL32.dll | 51339 | c1 e0 10 03 c1 8b ca 83 e2 03 c1 e9 02 74 06 f3 |.............t..| ab 85 d2 74 06 88 07 47 4a 75 fa 8b 44 24 08 5f |...t...GJu..D$._| c3 8b 44 24 04 c3 ff 25 80 60 40 |..D$...%.`@ | | |
KERNEL32.dll | 62214 | ab 85 d2 74 06 88 07 47 4a 75 fa 8b 44 24 08 5f |...t...GJu..D$._| c3 8b 44 24 04 c3 ff 25 80 60 40 |..D$...%.`@ | | |
KERNEL32.dll | 9284 | 08 5f c3 8b 44 24 04 c3 ff 25 80 60 40 |._..D$...%.`@ | | |
KERNEL32.dll | 64 | ||
USER32.dll | 268 | GetDC | |
USER32.dll | 33538 | f9 08 72 8c fd f3 a5 fc ff 24 95 d0 56 40 |..r......$..V@ | |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK