| filename | foldedhdr.exe | |
|---|---|---|
| size | 4256 (0x10a0) | |
| md5 | 7bcd1aef70d9d33dece8b550e9c85b42 | |
| type | MS-DOS executable PE32 executable (console) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0 |
| blocks_in_file | 0 |
| num_relocs | 0 |
| header_paragraphs | 0 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0 |
| ss | 0 |
| sp | 0 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xf80 |
DOS stub
00000000: 4d 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |MZ..............| 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 80 0f 00 00 |................| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200: e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000280: 00 10 00 00 00 10 00 00 00 02 00 00 00 02 00 00 |................| 00000290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 |................| 000002a0: 68 b8 10 40 00 ff 15 68 11 40 00 83 c4 04 90 6a |h..@...h.@.....j| 000002b0: 00 ff 15 60 11 40 00 cc 20 2a 20 50 45 20 68 65 |...`.@.. * PE he| 000002c0: 61 64 65 72 20 6f 76 65 72 77 72 69 74 74 65 6e |ader overwritten| 000002d0: 20 6f 6e 20 6c 6f 61 64 69 6e 67 0a 00 00 00 00 | on loading.....| 000002e0: 20 11 00 00 00 00 00 00 00 00 00 00 80 11 00 00 | ...............| 000002f0: 60 11 00 00 28 11 00 00 00 00 00 00 00 00 00 00 |`...(...........| 00000300: 8d 11 00 00 68 11 00 00 00 00 00 00 00 00 00 00 |....h...........| 00000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000320: 40 11 00 00 00 00 00 00 4e 11 00 00 00 00 00 00 |@.......N.......| 00000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000340: 00 00 45 78 69 74 50 72 6f 63 65 73 73 00 00 00 |..ExitProcess...| 00000350: 70 72 69 6e 74 66 00 00 00 00 00 00 00 00 00 00 |printf..........| 00000360: 40 11 00 00 00 00 00 00 4e 11 00 00 00 00 00 00 |@.......N.......| 00000370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000380: 6b 65 72 6e 65 6c 33 32 2e 64 6c 6c 00 6d 73 76 |kernel32.dll.msv| 00000390: 63 72 74 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 |crt.dll.........| 000003a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000f80:
PE Header
| module_name | hint | ord | function_name |
|---|---|---|---|
| kernel32.dll | ExitProcess | ||
| msvcrt.dll | printf |
| offset | size | type | comment | |
|---|---|---|---|---|
| 15c1 | 15 | HTM | # |
Scanning the drive for archives: 1 file, 4256 bytes (5 KiB) Errors: 1
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[!] section with va=0x1000 overwrites PE header! trying to rebuild...
[?] can't find file_offset of VA 0x88660001