Manalyze report for 86cd5bb8144eb63f943262e14af466ab

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	Korean - Korea
Comments
CompanyName	WebZen
FileDescription	main
FileVersion	`1, 2, 47, 0`
InternalName	main
LegalCopyright	Copyright 2008
LegalTrademarks
OriginalFilename	main.exe
PrivateBuild
ProductName	WebZen mu main
ProductVersion	`1, 0, 0, 1`
SpecialBuild

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: PCGameHacks.com aspack.com connect.globalmuonline.com connect.muchina.com connection.muonline.com cs.muonline.jp globalmuonline.com m281u.sytes.net muchina.com muonline.com muonline.jp sytes.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.` `Unusual section name found:` `Section .idata is both writable and executable.` `Unusual section name found: .zero` `Unusual section name found: .as_0001` `Section .as_0001 is both writable and executable.` `Unusual section name found: .zero` `Unusual section name found: .as_0002` `Section .as_0002 is both writable and executable.` `Unusual section name found: .LibHook` `Unusual section name found: .LibHook` `Unusual section name found: .dlib` `Section .dlib is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegEnumValueA RegDeleteKeyA RegDeleteValueA RegSetValueExA RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegCloseKey RegisterHotKey` `Possibly launches other programs: WinExec CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptGetHashParam CryptDeriveKey CryptDecrypt CryptImportKey CryptCreateHash CryptHashData CryptVerifySignatureA CryptDestroyHash CryptDestroyKey CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: GetAsyncKeyState CallNextHookEx` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: gethostbyname WSAAsyncSelect setsockopt socket shutdown recv WSASend WSAStartup WSACleanup send WSAGetLastError inet_addr htons connect closesocket` `Manipulates other processes: Process32Next OpenProcess Process32First` `Can take screenshots: CreateCompatibleDC BitBlt GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 31/73 (Scanned on 2024-10-17 15:42:02)	`APEX: Malicious` `Antiy-AVL: Trojan/Win32.SGeneric` `Bkav: W32.AIDetectMalware` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.86cd5bb8144eb63f` `Fortinet: PossibleThreat.PALLAS.H` `Google: Detected` `Gridinsoft: Trojan.Win32.Gen.vb!n` `Ikarus: Backdoor.Win32.Bifrose` `Kingsoft: malware.kb.a.979` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.298385410` `MaxSecure: Trojan.Malware.121218.susgen` `McAfee: Artemis!86CD5BB8144E` `McAfeeD: ti!F39A44F96AE5` `Paloalto: generic.ml` `Rising: Trojan.Ymacco!8.11BE1 (TFE:1:NNxQTj1B0j)` `Sangfor: Trojan.Win32.Agent.Vski` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.PWSGoft.wh` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `VBA32: Heur.Trojan.Hlux` `Varist: W32/ABRisk.BNKY-0479` `Yandex: Trojan.GenAsa!fzmh3Stv+Tk`

Hashes

MD5	`86cd5bb8144eb63f943262e14af466ab`
SHA1	`95b6a72536fc37f6626c033d20a4464ada0e3269`
SHA256	`f39a44f96ae5efd7d2879feed9a956bfb175abfa734cfe8db1aeb60bec4a61de`
SHA3	`b91b639287f5f4d1c3a44f85f78e3cc4f9d4e3f2e526877d7a0645368dff7524`
SSDeep	`98304:JvIzWIREQyaTedn007tkJeukDDbLNhs1JH/hPBqkGlur/P8:JQzJREQyaTedn007tkJeukDDbLN6HH/`
Imports Hash	`9a38a62008fbbae25127f8e24b1d73a0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`12`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x380000`
SizeOfInitializedData	`0x772d000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x083DC234 (Section: .LibHook)`
BaseOfCode	`0x1000`
BaseOfData	`0x381000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x83e0000`
SizeOfHeaders	`0x400`
Checksum	`0x3f0072`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3bddc8010a3fe101b3606a0f90a4fdb3`
SHA1	`70fa9c519cb67238212636e7ea8d2d7a94548d89`
SHA256	`2199eb05a48e7d59347eaeaad3be9ae05e58c76b67edf9ee13b574b0d95eee8b`
SHA3	`43142aabc5a6eff82ebc3e4dff7770ad77fd1cb51408533e5455b8194567f2fd`
VirtualSize	`0x380000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37f400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.59653`

.data

MD5	`e367fe7a1725e1676fd62eefeff35e7e`
SHA1	`2117948148ec1ee02ff762d3d1ccf7f6daf78c78`
SHA256	`252c06ec51b9660b3183e9480656a973ab95ecebd0f95d0f712d30e2f395e74e`
SHA3	`a3b590ff26d4aa348e936c21594a98fd54c3ed132442b004dcf1274456537063`
VirtualSize	`0x1b000`
VirtualAddress	`0x381000`
SizeOfRawData	`0x1aa00`
PointerToRawData	`0x37f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.00466`

Section_3

MD5	`3740bb3c21c95c89564c3db1727e6758`
SHA1	`c52a3b22aebcae03ace8dc86cf3cd17243086b21`
SHA256	`05276d84a92b1e7df5a61d0d26c47c5f5691956239edd8e41d56bcb72dc0667d`
SHA3	`eea325c8c2c3fea5a21f8478fc5e8c11129ccc76f130552b86c475fbd6d7cbe5`
VirtualSize	`0x770f000`
VirtualAddress	`0x39c000`
SizeOfRawData	`0x21c00`
PointerToRawData	`0x39a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.62668`

.rsrc

MD5	`7c214027c77186890db498e058c2796d`
SHA1	`50e9346870557630b0d795ffe133d2f36456b93a`
SHA256	`ac3befc03a0df7e94d2e4bd4d650ab6d4c7a0c35a30189bcf33d591a2e487d73`
SHA3	`a201b7d3711c29f9de601ffea5a1acc44faa4e5b21fddea799628207c3e96d4e`
VirtualSize	`0x3000`
VirtualAddress	`0x7aab000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3bbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.99194`

.idata

MD5	`158477347496ba0292a98703eb8114a9`
SHA1	`6f30f975e302be894118ca8381238d8470d3ebb0`
SHA256	`ebaeefa52ffb2d1d329944c76781d3e4df5c22abc47a8b1609b1b94c7fd34b2d`
SHA3	`001e8f58033ebb40c54e2a1de77412d9c62a35fada737cf53b76485599ceaa9f`
VirtualSize	`0x3000`
VirtualAddress	`0x7aae000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3be000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.17695`

.zero

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8ff000`
VirtualAddress	`0x7ab1000`
SizeOfRawData	`0`
PointerToRawData	`0x3c0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`

.as_0001

MD5	`625d463340a3e1ea7f393dc212bf3d76`
SHA1	`24b4d52f3fe0b3418db73d9392d5fc8ef5bcfba6`
SHA256	`49a29d11c43a9463961b82813631aaf897a97d14dd1f6864ec5409669d032711`
SHA3	`dc556739587b4e5b2780914d1bf82059e67b9569330439f33517782c95d199b1`
VirtualSize	`0x1e000`
VirtualAddress	`0x83b0000`
SizeOfRawData	`0x1ca00`
PointerToRawData	`0x3c0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.15375`

.zero (#2)

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2000`
VirtualAddress	`0x83ce000`
SizeOfRawData	`0`
PointerToRawData	`0x3dcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`

.as_0002

MD5	`ae6cb58d0161b66393eea046391ce5fc`
SHA1	`280e7f6e6dc6d45219612ff29d7da94fa16889b1`
SHA256	`cd3772883def300505405eb1af40b9ee53a22a1bd4dddd3ef03611927d70988c`
SHA3	`0a88aee0f2224eacceb0b4e318b2dbf44985ad144be88ba534eb180d22086227`
VirtualSize	`0xc000`
VirtualAddress	`0x83d0000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x3dcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.78716`

.LibHook

MD5	`756657db02fe22df5e70b281c2a9fb0e`
SHA1	`d4586ca6433ccc8be7e5554277c6e1b44fef737c`
SHA256	`b12ebe0a84af466815e820fd68e031d027320140c25e75f05d9dcd058d386241`
SHA3	`ddc3e30b4c30b223bf6181b265f78f57652084e56a57c2086755d02168bdb015`
VirtualSize	`0x1000`
VirtualAddress	`0x83dc000`
SizeOfRawData	`0x23d`
PointerToRawData	`0x3e8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.19028`

.LibHook (#2)

MD5	`8b79cc4935341ca1713a2403fcb0e2df`
SHA1	`06d88c4feb4a24d4e651a3293c13e1fc7a043219`
SHA256	`d7efb8216c33bce80cacdd2f6c6c164fd05b23030f871ab030599540ff9d2bbd`
SHA3	`668f3c306159375c2a098604938f5083da3675f3d7e7802900d4bd904a9b4b0a`
VirtualSize	`0x1000`
VirtualAddress	`0x83dd000`
SizeOfRawData	`0x23d`
PointerToRawData	`0x3e91c3`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.08924`

.dlib

MD5	`da010be39a3650a83804ef00fda7fb08`
SHA1	`351189638bed53921fb57ef7db9a8abce8dc01fd`
SHA256	`a533c28cff9ee1c7eb4b67372804d481afcedff0d9ccc14bda44a0efb3ebb3a3`
SHA3	`2b968a8c9cec6c80cf532493e76c4b7ef00fac84ee2a33c9cd9aeb0a0541003c`
VirtualSize	`0x2000`
VirtualAddress	`0x83de000`
SizeOfRawData	`0x1190`
PointerToRawData	`0x3e9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.73268`

Imports

advapi32.dll	`RegEnumValueA` `RegDeleteKeyA` `CryptGetHashParam` `CryptDeriveKey` `CryptDecrypt` `CryptImportKey` `CryptCreateHash` `CryptHashData` `CryptVerifySignatureA` `CryptDestroyHash` `CryptDestroyKey` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `GetUserNameA` `RegDeleteValueA` `CryptReleaseContext` `RegSetValueExA` `RegCreateKeyExA` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `CryptAcquireContextA`
dinput8.dll	`DirectInput8Create`
dsound.dll	`DirectSoundCreate` `DirectSoundEnumerateA`
gdi32.dll	`GetTextExtentPointA` `SelectObject` `SetBkColor` `SetPixelFormat` `ChoosePixelFormat` `CreateFontA` `GetTextExtentPoint32A` `SwapBuffers` `SetTextAlign` `GetTextExtentExPointA` `CreateFontIndirectA` `CreateCompatibleDC` `BitBlt` `TextOutA` `SetTextColor` `CreateDIBSection` `SetBkMode` `DeleteDC` `DeleteObject` `GetStockObject`
glu32.dll	`gluOrtho2D` `gluPerspective`
imm32.dll	`ImmGetDefaultIMEWnd` `ImmReleaseContext` `ImmGetCompositionStringA` `ImmGetCompositionWindow` `ImmSetCompositionWindow` `ImmGetProperty` `ImmSetOpenStatus` `ImmGetConversionStatus` `ImmSetConversionStatus` `ImmGetContext` `ImmGetDescriptionA` `ImmGetIMEFileNameA` `ImmNotifyIME` `ImmGetOpenStatus`
kernel32.dll	`CreateThread` `OpenMutexA` `EnterCriticalSection` `LeaveCriticalSection` `lstrcatA` `OpenEventA` `TerminateThread` `CreateMutexA` `ReleaseMutex` `WaitForSingleObject` `GetComputerNameA` `lstrcmpA` `ExitProcess` `VirtualAlloc` `VirtualFree` `VirtualProtect` `LoadLibraryExA` `GetTempFileNameA` `GetTempPathA` `HeapFree` `GetCurrentThreadId` `GetTickCount` `Sleep` `lstrlenA` `CloseHandle` `WriteFile` `SetFilePointer` `CreateFileA` `DeleteFileA` `ReadFile` `GetLocalTime` `GetSystemDirectoryA` `lstrcmpiA` `GetVersionExA` `QueryPerformanceCounter` `SetProcessAffinityMask` `SetThreadPriority` `SetPriorityClass` `GetProcessAffinityMask` `GetThreadPriority` `GetPriorityClass` `GetCurrentThread` `GetCurrentProcess` `GetProcessHeap` `OutputDebugStringA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GlobalMemoryStatus` `GlobalUnlock` `GlobalLock` `GetCommandLineA` `GetFileSize` `GetLastError` `GetPrivateProfileStringA` `GetCurrentDirectoryA` `CopyFileA` `SetFileAttributesA` `Process32Next` `TerminateProcess` `OpenProcess` `Process32First` `CreateToolhelp32Snapshot` `WinExec` `FindClose` `FindFirstFileA` `GetModuleFileNameA` `IsBadReadPtr` `GetModuleHandleA` `GetNumberFormatA` `CreateEventA` `CreateProcessA` `WaitForMultipleObjects` `GetExitCodeProcess` `ResetEvent` `ResumeThread` `SetEndOfFile` `DeleteCriticalSection` `InitializeCriticalSection` `SetEvent` `WideCharToMultiByte` `CreateFileMappingA` `UnmapViewOfFile` `MapViewOfFile` `FindNextFileA` `RemoveDirectoryA` `GetFileAttributesA` `CreateDirectoryA` `GetThreadContext` `lstrcpynA` `GetCurrentProcessId` `Module32First` `Module32Next` `SetUnhandledExceptionFilter` `GetOEMCP` `IsValidLocale` `IsValidCodePage` `GetLocaleInfoA` `EnumSystemLocalesA` `GetUserDefaultLCID` `SetHandleCount` `GetFileType` `GetEnvironmentVariableA` `HeapDestroy` `HeapCreate` `GetACP` `IsBadWritePtr` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `GetStringTypeA` `GetStringTypeW` `IsBadCodePtr` `SetEnvironmentVariableA` `SetConsoleCtrlHandler` `GetLocaleInfoW` `HeapAlloc` `GetFileInformationByHandle` `DuplicateHandle` `SetStdHandle` `CreatePipe` `GetStdHandle` `PeekNamedPipe` `FlushFileBuffers` `lstrcpyA` `InterlockedExchange` `InterlockedDecrement` `InterlockedIncrement` `MultiByteToWideChar` `RtlUnwind` `GetTimeZoneInformation` `GetSystemTime` `RaiseException` `GetStartupInfoA` `GetVersion` `GetSystemTimeAsFileTime` `HeapReAlloc` `FatalAppExitA` `LCMapStringA` `LCMapStringW` `GetCPInfo` `CompareStringA` `CompareStringW` `TlsSetValue` `TlsAlloc` `TlsFree` `SetLastError` `TlsGetValue` `HeapSize` `QueryPerformanceFrequency`
opengl32.dll	`glColor3f` `glEnd` `glVertex3fv` `glTexCoord2f` `glBegin` `glColor3fv` `glGetIntegerv` `glGetString` `glAlphaFunc` `glFogf` `glFogfv` `glEnable` `glDisable` `glClearColor` `glTexImage2D` `glBindTexture` `glVertex3f` `glDepthMask` `glPolygonMode` `glFrontFace` `glStencilFunc` `glColorMask` `glVertex2f` `glDepthFunc` `glStencilOp` `glTexParameteri` `glTexEnvf` `glPixelStorei` `glDeleteTextures` `glIsTexture` `glColor4ub` `glLoadIdentity` `glMatrixMode` `glPopMatrix` `glClear` `glTranslatef` `glRotatef` `glPushMatrix` `wglDeleteContext` `wglMakeCurrent` `wglCreateContext` `glScalef` `glGenTextures` `glTexEnvi` `glReadPixels` `glGetFloatv` `glBlendFunc` `glViewport` `glFogi` `glFlush` `glTexSubImage2D` `glColor4f`
shell32.dll	`ShellExecuteA` `ShellExecuteExA`
user32.dll	`GetFocus` `UnregisterHotKey` `RegisterHotKey` `GetAsyncKeyState` `GetKeyboardLayout` `GetKeyboardLayoutNameA` `OpenClipboard` `SendMessageA` `wsprintfA` `GetWindowRect` `SetWindowPos` `CallNextHookEx` `UnhookWindowsHookEx` `SetWindowsHookExA` `GetDesktopWindow` `MessageBoxA` `SetWindowLongA` `CallWindowProcA` `GetWindowLongA` `GetCaretPos` `GetWindowTextA` `SetWindowTextA` `ShowWindow` `ReleaseDC` `CloseClipboard` `CreateWindowExA` `PostMessageA` `SetFocus` `IsWindowVisible` `GetScrollPos` `SetScrollPos` `SetTimer` `ShowCursor` `ChangeDisplaySettingsA` `SystemParametersInfoA` `ReleaseCapture` `SetCapture` `DefWindowProcA` `PostQuitMessage` `EndPaint` `BeginPaint` `DestroyWindow` `RegisterClassA` `LoadCursorA` `LoadIconA` `SetForegroundWindow` `GetSystemMetrics` `AdjustWindowRect` `IsIconic` `DispatchMessageA` `TranslateMessage` `GetDC` `GetClipboardData` `GetMessageA` `PeekMessageA` `UpdateWindow` `EnumDisplaySettingsA` `SetCursorPos` `KillTimer` `SetRect` `OffsetRect` `PtInRect` `GetDoubleClickTime` `ScreenToClient` `GetCursorPos` `GetActiveWindow` `IntersectRect` `ClientToScreen` `wvsprintfA` `FindWindowA`
version.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`
winmm.dll	`mmioAscend` `mmioOpenA` `mmioClose` `timeGetTime` `mmioDescend` `mmioRead` `timeGetDevCaps` `timeBeginPeriod` `mmioWrite` `timeEndPeriod`
ws2_32.dll	`gethostbyname` `WSAAsyncSelect` `setsockopt` `socket` `shutdown` `recv` `WSASend` `WSAStartup` `WSACleanup` `send` `WSAGetLastError` `inet_addr` `htons` `connect` `closesocket`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CoInitialize`
wzaudio.dll	`wzAudioStop` `wzAudioPlay` `wzAudioGetStreamOffsetRange` `wzAudioDestroy` `wzAudioOption` `wzAudioCreate`

Delayed Imports

1

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07176`
MD5	`46bd0e570128820855709b0ef7baedf1`
SHA1	`e3a00e970a62c66795522d5638fd07feb0ec9cee`
SHA256	`419f856569df391049fe54baa3eaba23333af684d468b3db54032b1ae99da84a`
SHA3	`273d3ff86bc30ad79810481368f1ef676f2541739920ac15a65e4afa13cde7c5`

2

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70736`
MD5	`9326002520adbb64c0e22cfe4b56ef9f`
SHA1	`23fb80ddf56393ca578790aab88b93c089a06537`
SHA256	`e17119d66f71f8a055295d5f87c9c2cca081bbd83904fe01ab6bdc6381c6e191`
SHA3	`eb013a7517ae50bb603f8250befe6b486888245afa87edb5ce2cd7c5faf202db`

3

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91116`
MD5	`5b3f8baf6ed52b5f2a5c88c5001736fa`
SHA1	`c9b4a610997f92be3f21c555f4b517308cac47c0`
SHA256	`ae3c6b324c9eaa11bde5b44c15c87968f088fec942f9b483b75741da8fce6813`
SHA3	`d7d179d7618467f6554a6a91a8d6c1966a8025551b1f1208fb792e72039b9bac`

4

Type	`RT_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67625`
MD5	`8a36e0ba48ea6216c985b760e8601777`
SHA1	`79ed19e9df7265a95acdac0945fe4e887095c78e`
SHA256	`f8e4fc643d9f8874d5180c8f75795d3cdf10c5344390a42320d3a3f5bcc3e07d`
SHA3	`1bcb14873608eb156ee667c93b68e3328363931b0c9f75d27e4696081e6c14fb`

101

Type	`RT_GROUP_ICON`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70237`
Detected Filetype	Icon file
MD5	`7a5323bc7bc1f8b5d24ac4563187979e`
SHA1	`0cf74ff14e9af6df11b035640c019fb5acd9f38f`
SHA256	`30318b36a5012a6a445f593ce7966ba1a0c19d9e74a8009c94903e019fd12a27`
SHA3	`21e12534926c86bf2785d56922f6e48dce8230252a7023bdf1f9549c5177b8ed`

1 (#2)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x330`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27411`
MD5	`bb429cbe4c33d00c8ffdaea8ecdf650c`
SHA1	`1ea9584f55f6eb5728dd4766de4493647cb024d4`
SHA256	`370123bb46e6cceb2e812226d13b0fd226cd4f4bf1489d7784eebfb7136bcd7c`
SHA3	`9004bb18bb7f5bfcf10b9a249e8abef0d43da9c2394b0713d0272713f6d956de`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.47.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Korean - Korea
Comments
CompanyName	WebZen
FileDescription	main
FileVersion (#2)	1, 2, 47, 0
InternalName	main
LegalCopyright	Copyright 2008
LegalTrademarks
OriginalFilename	main.exe
PrivateBuild
ProductName	WebZen mu main
ProductVersion (#2)	1, 0, 0, 1
SpecialBuild

Resource LangID	Korean - Korea

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.
[*] Warning: Section .zero has a size of 0!
[*] Warning: Section .zero has a size of 0!