Manalyze report for d779f25a086dd77a1e5fa28cbb746024

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Feb-17 16:14:01
Detected languages	English - United States Korean - Korea
CompanyName	Wizet
FileDescription	MapleStory
FileVersion	`1, 0, 0, 1`
InternalName	MapleStory
LegalCopyright	Copyright ⓒ 2003
OriginalFilename	MapleStory.exe
ProductName	Wizet MapleStory
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: netmon.exe sc.exe` `Looks for VirtualPC presence: 0f 3f 07 0b` `May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: Ingameweb.nexon.net http://Ingameweb.nexon.net http://Ingameweb.nexon.net/maplestory/client/launcher.html http://ingameweb.nexon.net http://ingameweb.nexon.net/maplestory/ad/maple_window_mode_ad.html http://ingameweb.nexon.net/maplestory/client/image/banner.html http://maplestory.nexon.net http://maplestory.nexon.net/WZ.ASPX?PART ingameweb.nexon.net mapleglobal.com maplestory.nexon.net miniml.com nexon.net oreans.com patch.mapleglobal.com www.miniml.com`
Malicious	The file headers were tampered with.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: .mackt\x00t` `Section .mackt\x00t is both writable and executable.` `Unusual section name found:` `The RICH header checksum is invalid.` `The number of imports reported in the RICH header is inconsistent.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Can access the registry: RegSetValueExA RegDeleteValueA RegOpenKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: MapVirtualKeyA AttachThreadInput` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetConnectA InternetCloseHandle InternetSetStatusCallback InternetOpenA` `Leverages the raw socket API to access the Internet: WSAStartup getsockname getpeername WSACleanup inet_addr gethostbyname WSAGetLastError shutdown socket htonl htons closesocket` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: OpenProcess Process32First Process32Next` `Can take screenshots: CreateCompatibleDC BitBlt FindWindowA`
Suspicious	The file contains overlay data.	`5634435 bytes of data starting at offset 0x416688.`
Malicious	VirusTotal score: 29/69 (Scanned on 2021-04-07 18:33:15)	`Bkav: W32.AIDetect.malware1` `Elastic: malicious (high confidence)` `DrWeb: Trojan.Siggen8.60966` `Malwarebytes: Crypt.Trojan.Injection.DDS` `Sangfor: Trojan.Win32.Save.a` `CrowdStrike: win/malicious_confidence_80% (D)` `K7GW: Trojan ( 0053937a1 )` `K7AntiVirus: Trojan ( 0053937a1 )` `Cyren: W32/A-9ee48544!Eldorado` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Avast: Win32:Virtu-G [Inf]` `Zillya: Adware.CrossRider.Win32.27435` `McAfee-GW-Edition: BehavesLike.Win32.Generic.th` `FireEye: Generic.mg.d779f25a086dd77a` `Sophos: ML/PE-A` `Ikarus: Trojan-Spy` `Microsoft: Trojan:Script/Phonzy.A!ml` `Gridinsoft: Trojan.Heur!.03092021` `Cynet: Malicious (score: 100)` `Acronis: suspicious` `VBA32: TScope.Malware-Cryptor.SB` `Cylance: Unsafe` `Yandex: Trojan.GenAsa!Or6IyN2Hfw4` `SentinelOne: Static AI - Malicious PE` `eGambit: Unsafe.AI_Score_91%` `Fortinet: W32/Virtu.G!tr` `AVG: Win32:Virtu-G [Inf]` `Cybereason: malicious.14bba9`

Hashes

MD5	`d779f25a086dd77a1e5fa28cbb746024`
SHA1	`ab44bbb14bba99fd4c49b70e8885c0fb2b2eee67`
SHA256	`2813e0cbbb57f4da88440d39b0e375a728d546f5c3f12516cc0bf15f7ae35bce`
SHA3	`070a102ff19bb53df6313a6e664ec69c2c316356568ca318c89662eaa7038834`
SSDeep	`98304:vMeDqBamHwHrDtBLSdOstjwa2geWz/R6yLgNDmkRNSoQBrkqWews7MFGO:/mQHr8ea2uV6eEBR3QB4qWen7TO`
Imports Hash	`b4b79086aeb287b2fcbff82d436a81a1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0x7546`
e_oeminfo	`0x4eb3`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2010-Feb-17 16:14:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6ef000`
SizeOfInitializedData	`0x129000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00663FF3 (Section: \x00 )`
BaseOfCode	`0x1000`
BaseOfData	`0x6f0000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa95000`
SizeOfHeaders	`0x1000`
Checksum	`0x4213dc`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`17517e7583661e0955ffd95b81f3aa47`
SHA1	`4d94ac0365c6aca721792378db4358418589a237`
SHA256	`f93b2d4467db88d86a6cc39af4c4191cc073dda28126ec5fc865df1a765ea4f9`
SHA3	`36c903cf01e6d2f40f7422f19dab5080a586d0de471855f0a6488c6df149ff5b`
VirtualSize	`0x7f8000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7f8000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.50472`

.rsrc

MD5	`933f344283116af18a02e9b871f0d874`
SHA1	`deb63d0a7d54cb41c37053b351cb02e4aaf10ac7`
SHA256	`8d45e62f4974ccab2cfd86adb770ffe6db6f9de76f22f90a48d8cd286c8ef59d`
SHA3	`a273441a4192c78a1c46da869702dfa167b026fae075d8c143f98f69e587c443`
VirtualSize	`0x20000`
VirtualAddress	`0x7f9000`
SizeOfRawData	`0x1f4d0`
PointerToRawData	`0x7f9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.64972`

.idata

MD5	`195266ec05a9c04c4d00edfa8687e9a5`
SHA1	`11656c13c7c5b368dfde98a15b20daf64b5e7554`
SHA256	`4dfef3a3c157b402a757baa86250a5d9c89ce1ed7bc0f97ef2e08ef1f723f696`
SHA3	`9b01592f00bf25651eabe6cf3f38f54df82ef3b8cbdcd6a60600f22711ba9d86`
VirtualSize	`0x1000`
VirtualAddress	`0x819000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x819000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.131092`

MD5	`1797dfc49f6ed7d86f0bbb4f528d5d2e`
SHA1	`2a15cc402a5ec28d7792089ba15ed4928272606d`
SHA256	`26f0e5036caff63e70929c318813523e86aae9de1ef186120b97578bc9ce02a0`
SHA3	`fd7625e8995f86934ad6903f25b8b812d463968833f2368b8ff4aa73cfa4463e`
VirtualSize	`0x278000`
VirtualAddress	`0x81a000`
SizeOfRawData	`0x159000`
PointerToRawData	`0x81a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.65095`

.mackt\x00t

MD5	`33aad9e47259fc3dec69647afdd573b5`
SHA1	`679b84198ff7ca867a85b2b12eb23ccad249e24c`
SHA256	`d2c9d5e74025cf263f4c0398a2268c697e8b9a1b381376651fd9efd6d975d922`
SHA3	`6d04fd8b20e12570971df6a45b0d637da120859c964ee1290c80acb7ef6603ee`
VirtualSize	`0x2000`
VirtualAddress	`0xa92000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x973000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.74484`

Section_6

MD5	`029b0d9ad605c20fa4f16d377c72b0c2`
SHA1	`dd900a434a72db0ca381634987153fd086c92238`
SHA256	`f04afe6b3544dae4bc86f372c99fb28a90f4cd63a1f3627d1627be6cb91ab173`
SHA3	`6190b775ee3c4001769fbd0911fbea569b4264201432266e39d00b221d8701f5`
VirtualSize	`0x1000`
VirtualAddress	`0xa94000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x975000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.23426`

Imports

advapi32.dll	`RegSetValueExA` `RegDeleteValueA` `LookupPrivilegeValueA` `OpenProcessToken` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `AdjustTokenPrivileges`
dinput8.dll	`DirectInput8Create`
gdi32.dll	`DeleteObject` `CreateCompatibleDC` `SelectObject` `BitBlt` `DeleteDC` `GetObjectA` `CreateDIBSection`
kernel32.dll	`FindNextFileA` `DeleteFileA` `FindFirstFileA` `WaitForSingleObject` `CreateProcessA` `MultiByteToWideChar` `IsDBCSLeadByte` `SystemTimeToFileTime` `GetLocalTime` `CompareFileTime` `GetVersion` `FileTimeToSystemTime` `lstrcmp` `lstrcpy` `GetVolumeInformationA` `GetWindowsDirectoryA` `GetLastError` `CreateDirectoryA` `HeapAlloc` `GetProcessHeap` `HeapFree` `WideCharToMultiByte` `CompareStringA` `LeaveCriticalSection` `EnterCriticalSection` `GetFileSize` `SetFileAttributesA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `lstrcmpi` `SetUnhandledExceptionFilter` `IsBadWritePtr` `GetVersionExA` `LocalAlloc` `lstrlen` `FormatMessageA` `GetCurrentThreadId` `GetModuleFileNameA` `Sleep` `_lopen` `GetModuleHandleA` `OpenMutexA` `GetTickCount` `VirtualQuery` `UnmapViewOfFile` `FindClose` `CreateFileMappingA` `HeapReAlloc` `GetCommandLineA` `GetStartupInfoA` `ExitProcess` `FileTimeToLocalFileTime` `ExitThread` `TlsGetValue` `TlsSetValue` `CreateThread` `RaiseException` `RtlUnwind` `lstrlenW` `VirtualProtect` `CreateMutexA` `OpenProcess` `SetEvent` `ReleaseMutex` `SetLastError` `CreateEventA` `TerminateProcess` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `Thread32First` `Thread32Next` `GetSystemDirectoryA` `GetTempPathA` `GetTempFileNameA` `CopyFileA` `CreateFileA` `ReadFile` `InterlockedDecrement` `SetFilePointer` `WriteFile` `LoadLibraryExA` `IsBadReadPtr` `GetCurrentProcess` `CloseHandle` `DeleteCriticalSection` `InitializeCriticalSection` `FatalAppExitA` `TlsAlloc` `TlsFree` `GetCurrentThread` `UnhandledExceptionFilter` `GetEnvironmentVariableA` `HeapDestroy` `HeapCreate` `VirtualFree` `VirtualAlloc` `GetCPInfo` `InterlockedExchange` `LocalFree` `GetACP` `GetOEMCP` `LCMapStringA` `LCMapStringW` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `InterlockedIncrement` `MapViewOfFile` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `SetEnvironmentVariableA` `CompareStringW` `GetLocaleInfoW` `SetEndOfFile` `SetConsoleCtrlHandler` `GetTimeZoneInformation` `FlushFileBuffers` `SetStdHandle` `GetUserDefaultLCID` `EnumSystemLocalesA` `GetLocaleInfoA` `IsValidCodePage` `IsValidLocale` `GetStringTypeW` `GetStringTypeA` `IsBadCodePtr` `GetFileType` `HeapSize`
netapi32.dll	`Netbios`
oleaut32.dll	`VariantClear` `VariantInit` `SafeArrayCreate` `SetErrorInfo` `SysFreeString` `CreateErrorInfo` `SysAllocString` `VariantChangeType` `GetErrorInfo` `VariantCopy` `SafeArrayDestroy`
shell32.dll	`SHGetSpecialFolderPathA`
user32.dll	`SetRect` `SetRectEmpty` `CharUpperBuffA` `EnumThreadWindows` `ShowCursor` `MapVirtualKeyA` `SetWindowPos` `GetWindowRect` `MoveWindow` `GetWindow` `SendMessageA` `FindWindowA` `IsWindowEnabled` `GetWindowThreadProcessId` `AttachThreadInput` `BringWindowToTop` `wsprintfA` `PtInRect` `wvsprintfA` `MessageBoxA` `LoadBitmapA` `CreateWindowExA` `EnableWindow` `OffsetRect` `GetDlgItem` `DialogBoxParamA` `GetWindowTextA`
version.dll	`VerQueryValueA` `GetFileVersionInfoA` `GetFileVersionInfoSizeA`
wininet.dll	`InternetConnectA` `FtpOpenFileA` `FtpGetFileSize` `FtpGetFileA` `InternetCloseHandle` `HttpSendRequestA` `InternetSetStatusCallback` `HttpOpenRequestA` `InternetOpenA`
winmm.dll	`timeGetTime`
ws2_32.dll	`WSAStartup` `getsockname` `getpeername` `WSACleanup` `inet_addr` `gethostbyname` `WSAGetLastError` `shutdown` `socket` `htonl` `htons` `closesocket`
ijl15.dll	`ijlFree` `ijlRead` `ijlInit` `ijlWrite`
iphlpapi.dll	`GetAdaptersInfo`
mss32.dll	`_AIL_quick_play@8` `_AIL_quick_shutdown@0` `_AIL_set_redist_directory@4` `_AIL_quick_startup@20` `_AIL_quick_status@4` `_AIL_quick_ms_position@4` `_AIL_quick_set_ms_position@8` `_AIL_quick_unload@4` `_AIL_quick_load_mem@8` `_AIL_quick_halt@4` `_AIL_quick_set_volume@12` `_AIL_quick_ms_length@4`
nmcogame.dll	`NMCO_SetVersionFileUrlA` `NMCO_MemoryFree` `NMCO_CallNMFunc` `NMCO_SetPatchOption` `NMCO_SetUseFriendModuleOption` `NMCO_SetUseNGMOption` `NMCO_SetLocale` `NMCO_SetLocaleAndRegion`
ole32.dll	`CoCreateGuid`

Delayed Imports

116

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

117

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

118

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58114`
MD5	`9bd2795f11a1351ac9048215b485d3f0`
SHA1	`a479d1f280cba17d547bb56ef54dbe854eda07c7`
SHA256	`bf113d1e0cda6eaa16ab4487c676cae872b4f4270434ec09cd877c62d7bb3024`
SHA3	`36361250eef251a2d83439cd8d8ad59c1469c813995816d0c96d7088fbc447eb`
Preview

119

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ff4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44158`
MD5	`0252a6752f565163bdea24f55b7b657e`
SHA1	`175d5d685e06d35bcfd0c6b9c554d240c77ffac5`
SHA256	`fede233b2c329bcf902342276ac074f2c10e0090551091c4aa5335e787bce564`
SHA3	`5071d1c739caab6230f658b0173b57ca54a0b65b15091e14882e1862651efc44`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73825`
MD5	`1cf7699a8e869bd1ef3ff26ee43c37a7`
SHA1	`f871fe4168f5ea6d504e47b14f23b882b8917f7c`
SHA256	`463ce33acac9404f650fd5a15f2d12a33a46ad38bdf0422839c18f9b04b81bb2`
SHA3	`02aa1f42ab46912c57de5f00cc3496db54aad06d37d3613b3b21b70c50e54157`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.85842`
MD5	`28a7e6718b813c459fb52f625033f506`
SHA1	`f8b1a965551b8d4e8a6143f265c06e5ad13c9c04`
SHA256	`3299684bc87f07fb4e0027ab43d75799be8e0d836db5f1853871efcdafcd4593`
SHA3	`1d11a7026d867766f55f40d36f6b1ddecc1718d08c9e45339fcdfd5a4db06eab`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84992`
MD5	`2584414e6a21ce297168f8b01dec31ae`
SHA1	`c9b8817b7f96345ac9e1d012bd1375d858cc5d79`
SHA256	`057bfdb1920a8df0eef9b1f52d03e8d93df15aaa8082a56eeab48a6189ca0105`
SHA3	`a6748035c2dbba3d1e26a3b60965943bfe7d0be734cd4a7556112383bbd074d5`

115

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x80`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90967`
MD5	`1d28bfcab9620148edc356c5416c9665`
SHA1	`e21d0f9503d6ea91ec4582f16609e7a252497f87`
SHA256	`68ada5211b91da3bdb985c5716c4d66e6fbb76fd832b692d006295f97998b074`
SHA3	`2f105b0b9c711f1d718329f618492ee92e79712efcde41f7faae99413dce821d`

27893

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdd2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93669`
Detected Filetype	TrueType font file
MD5	`3dc9baece2f18a774e70dfcd79e20e8d`
SHA1	`c4cec6997ffb36bf16bf15f6c64d48121b51483e`
SHA256	`995bcb02cd21e745417c4f0113301ee60c1d993a7482686b2a619aa8f73c531f`
SHA3	`1b2f6109ad481d33e627080439bd7d78b0797505c57abd8d8765682950f48e77`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`62d6b1d51e9721a781148fb63c1970c6`
SHA1	`0491f06e0b5fe9241d44138303ece1776840fd6d`
SHA256	`1d47c7bd2cc20089bc0387c8e7ac0a1680e9b4dc81dbde998c3c5c8e6c7d69aa`
SHA3	`9f1474d08ea9f8bc44f2b127a2a96dbaaed16872128ddd81afe07b2b3756d3bd`

1 (#2)

Type	`RT_VERSION`
Language	Korean - Korea
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33241`
MD5	`9a4d64370938a25cca91eefd3437e765`
SHA1	`56077ed26e0a8c18a2714046e8592781f54e8c32`
SHA256	`63c1d0732ed262529a2a52e12a01142e31102d0db00d05f8b34f6a4feb8340cf`
SHA3	`ba3781fc49ace5765833f9229aca0ebc7f54d81cda06d460895f29140af685ae`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.78264`
MD5	`5973d0edfdbf1b6404940039508010ba`
SHA1	`1f12eac462c0a5acda47e1a2ca9408c31bd1dad9`
SHA256	`9536f3278c232280f0e4bb5c4adb0360dad5bca9e674f371990df461f018057c`
SHA3	`826494413d3471eaff42c62c4b4da62b36a7eb89fc72f7f93d72aa4567c07878`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Korean - Korea
CompanyName	Wizet
FileDescription	MapleStory
FileVersion (#2)	1, 0, 0, 1
InternalName	MapleStory
LegalCopyright	Copyright ⓒ 2003
OriginalFilename	MapleStory.exe
ProductName	Wizet MapleStory
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	Korean - Korea

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbe6bd6ef`
Unmarked objects	`0`
Imports (VS2003 (.NET) SP1 build 6030)	`2`
C++ objects (9178)	`1`
12 (7291)	`5`
14 (7299)	`45`
C objects (VS98 SP6 build 8804)	`161`
C++ objects (8798)	`3`
C++ objects (8047)	`1`
C objects (VC++ 6.0 SP5 build 8804)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (VC++ 6.0 SP5 build 8804)	`11`
C objects (9178)	`6`
37 (8755)	`2`
Imports (9210)	`27`
Total imports	`234`
C++ objects (VS98 SP6 build 8804)	`280`
Resource objects (VS98 SP6 cvtres build 1736)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`7`

Errors

[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.
[*] Warning: The WIN_CERTIFICATE appears to be invalid.