Manalyze report for 89d91379a08ae714471a9f29e0cf129ceafaac84ab18faff9163b31dfa1ec0a0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Jun-26 10:32:30
Detected languages	Chinese - PRC English - United States
CompanyName	éå±±è½¯ä»¶è¡ä»½æéå¬å¸
FileDescription	JxOnline Client
FileVersion	`3, 0, 0, 6`
InternalName	Game
LegalCopyright	çæææ (C) 1995-2004 éå±±è½¯ä»¶è¡ä»½æéå¬å¸
OriginalFilename	Game.exe
ProductName	SwordOnline
ProductVersion	`3.00.00.2003`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual Basic v5.0 - v6.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Info	Interesting strings found in the binary:	`Contains domain names: http://jx.kingsoft.com http://jx.kingsoft.com/tan.shtml http://pass.kingsoft.com http://pass.kingsoft.com/jh/ http://www.jxqy1.com http://www.jxqy1.com/news.html https://pay.zing.vn https://pay.zing.vn/napcard/volam.html jx.kingsoft.com jxonline.net jxqy1.com kingsoft.com pass.kingsoft.com www.jxonline.net www.jxqy1.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Code injection capabilities: OpenProcess CreateRemoteThread WriteProcessMemory VirtualAllocEx` `Code injection capabilities (process hollowing): WriteProcessMemory ResumeThread SetThreadContext` `Code injection capabilities (mapping injection): CreateRemoteThread CreateFileMappingA MapViewOfFile` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegSetValueExA RegCreateKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAllocEx VirtualProtectEx` `Leverages the raw socket API to access the Internet: inet_ntoa` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess ReadProcessMemory WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Malicious	The PE's digital signature is invalid.	`Signer: BladeKnight109 Co.` `Issuer: BladeKnight109 Co.` `The file was modified after it was signed.`
Malicious	VirusTotal score: 36/68 (Scanned on 2026-03-26 06:22:45)	`ALYac: Trojan.GenericKD.78442205` `AVG: Win32:Malware-gen` `Alibaba: Trojan:Win32/Generic.d8938f01` `Arcabit: Trojan.Generic.D4ACEEDD` `Avast: Win32:Malware-gen` `Avira: TR/AVI.Agent.trgob` `CAT-QuickHeal: Trojan.Ghanarava.17718731557c9dec` `CTX: exe.trojan.generic` `CrowdStrike: win/grayware_confidence_60% (D)` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.DownLoader33.55651` `Elastic: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.78442205 (B)` `F-Secure: Trojan.TR/AVI.Agent.trgob` `GData: Trojan.GenericKD.78442205` `Google: Detected` `Gridinsoft: Trojan.Win32.Downloader.oa!s1` `Ikarus: Trojan.Crypt` `K7AntiVirus: Trojan-Downloader ( 005d5cbc1 )` `K7GW: Trojan-Downloader ( 005d5cbc1 )` `Kingsoft: malware.kb.a.1000` `Lionic: Trojan.Win32.Generic.4!c` `McAfeeD: ti!89D91379A08A` `MicroWorld-eScan: Trojan.GenericKD.78442205` `Microsoft: Trojan:Win32/Downloader!rfn` `Paloalto: generic.ml` `Rising: Downloader.Agent!8.B23 (C64:YzY0OhleCxd5uTeRIhC83oszjtw)` `Sangfor: Downloader.Win32.Agent.V6y1` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: TROJ_GEN.R002H01BN26` `VIPRE: Trojan.GenericKD.78442205` `Varist: W32/ABTrojan.UDZZ-1948` `ViRobot: Trojan.Win.Z.Agent.2685752.A` `alibabacloud: Trojan:Win/Phonzy.A9nj`

Hashes

MD5	`09fe419d09c47ec2afc93fa51e7c9dec`
SHA1	`354c33303dc1df1a40ebc8ac4f676eb293e4b9e0`
SHA256	`89d91379a08ae714471a9f29e0cf129ceafaac84ab18faff9163b31dfa1ec0a0`
SHA3	`ec473aa4fa5c1820484b6eacffe291decd8608443cbd26a2711c03ad0e609d09`
SSDeep	`49152:+m2o5vSM1lL4EdrD8LNuBqFtaQ9bHeeg/BgWaf2VXu4pF8UTwKgEa3FBhtJcD2k6:+wL40vKNuBuawbeeg/BgWaf2VXu4wCdU`
Imports Hash	`6a5f1d13ae64ff521d0d546619e7fb13`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Jun-26 10:32:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x239000`
SizeOfInitializedData	`0x54000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00239EC6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x23a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1220000`
SizeOfHeaders	`0x1000`
Checksum	`0x297b80`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4584a06e415b967fcbf95b9a8d9d059b`
SHA1	`e3f347bb0a9bb40f43b711d53d7ec2bb2fd19283`
SHA256	`8cc7753b80a32f187b8400b6c42f746ef238c32ef79d07aefb7508f38b1556c2`
SHA3	`83bcdf3e3b7281edb9c91c01b8a0b5d44b2fac284cc5e7f192c822addc55aa5c`
VirtualSize	`0x238e8c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x239000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.42385`

.rdata

MD5	`48cb31d6ed940f16270590021246b46a`
SHA1	`b4e8b9b68e46238b555452ec18daedbf4397f076`
SHA256	`b2fc9a2e17b459596a05792c56211708565f71bcdb45a1aee6faa18a57aa7806`
SHA3	`bdcf4704db81d309d4be4ba1ef5856cc5d19492ffe1ec9872a373238ba9ba684`
VirtualSize	`0x4146b`
VirtualAddress	`0x23a000`
SizeOfRawData	`0x42000`
PointerToRawData	`0x23a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05081`

.data

MD5	`d549ca376fcf32d1240e82b499bb4c06`
SHA1	`080d232789131d6fe14c42c2f2afc90b2047d691`
SHA256	`4457e31fe7ee73632cdefe6f5a92ae96f135ec476e18dc950aa77926fd828484`
SHA3	`4dee66b0b1e41d40eb3403de58dd125ced2946a74027ab309b7d145b13da8603`
VirtualSize	`0xfa2e10`
VirtualAddress	`0x27c000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x27c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.57121`

.rsrc

MD5	`d83fbfdbb3f29c02bb256db2cad2c63e`
SHA1	`ea1a94a465a24c5dd3ff1119fe8c03c8a9578524`
SHA256	`4145aefa88f8fc1431314ff54ff952c46c57e7baca022053413ea662463f79d8`
SHA3	`57e5b0dd4e1ae42e2511e71b50a539ddb59391d0b4ae2d6c2a8cf8cf37796d48`
VirtualSize	`0xf54`
VirtualAddress	`0x121f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x28d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84571`

Imports

WS2_32.dll	`inet_ntoa`
KERNEL32.dll	`CloseHandle` `TerminateThread` `GetExitCodeThread` `FreeLibrary` `WaitForSingleObject` `GetProcAddress` `LoadLibraryA` `Sleep` `SystemTimeToTzSpecificLocalTime` `WritePrivateProfileStringA` `GetLastError` `CreateProcessA` `SetUnhandledExceptionFilter` `IsBadReadPtr` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `CreateFileA` `FormatMessageA` `lstrlenA` `CreateSemaphoreA` `OpenSemaphoreA` `CreateEventA` `SetEvent` `LeaveCriticalSection` `EnterCriticalSection` `ResetEvent` `CreateThread` `InitializeCriticalSection` `InterlockedDecrement` `GetComputerNameA` `FileTimeToSystemTime` `LocalFileTimeToFileTime` `SystemTimeToFileTime` `OpenProcess` `TerminateProcess` `ReadProcessMemory` `GetCurrentDirectoryA` `GetVersionExA` `InterlockedExchange` `InterlockedCompareExchange` `GetStartupInfoA` `UnhandledExceptionFilter` `IsDebuggerPresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `SetLastError` `CreateMutexA` `OpenMutexA` `VirtualProtect` `LoadLibraryW` `GetProcessHeap` `HeapFree` `MulDiv` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetTempPathA` `GetTempFileNameA` `VirtualFreeEx` `CreateRemoteThread` `WriteProcessMemory` `MultiByteToWideChar` `CreateFileMappingA` `VirtualAllocEx` `GetTickCount` `GetPrivateProfileIntA` `GetLocalTime` `GetVersion` `FindFirstFileA` `SetFileAttributesA` `DeleteFileA` `FindNextFileA` `FindClose` `RemoveDirectoryA` `AllocConsole` `FreeConsole` `GetModuleFileNameA` `GetDiskFreeSpaceExA` `DeleteCriticalSection` `MapViewOfFile` `UnmapViewOfFile` `GetProcessTimes` `GetThreadContext` `ResumeThread` `VirtualProtectEx` `FlushInstructionCache` `SetThreadContext`
USER32.dll	`GetDC` `CopyRect` `CharLowerA` `SetWindowLongA` `GetWindowLongA` `MoveWindow` `ReleaseDC` `InvalidateRect` `BringWindowToTop` `SetWindowTextA` `wsprintfA` `ReleaseCapture` `SetCapture` `SetCursorPos` `InSendMessage` `MessageBoxA` `GetMessagePos` `ScreenToClient` `GetKeyState` `SetClipboardData` `OpenClipboard` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `SetCaretPos` `EnableWindow` `ShowWindow` `SetFocus` `DestroyWindow` `IsWindow` `GetClientRect` `ClientToScreen` `SetWindowPos` `CreateWindowExA` `ShowCursor` `LoadCursorFromFileA` `LoadCursorA` `SetCursor` `SendMessageA` `GetParent`
comdlg32.dll	`GetOpenFileNameA`
ADVAPI32.dll	`OpenProcessToken` `RegQueryValueExA` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegOpenKeyExA` `RegSetValueExA` `RegCreateKeyExA` `RegCloseKey`
SHELL32.dll	`SHGetSpecialFolderPathA` `ShellExecuteA`
ole32.dll	`StgCreateDocfile` `OleUninitialize` `OleInitialize` `OleCreate` `OleSetContainedObject` `OleSave`
FilterText.dll	`CreateTextFilter`
LuaLibDll.dll	`lua_typename` `lua_setglobal` `lua_getn` `lua_stackspace` `lua_rawgeti` `lua_rawseti` `lua_error` `lua_newtable` `lua_settable` `lua_curpack` `lua_rawget` `lua_pushnil` `lua_isstring` `lua_pushstring` `lua_pushnumber` `lua_type` `lua_tonumber` `lua_gettop` `lua_tostring` `lua_pushcclosure`
MSVCP80.dll	`?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z` `?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z` `?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ` `?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ` `?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z` `?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ` `?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z` `?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z` `??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z` `??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z` `??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z` `??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z` `?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB` `?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ` `?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z` `?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z` `?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ` `??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z` `?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ` `??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z` `??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z` `??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z` `?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z` `?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z` `??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z`
MSVCR80.dll	`_localtime32` `_purecall` `strcat` `strftime` `isgraph` `atoi` `printf` `freopen` `__iob_func` `free` `realloc` `malloc` `memmove` `_mbsicmp` `isspace` `abs` `_difftime32` `memcmp` `sscanf` `memmove_s` `_mktime32` `rand` `fclose` `fwrite` `fopen` `srand` `memcpy` `isdigit` `_mbsstr` `remove` `_ui64toa` `_i64toa` `fflush` `fprintf` `_gmtime32` `sprintf_s` `_chmod` `vsprintf` `_vsnprintf` `strrchr` `_ctime32` `exit` `_mkdir` `_CIsqrt` `puts` `floor` `strncmp` `_CIcos` `_CIsin` `strtoul` `_unlock` `__dllonexit` `_encode_pointer` `_lock` `_onexit` `_decode_pointer` `?terminate@@YAXXZ` `_amsg_exit` `__getmainargs` `_cexit` `_exit` `_XcptFilter` `_ismbblead` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler4_common` `_crt_debugger_hook` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_invoke_watson` `_controlfp_s` `strcmp` `memset` `strlen` `??_V@YAXPAX@Z` `_snprintf` `_time32` `?what@exception@std@@UBEPBDXZ` `??0exception@std@@QAE@ABQBD@Z` `??0exception@std@@QAE@ABV01@@Z` `??0exception@std@@QAE@XZ` `??1exception@std@@UAE@XZ` `_CxxThrowException` `??2@YAPAXI@Z` `_invalid_parameter_noinfo` `??3@YAXPAX@Z` `__CxxFrameHandler3` `strcpy` `strchr` `strstr` `sprintf` `strncpy` `_itoa` `_stricmp` `_getcwd` `_strlwr` `__CxxFrameHandler` `labs` `calloc`
engine.dll	`EDOneTimePad_Decipher` `?Run@KWin32App@@UAEXXZ` `?Init@KWin32App@@UAEHPAUHINSTANCE__@@PAD@Z` `??0KWin32App@@QAE@XZ` `?InitClass@KWin32App@@MAEHPAUHINSTANCE__@@@Z` `?InitWindow@KWin32App@@MAEHPAUHINSTANCE__@@@Z` `?ShowMouse@KWin32App@@UAEXH@Z` `?SetMultiGame@KWin32App@@UAEXH@Z` `?MsgProc@KWin32App@@UAEJPAUHWND__@@IIJ@Z` `?SetMouseHoverTime@KWin32App@@QAEXI@Z` `?Start@KTimer@@QAEXXZ` `?GetElapse@KTimer@@QAEKXZ` `InitTextRender` `?g_InitEngine@@YAHPBD0@Z` `?g_ExitEngine@@YAXXZ` `?g_DebugLog@@YAXPBDZZ` `EDOneTimePad_Encipher` `RegisterInlineCtrl` `RemoveInlineWndCtrl` `?g_StrCpy@@YAXPADPBD@Z` `?g_StrCmpLen@@YAHPBD0H@Z` `?g_StrLen@@YAHPBD@Z` `?GetString@KTabFile@@UAEHHHPBDPADK@Z` `?SetKeepDataForOutMaxWidth@KTabFile@@QAEXH@Z` `?Init@KSG_LogFile@@QAEHPBD@Z` `?puts@KSG_LogFile@@QAEXPBD@Z` `?write_date_time@KSG_LogFile@@QAEXXZ` `?GetScript@KLuaScriptSet@@QAEPAVKLuaScript@@PBD@Z` `?LoadScriptByRelPath@KLuaScriptSet@@QAE?AW4_CODE_RESULT@@PBDPAPAVKLuaScript@@H@Z` `?FormatCallByVaList@KLuaCall@@QAEHPBDPAH0PAD@Z` `??1KNode@@UAE@XZ` `?RegisterFunctions@KLuaScriptSet@@QAEHPAUTLua_Funcs@@H@Z` `?SetGlobalInt@KLuaScriptSet@@QAEXPBDH@Z` `?SetRootPath@KLuaScriptSet@@QAEXPBD@Z` `?GetScript@KLuaScriptSet@@QAEPAVKLuaScript@@K@Z` `?GetFloat@KTabFile@@UAEHHPBDMPAMH@Z` `?Insert@KLinkArray@@QAEXH@Z` `?Init@KLinkArray@@QAEXH@Z` `?GetInteger@KTabFile@@UAEHHHHPAH@Z` `?FindColumn@KTabFile@@UAEHPBD@Z` `??0KLuaScriptSet@@QAE@HH@Z` `??1KLuaScriptSet@@QAE@XZ` `?SetGlobalName@KLuaCall@@QAEXPBD@Z` `?g_FileName2Id@@YAKPBD@Z` `?GetNext@KLinkArray@@QBEHH@Z` `??1KLinkArray@@QAE@XZ` `??0KLinkArray@@QAE@XZ` `?Remove@KLinkArray@@QAEXH@Z` `??1KSoundCache@@QAE@XZ` `?Exit@KDirectSound@@QAEXXZ` `?SetVolume@KWavSound@@QAEXH@Z` `?SetPan@KWavSound@@QAEXH@Z` `?Stop@KWavSound@@QAEXXZ` `?IsPlaying@KWavSound@@QAEHXZ` `??0KDirectSound@@QAE@XZ` `??1KDirectSound@@QAE@XZ` `??1KMusic@@UAE@XZ` `??0KMemClass@@QAE@XZ` `??_7KMp3Music@@6B@` `??0KMusic@@QAE@XZ` `??0KSoundCache@@QAE@XZ` `?Init@KDirectSound@@QAEHXZ` `?Open@KMp3Music@@UAEHPAD@Z` `?Close@KMusic@@UAEXXZ` `?Play@KMusic@@UAEXH@Z` `?Stop@KMusic@@UAEXXZ` `?Rewind@KMp3Music@@UAEXXZ` `?SetVolume@KMusic@@UAEXJ@Z` `?HandleNotify@KMusic@@UAEHXZ` `?IsPlaying@KMusic@@UAEHXZ` `?Init@KMusic@@MAEHXZ` `?InitSoundFormat@KMp3Music@@MAEXXZ` `?InitSoundBuffer@KMusic@@MAEHXZ` `?FreeSoundBuffer@KMusic@@MAEXXZ` `?InitSoundNotify@KMusic@@MAEHXZ` `?FreeSoundNotify@KMusic@@MAEXXZ` `?InitEventHandle@KMusic@@MAEHXZ` `?FreeEventHandle@KMusic@@MAEXXZ` `?FillBufferWithSound@KMusic@@MAEHK@Z` `?FillBufferWithSilence@KMusic@@MAEHXZ` `?ReadWaveData@KMp3Music@@MAEKPAEK@Z` `?Mp3Init@KMp3Music@@MAEHXZ` `?Mp3FillBuffer@KMp3Music@@MAEHXZ` `?Mp3Decode@KMp3Music@@MAEKPAEK@Z` `?Mp3FileOpen@KMp3Music@@MAEHPAD@Z` `?Mp3FileRead@KMp3Music@@MAEKPAEK@Z` `?Mp3FileSeek@KMp3Music@@MAEKJ@Z` `?Seek@KMp3Music@@UAEXH@Z` `??1KMemClass@@QAE@XZ` `?Play@KWavSound@@QAEXHHH@Z` `?GetNext@KNode@@QBEPAV1@XZ` `?Remove@KNode@@QAEXXZ` `?GetHead@KList@@QBEPAVKNode@@XZ` `??0KNode@@QAE@XZ` `?GetPrev@KLinkArray@@QBEHH@Z` `?AddTail@KList@@QAEXPAVKNode@@@Z` `?GetString@KTabFile@@UAEHPBD00PADK@Z` `?g_StrCat@@YAXPADPBD@Z` `?SetGlobalName@KLuaScript@@QAEXPBD@Z` `??0KList@@QAE@XZ` `?GetWidth@KTabFile@@UAEHXZ` `TGetLimitLenEncodedString` `?g_StrLower@@YAXPAD@Z` `?Clear@KPolygon@@QAEXXZ` `??0KPolygon@@QAE@XZ` `?g_StrCmp@@YAHPBD0@Z` `?AddHead@KList@@QAEXPAVKNode@@@Z` `?RemoveHead@KList@@QAEPAVKNode@@XZ` `?GetRect@KIniFile@@QAEXPBD0PAUtagRECT@@@Z` `?Seek@KPakFile@@QAEKHI@Z` `?Stop@KTimer@@QAEXXZ` `?g_GetRandomSeed@@YAIXZ` `?GetValuesFromStack@KLuaScript@@QAAHPBDZZ` `?g_StrWrap@@YAXPADPBDH@Z` `?g_UnitePathAndName@@YAXPBD0PAD@Z` `?KSG_StringGetInt@@YAHPAPBDH@Z` `?KSG_StringSkipSymbol@@YA_NPAPBDH@Z` `gAdviseMemFileNotify` `?GetInteger@KTabFile@@UAEHPBD0HPAH@Z` `?GetActionScriptID@KLuaScript@@SAKPAUlua_State@@@Z` `?PushNumber@KLuaCall@@QAEXN@Z` `?IsLoaded@KLuaScript@@QBEHXZ` `?g_GetRootPath@@YAXPADI@Z` `??0KTabFile@@QAE@ABV0@@Z` `?WriteString@KTabFileCtrl@@QAEHHPBD0H@Z` `?WriteString@KTabFileCtrl@@QAEHHHPBDK@Z` `?Search@KTabFile@@QAEHPBD0H@Z` `?Search@KTabFile@@QAEHPBDHH@Z` `?Save@KTabFileCtrl@@QAEHXZ` `?Save@KTabFile@@UAEHPBD@Z` `?FindRow@KTabFile@@UAEHPBDH@Z` `?GetFloat@KTabFile@@UAEHPBD0MPAM@Z` `?GetFloat@KTabFile@@UAEHHHMPAM@Z` `??0KTabFileCtrl@@QAE@XZ` `?Load@KTabFileCtrl@@UAEHPBD@Z` `?Save@KTabFileCtrl@@UAEHPBD@Z` `?FindRow@KTabFileCtrl@@UAEHPBDH@Z` `?FindColumn@KTabFileCtrl@@UAEHPBD@Z` `?GetWidth@KTabFileCtrl@@UAEHXZ` `?GetHeight@KTabFileCtrl@@UAEHXZ` `?GetString@KTabFileCtrl@@UAEHPBD00PADK@Z` `?GetString@KTabFileCtrl@@UAEHHHPBDPADK@Z` `?GetString@KTabFileCtrl@@UAEHHPBD0PADKH@Z` `?GetInteger@KTabFileCtrl@@UAEHPBD0HPAH@Z` `?GetInteger@KTabFileCtrl@@UAEHHHHPAH@Z` `?GetInteger@KTabFileCtrl@@UAEHHPBDHPAHH@Z` `?GetFloat@KTabFileCtrl@@UAEHPBD0MPAM@Z` `?GetFloat@KTabFileCtrl@@UAEHHHMPAM@Z` `?GetFloat@KTabFileCtrl@@UAEHHPBDMPAMH@Z` `?Clear@KTabFileCtrl@@UAEXXZ` `??1KTabFileCtrl@@UAE@XZ` `?GetNodeCount@KList@@QBEJXZ` `gAddToMemFileManager` `gOnUpdateFinishForMemFileManager` `?release_image@@YAXPAUKSGImageContent@@@Z` `?g_FileExists@@YAHPBD@Z` `?Tell@KPakFile@@QAEKXZ` `?RemoveTail@KList@@QAEPAVKNode@@XZ` `?GetTail@KList@@QBEPAVKNode@@XZ` `?GetGlobalName@KLuaScript@@QAEXPBD@Z` `??0KMutex@@QAE@XZ` `?Lock@KMutex@@QAEXXZ` `?Unlock@KMutex@@QAEXXZ` `??1KMutex@@QAE@XZ` `?GetTopIndex@KLuaCall@@QBEHXZ` `?StackCall@KLuaCall@@QAEHPBDHHPAH@Z` `?ValueToNumber@KLuaCall@@QAEIH@Z` `?ValueToString@KLuaCall@@QAEPBDH@Z` `??1KLuaCall@@QAE@XZ` `?g_RandomSeed@@YAXI@Z` `?CallFunction@KLuaScript@@QAEHPBDH0PAD@Z` `?SafeCallBegin@KLuaScript@@QAEXPAH@Z` `?SafeCallEnd@KLuaScript@@QAEXH@Z` `?GetNextKey@KIniFile@@QAEHPBD0PAD@Z` `TGetEncodedTextOutputLenPos` `TGetEncodedTextEffectCtrls` `?g_Random@@YAII@Z` `?Clear@KTabFile@@UAEXXZ` `?Open@KFile@@QAEHPBD@Z` `?Read@KFile@@QAEKPAXK@Z` `?Load@KTabFile@@UAEHPBD@Z` `?GetHeight@KTabFile@@UAEHXZ` `?GetInteger@KTabFile@@UAEHHPBDHPAHH@Z` `?GetString@KTabFile@@UAEHHPBD0PADKH@Z` `??1KTabFile@@UAE@XZ` `??0KTabFile@@QAE@XZ` `TSplitEncodedString` `?IsSectionExist@KIniFile@@QAEHPBD@Z` `?KSG_StringToMD5String@@YAHQADQBD@Z` `?WriteStruct@KIniFile@@QAEXPBD0PAXK@Z` `?EraseKey@KIniFile@@QAEXPBD0@Z` `?GetStruct@KIniFile@@QAEXPBD0PAXK@Z` `TClearSpecialCtrlInEncodedText` `?g_GetDrawHWnd@@YAPAUHWND__@@XZ` `TEncodeTextAndPickCtrl` `?GetInteger2@KIniFile@@QAEHPBD0PAH1@Z` `TRemoveCtrlInEncodedText` `GetCtrlHandle` `??1KIme@@QAE@XZ` `??0KIme@@QAE@XZ` `TIsLocalWord` `TSplitString` `TSplitStringLine` `TIsHightChar` `?EnableLanguageChange@KIme@@QAEXXZ` `?OpenIME@KIme@@QAEXXZ` `?SetCaretPos@KIme@@QAEXHH@Z` `?IsIme@KIme@@QAEHXZ` `TGetLimitLenString` `??0KPakFile@@QAE@XZ` `??0KFile@@QAE@XZ` `?Create@KFile@@QAEHPBD@Z` `?Open@KPakFile@@QAEHPBD@Z` `?Size@KPakFile@@QAEKXZ` `?Read@KPakFile@@QAEKPAXI@Z` `?Close@KPakFile@@QAEXXZ` `??1KFile@@QAE@XZ` `??1KPakFile@@QAE@XZ` `TGetEncodedTextLineCount` `TFindSpecialCtrlInEncodedText` `??0KTimer@@QAE@XZ` `?Clear@KIniFile@@QAEXXZ` `?Close@KFile@@QAEXXZ` `?Write@KFile@@QAEKPAXK@Z` `?Seek@KFile@@QAEKJK@Z` `?g_pIme@@3PAVKIme@@A` `?DisableLanguageChange@KIme@@QAEXXZ` `?CloseIME@KIme@@QAEXXZ` `?TurnOn@KIme@@QAEXXZ` `?EraseSection@KIniFile@@QAEXPBD@Z` `?LoadBuffer@KLuaScript@@QAEHPAEKPBD@Z` `?ExecuteCode@KLuaScript@@QAEHXZ` `?Release@KLuaScript@@QAEXXZ` `?CreateScript@KLuaScriptSet@@QAEPAVKLuaScript@@XZ` `?RegisterFunctions@KLuaScript@@QAEHPAUTLua_Funcs@@H@Z` `?g_StrCpyLen@@YAXPADPBDH@Z` `?WriteInteger@KIniFile@@QAEXPBD0H@Z` `?Save@KIniFile@@QAEHPBD@Z` `?g_GetFullPath@@YAXPADIPBD@Z` `?g_GetMainHWnd@@YAPAUHWND__@@XZ` `?g_CreatePath@@YAXPBD@Z` `??1KSG_LogFile@@UAE@XZ` `??0KSG_LogFile@@QAE@PBD@Z` `?InitWithDate@KSG_LogFile@@QAEHPBD0H@Z` `?printf_t@KSG_LogFile@@QAAXPBDZZ` `?GetTmpScript@KLuaScriptSet@@QAEPAVKLuaScript@@XZ` `?AddIncluder@KLuaScript@@QAEXK@Z` `??0KLuaCall@@QAE@PAVKLuaScript@@H@Z` `??1KIniFile@@QAE@XZ` `?GetString@KIniFile@@QAEHPBD00PADK@Z` `?Load@KIniFile@@QAEHPBD@Z` `?WriteString@KIniFile@@QAEXPBD00@Z` `?g_HashString2Id@@YAKPBD@Z` `TEncodeText` `?GetInteger@KIniFile@@QAEHPBD0HPAH@Z` `??0KIniFile@@QAE@XZ` `TIsLocalChar`
IMM32.dll	`ImmAssociateContext`
WINMM.dll	`timeGetTime`
GDI32.dll	`GetDeviceCaps` `RealizePalette` `SelectPalette`
OLEAUT32.dll	`SysAllocString` `VariantClear` `SysFreeString`

Delayed Imports

CreateCoreShell

Ordinal	`1`
Address	`0x1388c0`

_GetDecryptProc@4

Ordinal	`2`
Address	`0x1be2e0`

_GetEncryptProc@4

Ordinal	`3`
Address	`0x1be2f0`

GetSoundShell

Ordinal	`4`
Address	`0x1388e0`

_SetDecryptionKey@4

Ordinal	`5`
Address	`0x1be300`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36393`
MD5	`8b9b9ef3b2258f7027f5ba10989c632c`
SHA1	`f33fc6b269ff6da2822d33b5e06a8417f5999ee0`
SHA256	`fcb703bc0e284f1a4c3d99b494ea886df71d6b6349abf91ed56720fc7afe44f9`
SHA3	`9ee4f903c3b78512752828ed74fe870db0a007d0219fa9d663fdbd0e748012ad`

102

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37848`
MD5	`45a6aeebcc12fa1512e0bbdcda05b506`
SHA1	`4215ea026b0f16b8354a64d0c0a0148b5d0a3f6b`
SHA256	`2ce71fe71ab247cdbf571297a4dfead075edf4632d11c2234adcfdb8024b2e74`
SHA3	`b3e5e7cd589847e031779bf04e5746ecb9c3786bf55f58d196d82c94bf9b5e0c`

101

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81924`
Detected Filetype	Icon file
MD5	`cbee427fa121aba9b9b265ff05de5383`
SHA1	`24fcae33001c8e0f5ec795c6edf076a69d59589f`
SHA256	`494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c`
SHA3	`a3fa35d56632275ba55716a4964f02031270f61f06a903fc460ac2dd6bebde85`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69095`
MD5	`92ac6d931a06dcd96554db3b24c75852`
SHA1	`f3b3699afa8d966870e734c2e1d9f9a426b6f489`
SHA256	`49e7ec75e2c9a5583cb65e5f144e2cfdd32636d1bdee5b3f2ee885f7c4dd3ce0`
SHA3	`e2dd8d45bc484dcd6134c4bd29bc6f21040702c53dc599247bb22995bf66e2d1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x155`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09264`
MD5	`5a000145fa5794ca1d45e479ab47b127`
SHA1	`a4a9c58152c765b3e31d4ab2f8d18ee5d926ed68`
SHA256	`051076e9d573943752a14858930365e0763f7f2920d824951787f199ddbc7859`
SHA3	`ac169575d584ac2f6061470b0926c8dd4c1184cc21509240e738016f0b5bb64f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.6
ProductVersion	3.0.0.2003
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
CompanyName	éå±±è½¯ä»¶è¡ä»½æéå¬å¸
FileDescription	JxOnline Client
FileVersion (#2)	3, 0, 0, 6
InternalName	Game
LegalCopyright	çæææ (C) 1995-2004 éå±±è½¯ä»¶è¡ä»½æéå¬å¸
OriginalFilename	Game.exe
ProductName	SwordOnline
ProductVersion (#2)	3.00.00.2003

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x5a18aab0`
Unmarked objects	`0`
C++ objects (VS98 SP6 build 8804)	`14`
126 (50327)	`6`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`7`
Imports (VS2012 build 50727 / VS2005 build 50727)	`10`
C objects (VS2012 build 50727 / VS2005 build 50727)	`34`
C objects (VS2003 (.NET) build 4035)	`7`
Imports (VS2003 (.NET) build 4035)	`25`
Total imports	`601`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`352`
Exports (VS2012 build 50727 / VS2005 build 50727)	`1`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

Leave a comment

No comments yet.