62ae84c9c285a8b23a58bce23e6f5349

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages Korean - Korea
FileDescription RylClient
FileVersion 1, 5, 6, 0
InternalName RylClient
LegalCopyright Copyright (c) - 2007 Lorenzo
OriginalFilename Client.exe
ProductName Risk Your Life Client
ProductVersion 1, 5, 6, 0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • HARDWARE\DESCRIPTION\System
Accesses the WMI:
  • root\CIMV2
Miscellaneous malware strings:
  • cmd.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Section .text is both writable and executable.
Unusual section name found:
Unusual section name found:
Section .idata is both writable and executable.
Unusual section name found: .zero
Unusual section name found: .as_0002
Section .as_0002 is both writable and executable.
Unusual section name found: .zero
Unusual section name found: .as_0003
Section .as_0003 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Can access the registry:
  • RegQueryValueExA
  • RegCreateKeyExA
  • RegOpenKeyA
  • RegDeleteValueA
  • RegSetValueExA
  • RegOpenKeyExA
  • RegQueryInfoKeyA
  • RegEnumKeyA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
  • ShellExecuteA
Uses Microsoft's cryptographic API:
  • CryptGetHashParam
  • CryptDeriveKey
  • CryptDecrypt
  • CryptImportKey
  • CryptCreateHash
  • CryptHashData
  • CryptVerifySignatureA
  • CryptDestroyHash
  • CryptDestroyKey
  • CryptAcquireContextA
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Leverages the raw socket API to access the Internet:
  • WSACreateEvent
  • ntohs
  • WSASendTo
  • WSARecvFrom
  • setsockopt
  • bind
  • WSARecv
  • WSASocketA
  • WSAEventSelect
  • connect
  • WSACloseEvent
  • closesocket
  • shutdown
  • gethostbyname
  • gethostname
  • getsockname
  • send
  • WSASend
  • WSAGetLastError
  • WSAEnumNetworkEvents
  • WSACleanup
  • WSAStartup
  • htons
  • inet_addr
  • htonl
  • inet_ntoa
Enumerates local disk drives:
  • GetVolumeInformationA
  • GetDriveTypeA
Can take screenshots:
  • CreateCompatibleDC
  • FindWindowA
  • GetDC
Reads the contents of the clipboard:
  • GetClipboardData
Suspicious The file contains overlay data. 4 bytes of data starting at offset 0x360a00.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 62ae84c9c285a8b23a58bce23e6f5349
SHA1 29c2037fcd432454215b00c02c8dd886d49c3ec1
SHA256 8b7c98721a5bbca302ed4b9fe7e47616d5fdb950510cf9f076306baa70b4bad9
SHA3 4d3abe4e939838f7197c92543f1d345a917bea7f5ff4f5535456a9d64c0e61ee
SSDeep 98304:B+eJ8Dyf9tMpz57ntNFwlKYQxX2KP/2Zas:BNf9sntNFwlKYQhlfs
Imports Hash c6c234dda578c2410a42d841073c7723

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 10
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x2cf000
SizeOfInitializedData 0xe17000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x01834CED (Section: .as_0003)
BaseOfCode 0x1000
BaseOfData 0x2d0000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x183c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8428f18d64606e17a045ceea040440cf
SHA1 329fad5a861956829679d134d469fb91f3d5b284
SHA256 2ef162afa2a9de7811cc565194f49f1c3a6f1836943c9dceef94f279af460033
SHA3 cd7231a1d42cb5ad75b9f536d2890c54a63152b7fad019a10b18d4ac9e51bbd4
VirtualSize 0x2cf000
VirtualAddress 0x1000
SizeOfRawData 0x2cea00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.64176

.data

MD5 4664f696c805c48c48e346a210407001
SHA1 921777491a612d6261e16ecd623fea50eb600479
SHA256 4cdd9454c8d3317ddb34a4ae6ac8ebc6af1343e7e24e74499dadca62f01cc995
SHA3 2d01cc5a9e3749f131a2f8a6dafaaed5810fad39809d13fd0445c6ed783809eb
VirtualSize 0x44000
VirtualAddress 0x2d0000
SizeOfRawData 0x43e00
PointerToRawData 0x2cee00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.4381

MD5 60732acee351f13eeb282d06892818e9
SHA1 937d27151aa493c75de9d270f33bbd0456169f06
SHA256 f2cb62e2cb3530b2e1598d1f0544f45912220cb85b7b794bdc6671d13c36050f
SHA3 211e7b41af2f759a9800871d02fd7dd658003549274a4de32640546d956120ed
VirtualSize 0xdcd000
VirtualAddress 0x314000
SizeOfRawData 0x1de00
PointerToRawData 0x312c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.89418

(#2)

MD5 3385b801c9e1463bf44bdfbe7db17fdf
SHA1 bf646f2d7ce63483cce462d65a447b461afb7673
SHA256 9a1e1a6e69fd980ae9724ec0236a97ae21a2c751d40f5a12c040cc608c7ae163
SHA3 7c24e3c0db361346cbd82a54ca15064c9ebf96e220491fc336411db0e63625c4
VirtualSize 0x1000
VirtualAddress 0x10e1000
SizeOfRawData 0xa00
PointerToRawData 0x330a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.61952

.rsrc

MD5 31c904d80643d06ba67dc51ff98223a5
SHA1 4792eefafd6ce0ce7e860a3c849bc20e9ca702a2
SHA256 123dcb57709504709441bb1d81fcd88ef52f6ca24dc74af6733646b6a081229f
SHA3 b5e77e2b6b3ec1b33d39a4520b4b2a85231ef6f042d40b73d5f736c7332be3b8
VirtualSize 0x4c34
VirtualAddress 0x10e2000
SizeOfRawData 0x4e00
PointerToRawData 0x331400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10526

.idata

MD5 c4662e2094347709594087466ad3692a
SHA1 70fa804915eabe200cba9d8e76b0cff815a7d115
SHA256 04b2ec638a7166ae03bd239e60bcef06686fe4902abb373392fd0ac77ed48ca7
SHA3 aaf4770eb64e701d8f563738e597ce2b58700daad4c569be36d6cffe9e97a3b7
VirtualSize 0x2000
VirtualAddress 0x10e7000
SizeOfRawData 0x1e00
PointerToRawData 0x336200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.17238

.zero

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5d7000
VirtualAddress 0x10e9000
SizeOfRawData 0
PointerToRawData 0x338000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics (EMPTY)

.as_0002

MD5 e76bd0dc222492c492e368ff22284ebc
SHA1 3f1b6ddc9a72f01e2752c35e3dc427d3998485ef
SHA256 b34f2b5acd4535fc5b8fc4e7891d28d317b05f60afc70af73bc462ad9c9d8774
SHA3 8063169d1d00a876d24cdcd5fb96a47d58b4e6784afccd510b09a0580d335475
VirtualSize 0x1e000
VirtualAddress 0x16c0000
SizeOfRawData 0x1ca00
PointerToRawData 0x338000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.15837

.zero (#2)

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x152000
VirtualAddress 0x16de000
SizeOfRawData 0
PointerToRawData 0x354a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics (EMPTY)

.as_0003

MD5 b900d5ff6a36a265c85eff84eb556554
SHA1 80616561b8fef4caf48a8e77bd577274a005d492
SHA256 242489c959e7755d4ce062f741b7636f9041fc299baabcd87c89395e68fca362
SHA3 7ba26f4d20204e44b9afb798343a4724c884d953df9544c2a32f12bd12fc7de2
VirtualSize 0xc000
VirtualAddress 0x1830000
SizeOfRawData 0xc000
PointerToRawData 0x354a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.83953

Imports

advapi32.dll CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
dsound.dll DirectSoundEnumerateA
DirectSoundCreate8
gdi32.dll SetMapMode
ExtTextOutA
GetTextExtentPoint32A
SetDIBitsToDevice
GetObjectA
CreateFontA
GetStockObject
GetDeviceCaps
CreateICA
DeleteObject
CreateFontIndirectA
DeleteDC
SelectObject
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
SetTextAlign
imm32.dll ImmSetCompositionWindow
ImmGetStatusWindowPos
ImmSetStatusWindowPos
ImmSetConversionStatus
ImmSetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionStringA
ImmGetCandidateListA
ImmGetCandidateWindow
ImmSetCandidateWindow
ImmGetCompositionStringA
ImmGetCompositionWindow
kernel32.dll LocalFree
GetCurrentThread
GetCurrentProcess
SetFilePointer
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineA
lstrlenW
CreateDirectoryA
GetUserDefaultLangID
FindNextFileA
FreeConsole
SetConsoleTitleA
AllocConsole
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
HeapFree
GetProcessHeap
LockResource
LoadResource
SizeofResource
FindResourceA
IsProcessorFeaturePresent
WriteFile
IsBadStringPtrA
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
CompareStringW
VirtualQuery
DebugBreak
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
GetOEMCP
HeapSize
GetFileType
SetHandleCount
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
MoveFileA
ExitThread
GetFileAttributesA
TerminateProcess
GetStartupInfoA
GetModuleHandleA
FormatMessageA
SetUnhandledExceptionFilter
CreateFileA
GetFileSize
ReadFile
CloseHandle
OutputDebugStringA
GlobalFree
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
HeapReAlloc
GetVolumeInformationA
SetEvent
SetEndOfFile
ResumeThread
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntA
GetPrivateProfileStringA
MulDiv
ReleaseSemaphore
CreateSemaphoreA
lstrcpyA
FlushFileBuffers
PeekNamedPipe
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
HeapAlloc
DeleteFileA
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatus
lstrcmpiA
VirtualProtect
VirtualFree
VirtualAlloc
GetSystemDirectoryA
IsBadReadPtr
ExitProcess
ReleaseMutex
CreateMutexA
TerminateThread
Sleep
GetSystemInfo
CompareStringA
CreateThread
OpenMutexA
lstrcatA
OpenEventA
WaitForSingleObject
CreateEventA
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
ResetEvent
InterlockedCompareExchange
oleaut32.dll SysAllocStringLen
SysFreeString
VariantInit
shell32.dll ShellExecuteA
shlwapi.dll PathFindExtensionA
PathFileExistsA
user32.dll GetMessageA
PeekMessageA
FindWindowA
TranslateMessage
SetCursorPos
DrawTextA
DrawTextW
DispatchMessageA
LoadCursorA
RegisterClassA
SetTimer
wsprintfA
PostMessageA
GetKeyState
GetCursorPos
GetWindowRect
GetClientRect
SetRect
CharNextA
CharPrevA
SendMessageA
ReleaseDC
GetDC
GetKeyboardLayout
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetAsyncKeyState
GetFocus
GetSysColor
IntersectRect
MessageBoxA
SetWindowTextA
SetFocus
CallWindowProcA
SetWindowLongA
CreateWindowExA
DestroyWindow
ShowCursor
ChangeDisplaySettingsA
EnumDisplaySettingsA
PostQuitMessage
DefWindowProcA
SetCursor
winmm.dll timeGetTime
waveOutGetDevCapsA
waveOutGetNumDevs
mmioAscend
mmioRead
mmioDescend
mmioOpenA
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance
mmioWrite
mmioClose
ws2_32.dll WSACreateEvent
ntohs
WSASendTo
WSARecvFrom
setsockopt
bind
WSARecv
WSASocketA
WSAEventSelect
connect
WSACloseEvent
closesocket
shutdown
gethostbyname
gethostname
getsockname
send
WSASend
WSAGetLastError
WSAEnumNetworkEvents
WSACleanup
WSAStartup
htons
inet_addr
htonl
inet_ntoa
d3d8.dll Direct3DCreate8
dbghelp.dll SymGetModuleInfo
SymSetOptions
SymInitialize
SymGetSymFromAddr
SymFromAddr
SymGetLineFromAddr
StackWalk
SymFunctionTableAccess
SymCleanup
SymSetContext
SymEnumSymbols
SymGetModuleBase
SymGetTypeInfo
ijl15.dll ijlInit
ijlWrite
ijlFree
ole32.dll CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

Delayed Imports

1

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.34447
MD5 add05bf3de5ff5522d5ef9aed6e5581c
SHA1 318eb482b12ee2822ca71ed4bfc147d41683a30a
SHA256 5a0b744571ba05d0486c8255308f489615ae8c9a1a035b1e7c85db4d09eeb4d4
SHA3 d79a1be3a7aca7bdb6dc44aac99ffe7ec393fd174750d92143d7ab33a8959166

2

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.10691
MD5 eb7d110ffe6d49b4849f6f4a686f9c6e
SHA1 47a69332d9daf14f0bebed2bda0e5596544184c2
SHA256 e0c2f252a7af04340005652326cc01e2bb99cc9036a10d83121d098e23b467f3
SHA3 c5a0b03525d9c1236926c13035a2a1b93014e60bd46ba5c975309bf696d269e0

3

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.06693
MD5 767bdd2f218399f8194f3edfba711705
SHA1 9c229915bda91b7103ba6d6dbff78c4dd3d44007
SHA256 efc9d3ad09bd19a3018267e714641127f1091c188aeb261684b7c5d41bbe47b4
SHA3 53c3e64b6e9e4951966a5e486197b3e71764994cfded13f4db6dd0eb95103397

4

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65739
MD5 145d3dc6c60fdb3836ff62b240303e9c
SHA1 3dbf17e848b01ed4c6bf456770cf270aea417a9a
SHA256 4311256ffe69b510b0f6f35e2ee7de51de215eecb7a55b31b3f77f33f3ef64eb
SHA3 6f825598c67bbb9d0e4f130d538f52429a8b0232820dd8ca616ec4a44d817032

5

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.37891
MD5 4efc9f7dd2746720c121604876b94840
SHA1 f940940db64c1eef271f32aaa5e71f76174aa712
SHA256 fa6f5e1a91c3a4c699dc713832551d4e2f200f53bb96d7ff9b8312f6018add13
SHA3 e201875548f9bbddde0a4fa1ecc3283413a615111a87f96caf1593690b96dfb0

6

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.81047
MD5 d3c5134acda04683d9ccdeb81c5358e0
SHA1 e95c1d96e9349bfac9167c8d82af5c8d74a17da4
SHA256 1d8636e9cf3bce68cb233a6c4b1459c875adc1d40412309b677c3e7d5196c186
SHA3 7e027b0e8d933e17dddc9e8e1e58b52fd9e4dd118de240c70fe29b3d29b022a5

7

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00186
MD5 149e6b0e17a16928b8d830088e2f8674
SHA1 7de7e4018ab2e329de54a04809f470ad1c498365
SHA256 bf5439b48ed6cad6599614a12f4c810fdcfb5d772246c664d48bb1bd54f26b5b
SHA3 8d15c2e107a8a300ccf0d6172feaf4d7d68d15558a6f29fddc8e6f47fd6f05dd

8

Type RT_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x8ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.09777
MD5 16ba749a3f5ea3ae71ed9b5270b97396
SHA1 99da7f99816e6b2b793e4c5a1b37778f8544564e
SHA256 3b16cd09e7b3ae303c263821abcd445994a221a6ab0b1ea1224ffad7f001e403
SHA3 4119110aa9607b484edbe580aeb9748d1a282f8cf43d39641d4d01f409dc95b5

104

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Cursor file
MD5 9517769cc556aaa56f46868028d2b6cb
SHA1 9331c2b67f11bd05dcb749ae38c0039b9b095feb
SHA256 1c17dcf9c496c3aa8a647ffeccfd45ae14014650fbb31e21e51e1a6a2a5a1975
SHA3 58c8019a3a3f41203147d89ba690e1ff1f7b291b7765da8933f400a66e912b8a
Preview

105

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.11924
Detected Filetype Cursor file
MD5 1cc00ef6663c1712b1e6b115ffd7c56d
SHA1 8a59115911da418a161d174b222e57ab7145e9f9
SHA256 40f26942498dc26b8e8a2faf835cc372def4e95746564f362e2a89bce530b7e5
SHA3 f2bbfcab1a058e0a9d0a31303fb71b0a7cf763658fdde36e24afa1f2ee29b6dd
Preview

106

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 b4090856debd42d38bb1b71cf3a1cb16
SHA1 883afe044a75a2cba22466b7863ea2e0651dc495
SHA256 49551d8ebafb42bafa4037ccbbc2df8f09742e9e27d1533c7a25e5f879e3ce29
SHA3 7b3597cf9590d482377c1549c2c190f5aec0bea6689da69a5ef79f1f5a065237
Preview

107

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 358b1f1ad9a64b236fe59a0a42d46775
SHA1 56a546a4a636c18f9be7d352e251f51d6badf4b9
SHA256 19eb59bb5280fbc5b205993e9d1c4455442141879ad1436f76c594759a0ca28a
SHA3 a0f5492fe1d478da4a663a4c5b5c58b5f06e0ef5f26417a6e52ca0b284a175cb
Preview

108

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 6baa43b6179dc6403946b8595838547e
SHA1 d9261543680456ee7938d7c0f98be27cc9a2956d
SHA256 e7fee7e272ea78849032212f604da7a2f54e5f7f39b3abb7948158e88422c8d8
SHA3 55ef0740705f0969f4b063570b145478a8ea4d74ab463614479af16fefee6fab
Preview

109

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 6799e05fc293c7e4d71538eb645f0d31
SHA1 2e3d342e920ac9b6990d4198e1db720ec515e863
SHA256 d47650adad2e15cc954de6397de32203032a0208c6b225e4e07dd1966ca47dd3
SHA3 6dc0f6b8f39a6caf2483fbf24355c9a61307e6f9765e4b60e732ff54f782bac7
Preview

110

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 c9b5527483906327ed558daa83abbc6c
SHA1 9a2531a3ad1dceee45d8582220a2c92394d86c21
SHA256 a9b61e539218e0c1d79434e6aa6a2fa0869cabce87a6358030a7c916746962e5
SHA3 be2e0683b000b2419123130ce4585401954930f6c5cbba1101b2cf6a8220b4be
Preview

111

Type RT_GROUP_CURSOR
Language Korean - Korea
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Cursor file
MD5 1b53ac7130273816def57c5b32b72e58
SHA1 c268e7d122f12c37aeb8bcceb7012a13f45cbc89
SHA256 852fd3d0a632a290b96fb85e8fa39f97b7caf5d3317bca69ed47f1f15dbbd3a8
SHA3 43c470d9d612b7a55d446dc1ebd061f87dd72d4fa34db02e6ac78535d9f31234
Preview

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31788
MD5 6dafe198be2bce9056bc2d1ec4b0abe2
SHA1 6742967429d64b284954929dda3c1184fe152d55
SHA256 a3800cabe06f7b7caf6dcbe64a5ec79d67cc5cc421c2e6458b46fec09d38d969
SHA3 b8d54c188c65bedf0ab269212cf8d2f6640b994b41efe6c875c962f02a3c623e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.5.6.0
ProductVersion 1.5.6.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileDescription RylClient
FileVersion (#2) 1, 5, 6, 0
InternalName RylClient
LegalCopyright Copyright (c) - 2007 Lorenzo
OriginalFilename Client.exe
ProductName Risk Your Life Client
ProductVersion (#2) 1, 5, 6, 0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number. [*] Warning: Section .zero has a size of 0! [*] Warning: Section .zero has a size of 0!
<-- -->