comments powered byDisqus

MZ Header

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
00000040: 5d cf 9f 87 19 ae f1 d4  19 ae f1 d4 19 ae f1 d4  |]...............|
00000050: 97 b1 e2 d4 13 ae f1 d4  e5 8e e3 d4 18 ae f1 d4  |................|
00000060: 52 69 63 68 19 ae f1 d4  00 00 00 00 00 00 00 00  |Rich............|
00000070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000370: 00 40 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.@..............|
00000380: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000003c0: 18 20 00 00 50 00 00 00  00 00 00 00 00 00 00 00  |. ..P...........|
000003d0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000410: 00 00 00 00 00 00 00 00  00 20 00 00 18 00 00 00  |......... ......|
00000420: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000430: 00 00 00 00 00 00 00 00  2e 74 65 73 74 00 00 00  |.........test...|
00000440: 44 00 00 00 00 10 00 00  00 00 00 00 00 00 00 00  |D...............|
00000450: 00 00 00 00 00 00 00 00  00 00 00 00 20 00 00 60  |............ ..`|
00000460: 2e 72 64 61 74 61 00 00  da 00 00 00 00 20 00 00  |.rdata....... ..|
00000470: 00 02 00 00 00 06 00 00  00 00 00 00 00 00 00 00  |................|
00000480: 00 00 00 00 40 00 00 40  2e 64 61 74 61 00 00 00  |....@..@.data...|
00000490: 28 00 00 00 00 30 00 00  00 02 00 00 00 08 00 00  |(....0..........|
000004a0: 00 00 00 00 00 00 00 00  00 00 00 00 40 00 00 c0  |............@...|
000004b0: 6a 00 6a 00 68 1f 30 40  00 68 00 30 40 00 6a 00  |j.j.h.0@.h.0@.j.|
000004c0: e8 23 00 00 00 6a 05 6a  00 6a 00 68 1f 30 40 00  |.#...j.j.j.h.0@.|
000004d0: 68 1a 30 40 00 6a 00 e8  12 00 00 00 50 e8 00 00  |h.0@.j......P...|
000004e0: 00 00 ff 25 00 20 40 00  ff 25 10 20 40 00 ff 25  |...%. @..%. @..%|
000004f0: 08 20 40 00 00 00 00 00  00 00 00 00 00 00 00 00  |. @.............|
00000500: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000005c0: 80 20 00 00 00 00 00 00  be 20 00 00 00 00 00 00  |. ....... ......|
000005d0: 9c 20 00 00 00 00 00 00  68 20 00 00 00 00 00 00  |. ......h ......|
000005e0: 00 00 00 00 8e 20 00 00  00 20 00 00 78 20 00 00  |..... ... ..x ..|
000005f0: 00 00 00 00 00 00 00 00  b2 20 00 00 10 20 00 00  |......... ... ..|
00000600: 70 20 00 00 00 00 00 00  00 00 00 00 ce 20 00 00  |p ........... ..|
00000610: 08 20 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |. ..............|
00000620: 00 00 00 00 00 00 00 00  80 20 00 00 00 00 00 00  |......... ......|
00000630: be 20 00 00 00 00 00 00  9c 20 00 00 00 00 00 00  |. ....... ......|
00000640: 81 00 45 78 69 74 50 72  6f 63 65 73 73 00 6b 65  |..ExitProcess.ke|
00000650: 72 6e 65 6c 33 32 2e 64  6c 6c 00 00 31 00 55 52  |rnel32.dll..1.UR|
00000660: 4c 44 6f 77 6e 6c 6f 61  64 54 6f 46 69 6c 65 41  |LDownloadToFileA|
00000670: 00 00 75 72 6c 6d 6f 6e  2e 64 6c 6c 00 00 67 00  |..urlmon.dll..g.|
00000680: 53 68 65 6c 6c 45 78 65  63 75 74 65 41 00 73 68  |ShellExecuteA.sh|
00000690: 65 6c 6c 33 32 2e 64 6c  6c 00 00 00 00 00 00 00  |ell32.dll.......|
000006a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000006c0: 80 20 00 00 00 00 00 00  be 20 00 00 00 00 00 00  |. ....... ......|
000006d0: 9c 20 00 00 00 00 00 00  68 21 00 00 00 00 00 00  |. ......h!......|
000006e0: 00 00 00 00 8e 21 00 00  00 21 00 00 00 00 00 00  |.....!...!......|
000006f0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000700: 00 00 00 00 00 00 00 00  00 00 00 00 ce 21 00 00  |.............!..|
00000710: 08 21 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.!..............|
00000720: 00 00 00 00 00 00 00 00  80 21 00 00 00 00 00 00  |.........!......|
00000730: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000740: 81 00 45 78 69 74 50 72  6f 63 65 73 73 00 6b 65  |..ExitProcess.ke|
00000750: 72 6e 65 6c 33 32 2e 64  6c 6c 00 00 00 00 00 00  |rnel32.dll......|
00000760: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000007c0: 68 74 74 70 3a 2f 2f 6c  6f 63 61 6c 68 6f 73 74  |http://localhost|
000007d0: 2f 74 65 73 74 2e 7a 69  70 00 6f 70 65 6e 00 74  |/test.zip.open.t|
000007e0: 65 73 74 2e 7a 69 70 00  00 00 00 00 00 00 00 00  |est.zip.........|
000007f0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000f40:

PE Header

Sections

Data Directory

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

[!] section with va=0x1000 overwrites PE header! trying to rebuild...

[!] non-zero dos stub after rich_hdr: "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00..."

[?] can't find file_offset of VA 0x10f0

[?] can't find EntryPoint RVA (0x10f0) file offset

[?] can't find file_offset of VA 0x10f0

[?] can't find EntryPoint RVA (0x10f0) file offset

[?] can't find file_offset of VA 0x10f0

[?] can't find EntryPoint RVA (0x10f0) file offset