filenamedownloadq.dll
size151552 (0x25000)
md5ab930bef054816bf2986e4145d471992
typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
mimetypeapplication/x-dosexec
clamavWin.Malware.Razy-6703914-0 FOUND
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections6
TimeDateStamp0x5e6bc8a0
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x30e
Magic0x10b
LinkerVersion2.25
SizeOfCode0x1f200
SizeOfInitializedData0x5a00
SizeOfUninitializedData0x6800
AddressOfEntryPoint0x242d
BaseOfCode0x1000
BaseOfData0x21000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion1.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x30000
SizeOfHeaders0x400
CheckSum0x29362
Subsystem2
DllCharacteristics0x100
SizeOfStackReserve0x200000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.text0x10000x1f0080x1f200R-X CODE
.data0x210000x34600x3600RW- IDATA
.bss0x250000x66840RW- UDATA
.edata0x2c0000x3b0x200R-- IDATA
.idata0x2d0000x13e80x1400RW- IDATA
.reloc0x2f0000xcd80xe00R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT0x2c0000x3b
IMPORT0x2d0000x13e8
RESOURCE00
EXCEPTION00
SECURITY00
BASERELOC0x2f0000xcd8
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x2d39c0x2d4
Delay_IAT00
CLR_Header00
module_namehintordfunction_name
ADVAPI32.DLL93CryptAcquireContextA
ADVAPI32.DLL96CryptCreateHash
ADVAPI32.DLL99CryptDestroyHash
ADVAPI32.DLL113CryptGetHashParam
ADVAPI32.DLL117CryptHashData
ADVAPI32.DLL120CryptReleaseContext
ADVAPI32.DLL246GetUserNameW
ADVAPI32.DLL386RegCloseKey
ADVAPI32.DLL390RegCreateKeyExA
ADVAPI32.DLL393RegDeleteKeyA
ADVAPI32.DLL397RegDeleteValueA
ADVAPI32.DLL401RegEnumKeyExA
ADVAPI32.DLL404RegEnumValueA
ADVAPI32.DLL413RegOpenKeyExA
ADVAPI32.DLL423RegQueryValueExA
ADVAPI32.DLL434RegSetValueExA
CRYPT32.DLL40CryptUnprotectData
GDI32.dll12BitBlt
GDI32.dll33CreateCompatibleBitmap
GDI32.dll34CreateCompatibleDC
GDI32.dll70DeleteDC
GDI32.dll73DeleteObject
GDI32.dll147GetDIBits
GDI32.dll281SelectObject
KERNEL32.dll82CloseHandle
KERNEL32.dll128CreateDirectoryW
KERNEL32.dll142CreateFileW
KERNEL32.dll154CreateMutexA
KERNEL32.dll160CreatePipe
KERNEL32.dll163CreateProcessA
KERNEL32.dll188CreateToolhelp32Snapshot
KERNEL32.dll212DeleteFileW
KERNEL32.dll236EnterCriticalSection
KERNEL32.dll279ExitProcess
KERNEL32.dll291FileTimeToSystemTime
KERNEL32.dll300FindClose
KERNEL32.dll304FindFirstFileA
KERNEL32.dll311FindFirstFileW
KERNEL32.dll321FindNextFileA
KERNEL32.dll323FindNextFileW
KERNEL32.dll352FreeLibrary
KERNEL32.dll388GetCommandLineA
KERNEL32.dll397GetComputerNameW
KERNEL32.dll447GetCurrentProcessId
KERNEL32.dll451GetCurrentThreadId
KERNEL32.dll459GetDiskFreeSpaceExA
KERNEL32.dll464GetDriveTypeA
KERNEL32.dll483GetFileAttributesExW
KERNEL32.dll486GetFileAttributesW
KERNEL32.dll510GetLastError
KERNEL32.dll511GetLocalTime
KERNEL32.dll515GetLogicalDriveStringsA
KERNEL32.dll528GetModuleFileNameW
KERNEL32.dll577GetProcAddress
KERNEL32.dll590GetProcessTimes
KERNEL32.dll606GetStartupInfoA
KERNEL32.dll623GetSystemInfo
KERNEL32.dll627GetSystemTime
KERNEL32.dll656GetTickCount
KERNEL32.dll671GetVersionExA
KERNEL32.dll673GetVolumeInformationA
KERNEL32.dll734InitializeCriticalSection
KERNEL32.dll814LeaveCriticalSection
KERNEL32.dll817LoadLibraryA
KERNEL32.dll829LocalFree
KERNEL32.dll856MoveFileW
KERNEL32.dll860MultiByteToWideChar
KERNEL32.dll885OpenProcess
KERNEL32.dll896PeekNamedPipe
KERNEL32.dll904Process32First
KERNEL32.dll906Process32Next
KERNEL32.dll947ReadFile
KERNEL32.dll974ReleaseMutex
KERNEL32.dll999ResumeThread
KERNEL32.dll1064SetErrorMode
KERNEL32.dll1073SetFileAttributesW
KERNEL32.dll1078SetFilePointer
KERNEL32.dll1152Sleep
KERNEL32.dll1166TerminateProcess
KERNEL32.dll1247WideCharToMultiByte
KERNEL32.dll1267WriteFile
msvcrt.dll201_assert
msvcrt.dll214_beginthreadex
msvcrt.dll285_errno
msvcrt.dll309_filelengthi64
msvcrt.dll678_mkdir
msvcrt.dll766_snwprintf
msvcrt.dll791_stat
msvcrt.dll903_vscprintf
msvcrt.dll909_vsnprintf
msvcrt.dll1004_wfopen
msvcrt.dll1098calloc
msvcrt.dll1111fclose
msvcrt.dll1114fflush
msvcrt.dll1116fgetpos
msvcrt.dll1117fgets
msvcrt.dll1122fopen
msvcrt.dll1130fread
msvcrt.dll1131free
msvcrt.dll1132freopen
msvcrt.dll1137fseek
msvcrt.dll1138fsetpos
msvcrt.dll1139ftell
msvcrt.dll1140fwprintf
msvcrt.dll1142fwrite
msvcrt.dll1147getenv
msvcrt.dll1183localtime
msvcrt.dll1187malloc
msvcrt.dll1198memcmp
msvcrt.dll1204mktime
msvcrt.dll1220realloc
msvcrt.dll1221remove
msvcrt.dll1232sprintf
msvcrt.dll1238strcat
msvcrt.dll1240strchr
msvcrt.dll1241strcmp
msvcrt.dll1243strcpy
msvcrt.dll1253strncpy
msvcrt.dll1272time
msvcrt.dll1283utime
msvcrt.dll1299wcscat
NETAPI32.DLL39NetApiBufferFree
NETAPI32.DLL173NetWkstaGetInfo
SHELL32.DLL75SHFileOperationW
SHELL32.DLL144ShellExecuteA
SHELL32.DLL148ShellExecuteW
USER32.dll91CreateWindowExW
USER32.dll135DefWindowProcW
USER32.dll149DispatchMessageA
USER32.dll205EnumWindows
USER32.dll248GetDC
USER32.dll250GetDesktopWindow
USER32.dll259GetForegroundWindow
USER32.dll267GetKeyNameTextW
USER32.dll268GetKeyState
USER32.dll273GetKeyboardState
USER32.dll276GetLastInputInfo
USER32.dll297GetMessageW
USER32.dll326GetSystemMetrics
USER32.dll353GetWindowTextW
USER32.dll397IsWindowVisible
USER32.dll430MapVirtualKeyW
USER32.dll468PostQuitMessage
USER32.dll481RegisterClassExW
USER32.dll494ReleaseDC
USER32.dll508SendMessageA
USER32.dll513SendMessageW
USER32.dll526SetCursorPos
USER32.dll575SetWindowTextW
USER32.dll585ShowWindow
USER32.dll599ToUnicode
USER32.dll608TranslateMessage
USER32.dll636keybd_event
USER32.dll637mouse_event
WS2_32.dll26WSACleanup
WS2_32.dll43WSAGetLastError
WS2_32.dll54WSAIoctl
WS2_32.dll84WSAStartup
WS2_32.dll131__WSAFDIsSet
WS2_32.dll134closesocket
WS2_32.dll135connect
WS2_32.dll139gethostbyname
WS2_32.dll150htons
WS2_32.dll152inet_ntoa
WS2_32.dll155ioctlsocket
WS2_32.dll158ntohs
WS2_32.dll159recv
WS2_32.dll161select
WS2_32.dll162send
WS2_32.dll164setsockopt
WS2_32.dll165shutdown
WS2_32.dll166socket
ordentry_vafunction_name
module_name
flags0
timestamp2020-03-13 17:53:36
version0.0
ordinal_base1
nFunctions0
nNames0
Names(0)0x2c028
Functions(0)0x2c028
NameOrdinals(0)0x2c028
offsetsizetypecomment
0151552EXE03/13/2020 17:53:36#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











everything is OK