753e48fb9827d1a3815c9a47db2d6bda

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2011-Oct-21 07:20:36
Detected languages Korean - Korea
CompanyName Gamepot
FileDescription Paperman Client
FileVersion 0, 0, 0, 0
InternalName Paperman
LegalCopyright Copyright (c) 2008 Gamepot and Voidpointer Development Studio all right reserved.
LegalTrademarks 1
OriginalFilename PaperMan.exe
ProductName Paperman Client
ProductVersion 0, 0, 0, 0

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The file headers were tampered with. The PE only has 4 import(s).
The RICH header checksum is invalid.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 753e48fb9827d1a3815c9a47db2d6bda
SHA1 2dae7c44a1e843071f55cf01b737f1286dd3c562
SHA256 56ef315d55c83dea15bdb5495f01030199307504b6c54d590354960541d0ac4f
SHA3 59df36ec2d6cec85d63165614f8eee7569def185972373046159cf44c8e6d02a
SSDeep 98304:ewKcomWDF9a1Aj0k88SAWFFPUcaUL+saWqz3I7Hmql:ervF9XfNWnP+zWmsGql
Imports Hash 12143bd7ba952bb92af04f1f676471ef

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x138

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2011-Oct-21 07:20:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x481000
SizeOfInitializedData 0x160a000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000124C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x482000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1ae1000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dd75410d511d611c4c87bd1ac1bdcdf8
SHA1 629bba2383e4d30d2b1b35d2242b4f365c591a0d
SHA256 12c09b19cd2ef9aac205bd61a92b972150bc8849ac253e238c8aeacd096526ae
SHA3 54b01ef4a0d053c1728b126144717745452237e1cfc3f1bd8c48afd5eafa2f98
VirtualSize 0x481000
VirtualAddress 0x1000
SizeOfRawData 0x2be200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99993

.rdata

MD5 cdf56cd9144e076f25ad06c1ad98f211
SHA1 cc61a2544e36cf18d85db8e22b0207ccef33d0a7
SHA256 bb85f4318e94fe9b48d37a1467fc52039ac76d75aec98fb31016e07d3ce224c1
SHA3 aafea2dd56c50b72e62fe352ebb9af48ec60502e30029ec8c9b844f0d22fd13d
VirtualSize 0x9f000
VirtualAddress 0x482000
SizeOfRawData 0x42800
PointerToRawData 0x2bf200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99932

.data

MD5 94554b0e769b62c2e4f7bca9446c901f
SHA1 8831a3f43cab3db81d3df7829767fa24dc945ece
SHA256 3912f853d60c43c0127de7796c1c7b7e368e6ae07455bf249ea32ccb1a2db60e
SHA3 b07362ea68a6a72821f1b7d78ea7f98158c0cda00e87ff3f6fa24f3c3f67a370
VirtualSize 0x154c000
VirtualAddress 0x521000
SizeOfRawData 0x2a9800
PointerToRawData 0x301a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99999

.rsrc

MD5 c574ef3c0f5ac94598816b72f177acbe
SHA1 85feb0201a006afb27b46acbf1b436f421c18322
SHA256 236012edae61b5f8a8cdaa9aa101249159c9d12d99b941092a749c54761488a4
SHA3 7949030b121fa6ea3bc2978488d2adf3cbbe496906d2bbc4d7426cbd0ebd27db
VirtualSize 0x74000
VirtualAddress 0x1a6d000
SizeOfRawData 0x56a00
PointerToRawData 0x5ab200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.00757

Imports

KeRnEl32.dLl LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualProtect

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.62952
MD5 9523b1f0c1b06ead01882ce934164d2a
SHA1 96d5a93c8187c71c2fed523419ee8cd8464914dc
SHA256 df26fa4fafb044fd6835cbca8dd2b634366f0c5edbe1f9e4d8da3c88d7879f06
SHA3 4606fb62fca8971ae93e20301280f7092441cb291a99470cc82827a32697e74b

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x748
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.63299
MD5 d4f35a0f7ccf6b7126e3f766fdffa8c4
SHA1 aa4b22bb2496f7363033006e4096234e4a8001b2
SHA256 4f5148f51d2ef4fa3672d00f7640fec0baec9fbedc13c064302a7ffccfa277e5
SHA3 f26f5fb4bbf584990cceae67b56b306bb7209e3168b788ac7332eec7401ba03e

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.56441
MD5 e25e1f6b17ff748b313d38023e0ab1c4
SHA1 e646c36d823a362cbb3bb81af7885fe761473f92
SHA256 9016f40b66580929097a3990db801067fc2e36d82a58bd1243287b17aa39f335
SHA3 093ad47393237c8742dd621c5c47f9c3d9ee09088294d559e3cc9d98e104f5a5

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.79893
MD5 0d4c8ad7dd97c9b91a388ca88ff736b7
SHA1 f4c6c1386eafd677e9bcf7a7aeccac2630a0a565
SHA256 8eaeccd8bfe7f39cd6463dffbe088519d93c97761172765affe744dbc7d5da2e
SHA3 341e070879e70e31557f19e430d58e8465794fd4d6b5886e7525093c8ccaad05

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.37842
MD5 6eb85a613025e6f54ab05bf8cd287428
SHA1 b410310def82f3705507419eb7ef5377593af264
SHA256 e572ddc4a68c26d39ca73f60db6d47c7bc251613baab492792ceb496033817d9
SHA3 e6585d9d7abf083c48c26c6aa9f55665f547b1e51f8382b6a22150b54c38f9cb

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4048
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.07327
MD5 8800a1fac9943cdcd9c9106c73f0816f
SHA1 7097e63ee0aba047ce130d82e00a9cd62326afa6
SHA256 3023f3967870391daea5d1ce8e836db23b3797aaae0371be47fed5eb4a98333d
SHA3 7149761a9470755e03e4c90bd722cbcd17d0b248a3cebef0c5a3963bbb0112cb

7

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x70a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.78036
MD5 48d0140ed2d190a926a3fc2ff47ce8eb
SHA1 7089efdf21e374160b138f63faa749f28a9e3dba
SHA256 ae8cd009ba5009f3e54af9688580744d162875224a2eb3cbc47f8d4f15f04a13
SHA3 1b1efec812aa5e285bde507089a956397e181a9aa7a16fe27f04aebf8946959f

8

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xc828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.07513
MD5 f3a93cd6a2a33575f3da32c479d9c89e
SHA1 b773bd62be85baf736689aef51878cb4404ddddd
SHA256 2860b2956aab13c81a3cbae169ab37d86775cb8298ae0936fde36b456cddae53
SHA3 275fe3e0ac0ef3f43381832c932c12aa131e23ef28d9e707a306dcfe9d37aa61

101

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01517
Detected Filetype Icon file
MD5 b674fe8b6a20704d2dfebdcb105feee7
SHA1 d2ed73472d7eea41f80d780920c8c03ba2ae014f
SHA256 d1c58e5ee944d4d80564267ca1de871dd04329d5365464e01d599a7c57d2d61e
SHA3 95647521698b1fea42489de5b207423ee5e68c0a2c46842b1e31aeb447fa8ed5

1 (#2)

Type RT_VERSION
Language Korean - Korea
Codepage UNKNOWN
Size 0x374
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29172
MD5 d470e2564dae303d281cd52d4baff17f
SHA1 1b363b6e26346d242658cbb631ff9e2a8e5657f6
SHA256 d77ee453046922197291a5142a84cf43f6c137698b2356703a5c31d27ab879f9
SHA3 a500542f28284018603c164eafbd125dfc01100bac1c8add39ea580175d77599

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x219
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.92342
MD5 e18f7aa5fc120cd0efea2159f882da81
SHA1 34419390e7f39393f53365f48cbe9b40b5aafb1b
SHA256 19847717a4acf4a267993c9a07d518a09ba3504366a3248c51a443c4aef7d300
SHA3 e9238d1ae4b0fdd741530565e0a89130d39182fcc43760c36c0534ededb788ea

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Gamepot
FileDescription Paperman Client
FileVersion (#2) 0, 0, 0, 0
InternalName Paperman
LegalCopyright Copyright (c) 2008 Gamepot and Voidpointer Development Studio all right reserved.
LegalTrademarks 1
OriginalFilename PaperMan.exe
ProductName Paperman Client
ProductVersion (#2) 0, 0, 0, 0
Resource LangID Korean - Korea

UNKNOWN

Characteristics 2533862145
TimeDateStamp 2088-Nov-17 06:46:31
Version 35999.58742
SizeofData 147416823
AddressOfRawData 0xd8ef9a27
PointerToRawData 0xa79ef559

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xee428b8b
Unmarked objects 0
Imports (VS2012 build 50727 / VS2005 build 50727) 2
126 (50327) 8
ASM objects (VS2012 build 50727 / VS2005 build 50727) 57
C objects (VS2012 build 50727 / VS2005 build 50727) 239
114 (VS2012 build 50727 / VS2005 build 50727) 4
C++ objects (VS98 SP6 build 8804) 13
Imports (VS2003 (.NET) build 3077) 2
105 (2067) 94
C++ objects (VS2003 (.NET) build 3077) 1
C objects (VS2003 (.NET) build 3077) 10
C objects (VS2003 (.NET) build 4035) 101
Imports (VS2003 (.NET) build 4035) 38
Imports (VS2008 build 21022) 3
Total imports 435
C++ objects (VS2012 build 50727 / VS2005 build 50727) 573
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors