filename | 2016-03-02-pseudo-Darkleech-Angler-EK-payload-TeslaCrypt-after-kiwitemplates.com.exe.safe | |
---|---|---|
size | 322048 (0x4ea00) | |
md5 | c2224f9512dd2cadc59f177ff7b6fd2f | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xd8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0x18acc | 0xb4 | |
RESOURCE | 0x70000 | 0x33db4 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0x18680 | 0x40 | |
Bound_IAT | 0 | 0 | |
IAT | 0x17000 | 0x3e4 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
id | lang | string |
---|---|---|
65440 | 0 | Friday |
65441 | 0 | Saturday |
65442 | 0 | Invalid file name - %s |
65456 | 0 | September |
65457 | 0 | October |
65458 | 0 | November |
65459 | 0 | December |
65460 | 0 | Sun |
65461 | 0 | Mon |
65462 | 0 | Tue |
65463 | 0 | Wed |
65464 | 0 | Thu |
65465 | 0 | Fri |
65466 | 0 | Sat |
65467 | 0 | Sunday |
65468 | 0 | Monday |
65469 | 0 | Tuesday |
65470 | 0 | Wednesday |
65471 | 0 | Thursday |
65472 | 0 | May |
65473 | 0 | Jun |
65474 | 0 | Jul |
65475 | 0 | Aug |
65476 | 0 | Sep |
65477 | 0 | Oct |
65478 | 0 | Nov |
65479 | 0 | Dec |
65480 | 0 | January |
65481 | 0 | February |
65482 | 0 | March |
65483 | 0 | April |
65484 | 0 | May |
65485 | 0 | June |
65486 | 0 | July |
65487 | 0 | August |
65488 | 0 | Invalid variant type conversion |
65489 | 0 | Invalid variant operation |
65490 | 0 | Invalid argument |
65491 | 0 | External exception %x |
65492 | 0 | Assertion failed |
65493 | 0 | Interface not supported |
65494 | 0 | Exception in safecall method |
65495 | 0 | Object lock not owned |
65496 | 0 | Monitor support function not initialized |
65497 | 0 | %s (%s, line %d) |
65498 | 0 | Abstract Error |
65499 | 0 | Access violation at address %p in module '%s'. %s of address %p |
65500 | 0 | Jan |
65501 | 0 | Feb |
65502 | 0 | Mar |
65503 | 0 | Apr |
65504 | 0 | Invalid class typecast |
65505 | 0 | Access violation at address %p. %s of address %p |
65506 | 0 | Access violation |
65507 | 0 | Stack overflow |
65508 | 0 | Control-C hit |
65509 | 0 | Privileged instruction |
65510 | 0 | Operation aborted |
65511 | 0 | Exception %s in module %s at %p. %s%s |
65512 | 0 | Application Error |
65513 | 0 | Format '%s' invalid or incompatible with argument |
65514 | 0 | No argument for format '%s' |
65515 | 0 | Variant method calls not supported |
65516 | 0 | Read |
65517 | 0 | Write |
65518 | 0 | Error creating variant or safe array |
65519 | 0 | Variant or safe array index out of bounds |
65520 | 0 | Out of memory |
65521 | 0 | I/O error %d |
65522 | 0 | File not found |
65523 | 0 | Too many open files |
65524 | 0 | File access denied |
65525 | 0 | Read beyond end of file |
65526 | 0 | Disk full |
65527 | 0 | Invalid numeric input |
65528 | 0 | Division by zero |
65529 | 0 | Range check error |
65530 | 0 | Integer overflow |
65531 | 0 | Invalid floating point operation |
65532 | 0 | Floating point division by zero |
65533 | 0 | Floating point overflow |
65534 | 0 | Floating point underflow |
65535 | 0 | Invalid pointer operation |
StringTable 000004b0
Comments | For additional details, visit PortableApps.com |
CompanyName | PortableApps.com |
FileDescription | DTShellHlp |
FileVersion | 4.49.1.0356 |
InternalName | DTShellHlp |
LegalCopyright | Copyright 2007 Nero AG and its licensors |
LegalTrademarks | Copyright 2007 Nero AG and its licensors |
OriginalFilename | © XTreme © |
PortableApps.comAppID | DTShellHlp |
PortableApps.comFormatVersion | 2.0 |
PortableApps.comInstallerVersion | 4.49.1.0356 |
ProductName | DTShellHlp |
ProductVersion | 4.49.1.0356 |
VS_FIXEDFILEINFO
FileVersion | 2.10.2.0 |
ProductVersion | 2.10.2.0 |
StrucVersion | 0 |
FileFlagsMask | 0 |
FileFlags | 0 |
FileOS | 4 |
FileType | 1 |
FileSubtype | 0 |
offset | size | type | comment | |
---|---|---|---|---|
0 | 322048 | EXE | 03/02/2016 16:23:33 | # |
15c1 | 15 | HTM | # | |
1b58c | 364 | GIF | (16 x 11) | # |
1b6f8 | 260 | GIF | (16 x 11) | # |
1b7fc | 374 | GIF | (16 x 11) | # |
1b974 | 361 | GIF | (16 x 11) | # |
1bae0 | 360 | GIF | (16 x 11) | # |
1bc48 | 2003 | GIF | (16 x 11) | # |
1c41c | 987 | GIF | (16 x 11) | # |
1c7f8 | 151 | GIF | (16 x 11) | # |
1c890 | 350 | GIF | (16 x 11) | # |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK