parentzaking.exe
filenamezaking.unpacked.exe
size1323008 (0x143000)
md58c90cc1023e93ce2aa873cfa17d8a73e
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections6
TimeDateStamp0x4e3ea685
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion1.62
SizeOfCode0x4c000
SizeOfInitializedData0xf8800
SizeOfUninitializedData0
AddressOfEntryPoint0x1540
BaseOfCode0x1000
BaseOfData0x4d000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x145000
SizeOfHeaders0x1000
CheckSum0x314c0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ v6.0

Sections

namevavsizeraw sizeflags
.text0x10000x4c0000x4c000RW- IDATA
.data0x4d0000xcf0000xcf000RW- IDATA
.idata0x11c0000x240000x24000RW- IDATA
.rsrc0x1400000x20000x1c00RW- IDATA
.aspack0x1420000x20000x2000RW- IDATA
.adata0x1440000x10000RW- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x64540x3c
RESOURCE00
EXCEPTION00
SECURITY00
BASERELOC0xa0000x41c
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x60000xbc
Delay_IAT00
CLR_Header00
module_namehintordfunction_name
KERNEL32.dll553IsBadReadPtr
KERNEL32.dll343GetFileAttributesExA
KERNEL32.dll489GetWindowsDirectoryA
KERNEL32.dll478GetVersion
KERNEL32.dll431GetStartupInfoA
KERNEL32.dll264GetCommandLineA
KERNEL32.dll245GetACP
KERNEL32.dll843SuspendThread
KERNEL32.dll317GetCurrentThread
KERNEL32.dll556IsBadWritePtr
KERNEL32.dll375GetModuleHandleA
KERNEL32.dll434GetStringTypeA
KERNEL32.dll571LCMapStringW
KERNEL32.dll175ExitProcess
KERNEL32.dll849TerminateProcess
KERNEL32.dll314GetCurrentProcess
KERNEL32.dll866UnhandledExceptionFilter
KERNEL32.dll373GetModuleFileNameA
KERNEL32.dll237FreeEnvironmentStringsA
KERNEL32.dll238FreeEnvironmentStringsW
KERNEL32.dll905WideCharToMultiByte
KERNEL32.dll333GetEnvironmentStrings
KERNEL32.dll335GetEnvironmentStringsW
KERNEL32.dll793SetHandleCount
KERNEL32.dll433GetStdHandle
KERNEL32.dll350GetFileType
KERNEL32.dll336GetEnvironmentVariableA
KERNEL32.dll479GetVersionExA
KERNEL32.dll522HeapDestroy
KERNEL32.dll520HeapCreate
KERNEL32.dll888VirtualFree
KERNEL32.dll524HeapFree
KERNEL32.dll716RtlUnwind
KERNEL32.dll919WriteFile
KERNEL32.dll252GetCPInfo
KERNEL32.dll395GetOEMCP
KERNEL32.dll518HeapAlloc
KERNEL32.dll885VirtualAlloc
KERNEL32.dll528HeapReAlloc
KERNEL32.dll408GetProcAddress
KERNEL32.dll584LoadLibraryA
KERNEL32.dll619MultiByteToWideChar
KERNEL32.dll570LCMapStringA
KERNEL32.dll437GetStringTypeW
KERNEL32.dll51551
c3 90 8a 06 88 07 8b 45  08 5e 5f c9 c3 90 8a 06  |.......E.^_.....|
88 07 8a 46 01 88 47 01  8b 45 08 5e 5f c9 c3 8d  |...F..G..E.^_...|
49                                                |I               |
KERNEL32.dll1674
88 07 8a 46 01 88 47 01  8b 45 08 5e 5f c9 c3 8d  |...F..G..E.^_...|
49                                                |I               |
KERNEL32.dll18058
01 88 47 01 8a 46 02 88  47 02 8b 45 08 5e 5f c9  |..G..F..G..E.^_.|
c3 90 8d 74 31 fc 8d 7c  39 fc f7 c7 03           |...t1..|9....   |
KERNEL32.dll31885
39 fc f7 c7 03                                    |9....           |
KERNEL32.dll33538
e2 03 83 f9 08 72 0d fd  f3 a5 fc ff 24 95 d0 56  |.....r......$..V|
40                                                |@               |
KERNEL32.dll64
8b ff f7 d9 ff 24 8d 80  56 40                    |.....$..V@      |
KERNEL32.dll954
KERNEL32.dll57475
03 2b c8 ff 24 85 d8 55  40                       |.+..$..U@       |
KERNEL32.dll16470
KERNEL32.dll35025
47 03 4e c1 e9 02 4f 83  f9 08 72 b6 fd f3 a5 fc  |G.N...O...r.....|
ff 24 95 d0 56 40                                 |.$..V@          |
KERNEL32.dll64677
ff 24 95 d0 56 40                                 |.$..V@          |
KERNEL32.dll
KERNEL32.dll8963
d1 88 47 03 8a 46 02 88  47 02 8a 46 01 c1 e9 02  |..G..F..G..F....|
88 47 01 83 ee 03 83 ef  03 83 f9 08 0f 82 5a ff  |.G............Z.|
ff ff fd f3 a5 fc ff 24  95 d0 56 40              |.......$..V@    |
KERNEL32.dll49409
e9 02 88 47 01 83 ee 03  83 ef 03 83 f9 08 0f 82  |...G............|
5a ff ff ff fd f3 a5 fc  ff 24 95 d0 56 40        |Z........$..V@  |
KERNEL32.dll65535
fd f3 a5 fc ff 24 95 d0  56 40                    |.....$..V@      |
KERNEL32.dll22156

@

KERNEL32.dll17547
8e 1c 89 44 8f 1c 8b 44  8e 18 89 44 8f 18 8b 44  |...D...D...D...D|
8e 14 89 44 8f 14 8b 44  8e 10 89 44 8f 10 8b 44  |...D...D...D...D|
8e 0c 89 44 8f 0c 8b 44  8e 08 89 44 8f 08 8b 44  |...D...D...D...D|
8e 04 89 44 8f 04 8d 04  8d                       |...D.....       |
KERNEL32.dll5263
8b 44 8e 10 89 44 8f 10  8b 44 8e 0c 89 44 8f 0c  |.D...D...D...D..|
8b 44 8e 08 89 44 8f 08  8b 44 8e 04 89 44 8f 04  |.D...D...D...D..|
8d 04 8d                                          |...             |
KERNEL32.dll17547
8e 04 89 44 8f 04 8d 04  8d                       |...D.....       |
KERNEL32.dll65419
e0 56 40                                          |.V@             |
KERNEL32.dll51551
c3 90 8a 46 03 88 47 03  8b 45 08 5e 5f c9 c3 8d  |...F..G..E.^_...|
49                                                |I               |
KERNEL32.dll839
8a 46 02 88 47 02 8b 45  08 5e 5f c9 c3 90 8a 46  |.F..G..E.^_....F|
03 88 47 03 8a 46 02 88  47 02 8a 46 01 88 47 01  |..G..F..G..F..G.|
8b 45 08 5e 5f c9 c3 cc  cc cc cc cc cc cc cc cc  |.E.^_...........|
cc cc 8b 54 24 0c 8b 4c  24 04 85 d2 74 47 33 c0  |...T$..L$...tG3.|
8a 44 24 08 57 8b f9 83  fa 04 72 2d f7 d9 83 e1  |.D$.W.....r-....|
03 74 08 2b d1 88 07 47  49 75 fa 8b c8 c1 e0 08  |.t.+...GIu......|
03 c1 8b c8 c1 e0 10 03  c1 8b ca 83 e2 03 c1 e9  |................|
02 74 06 f3 ab 85 d2 74  06 88 07 47 4a 75 fa 8b  |.t.....t...GJu..|
44 24 08 5f c3 8b 44 24  04 c3 ff 25 80 60 40     |D$._..D$...%.`@ |
KERNEL32.dll583
8a 46 01 88 47 01 8b 45  08 5e 5f c9 c3 cc cc cc  |.F..G..E.^_.....|
cc cc cc cc cc cc cc cc  8b 54 24 0c 8b 4c 24 04  |.........T$..L$.|
85 d2 74 47 33 c0 8a 44  24 08 57 8b f9 83 fa 04  |..tG3..D$.W.....|
72 2d f7 d9 83 e1 03 74  08 2b d1 88 07 47 49 75  |r-.....t.+...GIu|
fa 8b c8 c1 e0 08 03 c1  8b c8 c1 e0 10 03 c1 8b  |................|
ca 83 e2 03 c1 e9 02 74  06 f3 ab 85 d2 74 06 88  |.......t.....t..|
07 47 4a 75 fa 8b 44 24  08 5f c3 8b 44 24 04 c3  |.GJu..D$._..D$..|
ff 25 80 60 40                                    |.%.`@           |
KERNEL32.dll52428
cc cc cc cc cc cc 8b 54  24 0c 8b 4c 24 04 85 d2  |.......T$..L$...|
74 47 33 c0 8a 44 24 08  57 8b f9 83 fa 04 72 2d  |tG3..D$.W.....r-|
f7 d9 83 e1 03 74 08 2b  d1 88 07 47 49 75 fa 8b  |.....t.+...GIu..|
c8 c1 e0 08 03 c1 8b c8  c1 e0 10 03 c1 8b ca 83  |................|
e2 03 c1 e9 02 74 06 f3  ab 85 d2 74 06 88 07 47  |.....t.....t...G|
4a 75 fa 8b 44 24 08 5f  c3 8b 44 24 04 c3 ff 25  |Ju..D$._..D$...%|
80 60 40                                          |.`@             |
KERNEL32.dll53893
74 47 33 c0 8a 44 24 08  57 8b f9 83 fa 04 72 2d  |tG3..D$.W.....r-|
f7 d9 83 e1 03 74 08 2b  d1 88 07 47 49 75 fa 8b  |.....t.+...GIu..|
c8 c1 e0 08 03 c1 8b c8  c1 e0 10 03 c1 8b ca 83  |................|
e2 03 c1 e9 02 74 06 f3  ab 85 d2 74 06 88 07 47  |.....t.....t...G|
4a 75 fa 8b 44 24 08 5f  c3 8b 44 24 04 c3 ff 25  |Ju..D$._..D$...%|
80 60 40                                          |.`@             |
KERNEL32.dll1274
72 2d f7 d9 83 e1 03 74  08 2b d1 88 07 47 49 75  |r-.....t.+...GIu|
fa 8b c8 c1 e0 08 03 c1  8b c8 c1 e0 10 03 c1 8b  |................|
ca 83 e2 03 c1 e9 02 74  06 f3 ab 85 d2 74 06 88  |.......t.....t..|
07 47 4a 75 fa 8b 44 24  08 5f c3 8b 44 24 04 c3  |.GJu..D$._..D$..|
ff 25 80 60 40                                    |.%.`@           |
KERNEL32.dll51339
c1 e0 10 03 c1 8b ca 83  e2 03 c1 e9 02 74 06 f3  |.............t..|
ab 85 d2 74 06 88 07 47  4a 75 fa 8b 44 24 08 5f  |...t...GJu..D$._|
c3 8b 44 24 04 c3 ff 25  80 60 40                 |..D$...%.`@     |
KERNEL32.dll62214
ab 85 d2 74 06 88 07 47  4a 75 fa 8b 44 24 08 5f  |...t...GJu..D$._|
c3 8b 44 24 04 c3 ff 25  80 60 40                 |..D$...%.`@     |
KERNEL32.dll9284
08 5f c3 8b 44 24 04 c3  ff 25 80 60 40           |._..D$...%.`@   |
KERNEL32.dll64
USER32.dll268GetDC
USER32.dll33538
f9 08 72 8c fd f3 a5 fc  ff 24 95 d0 56 40        |..r......$..V@  |
offsetsizetypecomment
01323008EXE08/07/2011 14:51:49#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











everything is OK