Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Feb-17 16:14:01 |
Detected languages |
English - United States
Korean - Korea |
CompanyName | Wizet |
FileDescription | MapleStory |
FileVersion | 1, 0, 0, 1 |
InternalName | MapleStory |
LegalCopyright | Copyright ⓒ 2003 |
OriginalFilename | MapleStory.exe |
ProductName | Wizet MapleStory |
ProductVersion | 1, 0, 0, 1 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Malicious | The file headers were tampered with. |
Unusual section name found: \x00
Section \x00 is both writable and executable. Unusual section name found: .idata Unusual section name found: Section is both writable and executable. Unusual section name found: .mackt\x00t Section .mackt\x00t is both writable and executable. Unusual section name found: The RICH header checksum is invalid. The number of imports reported in the RICH header is inconsistent. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 5634435 bytes of data starting at offset 0x416688. |
Malicious | VirusTotal score: 29/69 (Scanned on 2021-04-07 18:33:15) |
Bkav:
W32.AIDetect.malware1
Elastic: malicious (high confidence) DrWeb: Trojan.Siggen8.60966 Malwarebytes: Crypt.Trojan.Injection.DDS Sangfor: Trojan.Win32.Save.a CrowdStrike: win/malicious_confidence_80% (D) K7GW: Trojan ( 0053937a1 ) K7AntiVirus: Trojan ( 0053937a1 ) Cyren: W32/A-9ee48544!Eldorado Symantec: ML.Attribute.HighConfidence APEX: Malicious Avast: Win32:Virtu-G [Inf] Zillya: Adware.CrossRider.Win32.27435 McAfee-GW-Edition: BehavesLike.Win32.Generic.th FireEye: Generic.mg.d779f25a086dd77a Sophos: ML/PE-A Ikarus: Trojan-Spy Microsoft: Trojan:Script/Phonzy.A!ml Gridinsoft: Trojan.Heur!.03092021 Cynet: Malicious (score: 100) Acronis: suspicious VBA32: TScope.Malware-Cryptor.SB Cylance: Unsafe Yandex: Trojan.GenAsa!Or6IyN2Hfw4 SentinelOne: Static AI - Malicious PE eGambit: Unsafe.AI_Score_91% Fortinet: W32/Virtu.G!tr AVG: Win32:Virtu-G [Inf] Cybereason: malicious.14bba9 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0x7546 |
e_oeminfo | 0x4eb3 |
e_lfanew | 0x128 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2010-Feb-17 16:14:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6ef000 |
SizeOfInitializedData | 0x129000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00663FF3 (Section: \x00 ) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6f0000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xa95000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x4213dc |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
advapi32.dll |
RegSetValueExA
RegDeleteValueA LookupPrivilegeValueA OpenProcessToken RegOpenKeyExA RegQueryValueExA RegCloseKey AdjustTokenPrivileges |
---|---|
dinput8.dll |
DirectInput8Create
|
gdi32.dll |
DeleteObject
CreateCompatibleDC SelectObject BitBlt DeleteDC GetObjectA CreateDIBSection |
kernel32.dll |
FindNextFileA
DeleteFileA FindFirstFileA WaitForSingleObject CreateProcessA MultiByteToWideChar IsDBCSLeadByte SystemTimeToFileTime GetLocalTime CompareFileTime GetVersion FileTimeToSystemTime lstrcmp lstrcpy GetVolumeInformationA GetWindowsDirectoryA GetLastError CreateDirectoryA HeapAlloc GetProcessHeap HeapFree WideCharToMultiByte CompareStringA LeaveCriticalSection EnterCriticalSection GetFileSize SetFileAttributesA FreeLibrary GetProcAddress LoadLibraryA lstrcmpi SetUnhandledExceptionFilter IsBadWritePtr GetVersionExA LocalAlloc lstrlen FormatMessageA GetCurrentThreadId GetModuleFileNameA Sleep _lopen GetModuleHandleA OpenMutexA GetTickCount VirtualQuery UnmapViewOfFile FindClose CreateFileMappingA HeapReAlloc GetCommandLineA GetStartupInfoA ExitProcess FileTimeToLocalFileTime ExitThread TlsGetValue TlsSetValue CreateThread RaiseException RtlUnwind lstrlenW VirtualProtect CreateMutexA OpenProcess SetEvent ReleaseMutex SetLastError CreateEventA TerminateProcess CreateToolhelp32Snapshot Process32First Process32Next Thread32First Thread32Next GetSystemDirectoryA GetTempPathA GetTempFileNameA CopyFileA CreateFileA ReadFile InterlockedDecrement SetFilePointer WriteFile LoadLibraryExA IsBadReadPtr GetCurrentProcess CloseHandle DeleteCriticalSection InitializeCriticalSection FatalAppExitA TlsAlloc TlsFree GetCurrentThread UnhandledExceptionFilter GetEnvironmentVariableA HeapDestroy HeapCreate VirtualFree VirtualAlloc GetCPInfo InterlockedExchange LocalFree GetACP GetOEMCP LCMapStringA LCMapStringW FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStrings InterlockedIncrement MapViewOfFile GetEnvironmentStringsW SetHandleCount GetStdHandle SetEnvironmentVariableA CompareStringW GetLocaleInfoW SetEndOfFile SetConsoleCtrlHandler GetTimeZoneInformation FlushFileBuffers SetStdHandle GetUserDefaultLCID EnumSystemLocalesA GetLocaleInfoA IsValidCodePage IsValidLocale GetStringTypeW GetStringTypeA IsBadCodePtr GetFileType HeapSize |
netapi32.dll |
Netbios
|
oleaut32.dll |
VariantClear
VariantInit SafeArrayCreate SetErrorInfo SysFreeString CreateErrorInfo SysAllocString VariantChangeType GetErrorInfo VariantCopy SafeArrayDestroy |
shell32.dll |
SHGetSpecialFolderPathA
|
user32.dll |
SetRect
SetRectEmpty CharUpperBuffA EnumThreadWindows ShowCursor MapVirtualKeyA SetWindowPos GetWindowRect MoveWindow GetWindow SendMessageA FindWindowA IsWindowEnabled GetWindowThreadProcessId AttachThreadInput BringWindowToTop wsprintfA PtInRect wvsprintfA MessageBoxA LoadBitmapA CreateWindowExA EnableWindow OffsetRect GetDlgItem DialogBoxParamA GetWindowTextA |
version.dll |
VerQueryValueA
GetFileVersionInfoA GetFileVersionInfoSizeA |
wininet.dll |
InternetConnectA
FtpOpenFileA FtpGetFileSize FtpGetFileA InternetCloseHandle HttpSendRequestA InternetSetStatusCallback HttpOpenRequestA InternetOpenA |
winmm.dll |
timeGetTime
|
ws2_32.dll |
WSAStartup
getsockname getpeername WSACleanup inet_addr gethostbyname WSAGetLastError shutdown socket htonl htons closesocket |
ijl15.dll |
ijlFree
ijlRead ijlInit ijlWrite |
iphlpapi.dll |
GetAdaptersInfo
|
mss32.dll |
_AIL_quick_play@8
_AIL_quick_shutdown@0 _AIL_set_redist_directory@4 _AIL_quick_startup@20 _AIL_quick_status@4 _AIL_quick_ms_position@4 _AIL_quick_set_ms_position@8 _AIL_quick_unload@4 _AIL_quick_load_mem@8 _AIL_quick_halt@4 _AIL_quick_set_volume@12 _AIL_quick_ms_length@4 |
nmcogame.dll |
NMCO_SetVersionFileUrlA
NMCO_MemoryFree NMCO_CallNMFunc NMCO_SetPatchOption NMCO_SetUseFriendModuleOption NMCO_SetUseNGMOption NMCO_SetLocale NMCO_SetLocaleAndRegion |
ole32.dll |
CoCreateGuid
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Korean - Korea |
CompanyName | Wizet |
FileDescription | MapleStory |
FileVersion (#2) | 1, 0, 0, 1 |
InternalName | MapleStory |
LegalCopyright | Copyright ⓒ 2003 |
OriginalFilename | MapleStory.exe |
ProductName | Wizet MapleStory |
ProductVersion (#2) | 1, 0, 0, 1 |
Resource LangID | Korean - Korea |
---|
XOR Key | 0xbe6bd6ef |
---|---|
Unmarked objects | 0 |
Imports (VS2003 (.NET) SP1 build 6030) | 2 |
C++ objects (9178) | 1 |
12 (7291) | 5 |
14 (7299) | 45 |
C objects (VS98 SP6 build 8804) | 161 |
C++ objects (8798) | 3 |
C++ objects (8047) | 1 |
C objects (VC++ 6.0 SP5 build 8804) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 2 |
C++ objects (VC++ 6.0 SP5 build 8804) | 11 |
C objects (9178) | 6 |
37 (8755) | 2 |
Imports (9210) | 27 |
Total imports | 234 |
C++ objects (VS98 SP6 build 8804) | 280 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |
Linker (VC++ 6.0 SP5 imp/exp build 8447) | 7 |