Manalyze report for 51c311c50b8c7aff1e52d239e75ecaaa8ec72a84cbc4a8e5e949db40e946ee7b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Mar-21 08:53:38
Detected languages	English - United States Korean - Korea
Debug artifacts	d:\ClientTeam\20. Release\2. ê¸ë¡ë²\[12.03.22] MU_ENG_1.04.05\tmp\Global Release\main.pdb
CompanyName	WebZen
FileDescription	main
FileVersion	`1, 4, 5, 0`
InternalName	main
LegalCopyright	Copyright â 2002
OriginalFilename	main.exe
ProductName	WebZen mu main
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` Contains domain names: PCGameHacks.com alpha-image.webzen.net chilkatsoft.com cknotes.com connect.muchina.com connect.muonline.com connect.muonline.webzen.com connection.muonline.com cs.muonline.jp google.com http://www.chilkatsoft.com http://www.chilkatsoft.com/ChilkatHttpUA.asp http://www.chilkatsoft.com/p/p_463.asp http://www.chilkatsoft.com/userAgent.html http://www.cknotes.com http://www.cknotes.com/?p image.webzen.com image.webzen.net muchina.com muonline.com muonline.jp muonline.webzen.com openssh.com webzen.com webzen.net www.chilkatsoft.com www.cknotes.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to Twofish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .dlib` `Section .dlib is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongW` `Can access the registry: RegisterHotKey RegCloseKey RegSetValueExA RegCreateKeyExA RegQueryValueExA RegDeleteKeyA RegOpenKeyExA RegDeleteValueA RegCreateKeyA RegSetValueExW RegEnumValueA` `Possibly launches other programs: WinExec CreateProcessA ShellExecuteA` Uses Microsoft's cryptographic API: CryptGetUserKey CryptReleaseContext CryptDestroyKey CryptEncrypt CryptImportKey CryptAcquireContextA CryptGenKey CryptExportKey CryptGetProvParam CryptEnumProvidersA CryptAcquireContextW CryptGenRandom CryptDestroyHash CryptVerifySignatureA CryptHashData CryptCreateHash CryptDecrypt CryptDeriveKey CryptGetHashParam CryptEncodeObject CryptSignMessage CryptDecryptMessage CryptMsgOpenToDecode CryptMsgUpdate CryptMsgClose CryptMsgGetParam CryptMsgControl CryptDecodeObject CryptAcquireCertificatePrivateKey `Can create temporary files: CreateFileA GetTempPathA CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: GetAsyncKeyState CallNextHookEx` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetCloseHandle InternetOpenUrlA InternetConnectA InternetOpenA InternetReadFile InternetOpenW InternetConnectW InternetQueryDataAvailable URLDownloadToFileW URLDownloadToFileA` `Leverages the raw socket API to access the Internet: getservbyport gethostbyaddr getservbyname htonl listen WSASetLastError connect gethostname setsockopt socket shutdown recv closesocket WSAStartup bind htons inet_addr __WSAFDIsSet select getpeername getsockname inet_ntoa ntohs ioctlsocket accept WSASend WSAAsyncSelect sendto WSAGetLastError send WSACleanup gethostbyname` `Manipulates other processes: Process32Next OpenProcess Process32First` `Can take screenshots: FindWindowA GetDC CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertSaveStore CertAddCertificateContextToStore CertAddEncodedCertificateToStore CertOpenStore`
Malicious	VirusTotal score: 11/71 (Scanned on 2026-04-17 05:13:15)	`APEX: Malicious` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Fortinet: Riskware/Artmoney` `Google: Detected` `Gridinsoft: Trojan.Win32.Gen.vb!n` `Ikarus: Trojan.Win32` `McAfeeD: ti!51C311C50B8C` `Paloalto: generic.ml` `TrellixENS: Artemis!1C15A39B3877`

Hashes

MD5	`1c15a39b3877f5f016834f7715101887`
SHA1	`882a4fdd86d0b8855b5df8a7c6687e48309dffd6`
SHA256	`51c311c50b8c7aff1e52d239e75ecaaa8ec72a84cbc4a8e5e949db40e946ee7b`
SHA3	`0b74e5055af781ec3aaad2546436577c058e942e29f4331a0889fafc969ed38d`
SSDeep	`196608:X0MWdlrB6atTnFM2e0yUIHr+/0b+DD7dPjyBi3K0UevGA/22cw/jrHQNrjt6jy0:TL+/0SL1M+BwlNZrh`
Imports Hash	`7b37e6d4f772faf03f0aba3c245ab1fe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-Mar-21 08:53:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x920800`
SizeOfInitializedData	`0x15ce00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x009217F7 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x922000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x9480000`
SizeOfHeaders	`0x400`
Checksum	`0xa850a4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5a834d54725f6389a4cf6e6eb7969038`
SHA1	`4c593e3836f5961f1c58c444122509be7723b7df`
SHA256	`9025d5815fbdaac5705512f441258a8ce16b9c425a4db618b861741e87a38608`
SHA3	`6b10c8410b90d3c851cb216e0980f0b8c8c9c7e0c719194db1371216e2199006`
VirtualSize	`0x9206af`
VirtualAddress	`0x1000`
SizeOfRawData	`0x920800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36355`

.rdata

MD5	`560b940626bd55831f642a08fff1fe5b`
SHA1	`46ec782a0184bad38d8daa97c7da284ac0fd6e27`
SHA256	`ee4978bce2ecafbc00e8ea9c1f17c01ebaf5d04ec2d5fa2af2d45f61f025c71c`
SHA3	`263e51744d98e243a37c9b6de5a9bfee0931a2662fd6d730e1acc641d0e2344b`
VirtualSize	`0x13cb48`
VirtualAddress	`0x922000`
SizeOfRawData	`0x13cc00`
PointerToRawData	`0x920c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65922`

.data

MD5	`95c5abc9567970e19a418876d7f74a59`
SHA1	`3fb7af72c80dcf817903627033412a55ddb6a55d`
SHA256	`b6ad10e4ba180f31e210936065851bbf3f223a0045ccfd7ac150e4d866b4cca7`
SHA3	`cd897f958ca0f986b6a82ca3df0fdbfd36d9c508e58c886e387f1aaff92d0cb2`
VirtualSize	`0x8a1b104`
VirtualAddress	`0xa5f000`
SizeOfRawData	`0x1d400`
PointerToRawData	`0xa5d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.43343`

.rsrc

MD5	`cf8e7105bb53ca5fd1ff53ab16294e73`
SHA1	`6d5462b5e56e93e62f4ca93d476482ab8a58aca3`
SHA256	`c117a10acf8dcc317071928b69f11ff1f02272a3f8df863466be361b5075064e`
SHA3	`ab12b35303270167ad5276233e83233827cde06fa2fd7fbbb3d1a639e37e5686`
VirtualSize	`0x2c18`
VirtualAddress	`0x947b000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0xa7ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.19885`

.dlib

MD5	`13b3d38698d1fb8068fc49a4d183dd28`
SHA1	`57f262dcfd2287492e03db5906e9aaccc6cfb21e`
SHA256	`0e9f0eab0c44702b3e9dba41583b67667a6e96daeda94c436532a812f339f8f0`
SHA3	`7cbdcb3f96ddb9c833cf82eb5443d4a9c6d1b30dc228f5dba95d17b8755b111c`
VirtualSize	`0x2000`
VirtualAddress	`0x947e000`
SizeOfRawData	`0x1163`
PointerToRawData	`0xa7da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.72569`

Imports

IMM32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmGetCompositionWindow` `ImmGetOpenStatus` `ImmGetDefaultIMEWnd` `ImmGetIMEFileNameA` `ImmGetDescriptionA` `ImmSetOpenStatus` `ImmGetCompositionStringA` `ImmSetConversionStatus` `ImmGetConversionStatus` `ImmReleaseContext`
DSOUND.dll	`#1` `#2`
OPENGL32.dll	`glColor4f` `glDisable` `glEnd` `glVertex2f` `glTexCoord2f` `glBegin` `glColor3f` `glTexImage2D` `glBindTexture` `glFlush` `glClear` `glPopMatrix` `glAlphaFunc` `glDepthFunc` `glTranslatef` `glRotatef` `glLoadIdentity` `glPushMatrix` `glMatrixMode` `wglDeleteContext` `wglMakeCurrent` `glGetString` `wglCreateContext` `glClearColor` `glVertex3f` `glNormal3f` `glVertex3fv` `glColor3fv` `glDeleteTextures` `glTexParameteri` `glGenTextures` `glTexEnvf` `glDepthMask` `glPolygonMode` `glFrontFace` `glStencilFunc` `glColorMask` `glStencilOp` `glScalef` `glColor4ub` `glEnable` `glGetFloatv` `glReadPixels` `glBlendFunc` `glViewport` `glFogfv` `glFogf` `glFogi` `glTexEnvi` `glGetIntegerv` `glColor3ub`
GLU32.dll	`gluPerspective` `gluOrtho2D`
WINMM.dll	`timeKillEvent` `timeSetEvent` `timeGetDevCaps` `timeBeginPeriod` `mmioWrite` `mmioOpenA` `mmioDescend` `mmioRead` `mmioAscend` `mmioClose` `timeGetTime` `timeEndPeriod`
WS2_32.dll	`getservbyport` `gethostbyaddr` `getservbyname` `htonl` `listen` `WSASetLastError` `connect` `gethostname` `setsockopt` `socket` `shutdown` `recv` `closesocket` `WSAStartup` `bind` `htons` `inet_addr` `__WSAFDIsSet` `select` `getpeername` `getsockname` `inet_ntoa` `ntohs` `ioctlsocket` `accept` `WSASend` `WSAAsyncSelect` `sendto` `WSAGetLastError` `send` `WSACleanup` `gethostbyname`
VERSION.dll	`GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoSizeA`
wzAudio.dll	`wzAudioCreate` `wzAudioOption` `wzAudioDestroy` `wzAudioGetStreamOffsetRange` `wzAudioPlay` `wzAudioStop`
KERNEL32.dll	`InterlockedCompareExchange` `RtlUnwind` `UnhandledExceptionFilter` `IsDebuggerPresent` `RaiseException` `GetTickCount` `IsBadReadPtr` `lstrlenA` `GlobalUnlock` `GlobalLock` `CreateFileA` `GetCommandLineA` `CloseHandle` `ExitProcess` `ReadFile` `GetFileSize` `GetLastError` `GetPrivateProfileStringA` `GetCurrentDirectoryA` `DeleteFileA` `CopyFileA` `SetFileAttributesA` `Process32Next` `TerminateProcess` `OpenProcess` `Process32First` `CreateToolhelp32Snapshot` `WinExec` `Sleep` `FindClose` `FindFirstFileA` `GetLocalTime` `GetCurrentThreadId` `SetFilePointer` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `CreateDirectoryA` `GetFileAttributesA` `SetFileTime` `WriteFile` `MultiByteToWideChar` `WideCharToMultiByte` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WritePrivateProfileStringA` `GetSystemDirectoryA` `lstrcmpiA` `GetVersionExA` `SetProcessAffinityMask` `SetThreadPriority` `SetPriorityClass` `GetProcessAffinityMask` `GetThreadPriority` `GetPriorityClass` `GetCurrentThread` `GetCurrentProcess` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GlobalMemoryStatus` `SetConsoleMode` `GetStdHandle` `AllocConsole` `FreeConsole` `SetConsoleTitleA` `GetConsoleTitleA` `SetLastError` `SetConsoleCursorPosition` `FillConsoleOutputAttribute` `FillConsoleOutputCharacterA` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `ReadConsoleOutputA` `GetCurrentProcessId` `SetUnhandledExceptionFilter` `GetExitCodeThread` `WaitForSingleObject` `CreateThread` `InitializeCriticalSection` `DeleteCriticalSection` `LeaveCriticalSection` `InterlockedExchange` `CompareStringA` `CompareStringW` `GetThreadContext` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `lstrcpynA` `Module32Next` `Module32First` `GetModuleFileNameA` `RemoveDirectoryA` `FindNextFileA` `GetFullPathNameA` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `IsBadStringPtrA` `OpenFileMappingA` `IsBadWritePtr` `SetEvent` `SetEndOfFile` `GetModuleHandleA` `CreateMutexA` `ResumeThread` `ResetEvent` `GetExitCodeProcess` `WaitForMultipleObjects` `CreateProcessA` `CreateEventA` `OpenEventA` `OpenMutexA` `MoveFileExA` `lstrcatA` `TerminateThread` `ReleaseMutex` `GetComputerNameA` `lstrcmpA` `GetModuleFileNameW` `VirtualProtect` `VirtualQuery` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `GetTempFileNameA` `GetTempPathA` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetFileInformationByHandle` `DuplicateHandle` `SetStdHandle` `CreatePipe` `PeekNamedPipe` `lstrcpyA` `GetFileAttributesW` `CreateDirectoryW` `DeleteFileW` `lstrlenW` `CreateFileW` `SetFileAttributesW` `GetFileSizeEx` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetTimeZoneInformation` `GetStartupInfoA` `MoveFileA` `ExitThread` `GetCPInfo` `LCMapStringA` `LCMapStringW` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `HeapSize` `HeapCreate` `HeapDestroy` `FatalAppExitA` `HeapReAlloc` `GetACP` `GetOEMCP` `EnterCriticalSection` `InterlockedIncrement` `IsValidCodePage` `GetTimeFormatA` `GetDateFormatA` `GetUserDefaultLCID` `GetLocaleInfoA` `EnumSystemLocalesA` `InterlockedDecrement` `IsValidLocale` `GetStringTypeA` `GetStringTypeW` `GetConsoleCP` `GetConsoleMode` `SetHandleCount` `GetFileType` `SetConsoleCtrlHandler` `InitializeCriticalSectionAndSpinCount` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `FlushFileBuffers` `GetLocaleInfoW` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `SetEnvironmentVariableA` `LocalFree` `CompareFileTime` `FileTimeToDosDateTime` `GetSystemTime` `FormatMessageA` `GetFullPathNameW` `GetCurrentDirectoryW` `GetTempPathW` `MoveFileW` `CopyFileW` `SetCurrentDirectoryW` `SetCurrentDirectoryA` `RemoveDirectoryW` `GetFileTime` `FindFirstFileW` `FindNextFileW`
USER32.dll	`ChangeDisplaySettingsA` `FindWindowA` `SystemParametersInfoA` `DefWindowProcA` `ReleaseCapture` `ReleaseDC` `ShowCursor` `KillTimer` `IntersectRect` `wsprintfA` `SetTimer` `SetScrollPos` `GetScrollPos` `SetCapture` `SetFocus` `PostMessageW` `CreateWindowExW` `ShowWindow` `GetDC` `PostQuitMessage` `SendMessageW` `SetWindowTextW` `GetWindowTextW` `GetWindowTextA` `GetCaretPos` `GetWindowLongW` `SendMessageA` `CallWindowProcW` `OpenClipboard` `GetClipboardData` `CloseClipboard` `SetWindowLongW` `DestroyWindow` `SetRect` `GetActiveWindow` `GetCursorPos` `ScreenToClient` `GetDoubleClickTime` `EndPaint` `BeginPaint` `CreateWindowExA` `RegisterClassA` `LoadCursorA` `LoadIconA` `SetForegroundWindow` `GetSystemMetrics` `AdjustWindowRect` `IsIconic` `DispatchMessageA` `TranslateMessage` `GetMessageA` `PeekMessageA` `UpdateWindow` `EnumDisplaySettingsA` `GetDesktopWindow` `SetWindowsHookExA` `UnhookWindowsHookEx` `CharUpperW` `CharUpperA` `CharLowerW` `CharLowerA` `GetWindowThreadProcessId` `GetClassNameA` `GetSystemMenu` `DrawMenuBar` `RemoveMenu` `EnumChildWindows` `SetWindowPos` `GetKeyboardLayoutNameA` `wvsprintfA` `GetAsyncKeyState` `PtInRect` `OffsetRect` `MessageBoxA` `PostMessageA` `SetCursorPos` `UnregisterHotKey` `RegisterHotKey` `GetWindowRect` `IsWindowVisible` `CallNextHookEx` `GetFocus` `GetKeyboardLayout`
GDI32.dll	`CreateCompatibleDC` `SelectObject` `DeleteObject` `CreateDIBSection` `DeleteDC` `SetTextColor` `SetBkColor` `SwapBuffers` `GetStockObject` `SetPixelFormat` `ChoosePixelFormat` `GetTextExtentPoint32W` `TextOutW` `CreateFontA`
ADVAPI32.dll	`CryptGetUserKey` `RegCloseKey` `RegSetValueExA` `RegCreateKeyExA` `RegQueryValueExA` `RegDeleteKeyA` `RegOpenKeyExA` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegDeleteValueA` `RegCreateKeyA` `CryptReleaseContext` `CryptDestroyKey` `CryptEncrypt` `CryptImportKey` `CryptAcquireContextA` `CryptGenKey` `CryptExportKey` `CryptGetProvParam` `CryptEnumProvidersA` `CryptAcquireContextW` `RegSetValueExW` `CryptGenRandom` `RegEnumValueA` `CryptDestroyHash` `CryptVerifySignatureA` `CryptHashData` `CryptCreateHash` `CryptDecrypt` `CryptDeriveKey` `CryptGetHashParam` `GetUserNameA`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CoInitialize`
dbghelp.dll	`SymCleanup` `SymGetLineFromAddr64` `SymFromAddr` `StackWalk64` `SymInitialize` `SymSetOptions` `MiniDumpWriteDump`
IPHLPAPI.DLL	`GetAdaptersInfo`
WININET.dll	`InternetCloseHandle` `FtpPutFileA` `FtpCreateDirectoryA` `InternetOpenUrlA` `InternetConnectA` `InternetOpenA` `InternetReadFile` `InternetOpenW` `InternetConnectW` `HttpQueryInfoW` `HttpSendRequestA` `HttpOpenRequestW` `InternetQueryDataAvailable` `FtpOpenFileW` `FtpFindFirstFileW`
CRYPT32.dll	`CertNameToStrA` `PFXExportCertStoreEx` `CertDeleteCertificateFromStore` `CertSaveStore` `CertAddCertificateContextToStore` `CertSetCertificateContextProperty` `CertAddEncodedCertificateToStore` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertDuplicateCertificateContext` `CertDuplicateStore` `CryptEncodeObject` `CryptSignMessage` `CertOpenStore` `CryptDecryptMessage` `CertCloseStore` `CryptMsgOpenToDecode` `CryptMsgUpdate` `CryptMsgClose` `CryptMsgGetParam` `CertGetSubjectCertificateFromStore` `CertGetCertificateContextProperty` `CertFreeCertificateContext` `CryptMsgControl` `CryptDecodeObject` `CertGetIntendedKeyUsage` `CertFreeCertificateChain` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertCreateCertificateChainEngine` `CertCreateCertificateContext` `CryptAcquireCertificatePrivateKey` `CertVerifyRevocation`
urlmon.dll	`URLDownloadToFileW` `URLDownloadToFileA`

Delayed Imports

1

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45787`
MD5	`a7d30040d6c733fbac348594a661d180`
SHA1	`976af6d7abadafd0de38edbea8ec56dd8a19b5bb`
SHA256	`11f1a378f7f6ef416d008eba62e073a1b8e5e9a4afd7b44ed88e8745a4337b26`
SHA3	`7caf33020f9c2d5172600f10e3ffed2e1dded617a5e4246d87f8efd97cc1f3b4`

166

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86308`
MD5	`c18b837117974ab40e74276618dc4ae2`
SHA1	`565e96de53ef88d1472b0154d40e3897ffe4854b`
SHA256	`96e3d5cf15f4ad9ae0abe2c55e485b7b9a072ae4748f0f58f9ee9cf8498de1d2`
SHA3	`608847560abae844cafad582a8b1b128d27fc1b369e1f5f170d75fa83cae3ed7`

101

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6da8e7d5ae1d5d15e0230a67a7c16c6d`
SHA1	`678db52cbe5d617c33c6269bfd4b6d8d1a17f956`
SHA256	`6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396`
SHA3	`994fc217c7b8bc8008ac262ff58044403206de6eceafd424d4640ecad395eb2f`

1 (#2)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.314`
MD5	`c64b57e7cf506d51e3cc77c3b25f6ea2`
SHA1	`93dd65bf621aecc88125abe3a0f6cbe9a233aecc`
SHA256	`9e1bc5b349475e32b006f1a63564462a4ead29ad963a5f03038acd887245d8f8`
SHA3	`2462d357b8762c83d47249648b9f666b45599efd06395fccff964e275de296e2`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8563`
MD5	`64e5274a094f360c910ed41e99b3b0d4`
SHA1	`215ff6b760c62a432a2f0e337b39df1c4689bd82`
SHA256	`5050c60b445526118be93703b0d404b54425d52bc89cf93ee01f98080ab6e193`
SHA3	`34f8d4decdd35cfd0059f3d9a526f5b88cd6074a02d7f84aef77b4b7ed659738`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.4.5.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	WebZen
FileDescription	main
FileVersion (#2)	1, 4, 5, 0
InternalName	main
LegalCopyright	Copyright â 2002
OriginalFilename	main.exe
ProductName	WebZen mu main
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	Korean - Korea

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Mar-21 08:53:38
Version	`0.0`
SizeofData	`117`
AddressOfRawData	`0x9ebc58`
PointerToRawData	`0x9ea858`
Referenced File	d:\ClientTeam\20. Release\2. ê¸ë¡ë²\[12.03.22] MU_ENG_1.04.05\tmp\Global Release\main.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x14d2fc8d`
Unmarked objects	`0`
C++ objects (VS2008 build 21022)	`280`
150 (20413)	`5`
ASM objects (VS2008 SP1 build 30729)	`60`
C objects (VS2008 SP1 build 30729)	`211`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`2`
C++ objects (VC++ 6.0 SP5 build 8804)	`1`
C++ objects (VS98 SP6 build 8804)	`11`
C objects (VS98 build 8168)	`44`
C objects (9178)	`1`
C++ objects (9178)	`1`
Imports (9210)	`2`
Imports (VS2012 build 50727 / VS2005 build 50727)	`35`
Total imports	`517`
C++ objects (VS2008 SP1 build 30729)	`585`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

Leave a comment

No comments yet.