filename | wrath.exe | |
---|---|---|
size | 47616 (0xba00) | |
md5 | 46607ebf34779c3b5f8f028994fa7b7e | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x7c |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 61 74 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |at program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 |mode....$... |
PE Header
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0xe1d0 | 0x2078 | |
RESOURCE | 0x15000 | 0x5689 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0x14000 | 0x54c | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0x13000 | 0x18 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x412000 | 0x412008 | 0x404000 | 0x413010 | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
cabinet.dll | 13 | FCIFlushCabinet | |
cabinet.dll | 3 | Extract | |
wtsapi32.dll | 51 | WTSUnRegisterSessionNotification | |
wtsapi32.dll | 59 | WTSVirtualChannelRead | |
wtsapi32.dll | 61 | WTSWaitSystemEvent | |
wtsapi32.dll | 58 | WTSVirtualChannelQuery | |
wtsapi32.dll | 53 | WTSVirtualChannelClose | |
wtsapi32.dll | 15 | WTSEnumerateSessionsA | |
wtsapi32.dll | 60 | WTSVirtualChannelWrite | |
wtsapi32.dll | 25 | WTSOpenServerA | |
wtsapi32.dll | 9 | WTSEnumerateProcessesA | |
wtsapi32.dll | 24 | WTSLogoffSession | |
wtsapi32.dll | 1 | WTSCloseServer | |
wtsapi32.dll | 13 | WTSEnumerateServersA | |
wtsapi32.dll | 31 | WTSQuerySessionInformationA | |
wtsapi32.dll | 45 | WTSSetUserConfigW | |
wtsapi32.dll | 36 | WTSRegisterSessionNotification | |
wtsapi32.dll | 28257 | nelWrite | |
wtsapi32.dll | 28524 | seServer | |
wtsapi32.dll | 24931 | binet.dll | |
wtsapi32.dll | 29525 | erConfigW | |
wtsapi32.dll | 29264 | ocessesA | |
wtsapi32.dll | 26222 | ormationA | |
wtsapi32.dll | 25972 | SessionsA | |
wtsapi32.dll | 28257 | nelQuery | |
wtsapi32.dll | 26996 | fication | |
wtsapi32.dll | 25972 | ServersA | |
wtsapi32.dll | 29561 | temEvent | |
wtsapi32.dll | 25968 | nServerA | |
wtsapi32.dll | 26691 | annelRead | |
wtsapi32.dll | 28257 | nelClose | |
kernel32.dll | 455 | GetCurrentThreadId | |
kernel32.dll | 663 | GetTimeFormatA | |
kernel32.dll | 440 | GetConsoleTitleW | |
kernel32.dll | 164 | GetNumberFormatA | |
kernel32.dll | 157 | CreateMutexA | |
kernel32.dll | 294 | FileTimeToLocalFileTime | |
kernel32.dll | 367 | GetAtomNameA | |
kernel32.dll | 173 | CreateSemaphoreA | |
kernel32.dll | 961 | ReadFile | |
kernel32.dll | 685 | GetVolumePathNameW | |
kernel32.dll | 1356 | lstrcpynW | |
kernel32.dll | 99 | CompareStringA | |
kernel32.dll | 535 | GetModuleHandleA | |
kernel32.dll | 1119 | SetFileAttributesA | |
kernel32.dll | 1349 | lstrcmpiA | |
kernel32.dll | 84 | CloseHandle | |
kernel32.dll | 398 | GetComputerNameA | |
kernel32.dll | 370 | GetBinaryTypeA | |
kernel32.dll | 478 | GetEnvironmentVariableW | |
kernel32.dll | 662 | GetTickCount | |
kernel32.dll | 1346 | lstrcmpA | |
kernel32.dll | 523 | GetLogicalDrives | |
kernel32.dll | 573 | GetPrivateProfileIntA | |
kernel32.dll | 1274 | WaitForSingleObject | |
kernel32.dll | 223 | DeviceIoControl | |
kernel32.dll | 928 | QueryDosDeviceA | |
kernel32.dll | 333 | FindResourceA | |
kernel32.dll | 677 | GetSystemInfo | |
kernel32.dll | 351 | FormatMessageA | |
kernel32.dll | 750 | InterlockedExchange | |
kernel32.dll | 749 | InterlockedDecrement | |
kernel32.dll | 205 | GetProcAddress | |
kernel32.dll | 506 | GetFullPathNameA | |
kernel32.dll | 610 | GetShortPathNameA | |
kernel32.dll | 588 | GetProcessHeap | |
kernel32.dll | 448 | GetCurrentDirectoryA | |
kernel32.dll | 114 | CopyFileA | |
kernel32.dll | 450 | GetCurrentProcess | |
kernel32.dll | 1109 | SetEnvironmentVariableA | |
kernel32.dll | 1101 | SetCurrentDirectoryA | |
kernel32.dll | 1224 | TlsGetValue | |
kernel32.dll | 462 | GetDiskFreeSpaceA | |
kernel32.dll | 28018 | atMessageA | |
kernel32.dll | 24918 | riableA | |
kernel32.dll | 25449 | alDrives | |
kernel32.dll | 27765 | lPathNameA | |
kernel32.dll | 28257 | dle | |
kernel32.dll | 16752 | ||
kernel32.dll | 27753 | eIntA | |
kernel32.dll | 28771 | ynW | |
kernel32.dll | 29806 | DirectoryA | |
kernel32.dll | 20077 | ameA | |
kernel32.dll | 29806 | ||
kernel32.dll | 25964 | A | |
kernel32.dll | 29810 | PathNameA | |
kernel32.dll | 24941 | tA | |
kernel32.dll | 25964 | TitleW | |
kernel32.dll | 115 | ed 02 49 6e 74 65 72 6c 6f 63 6b 65 64 44 65 63 |..InterlockedDec| 72 65 6d 65 6e 74 |rement | | |
kernel32.dll | 25970 | ment | |
kernel32.dll | c0 01 47 65 74 43 75 72 72 65 6e 74 44 69 72 65 |..GetCurrentDire| 63 74 6f 72 79 41 |ctoryA | | ||
kernel32.dll | 65 | 4d 04 53 65 74 43 75 72 72 65 6e 74 44 69 72 65 |M.SetCurrentDire| 63 74 6f 72 79 41 |ctoryA | | |
kernel32.dll | 26950 | le | |
kernel32.dll | 25972 | xA | |
kernel32.dll | 28265 | gA | |
kernel32.dll | 25697 | Id | |
kernel32.dll | 25938 | sourceA | |
kernel32.dll | 24918 | riableW | |
kernel32.dll | 25970 | ss | |
kernel32.dll | 25970 | ctoryA | |
kernel32.dll | 27234 | ect | |
kernel32.dll | 3d 02 47 65 74 50 72 69 76 61 74 65 50 72 6f 66 |=.GetPrivateProf| 69 6c 65 49 6e 74 41 |ileIntA | | ||
kernel32.dll | 21620 | imeFormatA | |
kernel32.dll | 25972 | mInfo | |
kernel32.dll | 28257 | dleA | |
kernel32.dll | 28483 | ntrol | |
kernel32.dll | 26736 | oreA | |
kernel32.dll | 25955 | A | |
kernel32.dll | 26223 | fSession | |
kernel32.dll | 26998 | ceA | |
kernel32.dll | 25464 | hange | |
msimg32.dll | 5 | TransparentBlt | |
msimg32.dll | 3 | DllInitialize | |
msimg32.dll | 28009 | e | |
msimg32.dll | 30050 | tesA |
Scanning the drive for archives: 1 file, 47616 bytes (47 KiB) Errors: 1
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0x4000