filename | rohanclient.exe | |
---|---|---|
size | 2835968 (0x2b4600) | |
md5 | fbbbe9d64e6379f18d0d7a6cb0004bd1 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x138 |
Rich Header
lib id | version | times used |
---|---|---|
105 | 2067 | 7 |
15 | 3077 | 67 |
95 | 2179 | 10 |
93 | 2067 | 2 |
95 | 3077 | 250 |
4 | 8168 | 4 |
4 | 8447 | 4 |
95 | 2067 | 12 |
18 | 8444 | 6 |
29 | 9178 | 132 |
28 | 9178 | 4 |
25 | 9210 | 8 |
1 | 0 | 514 |
93 | 2179 | 29 |
96 | 3077 | 1475 |
94 | 3052 | 1 |
90 | 3077 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v0.89.6 - v1.02 / v1.05 - v1.22 This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
UPX0 | 0x1000 | 0x83b000 | 0 | RWX UDATA | |
UPX1 | 0x83c000 | 0x2b3000 | 0x2b2c00 | RWX IDATA | |
.rsrc | 0xaef000 | 0x2000 | 0x1600 | RW- IDATA |
Data Directory
type | va | size | |
---|---|---|---|
EXPORT | 0 | 0 | |
IMPORT | 0xaf0114 | 0x4d8 | |
RESOURCE | 0xaef000 | 0x1114 | |
EXCEPTION | 0 | 0 | |
SECURITY | 0 | 0 | |
BASERELOC | 0 | 0 | |
DEBUG | 0 | 0 | |
ARCHITECTURE | 0 | 0 | |
GLOBALPTR | 0 | 0 | |
TLS | 0 | 0 | |
LOAD_CONFIG | 0 | 0 | |
Bound_IAT | 0 | 0 | |
IAT | 0 | 0 | |
Delay_IAT | 0 | 0 | |
CLR_Header | 0 | 0 |
type | name | size | cp | |
---|---|---|---|---|
ICON | #1 | 2216 | 0 | |
STRING | #1251 | 52 | 0 | |
STRING | #1257 | 92 | 0 | |
STRING | #1263 | 46 | 0 | |
STRING | #1876 | 86 | 0 | |
STRING | #1938 | 72 | 0 | |
STRING | #2007 | 60 | 0 | |
STRING | #2013 | 106 | 0 | |
STRING | #2014 | 80 | 0 | |
STRING | #2019 | 36 | 0 | |
GROUP_ICON | #102 | 20 | 0 | |
VERSION | #1 | 712 | 0 | |
MANIFEST | #1 | 648 | 0 |
id | lang | string |
---|---|---|
20000 | 1042 | ࣼ↢ࣨ샨쓑疍送늚ﶃ췿⎁벊㤊⣨䘃㊑씪Ꭹ辋瑮ⲃ퀫溌 |
20096 | 1042 | 04 5e 80 8b 32 f7 28 4c 79 6b a8 3c 33 f6 8e 54 |.^..2.(Lyk.<3..T| ac dc 4d 40 f8 05 74 37 48 1c 8b c6 8c 61 35 bf |..M@..t7H....a5.| 05 c1 f9 05 23 bd c9 c4 c5 10 17 54 ef 6a d2 28 |....#......T.j.(| d2 56 dc 89 7c eb 0f 9d 01 8c 15 13 30 a7 c3 51 |.V..|.......0..Q| 92 89 3c 38 cc d2 a0 89 f7 d1 f4 80 69 22 27 54 |..<8........i"'T| 84 4f 3d 97 84 be 4f ba 60 4c 94 83 |.O=...O.`L.. | |
20192 | 1042 | 烙蘕Ő䄅ꠀⵁ舊膓ㅡչ쌼Ңʤ֝蟋ಜ听球ျ㰈슐謧 |
30000 | 1042 | 01 a3 3b ef 74 18 0b 0f 05 aa 0d c0 e1 c6 c6 d2 |..;.t...........| 44 a8 38 4b 56 d8 a1 0d 48 10 d9 0d e2 21 71 11 |D.8KV...H....!q.| 0c a0 18 c3 42 2a e0 10 0b 2a 50 e3 9b 18 8c 09 |....B*...*P.....| 2e 4a c2 07 0d 0f a7 dd 03 71 84 cb 25 a9 0c 15 |.J.......q..%...| 41 c3 b4 81 1f b8 8b f0 28 20 92 f8 61 57 fd 77 |A.......( ..aW.w| 1a 2f 5d 44 22 10 |./]D". | |
30992 | 1042 | ᝦŻ곑息贤☆䎤ᐡ㏋忽푵д衣쮗ᶥਔﳸ藍ⴻ읽䀀ᚚ⹈䮗偌屘ꥳ岼㱠䀂⹄⮗쏚 |
32096 | 1042 | 邌괠⚣嘍锷䴶笗U먀䨩뒱ᐶ∈ኀ⯒యⴐ퍑権怽삁侥ୃᅩꁇ |
32192 | 1042 | 11 89 e5 b0 46 23 a9 9b 80 d2 e0 87 5f 8d 8e 4c |....F#......_..L| af 06 5a 24 a4 85 5c 90 5c 45 42 3a 80 b1 2c d2 |..Z$..\.\EB:..,.| 4a 2a ad 81 30 34 a8 54 2d 12 51 61 bc ee 51 63 |J*..04.T-.Qa..Qc| 81 c1 f9 e9 ec ec 0d 5d 4c 04 9f 74 8d 9c 38 05 |.......]L..t..8.| 71 74 73 3e 1e 6e 86 23 ff 15 4c 8d 56 14 52 9c |qts>.n.#..L.V.R.| 8d 5c 41 dc f9 d2 1c 69 30 74 1c 3c 3e 5f 1c da |.\A....i0t.<>_..| 49 73 a4 48 74 7c 54 bc 82 60 |Is.Ht|T..` | |
32208 | 1042 | ꂇﲑ梕乼襰ಀ谁㆟䃑쭅弱ហ䣩ꢤ娿ꬄ戢厁ᒴ䜤ࡸ㶣䷔䙃흒ಁ贕奁ᅲ냈벟觜幀蠄ԁ§ |
32288 | 1042 | 爻鞟ᑁℹ財됔䈤ꙹ㐄전藄턉䗾畴♦ |
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.DLL | LoadLibraryA | ||
KERNEL32.DLL | GetProcAddress | ||
KERNEL32.DLL | VirtualProtect | ||
KERNEL32.DLL | VirtualAlloc | ||
KERNEL32.DLL | VirtualFree | ||
KERNEL32.DLL | ExitProcess | ||
ADVAPI32.dll | RegOpenKeyA | ||
AVIFIL32.dll | AVIFileInit | ||
d3d9.dll | Direct3DCreate9 | ||
dbghelp.dll | MiniDumpWriteDump | ||
DINPUT8.dll | DirectInput8Create | ||
dph.ldr | __initialize | ||
fmod.dll | _FSOUND_Init@12 | ||
GDI32.dll | BitBlt | ||
IMM32.dll | ImmIsIME | ||
iphlpapi.dll | GetAdaptersInfo | ||
LIBEAY32.dll | 341 | ||
npkcrypt.dll | 2 | ||
ole32.dll | CoInitialize | ||
OLEAUT32.dll | 200 | ||
SHELL32.dll | ShellExecuteA | ||
SHLWAPI.dll | wnsprintfA | ||
USER32.dll | GetDC | ||
VERSION.dll | VerQueryValueA | ||
WININET.dll | FtpPutFileA | ||
WINMM.dll | mmioSeek | ||
WS2_32.dll | 6 |
StringTable 040904b0
CompanyName | YNK Games |
FileDescription | Rohan Online Game |
FileVersion | 6, 4, 0, 117 |
InternalName | RohanClient |
LegalCopyright | Copyright (C) 2005 |
OriginalFilename | RohanClient |
ProductName | Rohan |
ProductVersion | 6, 4, 0, 117 |
VS_FIXEDFILEINFO
FileVersion | 6.4.0.117 |
ProductVersion | 6.4.0.117 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x17 |
FileFlags | 0 |
FileOS | 4 |
FileType | 0 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[!] string size(1184) > stringtable size(52). truncated to 50
[!] string size(48136) > stringtable size(92). truncated to 90
[!] cannot convert "\x80\x8B2\xF7(Lyk\xA8<3\xF6\x8ET\xAC\xDC"... to UTF-16
[!] string size(15648) > stringtable size(46). truncated to 44
[!] string size(83458) > stringtable size(86). truncated to 84
[!] cannot convert ";\xEFt\x18\v\x0F\x05\xAA\r\xC0\xE1\xC6\xC6\xD2D\xA8"... to UTF-16
[!] string size(59874) > stringtable size(72). truncated to 70
[!] string size(70078) > stringtable size(60). truncated to 58
[!] string size(70178) > stringtable size(106). truncated to 104
[!] cannot convert "\xE5\xB0F#\xA9\x9B\x80\xD2\xE0\x87_\x8D\x8EL\xAF\x06"... to UTF-16
[!] string size(70576) > stringtable size(80). truncated to 78
[!] string size(119282) > stringtable size(36). truncated to 34