Manalyze report for 82bbcf1082c9c7ca5a1a81d1f301972171eb9908d5bcddab0a2b575b57ad9884

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Nov-26 06:23:42
Detected languages	English - United States Korean - Korea
CompanyName	NEXTORIC
FileDescription	GameClient
FileVersion	`1, 0, 0, 1842`
InternalName	GameClient 201507281618
LegalCopyright	Copyright (C) NEXTORIC
LegalTrademarks	ProjectMV
OriginalFilename	GameClient
ProductName	ProjectMV
ProductVersion	`1, 0, 0, 0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qEMU`
Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: fshejews` `Section fshejews is both writable and executable.` `Unusual section name found: bsvurumk` `Section bsvurumk is both writable and executable.` `The PE only has 2 import(s).`
Info	The PE is digitally signed.	`Signer: NEXON Korea Corporation.` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Suspicious	VirusTotal score: 1/68 (Scanned on 2026-03-20 09:13:47)	`Bkav: W32.AIDetectMalware`

Hashes

MD5	`c79708d03c0d1967c659ed4538711368`
SHA1	`df9ad5036795fc887d593aa601be28a6de94b9d6`
SHA256	`82bbcf1082c9c7ca5a1a81d1f301972171eb9908d5bcddab0a2b575b57ad9884`
SHA3	`83e83177ff6345b9b880deaaad9ae444e263e37304aaa76741a209d5e2c55c06`
SSDeep	`98304:g2aO93r94Et9EedF4DveL0lK5ngoQxo27WVKmrvQ5tOeIiDTHBcRGSuY:g2aO93Bt3pkDjEnbx2v2Q5nn2Rr`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2015-Nov-26 06:23:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x8f2c00`
SizeOfInitializedData	`0x195600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00CAD000 (Section: bsvurumk)`
BaseOfCode	`0x1000`
BaseOfData	`0x8f4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xcae000`
SizeOfHeaders	`0x400`
Checksum	`0x4f6483`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`8cd506345a051b547ba4ca7fc199757d`
SHA1	`45f884623adcd5c216e1cfd3f1b9c466ba8bd5f1`
SHA256	`9dad661fabc5f14c400fbf3fe567d5db6212937d2a12ae60bfeba7c3a3e57a9c`
SHA3	`9526a2091a7f8a60b55ac9482f2b1fd46f0306b4fa65c22d049b7d6af5139435`
VirtualSize	`0xa9b000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3f4800`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98713`

.rsrc

MD5	`843572d1d7a0dc464f97348595cf2c6c`
SHA1	`21a8588f090b106e2971b335eb7865eb70b7d2dd`
SHA256	`df3debb38e27c67666628cfaf0728772439b3614b8bb7a88cd595bd42e8804c6`
SHA3	`7ea9f0a0b146cf906d54176f1cfcf0e51772a8de60b8d92593e464f5da24700d`
VirtualSize	`0x47fc`
VirtualAddress	`0xa9c000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x3f5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.73287`

.idata

MD5	`bacd1ab171c3effb944b98ca67752724`
SHA1	`0ab1a8068de69ba30f41f908975359c4449cedcc`
SHA256	`d713cd9d89a05ff425432aa704a0314b28cba19fa39ea02cc135107bf04f558c`
SHA3	`32e2ea21e82cd55130bbcd256ee836cb5a4bebd29fddf14d27f40deeabad6cd9`
VirtualSize	`0x1000`
VirtualAddress	`0xaa1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3fa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.2888`

MD5	`8852061e3d17179c3c1dfcb42d47af7d`
SHA1	`b7c5e6056aeb3efb2033e4e16fb8c2757adcbb2d`
SHA256	`6b2896262b9d59021c894ae3c5b7ba6a1de3078ad90fbd1b7919986bf2c8392a`
SHA3	`2905eff1abc56b4cd83311b5af288e19aa77e98eacb924bc59b9dd9cf9aea66c`
VirtualSize	`0x120000`
VirtualAddress	`0xaa2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3fa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.260771`

fshejews

MD5	`d3a0982465d39c5548231e1019653d94`
SHA1	`e372fe2f776debdaffa2373ee5d4d60f793ce801`
SHA256	`1d6ecba9bc0f0846d29d5f30eb71bb617a149c1a948c9b992a66f6d7a7c4eb97`
SHA3	`cdde899a9ccebc5c355442c3613aff8723c30e9193503360f5ca40658637700d`
VirtualSize	`0xeb000`
VirtualAddress	`0xbc2000`
SizeOfRawData	`0xeac00`
PointerToRawData	`0x3fa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.91779`

bsvurumk

MD5	`506f9447d3dc8d6956cf4436e0244c9e`
SHA1	`53f0a5dfded7a48c78513547ef25dbaad0ae3803`
SHA256	`fb84f8788e27f62b5fa5fbc77a384b051cef3831f3b4fad7d0c166fbd81589e8`
SHA3	`ffa75f03acce4097f7aa772fc1f1037752c8a77d57b0a44a7f9eb7e3dcd85091`
VirtualSize	`0x1000`
VirtualAddress	`0xcad000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4e5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.308`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90368`
MD5	`9ca56e6bbb0b529c2ca4f3381d9ad12b`
SHA1	`c6e074686f1594d585c6ee5e36e4c92128e5d5da`
SHA256	`70a0eb28ea9329ec32f37762a976dcbf042a190fea7ad27d8f49aaeb1166f023`
SHA3	`6cf3e8aef5d34f24f35345a1b82c8dd3c83a4cffe22b5a585e04787a1ae2dced`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39984`
MD5	`0f347341ab43c385422c64a0023ea8a4`
SHA1	`f6211bbc1d7ea4ec4a21e5f3020c013e6426f6cc`
SHA256	`7a5e871474d5785e2225d47b2c05cc7224fbd099ea53658030eeaea79a8b6b30`
SHA3	`350cbedef020a784ca59bf75ece8bd505c39579bb7b227afcfdae6364ba14513`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91638`
MD5	`5434002c043fcf323fdc45dcbcfc47a1`
SHA1	`d3acd31fff3eb1458f0030e4171148a3af3f32c7`
SHA256	`f8361069b13728a6d7d87c7236c384db5a698d51328e5f96bbc8dfa8b5237a3b`
SHA3	`0d9347ecb258cb316268f812a187db92a57fed35df41958b7487060b8dddc7be`

104

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94577`
MD5	`82dc19b454d109d2c4e9d53ceef079df`
SHA1	`f492f58bc56362e928dd75de9c2fd63089210f74`
SHA256	`0c0a1f43055ffdd34c1cf84c9cfe063ca157bdc20f9b056cee9bddf2e1511cf1`
SHA3	`585a2b3a3ab2b46b5feda3a812d56fca75740757cf0c7d5da49bdbff382caa25`

105

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x24c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15958`
MD5	`d5e24970f545872e7083145b8b0392f0`
SHA1	`729a26e08e243e15733cb0a7ea3c48124d8c4372`
SHA256	`ddc0ae248403b67de47e3cc38948c43a09486b2441dc15c92fe3ed3aa3a60c27`
SHA3	`e5835e8c9beef21baed63525f35f245865d5d6504157be5f20dd25cfa5740c97`

106

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84902`
MD5	`7b914b5f7261e1beb49a49fd4938f4cb`
SHA1	`a39310733849a1ed2b95f7156d4cf76906d37e94`
SHA256	`2670534b09179ae777a4b92a0f0934b0017c66f5fc68ac4cc477c3d1cdf13d54`
SHA3	`3fd58282895a3a54d913e62d20016b4b6727cc9f8567c33338f153c879ae00c4`

107

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63274`
MD5	`c182a7095fbc5ef89236467a19a13801`
SHA1	`fb1ecb2c192725dd21f2e349f347f59471df993a`
SHA256	`9f51b9c378115bfef84cc04060b5841f7a1742cad42bff9da7c60b572de160da`
SHA3	`cc01771be10a0633b40ceee4a36c2f5f94fbc4ee31b279cdfe77d61b6731b547`

108

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74357`
MD5	`c0e93f4c3e9b24cac02a8a080c26e7f3`
SHA1	`589047e30b965ee37e4db45c71c4a18bffcd2643`
SHA256	`4d5a8c3409ab35102fbaa916fe564e65c079c742ea0077f9cff4298bad34c1a6`
SHA3	`8cad0ca46574f94b3b6a670b21d9f8ff9c0b74097f9960f9e15efe3c421a1246`

109

Type	`RT_DIALOG`
Language	Korean - Korea
Codepage	Latin 1 / Western European
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70527`
MD5	`0aacc66d0a7b6c59453f349c68911207`
SHA1	`e7f189c5d667f3d8b5cf02532aedebea28ab1ee8`
SHA256	`9ac387dd1fcdcfe593330cdfd510cd2c854e33d2a061687ffdff5005b3d4e9af`
SHA3	`a6d312ba0b96f2d6b63d4a2300bf21a7fd67b9966cbdec1c7399220ade03e219`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37111`
MD5	`8a227e95b8d922b4173b2de37c84bd01`
SHA1	`156841477e353578be4de49753370eb0b6167b9b`
SHA256	`c34b47cdeef7f6ad5951203bbbd06dfc4cf9bf953c5439f67cfdabaab7ac3e9c`
SHA3	`e85cd2cc11f8ab3a260e6a867ed62a389a5aa2c4aa0dec6e7cdcb9e0912e65d3`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x165`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77792`
MD5	`b9b507d6297b2d514477db4ae0d55ea6`
SHA1	`e8c4b4e815c1788b3bab96fc44560d7282282fe1`
SHA256	`ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0`
SHA3	`85e8c59b71094f3ffe0990fe28a56df78d58756dc3a423284dff50f92ed7fa6f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1842
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
CompanyName	NEXTORIC
FileDescription	GameClient
FileVersion (#2)	1, 0, 0, 1842
InternalName	GameClient 201507281618
LegalCopyright	Copyright (C) NEXTORIC
LegalTrademarks	ProjectMV
OriginalFilename	GameClient
ProductName	ProjectMV
ProductVersion (#2)	1, 0, 0, 0

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0xe9b000`
EndAddressOfRawData	`0xe9b015`
AddressOfIndex	`0xe99e00`
AddressOfCallbacks	`0xcf5e94`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x4598576e`
Unmarked objects	`0`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`4`
C++ objects (VS2010 build 30319)	`4`
C objects (VS2003 (.NET) build 4035)	`2`
C++ objects (VS2003 (.NET) build 4035)	`1`
Imports (VS2003 (.NET) build 4035)	`6`
ASM objects (VS2010 SP1 build 40219)	`58`
C++ objects (VS2010 SP1 build 40219)	`77`
C objects (VS2010 SP1 build 40219)	`177`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`33`
Total imports	`379`
175 (VS2010 SP1 build 40219)	`818`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.