Manalyzer :: 40189b1806eafafda3dcce72b37d18272d9a009f1d5232eb7ce01e0d9ce7591a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Apr-22 06:04:25
Detected languages	Chinese - PRC
Debug artifacts	builder\sourcecode\sword1_v_03_00_20090207_vietnam\Sword1\coding\kgc\net\Heaven\Release\heaven.pdb
CompanyName	éå±±è½¯ä»¶è¡ä»½æéå¬å¸
FileDescription	Heaven DLL
FileVersion	`3, 0, 0, 365`
InternalName	Heaven
LegalCopyright	çæææ (C) 1995-2004 éå±±è½¯ä»¶è¡ä»½æéå¬å¸
OriginalFilename	Heaven.DLL
ProductName	SwordOnline
ProductVersion	`3.00.00.2003`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 DLL (Debug)` `Microsoft Visual C++ 6.0 DLL`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: closesocket WSAStartup WSACleanup listen bind htons htonl setsockopt send recv WSAGetLastError accept ntohs inet_ntoa ioctlsocket socket`
Suspicious	The file contains overlay data.	`123 bytes of data starting at offset 0x9000.`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-04-01 03:57:16)	`Cynet: Malicious (score: 100)` `Kingsoft: malware.kb.a.746`

Hashes

MD5	`e41bba84c24bb426bc8198674d6ea7b5`
SHA1	`8e2402b9ca86e9110bee3df415986a0be58c125e`
SHA256	`40189b1806eafafda3dcce72b37d18272d9a009f1d5232eb7ce01e0d9ce7591a`
SHA3	`f486d1019303130839c41380fdd6e0a3e38fa5ec7708db8dd26573f50ea683a6`
SSDeep	`384:OWn7U1EIiWzYeRVsG7wu0lSKCIi4olx5j1w9L1w0Sar:/nI1EazlKG7FKbt+1ISc`
Imports Hash	`10b8ab189e7a0c78a74432ac42baea16`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Apr-22 06:04:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x4000`
SizeOfInitializedData	`0x4000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000463B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`518cbb15f71d0a0bdfecc1d4e583f378`
SHA1	`d7eed0f58b220195e8a2c965eaec300b2bda9810`
SHA256	`50b13385f92b3e33b38537723b7f288134ff4339552cce07d587e38ea43620aa`
SHA3	`deba106f9b56263b06bdfdaa9d282cbfcce347ac4f2e50bd8f59b5f42b3359bc`
VirtualSize	`0x3967`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.40427`

.rdata

MD5	`dc53077e7d799ceed508e0b72b5ce077`
SHA1	`aced3e18f449c72d1c032476c003b77ae5bd9065`
SHA256	`131cd6b0673caaaa3b9332a1d41467fe83afa98b3fc88c8966e34d7596774fda`
SHA3	`b73f2f411ff9a4e4994e4ff80f192a4f21ab8ca319fd799f0e5ea837f2326c6b`
VirtualSize	`0x9da`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.23951`

.data

MD5	`0c3c69ed7e608a8ce7b5b811e41c7409`
SHA1	`e91d55d0b541ef44c9ae3912c23c94683e18df02`
SHA256	`3fe8ecde3dca1a7cfdeb6ae6eb138962869f51e9219e7625d21a9ee7420e06d9`
SHA3	`919928cc47157b904dabaaf1c75caa8c265d68fcddfc8e8e7abee2d99e0f6ecc`
VirtualSize	`0x1bc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.844974`

.rsrc

MD5	`20a4fc796dba5fba8983ef412d95da74`
SHA1	`bd52dbaa7362e8710ca301a6ef2fdbf61ab7d21a`
SHA256	`ea999954446db4ce0031d57df070d95c33e1caf1d4ff2f9a6a83725c29651690`
SHA3	`f59d2dd64885d5747babd5a54fdd247da7db83fa4862cada15202d1593975d30`
VirtualSize	`0x388`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.0156`

.reloc

MD5	`1d23fe4d50b7a3c4f929161c76542083`
SHA1	`46bdfa3f3f6706bf928fe1cf7c92501edab36d13`
SHA256	`03608c348abc901d9ce72723c80280d87acd7c2bb2ecd370f0519868f4c1bbcf`
SHA3	`5a40b4130fd7c37ebb2bf2504c7535e596073e04b54426a4b44e84346fc7c726`
VirtualSize	`0x2ca`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.39204`

Imports

KERNEL32.dll	`InitializeCriticalSection` `DeleteCriticalSection` `CreateThread` `CloseHandle` `WaitForSingleObject` `EnterCriticalSection` `LeaveCriticalSection` `Sleep`
WS2_32.dll	`closesocket` `WSAStartup` `WSACleanup` `listen` `bind` `htons` `htonl` `setsockopt` `send` `recv` `WSAGetLastError` `accept` `ntohs` `inet_ntoa` `ioctlsocket` `socket`
MSVCP60.dll	`??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z` `?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z` `??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ` `??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ`
MSVCRT.dll	`memmove` `_onexit` `__dllonexit` `_adjust_fdiv` `malloc` `_initterm` `free` `_vsnprintf` `printf` `strncpy` `_snprintf` `localtime` `sprintf` `memset` `_purecall` `__CxxFrameHandler` `??2@YAPAXI@Z` `memcpy` `_mkdir` `time`

Delayed Imports

CreateServer

Ordinal	`1`
Address	`0x100c`

1

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70677`
MD5	`3f2e219c6d2e7537ffab0411bd948f19`
SHA1	`5f13e923ace7267bb15d11275a8fb66d349def24`
SHA256	`be01d85c6ecdd050d7a8f509166b89142e8cee6f439dffac2b8fee378fcaf213`
SHA3	`be16b7a586de47a77ef144570f96ce5873c8075df335cdd0fb0c8e56a4a61034`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.365
ProductVersion	3.0.0.2003
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
CompanyName	éå±±è½¯ä»¶è¡ä»½æéå¬å¸
FileDescription	Heaven DLL
FileVersion (#2)	3, 0, 0, 365
InternalName	Heaven
LegalCopyright	çæææ (C) 1995-2004 éå±±è½¯ä»¶è¡ä»½æéå¬å¸
OriginalFilename	Heaven.DLL
ProductName	SwordOnline
ProductVersion (#2)	3.00.00.2003

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2009-Apr-22 06:04:25
Version	`0.0`
SizeofData	`123`
AddressOfRawData	`0`
PointerToRawData	`0x9000`
Referenced File	builder\sourcecode\sword1_v_03_00_20090207_vietnam\Sword1\coding\kgc\net\Heaven\Release\heaven.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x91a98f55`
Unmarked objects	`0`
12 (7291)	`1`
14 (7299)	`1`
C objects (VS98 build 8168)	`4`
Total imports	`51`
19 (8034)	`5`
C++ objects (VS98 build 8168)	`7`
Resource objects (VS98 cvtres build 1720)	`1`
Linker (VS98 build 8168)	`5`

Errors

Leave a comment

No comments yet.