Manalyze report for 004b06190084339737f7923acbb3c13c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2005-Nov-28 05:16:06
Detected languages	English - United States Korean - Korea
CompanyName	WebZen
FileDescription	main
FileVersion	`1, 1, 46, 0`
InternalName	main
LegalCopyright	Copyright ⓒ 2002
OriginalFilename	main.exe
ProductName	WebZen mu main
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_219679623e6b4fa507d638cbeba72ecb/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	This PE is packed with VMProtect	`Unusual section name found: .vmp0` `Unusual section name found: .vmp1` `The number of imports reported in the RICH header is inconsistent.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegisterHotKey RegDeleteKeyA RegDeleteValueA RegEnumValueA RegCreateKeyExA RegSetValueExA RegOpenKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: WinExec CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptGetHashParam CryptDeriveKey CryptDecrypt CryptImportKey CryptCreateHash CryptHashData CryptVerifySignatureA CryptDestroyHash CryptDestroyKey CryptAcquireContextA` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: CallNextHookEx GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: connect setsockopt socket shutdown recv WSASend WSAStartup WSACleanup send WSAGetLastError gethostbyname inet_addr htons WSAAsyncSelect closesocket` `Interacts with services: OpenSCManagerW EnumServicesStatusExW OpenServiceW QueryServiceConfigW` `Manipulates other processes: Process32Next OpenProcess Process32First` `Can take screenshots: GetDC FindWindowA BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 11/72 (Scanned on 2024-12-02 01:50:06)	`Antiy-AVL: Trojan/Win32.Wacatac` `Cylance: Unsafe` `Elastic: malicious (moderate confidence)` `FireEye: Generic.mg.004b061900843397` `Gridinsoft: Trojan.Win32.Gen.vb!n` `Malwarebytes: Malware.AI.4235417436` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!C2BAFCBB3D2A` `Skyhigh: BehavesLike.Win32.Backdoor.tc` `Sophos: Generic ML PUA (PUA)` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`004b06190084339737f7923acbb3c13c`
SHA1	`6f62b8955b28e92bc40c6857a8d51f8ac0e39fca`
SHA256	`c2bafcbb3d2a5e97a3c7187cd8fc77d4d116c7b7b3586753dd93bba59f167243`
SHA3	`ebc49be0ac3ad8bcfb76adb048c70dc553d571dade94ddd67f3559255b2a8255`
SSDeep	`24576:ykwW4oHIIH950ysEtbJ4gwMmaRaV7rzwYVtH0E8ma8jT+RRiQIWYH17tu6t:ZwCB9+YOaILVtH0E8maWGiQI3V7tNt`
Imports Hash	`9da0587bfcaad4b3a7ec65c467d95c0a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2005-Nov-28 05:16:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x179000`
SizeOfInitializedData	`0x4000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x07B55698 (Section: .vmp1)`
BaseOfCode	`0x1000`
BaseOfData	`0x2a7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x7b5a000`
SizeOfHeaders	`0x1000`
Checksum	`0x18d72a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2a5e02`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xdbc8`
VirtualAddress	`0x2a7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x76892a4`
VirtualAddress	`0x2b5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.vmp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9d39d`
VirtualAddress	`0x793f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.vmp1

MD5	`77297ce7af2713bf376f4270d05bf526`
SHA1	`c0d2d7dcd87d6ca526704a25b4a2e19a6153fea2`
SHA256	`b6f4339b046cb9fbf5f2c22561576a75bb55508db0dd7ab9ad7fc57c400fc777`
SHA3	`025bae362fa818c092e001870e1a07f8edbafae78425a5e09395d09cb3222cf2`
VirtualSize	`0x1786b0`
VirtualAddress	`0x79dd000`
SizeOfRawData	`0x179000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97837`

.reloc

MD5	`4968860c5e082da14dd33a85f1967c2c`
SHA1	`5527fdf712ea58b8c7946f97e3aa5936d43029a4`
SHA256	`c5949ce4f8d6898a2299f2c3783d5204924a240038016c0fb553a48d29c1b982`
SHA3	`3d816463c38022f64dda00937266ae4068435122fbfcc5e1ddbe8a21bcaa48fb`
VirtualSize	`0xec`
VirtualAddress	`0x7b56000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.435304`

.rsrc

MD5	`7eeda60138df7f157e9e39351e51abe3`
SHA1	`e6e50b58f93664ce4e46363ea6548f8bde9ae0d4`
SHA256	`6176f3b4025e2129b1afc4c192689fc48551b9afb6f3d739633b99a93a466796`
SHA3	`bd1f683b4a821ba5723f35479924431c4b342dba41ce1863ca1b1dab256a6520`
VirtualSize	`0x224a`
VirtualAddress	`0x7b57000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x17b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.46869`

Imports

IMM32.dll	`ImmGetCompositionStringA` `ImmGetCompositionWindow` `ImmSetCompositionWindow` `ImmGetDefaultIMEWnd` `ImmSetConversionStatus` `ImmGetContext` `ImmGetDescriptionA` `ImmGetIMEFileNameA` `ImmGetConversionStatus` `ImmReleaseContext`
DSOUND.dll	`#1` `#2`
OPENGL32.dll	`glColor3f` `glEnd` `glVertex3fv` `glTexCoord2f` `glBegin` `glColor3fv` `glGetIntegerv` `glGetString` `glFogf` `glFogfv` `glEnable` `glDisable` `glClearColor` `glTexImage2D` `glBindTexture` `glVertex3f` `glDepthMask` `glPolygonMode` `glFrontFace` `glStencilFunc` `glColorMask` `glVertex2f` `glDepthFunc` `glStencilOp` `glTexEnvf` `glPixelStorei` `glTexParameteri` `glDeleteTextures` `glIsTexture` `glColor4ub` `glLoadIdentity` `glMatrixMode` `glPopMatrix` `glClear` `glAlphaFunc` `glTranslatef` `glRotatef` `glPushMatrix` `wglDeleteContext` `wglGetProcAddress` `wglMakeCurrent` `wglCreateContext` `glScalef` `glGenTextures` `glTexEnvi` `glReadPixels` `glGetFloatv` `glBlendFunc` `glViewport` `glFogi` `glFlush` `glColor4f`
GLU32.dll	`gluOrtho2D` `gluPerspective`
WINMM.dll	`mmioOpenA` `mmioAscend` `mmioClose` `mmioDescend` `mmioRead` `timeEndPeriod` `timeGetDevCaps` `timeBeginPeriod` `timeGetTime` `mmioWrite`
KERNEL32.dll	`ReleaseMutex` `CreateMutexA` `TerminateThread` `CreateThread` `OpenMutexA` `EnterCriticalSection` `LeaveCriticalSection` `lstrcatA` `GetComputerNameA` `lstrcmpA` `ExitProcess` `VirtualAlloc` `VirtualFree` `VirtualProtect` `LoadLibraryExA` `GetTempFileNameA` `GetTempPathA` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetFileInformationByHandle` `DuplicateHandle` `GetCurrentThreadId` `GetTickCount` `Sleep` `lstrlenA` `CloseHandle` `WriteFile` `SetFilePointer` `CreateFileA` `DeleteFileA` `ReadFile` `GetLocalTime` `GetSystemDirectoryA` `lstrcmpiA` `GetVersionExA` `QueryPerformanceCounter` `SetProcessAffinityMask` `SetThreadPriority` `SetPriorityClass` `GetProcessAffinityMask` `GetThreadPriority` `GetPriorityClass` `GetCurrentThread` `GetCurrentProcess` `QueryPerformanceFrequency` `OutputDebugStringA` `SetStdHandle` `GetProcAddress` `LoadLibraryA` `GlobalMemoryStatus` `GlobalUnlock` `GlobalLock` `GetCommandLineA` `GetFileSize` `GetLastError` `GetPrivateProfileStringA` `GetCurrentDirectoryA` `CopyFileA` `SetFileAttributesA` `Process32Next` `TerminateProcess` `OpenProcess` `Process32First` `CreateToolhelp32Snapshot` `WinExec` `FindFirstFileA` `FindClose` `GetModuleFileNameA` `GetFileAttributesA` `MoveFileExA` `IsBadReadPtr` `OpenEventA` `WaitForSingleObject` `CreateEventA` `CreateProcessA` `WaitForMultipleObjects` `GetExitCodeProcess` `GetModuleHandleA` `ResetEvent` `ResumeThread` `SetEndOfFile` `DeleteCriticalSection` `InitializeCriticalSection` `SetEvent` `WideCharToMultiByte` `CreateFileMappingA` `UnmapViewOfFile` `MapViewOfFile` `FindNextFileA` `RemoveDirectoryA` `CreateDirectoryA` `GetThreadContext` `lstrcpynA` `GetCurrentProcessId` `Module32First` `Module32Next` `SetUnhandledExceptionFilter` `IsValidCodePage` `GetLocaleInfoA` `EnumSystemLocalesA` `GetUserDefaultLCID` `SetHandleCount` `GetFileType` `GetEnvironmentVariableA` `HeapDestroy` `IsValidLocale` `HeapCreate` `IsBadWritePtr` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `IsBadCodePtr` `GetStringTypeA` `GetStringTypeW` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `SetConsoleCtrlHandler` `GetLocaleInfoW` `CreatePipe` `GetStdHandle` `PeekNamedPipe` `FlushFileBuffers` `lstrcpyA` `InterlockedExchange` `RtlUnwind` `InterlockedDecrement` `InterlockedIncrement` `GetTimeZoneInformation` `GetSystemTime` `GetStartupInfoA` `GetVersion` `GetSystemTimeAsFileTime` `RaiseException` `TlsSetValue` `TlsAlloc` `TlsFree` `SetLastError` `TlsGetValue` `HeapReAlloc` `HeapSize` `GetCPInfo` `GetACP` `GetOEMCP` `FatalAppExitA` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `FreeLibrary`
USER32.dll	`GetKeyboardLayoutNameA` `wvsprintfA` `SendMessageA` `RegisterHotKey` `GetWindowRect` `SetWindowPos` `CallNextHookEx` `UnhookWindowsHookEx` `SetWindowsHookExA` `GetDesktopWindow` `MessageBoxA` `UnregisterHotKey` `GetFocus` `SetWindowLongA` `CloseClipboard` `GetClipboardData` `OpenClipboard` `CallWindowProcA` `GetWindowLongA` `GetCaretPos` `GetWindowTextA` `SetWindowTextA` `ShowWindow` `ReleaseDC` `GetDC` `GetKeyboardLayout` `PostMessageA` `SetFocus` `IsWindowVisible` `GetScrollPos` `SetScrollPos` `FindWindowA` `ShowCursor` `ChangeDisplaySettingsA` `SystemParametersInfoA` `DefWindowProcA` `PostQuitMessage` `EndPaint` `BeginPaint` `DestroyWindow` `RegisterClassA` `LoadCursorA` `LoadIconA` `SetForegroundWindow` `IsIconic` `DispatchMessageA` `TranslateMessage` `GetMessageA` `PeekMessageA` `UpdateWindow` `EnumDisplaySettingsA` `SetCursorPos` `CreateWindowExA` `GetAsyncKeyState` `SetRect` `OffsetRect` `PtInRect` `GetDoubleClickTime` `ScreenToClient` `GetCursorPos` `IntersectRect` `wsprintfA` `SetTimer`
GDI32.dll	`GetTextExtentPoint32A` `GetTextExtentPointA` `SelectObject` `SwapBuffers` `DeleteDC` `TextOutA` `BitBlt` `GetStockObject` `SetBkColor` `SetPixelFormat` `ChoosePixelFormat` `CreateFontA` `SetTextColor` `CreateCompatibleDC` `DeleteObject` `CreateDIBSection` `SetBkMode`
ADVAPI32.dll	`CryptReleaseContext` `RegDeleteKeyA` `CryptGetHashParam` `CryptDeriveKey` `CryptDecrypt` `CryptImportKey` `CryptCreateHash` `CryptHashData` `CryptVerifySignatureA` `CryptDestroyHash` `CryptDestroyKey` `InitializeSecurityDescriptor` `GetUserNameA` `RegDeleteValueA` `RegEnumValueA` `CryptAcquireContextA` `RegCreateKeyExA` `RegSetValueExA` `RegOpenKeyExA` `RegQueryValueExA` `SetSecurityDescriptorDacl` `RegCloseKey`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CoInitialize`
WS2_32.dll	`connect` `setsockopt` `socket` `shutdown` `recv` `WSASend` `WSAStartup` `WSACleanup` `send` `WSAGetLastError` `gethostbyname` `inet_addr` `htons` `WSAAsyncSelect` `closesocket`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`
wzAudio.dll	`wzAudioStop` `wzAudioPlay` `wzAudioDestroy` `wzAudioOption` `wzAudioCreate`
KERNEL32.dll (#2)	`ReleaseMutex` `CreateMutexA` `TerminateThread` `CreateThread` `OpenMutexA` `EnterCriticalSection` `LeaveCriticalSection` `lstrcatA` `GetComputerNameA` `lstrcmpA` `ExitProcess` `VirtualAlloc` `VirtualFree` `VirtualProtect` `LoadLibraryExA` `GetTempFileNameA` `GetTempPathA` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetFileInformationByHandle` `DuplicateHandle` `GetCurrentThreadId` `GetTickCount` `Sleep` `lstrlenA` `CloseHandle` `WriteFile` `SetFilePointer` `CreateFileA` `DeleteFileA` `ReadFile` `GetLocalTime` `GetSystemDirectoryA` `lstrcmpiA` `GetVersionExA` `QueryPerformanceCounter` `SetProcessAffinityMask` `SetThreadPriority` `SetPriorityClass` `GetProcessAffinityMask` `GetThreadPriority` `GetPriorityClass` `GetCurrentThread` `GetCurrentProcess` `QueryPerformanceFrequency` `OutputDebugStringA` `SetStdHandle` `GetProcAddress` `LoadLibraryA` `GlobalMemoryStatus` `GlobalUnlock` `GlobalLock` `GetCommandLineA` `GetFileSize` `GetLastError` `GetPrivateProfileStringA` `GetCurrentDirectoryA` `CopyFileA` `SetFileAttributesA` `Process32Next` `TerminateProcess` `OpenProcess` `Process32First` `CreateToolhelp32Snapshot` `WinExec` `FindFirstFileA` `FindClose` `GetModuleFileNameA` `GetFileAttributesA` `MoveFileExA` `IsBadReadPtr` `OpenEventA` `WaitForSingleObject` `CreateEventA` `CreateProcessA` `WaitForMultipleObjects` `GetExitCodeProcess` `GetModuleHandleA` `ResetEvent` `ResumeThread` `SetEndOfFile` `DeleteCriticalSection` `InitializeCriticalSection` `SetEvent` `WideCharToMultiByte` `CreateFileMappingA` `UnmapViewOfFile` `MapViewOfFile` `FindNextFileA` `RemoveDirectoryA` `CreateDirectoryA` `GetThreadContext` `lstrcpynA` `GetCurrentProcessId` `Module32First` `Module32Next` `SetUnhandledExceptionFilter` `IsValidCodePage` `GetLocaleInfoA` `EnumSystemLocalesA` `GetUserDefaultLCID` `SetHandleCount` `GetFileType` `GetEnvironmentVariableA` `HeapDestroy` `IsValidLocale` `HeapCreate` `IsBadWritePtr` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `IsBadCodePtr` `GetStringTypeA` `GetStringTypeW` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `SetConsoleCtrlHandler` `GetLocaleInfoW` `CreatePipe` `GetStdHandle` `PeekNamedPipe` `FlushFileBuffers` `lstrcpyA` `InterlockedExchange` `RtlUnwind` `InterlockedDecrement` `InterlockedIncrement` `GetTimeZoneInformation` `GetSystemTime` `GetStartupInfoA` `GetVersion` `GetSystemTimeAsFileTime` `RaiseException` `TlsSetValue` `TlsAlloc` `TlsFree` `SetLastError` `TlsGetValue` `HeapReAlloc` `HeapSize` `GetCPInfo` `GetACP` `GetOEMCP` `FatalAppExitA` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `FreeLibrary`
ADVAPI32.dll (#2)	`CryptReleaseContext` `RegDeleteKeyA` `CryptGetHashParam` `CryptDeriveKey` `CryptDecrypt` `CryptImportKey` `CryptCreateHash` `CryptHashData` `CryptVerifySignatureA` `CryptDestroyHash` `CryptDestroyKey` `InitializeSecurityDescriptor` `GetUserNameA` `RegDeleteValueA` `RegEnumValueA` `CryptAcquireContextA` `RegCreateKeyExA` `RegSetValueExA` `RegOpenKeyExA` `RegQueryValueExA` `SetSecurityDescriptorDacl` `RegCloseKey`

Delayed Imports

1

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07176`
MD5	`46bd0e570128820855709b0ef7baedf1`
SHA1	`e3a00e970a62c66795522d5638fd07feb0ec9cee`
SHA256	`419f856569df391049fe54baa3eaba23333af684d468b3db54032b1ae99da84a`
SHA3	`273d3ff86bc30ad79810481368f1ef676f2541739920ac15a65e4afa13cde7c5`

2

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70736`
MD5	`9326002520adbb64c0e22cfe4b56ef9f`
SHA1	`23fb80ddf56393ca578790aab88b93c089a06537`
SHA256	`e17119d66f71f8a055295d5f87c9c2cca081bbd83904fe01ab6bdc6381c6e191`
SHA3	`eb013a7517ae50bb603f8250befe6b486888245afa87edb5ce2cd7c5faf202db`

3

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91116`
MD5	`5b3f8baf6ed52b5f2a5c88c5001736fa`
SHA1	`c9b4a610997f92be3f21c555f4b517308cac47c0`
SHA256	`ae3c6b324c9eaa11bde5b44c15c87968f088fec942f9b483b75741da8fce6813`
SHA3	`d7d179d7618467f6554a6a91a8d6c1966a8025551b1f1208fb792e72039b9bac`

4

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67625`
MD5	`8a36e0ba48ea6216c985b760e8601777`
SHA1	`79ed19e9df7265a95acdac0945fe4e887095c78e`
SHA256	`f8e4fc643d9f8874d5180c8f75795d3cdf10c5344390a42320d3a3f5bcc3e07d`
SHA3	`1bcb14873608eb156ee667c93b68e3328363931b0c9f75d27e4696081e6c14fb`

101

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70237`
Detected Filetype	Icon file
MD5	`7a5323bc7bc1f8b5d24ac4563187979e`
SHA1	`0cf74ff14e9af6df11b035640c019fb5acd9f38f`
SHA256	`30318b36a5012a6a445f593ce7966ba1a0c19d9e74a8009c94903e019fd12a27`
SHA3	`21e12534926c86bf2785d56922f6e48dce8230252a7023bdf1f9549c5177b8ed`

1 (#2)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33651`
MD5	`3eb746598bc85c8ab595a19e43a4916c`
SHA1	`5b1afc5ef59b6ff8b29126a5575b7e2936507a7c`
SHA256	`8a330b371b11ca643558b16d06427ccd04ef60d8a2b4d8ce35d1cdc05e9b2d9d`
SHA3	`6c27d14255f6c2f4d047fb3f55cccea33656019cdda0978ed0cca28b59baa9cc`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88013`
MD5	`1f8eda472e1b5bce4ed6bb3088666812`
SHA1	`7490607a2c4d7d9633d942e10e33859cec70d379`
SHA256	`b608292c3e3f27ce29fdac1c919b74b862c13785b6cbadcab15d5ca863c5819a`
SHA3	`98df8be66c079c8a16338ff4003167d1e008640fc1280767713d6d807ffc8937`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.46.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Korean - Korea
CompanyName	WebZen
FileDescription	main
FileVersion (#2)	1, 1, 46, 0
InternalName	main
LegalCopyright	Copyright ⓒ 2002
OriginalFilename	main.exe
ProductName	WebZen mu main
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	Korean - Korea

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x79b181e5`
Unmarked objects	`0`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`2`
12 (7291)	`4`
14 (7299)	`38`
C objects (VS98 SP6 build 8804)	`161`
C++ objects (8047)	`3`
C objects (VC++ 6.0 SP5 build 8804)	`1`
C++ objects (VC++ 6.0 SP5 build 8804)	`10`
C objects (VS98 build 8168)	`44`
C++ objects (9178)	`1`
Imports (9210)	`2`
Total imports	`357`
19 (8034)	`25`
C++ objects (VS98 SP6 build 8804)	`139`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!