Malaysia Honeynet Project // Malware Database (Beta)

my-honeynet.org / list stats search
Hash 1aecd4e23b84d15d4e5b37f1d371f1cb
First seen 2006-10-22T03:09:15
Last seen 2006-11-07T01:37:04
Filetype MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
Mimetype application/octet-stream
Size 87552
Hits 6
Clamav Trojan.Poebot-14 FOUND No Virus Found
F-Prot Infection: W32/Bobax.AO No Virus Found
Antivir WORM/Poebot.C.1 No Virus Found
AVG Trojan.Poebot-14 FOUND No Virus Found
Objdump 
binaries/1aecd4e23b84d15d4e5b37f1d371f1cb:     file format efi-app-ia32
binaries/1aecd4e23b84d15d4e5b37f1d371f1cb
architecture: i386, flags 0x0000010b:
HAS_RELOC, EXEC_P, HAS_DEBUG, D_PAGED
start address 0x0000000000401db0

Characteristics 0x10e
	executable
	line numbers stripped
	symbols stripped
	32 bit words

Time/Date		Sat Mar 16 01:20:21 1996

ImageBase		0000000000400000
SectionAlignment	0000000000001000
FileAlignment		0000000000000200
MajorOSystemVersion	4
MinorOSystemVersion	0
MajorImageVersion	0
MinorImageVersion	0
MajorSubsystemVersion	4
MinorSubsystemVersion	0
Win32Version		00000000
SizeOfImage		00030000
SizeOfHeaders		00000400
CheckSum		00000000
Subsystem		00000002	(Windows GUI)
DllCharacteristics	00000000
SizeOfStackReserve	0000000000100000
SizeOfStackCommit	0000000000001000
SizeOfHeapReserve	0000000000100000
SizeOfHeapCommit	0000000000001000
LoaderFlags		00000000
NumberOfRvaAndSizes	00000010

The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 000000000000b000 00000064 Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 000000000000c000 00000528 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 000000000000b14c 000000d4 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved

There is an import table in .idata at 0x40b000

The Import Tables (interpreted .idata section contents)
 vma:            Hint    Time      Forward  DLL       First
                 Table   Stamp     Chain    Name      Thunk
 0000b000	0000b138 00000000 00000000 0000b22c 0000b20c

	DLL Name: USER32.dll
	vma:  Hint/Ord Member-Name Bound-To
	b220	  585  wsprintfA

 0000b014	0000b140 00000000 00000000 0000b25a 0000b214

	DLL Name: ole32.dll
	vma:  Hint/Ord Member-Name Bound-To
	b24a	   97  OleInitialize
	b238	  121  OleUninitialize

 0000b028	0000b12c 00000000 00000000 0000b264 0000b200

	DLL Name: OLEAUT32.dll
	vma:  Hint/Ord Member-Name Bound-To
	800000a1	  161  
	800000a3	  163  

 0000b03c	0000b078 00000000 00000000 0000b56a 0000b14c

	DLL Name: KERNEL32.dll
	vma:  Hint/Ord Member-Name Bound-To
	b3be	  282  GetStringTypeW
	b3d0	  373  LCMapStringA
	b3a8	  578  WideCharToMultiByte
	b55a	  495  SetEndOfFile
	b538	  376  LoadLibraryA
	b526	  259  GetProcAddress
	b272	  403  MultiByteToWideChar
	b288	  225  GetLastError
	b298	  215  GetFileAttributesA
	b2ae	  194  GetCurrentDirectoryA
	b2c6	  221  GetFullPathNameA
	b2da	  206  GetDriveTypeA
	b2ea	  233  GetModuleFileNameA
	b300	  159  GetCommandLineA
	b312	  311  GetVersion
	b320	  506  SetHandleCount
	b332	  220  GetFileType
	b340	  278  GetStdHandle
	b350	  276  GetStartupInfoA
	b362	  339  HeapAlloc
	b36e	   98  ExitProcess
	b37c	  345  HeapFree
	b388	   22  CloseHandle
	b396	  279  GetStringTypeA
	b548	  504  SetFilePointer
	b518	   43  CreateFileA
	b468	  139  FreeEnvironmentStringsA
	b3e0	  374  LCMapStringW
	b3f0	  117  FindClose
	b3fc	  124  FindNextFileA
	b40c	  121  FindFirstFileA
	b41e	  152  GetCPInfo
	b42a	  146  GetACP
	b434	  246  GetOEMCP
	b440	  455  RtlUnwind
	b44c	  550  UnhandledExceptionFilter
	b482	  208  GetEnvironmentStrings
	b49a	  140  FreeEnvironmentStringsW
	b4b4	  210  GetEnvironmentStringsW
	b4ce	  341  HeapCreate
	b4dc	  591  WriteFile
	b4e8	  131  FlushFileBuffers
	b4fc	  518  SetStdHandle
	b50c	  440  ReadFile

 0000b050	00000000 00000000 00000000 00000000 00000000


PE File Base Relocations (interpreted .reloc section contents)

Virtual Address: 00001000 Chunk size 220 (0xdc) Number of fixups 106
	reloc    0 offset    2 [1002] HIGHLOW
	reloc    1 offset    f [100f] HIGHLOW
	reloc    2 offset   14 [1014] HIGHLOW
	reloc    3 offset   41 [1041] HIGHLOW
	reloc    4 offset   e1 [10e1] HIGHLOW
	reloc    5 offset  127 [1127] HIGHLOW
	reloc    6 offset  132 [1132] HIGHLOW
	reloc    7 offset  137 [1137] HIGHLOW
	reloc    8 offset  13d [113d] HIGHLOW
	reloc    9 offset  147 [1147] HIGHLOW
	reloc   10 offset  172 [1172] HIGHLOW
	reloc   11 offset  189 [1189] HIGHLOW
	reloc   12 offset  18e [118e] HIGHLOW
	reloc   13 offset  194 [1194] HIGHLOW
	reloc   14 offset  19e [119e] HIGHLOW
	reloc   15 offset  1bb [11bb] HIGHLOW
	reloc   16 offset  1c0 [11c0] HIGHLOW
	reloc   17 offset  1c6 [11c6] HIGHLOW
	reloc   18 offset  1d0 [11d0] HIGHLOW
	reloc   19 offset  202 [1202] HIGHLOW
	reloc   20 offset  217 [1217] HIGHLOW
	reloc   21 offset  21c [121c] HIGHLOW
	reloc   22 offset  222 [1222] HIGHLOW
	reloc   23 offset  22c [122c] HIGHLOW
	reloc   24 offset  28f [128f] HIGHLOW
	reloc   25 offset  2aa [12aa] HIGHLOW
	reloc   26 offset  2c4 [12c4] HIGHLOW
	reloc   27 offset  385 [1385] HIGHLOW
	reloc   28 offset  397 [1397] HIGHLOW
	reloc   29 offset  39e [139e] HIGHLOW
	reloc   30 offset  3af [13af] HIGHLOW
	reloc   31 offset  3b7 [13b7] HIGHLOW
	reloc   32 offset  3c6 [13c6] HIGHLOW
	reloc   33 offset  3d2 [13d2] HIGHLOW
	reloc   34 offset  3dc [13dc] HIGHLOW
	reloc   35 offset  3e1 [13e1] HIGHLOW
	reloc   36 offset  3e7 [13e7] HIGHLOW
	reloc   37 offset  3f1 [13f1] HIGHLOW
	reloc   38 offset  46d [146d] HIGHLOW
	reloc   39 offset  496 [1496] HIGHLOW
	reloc   40 offset  4ae [14ae] HIGHLOW
	reloc   41 offset  512 [1512] HIGHLOW
	reloc   42 offset  51c [151c] HIGHLOW
	reloc   43 offset  528 [1528] HIGHLOW
	reloc   44 offset  531 [1531] HIGHLOW
	reloc   45 offset  53c [153c] HIGHLOW
	reloc   46 offset  54a [154a] HIGHLOW
	reloc   47 offset  554 [1554] HIGHLOW
	reloc   48 offset  569 [1569] HIGHLOW
	reloc   49 offset  57c [157c] HIGHLOW
	reloc   50 offset  584 [1584] HIGHLOW
	reloc   51 offset  59a [159a] HIGHLOW
	reloc   52 offset  5ad [15ad] HIGHLOW
	reloc   53 offset  5c9 [15c9] HIGHLOW
	reloc   54 offset  5e7 [15e7] HIGHLOW
	reloc   55 offset  607 [1607] HIGHLOW
	reloc   56 offset  612 [1612] HIGHLOW
	reloc   57 offset  632 [1632] HIGHLOW
	reloc   58 offset  63c [163c] HIGHLOW
	reloc   59 offset  734 [1734] HIGHLOW
	reloc   60 offset  74e [174e] HIGHLOW
	reloc   61 offset  885 [1885] HIGHLOW
	reloc   62 offset  8af [18af] HIGHLOW
	reloc   63 offset  8c5 [18c5] HIGHLOW
	reloc   64 offset  8e4 [18e4] HIGHLOW
	reloc   65 offset  91b [191b] HIGHLOW
	reloc   66 offset  9b6 [19b6] HIGHLOW
	reloc   67 offset  9c0 [19c0] HIGHLOW
	reloc   68 offset  9fd [19fd] HIGHLOW
	reloc   69 offset  a0f [1a0f] HIGHLOW
	reloc   70 offset  a53 [1a53] HIGHLOW
	reloc   71 offset  a72 [1a72] HIGHLOW
	reloc   72 offset  af0 [1af0] HIGHLOW
	reloc   73 offset  b1b [1b1b] HIGHLOW
	reloc   74 offset  b24 [1b24] HIGHLOW
	reloc   75 offset  b29 [1b29] HIGHLOW
	reloc   76 offset  b2f [1b2f] HIGHLOW
	reloc   77 offset  b3a [1b3a] HIGHLOW
	reloc   78 offset  b9c [1b9c] HIGHLOW
	reloc   79 offset  ba1 [1ba1] HIGHLOW
	reloc   80 offset  c16 [1c16] HIGHLOW
	reloc   81 offset  c5a [1c5a] HIGHLOW
	reloc   82 offset  d4a [1d4a] HIGHLOW
	reloc   83 offset  d6b [1d6b] HIGHLOW
	reloc   84 offset  dbc [1dbc] HIGHLOW
	reloc   85 offset  dc1 [1dc1] HIGHLOW
	reloc   86 offset  dd8 [1dd8] HIGHLOW
	reloc   87 offset  ded [1ded] HIGHLOW
	reloc   88 offset  df3 [1df3] HIGHLOW
	reloc   89 offset  df8 [1df8] HIGHLOW
	reloc   90 offset  e03 [1e03] HIGHLOW
	reloc   91 offset  e1f [1e1f] HIGHLOW
	reloc   92 offset  e24 [1e24] HIGHLOW
	reloc   93 offset  e2e [1e2e] HIGHLOW
	reloc   94 offset  e38 [1e38] HIGHLOW
	reloc   95 offset  e59 [1e59] HIGHLOW
	reloc   96 offset  e5e [1e5e] HIGHLOW
	reloc   97 offset  e64 [1e64] HIGHLOW
	reloc   98 offset  e6a [1e6a] HIGHLOW
	reloc   99 offset  ec2 [1ec2] HIGHLOW
	reloc  100 offset  ee2 [1ee2] HIGHLOW
	reloc  101 offset  f0d [1f0d] HIGHLOW
	reloc  102 offset  f19 [1f19] HIGHLOW
	reloc  103 offset  f26 [1f26] HIGHLOW
	reloc  104 offset  f3b [1f3b] HIGHLOW
	reloc  105 offset    0 [1000] ABSOLUTE

Virtual Address: 00002000 Chunk size 204 (0xcc) Number of fixups 98
	reloc    0 offset   36 [2036] HIGHLOW
	reloc    1 offset   48 [2048] HIGHLOW
	reloc    2 offset   64 [2064] HIGHLOW
	reloc    3 offset   ae [20ae] HIGHLOW
	reloc    4 offset   b5 [20b5] HIGHLOW
	reloc    5 offset  18f [218f] HIGHLOW
	reloc    6 offset  196 [2196] HIGHLOW
	reloc    7 offset  1c8 [21c8] HIGHLOW
	reloc    8 offset  26b [226b] HIGHLOW
	reloc    9 offset  272 [2272] HIGHLOW
	reloc   10 offset  336 [2336] HIGHLOW
	reloc   11 offset  3d4 [23d4] HIGHLOW
	reloc   12 offset  6a9 [26a9] HIGHLOW
	reloc   13 offset  6c6 [26c6] HIGHLOW
	reloc   14 offset  6dd [26dd] HIGHLOW
	reloc   15 offset  730 [2730] HIGHLOW
	reloc   16 offset  8b0 [28b0] HIGHLOW
	reloc   17 offset  8b4 [28b4] HIGHLOW
	reloc   18 offset  8b8 [28b8] HIGHLOW
	reloc   19 offset  8bc [28bc] HIGHLOW
	reloc   20 offset  8c0 [28c0] HIGHLOW
	reloc   21 offset  8c4 [28c4] HIGHLOW
	reloc   22 offset  8c8 [28c8] HIGHLOW
	reloc   23 offset  8cc [28cc] HIGHLOW
	reloc   24 offset  8d0 [28d0] HIGHLOW
	reloc   25 offset  8d4 [28d4] HIGHLOW
	reloc   26 offset  8d8 [28d8] HIGHLOW
	reloc   27 offset  8dc [28dc] HIGHLOW
	reloc   28 offset  8e0 [28e0] HIGHLOW
	reloc   29 offset  8e4 [28e4] HIGHLOW
	reloc   30 offset  8fc [28fc] HIGHLOW
	reloc   31 offset  900 [2900] HIGHLOW
	reloc   32 offset  904 [2904] HIGHLOW
	reloc   33 offset  908 [2908] HIGHLOW
	reloc   34 offset  90c [290c] HIGHLOW
	reloc   35 offset  940 [2940] HIGHLOW
	reloc   36 offset  944 [2944] HIGHLOW
	reloc   37 offset  948 [2948] HIGHLOW
	reloc   38 offset  94c [294c] HIGHLOW
	reloc   39 offset  950 [2950] HIGHLOW
	reloc   40 offset  954 [2954] HIGHLOW
	reloc   41 offset  958 [2958] HIGHLOW
	reloc   42 offset  95c [295c] HIGHLOW
	reloc   43 offset  960 [2960] HIGHLOW
	reloc   44 offset  964 [2964] HIGHLOW
	reloc   45 offset  968 [2968] HIGHLOW
	reloc   46 offset  96c [296c] HIGHLOW
	reloc   47 offset  970 [2970] HIGHLOW
	reloc   48 offset  974 [2974] HIGHLOW
	reloc   49 offset  978 [2978] HIGHLOW
	reloc   50 offset  97c [297c] HIGHLOW
	reloc   51 offset  980 [2980] HIGHLOW
	reloc   52 offset  afc [2afc] HIGHLOW
	reloc   53 offset  b02 [2b02] HIGHLOW
	reloc   54 offset  b26 [2b26] HIGHLOW
	reloc   55 offset  b3a [2b3a] HIGHLOW
	reloc   56 offset  b70 [2b70] HIGHLOW
	reloc   57 offset  b77 [2b77] HIGHLOW
	reloc   58 offset  b97 [2b97] HIGHLOW
	reloc   59 offset  bc5 [2bc5] HIGHLOW
	reloc   60 offset  bcf [2bcf] HIGHLOW
	reloc   61 offset  be8 [2be8] HIGHLOW
	reloc   62 offset  bff [2bff] HIGHLOW
	reloc   63 offset  c1c [2c1c] HIGHLOW
	reloc   64 offset  c29 [2c29] HIGHLOW
	reloc   65 offset  c5a [2c5a] HIGHLOW
	reloc   66 offset  c90 [2c90] HIGHLOW
	reloc   67 offset  c97 [2c97] HIGHLOW
	reloc   68 offset  cc6 [2cc6] HIGHLOW
	reloc   69 offset  ccb [2ccb] HIGHLOW
	reloc   70 offset  ce4 [2ce4] HIGHLOW
	reloc   71 offset  cf7 [2cf7] HIGHLOW
	reloc   72 offset  d1d [2d1d] HIGHLOW
	reloc   73 offset  d2e [2d2e] HIGHLOW
	reloc   74 offset  d53 [2d53] HIGHLOW
	reloc   75 offset  d65 [2d65] HIGHLOW
	reloc   76 offset  d76 [2d76] HIGHLOW
	reloc   77 offset  d91 [2d91] HIGHLOW
	reloc   78 offset  d9c [2d9c] HIGHLOW
	reloc   79 offset  da1 [2da1] HIGHLOW
	reloc   80 offset  dae [2dae] HIGHLOW
	reloc   81 offset  db3 [2db3] HIGHLOW
	reloc   82 offset  e02 [2e02] HIGHLOW
	reloc   83 offset  e17 [2e17] HIGHLOW
	reloc   84 offset  e1f [2e1f] HIGHLOW
	reloc   85 offset  e28 [2e28] HIGHLOW
	reloc   86 offset  e31 [2e31] HIGHLOW
	reloc   87 offset  e44 [2e44] HIGHLOW
	reloc   88 offset  e4b [2e4b] HIGHLOW
	reloc   89 offset  e50 [2e50] HIGHLOW
	reloc   90 offset  e5d [2e5d] HIGHLOW
	reloc   91 offset  e62 [2e62] HIGHLOW
	reloc   92 offset  e79 [2e79] HIGHLOW
	reloc   93 offset  f7f [2f7f] HIGHLOW
	reloc   94 offset  fe7 [2fe7] HIGHLOW
	reloc   95 offset  fec [2fec] HIGHLOW
	reloc   96 offset  ffa [2ffa] HIGHLOW
	reloc   97 offset    0 [2000] ABSOLUTE

Virtual Address: 00003000 Chunk size 304 (0x130) Number of fixups 148
	reloc    0 offset    c [300c] HIGHLOW
	reloc    1 offset   18 [3018] HIGHLOW
	reloc    2 offset   1d [301d] HIGHLOW
	reloc    3 offset   32 [3032] HIGHLOW
	reloc    4 offset   3d [303d] HIGHLOW
	reloc    5 offset   5c [305c] HIGHLOW
	reloc    6 offset   63 [3063] HIGHLOW
	reloc    7 offset   7a [307a] HIGHLOW
	reloc    8 offset   8e [308e] HIGHLOW
	reloc    9 offset   d7 [30d7] HIGHLOW
	reloc   10 offset   e1 [30e1] HIGHLOW
	reloc   11 offset  121 [3121] HIGHLOW
	reloc   12 offset  12b [312b] HIGHLOW
	reloc   13 offset  184 [3184] HIGHLOW
	reloc   14 offset  196 [3196] HIGHLOW
	reloc   15 offset  19e [319e] HIGHLOW
	reloc   16 offset  1bb [31bb] HIGHLOW
	reloc   17 offset  1c3 [31c3] HIGHLOW
	reloc   18 offset  1de [31de] HIGHLOW
	reloc   19 offset  1e3 [31e3] HIGHLOW
	reloc   20 offset  1f6 [31f6] HIGHLOW
	reloc   21 offset  21a [321a] HIGHLOW
	reloc   22 offset  231 [3231] HIGHLOW
	reloc   23 offset  248 [3248] HIGHLOW
	reloc   24 offset  274 [3274] HIGHLOW
	reloc   25 offset  28a [328a] HIGHLOW
	reloc   26 offset  322 [3322] HIGHLOW
	reloc   27 offset  338 [3338] HIGHLOW
	reloc   28 offset  3d6 [33d6] HIGHLOW
	reloc   29 offset  3e6 [33e6] HIGHLOW
	reloc   30 offset  41a [341a] HIGHLOW
	reloc   31 offset  429 [3429] HIGHLOW
	reloc   32 offset  51e [351e] HIGHLOW
	reloc   33 offset  53c [353c] HIGHLOW
	reloc   34 offset  540 [3540] HIGHLOW
	reloc   35 offset  544 [3544] HIGHLOW
	reloc   36 offset  548 [3548] HIGHLOW
	reloc   37 offset  54c [354c] HIGHLOW
	reloc   38 offset  550 [3550] HIGHLOW
	reloc   39 offset  554 [3554] HIGHLOW
	reloc   40 offset  558 [3558] HIGHLOW
	reloc   41 offset  55c [355c] HIGHLOW
	reloc   42 offset  560 [3560] HIGHLOW
	reloc   43 offset  5b8 [35b8] HIGHLOW
	reloc   44 offset  5c0 [35c0] HIGHLOW
	reloc   45 offset  5da [35da] HIGHLOW
	reloc   46 offset  5e3 [35e3] HIGHLOW
	reloc   47 offset  5f8 [35f8] HIGHLOW
	reloc   48 offset  601 [3601] HIGHLOW
	reloc   49 offset  632 [3632] HIGHLOW
	reloc   50 offset  641 [3641] HIGHLOW
	reloc   51 offset  64a [364a] HIGHLOW
	reloc   52 offset  669 [3669] HIGHLOW
	reloc   53 offset  676 [3676] HIGHLOW
	reloc   54 offset  68e [368e] HIGHLOW
	reloc   55 offset  697 [3697] HIGHLOW
	reloc   56 offset  6b0 [36b0] HIGHLOW
	reloc   57 offset  6b5 [36b5] HIGHLOW
	reloc   58 offset  6e0 [36e0] HIGHLOW
	reloc   59 offset  6f6 [36f6] HIGHLOW
	reloc   60 offset  711 [3711] HIGHLOW
	reloc   61 offset  750 [3750] HIGHLOW
	reloc   62 offset  76a [376a] HIGHLOW
	reloc   63 offset  79f [379f] HIGHLOW
	reloc   64 offset  7ea [37ea] HIGHLOW
	reloc   65 offset  808 [3808] HIGHLOW
	reloc   66 offset  829 [3829] HIGHLOW
	reloc   67 offset  891 [3891] HIGHLOW
	reloc   68 offset  8f6 [38f6] HIGHLOW
	reloc   69 offset  900 [3900] HIGHLOW
	reloc   70 offset  915 [3915] HIGHLOW
	reloc   71 offset  91a [391a] HIGHLOW
	reloc   72 offset  91f [391f] HIGHLOW
	reloc   73 offset  948 [3948] HIGHLOW
	reloc   74 offset  98a [398a] HIGHLOW
	reloc   75 offset  9be [39be] HIGHLOW
	reloc   76 offset  9c3 [39c3] HIGHLOW
	reloc   77 offset  9c9 [39c9] HIGHLOW
	reloc   78 offset  9e7 [39e7] HIGHLOW
	reloc   79 offset  9f2 [39f2] HIGHLOW
	reloc   80 offset  9fc [39fc] HIGHLOW
	reloc   81 offset  a0a [3a0a] HIGHLOW
	reloc   82 offset  aae [3aae] HIGHLOW
	reloc   83 offset  ab7 [3ab7] HIGHLOW
	reloc   84 offset  acd [3acd] HIGHLOW
	reloc   85 offset  bc0 [3bc0] HIGHLOW
	reloc   86 offset  c13 [3c13] HIGHLOW
	reloc   87 offset  c1c [3c1c] HIGHLOW
	reloc   88 offset  c24 [3c24] HIGHLOW
	reloc   89 offset  c2c [3c2c] HIGHLOW
	reloc   90 offset  c31 [3c31] HIGHLOW
	reloc   91 offset  c8b [3c8b] HIGHLOW
	reloc   92 offset  ca0 [3ca0] HIGHLOW
	reloc   93 offset  ca5 [3ca5] HIGHLOW
	reloc   94 offset  cb0 [3cb0] HIGHLOW
	reloc   95 offset  cb6 [3cb6] HIGHLOW
	reloc   96 offset  cbf [3cbf] HIGHLOW
	reloc   97 offset  cc7 [3cc7] HIGHLOW
	reloc   98 offset  ccc [3ccc] HIGHLOW
	reloc   99 offset  cda [3cda] HIGHLOW
	reloc  100 offset  ce0 [3ce0] HIGHLOW
	reloc  101 offset  ce8 [3ce8] HIGHLOW
	reloc  102 offset  cf1 [3cf1] HIGHLOW
	reloc  103 offset  cf8 [3cf8] HIGHLOW
	reloc  104 offset  d01 [3d01] HIGHLOW
	reloc  105 offset  d0b [3d0b] HIGHLOW
	reloc  106 offset  d38 [3d38] HIGHLOW
	reloc  107 offset  d64 [3d64] HIGHLOW
	reloc  108 offset  d78 [3d78] HIGHLOW
	reloc  109 offset  d86 [3d86] HIGHLOW
	reloc  110 offset  d94 [3d94] HIGHLOW
	reloc  111 offset  dcc [3dcc] HIGHLOW
	reloc  112 offset  dea [3dea] HIGHLOW
	reloc  113 offset  dfa [3dfa] HIGHLOW
	reloc  114 offset  e0c [3e0c] HIGHLOW
	reloc  115 offset  e2e [3e2e] HIGHLOW
	reloc  116 offset  e4c [3e4c] HIGHLOW
	reloc  117 offset  e52 [3e52] HIGHLOW
	reloc  118 offset  e71 [3e71] HIGHLOW
	reloc  119 offset  e7b [3e7b] HIGHLOW
	reloc  120 offset  e89 [3e89] HIGHLOW
	reloc  121 offset  e91 [3e91] HIGHLOW
	reloc  122 offset  e98 [3e98] HIGHLOW
	reloc  123 offset  eb6 [3eb6] HIGHLOW
	reloc  124 offset  ebb [3ebb] HIGHLOW
	reloc  125 offset  ec2 [3ec2] HIGHLOW
	reloc  126 offset  ed8 [3ed8] HIGHLOW
	reloc  127 offset  f02 [3f02] HIGHLOW
	reloc  128 offset  f15 [3f15] HIGHLOW
	reloc  129 offset  f1f [3f1f] HIGHLOW
	reloc  130 offset  f2a [3f2a] HIGHLOW
	reloc  131 offset  f34 [3f34] HIGHLOW
	reloc  132 offset  f3f [3f3f] HIGHLOW
	reloc  133 offset  f48 [3f48] HIGHLOW
	reloc  134 offset  f62 [3f62] HIGHLOW
	reloc  135 offset  f69 [3f69] HIGHLOW
	reloc  136 offset  f88 [3f88] HIGHLOW
	reloc  137 offset  f8c [3f8c] HIGHLOW
	reloc  138 offset  f90 [3f90] HIGHLOW
	reloc  139 offset  f94 [3f94] HIGHLOW
	reloc  140 offset  f98 [3f98] HIGHLOW
	reloc  141 offset  fb4 [3fb4] HIGHLOW
	reloc  142 offset  fc1 [3fc1] HIGHLOW
	reloc  143 offset  fc6 [3fc6] HIGHLOW
	reloc  144 offset  fcc [3fcc] HIGHLOW
	reloc  145 offset  fd1 [3fd1] HIGHLOW
	reloc  146 offset  ff8 [3ff8] HIGHLOW
	reloc  147 offset    0 [3000] ABSOLUTE

Virtual Address: 00004000 Chunk size 244 (0xf4) Number of fixups 118
	reloc    0 offset   39 [4039] HIGHLOW
	reloc    1 offset   a2 [40a2] HIGHLOW
	reloc    2 offset   bc [40bc] HIGHLOW
	reloc    3 offset   c5 [40c5] HIGHLOW
	reloc    4 offset  125 [4125] HIGHLOW
	reloc    5 offset  12f [412f] HIGHLOW
	reloc    6 offset  13f [413f] HIGHLOW
	reloc    7 offset  145 [4145] HIGHLOW
	reloc    8 offset  14b [414b] HIGHLOW
	reloc    9 offset  153 [4153] HIGHLOW
	reloc   10 offset  15d [415d] HIGHLOW
	reloc   11 offset  163 [4163] HIGHLOW
	reloc   12 offset  175 [4175] HIGHLOW
	reloc   13 offset  184 [4184] HIGHLOW
	reloc   14 offset  197 [4197] HIGHLOW
	reloc   15 offset  1aa [41aa] HIGHLOW
	reloc   16 offset  1bd [41bd] HIGHLOW
	reloc   17 offset  1d0 [41d0] HIGHLOW
	reloc   18 offset  1e3 [41e3] HIGHLOW
	reloc   19 offset  1f6 [41f6] HIGHLOW
	reloc   20 offset  1ff [41ff] HIGHLOW
	reloc   21 offset  20d [420d] HIGHLOW
	reloc   22 offset  22b [422b] HIGHLOW
	reloc   23 offset  238 [4238] HIGHLOW
	reloc   24 offset  241 [4241] HIGHLOW
	reloc   25 offset  251 [4251] HIGHLOW
	reloc   26 offset  25b [425b] HIGHLOW
	reloc   27 offset  275 [4275] HIGHLOW
	reloc   28 offset  2ac [42ac] HIGHLOW
	reloc   29 offset  2c5 [42c5] HIGHLOW
	reloc   30 offset  330 [4330] HIGHLOW
	reloc   31 offset  355 [4355] HIGHLOW
	reloc   32 offset  362 [4362] HIGHLOW
	reloc   33 offset  370 [4370] HIGHLOW
	reloc   34 offset  380 [4380] HIGHLOW
	reloc   35 offset  38c [438c] HIGHLOW
	reloc   36 offset  3aa [43aa] HIGHLOW
	reloc   37 offset  3b0 [43b0] HIGHLOW
	reloc   38 offset  401 [4401] HIGHLOW
	reloc   39 offset  428 [4428] HIGHLOW
	reloc   40 offset  43e [443e] HIGHLOW
	reloc   41 offset  44f [444f] HIGHLOW
	reloc   42 offset  45f [445f] HIGHLOW
	reloc   43 offset  46c [446c] HIGHLOW
	reloc   44 offset  4ac [44ac] HIGHLOW
	reloc   45 offset  4d1 [44d1] HIGHLOW
	reloc   46 offset  4fb [44fb] HIGHLOW
	reloc   47 offset  500 [4500] HIGHLOW
	reloc   48 offset  5f1 [45f1] HIGHLOW
	reloc   49 offset  600 [4600] HIGHLOW
	reloc   50 offset  615 [4615] HIGHLOW
	reloc   51 offset  639 [4639] HIGHLOW
	reloc   52 offset  652 [4652] HIGHLOW
	reloc   53 offset  65b [465b] HIGHLOW
	reloc   54 offset  66e [466e] HIGHLOW
	reloc   55 offset  67b [467b] HIGHLOW
	reloc   56 offset  684 [4684] HIGHLOW
	reloc   57 offset  6aa [46aa] HIGHLOW
	reloc   58 offset  6b7 [46b7] HIGHLOW
	reloc   59 offset  703 [4703] HIGHLOW
	reloc   60 offset  711 [4711] HIGHLOW
	reloc   61 offset  752 [4752] HIGHLOW
	reloc   62 offset  785 [4785] HIGHLOW
	reloc   63 offset  7ba [47ba] HIGHLOW
	reloc   64 offset  7d9 [47d9] HIGHLOW
	reloc   65 offset  7e9 [47e9] HIGHLOW
	reloc   66 offset  7f1 [47f1] HIGHLOW
	reloc   67 offset  80f [480f] HIGHLOW
	reloc   68 offset  826 [4826] HIGHLOW
	reloc   69 offset  83c [483c] HIGHLOW
	reloc   70 offset  863 [4863] HIGHLOW
	reloc   71 offset  87d [487d] HIGHLOW
	reloc   72 offset  89b [489b] HIGHLOW
	reloc   73 offset  8ac [48ac] HIGHLOW
	reloc   74 offset  8c0 [48c0] HIGHLOW
	reloc   75 offset  8d1 [48d1] HIGHLOW
	reloc   76 offset  a40 [4a40] HIGHLOW
	reloc   77 offset  a48 [4a48] HIGHLOW
	reloc   78 offset  aa5 [4aa5] HIGHLOW
	reloc   79 offset  abd [4abd] HIGHLOW
	reloc   80 offset  b32 [4b32] HIGHLOW
	reloc   81 offset  b66 [4b66] HIGHLOW
	reloc   82 offset  b7b [4b7b] HIGHLOW
	reloc   83 offset  b93 [4b93] HIGHLOW
	reloc   84 offset  ba2 [4ba2] HIGHLOW
	reloc   85 offset  bac [4bac] HIGHLOW
	reloc   86 offset  bb5 [4bb5] HIGHLOW
	reloc   87 offset  bc1 [4bc1] HIGHLOW
	reloc   88 offset  bdc [4bdc] HIGHLOW
	reloc   89 offset  bf3 [4bf3] HIGHLOW
	reloc   90 offset  cd0 [4cd0] HIGHLOW
	reloc   91 offset  cfb [4cfb] HIGHLOW
	reloc   92 offset  d17 [4d17] HIGHLOW
	reloc   93 offset  d3a [4d3a] HIGHLOW
	reloc   94 offset  d49 [4d49] HIGHLOW
	reloc   95 offset  daa [4daa] HIGHLOW
	reloc   96 offset  db4 [4db4] HIGHLOW
	reloc   97 offset  ddf [4ddf] HIGHLOW
	reloc   98 offset  de9 [4de9] HIGHLOW
	reloc   99 offset  e0e [4e0e] HIGHLOW
	reloc  100 offset  e51 [4e51] HIGHLOW
	reloc  101 offset  e72 [4e72] HIGHLOW
	reloc  102 offset  e7e [4e7e] HIGHLOW
	reloc  103 offset  ec8 [4ec8] HIGHLOW
	reloc  104 offset  ed9 [4ed9] HIGHLOW
	reloc  105 offset  ef3 [4ef3] HIGHLOW
	reloc  106 offset  f13 [4f13] HIGHLOW
	reloc  107 offset  f22 [4f22] HIGHLOW
	reloc  108 offset  f31 [4f31] HIGHLOW
	reloc  109 offset  f4e [4f4e] HIGHLOW
	reloc  110 offset  f58 [4f58] HIGHLOW
	reloc  111 offset  f78 [4f78] HIGHLOW
	reloc  112 offset  f88 [4f88] HIGHLOW
	reloc  113 offset  fa9 [4fa9] HIGHLOW
	reloc  114 offset  fd2 [4fd2] HIGHLOW
	reloc  115 offset  fec [4fec] HIGHLOW
	reloc  116 offset  ff6 [4ff6] HIGHLOW
	reloc  117 offset    0 [4000] ABSOLUTE

Virtual Address: 00005000 Chunk size 224 (0xe0) Number of fixups 108
	reloc    0 offset    6 [5006] HIGHLOW
	reloc    1 offset   19 [5019] HIGHLOW
	reloc    2 offset   2b [502b] HIGHLOW
	reloc    3 offset   35 [5035] HIGHLOW
	reloc    4 offset   83 [5083] HIGHLOW
	reloc    5 offset   88 [5088] HIGHLOW
	reloc    6 offset   8c [508c] HIGHLOW
	reloc    7 offset   90 [5090] HIGHLOW
	reloc    8 offset   94 [5094] HIGHLOW
	reloc    9 offset   e9 [50e9] HIGHLOW
	reloc   10 offset  11c [511c] HIGHLOW
	reloc   11 offset  120 [5120] HIGHLOW
	reloc   12 offset  124 [5124] HIGHLOW
	reloc   13 offset  128 [5128] HIGHLOW
	reloc   14 offset  12c [512c] HIGHLOW
	reloc   15 offset  18f [518f] HIGHLOW
	reloc   16 offset  1a9 [51a9] HIGHLOW
	reloc   17 offset  1bf [51bf] HIGHLOW
	reloc   18 offset  235 [5235] HIGHLOW
	reloc   19 offset  23f [523f] HIGHLOW
	reloc   20 offset  24a [524a] HIGHLOW
	reloc   21 offset  256 [5256] HIGHLOW
	reloc   22 offset  330 [5330] HIGHLOW
	reloc   23 offset  33a [533a] HIGHLOW
	reloc   24 offset  3ea [53ea] HIGHLOW
	reloc   25 offset  3f4 [53f4] HIGHLOW
	reloc   26 offset  413 [5413] HIGHLOW
	reloc   27 offset  4a4 [54a4] HIGHLOW
	reloc   28 offset  4d1 [54d1] HIGHLOW
	reloc   29 offset  4db [54db] HIGHLOW
	reloc   30 offset  516 [5516] HIGHLOW
	reloc   31 offset  51d [551d] HIGHLOW
	reloc   32 offset  529 [5529] HIGHLOW
	reloc   33 offset  533 [5533] HIGHLOW
	reloc   34 offset  5b8 [55b8] HIGHLOW
	reloc   35 offset  5c2 [55c2] HIGHLOW
	reloc   36 offset  60f [560f] HIGHLOW
	reloc   37 offset  678 [5678] HIGHLOW
	reloc   38 offset  682 [5682] HIGHLOW
	reloc   39 offset  6ae [56ae] HIGHLOW
	reloc   40 offset  6be [56be] HIGHLOW
	reloc   41 offset  6db [56db] HIGHLOW
	reloc   42 offset  6e6 [56e6] HIGHLOW
	reloc   43 offset  6ec [56ec] HIGHLOW
	reloc   44 offset  72f [572f] HIGHLOW
	reloc   45 offset  77f [577f] HIGHLOW
	reloc   46 offset  838 [5838] HIGHLOW
	reloc   47 offset  83c [583c] HIGHLOW
	reloc   48 offset  840 [5840] HIGHLOW
	reloc   49 offset  844 [5844] HIGHLOW
	reloc   50 offset  848 [5848] HIGHLOW
	reloc   51 offset  8b2 [58b2] HIGHLOW
	reloc   52 offset  8f7 [58f7] HIGHLOW
	reloc   53 offset  92a [592a] HIGHLOW
	reloc   54 offset  95a [595a] HIGHLOW
	reloc   55 offset  98e [598e] HIGHLOW
	reloc   56 offset  a17 [5a17] HIGHLOW
	reloc   57 offset  a58 [5a58] HIGHLOW
	reloc   58 offset  a82 [5a82] HIGHLOW
	reloc   59 offset  ad5 [5ad5] HIGHLOW
	reloc   60 offset  ae9 [5ae9] HIGHLOW
	reloc   61 offset  b06 [5b06] HIGHLOW
	reloc   62 offset  b22 [5b22] HIGHLOW
	reloc   63 offset  b54 [5b54] HIGHLOW
	reloc   64 offset  b75 [5b75] HIGHLOW
	reloc   65 offset  b7e [5b7e] HIGHLOW
	reloc   66 offset  b87 [5b87] HIGHLOW
	reloc   67 offset  b90 [5b90] HIGHLOW
	reloc   68 offset  b99 [5b99] HIGHLOW
	reloc   69 offset  ba2 [5ba2] HIGHLOW
	reloc   70 offset  bc4 [5bc4] HIGHLOW
	reloc   71 offset  be5 [5be5] HIGHLOW
	reloc   72 offset  bee [5bee] HIGHLOW
	reloc   73 offset  bf7 [5bf7] HIGHLOW
	reloc   74 offset  c00 [5c00] HIGHLOW
	reloc   75 offset  c09 [5c09] HIGHLOW
	reloc   76 offset  c12 [5c12] HIGHLOW
	reloc   77 offset  c57 [5c57] HIGHLOW
	reloc   78 offset  c5e [5c5e] HIGHLOW
	reloc   79 offset  c64 [5c64] HIGHLOW
	reloc   80 offset  c6f [5c6f] HIGHLOW
	reloc   81 offset  c75 [5c75] HIGHLOW
	reloc   82 offset  c7d [5c7d] HIGHLOW
	reloc   83 offset  c86 [5c86] HIGHLOW
	reloc   84 offset  c8e [5c8e] HIGHLOW
	reloc   85 offset  c93 [5c93] HIGHLOW
	reloc   86 offset  c9b [5c9b] HIGHLOW
	reloc   87 offset  ca0 [5ca0] HIGHLOW
	reloc   88 offset  cb2 [5cb2] HIGHLOW
	reloc   89 offset  cbc [5cbc] HIGHLOW
	reloc   90 offset  cd4 [5cd4] HIGHLOW
	reloc   91 offset  d08 [5d08] HIGHLOW
	reloc   92 offset  d1d [5d1d] HIGHLOW
	reloc   93 offset  d4c [5d4c] HIGHLOW
	reloc   94 offset  d66 [5d66] HIGHLOW
	reloc   95 offset  d78 [5d78] HIGHLOW
	reloc   96 offset  da7 [5da7] HIGHLOW
	reloc   97 offset  db1 [5db1] HIGHLOW
	reloc   98 offset  dd9 [5dd9] HIGHLOW
	reloc   99 offset  df2 [5df2] HIGHLOW
	reloc  100 offset  e84 [5e84] HIGHLOW
	reloc  101 offset  e8d [5e8d] HIGHLOW
	reloc  102 offset  ebd [5ebd] HIGHLOW
	reloc  103 offset  ecd [5ecd] HIGHLOW
	reloc  104 offset  ed7 [5ed7] HIGHLOW
	reloc  105 offset  edc [5edc] HIGHLOW
	reloc  106 offset  f15 [5f15] HIGHLOW
	reloc  107 offset    0 [5000] ABSOLUTE

Virtual Address: 00006000 Chunk size 32 (0x20) Number of fixups 12
	reloc    0 offset   ee [60ee] HIGHLOW
	reloc    1 offset  1b7 [61b7] HIGHLOW
	reloc    2 offset  1ca [61ca] HIGHLOW
	reloc    3 offset  216 [6216] HIGHLOW
	reloc    4 offset  227 [6227] HIGHLOW
	reloc    5 offset  265 [6265] HIGHLOW
	reloc    6 offset  28f [628f] HIGHLOW
	reloc    7 offset  2a5 [62a5] HIGHLOW
	reloc    8 offset  2c4 [62c4] HIGHLOW
	reloc    9 offset  2fb [62fb] HIGHLOW
	reloc   10 offset  348 [6348] HIGHLOW
	reloc   11 offset    0 [6000] ABSOLUTE

Virtual Address: 00007000 Chunk size 12 (0xc) Number of fixups 2
	reloc    0 offset    4 [7004] HIGHLOW
	reloc    1 offset    8 [7008] HIGHLOW

Virtual Address: 00008000 Chunk size 80 (0x50) Number of fixups 36
	reloc    0 offset    c [800c] HIGHLOW
	reloc    1 offset   18 [8018] HIGHLOW
	reloc    2 offset  230 [8230] HIGHLOW
	reloc    3 offset  238 [8238] HIGHLOW
	reloc    4 offset  4b8 [84b8] HIGHLOW
	reloc    5 offset  4bc [84bc] HIGHLOW
	reloc    6 offset  6d8 [86d8] HIGHLOW
	reloc    7 offset  708 [8708] HIGHLOW
	reloc    8 offset  70c [870c] HIGHLOW
	reloc    9 offset  e34 [8e34] HIGHLOW
	reloc   10 offset  e3c [8e3c] HIGHLOW
	reloc   11 offset  e44 [8e44] HIGHLOW
	reloc   12 offset  e4c [8e4c] HIGHLOW
	reloc   13 offset  e54 [8e54] HIGHLOW
	reloc   14 offset  e5c [8e5c] HIGHLOW
	reloc   15 offset  e64 [8e64] HIGHLOW
	reloc   16 offset  e6c [8e6c] HIGHLOW
	reloc   17 offset  e74 [8e74] HIGHLOW
	reloc   18 offset  e7c [8e7c] HIGHLOW
	reloc   19 offset  e84 [8e84] HIGHLOW
	reloc   20 offset  e8c [8e8c] HIGHLOW
	reloc   21 offset  e94 [8e94] HIGHLOW
	reloc   22 offset  e9c [8e9c] HIGHLOW
	reloc   23 offset  ea4 [8ea4] HIGHLOW
	reloc   24 offset  eac [8eac] HIGHLOW
	reloc   25 offset  eb4 [8eb4] HIGHLOW
	reloc   26 offset  f20 [8f20] HIGHLOW
	reloc   27 offset  f24 [8f24] HIGHLOW
	reloc   28 offset  f28 [8f28] HIGHLOW
	reloc   29 offset  f2c [8f2c] HIGHLOW
	reloc   30 offset  f30 [8f30] HIGHLOW
	reloc   31 offset  f34 [8f34] HIGHLOW
	reloc   32 offset  fb8 [8fb8] HIGHLOW
	reloc   33 offset  fbc [8fbc] HIGHLOW
	reloc   34 offset  fc0 [8fc0] HIGHLOW
	reloc   35 offset    0 [8000] ABSOLUTE

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         00005400  0000000000401000  0000000000401000  00000400  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .rdata        00000200  0000000000407000  0000000000407000  00005800  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .data         00001000  0000000000408000  0000000000408000  00005a00  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  3 .idata        00000600  000000000040b000  000000000040b000  00006a00  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  4 .reloc        0001025a  000000000040c000  000000000040c000  00007000  2**2
                  CONTENTS, ALLOC, LOAD, CODE, DATA
SYMBOL TABLE:
no symbols
© 2007 Malaysia Honeynet Project. Data captured using nepenthes. Frontend coded by spoonfork.