Virus.Win9x.Anxiety.1586 - XCOPY32.EXE - Windows File Copy Program

info
MZ
PE
resources
strings
imports
foremost
7zip
version info
hexdump
disasm
log
discuss
donate

filename	Virus.Win9x.Anxiety.1586
size	42590 (0xa65e)
md5	5707abcacd83d6429c5c060ff5c7b213

type	MS-DOS executable PE32 executable (console) Intel 80386, for MS Windows, MZ for MS-DOS
mimetype	application/x-dosexec

clamav	Win.Trojan.W-41 FOUND
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	0x2e
num_relocs	7
header_paragraphs	0x83
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0x200
checksum	0
ip	0x7ce
cs	0x1c7
reloc_table_offset	0x1e
overlay_number	0
reserved0	0x85001c707d00001
oem_id	0x1c7
oem_info	0x8a0
reserved2	0x175101c7
reserved3	0x1b5b01c7
reserved4	0x1c6501c7
reserved5	0x1c8c01c7
reserved6	0x1c7
lfanew	0x5e90

DOS stub

00000000: 53 54 41 43 4b 20 20 20  53 54 41 43 4b 20 20 20  |STACK   STACK   |
*
00000200: 00 00 00 00 00 00 00 00  00 00 00 00 ff ff ff ff  |................|
00000210: 00 00 00 00 00 00 00 00  ff ff ff ff 00 00 00 00  |................|
00000220: 00 00 00 00 ff ff ff ff  00 00 00 00 00 00 00 00  |................|
00000230: ff ff ff ff ff ff ff ff  00 00 00 00 00 00 00 0d  |................|
00000240: 0a 00 00 00 00 00 00 0a  00 00 00 2c 00 2e 00 2d  |...........,...-|
00000250: 00 3a 00 01 24 24 24 24  24 24 24 24 24 24 24 24  |.:..$$$$$$$$$$$$|
00000260: 24 24 24 24 24 24 24 24  24 24 24 24 24 24 24 24  |$$$$$$$$$$$$$$$$|
*
00000290: 24 24 24 24 24 00 00 00  00 45 4e 55 00 00 00 00  |$$$$$....ENU....|
000002a0: 00 00 00 00 4c 41 4e 47  3d 4c 41 4e 47 53 50 45  |....LANG=LANGSPE|
000002b0: 43 3d 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |C=..............|
000002c0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000:

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	5
TimeDateStamp	0x2ff36f6a
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x10e
Magic	0x10b
LinkerVersion	2.50
SizeOfCode	0x1400
SizeOfInitializedData	0x2a00
SizeOfUninitializedData	0
AddressOfEntryPoint	0xd25e
BaseOfCode	0x7000
BaseOfData	0x9000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	1.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0xe25e
SizeOfHeaders	0x6200
CheckSum	0xb7d3
Subsystem	3
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x7000	0x1370	0x1400	R-X CODE
.data	0x9000	0x5e5	0x600	RW- IDATA
.idata	0xa000	0x454	0x600	R-- IDATA
.rsrc	0xb000	0x1960	0x1a00	R-- IDATA
.reloc�	0xd000	0x125e	0xa5e	RWX IDATA

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xa000	0x454
RESOURCE	0xb000	0x1960
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0xd000	0x1e4
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0	0
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size
STRING	#1	4788
STRING	#2	670
VERSION	#1	828

id	lang	string
1	1033	Insufficient memory
2	1033	Invalid date
3	1033	Invalid parameter - %1
4	1033	Copies files and directory trees.%n%nXCOPY source [destination] [/A \| /M] [/D[:date]] [/P] [/S [/E]] [/W]%n [/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U]%n [/K] [/N]%n%n source Specifies the file(s) to copy.%n destination Specifies the location and/or name of new files.%n /A Copies files with the archive attribute set,%n doesn't change the attribute.%n /M Copies files with the archive attribute set,%n turns off the archive attribute.%n /D:date Copies files changed on or after the specified date.%n If no date is given, copies only those files whose%n source time is newer than the destination time.%n /P Prompts you before creating each destination file.%n /S Copies directories and subdirectories except empty ones.%n /E Copies directories and subdirectories, including empty ones.%n Same as /S /E. May be used to modify /T.%n /W Prompts you to press a key before copying.%n /C Continues copying even if errors occur.%n /I If destination does not exist and copying more than one file,%n assumes that destination must be a directory.%n /Q Does not display file names while copying.%n /F Displays full source and destination file names while copying.%n /L Displays files that would be copied.%n /H Copies hidden and system files also.%n /R Overwrites read-only files.%n /T Creates directory structure, but does not copy files. Does not%n include empty directories or subdirectories. /T /E includes%n empty directories and subdirectories.%n /U Updates the files that already exist in destination.%n /K Copies attributes. Normal Xcopy will reset read-only attributes.%n /Y Overwrites existing files without prompting.%n /-Y Prompts you before overwriting existing files.%n /N Copy using the generated short names.
5	1033	Invalid number of parameters
6	1033	File not found - %1
7	1033	Invalid drive specification
8	1033	Invalid path
9	1033	Path too long
10	1033	Error copying file %1 to %2
11	1033	Unable to create directory %1
12	1033	Does %1 specify a file name%nor directory name on the target%n(F = file, D = directory)?
13	1033	FD
14	1033	%1 (Y/N)?
15	1033	YN
16	1033	Press any key to begin copying file(s)
18	1033	%1!9d! File(s) copied%n
19	1033	%1!9d! File(s)%n
20	1033	%1%n
21	1033	Warning: File too large to be copied%n
22	1033	Warning: Not all files were found/copied because the resulting path and/or filename would have been too long%n
23	1033	Cannot perform a cyclic copy
24	1033	File cannot be copied onto itself
25	1033	Overwrite %1 (Yes/No/All)?
26	1033	YNA

module_name	hint	ord	function_name
KERNEL32.dll	266		GetLogicalDrives
KERNEL32.dll	53		CopyFileA
KERNEL32.dll	390		InterlockedIncrement
KERNEL32.dll	152		FindClose
KERNEL32.dll	581		SetLastError
KERNEL32.dll	260		GetLastError
KERNEL32.dll	44		CompareFileTime
KERNEL32.dll	505		RtlMoveMemory
KERNEL32.dll	706		lstrlenA
KERNEL32.dll	688		_lwrite
KERNEL32.dll	313		GetStdHandle
KERNEL32.dll	171		FormatMessageA
KERNEL32.dll	270		GetModuleHandleA
KERNEL32.dll	687		_lread
KERNEL32.dll	118		ExitProcess
KERNEL32.dll	262		GetLocaleInfoA
KERNEL32.dll	417		LocalAlloc
KERNEL32.dll	341		GetUserDefaultLCID
KERNEL32.dll	419		LocalFileTimeToFileTime
KERNEL32.dll	608		SystemTimeToFileTime
KERNEL32.dll	697		lstrcmpiA
KERNEL32.dll	254		GetFullPathNameA
KERNEL32.dll	700		lstrcpyA
KERNEL32.dll	654		WideCharToMultiByte
KERNEL32.dll	193		GetCommandLineW
KERNEL32.dll	388		InterlockedDecrement
KERNEL32.dll	389		InterlockedExchange
KERNEL32.dll	573		SetFileApisToOEM
KERNEL32.dll	542		SetConsoleCtrlHandler
KERNEL32.dll	552		SetConsoleMode
KERNEL32.dll	56		CreateDirectoryA
KERNEL32.dll	346		GetVolumeInformationA
KERNEL32.dll	574		SetFileAttributesA
KERNEL32.dll	248		GetFileAttributesA
KERNEL32.dll	156		FindFirstFileA
KERNEL32.dll	159		FindNextFileA
KERNEL32.dll		1073171356
KERNEL32.dll		1073339521
KERNEL32.dll		1073259782
KERNEL32.dll		1073177391
KERNEL32.dll		1073208010
KERNEL32.dll		1073228319
KERNEL32.dll		1073180764
KERNEL32.dll		1073183594
KERNEL32.dll		1073181265
KERNEL32.dll		1073334944
KERNEL32.dll		1073174096
KERNEL32.dll		1073180855
KERNEL32.dll		1073181817
KERNEL32.dll		1073181409
KERNEL32.dll		1073262512
KERNEL32.dll		1073216529
KERNEL32.dll		1073170692
KERNEL32.dll		1073191600
KERNEL32.dll		1073183759
KERNEL32.dll		1073336829
KERNEL32.dll		1073181030
KERNEL32.dll		1073182657
KERNEL32.dll		1073181088
KERNEL32.dll		1073183471
KERNEL32.dll		1073300103
KERNEL32.dll		1073224585
KERNEL32.dll		1073309226
KERNEL32.dll		1073342207
KERNEL32.dll		1073343553
KERNEL32.dll		1073342408
KERNEL32.dll		1073183913
KERNEL32.dll		1073183067
KERNEL32.dll		1073182796
KERNEL32.dll		1073182828
KERNEL32.dll		1073182867
KERNEL32.dll		1073182923
USER32.dll	360		LoadStringA
USER32.dll	42		CharUpperA
USER32.dll	38		CharToOemA
USER32.dll		1073105676
USER32.dll		1073102933
USER32.dll		1073105656

StringTable 040904E4

CompanyName	Microsoft Corporation
FileDescription	Windows File Copy Program
FileVersion	4.00.950
InternalName	XCOPY32
LegalCopyright	Copyright © Microsoft Corp. 1994-1995
OriginalFilename	XCOPY32.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	4.00.950

VS_FIXEDFILEINFO

FileVersion	4.0.0.950
ProductVersion	4.0.0.950
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x10001
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	37006	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 42590 bytes (42 KiB)



Errors: 1

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] DOS stub size too big (22112), limiting to 0x1000

Virus.Win9x.Anxiety.1586- -

MZ Header

DOS stub

PE Header

Sections

Data Directory

StringTable 040904E4

VS_FIXEDFILEINFO

Virus.Win9x.Anxiety.1586
-
-