| filename | wrath.exe | |
|---|---|---|
| size | 47616 (0xba00) | |
| md5 | 46607ebf34779c3b5f8f028994fa7b7e | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x7c |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 61 74 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |at program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 |mode....$... |
PE Header
Sections
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0xe1d0 | 0x2078 | |
| RESOURCE | 0x15000 | 0x5689 | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0 | 0 | |
| BASERELOC | 0x14000 | 0x54c | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0x13000 | 0x18 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
TLS
| raw start | raw end | index | callbks | zero fill | flags | |
|---|---|---|---|---|---|---|
| 0x412000 | 0x412008 | 0x404000 | 0x413010 | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| cabinet.dll | 13 | FCIFlushCabinet | |
| cabinet.dll | 3 | Extract | |
| wtsapi32.dll | 51 | WTSUnRegisterSessionNotification | |
| wtsapi32.dll | 59 | WTSVirtualChannelRead | |
| wtsapi32.dll | 61 | WTSWaitSystemEvent | |
| wtsapi32.dll | 58 | WTSVirtualChannelQuery | |
| wtsapi32.dll | 53 | WTSVirtualChannelClose | |
| wtsapi32.dll | 15 | WTSEnumerateSessionsA | |
| wtsapi32.dll | 60 | WTSVirtualChannelWrite | |
| wtsapi32.dll | 25 | WTSOpenServerA | |
| wtsapi32.dll | 9 | WTSEnumerateProcessesA | |
| wtsapi32.dll | 24 | WTSLogoffSession | |
| wtsapi32.dll | 1 | WTSCloseServer | |
| wtsapi32.dll | 13 | WTSEnumerateServersA | |
| wtsapi32.dll | 31 | WTSQuerySessionInformationA | |
| wtsapi32.dll | 45 | WTSSetUserConfigW | |
| wtsapi32.dll | 36 | WTSRegisterSessionNotification | |
| wtsapi32.dll | 28257 | nelWrite | |
| wtsapi32.dll | 28524 | seServer | |
| wtsapi32.dll | 24931 | binet.dll | |
| wtsapi32.dll | 29525 | erConfigW | |
| wtsapi32.dll | 29264 | ocessesA | |
| wtsapi32.dll | 26222 | ormationA | |
| wtsapi32.dll | 25972 | SessionsA | |
| wtsapi32.dll | 28257 | nelQuery | |
| wtsapi32.dll | 26996 | fication | |
| wtsapi32.dll | 25972 | ServersA | |
| wtsapi32.dll | 29561 | temEvent | |
| wtsapi32.dll | 25968 | nServerA | |
| wtsapi32.dll | 26691 | annelRead | |
| wtsapi32.dll | 28257 | nelClose | |
| kernel32.dll | 455 | GetCurrentThreadId | |
| kernel32.dll | 663 | GetTimeFormatA | |
| kernel32.dll | 440 | GetConsoleTitleW | |
| kernel32.dll | 164 | GetNumberFormatA | |
| kernel32.dll | 157 | CreateMutexA | |
| kernel32.dll | 294 | FileTimeToLocalFileTime | |
| kernel32.dll | 367 | GetAtomNameA | |
| kernel32.dll | 173 | CreateSemaphoreA | |
| kernel32.dll | 961 | ReadFile | |
| kernel32.dll | 685 | GetVolumePathNameW | |
| kernel32.dll | 1356 | lstrcpynW | |
| kernel32.dll | 99 | CompareStringA | |
| kernel32.dll | 535 | GetModuleHandleA | |
| kernel32.dll | 1119 | SetFileAttributesA | |
| kernel32.dll | 1349 | lstrcmpiA | |
| kernel32.dll | 84 | CloseHandle | |
| kernel32.dll | 398 | GetComputerNameA | |
| kernel32.dll | 370 | GetBinaryTypeA | |
| kernel32.dll | 478 | GetEnvironmentVariableW | |
| kernel32.dll | 662 | GetTickCount | |
| kernel32.dll | 1346 | lstrcmpA | |
| kernel32.dll | 523 | GetLogicalDrives | |
| kernel32.dll | 573 | GetPrivateProfileIntA | |
| kernel32.dll | 1274 | WaitForSingleObject | |
| kernel32.dll | 223 | DeviceIoControl | |
| kernel32.dll | 928 | QueryDosDeviceA | |
| kernel32.dll | 333 | FindResourceA | |
| kernel32.dll | 677 | GetSystemInfo | |
| kernel32.dll | 351 | FormatMessageA | |
| kernel32.dll | 750 | InterlockedExchange | |
| kernel32.dll | 749 | InterlockedDecrement | |
| kernel32.dll | 205 | GetProcAddress | |
| kernel32.dll | 506 | GetFullPathNameA | |
| kernel32.dll | 610 | GetShortPathNameA | |
| kernel32.dll | 588 | GetProcessHeap | |
| kernel32.dll | 448 | GetCurrentDirectoryA | |
| kernel32.dll | 114 | CopyFileA | |
| kernel32.dll | 450 | GetCurrentProcess | |
| kernel32.dll | 1109 | SetEnvironmentVariableA | |
| kernel32.dll | 1101 | SetCurrentDirectoryA | |
| kernel32.dll | 1224 | TlsGetValue | |
| kernel32.dll | 462 | GetDiskFreeSpaceA | |
| kernel32.dll | 28018 | atMessageA | |
| kernel32.dll | 24918 | riableA | |
| kernel32.dll | 25449 | alDrives | |
| kernel32.dll | 27765 | lPathNameA | |
| kernel32.dll | 28257 | dle | |
| kernel32.dll | 16752 | ||
| kernel32.dll | 27753 | eIntA | |
| kernel32.dll | 28771 | ynW | |
| kernel32.dll | 29806 | DirectoryA | |
| kernel32.dll | 20077 | ameA | |
| kernel32.dll | 29806 | ||
| kernel32.dll | 25964 | A | |
| kernel32.dll | 29810 | PathNameA | |
| kernel32.dll | 24941 | tA | |
| kernel32.dll | 25964 | TitleW | |
| kernel32.dll | 115 | ed 02 49 6e 74 65 72 6c 6f 63 6b 65 64 44 65 63 |..InterlockedDec| 72 65 6d 65 6e 74 |rement | | |
| kernel32.dll | 25970 | ment | |
| kernel32.dll | c0 01 47 65 74 43 75 72 72 65 6e 74 44 69 72 65 |..GetCurrentDire| 63 74 6f 72 79 41 |ctoryA | | ||
| kernel32.dll | 65 | 4d 04 53 65 74 43 75 72 72 65 6e 74 44 69 72 65 |M.SetCurrentDire| 63 74 6f 72 79 41 |ctoryA | | |
| kernel32.dll | 26950 | le | |
| kernel32.dll | 25972 | xA | |
| kernel32.dll | 28265 | gA | |
| kernel32.dll | 25697 | Id | |
| kernel32.dll | 25938 | sourceA | |
| kernel32.dll | 24918 | riableW | |
| kernel32.dll | 25970 | ss | |
| kernel32.dll | 25970 | ctoryA | |
| kernel32.dll | 27234 | ect | |
| kernel32.dll | 3d 02 47 65 74 50 72 69 76 61 74 65 50 72 6f 66 |=.GetPrivateProf| 69 6c 65 49 6e 74 41 |ileIntA | | ||
| kernel32.dll | 21620 | imeFormatA | |
| kernel32.dll | 25972 | mInfo | |
| kernel32.dll | 28257 | dleA | |
| kernel32.dll | 28483 | ntrol | |
| kernel32.dll | 26736 | oreA | |
| kernel32.dll | 25955 | A | |
| kernel32.dll | 26223 | fSession | |
| kernel32.dll | 26998 | ceA | |
| kernel32.dll | 25464 | hange | |
| msimg32.dll | 5 | TransparentBlt | |
| msimg32.dll | 3 | DllInitialize | |
| msimg32.dll | 28009 | e | |
| msimg32.dll | 30050 | tesA |
Scanning the drive for archives: 1 file, 47616 bytes (47 KiB) Errors: 1
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x4000