filename | 39302.exe | |
---|---|---|
size | 188928 (0x2e200) | |
md5 | 7717b9758f41217756a908f6efaa5062 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 61 74 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |at program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0x19bc | 0x1a00 | R-X CODE | |
.rdata | 0x3000 | 0xe56 | 0x1000 | R-- IDATA | |
.data | 0x4000 | 0xcec | 0xe00 | RW- IDATA | |
.rsrc | 0x5000 | 0x29f60 | 0x2a000 | R-- IDATA | |
.reloc | 0x2f000 | 0x5c0 | 0x600 | R-- IDATA DISCARDABLE |
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
shell32.dll | 365 | SHGetFolderPathA | |
shell32.dll | 278 | DragAcceptFiles | |
shell32.dll | 445 | StrChrA | |
shell32.dll | 279 | DragFinish | |
shell32.dll | 342 | SHCreateShellItem | |
shell32.dll | 358 | SHGetDataFromIDListA | |
shell32.dll | 290 | ExtractIconA | |
shell32.dll | 297 | FreeIconList | |
shell32.dll | 361 | SHGetDiskFreeSpaceA | |
shell32.dll | 284 | DragQueryPoint | |
shell32.dll | 295 | FindExecutableA | |
shell32.dll | 384 | SHGetMalloc | |
shell32.dll | 428 | ShellAboutA | |
shell32.dll | 195 | SHFree | |
shell32.dll | 360 | SHGetDesktopFolder | |
dciman32.DLL | 1 | DCIBeginAccess | |
dciman32.DLL | 2 | DCICloseProvider | |
dciman32.DLL | 6 | DCIDestroy | |
dciman32.DLL | 9 | DCIEnum | |
dciman32.DLL | |||
dciman32.DLL | 26739 | ell32.dll | |
dciman32.DLL | 26469 | inAccess | |
dciman32.DLL | 25971 | Provider | |
wtsapi32.dll | 35 | WTSQueryUserToken | |
wtsapi32.dll | 25 | WTSOpenServerA | |
wtsapi32.dll | 53 | WTSVirtualChannelClose | |
wtsapi32.dll | 9 | WTSEnumerateProcessesA | |
wtsapi32.dll | 56 | WTSVirtualChannelPurgeInput | |
wtsapi32.dll | 38 | WTSSendMessageA | |
wtsapi32.dll | 36 | WTSRegisterSessionNotification | |
wtsapi32.dll | 50 | WTSTerminateProcess | |
wtsapi32.dll | 19 | WTSFreeMemory | |
wtsapi32.dll | 42 | WTSSetSessionInformationA | |
wtsapi32.dll | 29264 | ocess | |
wtsapi32.dll | 29545 | terSessionNotification | |
wtsapi32.dll | 21591 | SSetSessionInformationA | |
wtsapi32.dll | 24947 | geA | |
wtsapi32.dll | 29295 | y | |
wtsapi32.dll | 29541 | sesA | |
wtsapi32.dll | 25966 | lClose | |
wtsapi32.dll | 17220 | IDestroy | |
kernel32.dll | 330 | FindNextVolumeW | |
kernel32.dll | 517 | GetLocalTime | |
kernel32.dll | 450 | GetCurrentProcess | |
kernel32.dll | 126 | CreateDirectoryA | |
kernel32.dll | 1112 | SetEnvironmentVariableW | |
kernel32.dll | 1111 | SetEnvironmentVariableA | |
kernel32.dll | 484 | IsBadStringPtrA | |
kernel32.dll | 507 | GetFullPathNameW | |
kernel32.dll | 349 | FoldStringA | |
kernel32.dll | 574 | GetPrivateProfileIntW | |
kernel32.dll | 749 | InterlockedDecrement | |
kernel32.dll | 518 | GetLocaleInfoA | |
kernel32.dll | 1356 | lstrcpynW | |
kernel32.dll | 1346 | lstrcmpA | |
kernel32.dll | 928 | QueryDosDeviceA | |
kernel32.dll | 1224 | TlsGetValue | |
kernel32.dll | 308 | FindFirstFileA | |
kernel32.dll | 462 | GetDiskFreeSpaceA | |
kernel32.dll | 662 | GetTickCount | |
kernel32.dll | 893 | OpenMutexA | |
kernel32.dll | 318 | FindFirstVolumeA | |
kernel32.dll | 1035 | ReplaceFileA | |
kernel32.dll | 213 | DeleteFileA | |
kernel32.dll | 1203 | SleepEx | |
kernel32.dll | 223 | DeviceIoControl | |
kernel32.dll | 597 | GetProcessVersion | |
kernel32.dll | 1307 | WriteConsoleA | |
kernel32.dll | 205 | GetProcAddress | |
kernel32.dll | 610 | GetShortPathNameA | |
kernel32.dll | 633 | GetSystemTime | |
kernel32.dll | 133 | CreateEventW | |
kernel32.dll | 294 | FileTimeToSystemTime | |
kernel32.dll | 1113 | SetErrorMode | |
kernel32.dll | 588 | GetProcessHeap | |
kernel32.dll | 449 | GetCurrentDirectoryW | |
kernel32.dll | 173 | CreateSemaphoreW | |
kernel32.dll | 516 | GetLastError | |
kernel32.dll | 950 | ReadConsoleW | |
kernel32.dll | 536 | GetModuleHandleW | |
kernel32.dll | 479 | GetEnvironmentVariableA | |
kernel32.dll | 25972 | EventW | |
kernel32.dll | 65 | 06 02 47 65 74 4c 6f 63 61 6c 65 49 6e 66 6f 41 |..GetLocaleInfoA| | |
kernel32.dll | 21349 | paceA | |
kernel32.dll | 27748 | eW | |
kernel32.dll | 24950 | teProfileIntW | |
kernel32.dll | 18789 | ntW | |
kernel32.dll | 22099 | irtualChannelPurgeInput | |
kernel32.dll | 22393 | ||
kernel32.dll | 108 | fb 01 47 65 74 46 75 6c 6c 50 61 74 68 4e 61 6d |..GetFullPathNam| 65 57 |eW | | |
kernel32.dll | 25959 | Input | |
kernel32.dll | 4a 01 46 69 6e 64 4e 65 78 74 56 6f 6c 75 6d 65 |J.FindNextVolume| 57 |W | | ||
kernel32.dll | 29285 | yDosDeviceA | |
kernel32.dll | 28271 | mentVariableW | |
kernel32.dll | df |. | | ||
kernel32.dll | 29298 | or | |
kernel32.dll | 28261 | MutexA | |
kernel32.dll | 29271 | iteConsoleA | |
kernel32.dll | 26950 | ndFirstFileA | |
kernel32.dll | 29795 | oryA | |
kernel32.dll | 25965 | ||
kernel32.dll | 27759 | umeA | |
kernel32.dll | 25927 | tCurrentDirectoryW | |
kernel32.dll | 25965 | ToSystemTime | |
kernel32.dll | 27756 | ||
kernel32.dll | 25972 | rlockedDecrement | |
kernel32.dll | 25927 | tProcessHeap | |
kernel32.dll | 25927 | tEnvironmentVariableA | |
kernel32.dll | 42 05 6c 73 74 72 63 6d 70 41 |B.lstrcmpA | | ||
kernel32.dll | 25964 | A | |
kernel32.dll | 25972 | ProfileIntW | |
kernel32.dll | 21364 | hortPathNameA | |
kernel32.dll | 28281 | W | |
kernel32.dll | 65 | c8 04 54 6c 73 47 65 74 56 61 6c 75 65 |..TlsGetValue | | |
kernel32.dll | 25455 | ess | |
kernel32.dll | 26994 | ngA | |
kernel32.dll | 16751 | ||
kernel32.dll | 29806 | ||
kernel32.dll | 25942 | rsion | |
kernel32.dll | 28502 | lumeW | |
dbnmpntw.dll | 6 | ConnectionVer | |
dbnmpntw.dll | 4 | ConnectionClose | |
dbnmpntw.dll | 3 | ConnectionWrite | |
dbnmpntw.dll | 2 | ConnectionRead | |
dbnmpntw.dll | 5 | ConnectionError | |
dbnmpntw.dll | 29806 | W | |
dbnmpntw.dll | 25927 | tPrivateProfileIntW | |
dbnmpntw.dll | 24950 | teProfileIntW | |
dbnmpntw.dll | 03 |. | | ||
dbnmpntw.dll | 101 | 04 |. | |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find resource section for va=0x2ec00