er_00_0_l.ex_ - Win.Trojan.Injector-240

info
MZ
PE
imports
foremost
signature
hexdump
disasm
log
discuss
donate

filename	er_00_0_l.ex_
size	233632 (0x390a0)
md5	d3d0ceca177eb65084dda9c287ae2649

type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	Win.Trojan.Injector-240 FOUND
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xc8

Rich Header

lib id	version	times used
123	50727	9
1	0	138
131	21022	1
0	0	1
145	21022	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	0xc
TimeDateStamp	0x4feb631d
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x2102
Magic	0x10b
LinkerVersion	9.0
SizeOfCode	0x31800
SizeOfInitializedData	0x6c00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x10d0
BaseOfCode	0x1000
BaseOfData	0x33000
ImageBase	0x10000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	0.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x3f000
SizeOfHeaders	0x400
CheckSum	0x415c3
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

UPolyX v0.1 (Delikon)

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x31778	0x31800	R-X CODE
.rdata	0x33000	0xed8	0x1000	R-- IDATA
.data	0x34000	0x1318	0x1400	RW- IDATA
.data9	0x36000	0x7d0	0x800	RW- IDATA
.data8	0x37000	0x7d0	0x800	RW- IDATA
.data7	0x38000	0x7d0	0x800	RW- IDATA
.data6	0x39000	0x7d0	0x800	RW- IDATA
.data5	0x3a000	0x7d0	0x800	RW- IDATA
.data4	0x3b000	0x7d0	0x800	RW- IDATA
.data3	0x3c000	0x7d0	0x800	RW- IDATA
.data2	0x3d000	0x7d0	0x800	RW- IDATA
.reloc	0x3e000	0x6f4	0x800	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x33238	0x64
RESOURCE	0	0
EXCEPTION	0	0
SECURITY	0x38800	0x8a0
BASERELOC	0x3e000	0x3a0
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x33000	0x238
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
KERNEL32.dll	237	EnumResourceNamesW
KERNEL32.dll	246	EnumSystemLanguageGroupsA
KERNEL32.dll	307	FindNextVolumeMountPointA
KERNEL32.dll	327	FormatMessageA
KERNEL32.dll	429	GetCurrentThreadId
KERNEL32.dll	502	GetModuleHandleA
KERNEL32.dll	540	GetPrivateProfileStringA
KERNEL32.dll	567	GetShortPathNameA
KERNEL32.dll	569	GetStartupInfoA
KERNEL32.dll	570	GetStartupInfoW
KERNEL32.dll	571	GetStdHandle
KERNEL32.dll	614	GetTickCount
KERNEL32.dll	629	GetVersionExA
KERNEL32.dll	192	DeleteFileA
KERNEL32.dll	739	LCMapStringW
KERNEL32.dll	785	MoveFileA
KERNEL32.dll	794	MultiByteToWideChar
KERNEL32.dll	812	OpenFileMappingW
KERNEL32.dll	816	OpenMutexW
KERNEL32.dll	832	PrepareTape
KERNEL32.dll	1004	SetLastError
KERNEL32.dll	1029	SetThreadAffinityMask
KERNEL32.dll	1036	SetThreadPriorityBoost
KERNEL32.dll	1073	Thread32Next
KERNEL32.dll	1166	WriteFileEx
KERNEL32.dll	1176	WriteProfileSectionW
KERNEL32.dll	1109	VirtualAllocEx
KERNEL32.dll	127	CreateFileW
KERNEL32.dll	1191	lstrcatW
KERNEL32.dll	649	GlobalFindAtomW
KERNEL32.dll	641	GetWindowsDirectoryW
USER32.dll	14	BeginPaint
USER32.dll	745	UpdateWindow
USER32.dll	599	ScrollWindow
USER32.dll	660	SetScrollPos
USER32.dll	661	SetScrollRange
USER32.dll	588	ReleaseDC
USER32.dll	282	GetDC
USER32.dll	9	AppendMenuA
USER32.dll	26	CallMsgFilterW
USER32.dll	29	CallWindowProcW
USER32.dll	32	CascadeWindows
USER32.dll	37	ChangeDisplaySettingsW
USER32.dll	51	CharToOemA
USER32.dll	58	CharUpperW
USER32.dll	61	CheckMenuItem
USER32.dll	65	ChildWindowFromPoint
USER32.dll	72	CloseDesktop
USER32.dll	75	CopyAcceleratorTableA
USER32.dll	78	CopyImage
USER32.dll	79	CopyRect
USER32.dll	96	CreateIconFromResourceEx
USER32.dll	98	CreateMDIWindowA
USER32.dll	101	CreatePopupMenu
USER32.dll	112	DdeClientTransaction
USER32.dll	118	DdeCreateStringHandleW
USER32.dll	123	DdeFreeStringHandle
USER32.dll	132	DdePostAdvise
USER32.dll	136	DdeQueryStringW
USER32.dll	138	DdeSetQualityOfService
USER32.dll	153	DeregisterShellHookWindow
USER32.dll	195	DrawStateA
USER32.dll	196	DrawStateW
USER32.dll	211	EndDialog
USER32.dll	212	EndMenu
USER32.dll	213	EndPaint
USER32.dll	250	GetAltTabInfo
USER32.dll	256	GetAsyncKeyState
USER32.dll	265	GetClassLongW
USER32.dll	267	GetClassNameW
USER32.dll	274	GetClipboardOwner
USER32.dll	275	GetClipboardSequenceNumber
USER32.dll	277	GetComboBoxInfo
USER32.dll	300	GetInputState
USER32.dll	306	GetKeyboardLayout
USER32.dll	312	GetLastActivePopup
USER32.dll	323	GetMenuItemID
USER32.dll	330	GetMessageA
USER32.dll	345	GetProcessWindowStation
USER32.dll	359	GetScrollPos
USER32.dll	360	GetScrollRange
USER32.dll	363	GetSubMenu
USER32.dll	374	GetUpdateRect
USER32.dll	383	GetWindowDC
USER32.dll	386	GetWindowLongW
USER32.dll	393	GetWindowRgn
USER32.dll	400	GetWindowThreadProcessId
USER32.dll	401	GetWindowWord
USER32.dll	408	IMPGetIMEA
USER32.dll	410	IMPQueryIMEA
USER32.dll	413	IMPSetIMEW
USER32.dll	416	InSendMessageEx
USER32.dll	420	InsertMenuItemA
USER32.dll	431	IsCharAlphaNumericW
USER32.dll	436	IsCharUpperW
USER32.dll	440	IsDialogMessageA
USER32.dll	476	LoadKeyboardLayoutW
USER32.dll	488	LockWorkStation
USER32.dll	517	MoveWindow
USER32.dll	524	OemToCharBuffW
USER32.dll	525	OemToCharW
USER32.dll	533	OpenWindowStationA
USER32.dll	555	RealChildWindowFromPoint
USER32.dll	564	RegisterClassExA
USER32.dll	570	RegisterDeviceNotificationW
USER32.dll	590	RemoveMenu
USER32.dll	598	ScrollDC
USER32.dll	601	SendDlgItemMessageA
USER32.dll	608	SendMessageCallbackW
USER32.dll	611	SendMessageW
USER32.dll	613	SendNotifyMessageW
USER32.dll	619	SetClassLongW
USER32.dll	631	SetDlgItemTextW
USER32.dll	634	SetForegroundWindow
USER32.dll	659	SetScrollInfo
USER32.dll	664	SetSysColors
USER32.dll	685	SetWindowWord
USER32.dll	708	SystemParametersInfoA
USER32.dll	709	SystemParametersInfoW
USER32.dll	710	TabbedTextOutA
USER32.dll	713	TileWindows
USER32.dll	714	ToAscii
USER32.dll	720	TrackPopupMenuEx
USER32.dll	725	TranslateMessage
USER32.dll	727	UnhookWinEvent
USER32.dll	729	UnhookWindowsHookEx
USER32.dll	756	VkKeyScanA
USER32.dll	757	VkKeyScanExA
USER32.dll	764	WaitForInputIdle
USER32.dll	769	WindowFromDC
USER32.dll	544	PostQuitMessage
USER32.dll	149	DefWindowProcA
USER32.dll	470	LoadIconA
USER32.dll	103	CreateWindowExA
USER32.dll	216	EnumChildWindows
GDI32.dll	671	TextOutA
GDI32.dll	524	GetTextMetricsA
ADVAPI32.dll	602	RegOpenKeyExA

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj

serial: 16E79654958DA58C474F8EBF7488E4AD

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:e7:96:54:95:8d:a5:8c:47:4f:8e:bf:74:88:e4:ad
        Signature Algorithm: sha1WithRSA
        Issuer: CN=eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
        Validity
            Not Before: Jun 27 08:37:15 2012 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:f8:1a:15:09:5e:d4:4e:63:8a:9b:c0:5e:67:55:
                    40:00:8a:7a:da:9e:91:d0:ec:4e:10:75:47:de:f4:
                    b5:4d:2f:4b:67:af:7d:9a:10:dd:5c:1d:52:9a:d9:
                    3d:61:53:0f:26:d7:b4:00:81:e7:ed:65:d2:dd:1d:
                    d9:28:05:7f:25:c1:aa:b2:6a:73:c0:39:cd:e8:2d:
                    4f:b6:f8:24:96:d3:53:1c:10:66:aa:67:89:f0:8e:
                    ff:62:84:39:61:c0:c0:15:9f:02:b6:ad:8f:61:03:
                    98:48:df:7a:88:e8:8b:c1:d2:df:cb:eb:53:c7:1e:
                    1b:ff:55:98:08:91:0c:c3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            2.5.29.1: 
                0.....02................0..1..0....U.....eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj.....T....GO..t...
    Signature Algorithm: sha1WithRSA
         41:75:0d:5e:4c:8d:0a:ae:ab:3b:70:cf:4c:c6:ab:ec:67:14:
         78:20:72:76:66:01:d3:1d:14:e5:82:c8:15:59:9c:a6:29:61:
         65:81:09:f7:a0:15:6e:5a:68:8d:ff:61:b6:27:fa:9f:c6:6a:
         a1:cf:8c:3c:be:2a:75:bd:b3:e3:b0:e2:78:71:67:07:d1:55:
         f9:73:47:d2:72:d3:9d:2b:28:d2:77:51:80:0a:89:0a:54:99:
         16:3e:6c:4f:63:00:6f:78:9b:cf:fd:0a:f0:b1:04:87:2e:92:
         8a:75:18:20:0a:8a:de:8b:1e:8f:d9:dd:93:34:b2:d8:5e:31:
         52:a3

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

66 4e c9 ac 01 22 e3 07 35 ab 2b 42 bd 53 9d a6 |fN..."..5.+B.S..| 7f 39 7c 10 |.9|. |

#2
- 2
  - 16:E7:96:54:95:8D:A5:8C:47:4F:8E:BF:74:88:E4:AD
  - RSA-SHA1-2: nil
  - CN: eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
  - 2012-06-27 08:37:15 UTC: 2039-12-31 23:59:59 UTC
  - CN: eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
  - #5
    - rsaEncryption: nil
    - F8:1A:15:09:5E:D4:4E:63:8A:9B:C0:5E:67:55:40:00:
      8A:7A:DA:9E:91:D0:EC:4E:10:75:47:DE:F4:B5:4D:2F:
      4B:67:AF:7D:9A:10:DD:5C:1D:52:9A:D9:3D:61:53:0F:
      26:D7:B4:00:81:E7:ED:65:D2:DD:1D:D9:28:05:7F:25:
      C1:AA:B2:6A:73:C0:39:CD:E8:2D:4F:B6:F8:24:96:D3:
      53:1C:10:66:AA:67:89:F0:8E:FF:62:84:39:61:C0:C0:
      15:9F:02:B6:AD:8F:61:03:98:48:DF:7A:88:E8:8B:C1:
      D2:DF:CB:EB:53:C7:1E:1B:FF:55:98:08:91:0C:C3:DD: 0x010001
  - #6
    - extendedKeyUsage: codeSigning
    - 2.5.29.1
      - d9 30 32 9e 8b d6 f1 bb b8 e7 a1 12 e0 d8 1e f0 |.02.............|
        CN: eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
        16 e7 96 54 95 8d a5 8c 47 4f 8e bf 74 88 e4 ad |...T....GO..t...|
- RSA-SHA1-2:
```
41 75 0d 5e 4c 8d 0a ae  ab 3b 70 cf 4c c6 ab ec  |Au.^L....;p.L...|
67 14 78 20 72 76 66 01  d3 1d 14 e5 82 c8 15 59  |g.x rvf........Y|
9c a6 29 61 65 81 09 f7  a0 15 6e 5a 68 8d ff 61  |..)ae.....nZh..a|
b6 27 fa 9f c6 6a a1 cf  8c 3c be 2a 75 bd b3 e3  |.'...j...<.*u...|
b0 e2 78 71 67 07 d1 55  f9 73 47 d2 72 d3 9d 2b  |..xqg..U.sG.r..+|
28 d2 77 51 80 0a 89 0a  54 99 16 3e 6c 4f 63 00  |(.wQ....T..>lOc.|
6f 78 9b cf fd 0a f0 b1  04 87 2e 92 8a 75 18 20  |ox...........u. |
0a 8a de 8b 1e 8f d9 dd  93 34 b2 d8 5e 31 52 a3  |.........4..^1R.|
```

#0
- CN: eltFCYuxXkdvVBAFYUQMiUAvcPupqZ PoxIcDUpqqv KWVbal hxwVBHhftuZAiZw iGaPtfxBjfxKSZdlCKzWrhJCGwfKYtXwgOVRxIeNXjSOAmMCOEyTvGJncjJLIbWmLjzLKGDkGQREXjibzxFj
- 16:E7:96:54:95:8D:A5:8C:47:4F:8E:BF:74:88:E4:AD
SHA1: nil

contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

86 3f 7e a6 90 a5 c3 11  1a e5 1f 76 dc 5a 60 07  |.?~........v.Z`.|
a0 3e 77 d0                                       |.>w.            |

1.3.6.1.4.1.311.2.1.12:

00 4a 00 46 00 53 00 77  00 73 00 49 00 56 00 6f  |.J.F.S.w.s.I.V.o|
00 75 00 4f 00 67 00 58  00 64 00 50 00 62 00 48  |.u.O.g.X.d.P.b.H|
00 4e 00 76 00 57 00 64  00 56 00 6a 00 65 00 67  |.N.v.W.d.V.j.e.g|
00 41 00 65 00 54 00 6b  00 69 00 52 00 74 00 52  |.A.e.T.k.i.R.t.R|
00 7a 00 76 00 42 00 6c  00 6a 00 6c 00 67 00 45  |.z.v.B.l.j.l.g.E|
00 49 00 6e 00 54 00 4a  00 69 00 55 00 64 00 73  |.I.n.T.J.i.U.d.s|
00 49 00 6a 00 54 00 42  00 75 00 4b 00 43 00 53  |.I.j.T.B.u.K.C.S|
00 57 00 57 00 66 00 4b  00 71 00 4b 00 71 00 72  |.W.W.f.K.q.K.q.r|
00 41 00 66 00 4d 00 54  00 66 00 74 00 50 00 77  |.A.f.M.T.f.t.P.w|
00 79 00 53 00 6e 00 42  00 55 00 5a 00 6f 00 66  |.y.S.n.B.U.Z.o.f|
00 50 00 57 00 4b 00 55  00 43 00 68 00 71 00 51  |.P.W.K.U.C.h.q.Q|
00 75 00 42 00 4d 00 68  00 6f 00 6a 00 6a 00 4d  |.u.B.M.h.o.j.j.M|
00 57 00 42 00 67 00 4a  00 44 00 61 00 46 00 66  |.W.B.g.J.D.a.F.f|
00 67 00 4f 00 58 00 49  00 65 00 55 00 78 00 4c  |.g.O.X.I.e.U.x.L|
00 63 00 76 00 76 00 76  00 52 00 7a 00 44 00 45  |.c.v.v.v.R.z.D.E|
00 75 00 78 00 70 00 6a  00 72 00 4c 00 52 00 46  |.u.x.p.j.r.L.R.F|
00 6d 00 74 00 61 00 57  00 59 00 70 00 74 00 78  |.m.t.a.W.Y.p.t.x|
00 76 00 59 00 72 00 6d  00 79 00 4b 00 43 00 43  |.v.Y.r.m.y.K.C.C|
00 45 00 69 00 48 00 75  00 44 00 5a 00 20 00 65  |.E.i.H.u.D.Z. .e|
00 6c 00 74 00 46 00 43  00 59 00 75 00 78 00 58  |.l.t.F.C.Y.u.x.X|
00 6b 00 64 00 76 00 56  00 42 00 41 00 46 00 59  |.k.d.v.V.B.A.F.Y|
00 55 00 51 00 4d 00 69  00 55 00 41 00 76 00 63  |.U.Q.M.i.U.A.v.c|
00 50 00 75 00 70 00 71  00 5a 00 20 00 50 00 6f  |.P.u.p.q.Z. .P.o|
00 78 00 49 00 63 00 44  00 55 00 70 00 71 00 71  |.x.I.c.D.U.p.q.q|
00 76 00 20 00 4b 00 57  00 56 00 62 00 61 00 6c  |.v. .K.W.V.b.a.l|
00 20 00 68 00 78 00 77  00 56 00 42 00 48 00 68  |. .h.x.w.V.B.H.h|
00 66 00 74 00 75 00 5a  00 41 00 69 00 5a 00 77  |.f.t.u.Z.A.i.Z.w|
00 20 00 69 00 47 00 61  00 50 00 74 00 66 00 78  |. .i.G.a.P.t.f.x|
00 42 00 6a 00 66 00 78  00 4b 00 53 00 5a 00 64  |.B.j.f.x.K.S.Z.d|
00 6c 00 43 00 4b 00 7a  00 57 00 72 00 68 00 4a  |.l.C.K.z.W.r.h.J|
00 43 00 47 00 77 00 66  00 4b 00 59 00 74 00 58  |.C.G.w.f.K.Y.t.X|
00 77 00 67 00 4f 00 56  00 52 00 78 00 49 00 65  |.w.g.O.V.R.x.I.e|
00 4e 00 58 00 6a 00 53  00 4f 00 41 00 6d 00 4d  |.N.X.j.S.O.A.m.M|
00 43 00 4f 00 45 00 79  00 54 00 76 00 47 00 4a  |.C.O.E.y.T.v.G.J|
00 6e 00 63 00 6a 00 4a  00 4c 00 49 00 62 00 57  |.n.c.j.J.L.I.b.W|
00 6d 00 4c 00 6a 00 7a  00 4c 00 4b 00 47 00 44  |.m.L.j.z.L.K.G.D|
00 6b 00 47 00 51 00 52  00 45 00 58 00 6a 00 69  |.k.G.Q.R.E.X.j.i|
00 62 00 7a 00 78 00 46  00 6a                    |.b.z.x.F.j      |

rsaEncryption:

20 75 ce 70 74 89 30 67  95 ee 21 b9 21 1c 16 50  | u.pt.0g..!.!..P|
31 22 41 f4 80 24 ce 44  03 c0 14 00 61 21 93 7b  |1"A..$.D....a!.{|
56 e9 db 43 a9 59 ee b4  6c f5 1f 9e 43 bf f8 da  |V..C.Y..l...C...|
6d d1 d3 84 c7 e7 76 9b  d4 04 95 4b b1 c8 cc 56  |m.....v....K...V|
31 12 82 15 da 64 e0 48  ca 47 f3 8e 50 33 0e ac  |1....d.H.G..P3..|
24 55 8e 99 05 44 4f ea  e0 a6 a9 33 99 8c 51 f1  |$U...DO....3..Q.|
40 d4 47 4d ce d9 47 bc  0a d0 45 0c c9 fc 98 58  |@.GM..G...E....X|
be 06 dd 03 7b 0c 05 63  03 93 72 6f 03 39 35 27  |....{..c..ro.95'|

show previews

offset	size	type	comment
0	231424	DLL	06/27/2012 19:46:37	#
15c1	15	HTM		#
38800	2208	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK

er_00_0_l.ex_- Win.Trojan.Injector-240