filename | t.bender | |
---|---|---|
size | 43872 (0xab60) | |
md5 | fcf42f407a35b1509660ab0c60e10dde | |
type | PE32 executable (native) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x260 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001c0:
PE Header
Packer / Compiler
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x35c0 | 0x3c | |
RESOURCE | 0 | 0 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0x3c80 | 0x2b4 | |
DEBUG | 0x2d10 | 0x1c | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0x2e40 | 0x40 | |
Bound_IAT | 0 | 0 | |
IAT | 0x2c00 | 0x110 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
ntoskrnl.exe | 1287 | ZwClose | |
ntoskrnl.exe | 1372 | ZwSetInformationFile | |
ntoskrnl.exe | 1345 | ZwQueryInformationFile | |
ntoskrnl.exe | 1292 | ZwCreateFile | |
ntoskrnl.exe | 1391 | ZwWriteFile | |
ntoskrnl.exe | 1299 | ZwDeleteFile | |
ntoskrnl.exe | 916 | PsTerminateSystemThread | |
ntoskrnl.exe | 500 | KeCancelTimer | |
ntoskrnl.exe | 618 | KeWaitForSingleObject | |
ntoskrnl.exe | 607 | KeSetTimerEx | |
ntoskrnl.exe | 541 | KeInitializeTimerEx | |
ntoskrnl.exe | 78 | ExFreePoolWithTag | |
ntoskrnl.exe | 1461 | swprintf | |
ntoskrnl.exe | 840 | PsCreateSystemThread | |
ntoskrnl.exe | 1356 | ZwQuerySystemInformation | |
ntoskrnl.exe | 65 | ExAllocatePoolWithTag | |
ntoskrnl.exe | 1417 | _stricmp | |
ntoskrnl.exe | 1457 | strncpy | |
ntoskrnl.exe | 1451 | strchr | |
ntoskrnl.exe | 1359 | ZwReadFile | |
ntoskrnl.exe | 600 | KeSetPriorityThread | |
ntoskrnl.exe | 516 | KeGetCurrentThread | |
ntoskrnl.exe | 759 | NtQueryDirectoryFile | |
ntoskrnl.exe | 768 | NtQuerySystemInformation | |
ntoskrnl.exe | 752 | NtOpenFile | |
ntoskrnl.exe | 737 | NtCreateFile | |
ntoskrnl.exe | 832 | ProbeForRead | |
ntoskrnl.exe | 1409 | _except_handler3 | |
ntoskrnl.exe | 359 | IoGetCurrentProcess | |
ntoskrnl.exe | 1049 | RtlInitUnicodeString | |
ntoskrnl.exe | 1426 | _wcsicmp | |
ntoskrnl.exe | 1478 | wcsrchr | |
ntoskrnl.exe | 1480 | wcsstr | |
ntoskrnl.exe | 1323 | ZwOpenFile | |
ntoskrnl.exe | 1474 | wcslen | |
ntoskrnl.exe | 953 | RtlCompareUnicodeString | |
ntoskrnl.exe | 812 | ObfDereferenceObject | |
ntoskrnl.exe | 802 | ObQueryNameString | |
ntoskrnl.exe | 804 | ObReferenceObjectByHandle | |
ntoskrnl.exe | 1325 | ZwOpenKey | |
ntoskrnl.exe | 1469 | wcscat | |
ntoskrnl.exe | 1025 | RtlFreeUnicodeString | |
ntoskrnl.exe | 933 | RtlAnsiStringToUnicodeString | |
ntoskrnl.exe | 1046 | RtlInitAnsiString | |
ntoskrnl.exe | 1456 | strncmp | |
ntoskrnl.exe | 298 | IoAttachDeviceToDeviceStack | |
ntoskrnl.exe | 317 | IoCreateDevice | |
ntoskrnl.exe | 363 | IoGetDeviceObjectPointer | |
ntoskrnl.exe | 334 | IoDeleteDevice | |
ntoskrnl.exe | 337 | IoDetachDevice | |
ntoskrnl.exe | 479 | IofCallDriver | |
ntoskrnl.exe | 480 | IofCompleteRequest | |
ntoskrnl.exe | 121 | ExReleaseFastMutexUnsafe | |
ntoskrnl.exe | 326 | IoCreateSymbolicLink | |
ntoskrnl.exe | 54 | ExAcquireFastMutexUnsafe | |
ntoskrnl.exe | 336 | IoDeleteSymbolicLink | |
ntoskrnl.exe | 533 | KeInitializeEvent | |
ntoskrnl.exe | 611 | KeTickCount | |
ntoskrnl.exe | 499 | KeBugCheckEx | |
ntoskrnl.exe | 1125 | RtlQueryRegistryValues | |
ntoskrnl.exe | 1198 | RtlWriteRegistryValue | |
ntoskrnl.exe | 48 | DbgPrint | |
ntoskrnl.exe | 983 | RtlDeleteRegistryValue | |
ntoskrnl.exe | 5234588 | ||
ntoskrnl.exe | 5238568 | ||
ntoskrnl.exe | 5237108 | ||
ntoskrnl.exe | 5234828 | ||
ntoskrnl.exe | 5239568 | ||
ntoskrnl.exe | 5235328 | ||
ntoskrnl.exe | 6066226 | ||
ntoskrnl.exe | 5213650 | ||
ntoskrnl.exe | 5217200 | ||
ntoskrnl.exe | 5213708 | ||
ntoskrnl.exe | 5213596 | ||
ntoskrnl.exe | 5523686 | ||
ntoskrnl.exe | 5470837 | ||
ntoskrnl.exe | 6059152 | ||
ntoskrnl.exe | 5237548 | ||
ntoskrnl.exe | 5525376 | ||
ntoskrnl.exe | 5464505 | ||
ntoskrnl.exe | 5470304 | ||
ntoskrnl.exe | 5469456 | ||
ntoskrnl.exe | 5237748 | ||
ntoskrnl.exe | 5225358 | ||
ntoskrnl.exe | 5508992 | ||
ntoskrnl.exe | 5697924 | ||
ntoskrnl.exe | 6325672 | ||
ntoskrnl.exe | 5698730 | ||
ntoskrnl.exe | 5694348 | ||
ntoskrnl.exe | 6344548 | ||
ntoskrnl.exe | 5463776 | ||
ntoskrnl.exe | 5170712 | ||
ntoskrnl.exe | 5418396 | ||
ntoskrnl.exe | 5464997 | ||
ntoskrnl.exe | 5471742 | ||
ntoskrnl.exe | 5471877 | ||
ntoskrnl.exe | 5236408 | ||
ntoskrnl.exe | 5471514 | ||
ntoskrnl.exe | 6127458 | ||
ntoskrnl.exe | 5385106 | ||
ntoskrnl.exe | 6006708 | ||
ntoskrnl.exe | 5966858 | ||
ntoskrnl.exe | 5236468 | ||
ntoskrnl.exe | 5471249 | ||
ntoskrnl.exe | 6127310 | ||
ntoskrnl.exe | 6129398 | ||
ntoskrnl.exe | 5418340 | ||
ntoskrnl.exe | 5470240 | ||
ntoskrnl.exe | 5180076 | ||
ntoskrnl.exe | 5680102 | ||
ntoskrnl.exe | 5682338 | ||
ntoskrnl.exe | 5179608 | ||
ntoskrnl.exe | 5170026 | ||
ntoskrnl.exe | 5169456 | ||
ntoskrnl.exe | 5169600 | ||
ntoskrnl.exe | 5514948 | ||
ntoskrnl.exe | 5672568 | ||
ntoskrnl.exe | 5514916 | ||
ntoskrnl.exe | 5673430 | ||
ntoskrnl.exe | 5214002 | ||
ntoskrnl.exe | 5549728 | ||
ntoskrnl.exe | 5213354 | ||
ntoskrnl.exe | 6151864 | ||
ntoskrnl.exe | 6153438 | ||
ntoskrnl.exe | 5406354 | ||
ntoskrnl.exe | 6153628 | ||
HAL.dll | 77 | KfLowerIrql | |
HAL.dll | 76 | KfAcquireSpinLock | |
HAL.dll | 78 | KfRaiseIrql | |
HAL.dll | 7156432 | ||
HAL.dll | 7157472 | ||
HAL.dll | 7156344 |
Scanning the drive for archives: 1 file, 43872 bytes (43 KiB) Errors: 1
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK