Manalyze report for b175cf87c0a90294aaa15ab1b2d9ece019994edce133e0ece40468f60412a2b7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Feb-17 16:14:01
Detected languages	English - United States Korean - Korea
CompanyName	Wizet
FileDescription	MapleStory
FileVersion	`1, 0, 0, 1`
InternalName	MapleStory
LegalCopyright	Copyright â 2003
OriginalFilename	MapleStory.exe
ProductName	Wizet MapleStory
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: netmon.exe sc.exe` `May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: Ingameweb.nexon.net http://Ingameweb.nexon.net http://Ingameweb.nexon.net/maplestory/client/launcher.html http://ingameweb.nexon.net http://ingameweb.nexon.net/maplestory/ad/maple_window_mode_ad.html http://ingameweb.nexon.net/maplestory/client/image/banner.html http://maplestory.nexon.net http://maplestory.nexon.net/WZ.ASPX?PART ingameweb.nexon.net mapleglobal.com maplestory.nexon.net miniml.com nexon.net patch.mapleglobal.com www.miniml.com`
Malicious	The file headers were tampered with.	`Unusual section name found: .export` `Unusual section name found: .import` `The RICH header checksum is invalid.` `The number of imports reported in the RICH header is inconsistent.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Can access the registry: RegSetValueExA RegDeleteValueA RegOpenKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Uses Windows's Native API: ntohl ntohs` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: MapVirtualKeyA AttachThreadInput` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetConnectA InternetCloseHandle InternetSetStatusCallbackA InternetOpenA` `Leverages the raw socket API to access the Internet: WSAStartup getsockname getpeername WSACleanup inet_addr gethostbyname WSAGetLastError shutdown socket ntohl ntohs closesocket` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: OpenProcess Process32First Process32Next` `Can take screenshots: CreateCompatibleDC BitBlt FindWindowA`
Suspicious	The file contains overlay data.	`4217208 bytes of data starting at offset 0x416688.`
Malicious	VirusTotal score: 31/71 (Scanned on 2026-03-29 20:40:51)	`AVG: Win32:Evo-gen [Trj]` `AhnLab-V3: Trojan/Win.Evo-gen.R572856` `Antiy-AVL: Trojan/Win32.Wacatac` `Avast: Win32:Evo-gen [Trj]` `Bkav: W32.AIDetectMalware` `ClamAV: Win.Malware.Generic-10032130-0` `CrowdStrike: win/malicious_confidence_60% (D)` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Siggen8.60966` `Elastic: malicious (high confidence)` `Fortinet: W32/PossibleThreat` `GData: Win32.Trojan.Agent.F6RGZQ` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.oa!s1` `Ikarus: Trojan-Spy` `Jiangmin: Trojan.Agent.dlpf` `K7AntiVirus: Trojan ( 005b20701 )` `K7GW: Trojan ( 005b20701 )` `Malwarebytes: Ramnit.Virus.FileInfector.DDS` `McAfeeD: ti!B175CF87C0A9` `Microsoft: Trojan:Win32/Phonzy.A!ml` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.Dropper.rh` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.10c4158b` `TrellixENS: GenericRXEN-VX!E3AA81F27EF4` `VBA32: BScope.Trojan.Mapstosteal` `Webroot: W32.Trojan.Dropper` `Yandex: Trojan.Agent!6WhEEbeX+kE`

Hashes

MD5	`e3aa81f27ef47fe737ce887c5b1e0268`
SHA1	`f531b361ac4bff00263c6c6ab8c915d0e21fa8e9`
SHA256	`b175cf87c0a90294aaa15ab1b2d9ece019994edce133e0ece40468f60412a2b7`
SHA3	`84ce128d421245ed58353b399cb041052f9f8f38c5080cd5753595128635eb9d`
SSDeep	`98304:NOTDvBamFwarjttLSjaStkwa2gezoUPQR6iR:BmyaPgVa2rXPo68`
Imports Hash	`7f72aeb5551359cb6e777e3a426d6691`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0x7546`
e_oeminfo	`0x4b33`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2010-Feb-17 16:14:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6ef000`
SizeOfInitializedData	`0x129000`
SizeOfUninitializedData	`0x1000000`
AddressOfEntryPoint	`0x00663FF3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6f0000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa94000`
SizeOfHeaders	`0x1000`
Checksum	`0x4213dc`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`359865216b49236d35884cf401e13cb1`
SHA1	`ed62ec1e0672859560fe93bb741dd33d427eb416`
SHA256	`60d9b58ceb79b5be162efe15548969c6f0ce8268938055fcbf58e4af5e5f6985`
SHA3	`b63f871cacd061b4e057b5701d28bfa2ccd6f55119f62c542cf2a969d48a48b4`
VirtualSize	`0x6ef000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6ef000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54684`

.rdata

MD5	`c11e543262557ed55a6d45d366cadab5`
SHA1	`48fcc6865954b75d65bf8945a08c26767c28172a`
SHA256	`c2187f170f6695d88253cdf5148b64ce14d489c57e8ad390fa0793077843562f`
SHA3	`769eb9e39883006d61f8b55c783998f7870ac6b9c63a4b168fb63e055a8e355b`
VirtualSize	`0xe7000`
VirtualAddress	`0x6f0000`
SizeOfRawData	`0xe7000`
PointerToRawData	`0x6f0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49684`

.data

MD5	`0105290ef4c5b356b8154811ba54292e`
SHA1	`e9f5df9d03b90774e9f77acb4fec4e3a7fc29d80`
SHA256	`bb568261506aa1eb077e5d1784e0ead25135070dcf1ddc9cca1e686ade34e659`
SHA3	`2bff109a044993c651fa265ba6021271270a4067f49d13d48f3f9892ad872184`
VirtualSize	`0x22000`
VirtualAddress	`0x7d7000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x7d7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.59561`

.rsrc

MD5	`ee155d344a688d51d5181164c9ec8b86`
SHA1	`9e5b8a46eb6298b5243808869026c44dd3c6acae`
SHA256	`9366abf54e1a1f7c9d28108279c143bbf201e6c56ab9833edbda7de87dc9b2fb`
SHA3	`61dcd5acc4a5ae4bb838bf21039c0837c399b2a8f06bda6fd73aa20e8bef1707`
VirtualSize	`0x17a000`
VirtualAddress	`0x7f9000`
SizeOfRawData	`0x1f4d0`
PointerToRawData	`0x7f9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.64983`

.export

MD5	`7df095420360e04e386aa85aaa118b0e`
SHA1	`e00fddf692ffcea0b991c67f4f0565bab45b4385`
SHA256	`95112343f2f61af129bebc9c3c0b792e25a3dc3167256176bfd3e8af759adcf4`
SHA3	`dfc6b2b7d0eb6774141acaaedc5879704f5629f182267c2d1f864dfc87101e76`
VirtualSize	`0x11f000`
VirtualAddress	`0x973000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x819000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.305847`

.import

MD5	`4c07423f6c02c205b5a23abbc0b4cefa`
SHA1	`ed02586cb576e17a9639872cd2344f12aa08ee55`
SHA256	`38854fe596fc08c7f02f3c3239ec0ffb2950bce30e7f410ab5c343ea10676c5a`
SHA3	`a2ddc3e96220735fd0a361342d2c9b588c236e3ccb746abf7aaf933ebd038e22`
VirtualSize	`0x2000`
VirtualAddress	`0xa92000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x81a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.26206`

Imports

advapi32.dll	`RegSetValueExA` `RegDeleteValueA` `LookupPrivilegeValueA` `OpenProcessToken` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `AdjustTokenPrivileges`
dinput8.dll	`DirectInput8Create`
gdi32.dll	`DeleteObject` `CreateCompatibleDC` `SelectObject` `BitBlt` `DeleteDC` `GetObjectA` `CreateDIBSection`
kernel32.dll	`FindNextFileA` `DeleteFileA` `FindFirstFileA` `WaitForSingleObject` `CreateProcessA` `MultiByteToWideChar` `IsDBCSLeadByte` `SystemTimeToFileTime` `GetLocalTime` `CompareFileTime` `GetVersion` `FileTimeToSystemTime` `lstrcmpA` `lstrcpyA` `GetVolumeInformationA` `GetWindowsDirectoryA` `GetLastError` `CreateDirectoryA` `HeapAlloc` `GetProcessHeap` `HeapFree` `WideCharToMultiByte` `CompareStringA` `LeaveCriticalSection` `EnterCriticalSection` `GetFileSize` `SetFileAttributesA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `lstrcmpiA` `SetUnhandledExceptionFilter` `IsBadWritePtr` `GetVersionExA` `LocalAlloc` `lstrlenA` `FormatMessageA` `GetCurrentThreadId` `GetModuleFileNameA` `Sleep` `_lopen` `GetModuleHandleA` `OpenMutexA` `GetTickCount` `VirtualQuery` `UnmapViewOfFile` `FindClose` `CreateFileMappingA` `HeapReAlloc` `GetCommandLineA` `GetStartupInfoA` `ExitProcess` `FileTimeToLocalFileTime` `ExitThread` `TlsGetValue` `TlsSetValue` `CreateThread` `RaiseException` `RtlUnwind` `lstrlenW` `VirtualProtect` `CreateMutexA` `OpenProcess` `SetEvent` `ReleaseMutex` `SetLastError` `CreateEventA` `TerminateProcess` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `Thread32First` `Thread32Next` `GetSystemDirectoryA` `GetTempPathA` `GetTempFileNameA` `CopyFileA` `CreateFileA` `ReadFile` `InterlockedDecrement` `SetFilePointer` `WriteFile` `LoadLibraryExA` `IsBadReadPtr` `GetCurrentProcess` `CloseHandle` `DeleteCriticalSection` `InitializeCriticalSection` `FatalAppExitA` `TlsAlloc` `TlsFree` `GetCurrentThread` `UnhandledExceptionFilter` `GetEnvironmentVariableA` `HeapDestroy` `HeapCreate` `VirtualFree` `VirtualAlloc` `GetCPInfo` `InterlockedExchange` `LocalFree` `GetACP` `GetOEMCP` `LCMapStringA` `LCMapStringW` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `InterlockedIncrement` `MapViewOfFile` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `SetEnvironmentVariableA` `CompareStringW` `GetLocaleInfoW` `SetEndOfFile` `SetConsoleCtrlHandler` `GetTimeZoneInformation` `FlushFileBuffers` `SetStdHandle` `GetUserDefaultLCID` `EnumSystemLocalesA` `GetLocaleInfoA` `IsValidCodePage` `IsValidLocale` `GetStringTypeW` `GetStringTypeExA` `IsBadCodePtr` `GetFileType` `HeapSize`
netapi32.dll	`Netbios`
oleaut32.dll	`VariantClear` `VariantInit` `SafeArrayCreate` `SetErrorInfo` `SysFreeString` `CreateErrorInfo` `SysAllocString` `VariantChangeType` `GetErrorInfo` `VariantCopy` `SafeArrayDestroy`
shell32.dll	`SHGetSpecialFolderPathA`
user32.dll	`SetRect` `SetRectEmpty` `CharUpperBuffA` `EnumThreadWindows` `ShowCursor` `MapVirtualKeyA` `SetWindowPos` `GetWindowRect` `MoveWindow` `GetWindow` `SendMessageA` `FindWindowA` `IsWindowEnabled` `GetWindowThreadProcessId` `AttachThreadInput` `BringWindowToTop` `wsprintfA` `PtInRect` `wvsprintfA` `MessageBoxA` `LoadBitmapA` `CreateWindowExA` `EnableWindow` `OffsetRect` `GetDlgItem` `DialogBoxParamA` `GetWindowTextA`
version.dll	`VerQueryValueA` `GetFileVersionInfoA` `GetFileVersionInfoSizeA`
wininet.dll	`InternetConnectA` `FtpOpenFileA` `FtpGetFileSize` `FtpGetFileA` `InternetCloseHandle` `HttpSendRequestA` `InternetSetStatusCallbackA` `HttpOpenRequestA` `InternetOpenA`
winmm.dll	`timeGetTime`
ws2_32.dll	`WSAStartup` `getsockname` `getpeername` `WSACleanup` `inet_addr` `gethostbyname` `WSAGetLastError` `shutdown` `socket` `ntohl` `ntohs` `closesocket`
ijl15.dll	`ijlFree` `ijlRead` `ijlInit` `ijlWrite`
iphlpapi.dll	`GetAdaptersInfo`
mss32.dll	`_AIL_quick_play@8` `_AIL_quick_shutdown@0` `_AIL_set_redist_directory@4` `_AIL_quick_startup@20` `_AIL_quick_status@4` `_AIL_quick_ms_position@4` `_AIL_quick_set_ms_position@8` `_AIL_quick_unload@4` `_AIL_quick_load_mem@8` `_AIL_quick_halt@4` `_AIL_quick_set_volume@12` `_AIL_quick_ms_length@4`
nmcogame.dll	`NMCO_SetVersionFileUrlA` `NMCO_MemoryFree` `NMCO_CallNMFunc` `NMCO_SetPatchOption` `NMCO_SetUseFriendModuleOption` `NMCO_SetUseNGMOption` `NMCO_SetLocale` `NMCO_SetLocaleAndRegion`
ole32.dll	`CoCreateGuid`

Delayed Imports

ZtlTaskMemAllocImp

Ordinal	`1`
Address	`0x5f2503`

ZtlTaskMemFreeImp

Ordinal	`2`
Address	`0x5f2514`

ZtlTaskMemReallocImp

Ordinal	`3`
Address	`0x5f2525`

116

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

117

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

118

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58114`
MD5	`9bd2795f11a1351ac9048215b485d3f0`
SHA1	`a479d1f280cba17d547bb56ef54dbe854eda07c7`
SHA256	`bf113d1e0cda6eaa16ab4487c676cae872b4f4270434ec09cd877c62d7bb3024`
SHA3	`36361250eef251a2d83439cd8d8ad59c1469c813995816d0c96d7088fbc447eb`
Preview

119

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73825`
MD5	`1cf7699a8e869bd1ef3ff26ee43c37a7`
SHA1	`f871fe4168f5ea6d504e47b14f23b882b8917f7c`
SHA256	`463ce33acac9404f650fd5a15f2d12a33a46ad38bdf0422839c18f9b04b81bb2`
SHA3	`02aa1f42ab46912c57de5f00cc3496db54aad06d37d3613b3b21b70c50e54157`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.85842`
MD5	`28a7e6718b813c459fb52f625033f506`
SHA1	`f8b1a965551b8d4e8a6143f265c06e5ad13c9c04`
SHA256	`3299684bc87f07fb4e0027ab43d75799be8e0d836db5f1853871efcdafcd4593`
SHA3	`1d11a7026d867766f55f40d36f6b1ddecc1718d08c9e45339fcdfd5a4db06eab`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84992`
MD5	`2584414e6a21ce297168f8b01dec31ae`
SHA1	`c9b8817b7f96345ac9e1d012bd1375d858cc5d79`
SHA256	`057bfdb1920a8df0eef9b1f52d03e8d93df15aaa8082a56eeab48a6189ca0105`
SHA3	`a6748035c2dbba3d1e26a3b60965943bfe7d0be734cd4a7556112383bbd074d5`

115

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x80`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90967`
MD5	`1d28bfcab9620148edc356c5416c9665`
SHA1	`e21d0f9503d6ea91ec4582f16609e7a252497f87`
SHA256	`68ada5211b91da3bdb985c5716c4d66e6fbb76fd832b692d006295f97998b074`
SHA3	`2f105b0b9c711f1d718329f618492ee92e79712efcde41f7faae99413dce821d`

27893

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdd2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93669`
Detected Filetype	TrueType font file
MD5	`3dc9baece2f18a774e70dfcd79e20e8d`
SHA1	`c4cec6997ffb36bf16bf15f6c64d48121b51483e`
SHA256	`995bcb02cd21e745417c4f0113301ee60c1d993a7482686b2a619aa8f73c531f`
SHA3	`1b2f6109ad481d33e627080439bd7d78b0797505c57abd8d8765682950f48e77`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`62d6b1d51e9721a781148fb63c1970c6`
SHA1	`0491f06e0b5fe9241d44138303ece1776840fd6d`
SHA256	`1d47c7bd2cc20089bc0387c8e7ac0a1680e9b4dc81dbde998c3c5c8e6c7d69aa`
SHA3	`9f1474d08ea9f8bc44f2b127a2a96dbaaed16872128ddd81afe07b2b3756d3bd`

1 (#2)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33241`
MD5	`9a4d64370938a25cca91eefd3437e765`
SHA1	`56077ed26e0a8c18a2714046e8592781f54e8c32`
SHA256	`63c1d0732ed262529a2a52e12a01142e31102d0db00d05f8b34f6a4feb8340cf`
SHA3	`ba3781fc49ace5765833f9229aca0ebc7f54d81cda06d460895f29140af685ae`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81652`
MD5	`c4255df317e78a35242bb9f5ec7e2241`
SHA1	`3f56bdb9cb612ffa9a601888ed20b7b2771f5807`
SHA256	`50abdb6543781f6bf5d214ddf4425ebb8867c338fdf77fdb407b1e9d62049727`
SHA3	`2441a661a76fd6f8f5fe4816353a3bed9458f5aa5f271d30b4d56a52edcc6fdc`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Korean - Korea
CompanyName	Wizet
FileDescription	MapleStory
FileVersion (#2)	1, 0, 0, 1
InternalName	MapleStory
LegalCopyright	Copyright â 2003
OriginalFilename	MapleStory.exe
ProductName	Wizet MapleStory
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	Korean - Korea

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbe6bd6ef`
Unmarked objects	`0`
Imports (VS2003 (.NET) SP1 build 6030)	`2`
C++ objects (9178)	`1`
12 (7291)	`5`
14 (7299)	`45`
C objects (VS98 SP6 build 8804)	`161`
C++ objects (8798)	`3`
C++ objects (8047)	`1`
C objects (VC++ 6.0 SP5 build 8804)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (VC++ 6.0 SP5 build 8804)	`11`
C objects (9178)	`6`
37 (8755)	`2`
Imports (9210)	`27`
Total imports	`234`
C++ objects (VS98 SP6 build 8804)	`280`
Resource objects (VS98 SP6 cvtres build 1736)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`7`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.