| filename | 1.exe | |
|---|---|---|
| size | 214016 (0x34400) | |
| md5 | bad5f5df38584696cc55fc0fd460e5cf | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | WIN.Trojan.Agent-8792 FOUND | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| 00000040: 23 4f 7a f3 67 30 1c a6 67 30 1c a6 67 30 1c a6 |#Oz.g0..g0..g0..| 00000050: 67 30 1b a6 63 30 1c a6 70 58 8d a6 66 30 1c a6 |g0..c0..pX..f0..| 00000060: 82 b3 b9 a6 6e 30 1c a6 82 b3 86 a6 68 30 1c a6 |....n0......h0..| 00000070: 82 b3 87 a6 68 30 1c a6 55 6c 66 6b 67 30 1c a6 |....h0..Ulfkg0..| 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
PE Header
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x40bf1 | 0x29000 | RWX CODE DISCARDABLE | |
| .idata | 0x42000 | 0x190c | 0x1a00 | R-- IDATA | |
| .rdata | 0x44000 | 0x9466 | 0x9600 | RW- IDATA |
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| GDI32.dll | 359 | GetObjectA | |
| GDI32.dll | 524 | TextOutW | |
| GDI32.dll | 179 | DeleteDC | |
| GDI32.dll | 192 | EndPath | |
| GDI32.dll | 199 | EnumFontsW | |
| GDI32.dll | 320 | GetDIBits | |
| GDI32.dll | 462 | SelectObject | |
| GDI32.dll | 136 | CreateBitmapIndirect | |
| GDI32.dll | 190 | EndDoc | |
| GDI32.dll | 129 | CombineRgn | |
| GDI32.dll | 158 | CreateFontW | |
| GDI32.dll | 212 | ExtTextOutA | |
| GDI32.dll | 213 | ExtTextOutW | |
| GDI32.dll | 488 | SetMapMode | |
| GDI32.dll | 377 | GetSystemPaletteEntries | |
| GDI32.dll | 171 | CreateRectRgn | |
| GDI32.dll | 162 | CreateICW | |
| GDI32.dll | 147 | CreateDIBitmap | |
| GDI32.dll | 314 | GetCurrentObject | |
| GDI32.dll | 154 | CreateFontIndirectA | |
| GDI32.dll | 513 | SetWindowOrgEx | |
| GDI32.dll | 468 | SetBkColor | |
| GDI32.dll | 146 | CreateDIBSection | |
| GDI32.dll | 532 | WidenPath | |
| GDI32.dll | 476 | SetDIBColorTable | |
| GDI32.dll | 382 | GetTextCharsetInfo | |
| GDI32.dll | 420 | PatBlt | |
| GDI32.dll | 438 | PtInRegion | |
| GDI32.dll | 523 | TextOutA | |
| GDI32.dll | 449 | RemoveFontResourceW | |
| GDI32.dll | 176 | CreateSolidBrush | |
| GDI32.dll | 486 | SetLayout | |
| GDI32.dll | 471 | SetBrushOrgEx | |
| GDI32.dll | 428 | PolyBezier | |
| GDI32.dll | 289 | GetBitmapBits | |
| GDI32.dll | 441 | RectInRegion | |
| GDI32.dll | 117 | BeginPath | |
| GDI32.dll | 148 | CreateDiscardableBitmap | |
| GDI32.dll | 417 | OffsetViewportOrgEx | |
| GDI32.dll | 358 | GetNearestPaletteIndex | |
| GDI32.dll | 7 | AddFontResourceW | |
| GDI32.dll | 188 | Ellipse | |
| GDI32.dll | 517 | StartPage | |
| GDI32.dll | 160 | CreateHatchBrush | |
| GDI32.dll | 166 | CreatePatternBrush | |
| GDI32.dll | 467 | SetBitmapDimensionEx | |
| GDI32.dll | 310 | GetClipBox | |
| GDI32.dll | 460 | SelectClipRgn | |
| USER32.dll | 553 | SendMessageTimeoutA | |
| USER32.dll | 89 | CreateDialogParamW | |
| USER32.dll | 689 | VkKeyScanW | |
| USER32.dll | 272 | GetDlgItemInt | |
| USER32.dll | 143 | DefWindowProcW | |
| USER32.dll | 183 | DrawStateA | |
| USER32.dll | 431 | LoadIconA | |
| USER32.dll | 74 | CopyAcceleratorTableW | |
| USER32.dll | 531 | RegisterWindowMessageW | |
| USER32.dll | 273 | GetDlgItemTextA | |
| USER32.dll | 414 | IsRectEmpty | |
| USER32.dll | 309 | GetMenuItemInfoW | |
| USER32.dll | 484 | OffsetRect | |
| USER32.dll | 147 | DestroyAcceleratorTable | |
| USER32.dll | 494 | PeekMessageA | |
| USER32.dll | 345 | GetSysColor | |
| USER32.dll | 530 | RegisterWindowMessageA | |
| USER32.dll | 635 | ShowCursor | |
| USER32.dll | 185 | DrawTextA | |
| USER32.dll | 175 | DrawEdge | |
| USER32.dll | 11 | AttachThreadInput | |
| USER32.dll | 224 | FillRect | |
| USER32.dll | 426 | LoadBitmapW | |
| USER32.dll | 645 | SystemParametersInfoA | |
| USER32.dll | 55 | CharUpperBuffA | |
| USER32.dll | 543 | ScrollWindow | |
| USER32.dll | 570 | SetCursorPos | |
| USER32.dll | 145 | DeleteMenu | |
| USER32.dll | 226 | FindWindowExA | |
| USER32.dll | 99 | CreateWindowExW | |
| USER32.dll | 195 | EndDialog | |
| USER32.dll | 488 | OpenIcon | |
| USER32.dll | 667 | UnloadKeyboardLayout | |
| USER32.dll | 136 | DefDlgProcW | |
| USER32.dll | 357 | GetUserObjectInformationA | |
| USER32.dll | 53 | CharToOemW | |
| USER32.dll | 10 | ArrangeIconicWindows | |
| USER32.dll | 456 | MapVirtualKeyW | |
| USER32.dll | 51 | CharToOemBuffA | |
| USER32.dll | 555 | SendMessageW | |
| USER32.dll | 45 | CharNextW | |
| USER32.dll | 549 | SendInput | |
| USER32.dll | 418 | IsWindowUnicode | |
| USER32.dll | 578 | SetForegroundWindow | |
| USER32.dll | 404 | IsChild | |
| USER32.dll | 399 | IsCharAlphaW | |
| USER32.dll | 444 | LoadStringW | |
| USER32.dll | 554 | SendMessageTimeoutW | |
| USER32.dll | 564 | SetClassLongW | |
| USER32.dll | 54 | CharUpperA | |
| USER32.dll | 513 | RedrawWindow | |
| USER32.dll | 627 | SetWindowTextA | |
| USER32.dll | 365 | GetWindowLongW | |
| USER32.dll | 545 | SendDlgItemMessageA | |
| USER32.dll | 248 | GetClassLongA | |
| USER32.dll | 600 | SetRect | |
| USER32.dll | 181 | DrawMenuBar | |
| USER32.dll | 178 | DrawFrameControl | |
| USER32.dll | 385 | InSendMessageEx | |
| USER32.dll | 151 | DestroyMenu | |
| USER32.dll | 68 | ClipCursor | |
| USER32.dll | 360 | GetWindow | |
| USER32.dll | 636 | ShowOwnedPopups | |
| USER32.dll | 500 | PostThreadMessageA | |
| USER32.dll | 312 | GetMenuStringA | |
| USER32.dll | 179 | DrawIcon | |
| USER32.dll | 184 | DrawStateW | |
| USER32.dll | 408 | IsDialogMessageW | |
| USER32.dll | 27 | CallWindowProcW | |
| USER32.dll | 198 | EndTask | |
| USER32.dll | 60 | CheckMenuRadioItem | |
| USER32.dll | 240 | GetAsyncKeyState | |
| USER32.dll | 160 | DispatchMessageW | |
| USER32.dll | 704 | wsprintfW | |
| USER32.dll | 228 | FindWindowW | |
| USER32.dll | 362 | GetWindowDC | |
| USER32.dll | 82 | CreateCursor | |
| USER32.dll | 197 | EndPaint | |
| USER32.dll | 702 | mouse_event | |
| USER32.dll | 402 | IsCharUpperA | |
| USER32.dll | 384 | InSendMessage | |
| USER32.dll | 323 | GetNextDlgTabItem | |
| USER32.dll | 231 | FrameRect | |
| USER32.dll | 497 | PostMessageA | |
| USER32.dll | 395 | InvertRect | |
| USER32.dll | 307 | GetMenuItemID | |
| USER32.dll | 138 | DefFrameProcW | |
| USER32.dll | 473 | MonitorFromRect | |
| USER32.dll | 244 | GetClassInfoA | |
| USER32.dll | 391 | InternalGetWindowText | |
| USER32.dll | 277 | GetForegroundWindow | |
| USER32.dll | 637 | ShowScrollBar | |
| USER32.dll | 628 | SetWindowTextW | |
| USER32.dll | 469 | MessageBoxW | |
| USER32.dll | 700 | WindowFromPoint | |
| USER32.dll | 246 | GetClassInfoExW | |
| USER32.dll | 8 | AppendMenuA | |
| USER32.dll | 199 | EnumChildWindows | |
| USER32.dll | 392 | IntersectRect | |
| USER32.dll | 557 | SendNotifyMessageW | |
| USER32.dll | 413 | IsMenu | |
| USER32.dll | 356 | GetUpdateRgn | |
| USER32.dll | 701 | keybd_event | |
| USER32.dll | 243 | GetCaretPos | |
| USER32.dll | 522 | RegisterHotKey | |
| USER32.dll | 249 | GetClassLongW | |
| USER32.dll | 501 | PostThreadMessageW | |
| USER32.dll | 233 | GetActiveWindow | |
| USER32.dll | 346 | GetSysColorBrush | |
| USER32.dll | 188 | DrawTextW | |
| USER32.dll | 650 | TileWindows | |
| MSVCRT.dll | 1036 | towupper | |
| MSVCRT.dll | 1023 | swprintf | |
| MSVCRT.dll | 873 | fclose | |
| MSVCRT.dll | 963 | perror | |
| MSVCRT.dll | 923 | isprint | |
| MSVCRT.dll | 922 | islower | |
| MSVCRT.dll | 857 | atoi | |
| MSVCRT.dll | 1073 | wcsstr | |
| MSVCRT.dll | 993 | sscanf | |
| MSVCRT.dll | 245 | _controlfp | |
| MSVCRT.dll | 1014 | strrchr | |
| MSVCRT.dll | 1046 | vsprintf | |
| MSVCRT.dll | 877 | fgetc | |
| MSVCRT.dll | 1061 | wcslen | |
| MSVCRT.dll | 893 | free | |
| MSVCRT.dll | 1034 | toupper | |
| MSVCRT.dll | 985 | setvbuf | |
| MSVCRT.dll | 864 | clock | |
| MSVCRT.dll | 935 | iswprint | |
| MSVCRT.dll | 179 | __set_app_type | |
| MSVCRT.dll | 160 | __p__fmode | |
| MSVCRT.dll | 882 | floor | |
| MSVCRT.dll | 1069 | wcsrchr | |
| MSVCRT.dll | 155 | __p__commode | |
| MSVCRT.dll | 909 | getenv | |
| MSVCRT.dll | 984 | setlocale | |
| MSVCRT.dll | 1010 | strncpy | |
| MSVCRT.dll | 1057 | wcscpy | |
| MSVCRT.dll | 1018 | strtok | |
| MSVCRT.dll | 997 | strchr | |
| MSVCRT.dll | 219 | _amsg_exit | |
| MSVCRT.dll | 1056 | wcscoll | |
| MSVCRT.dll | 390 | _initterm | |
| MSVCRT.dll | 999 | strcoll | |
| MSVCRT.dll | 414 | _ismbblead | |
| MSVCRT.dll | 82 | _XcptFilter | |
| MSVCRT.dll | 291 | _exit | |
| MSVCRT.dll | 1037 | ungetc | |
| MSVCRT.dll | 968 | putchar | |
| MSVCRT.dll | 232 | _cexit | |
| MSVCRT.dll | 181 | __setusermatherr | |
| MSVCRT.dll | 859 | bsearch | |
| MSVCRT.dll | 1021 | strtoul | |
| MSVCRT.dll | 114 | __getmainargs | |
| KERNEL32.dll | 793 | LockResource | |
| KERNEL32.dll | 1057 | SetLastError | |
| KERNEL32.dll | 1117 | TlsFree | |
| KERNEL32.dll | 254 | DefineDosDeviceW | |
| KERNEL32.dll | 988 | SearchPathW | |
| KERNEL32.dll | 1218 | lstrcmpA | |
| KERNEL32.dll | 944 | ReleaseSemaphore | |
| KERNEL32.dll | 1100 | SizeofResource | |
| KERNEL32.dll | 731 | IsValidLocale | |
| KERNEL32.dll | 349 | FindFirstFileA | |
| KERNEL32.dll | 600 | GetSystemWindowsDirectoryA | |
| KERNEL32.dll | 379 | FoldStringW | |
| KERNEL32.dll | 856 | MapViewOfFileEx | |
| KERNEL32.dll | 593 | GetSystemInfo | |
| KERNEL32.dll | 600 | GetProfileIntA | |
| KERNEL32.dll | 1230 | lstrlenA | |
| KERNEL32.dll | 947 | RemoveDirectoryA | |
| KERNEL32.dll | 857 | PulseEvent | |
| KERNEL32.dll | 656 | GlobalFree | |
| KERNEL32.dll | 663 | GlobalReAlloc | |
| KERNEL32.dll | 348 | FindFirstChangeNotificationW | |
| KERNEL32.dll | 1215 | lstrcatA | |
| KERNEL32.dll | 234 | CreateSemaphoreW | |
| KERNEL32.dll | 386 | FreeLibrary | |
| KERNEL32.dll | 963 | RtlUnwind | |
| KERNEL32.dll | 162 | CallNamedPipeW | |
| KERNEL32.dll | 1088 | SetTimerQueueTimer | |
| KERNEL32.dll | 657 | GlobalGetAtomNameA | |
| KERNEL32.dll | 202 | CreateEventA | |
| KERNEL32.dll | 1045 | SetFileApisToOEM | |
| KERNEL32.dll | 625 | GetTimeZoneInformation | |
| KERNEL32.dll | 231 | CreateSemaphoreA | |
| KERNEL32.dll | 836 | OpenSemaphoreW | |
| KERNEL32.dll | 683 | HeapReAlloc | |
| KERNEL32.dll | 870 | QueryPerformanceCounter | |
| KERNEL32.dll | 490 | GetFileAttributesExA | |
| KERNEL32.dll | 525 | GetModuleHandleW | |
| KERNEL32.dll | 1219 | lstrcmpW | |
| KERNEL32.dll | 621 | GetTickCount | |
| KERNEL32.dll | 628 | GetUserDefaultLangID | |
| KERNEL32.dll | 810 | MoveFileA | |
| KERNEL32.dll | 230 | CreateRemoteThread | |
| KERNEL32.dll | 607 | GetTempFileNameA | |
| KERNEL32.dll | 181 | ConnectNamedPipe | |
| KERNEL32.dll | 499 | GetFullPathNameW | |
| KERNEL32.dll | 1101 | Sleep | |
| KERNEL32.dll | 647 | GlobalAddAtomA | |
| KERNEL32.dll | 778 | LoadResource | |
| KERNEL32.dll | 492 | GetFileAttributesW | |
| KERNEL32.dll | 209 | CreateFileMappingA | |
| KERNEL32.dll | 275 | EnterCriticalSection | |
| KERNEL32.dll | 581 | GetStartupInfoW |
| ord | entry_va | function_name | |
|---|---|---|---|
| 1 | 0x2c2b | ?SendPointerW@@YGIPAKGPAHF<V |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find resource section for va=0x109d2