Manalyze report for 0c46551faf10d1b6ad5da4577b906e2f6bf3017b02bad9943464ebcb850c386d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Nov-26 06:23:42
Detected languages	English - United States Korean - Korea
CompanyName	NEXTORIC
FileDescription	GameClient
FileVersion	`1, 0, 0, 1842`
InternalName	GameClient 201507281618
LegalCopyright	Copyright (C) NEXTORIC
LegalTrademarks	ProjectMV
OriginalFilename	GameClient
ProductName	ProjectMV
ProductVersion	`1, 0, 0, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	Contains domain names: download.nvidia.com everplanet.nexon.com gamelog.nexon.com http://everplanet.nexon.com http://everplanet.nexon.com/wiselog/CharacterChoose.aspx http://everplanet.nexon.com/wiselog/CharacterCreate.aspx http://everplanet.nexon.com/wiselog/CreateCharacterSuccess.aspx http://everplanet.nexon.com/wiselog/EventMap_1.aspx http://everplanet.nexon.com/wiselog/EventMap_2.aspx http://everplanet.nexon.com/wiselog/EventMap_3.aspx http://everplanet.nexon.com/wiselog/EventMap_4.aspx http://everplanet.nexon.com/wiselog/GameMain.aspx http://everplanet.nexon.com/wiselog/GameMainStart.aspx http://everplanet.nexon.com/wiselog/GameOver.aspx http://everplanet.nexon.com/wiselog/WorldChoose.aspx http://everplanet.nexon.com/wiselog/initGameLogoStart.aspx http://everplanet.nexon.com/wiselog/initHackComplete.aspx http://everplanet.nexon.com/wiselog/initHackStart.aspx http://everplanet.nexon.com/wiselog/initSoundGuiComplete.aspx http://everplanet.nexon.com/wiselog/initVgaComplete.aspx http://gamelog.nexon.com http://gamelog.nexon.com/everplanet/check.html http://kr.download.nvidia.com http://kr.download.nvidia.com/Windows/175.16/175.16_geforce_winxp_32bit_international_whql.exe http://kr.download.nvidia.com/Windows/93.71/93.71_forceware_winxp2k_international_whql.exe http://www.w3.org http://www.w3.org/2000/xmlns/ http://www.w3.org/XML/1998/namespace https://nxpay.nexon.com https://nxpay.nexon.com/cash/main.aspx?chid https://point.nexon.co.jp https://point.nexon.co.jp/main/common/login/topNormal.asp kr.download.nvidia.com nexon.co.jp nexon.com nvidia.com nxpay.nexon.com point.nexon.co.jp www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256` `Uses constants related to SHA512`
Malicious	The file headers were tampered with.	`Unusual section name found: .import` `The RICH header checksum is invalid.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Can access the registry: RegOpenKeyExA RegOpenKeyExW RegCreateKeyExW RegSetValueExW RegCloseKey RegQueryValueExW RegDeleteValueW RegQueryValueExA SHDeleteKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetAsyncKeyState` `Has Internet access capabilities: InternetQueryDataAvailable InternetOpenUrlW InternetOpenW InternetSetStatusCallbackW InternetCloseHandle InternetReadFile` `Leverages the raw socket API to access the Internet: WSACreateEvent WSAWaitForMultipleEvents WSAResetEvent WSAEnumNetworkEvents WSASocketW closesocket WSACloseEvent send connect WSAEventSelect WSAGetLastError gethostbyname inet_addr WSACleanup WSAStartup ntohs recv getsockname getpeername` `Enumerates local disk drives: GetVolumeInformationA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`6018824 bytes of data starting at offset 0x4e6af8.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b434335af4a7e49bcb51c887ca4ecc05`
SHA1	`cabd567676cbde6816c2c59841bcce058fdf53fe`
SHA256	`0c46551faf10d1b6ad5da4577b906e2f6bf3017b02bad9943464ebcb850c386d`
SHA3	`d45ea60c16d9302f537295a232a098e7a0e83b1061c500d0d0a7a921c44a3710`
SSDeep	`196608:ejclridiNDNEdM9pMG7Ir21op+pbS+PTTX1kimCqZ:eyridkDNE69pMG7Ir2k+pm2TTX1kimC`
Imports Hash	`2dc9f1ed1c6550b604e6354cf48c6f6a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0x7556`
e_oeminfo	`0x4e14`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2015-Nov-26 06:23:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x8f2c00`
SizeOfInitializedData	`0x195600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0082CC03 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8f4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xcb2000`
SizeOfHeaders	`0x1000`
Checksum	`0x4f6483`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3bbe31a55412b7889aeeed13102905b6`
SHA1	`3be0cb2a32176979db284091479ecddcc9dad90e`
SHA256	`141e848e38da04f581da8dd6c086c6dbccaaa11add305985ea98a9ebfacc5c43`
SHA3	`4f53e8984393c99018a5791978a0a71e93d7b3a9125b9dbc993fac9e1d51d7ef`
VirtualSize	`0x8f3000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8f3000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61535`

.rdata

MD5	`8d926b5c3c4e2a9e0f9343e2337b0033`
SHA1	`594d499de2893ab9c11d2de56a967fa716cdccae`
SHA256	`c121a71df03cf92694b7dd6382b7125c6490861852a024efa5bd104f5999594a`
SHA3	`8e6f6f3f1049e030798cdf25c6cf9a723b83dc9ccd6dfd67a12e6735939972e7`
VirtualSize	`0x169000`
VirtualAddress	`0x8f4000`
SizeOfRawData	`0x169000`
PointerToRawData	`0x8f4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54236`

.data

MD5	`db3c1d9cfe9d6f6e00b24d59d1ea46be`
SHA1	`7f77ff8935c086b47c4450ce2282a00f42770998`
SHA256	`91e27bd15f0d14eacbeffd9df8a1f2d87dcaff7652c6b194a38cb1e6c730845e`
SHA3	`be6943364c62ddb707f04d454d614085608185cf42d85bf9e824c0f182ed94f4`
VirtualSize	`0x3f000`
VirtualAddress	`0xa5d000`
SizeOfRawData	`0x28000`
PointerToRawData	`0xa5d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.221`

.rsrc

MD5	`be5196a8eecb5edddcb780906fe93626`
SHA1	`aa924a807cfbd2b3f17806dede485592d45754e4`
SHA256	`c945db8f826c3b1a7a3ffe0ba92831594ef431e7f14e6af8258f0213dbcb25a2`
SHA3	`e6814ee0c3771857e062fca9f3f00fae540a64a36c9668b5a9074ebb5c64b9dd`
VirtualSize	`0x212000`
VirtualAddress	`0xa9c000`
SizeOfRawData	`0x47fc`
PointerToRawData	`0xa9c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.73212`

.import

MD5	`68f5c3d8b4ac6b547e342d199b271e89`
SHA1	`b30756961618f84c039c8ae5150a16cbe4236bbf`
SHA256	`d676fe79d90e2ec74677c2f238ec31f5d062e9e2a2a46c11798320ad28705a2e`
SHA3	`02b8a4fc4ce020b49f3cd38983186cda46e3cf959c9f508c3fcc2cea346fbdc2`
VirtualSize	`0x3000`
VirtualAddress	`0xcae000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xaa1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.13248`

.tls

MD5	`089f5e7bb53dd6e505ec7b6901ba405d`
SHA1	`bce12ad0d382e18f080a1f85cad6d31c41a819ba`
SHA256	`7b27497c0e1ba5de9eb1b95c9b022e08f76700907aa1951eb36c7b15cb7bf7a9`
SHA3	`cd0125dd6e588b1ca71f1e7919bfb6109ce83b89197256613535bae9ce4cfe60`
VirtualSize	`0x18`
VirtualAddress	`0xcb1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.190489`

Imports

advapi32.dll	`RegOpenKeyExA` `RegOpenKeyExW` `RegCreateKeyExW` `RegSetValueExW` `RegCloseKey` `RegQueryValueExW` `RegDeleteValueW` `RegQueryValueExA`
dinput8.dll	`DirectInput8Create`
gdi32.dll	`DeleteObject` `SetTextColor` `GetStockObject` `SetBkMode` `SetBkColor` `GetTextExtentPoint32W` `EnumFontsW` `GetDeviceCaps` `CreateFontIndirectW` `SelectObject`
imm32.dll	`ImmSetConversionStatus` `ImmReleaseContext` `ImmGetContext` `ImmGetCompositionStringA` `ImmGetDefaultIMEWnd` `ImmGetOpenStatus` `ImmIsIME` `ImmSetCompositionStringW` `ImmNotifyIME` `ImmGetIMEFileNameA` `ImmGetCandidateListW` `ImmGetCompositionStringW` `ImmAssociateContext` `ImmGetCandidateListA` `ImmGetConversionStatus`
iphlpapi.dll	`GetAdaptersInfo`
kernel32.dll	`MulDiv` `SetEndOfFile` `CreateThread` `ExitThread` `GetCurrentThreadId` `CreateProcessW` `GetCurrentProcessId` `GetCommandLineW` `GetFileTime` `LocalFree` `DeviceIoControl` `CreateFileA` `GetVolumeInformationA` `GetWindowsDirectoryA` `IsDBCSLeadByteEx` `CompareStringA` `GetVersionExA` `GlobalUnlock` `GlobalWire` `GetWindowsDirectoryW` `TerminateThread` `ResumeThread` `SetCurrentDirectoryW` `lstrlenW` `DuplicateHandle` `InterlockedCompareExchange` `GetFileInformationByHandle` `GetVersion` `QueryPerformanceFrequency` `GetLocalTime` `SetFileAttributesW` `FlushFileBuffers` `ReadFile` `GetFileSize` `SetStdHandle` `GetConsoleMode` `GetConsoleCP` `SetFilePointer` `GetLocaleInfoA` `LoadLibraryW` `InterlockedExchange` `HeapReAlloc` `RtlUnwind` `CreateFileW` `SleepEx` `IsDebuggerPresent` `WaitForSingleObject` `CreateMutexW` `GetVersionExW` `FindClose` `FindNextFileW` `FindFirstFileW` `GetCurrentDirectoryW` `CreateDirectoryW` `DeleteCriticalSection` `InitializeCriticalSection` `CompareStringW` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetFileType` `InitializeCriticalSectionAndSpinCount` `SetHandleCount` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetStringTypeW` `LCMapStringW` `GetCurrentThread` `SetLastError` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `HeapCreate` `GetCurrentProcess` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetStdHandle` `WriteFile` `ExitProcess` `HeapSize` `IsProcessorFeaturePresent` `RaiseException` `GetStartupInfoW` `HeapSetInformation` `DecodePointer` `EncodePointer` `GetProcAddress` `LoadLibraryA` `FreeLibrary` `LeaveCriticalSection` `EnterCriticalSection` `SetEvent` `CloseHandle` `CreateEventW` `CopyFileW` `GetModuleHandleW` `GetModuleFileNameW` `GlobalFree` `MultiByteToWideChar` `lstrcmpW` `WideCharToMultiByte` `GlobalAlloc` `GetTickCount` `InterlockedDecrement` `InterlockedIncrement` `GetLastError` `OutputDebugStringW` `VirtualQuery` `Sleep` `WriteConsoleW` `DeleteFileW`
oleaut32.dll	`VariantInit` `SysFreeString` `SafeArrayCreate` `SafeArrayDestroy` `SafeArrayAccessData` `VariantClear` `SysAllocString`
rpcrt4.dll	`RpcStringFreeA` `UuidCreate` `UuidToStringA`
shell32.dll	`SHGetFolderLocation` `ShellExecuteW` `SHFree` `SHBindToParent` `SHGetSpecialFolderPathW`
shlwapi.dll	`SHDeleteKeyW` `StrRetToBufW`
user32.dll	`GetCaretBlinkTime` `GetFocus` `PostMessageA` `SendMessageA` `SetClipboardData` `EmptyClipboard` `CloseClipboard` `GetClipboardData` `OpenClipboard` `ReleaseCapture` `SetCapture` `SetCursor` `GetMenu` `PeekMessageW` `GetWindowLongW` `TranslateMessage` `GetClientRect` `SetWindowPos` `MapVirtualKeyW` `GetAsyncKeyState` `GetKeyState` `SystemParametersInfoW` `SetTimer` `KillTimer` `LoadImageW` `DialogBoxParamW` `SendDlgItemMessageW` `GetDlgItemTextW` `GetWindowRect` `GetDlgItem` `ScreenToClient` `MoveWindow` `SetDlgItemTextW` `ShowWindow` `GetSystemMetrics` `MsgWaitForMultipleObjectsEx` `CreateDialogParamW` `DestroyWindow` `IsDialogMessageW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `CreateWindowExW` `UpdateWindow` `PostQuitMessage` `AdjustWindowRect` `DefWindowProcW` `EnableWindow` `InvalidateRect` `GetDesktopWindow` `GetMessageW` `GetDC` `SetFocus` `SetWindowTextW` `ReleaseDC` `GetWindowTextW` `GetKeyboardLayout` `CharNextW` `IsWindowUnicode` `SetWindowLongW` `MessageBoxW` `ShowCursor` `IsWindow` `DispatchMessageW` `PostMessageW` `SendMessageW` `GetPhysicalCursorPos` `EndDialog`
version.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW` `GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
wininet.dll	`InternetQueryDataAvailable` `InternetOpenUrlW` `InternetOpenW` `InternetSetStatusCallbackW` `InternetCloseHandle` `InternetReadFile`
winmm.dll	`timeBeginPeriod` `timeGetTime` `timeEndPeriod`
ws2_32.dll	`WSACreateEvent` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEnumNetworkEvents` `WSASocketW` `closesocket` `WSACloseEvent` `send` `connect` `WSAEventSelect` `WSAGetLastError` `gethostbyname` `inet_addr` `WSACleanup` `WSAStartup` `ntohs` `ntohs` `recv` `getsockname` `getpeername`
d3d9.dll	`Direct3DCreate9`
d3dx9_31.dll	`D3DXGetFVFVertexSize` `D3DXCreateTextureFromFileInMemoryEx` `D3DXGetImageInfoFromFileInMemory` `D3DXSaveSurfaceToFileInMemory` `D3DXGatherFragments` `D3DXCreateFragmentLinker` `D3DXCompileShader` `D3DXGetShaderConstantTable` `D3DXLoadSurfaceFromFileInMemory`
dbghelp.dll	`MiniDumpWriteDump`
fmod_event.dll	`?update@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?release@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ`
fmodex.dll	`?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z` `?setMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z` `?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z` `?setPriority@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z` `?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNEL@@W4FMOD_CHANNEL_CALLBACKTYPE@@PAX2@Z@Z` `?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z` `?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z` `?getMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z` `?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z` `?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z` `?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?set3DAttributes@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@0@Z` `?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z` `?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z` `?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N@Z` `?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z` `?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z` `FMOD_Channel_GetUserData` `FMOD_Debug_SetLevel` `FMOD_Debug_GetLevel` `?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@@Z` `?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z` `?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z` `?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@4@Z5H@Z` `?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z` `?getMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z` `?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z` `?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ` `?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z` `?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z` `?setMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@I@Z` `?getPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z` `?setPan@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z` `FMOD_System_Create` `?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z` `?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z` `?getFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z` `?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z` `?set3DMinMaxDistance@Channel@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z` `?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z` `?stop@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoTaskMemAlloc` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90368`
MD5	`9ca56e6bbb0b529c2ca4f3381d9ad12b`
SHA1	`c6e074686f1594d585c6ee5e36e4c92128e5d5da`
SHA256	`70a0eb28ea9329ec32f37762a976dcbf042a190fea7ad27d8f49aaeb1166f023`
SHA3	`6cf3e8aef5d34f24f35345a1b82c8dd3c83a4cffe22b5a585e04787a1ae2dced`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39984`
MD5	`0f347341ab43c385422c64a0023ea8a4`
SHA1	`f6211bbc1d7ea4ec4a21e5f3020c013e6426f6cc`
SHA256	`7a5e871474d5785e2225d47b2c05cc7224fbd099ea53658030eeaea79a8b6b30`
SHA3	`350cbedef020a784ca59bf75ece8bd505c39579bb7b227afcfdae6364ba14513`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91638`
MD5	`5434002c043fcf323fdc45dcbcfc47a1`
SHA1	`d3acd31fff3eb1458f0030e4171148a3af3f32c7`
SHA256	`f8361069b13728a6d7d87c7236c384db5a698d51328e5f96bbc8dfa8b5237a3b`
SHA3	`0d9347ecb258cb316268f812a187db92a57fed35df41958b7487060b8dddc7be`

104

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94577`
MD5	`82dc19b454d109d2c4e9d53ceef079df`
SHA1	`f492f58bc56362e928dd75de9c2fd63089210f74`
SHA256	`0c0a1f43055ffdd34c1cf84c9cfe063ca157bdc20f9b056cee9bddf2e1511cf1`
SHA3	`585a2b3a3ab2b46b5feda3a812d56fca75740757cf0c7d5da49bdbff382caa25`

105

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x24c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15958`
MD5	`d5e24970f545872e7083145b8b0392f0`
SHA1	`729a26e08e243e15733cb0a7ea3c48124d8c4372`
SHA256	`ddc0ae248403b67de47e3cc38948c43a09486b2441dc15c92fe3ed3aa3a60c27`
SHA3	`e5835e8c9beef21baed63525f35f245865d5d6504157be5f20dd25cfa5740c97`

106

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84902`
MD5	`7b914b5f7261e1beb49a49fd4938f4cb`
SHA1	`a39310733849a1ed2b95f7156d4cf76906d37e94`
SHA256	`2670534b09179ae777a4b92a0f0934b0017c66f5fc68ac4cc477c3d1cdf13d54`
SHA3	`3fd58282895a3a54d913e62d20016b4b6727cc9f8567c33338f153c879ae00c4`

107

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63274`
MD5	`c182a7095fbc5ef89236467a19a13801`
SHA1	`fb1ecb2c192725dd21f2e349f347f59471df993a`
SHA256	`9f51b9c378115bfef84cc04060b5841f7a1742cad42bff9da7c60b572de160da`
SHA3	`cc01771be10a0633b40ceee4a36c2f5f94fbc4ee31b279cdfe77d61b6731b547`

108

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74357`
MD5	`c0e93f4c3e9b24cac02a8a080c26e7f3`
SHA1	`589047e30b965ee37e4db45c71c4a18bffcd2643`
SHA256	`4d5a8c3409ab35102fbaa916fe564e65c079c742ea0077f9cff4298bad34c1a6`
SHA3	`8cad0ca46574f94b3b6a670b21d9f8ff9c0b74097f9960f9e15efe3c421a1246`

109

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70527`
MD5	`0aacc66d0a7b6c59453f349c68911207`
SHA1	`e7f189c5d667f3d8b5cf02532aedebea28ab1ee8`
SHA256	`9ac387dd1fcdcfe593330cdfd510cd2c854e33d2a061687ffdff5005b3d4e9af`
SHA3	`a6d312ba0b96f2d6b63d4a2300bf21a7fd67b9966cbdec1c7399220ade03e219`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37111`
MD5	`8a227e95b8d922b4173b2de37c84bd01`
SHA1	`156841477e353578be4de49753370eb0b6167b9b`
SHA256	`c34b47cdeef7f6ad5951203bbbd06dfc4cf9bf953c5439f67cfdabaab7ac3e9c`
SHA3	`e85cd2cc11f8ab3a260e6a867ed62a389a5aa2c4aa0dec6e7cdcb9e0912e65d3`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x165`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77792`
MD5	`b9b507d6297b2d514477db4ae0d55ea6`
SHA1	`e8c4b4e815c1788b3bab96fc44560d7282282fe1`
SHA256	`ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0`
SHA3	`85e8c59b71094f3ffe0990fe28a56df78d58756dc3a423284dff50f92ed7fa6f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1842
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
CompanyName	NEXTORIC
FileDescription	GameClient
FileVersion (#2)	1, 0, 0, 1842
InternalName	GameClient 201507281618
LegalCopyright	Copyright (C) NEXTORIC
LegalTrademarks	ProjectMV
OriginalFilename	GameClient
ProductName	ProjectMV
ProductVersion (#2)	1, 0, 0, 0

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0xe9b000`
EndAddressOfRawData	`0xe9b015`
AddressOfIndex	`0xe99e00`
AddressOfCallbacks	`0xcf5e94`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x4598576e`
Unmarked objects	`0`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`4`
C++ objects (VS2010 build 30319)	`4`
C objects (VS2003 (.NET) build 4035)	`2`
C++ objects (VS2003 (.NET) build 4035)	`1`
Imports (VS2003 (.NET) build 4035)	`6`
ASM objects (VS2010 SP1 build 40219)	`58`
C++ objects (VS2010 SP1 build 40219)	`77`
C objects (VS2010 SP1 build 40219)	`177`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`33`
Total imports	`379`
175 (VS2010 SP1 build 40219)	`818`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.