zbot.ex

info
MZ
PE
imports
exports
foremost
hexdump
disasm
log
discuss
donate

filename	zbot.ex_
size	92160 (0x16800)
md5	df234ab7c44c35baf3a12243fb12b3f1

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xe0

Rich Header

lib id	version	times used
149	30729	7
1	0	107
147	30729	11
146	30729	1
132	30729	39
131	30729	17
148	30729	1
145	30729	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	0xc
TimeDateStamp	0x4d8d9072
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	11.0
SizeOfCode	0x6e00
SizeOfInitializedData	0xf600
SizeOfUninitializedData	0
AddressOfEntryPoint	0x6f37
BaseOfCode	0x1000
BaseOfData	0x8000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0x30000
SizeOfHeaders	0x400
CheckSum	0x23f83
Subsystem	2
DllCharacteristics	0
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x6e00	0x6e00	R-X CODE
rt_ecx	0x8000	0x18	0x200	R-- IDATA
rt_esp	0x9000	0x1c	0x200	R-- IDATA
rt_eax	0xa000	0xbe	0x200	R-- IDATA
rt_edx	0xb000	0x36	0x200	R-- IDATA
rt_ebp	0xc000	0x4c	0x200	RW- IDATA
rt_ebx	0xd000	0x35ae	0x3600	RW- IDATA
rt_edi	0x11000	0x4c	0x200	R-- IDATA
rt_esi	0x12000	0x40	0x200	R-- IDATA
.data	0x13000	0x113da	0xc00	RW- IDATA
.rsrc	0x25000	0x9c30	0x9e00	R-- IDATA
.reloc	0x2f000	0x728	0x800	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0xd000	0x106
IMPORT	0xa000	0x250
RESOURCE	0x2e240	0x9f0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x2f000	0x720
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x8000	0x18
Delay_IAT	0	0
CLR_Header	0	0

module_name	hint	function_name
SHLWAPI.dll	282	StrCmpLogicalW
USER32.dll	455	IsCharLowerW
KERNEL32.dll	836	LocalAlloc

ord	entry_va	function_name

module_name	DirectorCut.exe
flags	0
timestamp	2012-04-23 01:14:10
version	0.0
ordinal_base	1
nFunctions	3
nNames	4294967295
Names(4294967295)	0xd034
Functions(3)	0xffffffff
NameOrdinals(4294967295)	0xd040

show previews

offset	size	type	comment
0	92160	EXE	03/26/2011 07:06:26	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find resource section for va=0x2e240

[?] can't find file_offset of VA 0xffffffff

[?] got EOF while reading exports name_ordinals

[?] got EOF while reading exports names

[?] can't find file_offset of VA 0x69440002

[?] can't find file_offset of VA 0x74636572

[?] can't find file_offset of VA 0x7543726f

[?] can't find file_offset of VA 0x78652e74

[?] can't find file_offset of VA 0x69430065

[?] can't find file_offset of VA 0x616d656e

[?] can't find file_offset of VA 0x59616c50

[?] can't find file_offset of VA 0x6f4c3f00

[?] can't find file_offset of VA 0x6f467473

[?] can't find file_offset of VA 0x72617772

[?] can't find file_offset of VA 0x70695464

[?] can't find file_offset of VA 0x47594040

[?] can't find file_offset of VA 0x5f554a5f

[?] can't find file_offset of VA 0x494c4148

[?] can't find file_offset of VA 0x454c4e47

[?] can't find file_offset of VA 0x40405446

[?] can't find file_offset of VA 0x45525f55

[?] can't find file_offset of VA 0x45544f4d

[?] can't find file_offset of VA 0x544e4f43

[?] can't find file_offset of VA 0x5f4c4f52

[?] can't find file_offset of VA 0x40535953

[?] can't find file_offset of VA 0x594040

[?] can't find file_offset of VA 0x6d65543f

[?] can't find file_offset of VA 0x74616c70

[?] can't find file_offset of VA 0x73654d65

[?] can't find file_offset of VA 0x65676173

[?] can't find file_offset of VA 0x47594040

[?] can't find file_offset of VA 0x5f554a5f

[?] can't find file_offset of VA 0x494c4148

[?] can't find file_offset of VA 0x454c4e47

[?] can't find file_offset of VA 0x40405446

[?] can't find file_offset of VA 0x45525f55

[?] can't find file_offset of VA 0x45544f4d

[?] can't find file_offset of VA 0x544e4f43

[?] can't find file_offset of VA 0x5f4c4f52

[?] can't find file_offset of VA 0x40535953

[?] can't find file_offset of VA 0x594040

[?] can't find file_offset of VA 0x0

[?] can't find file_offset of VA 0x30e70000

[?] can't find file_offset of VA 0x5ef40010

[?] can't find file_offset of VA 0x2ae30010

[?] can't find file_offset of VA 0x78430010

[?] can't find file_offset of VA 0x224a0010

[?] can't find file_offset of VA 0x3cb00010

[?] can't find file_offset of VA 0x773c0010

[?] can't find file_offset of VA 0x70cc0010

[?] can't find file_offset of VA 0x75330010

[?] can't find file_offset of VA 0xeac0010

[?] can't find file_offset of VA 0x20650010

[?] can't find file_offset of VA 0x1a3d0010

[?] can't find file_offset of VA 0x3560010

[?] can't find file_offset of VA 0x591a0010

[?] can't find file_offset of VA 0x25d30010

[?] can't find file_offset of VA 0x120a0010

[?] can't find file_offset of VA 0x199a0010

[?] can't find file_offset of VA 0x20270010

[?] can't find file_offset of VA 0x69460010

[?] can't find file_offset of VA 0x5b800010

[?] can't find file_offset of VA 0x303c0010

[?] can't find file_offset of VA 0x333b0010

[?] can't find file_offset of VA 0x5c580010

[?] can't find file_offset of VA 0x69a10010

[?] can't find file_offset of VA 0xb190010

[?] can't find file_offset of VA 0x612a0010

[?] can't find file_offset of VA 0x2c400010

[?] can't find file_offset of VA 0x2d0e0010

[?] can't find file_offset of VA 0x669c0010

[?] can't find file_offset of VA 0x1f7c0010

[?] can't find file_offset of VA 0x37f00010

[?] can't find file_offset of VA 0xa480010

[?] can't find file_offset of VA 0xce370010

[?] can't find file_offset of VA 0x60ff208e

[?] can't find file_offset of VA 0x6cf5dfbf

[?] can't find file_offset of VA 0x6bdfe153

[?] can't find file_offset of VA 0x9a00000

[?] can't find file_offset of VA 0x88820000

[?] can't find file_offset of VA 0x8e7cb2a6

[?] can't find file_offset of VA 0xb68ba490

[?] can't find file_offset of VA 0xa5908ab5

[?] can't find file_offset of VA 0x9c8b8ea5

[?] can't find file_offset of VA 0xadc292b5

[?] can't find file_offset of VA 0xa4ae81b1

[?] can't find file_offset of VA 0x7dc98394

[?] can't find file_offset of VA 0x8fc8a38a

[?] can't find file_offset of VA 0xbdcf9bc0

[?] can't find file_offset of VA 0x96bea3d1

[?] can't find file_offset of VA 0x6d7c92b3

[?] can't find file_offset of VA 0x9dae7c91

[?] can't find file_offset of VA 0xb485b6a4

[?] can't find file_offset of VA 0xb1a9ad73

[?] can't find file_offset of VA 0xbcaa928d

[?] too many errors getting export names, stopped on 105 of 15091

[?] NumberOfNames too big (4294967295), limiting to 16384