filename548b053a866a49bbe464082adc40bd35ce31edc5d628511edce04c37801c9b24.bin
size262412 (0x4010c)
md56d934dee9ef917d58d3021f5fda66e91
typePE32 executable (console) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavWin.Trojan.Agent-1717277 FOUND
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x40

PE Header

SignaturePE
Machine0x14c
NumberOfSections0xe
TimeDateStamp0x57e9e8ee
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x11f
Magic0x10b
LinkerVersion9.56
SizeOfCode0xc000
SizeOfInitializedData0
SizeOfUninitializedData0
AddressOfEntryPoint0xbef0
BaseOfCode0
BaseOfData0xd000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x1000
OperatingSystemVersion3.1
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x4e000
SizeOfHeaders0x1000
CheckSum0
Subsystem3
DllCharacteristics0x40
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.texT0x10000xb0c40xc000R-X CODE
.rdata0xd0000x12f20x2000R-- IDATA
.data0xf0000x1063c0x4000RW- IDATA
]5D?];uS0x200000x7040x1000RW- IDATA
CONST0x210000x70d0x1000RW- IDATA
=ey0x220000x35840x4000RW- IDATA
_:)PC-0x260000x7070x1000RW- IDATA
E[%,{0x270000xd820x1000RW- IDATA
s4h0x280000x8a00x1000RW- IDATA
.erloc0x290000x12220x2000RW- IDATA
_(v%;x m0x2b0000xd7e0x1000RW- IDATA
a1Q90x2c0000x85be0x9000RW- IDATA
.rsrc0x350000x17a940x18000R-- IDATA
.reloc0x4d0000x10000x10cR-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT0x5c65b5890
IMPORT0xe0340x79
RESOURCE0x350000x17a94
EXCEPTION00
SECURITY00
BASERELOC0x4d0000x10c
DEBUG0xd0600
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0xd0000x60
Delay_IAT00
CLR_Header00
typenamesizecp
ICON#116400
ICON#27440
ICON#34880
ICON#42960
ICON#537520
ICON#622160
ICON#717360
ICON#813840
ICON#9645760
ICON#1096400
ICON#1142640
ICON#1224400
ICON#1311280
GROUP_ICON#11880
VERSION#19040
MANIFEST#16400
module_namehintordfunction_name
msvcrt.dll1170fclose
msvcrt.dll1220isprint
msvcrt.dll1369wcsncat
msvcrt.dll1218isleadbyte
urlmon.dll21CompareSecurityIds
KERNEL32.dll332GetDriveTypeW
KERNEL32.dll762SetDefaultCommConfigW
KERNEL32.dll407GetProcAddress
KERNEL32.dll577LoadLibraryA
KERNEL32.dll215FindFirstVolumeW
KERNEL32.dll882VirtualQuery
KERNEL32.dll269GetComputerNameA
KERNEL32.dll368GetLongPathNameA
KERNEL32.dll525HeapSetInformation
KERNEL32.dll914WritePrivateProfileStructA
KERNEL32.dll880VirtualProtect
KERNEL32.dll63CopyFileA
CLUSAPI.dll1AddClusterResourceNode
SHLWAPI.dll310wnsprintfA

StringTable 040904B0

CompanyNameMicrosoft Corporation
FileDescriptionResource Monitor
FileVersion6.1.7600.16385 (win7_rtm.090713-1255)
InternalNameresmon.exe
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameresmon.exe
ProductNameMicrosoft® Windows® Operating System
ProductVersion6.1.7600.16385

VS_FIXEDFILEINFO

FileVersion6.1.7600.16385
ProductVersion6.1.7600.16385
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
0262412EXE09/27/2016 03:35:10#
15c115HTM#
2b2e064576PNG(256 x 256)#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] ignoring invalid PEdump::BITMAPINFOHEADER
[?] can't find file_offset of VA 0x5c65b589