Manalyze report for 5ebaa874119ec3038a551571a0bec42d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Mar-11 14:50:28
Detected languages	Chinese - PRC English - United States Japanese - Japan Korean - Korea
CompanyName	Ewmt2
FileDescription	Ewmt2 Launcher
FileVersion	`1.0.28249.1`
InternalName	Ewmt2
LegalCopyright	Copyright (C) 2015 @ Davian Thule && [DEV]EWC0d3r
OriginalFilename	Ewmt2.exe
ProductName	Ewmt2 S1
ProductVersion	`3.0`

Plugin Output

Suspicious	PEiD Signature:	`ASPack v2.12` `UPX -> www.upx.sourceforge.net`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to Whirlpool` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses constants related to Twofish` `Uses constants related to TEA` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .data1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA LoadLibraryExA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegOpenKeyExA RegQueryValueExA RegOpenKeyA RegCloseKey` `Possibly launches other programs: CreateProcessA WinExec ShellExecuteA` `Uses Microsoft's cryptographic API: CryptGenRandom CryptAcquireContextA CryptCreateHash CryptReleaseContext CryptHashData CryptDestroyHash CryptGetHashParam` `Leverages the raw socket API to access the Internet: #11 #9 #4 #116 #115 #111 #23 #19 #18 #52 #3 #16 #10 #151` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: ReadProcessMemory Process32Next OpenProcess Process32First EnumProcessModules EnumProcesses` `Changes object ACLs: SetSecurityInfo` `Can take screenshots: GetDC FindWindowA CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5ebaa874119ec3038a551571a0bec42d`
SHA1	`875cf43bb29a171b44b362c9f4ec65facfdc819f`
SHA256	`f9016c75c94c2de3c966be8ec337adfbc98fcd77674a89c97a2a6f8aeaee3242`
SHA3	`7dc3d7d6d79bae70d50a8ec7c4f6fd3fe9ee71b577ff1f80ceec1a38053595f8`
SSDeep	`49152:qxgoUPmyJG6pdoYyrJVakW4a/kpiAiongq3ItRSL+oJ5UXg3iRZFAGLBsZScy6y:mJVQ98rgg6YLyeSTmUWy7`
Imports Hash	`aedada182e56d481af00e1d1908b2ddd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Mar-11 14:50:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x220000`
SizeOfInitializedData	`0x4d0600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001D7F9B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x221000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x6f3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a4fa1c9aad8c356db9180dc8795c5b4b`
SHA1	`9bdc2815939af7dc86b0ba9a5449412bd19afcfb`
SHA256	`142e80e216494bcafc6bcde9d257bea4c10614e80b02845da0709c2acdb6f559`
SHA3	`fd231f606e922662acd262af92b5fc075247676e4a5b50ebe21035a458cc2d36`
VirtualSize	`0x21ff24`
VirtualAddress	`0x1000`
SizeOfRawData	`0x220000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64466`

.rdata

MD5	`032310846b29266046f6a0745bac75e4`
SHA1	`8603ba65805e2519f4d66022c7cc4302ced1183e`
SHA256	`f00dfcce3f70b288d66e64df956a95acf3640fb26bc22a9dcae5d842f71ffd1c`
SHA3	`9b9b7b5edece49193cdb376463b5d55d9c10363b4ecc5587a9918027626dc7c9`
VirtualSize	`0x74404`
VirtualAddress	`0x221000`
SizeOfRawData	`0x74600`
PointerToRawData	`0x220400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.94136`

.data

MD5	`27ab3da04f6762b34b773ae62a12d92c`
SHA1	`ac109221fbc97e00e120ba461146bf733d5f5c9e`
SHA256	`ae8806456f1871244874a8e806ab3390c69d55fe91b3105e18c726308b8a5678`
SHA3	`20b961d114c908fb98e780061628b81b5757c92d15a89bac71cdfd68937553db`
VirtualSize	`0x73d7c`
VirtualAddress	`0x296000`
SizeOfRawData	`0x2e400`
PointerToRawData	`0x294a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.63116`

.data1

MD5	`3385b801c9e1463bf44bdfbe7db17fdf`
SHA1	`bf646f2d7ce63483cce462d65a447b461afb7673`
SHA256	`9a1e1a6e69fd980ae9724ec0236a97ae21a2c751d40f5a12c040cc608c7ae163`
SHA3	`7c24e3c0db361346cbd82a54ca15064c9ebf96e220491fc336411db0e63625c4`
VirtualSize	`0x8e0`
VirtualAddress	`0x30a000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2c2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.61952`

.rsrc

MD5	`18993d0bb0a73ee6799e008d3f5d85d7`
SHA1	`a74bddd6f03f180a7b524228b807a876ecd1decb`
SHA256	`acf34d74990cfaefaa1f444355905228f0d558d17c5a04b10141d4305b8e2355`
SHA3	`b79800a50d2b1281ae2b3b67a1e6ea5c49a7f6f462c93e99262de0b36017efca`
VirtualSize	`0x3e77a0`
VirtualAddress	`0x30b000`
SizeOfRawData	`0x3e7800`
PointerToRawData	`0x2c3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.27153`

Imports

KERNEL32.dll	`OutputDebugStringW` `HeapReAlloc` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetFileAttributesExW` `GetPrivateProfileStringA` `lstrlenA` `GetCurrentDirectoryA` `MoveFileA` `FindClose` `FindNextFileA` `FindFirstFileA` `SetFileAttributesA` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `GetSystemInfo` `GetCurrentDirectoryW` `MultiByteToWideChar` `Module32Next` `Module32First` `GetCurrentProcessId` `HeapFree` `GetProcessHeap` `HeapAlloc` `FlushFileBuffers` `GetTimeZoneInformation` `GetOEMCP` `GetACP` `IsValidCodePage` `ReadConsoleW` `SetFilePointerEx` `GetConsoleMode` `FreeLibrary` `HeapSize` `GetModuleFileNameW` `GetStdHandle` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetModuleHandleW` `GetStartupInfoW` `WriteConsoleW` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `CreateProcessA` `GetFileType` `GetCPInfo` `LoadLibraryExW` `GetCurrentThreadId` `RtlUnwind` `RaiseException` `GetCommandLineA` `AreFileApisANSI` `GetModuleHandleExW` `ExitProcess` `GetSystemTimeAsFileTime` `IsDebuggerPresent` `DecodePointer` `EncodePointer` `GetStringTypeW` `CreateFileW` `IsProcessorFeaturePresent` `HeapValidate` `QueryPerformanceCounter` `ReleaseSemaphore` `GetLocaleInfoA` `CompareStringA` `WideCharToMultiByte` `GetVersionExA` `GetSystemDirectoryA` `LoadLibraryA` `lstrlenW` `GlobalUnlock` `GlobalLock` `ReadFile` `WriteFile` `OutputDebugStringA` `TlsFree` `GetExitCodeProcess` `ResumeThread` `WaitForSingleObject` `LoadLibraryExA` `GetTickCount` `ReadProcessMemory` `CloseHandle` `Process32Next` `OpenProcess` `Process32First` `CreateToolhelp32Snapshot` `GetModuleHandleA` `GetProcAddress` `GetCurrentProcess` `TerminateProcess` `CreateThread` `SetEnvironmentVariableA` `SetEndOfFile` `QueryPerformanceFrequency` `DeleteFileA` `GetModuleFileNameA` `GlobalFree` `UnhandledExceptionFilter` `CreateDirectoryW` `WinExec` `GetCurrentThread` `SetUnhandledExceptionFilter` `CreateFileA` `CreateFileMappingA` `UnmapViewOfFile` `MapViewOfFile` `GetFileSize` `CreateDirectoryA` `GlobalAlloc` `Sleep` `GetLastError` `GetComputerNameA` `GetConsoleCP` `GetVolumeInformationA`
USER32.dll	`MessageBoxA` `GetDC` `FillRect` `ReleaseDC` `PeekMessageA` `ClientToScreen` `GetClientRect` `OffsetRect` `SetRect` `GetAsyncKeyState` `PostQuitMessage` `GetCursorPos` `ScreenToClient` `FindWindowA` `LoadIconA` `CharPrevExA` `CharNextExA` `CharNextW` `GetClipboardData` `CloseClipboard` `OpenClipboard` `GetKeyboardLayout` `GetKeyboardLayoutNameA` `DispatchMessageA` `TranslateMessage` `GetMessageA` `LoadCursorA` `AdjustWindowRectEx` `GetMenu` `RegisterClassA` `SetWindowLongA` `GetWindowLongA` `UpdateWindow` `SetFocus` `MoveWindow` `DestroyWindow` `GetWindowTextA` `WindowFromPoint` `SendMessageA` `FindWindowExA` `IsWindow` `CreateWindowExA` `RegisterClassExA` `UnregisterClassA` `DefWindowProcA` `SetWindowPos` `SystemParametersInfoA` `GetKeyState` `LoadImageA` `DestroyCursor` `ShowCursor` `SetCursor` `SetCursorPos` `SetCapture` `ReleaseCapture` `ChangeDisplaySettingsA` `ShowWindow` `GetCapture` `GetSystemMetrics` `LoadStringA` `InvalidateRect`
GDI32.dll	`GetStockObject` `EnumFontFamiliesExA` `CreateFontIndirectA` `GetCharABCWidthsFloatW` `GetTextExtentPoint32W` `SelectObject` `SetBkColor` `SetTextColor` `CreateSolidBrush` `DeleteObject` `StretchBlt` `GetTextExtentPoint32A` `TextOutA` `CreateDIBSection` `SetBkMode` `DeleteDC` `CreateCompatibleDC` `TextOutW`
ADVAPI32.dll	`GetLengthSid` `RegOpenKeyExA` `RegQueryValueExA` `RegOpenKeyA` `CryptGenRandom` `GetUserNameA` `CryptAcquireContextA` `CryptCreateHash` `CryptReleaseContext` `CryptHashData` `CryptDestroyHash` `CryptGetHashParam` `OpenProcessToken` `GetTokenInformation` `AllocateAndInitializeSid` `RegCloseKey` `InitializeAcl` `AddAccessDeniedAce` `AddAccessAllowedAce` `InitializeSecurityDescriptor` `FreeSid` `SetSecurityInfo` `SetSecurityDescriptorDacl`
SHELL32.dll	`ShellExecuteA` `SHGetSpecialFolderPathA`
ole32.dll	`CoInitializeEx` `OleUninitialize` `OleInitialize` `CoGetClassObject` `OleSetContainedObject` `CoUninitialize` `CoInitialize` `CoCreateInstance`
WINMM.dll	`timeGetTime` `timeEndPeriod` `timeGetDevCaps` `timeBeginPeriod`
d3d8.dll	`Direct3DCreate8`
python27.dll	`Py_BuildValue` `PyErr_SetString` `PyExc_RuntimeError` `PyTuple_GetItem` `PyList_New` `PyString_FromString` `PyList_Append` `Py_InitModule4` `PyModule_AddIntConstant` `PyTuple_Size` `PyDict_GetItemString` `PyLong_AsLong` `PyLong_FromUnsignedLongLong` `PyLong_FromLongLong` `PyDict_Size` `PyDict_Next` `PyString_InternFromString` `PyObject_GetAttrString` `PyObject_GetAttr` `PyCallable_Check` `PyLong_AsLongLong` `PyFloat_AsDouble` `PyString_AsString` `PyErr_Clear` `PyErr_BadArgument` `PyErr_Print` `PyObject_CallObject` `PyNumber_Check` `_Py_NoneStruct` `PyDict_SetItemString` `PyModule_GetDict` `PyInt_AsLong` `PyErr_Fetch` `Py_SetProgramName` `Py_Initialize` `Py_Finalize` `PyRun_StringFlags` `PyImport_AddModule` `PyImport_ImportModule`
DevIL.dll	`ilOriginFunc` `ilLoad` `ilGetInteger` `ilConvertImage` `ilCopyPixels` `ilDeleteImages` `ilShutDown` `ilSave` `ilTexImage` `ilSetPixels` `ilInit` `ilBindImage` `ilEnable` `ilGenImages`
IMM32.dll	`ImmGetOpenStatus` `ImmSetConversionStatus` `ImmGetConversionStatus` `ImmGetCandidateListW` `ImmSetCompositionStringW` `ImmGetCompositionStringW` `ImmAssociateContext` `ImmReleaseContext` `ImmGetContext` `ImmIsIME` `ImmGetIMEFileNameA` `ImmNotifyIME`
PSAPI.DLL	`EnumProcessModules` `EnumProcesses` `GetModuleFileNameExA`
imagehlp.dll	`StackWalk` `EnumerateLoadedModules` `GetTimestampForLoadedLibrary`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoA` `GetFileVersionInfoSizeA`
granny2.dll	`_GrannyReadEntireFileFromMemory@8` `_GrannyFreeFileSection@8` `_GrannyFreeFile@4` `GrannyPNT332VertexType` `_GrannyDeformVertices@24` `_GrannyFreeMeshDeformer@4` `_GrannyNewMeshDeformer@16` `_GrannyCopyMeshIndices@12` `_GrannyGetMeshVertices@4` `_GrannyCopyMeshVertices@12` `_GrannyGetMeshVertexType@4` `_GrannyGetMeshTriangleGroups@4` `_GrannyGetMeshTriangleGroupCount@4` `_GrannyPlayControlledAnimation@12` `_GrannySetControlRawLocalClock@8` `_GrannyConvertSingleObject@20` `_GrannyFindMatchingMember@16` `_GrannyGetMaterialTextureByType@8` `_GrannySetLogCallback@4` `_GrannyGetControlRawLocalClock@4` `_GrannySetControlEaseOutCurve@28` `_GrannySetControlEaseOut@8` `_GrannySetControlEaseInCurve@28` `_GrannySetControlEaseIn@8` `_GrannyGetControlLocalDuration@4` `_GrannySetControlSpeed@8` `_GrannyGetControlSpeed@4` `_GrannySetControlLoopCount@8` `_GrannyGetControlLoopCount@4` `_GrannyFreeControlIfComplete@4` `_GrannyControlIsComplete@4` `_GrannyCompleteControlAt@8` `_GrannyFreeControlOnceUnused@4` `_GrannyFreeControl@4` `_GrannyGetMeshIndexCount@4` `_GrannyMeshIsRigid@4` `_GrannyGetMeshVertexCount@4` `_GrannyGetTotalTypeSize@4` `_GrannyGetWorldPoseComposite4x4@8` `_GrannyGetWorldPose4x4@8` `_GrannyFreeWorldPose@4` `_GrannyNewWorldPose@4` `_GrannyFindBoneByName@12` `_GrannyGetMeshBindingToBoneIndices@4` `_GrannyFreeMeshBinding@4` `_GrannyNewMeshBinding@12` `_GrannyFreeModelInstance@4` `_GrannyInstantiateModel@4` `_GrannyGetWorldPoseComposite4x4Array@4` `_GrannyFreeLocalPose@4` `_GrannyNewLocalPose@4` `_GrannyUpdateModelMatrix@20` `_GrannySampleModelAnimationsAccelerated@20` `_GrannyFreeCompletedModelControls@4` `_GrannySetModelClock@8` `_GrannyGetSourceSkeleton@4` `_GrannyGetFileInfo@4`
mss32.dll	`_AIL_decompress_ASI@24` `_AIL_decompress_ADPCM@12` `_AIL_open_digital_driver@16` `_AIL_open_stream@12` `_AIL_close_digital_driver@4` `_AIL_enumerate_3D_providers@12` `_AIL_open_3D_provider@4` `_AIL_close_3D_provider@4` `_AIL_open_3D_listener@4` `_AIL_close_3D_listener@4` `_AIL_set_3D_position@16` `_AIL_set_3D_velocity@20` `_AIL_set_3D_orientation@28` `_AIL_startup@0` `_AIL_shutdown@0` `_AIL_set_redist_directory@4` `_AIL_close_stream@4` `_AIL_start_stream@4` `_AIL_pause_stream@8` `_AIL_set_stream_volume_levels@12` `_AIL_stream_volume_levels@12` `_AIL_set_stream_loop_count@8` `_AIL_stream_status@4` `_AIL_last_error@0` `_AIL_WAV_info@8` `_AIL_release_sample_handle@4` `_AIL_init_sample@4` `_AIL_set_sample_file@12` `_AIL_start_sample@4` `_AIL_stop_sample@4` `_AIL_resume_sample@4` `_AIL_end_sample@4` `_AIL_set_sample_volume_pan@12` `_AIL_set_sample_loop_count@8` `_AIL_sample_status@4` `_AIL_sample_volume_pan@12` `_AIL_allocate_3D_sample_handle@4` `_AIL_release_3D_sample_handle@4` `_AIL_start_3D_sample@4` `_AIL_stop_3D_sample@4` `_AIL_resume_3D_sample@4` `_AIL_end_3D_sample@4` `_AIL_set_3D_sample_file@8` `_AIL_set_3D_sample_volume@8` `_AIL_set_3D_sample_loop_count@8` `_AIL_3D_sample_status@4` `_AIL_3D_sample_volume@4` `_AIL_auto_update_3D_position@8` `_AIL_set_file_callbacks@16` `_AIL_file_read@8` `_AIL_allocate_sample_handle@4` `_AIL_file_type@8` `_AIL_mem_free_lock@4`
SpeedTreeRT.dll	`?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z` `?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z` `?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ` `?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z` `??3CSpeedTreeRT@@SAXPAX@Z` `??2CSpeedTreeRT@@SAPAXI@Z` `??1CSpeedTreeRT@@QAE@XZ` `??0CSpeedTreeRT@@QAE@XZ` `??1STextures@CSpeedTreeRT@@QAE@XZ` `??0STextures@CSpeedTreeRT@@QAE@XZ` `?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z` `?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ` `?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z` `??1SGeometry@CSpeedTreeRT@@QAE@XZ` `?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z` `?SetCamera@CSpeedTreeRT@@SAXPBM0@Z` `?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z` `?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z` `?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ` `?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ` `?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ` `?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z` `?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z` `?SetLodLevel@CSpeedTreeRT@@QAEXM@Z` `?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ` `?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z` `?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z` `?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z` `?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z` `?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z` `?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z` `?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ` `?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ` `?SetLightState@CSpeedTreeRT@@SAXI_N@Z` `?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z` `?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z` `?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z` `?GetCurrentError@CSpeedTreeRT@@SAPBDXZ` `?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z` `?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ` `?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ` `?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z` `??0SGeometry@CSpeedTreeRT@@QAE@XZ` `?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z` `?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z` `?SetTime@CSpeedTreeRT@@SAXM@Z` `?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z`
DINPUT8.dll	`DirectInput8Create`
WS2_32.dll	`#11` `#9` `#4` `#116` `#115` `#111` `#23` `#19` `#18` `#52` `#3` `#16` `#10` `#151`
DDRAW.dll	`DirectDrawCreate`
OLEAUT32.dll	`#2` `#8` `#9` `#6`

Delayed Imports

1

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64429`
MD5	`09dde700bf36032c640e7bc21de173ec`
SHA1	`a2c02db997dcf84052a2a1d86beaa7aa6ffdc209`
SHA256	`ec6470df935e6aff1f9d96ee6fc4a53b2cb93bec08ba13e3ef13212c5ca70f57`
SHA3	`a43414e8dc56e93dceab9b1bba0358710ede9abf2b856433b3cf0bb0a9ca63d2`

2

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90617`
MD5	`3850a8b00806560f1ee065acb4ccee89`
SHA1	`4b2692436a024f213c667d54e0882634afd9fec0`
SHA256	`ac8c07592b23a9ae3fd2cc873fce0862d441476299616cbc3659bf2dc3897a5a`
SHA3	`ddc87cef067ea17828f1b780810bb745ff464cb642397992929131588dcc6117`

3

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66823`
MD5	`2ca7d3336aecb826890456dfa4f0c1aa`
SHA1	`0972a409430b952e990341081f4fe71783e607df`
SHA256	`0d76fd6fed75bbde37ffb0fed3d172fc1c5c895193ea69ea6ff98e84f318c8ef`
SHA3	`dc566408b8e5aea648b59675740306469089375a87f7ed332a8ccfa6dca8cd73`

4

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40205`
MD5	`c6eb792faa03cbabbfa65823607ecc79`
SHA1	`17ddb3be3d37eefddfd9622ce31bace68111af4d`
SHA256	`e7d033b103afdb959043f835daf34447dc29924e05fe7163141a2ae72f01c9ac`
SHA3	`9a085f62e4867bab47bed9b6ee204571f474b2f27537b459ec52f344a594c0ae`

5

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06965`
MD5	`c6dc93b1413418a2eec174b1a70a9b61`
SHA1	`7cfe41da5d8edd585d6e75802e29dd279b7ac887`
SHA256	`9e5c586398ed5d40ccfa115bf34b6daaeb97e9fc203ff2e8b702b0d4ec53ab2b`
SHA3	`1f37e4d25f8cabd6d3d9261e921ad33de9210ebfa6a5661d00933ea25f5bced3`

6

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69313`
MD5	`04b7b781beb8118c6c68f195af5ceddb`
SHA1	`1523c2c3a4fb3541be37eb66a80bca379008d5e4`
SHA256	`002638b010d2e6b6211ea54cc94fefba405074268e2306fef974696f67b47b10`
SHA3	`08d125432de27676452f9b0199183199356549b9b77444412e9bfa9946e2093c`

7

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20898`
MD5	`18b4bdf3a89b8f516f1100cd032adc80`
SHA1	`895f748221f14480a88a4618d104fd8b73f2444c`
SHA256	`37e373bf054c1af584d07598179d3ca716c756de7aa57ae75dc467b89f8906a3`
SHA3	`8fb9aa88df6bacf757fafea78fb4ec380f081b22e282cd74b1a437d57d04941a`

8

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72289`
MD5	`68ba05131d6605a5373085e717e6053f`
SHA1	`a5c2dd5042ad472b0fd78bfdaa06e7af7cadb416`
SHA256	`15923990bc24a30fd6cc2e3214917586a7627ec2c8d31e2290e2b56d68f5507a`
SHA3	`38a15519d5703838d83c6bd6701ae91203dd2aebd36b42e210e724a9beb1c02a`

9

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72289`
MD5	`7629057a3044634951fd32959cce3712`
SHA1	`4c94dc13ff0291be738d69588f9df240906cd4ab`
SHA256	`012bde93a7152e3f9bc2a6f75b503c213e8539b1a927330c11cfa4d5edbcdef3`
SHA3	`a417cbd8cbb7c8baa1bd88758d0b3ff774d0664f970b25eeb6f1175594eb5be0`

10

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00967`
MD5	`697baaed7ed43035912f78e0de4189dd`
SHA1	`c8f99f5a6bf3ac2eb6bca7d8e3b8419c783dc693`
SHA256	`2d2461a9c14b287a5dcdddcf261e5626cf09949666091024a63bad5ce2ca156c`
SHA3	`913c8bbe15ebfcb534ed642bacbbbc414275485444a24bf76243a9c8835ba97a`

11

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.21178`
MD5	`f899f111c907c302c4b7254e129f7dac`
SHA1	`09791cc9d9174fbbe28f0c810f5c35c000da5e57`
SHA256	`5d4bf6cb23a589afbc439cc9f5ae2db44295de15a390e145d0082b6e3475653c`
SHA3	`5f9cc7ed1fb6c3b6f09f717b28412f2cc703e1c03888a2deee35cf5419ad482c`

12

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.19485`
MD5	`137e009adf8fab4589a5879f78196183`
SHA1	`fb577678d8825ddc3777a0bde011402ccb026441`
SHA256	`0e9f8eeb59f26645b809eab3fdbd7d72a80124f317706a47f3ac48dfb58fb4d7`
SHA3	`64ad08fa84b843d473e91ef4bf1176e358c07c89ba6490675fd1f57407b8481b`

13

Type	`RT_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.07083`
MD5	`239c05850ba86ccfbee74a1687ed589d`
SHA1	`ea19eac760adb0549309d6e9dd086cd1f5f0df0b`
SHA256	`5137c19c08712ef68b76eeaad97723a4da84d9f91cb224ab48f30a5fc4c0c56d`
SHA3	`4459cd7f603f3cad8efebe19d5da8443f58bbe3c2a7f689653bdf340488c6b16`

14

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42688`
MD5	`d3ded6f4aa881945eebfe5dad0c2ab52`
SHA1	`2d493be16b5d9d648eb3accdb332c9369901ca18`
SHA256	`f695dffee1f05c9199cb3a11614f9ec5eaecb724e9009425cc083069a3f1351b`
SHA3	`1a3639941f26702484647df3bf60a3cace47e3c62e49b8de9408fa29e9672415`

15

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58943`
MD5	`d6179f43346902ad089acf841309dd84`
SHA1	`4c8d879286cc2f9ddd8204c29b20124e4dedc0f2`
SHA256	`5c00650484fa69ee91ef87eb4ae1f0c659790497056383311292a8985270eccf`
SHA3	`fbe4abc0c5c67a7aa07abec316c8ce7faf46bbea74519f35eea8b1c63bdc716b`

16

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71529`
MD5	`31ff15d2e2ef5a57ef0f6041d8c409f1`
SHA1	`d9375d4917c7191eea1e587ece316be52fb3bb5b`
SHA256	`7d56aaaab42c70dc2f2ae314a5b0dac58db056d03c86d17472cb87a45297b80f`
SHA3	`26b976da766a79b4458de86fd4b6d8425a3a4cc35c87019b3954cd5758786061`

17

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67535`
MD5	`5284dbf5957df556ac813345d3c509a8`
SHA1	`08493fd3b1dcb964df05292008d63871f34cd0d6`
SHA256	`c71a3e9c060ba5c951e818864b6f75801265d74ab6ba6d1696b547056e6e7967`
SHA3	`babcae2cbffaee4c88ee791f6ecf33eda5761353d69a83bb5a9159de4e49f894`

18

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05727`
MD5	`8ed4d0e046a645288462d2a4f2c4a4eb`
SHA1	`e08ea17dc7d5957c85702ffc7fc5791e18340be5`
SHA256	`13929cf3028e97197de979cdce2c29bb99154b91c008935b25a6760ac74e1263`
SHA3	`0c60a140b8350f5ce1ac9cb10370bc3472d2a9d4a1877ac3d8f0b92ba9d15865`

19

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04563`
MD5	`5ecff6d7e21982d77fed74fdad63e02a`
SHA1	`109da67196e11438268474884a7b8ef3b6a95591`
SHA256	`26cb3c20070f2f4eccc6a1c16a51f2fe42c489ff4f8fb95b4255ee5853f805a9`
SHA3	`7cca36d18d61de8cdf19073198fe039871d719d336b43e14f88742f53f8b2966`

20

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63247`
MD5	`e0404ba90828043b947245450df7da3a`
SHA1	`072545c691db43ec7026a85b961089b453704fb3`
SHA256	`866400bfac8d1397e9272f1e6ff55229eb3b9a3529a7dfb0be9ae26bdaa7a821`
SHA3	`1d1648a777c1e97480b63df47515158e1d1ac5f67dc753507885e56aab9aa159`

21

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63503`
MD5	`145a72f3ff8b83a773cdbd358e8845f8`
SHA1	`3fb7eb537147183a489d41576814dbe68bca809d`
SHA256	`a70b63397fd9da173b9c27eb776a2a002e03e09491fb142176b84a26aef8d1eb`
SHA3	`6b59b8b0a77266a5c5ae261f2d9fc6ad7dfa6ea150d80185442c0983d069e383`

22

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40131`
MD5	`4b307c3b4ca13cff5d8bf5b9cf3348cd`
SHA1	`ea0131359edbef1d1b697ff710e82a8e38d90e5e`
SHA256	`97dec5a679be2020fd89db0df3ddc42b13feb70db1c72861347ad8457b0ca5ec`
SHA3	`ff91cb72f638716f76c14f8be0efbba28d37ce10f5ccad77a542c7691889af8f`

23

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x354a08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20399`
MD5	`5ed84b8de06fa66ff19a3337b0f77fc4`
SHA1	`d65fb3fbffaef44c5becd50d553529090b86c319`
SHA256	`eb221b22367537f3c76adc13deec174183733b732828dd444b58567439085c7d`
SHA3	`4e01be406082e62a138b21754305e6ee8a309de753ae96028061f162c6b0c427`

143

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82917`
MD5	`00df0c460fcb357bb12c4209e50f2b76`
SHA1	`c5b59beb16261de79ea0552012ffe724024ccacc`
SHA256	`b09c41c7a28431b34d71639d036c28f179829618a46cc4f7bcdd442a069b62f5`
SHA3	`0708535a15338d99f2c6652bda4886d98d03d55b2a6e0e0c42db988e20860e16`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36636`
MD5	`3842ceb0610f861badd68741f315fefb`
SHA1	`58fa1a140146c8447147de8da2b79209db3b8e0c`
SHA256	`8907757ca4ebb87a52754bbde4bbc2f45ebbef4161f2e0542bff167a0e77db40`
SHA3	`291964370093c94d7e36ecc1e68cd1e8edfb9df768eb2683cf6e4b277472ecc2`

1 (#3)

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.545897`
MD5	`e420226786af946de8ddccfb427fdbf3`
SHA1	`96e78a8646d3896b29660f30cfe532ca2abd3054`
SHA256	`9276d16b289adf6ba1f25eda1a813ce313ac9e35da6c85c7ddcc5effbd940524`
SHA3	`924ac449f346341ed89debf9f0fac19b083aaef6fa424cd12f25a26395b4310b`

1 (#4)

Type	`RT_STRING`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x18c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25751`
MD5	`3d38fe4b58adec32e3eddd0c22935296`
SHA1	`8dc99920abe4a8e7ca87b4076ef9f7af1d8554d6`
SHA256	`bfe18c7248cea428ada694c91cbdf74e27b3a2b7ac9df84fc2031221d3c8da28`
SHA3	`ca7481b613dc00bb3a12ff3014ac50c438c77922947c877e37fe9c4064881e27`

1 (#5)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67565`
MD5	`ae3b65004484114a917b3083caec89b9`
SHA1	`08ae1fee556cb1826f161364eef9be7f35d4a6df`
SHA256	`694e561f3acb8112ac8f229cf3d5ca714a87fa1d2f39653bc6651f7e1aab09ca`
SHA3	`10820e1b65597c9f72ec98d50085804e668a981b2cf6294c380316656174c223`

102

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Cursor file
MD5	`9517769cc556aaa56f46868028d2b6cb`
SHA1	`9331c2b67f11bd05dcb749ae38c0039b9b095feb`
SHA256	`1c17dcf9c496c3aa8a647ffeccfd45ae14014650fbb31e21e51e1a6a2a5a1975`
SHA3	`58c8019a3a3f41203147d89ba690e1ff1f7b291b7765da8933f400a66e912b8a`
Preview

104

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`c9b5527483906327ed558daa83abbc6c`
SHA1	`9a2531a3ad1dceee45d8582220a2c92394d86c21`
SHA256	`a9b61e539218e0c1d79434e6aa6a2fa0869cabce87a6358030a7c916746962e5`
SHA3	`be2e0683b000b2419123130ce4585401954930f6c5cbba1101b2cf6a8220b4be`
Preview

105

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
Detected Filetype	Cursor file
MD5	`1cc00ef6663c1712b1e6b115ffd7c56d`
SHA1	`8a59115911da418a161d174b222e57ab7145e9f9`
SHA256	`40f26942498dc26b8e8a2faf835cc372def4e95746564f362e2a89bce530b7e5`
SHA3	`f2bbfcab1a058e0a9d0a31303fb71b0a7cf763658fdde36e24afa1f2ee29b6dd`
Preview

106

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`b4090856debd42d38bb1b71cf3a1cb16`
SHA1	`883afe044a75a2cba22466b7863ea2e0651dc495`
SHA256	`49551d8ebafb42bafa4037ccbbc2df8f09742e9e27d1533c7a25e5f879e3ce29`
SHA3	`7b3597cf9590d482377c1549c2c190f5aec0bea6689da69a5ef79f1f5a065237`
Preview

107

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`358b1f1ad9a64b236fe59a0a42d46775`
SHA1	`56a546a4a636c18f9be7d352e251f51d6badf4b9`
SHA256	`19eb59bb5280fbc5b205993e9d1c4455442141879ad1436f76c594759a0ca28a`
SHA3	`a0f5492fe1d478da4a663a4c5b5c58b5f06e0ef5f26417a6e52ca0b284a175cb`
Preview

108

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`6baa43b6179dc6403946b8595838547e`
SHA1	`d9261543680456ee7938d7c0f98be27cc9a2956d`
SHA256	`e7fee7e272ea78849032212f604da7a2f54e5f7f39b3abb7948158e88422c8d8`
SHA3	`55ef0740705f0969f4b063570b145478a8ea4d74ab463614479af16fefee6fab`
Preview

109

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`6799e05fc293c7e4d71538eb645f0d31`
SHA1	`2e3d342e920ac9b6990d4198e1db720ec515e863`
SHA256	`d47650adad2e15cc954de6397de32203032a0208c6b225e4e07dd1966ca47dd3`
SHA3	`6dc0f6b8f39a6caf2483fbf24355c9a61307e6f9765e4b60e732ff54f782bac7`
Preview

110

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`45161e1940dba2c27e73bc3be818cb70`
SHA1	`19b057dd6e3039b8311b19ac53617b62059aea80`
SHA256	`473ab89b3563d1532907083089fcd19a9f6a003bacdda5a1cbbbb3713e51b770`
SHA3	`e806841e749b0bf9ac43c729efe02db486b011987081b4ca40a26fdd0a116d0f`
Preview

111

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`6e9b8fe541c216a17277cf7f33d8295f`
SHA1	`6d7d9908448089af33f3753df9c6d532ab610df3`
SHA256	`a43410f6e73877619746d9384f5a7c520c2f2571ac083216ceb46f64dec5afea`
SHA3	`d16ac25e350b75a6bde87e156cf4a10f59ec5ea9fa4ee5d640c45f3968199730`
Preview

139

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`3adbc9b0e6a91b823d917c83916c52c7`
SHA1	`5074fb81d7b31c7f2b6da15366f512943bbdc285`
SHA256	`4f5d280561059f90056baad84289086bd9df17896a66ae88a43cbe2cd8d0758f`
SHA3	`6b6743d6704d4f50525fa591d4752a58451d10569e61c831dde839bcda4f8957`
Preview

140

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`176eef70905805e53fd8aec1683b9260`
SHA1	`bdca564e4311b88f8e78b78145c04d51ec8eee19`
SHA256	`6defc603e6f95d187c6d2b4e3768cce2dfebcba99b63df5bcaeca9071ef9f2da`
SHA3	`29d1b850bbb62154fb39ab4c7d333978c61e98c887947f6ce5000b08f7be847c`
Preview

141

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`f00e802c6e0eb7c0c8dc07d78ad6a13f`
SHA1	`3d9dce5917d9f6aff65ddd73bc46ea4dd6e3cb1c`
SHA256	`edb1271bc926bb2bcffa1b4f69b19f6309bccf3bfb802415420d3a7cc7c005bd`
SHA3	`304b0490698328014fb88da6431bf18ae222eca5ee2339f02e4fac24c51a6d43`
Preview

142

Type	`RT_GROUP_CURSOR`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`a9c02c6b32a6da0f1a359027b26f0e78`
SHA1	`f0f0b713f49e4d9025b8a0e77fc19960d8a1a063`
SHA256	`cc1ae55319611b7a2ddba3fedaf956620f28367b72bc736068a8a4c591e6fdb8`
SHA3	`41978f73c3e19f360380b8cfd9fe09b2a428ffddf826bd49926fd9aeef904f8e`
Preview

100

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25753`
Detected Filetype	Icon file
MD5	`354e082f0dc51e2e1c43d7f87a0188e5`
SHA1	`611bf97a192d74096db09b93e73d1b01442c4ad3`
SHA256	`3280606c9f977ff74fe904ac9603cacc5db3fe5e1f817b4b0bd0d1b165a51ddf`
SHA3	`f4c2273cc2164d9ad6b6fa16be0471034bfb290d715f627c4313500134210227`

1 (#6)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x2d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.456`
MD5	`3c0e973783a21cbc499f179d6de54bce`
SHA1	`57d50048370122b543dcb031bfa60a8492cb36c7`
SHA256	`88bc3d711de82a4bbb0d48560cb0a5991ace4aedb3b7dde5a24d3f2b8064d600`
SHA3	`6bbc7ea340f53c14e5d38603170c1e8fdb699cb6e6bd948f05969885a50e1b37`

1 (#7)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

String Table contents

Ewmt2
's
IDS_WARN_BAD_DRIVER
IDS_WARN_NO_TNL
Cannot read %s file
File '%s' is not latest version. Please launch patcher.
Please run patcher.
's
메틴2
의
그래픽 드라이버를 업데이트 하시기 바랍니다.
사용하고 계신 시스템의 그래픽카드는 3D TnL 하드웨어 가속이 지원되지 않아
게임이 느리게 실행되거나 제대로 실행되지 않을수 있습니다.
%s 파일을 읽을 수 없습니다.
'%s' 파일은 최신버전이 아닙니다. 런처를 다시 실행해주세요.
클라이언트는 패처를 사용해서 실행되어야 합니다.
's
希望您能更新显卡驱动。
您的显卡不支持3D TnL 硬件加速
游戏将无法正常运行。

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.28249.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Ewmt2
FileDescription	Ewmt2 Launcher
FileVersion (#2)	1.0.28249.1
InternalName	Ewmt2
LegalCopyright	Copyright (C) 2015 @ Davian Thule && [DEV]EWC0d3r
OriginalFilename	Ewmt2.exe
ProductName	Ewmt2 S1
ProductVersion (#2)	3.0

Resource LangID	Korean - Korea

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x6ae730`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xc510b891`
Unmarked objects	`0`
48 (9044)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`60`
199 (41118)	`5`
ASM objects (VS2013 build 21005)	`75`
C++ objects (VS2013 build 21005)	`86`
C objects (VS2013 build 21005)	`263`
C objects (9178)	`6`
C++ objects (9178)	`76`
18 (8444)	`1`
Unmarked objects (#2)	`8`
Imports (9210)	`6`
C++ objects (VS2013 UPD5 build 40629)	`208`
C objects (VS2013 UPD5 build 40629)	`1`
C objects (VS2008 SP1 build 30729)	`54`
Imports (VS2008 SP1 build 30729)	`33`
Total imports	`524`
229 (VS2013 UPD5 build 40629)	`150`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES