Manalyze report for 5bafc3641e0b4d42a2e7bc2c5f906518

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Feb-26 09:02:16
Detected languages	English - United States Korean - Korea
Debug artifacts	D:\Source\Korea\RO_2019-02-27#02\RagnarokClient\Release Sakray\RagexeRE.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: iexplore.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to AES` `Uses constants related to DES` `Microsoft's Cryptography API`
Suspicious	The PE is packed or was manually edited.	`The number of imports reported in the RICH header is inconsistent.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowA` `Can access the registry: RegCloseKey RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA system` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptDecrypt CryptAcquireContextA CryptDeriveKey CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash CryptDestroyKey` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: #23 #115 #16 #10 #19 #18 #116 #111 #14 #20 #9 #12 #11 #52 #57 #3 #4` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowA GetDC CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE is digitally signed.	`Signer: GRAVITY Co.` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5bafc3641e0b4d42a2e7bc2c5f906518`
SHA1	`a211bdae12b1d403c0e65b774593f755e23933bc`
SHA256	`3f55c7d5ff4059ec2a004376df6cbbca24f7b5817da6ccd627a67e235f2b54da`
SHA3	`5043ae838f3438831b198f63eba8314e0df429121577ceae1bc0c6ba2d43ccbb`
SSDeep	`196608:5Sk6XqqtMZjt/06AspCkqh3FZFVcxSKqMuVQHz:5SpdU/06b1qMuE`
Imports Hash	`dd315debe8e8645fccd650377294050c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Feb-26 09:02:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x79fa00`
SizeOfInitializedData	`0x47b200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x006BD15D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7a1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc1e000`
SizeOfHeaders	`0x400`
Checksum	`0x9aa478`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8cfc5e2c96cf68ab8b1202f230e94e5a`
SHA1	`1cd4e7291a88b68620f62c7c7f99d7c0f3da15ea`
SHA256	`73c9e456cc8af81217167a1d3d4ba3c516613114ac9d7a39e43c85206847bb01`
SHA3	`a448741b6551ea309afc94c827e5eb416e206013a38d076749ddec0f0f29268d`
VirtualSize	`0x79f861`
VirtualAddress	`0x1000`
SizeOfRawData	`0x79fa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40933`

.rdata

MD5	`882c565a9696ad7a0fbf8e9ded44ec2d`
SHA1	`9628d1b862095af718da607ac6555b306dc68d6f`
SHA256	`9a96a6ccc9f43595f329e7cdfdf23ab2a72c8681e3a83a8a5b57e2489383aec3`
SHA3	`9a024ba638f7a1200ab99af24d1edcf0a2ef831485f1751c4f48bf5b43bd885b`
VirtualSize	`0x11d080`
VirtualAddress	`0x7a1000`
SizeOfRawData	`0x11d200`
PointerToRawData	`0x79fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2054`

.data

MD5	`e77d2da8e376be3d7c9be307356b84ac`
SHA1	`f0a14ff8772079c764d700d19dad967a5fe60098`
SHA256	`3a48a93913868481bebad047dc9d917e00103c58d9e7f1050dd351b8af165436`
SHA3	`9fc2c89c87b527fe4954554b5d7d7c9836b3a1360309cdc740343ff5b36d6d0a`
VirtualSize	`0x2b3260`
VirtualAddress	`0x8bf000`
SizeOfRawData	`0x38e00`
PointerToRawData	`0x8bd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.29686`

.rsrc

MD5	`8afa3ba591bce1d48030b56225216b07`
SHA1	`eb29dd5fa6e39d526db0a5677b56f9467449192b`
SHA256	`6f5fff8559340542c9aa14973a59b6b4c09d71f330dc3ad0e225d35588c01d10`
SHA3	`5b23884f11899c0bda6e17199dc3dafcce86d40468d31c479f9b128ce9805ace`
VirtualSize	`0x24f48`
VirtualAddress	`0xb73000`
SizeOfRawData	`0x25000`
PointerToRawData	`0x8f5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75006`

.reloc

MD5	`1dede1f92d038e77b069b878e35c23e8`
SHA1	`f773dd62a0b5b08f23318c1c890ac1f6985ff8fe`
SHA256	`55692d515ccff13cae43c4f461393eeac19fceb26a72bb77b25e846883435d5e`
SHA3	`78f8df69f82393f845732be8edbd8e72a40693d2d5c9f0e30a7b03ab4c540c2b`
VirtualSize	`0x85b4c`
VirtualAddress	`0xb98000`
SizeOfRawData	`0x85c00`
PointerToRawData	`0x91ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.73149`

Imports

binkw32.dll	`_BinkOpenDirectSound@4` `_BinkGoto@12` `_BinkShouldSkip@4` `_BinkCopyToBuffer@28` `_BinkClose@4` `_BinkWait@4` `_BinkPause@8` `_BinkSetSoundSystem@8` `_BinkNextFrame@4` `_BinkDoFrame@4` `_BinkOpen@8` `_BinkSetVolume@12` `_BinkGetError@0`
ijl15.dll	`#2` `#5` `#3` `#4`
WS2_32.dll	`#23` `#115` `#16` `#10` `#19` `#18` `#116` `#111` `#14` `#20` `#9` `#12` `#11` `#52` `#57` `#3` `#4`
mss32.dll	`_AIL_shutdown@0` `_AIL_set_preference@8` `_AIL_close_digital_driver@4` `_AIL_file_type@8` `_AIL_decompress_ADPCM@12` `_AIL_decompress_ASI@24` `_AIL_WAV_info@8` `_AIL_mem_free_lock@4` `_AIL_set_3D_orientation@28` `_AIL_set_3D_position@16` `_AIL_close_3D_listener@4` `_AIL_open_3D_listener@4` `_AIL_set_3D_sample_effects_level@8` `_AIL_set_3D_sample_distances@12` `_AIL_set_3D_speaker_type@8` `_AIL_3D_speaker_type@4` `_AIL_set_3D_room_type@8` `_AIL_3D_room_type@4` `_AIL_3D_sample_status@4` `_AIL_set_3D_sample_volume@8` `_AIL_set_3D_sample_file@8` `_AIL_end_3D_sample@4` `_AIL_start_3D_sample@4` `_AIL_release_3D_sample_handle@4` `_AIL_allocate_3D_sample_handle@4` `_AIL_close_3D_provider@4` `_AIL_open_3D_provider@4` `_AIL_enumerate_3D_providers@12` `_AIL_stream_status@4` `_AIL_set_stream_loop_count@8` `_AIL_stream_volume@4` `_AIL_set_stream_volume@8` `_AIL_pause_stream@8` `_AIL_start_stream@4` `_AIL_close_stream@4` `_AIL_set_redist_directory@4` `_AIL_allocate_sample_handle@4` `_AIL_release_sample_handle@4` `_AIL_init_sample@4` `_AIL_set_sample_file@12` `_AIL_startup@0` `_AIL_open_stream@12` `_AIL_sample_status@4` `_AIL_set_sample_volume@8` `_AIL_end_sample@4` `_AIL_start_sample@4` `_AIL_open_digital_driver@16`
IMM32.dll	`ImmGetCandidateListW` `ImmNotifyIME` `ImmGetVirtualKey` `ImmGetCompositionStringW` `ImmGetCompositionStringA` `ImmSetConversionStatus` `ImmGetConversionStatus` `ImmReleaseContext` `ImmGetContext`
cps.dll	`compress` `uncompress`
WINMM.dll	`timeGetTime` `timeEndPeriod` `timeBeginPeriod` `timeGetDevCaps`
granny2.dll	`_GrannyInstantiateModel@4` `_GrannyGetSecondsElapsed@8` `_GrannyGetSystemSeconds@0` `_GrannyGetControlDurationLeft@4` `GrannyPNT332VertexType` `GrannyRGBA8888PixelFormat` `_GrannyBuildWorldPose@24` `_GrannyGetWorldPoseComposite4x4Array@4` `_GrannyGetWorldPoseComposite4x4@8` `_GrannyFreeWorldPose@4` `_GrannyNewWorldPose@4` `_GrannyFreeModelInstance@4` `_GrannyGetSourceSkeleton@4` `_GrannySetModelClock@8` `_GrannyFreeCompletedModelControls@4` `_GrannyVersionsMatch_@16` `_GrannyTextureHasAlpha@4` `_GrannyCopyTextureImage@32` `_GrannyDeformVertices@24` `_GrannyFreeMeshDeformer@4` `_GrannyNewMeshDeformer@12` `_GrannyGetMeshBindingToBoneIndices@4` `_GrannyFreeMeshBinding@4` `_GrannyNewMeshBinding@12` `_GrannyCopyMeshIndices@12` `_GrannyGetMeshIndices@4` `_GrannyGetMeshBytesPerIndex@4` `_GrannyGetMeshIndexCount@4` `_GrannyMeshIsRigid@4` `_GrannyGetMeshVertices@4` `_GrannyCopyMeshVertices@12` `_GrannyGetMeshVertexCount@4` `_GrannyGetMeshVertexType@4` `_GrannyGetMeshTriangleGroups@4` `_GrannyFreeLocalPose@4` `_GrannyNewLocalPose@4` `_GrannyGetFileInfo@4` `_GrannyFreeFile@4` `_GrannyFreeFileSection@8` `_GrannyReadEntireFileFromMemory@8` `_GrannyPlayControlledAnimation@12` `_GrannySetControlActive@8` `_GrannySetControlLoopCount@8` `_GrannyFreeControl@4` `_GrannySampleModelAnimations@16` `_GrannyGetMaterialTextureByType@8`
DDRAW.dll	`DirectDrawCreateEx` `DirectDrawEnumerateExA`
MSVCP140.dll	`??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Xbad_alloc@std@@YAXXZ` `_Mbrtowc` `?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ` `?_W_Getdays@_Locinfo@std@@QBEPBGXZ` `?_W_Getmonths@_Locinfo@std@@QBEPBGXZ` `?_Xlength_error@std@@YAXPBD@Z` `?_Xout_of_range@std@@YAXPBD@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z` `?uncaught_exception@std@@YA_NXZ` `??1ios_base@std@@UAE@XZ` `?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `??_7ios_base@std@@6B@` `??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Xinvalid_argument@std@@YAXPBD@Z` `?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z` `??0_Lockit@std@@QAE@H@Z` `??1_Lockit@std@@QAE@XZ` `??Bid@locale@std@@QAEIXZ` `?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ` `?always_noconv@codecvt_base@std@@QBE_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z` `?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z` `?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z` `?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z`
KERNEL32.dll	`HeapFree` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `QueryPerformanceFrequency` `GetModuleHandleW` `UnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `SetLastError` `HeapReAlloc` `HeapAlloc` `GetModuleFileNameW` `HeapSize` `SetThreadPriority` `CreateThread` `LocalLock` `GetVersionExA` `lstrcpynA` `lstrcmpiA` `ResumeThread` `SuspendThread` `LeaveCriticalSection` `EnterCriticalSection` `FindNextFileA` `FindFirstFileA` `FindClose` `CreateDirectoryA` `VirtualAlloc` `VirtualFree` `OpenProcess` `lstrcatA` `GetSystemInfo` `MapViewOfFile` `GetUserDefaultLangID` `QueryPerformanceCounter` `UnmapViewOfFile` `CreateEventW` `GetCurrentDirectoryA` `WaitForMultipleObjects` `CreateSemaphoreA` `ReleaseSemaphore` `WaitForSingleObject` `GlobalFree` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetModuleHandleA` `GetCurrentThread` `GetCurrentProcess` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `lstrlenA` `CloseHandle` `WriteFile` `SetFilePointerEx` `ReadFile` `GetFileSizeEx` `CreateFileA` `InitializeCriticalSection` `GetTickCount` `GetLocalTime` `Sleep` `HeapCompact` `GetProcessHeap` `MultiByteToWideChar` `MulDiv` `OutputDebugStringA` `FormatMessageA` `LoadLibraryA` `GetProcAddress` `GetModuleFileNameA` `FreeLibrary` `DeleteCriticalSection` `InitializeCriticalSectionEx` `GetLastError` `RaiseException` `DecodePointer` `CreateFileMappingA` `HeapDestroy` `LoadLibraryW` `VirtualProtect` `DeleteFileA` `FileTimeToSystemTime` `OutputDebugStringW` `SetPriorityClass` `CreateProcessA` `GlobalMemoryStatus` `GetSystemTime` `CopyFileA` `IsDBCSLeadByte` `IsDebuggerPresent`
USER32.dll	`GetDlgItem` `OpenClipboard` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `SetFocus` `GetSystemMetrics` `SetWindowTextA` `GetWindowRect` `GetCursorPos` `ScreenToClient` `PeekMessageA` `PostThreadMessageA` `GetAsyncKeyState` `CharNextExA` `CharPrevExA` `GetKeyState` `wsprintfA` `SendMessageA` `DefWindowProcA` `CallWindowProcA` `RegisterClassExA` `CreateWindowExA` `DestroyWindow` `EndDialog` `IsWindowVisible` `UpdateWindow` `SetActiveWindow` `GetWindowTextA` `ShowCursor` `SetCursorPos` `SetCursor` `WindowFromPoint` `GetParent` `SetParent` `GetWindow` `LoadBitmapA` `LoadCursorA` `LoadIconA` `GetKeyboardLayout` `GetClipboardData` `TranslateMessage` `DispatchMessageA` `FindWindowA` `RegisterClassA` `IsIconic` `GetActiveWindow` `ValidateRect` `AdjustWindowRect` `ClipCursor` `DialogBoxParamA` `MoveWindow` `GetDC` `SetWindowLongA` `SetRect` `ClientToScreen` `MessageBoxA` `RedrawWindow` `GetClientRect` `DrawMenuBar` `SetWindowPos` `UnregisterClassA` `ShowWindow`
ADVAPI32.dll	`CryptReleaseContext` `CryptDecrypt` `RegCloseKey` `RegCreateKeyExA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `CryptAcquireContextA` `CryptDeriveKey` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptDestroyKey`
ole32.dll	`OleSetContainedObject` `CoCreateInstance` `CoUninitialize` `CoInitialize`
SHELL32.dll	`ShellExecuteA` `SHFileOperationA`
OLEAUT32.dll	`#4` `#8` `#2` `#6`
SHLWAPI.dll	`StrStrIW`
GDI32.dll	`CreateCompatibleDC` `DeleteDC` `DeleteObject` `SelectObject` `GetStockObject` `CreatePolygonRgn` `FillRgn` `CreateSolidBrush` `TextOutA` `TextOutW` `SetTextColor` `SetBkMode` `SetBkColor` `GetTextExtentPoint32W` `GetCurrentObject` `EnumFontFamiliesExA` `CreateFontA` `CreateFontIndirectA` `CreateDIBSection`
IPHLPAPI.DLL	`GetAdaptersInfo`
NETAPI32.dll	`Netbios`
VCRUNTIME140.dll	`__std_exception_copy` `memcpy` `strchr` `strstr` `longjmp` `_setjmp3` `__std_terminate` `strrchr` `memchr` `__std_type_info_destroy_list` `_CxxThrowException` `_except_handler4_common` `_local_unwind4` `memmove` `_purecall` `memset` `__std_exception_destroy` `__CxxFrameHandler3` `__RTDynamicCast`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `realloc` `_recalloc` `malloc` `_set_new_mode` `free` `_callnewh`
api-ms-win-crt-runtime-l1-1-0.dll	`_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `strerror` `_cexit` `_errno` `_controlfp` `_seh_filter_exe` `_set_app_type` `abort` `_get_narrow_winmain_command_line` `signal` `_initterm` `_initterm_e` `_exit` `system` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_controlfp_s` `_invalid_parameter_noinfo` `_invalid_parameter_noinfo_noreturn` `_beginthreadex` `terminate`
api-ms-win-crt-stdio-l1-1-0.dll	`fputc` `__stdio_common_vsprintf` `fsetpos` `__p__commode` `_fseeki64` `tmpnam` `__stdio_common_vsnprintf_s` `_fileno` `_isatty` `fopen_s` `__acrt_iob_func` `fclose` `feof` `ferror` `fopen` `fread` `freopen` `getc` `ungetc` `__stdio_common_vfprintf` `putchar` `fwrite` `fgetpos` `fputs` `puts` `fgetc` `_get_stream_buffer_pointers` `fgets` `__stdio_common_vsprintf_s` `clearerr` `fflush` `fseek` `ftell` `__stdio_common_vsscanf` `_pclose` `_popen` `setvbuf` `tmpfile` `__stdio_common_vfscanf` `_set_fmode` `_wfopen`
api-ms-win-crt-string-l1-1-0.dll	`iscntrl` `isdigit` `isprint` `strcoll` `isalpha` `strpbrk` `isspace` `strtok` `tolower` `strcpy_s` `strncpy_s` `strncmp` `toupper` `ispunct` `isxdigit` `islower` `isupper` `_stricmp` `iswspace` `wcsnlen` `wcscpy_s` `_strlwr` `isalnum` `strncpy` `strncat` `strcspn`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `_i64toa_s` `_atoi64` `atof` `mbstowcs` `wcstombs` `strtod` `_i64toa` `_ltoa` `_itoa` `atoi` `strtoul`
api-ms-win-crt-math-l1-1-0.dll	`ldexp` `_libm_sse2_log10_precise` `_libm_sse2_log_precise` `_libm_sse2_exp_precise` `_libm_sse2_sin_precise` `floor` `_libm_sse2_cos_precise` `_libm_sse2_pow_precise` `modf` `_libm_sse2_atan_precise` `ceil` `_libm_sse2_tan_precise` `_libm_sse2_asin_precise` `_libm_sse2_acos_precise` `frexp` `__setusermatherr` `_except1` `_CItanh` `_CIatan2` `_libm_sse2_sqrt_precise` `_CIsinh` `_CIcosh` `_CIfmod`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale` `setlocale` `localeconv` `_setmbcp`
api-ms-win-crt-utility-l1-1-0.dll	`ldiv` `rand` `qsort` `srand`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-time-l1-1-0.dll	`_ctime32` `_difftime32` `_localtime32` `_time32` `clock` `_difftime64` `_gmtime64` `_localtime64` `_mktime64` `strftime` `_time64` `_mktime32`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove` `_splitpath` `rename` `_chmod` `_mkdir` `_access` `_unlink` `_unlock_file` `_lock_file` `_rmdir`
api-ms-win-crt-multibyte-l1-1-0.dll	`_mbsbtype` `_mbsstr`
api-ms-win-crt-process-l1-1-0.dll	`_spawnl`

Delayed Imports

1

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88751`
MD5	`e46f6943aa7670edc2dea9142345f0eb`
SHA1	`d80a0e4e0ea7f1f4e389302afd8b052c0f717434`
SHA256	`0aa028e87f3d1339c6de25221b87962fba48b5f62b388abce226d34fca5b9b45`
SHA3	`d7314eabfb552949adba5f0428db5f3f562630b3ab4dc0cd3cc78c03510fed08`

2

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85554`
MD5	`190977bab15bc74dd2ebf7f027faefe4`
SHA1	`79935cf87b33f93dd69777e47494034b683f4a15`
SHA256	`a5b31f1174174c132c409b194cd4259bef13e81f7a42524e321b72600beb1949`
SHA3	`bd5b7cecfbdb3f621180692b3ce1ceccc4274f69f0b94d3543c10ca47af7d790`

3

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37975`
MD5	`240b156dad37dd8bb1c4aa893e26cf9f`
SHA1	`e1c03b55050fd3c0ea2354b486a4f594c711225f`
SHA256	`a3ccc2d2a261db671e52fa6e3ebacf5b3900895358921bb6b4e56b1e83cd9867`
SHA3	`521a09550038222dafabbffdd828b71bc0b95b553b84c408916d0fc6250166a7`

4

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.92416`
MD5	`5a1ee84392692665b51b541cc8aba1f5`
SHA1	`b92e964be9e80f522fe701f6d2e2d51fb6c03450`
SHA256	`d58c2eb425ed34bed19f641e858dd9ac878587c1d4faa921cf548f3e7a168286`
SHA3	`843254ac8ffaa03153d88921fbb4dfde0ac570993ed0ea33b4eeb57d9fd9b774`

5

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.92485`
MD5	`1aae4aceeffd3dcb0217c70c5b96b300`
SHA1	`20ca6745ba0fbca4b5ab08e46e217fb4d940813d`
SHA256	`a6898d7bf53d36411c092e4aa48f27d0b7b8f8f4a9d65cf3c09efd0c4dd8b887`
SHA3	`08638db76bc41fb0fe07a71f37a82db24a28592fade2f6a84dacc826d52a0374`

6

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.70926`
MD5	`844aa404fa99567a1a6d6c9767f12b6e`
SHA1	`70ffc3f7363ed1af2e6b4af6afca369ae9948c9c`
SHA256	`aca867da99480f0e21a40fe1df029e42879e63f115300f064245d961a0e37641`
SHA3	`e2ebb307e402fd357e7ac3c41d22e22c887d63ab462424269af87a5e04c34940`

7

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.22036`
MD5	`d8c176be9a218ea511f63c23a542b335`
SHA1	`cae82ad74c76a0745ee860a18e80faf4591d86f9`
SHA256	`cd42e971420060173e20315875683dcd41182bfb0de38f7a9d0c295b530605fe`
SHA3	`cfd40057859983c1537b66e612b9c96ba7f0ffca28d6db9a8dd98c28ce3529cc`

8

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.96202`
MD5	`e7819f6792c2b974d1124ec326a4adc8`
SHA1	`e54ac52fea27830137eec36cab471b8d592ab5df`
SHA256	`58ab3f56b0563a9b5d39d1eb863458f14e73be2ee63b2c8ff9534e7cff03b373`
SHA3	`7477be8625fc869802456b096629b2477a272897397b78a0c75da631f5f94f20`

9

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.62988`
MD5	`3b9e414f6902c64ddc6a18fe0a13447b`
SHA1	`340181efc175eb2e0beeb61ff152cdfaae21012b`
SHA256	`1afb5cd27ab8ff3498347fa8f71f04c1a7f0f978c1277b57d2ffb27b9fbc195a`
SHA3	`16321b2c58d6effa613d3fc9c9bacfdfa47c8bec0e383f10f10e3d7d59dc37c8`

10

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.43179`
MD5	`aead470c3a2d6638398c0b3287e9eceb`
SHA1	`14047873ba9220d1c04623505afa2062f85224df`
SHA256	`0d83216c3e26b234889f6e6541796f029bdc9a537eb20c50d642356357c5251a`
SHA3	`ac7436225b88969967ad726abf6398bb3c2ceebfe5a583b44dbab88844f4e7f7`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x262`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13286`
MD5	`7058de65fe4c1ff3d2c716bb043c9a9b`
SHA1	`ab413e599bce8d47aeb9b32ae838ab7ec255b7e7`
SHA256	`128918216835d768691f5837873ee906f99a7be0e7ff0dd4d8670d7a772be005`
SHA3	`86ee7cc09099917b8bb1cb4973b5a528d6b3fa341d06a753417a443b5e9678cc`

117

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39934`
MD5	`73300adc9d7ba5692a4b64ebcaa7325c`
SHA1	`c77b896550979e71261dce414362308d2a5caeaa`
SHA256	`53ab2e5553e94baa560efb31a63da61579d9325108da5e23c2ab345314d0000e`
SHA3	`e0f55d09349a290a40fc93976c889515b7ae8b891213b55599ecdeef71d188ca`

117 (#2)

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x18c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88727`
MD5	`b95ff11d6200cf66d9f1e91be96d904f`
SHA1	`da61147601b9c66fe103780bc325f98df60803ee`
SHA256	`9f42256c208f9a8ac91d8822af3b31b71b7c0bac2c9367d97d8636642b5cd5a1`
SHA3	`b7f19e1aa8dbd098a6a4bee455372f5d538e3d072dab1dcabec5d56ed4d24221`

145

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb32`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24212`
MD5	`b49d01543992c79a529290343e95be1e`
SHA1	`48ef106c097e8dc596a34fe999627cb60b2d6caa`
SHA256	`665ab0dd1284d4c85069f6229997f944f89279e9a50c385e3e783ba5378a663d`
SHA3	`aa9b15d859c28da7ed3d9488e76e86594ccada83d5f1ebc6770f32b8527dc7fd`

151

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x22c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96607`
MD5	`b5004a773e539a4169f5f20375ecfdba`
SHA1	`3cd2657b13054f25512f912360242b71e7a677d0`
SHA256	`ec43f7c367432294df45c556652f123dba4f1256346a83d7c03ae33a608d6dfc`
SHA3	`4d0c3454a51b22f6fcdffcee431e89ef75c049d7b01835031bf9c21b6ad1a5ba`

154

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87989`
MD5	`cf42ce60ae0254e70c508abb045625a2`
SHA1	`ee50668a96bfa27b9824d9ea5e755d769b8b64c8`
SHA256	`46b5a3a68e124718935ac4550b3a2eba196854c80278035ef103ee3854741f1d`
SHA3	`89ec041420752724a4ee8a151dcc9968fd14f7263ceaab9da197d5a72c13237b`

156

Type	`RT_ACCELERATOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51103`
MD5	`2cbe9f045840cbba2475f4951d1ede7c`
SHA1	`932ecef8f97a87074e4b1c3ed40263ebd9f0954c`
SHA256	`71750edba84e66e78d00c6b231b3bb078d36da4502427889c4fcfab72e9eadf3`
SHA3	`e2b9e9b72628e2f042c9a203ba39579133c2f34693ee3f54b4807169a5819ec9`

114

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

119

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46991`
Detected Filetype	Icon file
MD5	`ce4ea8e6f255f6fcff7dcfd986a019f9`
SHA1	`a936bab69c4d044d1fb91537a46a39a8c52cb3de`
SHA256	`910ac8ddacb1f50f31a6f8bfd361a74886a11ef3deed36b5b7b74e3aafacc7e7`
SHA3	`afcb980fa27a1b334365c195c3bb728dcefd5c7f791bd54b3195e0aac7804c12`

123

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01783`
Detected Filetype	Icon file
MD5	`4f2af074812e8dae46afbea51f8edbdc`
SHA1	`10bf7fa224077b9624334baa86cb2bcdba9cb28c`
SHA256	`652fd9bfb5e33faa6d254647cccd5376b074255f8171ed7635d618f80fdf7a0a`
SHA3	`344f6a816dc51f2998c3bd0b1dad9f36bc70b1281d62240f85d417c2c8a63ca6`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02293`
MD5	`152bb89e1c983ac83f61f234467ce37b`
SHA1	`80fbd63597a74720f3564b4a285e074e768fd0a8`
SHA256	`c33fffcaf40d812614f14a0a6441a425ab9f0114d82a65072bb4b443cdb23614`
SHA3	`7c63b7dcf97ab61479aabc3f427c03cae0982fd8784546e844e8d1bd0ddb9fca`

120

Type	`RT_MANIFEST`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x209`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92442`
MD5	`3cb24aeac3c4a42467fa099720588994`
SHA1	`9fdeaea6408dafa975759e85901c4eb6e2ce87da`
SHA256	`a2d980b90070f8b1014efc446d7b1d55045899ff0584baa5c02bbb2716562daf`
SHA3	`c525d7727e27dbc045cdb0f478063cc1e53ac401aec321c8d8af939959fb6068`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Feb-26 09:02:16
Version	`0.0`
SizeofData	`100`
AddressOfRawData	`0x827cfc`
PointerToRawData	`0x826afc`
Referenced File	D:\Source\Korea\RO_2019-02-27#02\RagnarokClient\Release Sakray\RagexeRE.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Feb-26 09:02:16
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x827d60`
PointerToRawData	`0x826b60`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Feb-26 09:02:16
Version	`0.0`
SizeofData	`884`
AddressOfRawData	`0x827d74`
PointerToRawData	`0x826b74`

TLS Callbacks

StartAddressOfRawData	`0xc280f8`
EndAddressOfRawData	`0xc28100`
AddressOfIndex	`0xf71edc`
AddressOfCallbacks	`0xba760c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0xcf0f78`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x359d5ebe`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`26`
199 (41118)	`8`
C objects (VS 2015/2017 runtime 26706)	`13`
ASM objects (VS 2015/2017 runtime 26706)	`12`
C objects (26213)	`9`
C++ objects (VS 2015/2017 runtime 26706)	`41`
Imports (VS 2015/2017 runtime 26706)	`4`
C++ objects (26213)	`1`
48 (8943)	`1`
Imports (26213)	`28`
Total imports	`508`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`120`
C objects (VS2017 v15.9.7-10 compiler 27027)	`31`
C++ objects (VS2017 v15.9.7-10 compiler 27027)	`449`
Resource objects (VS2017 v15.9.7-10 compiler 27027)	`1`
151	`2`
Linker (VS2017 v15.9.7-10 compiler 27027)	`1`

5bafc3641e0b4d42a2e7bc2c5f906518

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

102

117

117 (#2)

145

151

154

156

114

119

123

1 (#2)

120

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors