| filename | 11822ae6c65113bfe710abed1683db545509222cb7ba93c74322f13fb8344fb7 | |
|---|---|---|
| size | 283648 (0x45400) | |
| md5 | cbdaccc755176a8d48ec3c3ff156b2b0 | |
| type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| mimetype | application/x-dosexec | |
| clamav | Win.Trojan.Zbot-22312 FOUND | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x100 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 121 | 14202 | 12 |
| 22 | 519 | 75 |
| 71 | 43782 | 408 |
| 7 | 16633 | 164 |
| 68 | 13656 | 1037 |
| 92 | 32455 | 224 |
| 59 | 19161 | 252 |
| 35 | 30932 | 682 |
| 93 | 62000 | 590 |
| 84 | 56777 | 995 |
| 83 | 45947 | 697 |
DOS stub
00000000: 6f 8a de b0 dc 19 a7 51 aa 4e 0a c4 8e 46 f5 c6 |o......Q.N...F..| 00000010: a7 f8 bf 2f 29 71 1e b0 ba 30 ba ac 1c 65 9d 19 |.../)q...0...e..| 00000020: a8 44 bf 8d e8 fc eb 26 6b 36 dc d2 aa b6 b9 be |.D.....&k6......| 00000030: c5 84 9c 56 3e 69 eb f0 93 93 b4 73 ef b8 0e ff |...V>i.....s....|
PE Header
Packer / Compiler
UPX v2.00-V2.90 (Markus Oberhumer & Laszlo Molnar & John Reiser) This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x24000 | 0x24000 | RWX UDATA | |
| UPX1 | 0x25000 | 0x20000 | 0x1fc00 | RWX IDATA | |
| .rsrc | 0x45000 | 0x2000 | 0x1400 | RW- IDATA |
Data Directory
| type | va | size | |
|---|---|---|---|
| EXPORT | 0 | 0 | |
| IMPORT | 0x46200 | 0xb4 | |
| RESOURCE | 0x45000 | 0xe5c | |
| EXCEPTION | 0 | 0 | |
| SECURITY | 0 | 0 | |
| BASERELOC | 0 | 0 | |
| DEBUG | 0 | 0 | |
| ARCHITECTURE | 0 | 0 | |
| GLOBALPTR | 0 | 0 | |
| TLS | 0 | 0 | |
| LOAD_CONFIG | 0 | 0 | |
| Bound_IAT | 0 | 0 | |
| IAT | 0 | 0 | |
| Delay_IAT | 0 | 0 | |
| CLR_Header | 0 | 0 |
StringTable 040904E4
| CompanyName | Cfkjfdmktv Lmubuw |
| FileDescription | Cfkjfdmktv Bpnyckyl Isighfxwp |
| FileVersion | 123,106,93,3 |
| InternalName | Cfkjfdmktv |
| LegalCopyright | Copyright © Cfkjfdmktv Lmubuw 1999-2011 |
| OriginalFilename | Cfkjfdmktv.exe |
| ProductName | Cfkjfdmktv Bpnyckyl Isighfxwp |
| ProductVersion | 111,34,14,81 |
VS_FIXEDFILEINFO
| FileVersion | 123.106.93.3 |
| ProductVersion | 111.34.14.81 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK