ScreenShot
| Created | 2021.04.09 16:23 | Machine | s1_win7_x6402 |
| Filename | AA_v3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (malicious, high confidence, GenericKD, RemAdm, Ammyy, Unsafe, YYPM, Remacc, RemoteAdmin, C potentially unsafe, FileRepMalware, Tool, fnziod, CLOUD, Malware@#1m8vr6ed8fz3f, HackTool, AmmyyAdmin, Generic ML PUA, ai score=100, score, R278120, Igent, bRQHa9, Static AI, Suspicious PE, confidence, 100%, FlawedAmmyy, HgAASRUA) | ||
| md5 | 121e1634bf18768802427f0a13f039a9 | ||
| sha256 | 5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa | ||
| ssdeep | 12288:hSX+EvrCA3FNIs34Zk1L1ZSNlm3Spsal6lbRtMuStGKcsCSqcl90Va1ugp:2FNN4Zk1LTclm3e1kbRtyGKcpHcl517p | ||
| imphash | f97ad1acd1ab75d2d973b655b2e7f9b9 | ||
| impfuzzy | 192:tjc+8Y25t72FjuHhlS7J05HANpXDLrW3bwAEU9q8otnUFn:iER8byJ05gNpX/rop9q8o5Cn | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | Str_Win32_Http_API | Match Windows Http API call | binaries (upload) |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | create_service | Create a windows service | binaries (upload) |
| info | HasDigitalSignature | DigitalSignature Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | keylogger | Run a keylogger | binaries (upload) |
| info | network_dns | Communications use DNS | binaries (upload) |
| info | network_http | Communications over HTTP | binaries (upload) |
| info | network_tcp_listen | Listen for incoming communication | binaries (upload) |
| info | network_tcp_socket | Communications over RAW socket | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | Str_Win32_Wininet_Library | Match Windows Inet API library declaration | binaries (upload) |
| info | Str_Win32_Winsock2_Library | Match Winsock 2 API library declaration | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
| info | win_token | Affect system token | binaries (upload) |
Network (21cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x488858 WSAGetLastError
0x48885c send
0x488860 recv
0x488864 select
0x488868 WSAStartup
0x48886c getpeername
0x488870 getservbyport
0x488874 ntohs
0x488878 gethostbyaddr
0x48887c gethostbyname
0x488880 inet_addr
0x488884 getservbyname
0x488888 htonl
0x48888c inet_ntoa
0x488890 WSAIoctl
0x488894 connect
0x488898 accept
0x48889c htons
0x4888a0 ind
0x4888a4 listen
0x4888a8 socket
0x4888ac __WSAFDIsSet
0x4888b0 shutdown
0x4888b4 setsockopt
0x4888b8 ioctlsocket
0x4888bc WSACleanup
0x4888c0 closesocket
GDI32.dll
0x4880e8 SetStretchBltMode
0x4880ec LineTo
0x4880f0 MoveToEx
0x4880f4 Ellipse
0x4880f8 GetDIBits
0x4880fc CreateCompatibleBitmap
0x488100 RealizePalette
0x488104 SelectPalette
0x488108 CreatePalette
0x48810c GetSystemPaletteEntries
0x488110 GdiFlush
0x488114 CombineRgn
0x488118 StretchBlt
0x48811c CreateDIBitmap
0x488120 DeleteDC
0x488124 SetBkMode
0x488128 SelectObject
0x48812c CreateCompatibleDC
0x488130 CreatePatternBrush
0x488134 GetBitmapBits
0x488138 GetObjectA
0x48813c BitBlt
0x488140 CreateFontIndirectA
0x488144 DPtoLP
0x488148 CreateRectRgn
0x48814c ExtTextOutA
0x488150 CreateDIBSection
0x488154 SetBitmapBits
0x488158 CreateRectRgnIndirect
0x48815c SelectClipRgn
0x488160 TextOutW
0x488164 SetTextAlign
0x488168 SetBrushOrgEx
0x48816c ExtTextOutW
0x488170 SetTextColor
0x488174 SetBkColor
0x488178 GetTextExtentPoint32W
0x48817c CreateFontA
0x488180 CreateFontIndirectW
0x488184 GetStockObject
0x488188 GetRegionData
0x48818c CreateSolidBrush
0x488190 DeleteObject
0x488194 GetDeviceCaps
USER32.dll
0x488590 FindWindowA
0x488594 OpenDesktopA
0x488598 SendMessageTimeoutA
0x48859c IntersectRect
0x4885a0 LoadIconA
0x4885a4 EqualRect
0x4885a8 EnumDisplaySettingsExW
0x4885ac EnumDisplayDevicesW
0x4885b0 GetCursorInfo
0x4885b4 OpenInputDesktop
0x4885b8 CloseDesktop
0x4885bc GetUserObjectInformationA
0x4885c0 GetThreadDesktop
0x4885c4 EmptyClipboard
0x4885c8 RegisterClassExA
0x4885cc PeekMessageA
0x4885d0 MsgWaitForMultipleObjects
0x4885d4 MapVirtualKeyW
0x4885d8 SendInput
0x4885dc LockWorkStation
0x4885e0 SetThreadDesktop
0x4885e4 SetDlgItemTextA
0x4885e8 SetDlgItemInt
0x4885ec CallNextHookEx
0x4885f0 SetWindowsHookExA
0x4885f4 UnhookWindowsHookEx
0x4885f8 DestroyAcceleratorTable
0x4885fc TranslateAcceleratorA
0x488600 CreateAcceleratorTableA
0x488604 SetWindowTextA
0x488608 ReleaseCapture
0x48860c SetCapture
0x488610 GetAsyncKeyState
0x488614 RegisterClassExW
0x488618 DestroyCursor
0x48861c MessageBeep
0x488620 SetClipboardData
0x488624 IsWindowVisible
0x488628 SwitchToThisWindow
0x48862c SendMessageA
0x488630 FindWindowW
0x488634 MessageBoxA
0x488638 ShowWindow
0x48863c wsprintfA
0x488640 wsprintfW
0x488644 SetCursorPos
0x488648 GetClipboardOwner
0x48864c OpenClipboard
0x488650 GetClipboardData
0x488654 CloseClipboard
0x488658 ShowWindowAsync
0x48865c GetWindowDC
0x488660 SetScrollInfo
0x488664 GetWindow
0x488668 WindowFromPoint
0x48866c SetClassLongW
0x488670 ChangeClipboardChain
0x488674 ReleaseDC
0x488678 GetDC
0x48867c DestroyIcon
0x488680 LoadImageA
0x488684 GetIconInfo
0x488688 EnableWindow
0x48868c SetDlgItemTextW
0x488690 DestroyWindow
0x488694 SetWindowPos
0x488698 MapWindowPoints
0x48869c InsertMenuItemW
0x4886a0 InsertMenuItemA
0x4886a4 EnumWindows
0x4886a8 GetClassNameA
0x4886ac GetWindowTextA
0x4886b0 KillTimer
0x4886b4 GetWindowLongW
0x4886b8 PostMessageA
0x4886bc DrawTextW
0x4886c0 SetRect
0x4886c4 ShowScrollBar
0x4886c8 IsIconic
0x4886cc ScrollWindowEx
0x4886d0 AdjustWindowRectEx
0x4886d4 GetMenuState
0x4886d8 GetWindowPlacement
0x4886dc SetWindowPlacement
0x4886e0 GetSysColorBrush
0x4886e4 AppendMenuW
0x4886e8 SetClipboardViewer
0x4886ec DrawTextA
0x4886f0 EndDialog
0x4886f4 CreateDialogParamW
0x4886f8 DialogBoxParamA
0x4886fc CallWindowProcW
0x488700 CallWindowProcA
0x488704 DefWindowProcA
0x488708 IsWindowUnicode
0x48870c GetSystemMenu
0x488710 RedrawWindow
0x488714 ScreenToClient
0x488718 DrawStateA
0x48871c DrawEdge
0x488720 GetClientRect
0x488724 CreateWindowExA
0x488728 IsWindow
0x48872c GetParent
0x488730 GetWindowLongA
0x488734 MonitorFromWindow
0x488738 GetMonitorInfoW
0x48873c EnumDisplaySettingsW
0x488740 GetForegroundWindow
0x488744 GetWindowThreadProcessId
0x488748 AttachThreadInput
0x48874c SetActiveWindow
0x488750 SetCursor
0x488754 SetTimer
0x488758 PostThreadMessageA
0x48875c MoveWindow
0x488760 BeginPaint
0x488764 EndPaint
0x488768 GetDlgItemInt
0x48876c SendDlgItemMessageA
0x488770 MapDialogRect
0x488774 SetWindowLongA
0x488778 ClientToScreen
0x48877c LoadCursorA
0x488780 RegisterClassW
0x488784 CreateWindowExW
0x488788 SetWindowLongW
0x48878c GetMessageA
0x488790 IsDialogMessageA
0x488794 TranslateMessage
0x488798 DispatchMessageA
0x48879c SetWindowTextW
0x4887a0 SetMenu
0x4887a4 LoadMenuA
0x4887a8 GetMenuItemInfoA
0x4887ac SetMenuItemInfoA
0x4887b0 GetSubMenu
0x4887b4 SetMenuItemInfoW
0x4887b8 GetMenuItemID
0x4887bc EnableMenuItem
0x4887c0 GetMenuItemCount
0x4887c4 CheckMenuItem
0x4887c8 GetKeyState
0x4887cc InvalidateRect
0x4887d0 UpdateWindow
0x4887d4 SetForegroundWindow
0x4887d8 SetFocus
0x4887dc GetFocus
0x4887e0 PostQuitMessage
0x4887e4 DefWindowProcW
0x4887e8 CreatePopupMenu
0x4887ec GetCursorPos
0x4887f0 TrackPopupMenu
0x4887f4 GetSysColor
0x4887f8 GetSystemMetrics
0x4887fc GetMenuItemInfoW
0x488800 DrawMenuBar
0x488804 AppendMenuA
0x488808 SystemParametersInfoW
0x48880c DestroyMenu
0x488810 GetDlgItem
0x488814 MessageBoxW
0x488818 SendMessageW
0x48881c GetWindowRect
0x488820 SystemParametersInfoA
SHELL32.dll
0x48853c SHBrowseForFolderW
0x488540 SHGetPathFromIDListW
0x488544 SHGetMalloc
0x488548 Shell_NotifyIconA
0x48854c SHGetFolderPathW
0x488550 ShellExecuteExW
0x488554 SHGetFileInfoW
0x488558 SHGetFolderPathA
0x48855c ShellExecuteW
0x488560 SHGetSpecialFolderPathW
0x488564 ShellExecuteA
MSVCRT.dll
0x48838c _strnicmp
0x488390 _strupr
0x488394 _strlwr
0x488398 _wcsicmp
0x48839c strchr
0x4883a0 _controlfp
0x4883a4 _iob
0x4883a8 __set_app_type
0x4883ac __p__fmode
0x4883b0 __p__commode
0x4883b4 _adjust_fdiv
0x4883b8 __setusermatherr
0x4883bc _initterm
0x4883c0 __getmainargs
0x4883c4 _acmdln
0x4883c8 __CxxFrameHandler
0x4883cc strlen
0x4883d0 isspace
0x4883d4 memchr
0x4883d8 _errno
0x4883dc strtol
0x4883e0 isdigit
0x4883e4 strstr
0x4883e8 memcpy
0x4883ec ??2@YAPAXI@Z
0x4883f0 _purecall
0x4883f4 free
0x4883f8 memset
0x4883fc malloc
0x488400 sprintf
0x488404 printf
0x488408 fwrite
0x48840c srand
0x488410 time
0x488414 _CxxThrowException
0x488418 rand
0x48841c atol
0x488420 _stricmp
0x488424 isprint
0x488428 tolower
0x48842c strncpy
0x488430 wcslen
0x488434 atoi
0x488438 abs
0x48843c wcscpy
0x488440 strcmp
0x488444 strcpy
0x488448 memcmp
0x48844c iswspace
0x488450 wcsncmp
0x488454 _wtoi
0x488458 _ultow
0x48845c wcschr
0x488460 _stat
0x488464 swprintf
0x488468 _ftol
0x48846c strcat
0x488470 strtoul
0x488474 calloc
0x488478 _rotl
0x48847c _rotr
0x488480 fopen
0x488484 fread
0x488488 fclose
0x48848c fseek
0x488490 ftell
0x488494 fflush
0x488498 wcsncpy
0x48849c wcsrchr
0x4884a0 vsprintf
0x4884a4 vswprintf
0x4884a8 memmove
0x4884ac strrchr
0x4884b0 strncmp
0x4884b4 mbstowcs
0x4884b8 wcscmp
0x4884bc wcsstr
0x4884c0 iswdigit
0x4884c4 _beginthreadex
0x4884c8 _endthreadex
0x4884cc cos
0x4884d0 floor
0x4884d4 sin
0x4884d8 atof
0x4884dc _i64tow
0x4884e0 wcscat
0x4884e4 realloc
0x4884e8 exit
0x4884ec fprintf
0x4884f0 sscanf
0x4884f4 getenv
0x4884f8 fputc
0x4884fc _CIpow
0x488500 _CIacos
0x488504 ??1type_info@@UAE@XZ
0x488508 __dllonexit
0x48850c _onexit
0x488510 _except_handler3
0x488514 ?terminate@@YAXXZ
0x488518 _exit
0x48851c _XcptFilter
Secur32.dll
0x488574 FreeCredentialsHandle
0x488578 InitializeSecurityContextA
0x48857c CompleteAuthToken
0x488580 FreeContextBuffer
0x488584 AcquireCredentialsHandleA
0x488588 QuerySecurityPackageInfoA
SETUPAPI.dll
0x488524 SetupDiGetDeviceRegistryPropertyA
0x488528 SetupDiClassGuidsFromNameA
0x48852c SetupDiEnumDeviceInfo
0x488530 SetupDiDestroyDeviceInfoList
0x488534 SetupDiGetClassDevsA
iphlpapi.dll
0x4888d4 GetAdaptersInfo
ADVAPI32.dll
0x488000 ConvertSidToStringSidA
0x488004 GetTokenInformation
0x488008 OpenProcessToken
0x48800c RegCloseKey
0x488010 RegQueryValueExA
0x488014 RegOpenKeyExA
0x488018 FreeSid
0x48801c SetFileSecurityW
0x488020 SetSecurityDescriptorDacl
0x488024 InitializeSecurityDescriptor
0x488028 AllocateAndInitializeSid
0x48802c ImpersonateLoggedOnUser
0x488030 RevertToSelf
0x488034 GetUserNameA
0x488038 StartServiceCtrlDispatcherW
0x48803c RegisterServiceCtrlHandlerExA
0x488040 SetServiceStatus
0x488044 SetTokenInformation
0x488048 DuplicateTokenEx
0x48804c CreateProcessAsUserW
0x488050 QueryServiceStatus
0x488054 CloseServiceHandle
0x488058 OpenServiceA
0x48805c OpenSCManagerA
0x488060 CreateServiceW
0x488064 DeleteService
0x488068 ControlService
0x48806c StartServiceA
0x488070 StartServiceW
0x488074 RegCreateKeyExA
0x488078 RegQueryValueExW
0x48807c RegSetValueExW
0x488080 RegSetValueExA
0x488084 RegDeleteKeyA
0x488088 RegDeleteValueW
0x48808c RegCreateKeyExW
0x488090 RegEnumKeyExW
0x488094 RegOpenKeyExW
0x488098 SetEntriesInAclA
SHLWAPI.dll
0x48856c PathGetDriveNumberA
comdlg32.dll
0x4888c8 GetOpenFileNameW
0x4888cc GetSaveFileNameW
USERENV.dll
0x488828 LoadUserProfileA
0x48882c UnloadUserProfile
COMCTL32.dll
0x4880a0 CreateToolbarEx
0x4880a4 ImageList_Create
0x4880a8 ImageList_Draw
0x4880ac ImageList_Destroy
0x4880b0 None
0x4880b4 ImageList_GetIconSize
0x4880b8 ImageList_ReplaceIcon
0x4880bc ImageList_Add
0x4880c0 ImageList_Duplicate
0x4880c4 _TrackMouseEvent
0x4880c8 CreatePropertySheetPageW
0x4880cc PropertySheetW
WININET.dll
0x488834 HttpSendRequestA
0x488838 HttpQueryInfoA
0x48883c InternetConnectA
0x488840 InternetSetOptionA
0x488844 InternetCloseHandle
0x488848 InternetReadFile
0x48884c InternetOpenA
0x488850 HttpOpenRequestA
DSOUND.dll
0x4880d4 None
0x4880d8 None
0x4880dc None
0x4880e0 None
KERNEL32.dll
0x48819c SizeofResource
0x4881a0 LoadResource
0x4881a4 LockResource
0x4881a8 GetLocalTime
0x4881ac TryEnterCriticalSection
0x4881b0 LeaveCriticalSection
0x4881b4 EnterCriticalSection
0x4881b8 DeleteCriticalSection
0x4881bc InitializeCriticalSection
0x4881c0 SetFileTime
0x4881c4 GetFileTime
0x4881c8 OpenMutexA
0x4881cc CreateMutexA
0x4881d0 FindResourceExA
0x4881d4 SetEvent
0x4881d8 OpenEventA
0x4881dc CreateEventA
0x4881e0 ExitProcess
0x4881e4 SetUnhandledExceptionFilter
0x4881e8 GetSystemDirectoryA
0x4881ec CompareFileTime
0x4881f0 GetSystemTimeAsFileTime
0x4881f4 GetSystemDirectoryW
0x4881f8 lstrcatW
0x4881fc FileTimeToSystemTime
0x488200 WaitNamedPipeW
0x488204 ReadFile
0x488208 SetLastError
0x48820c GetExitCodeProcess
0x488210 WaitForSingleObject
0x488214 BeginUpdateResourceW
0x488218 EndUpdateResourceW
0x48821c UpdateResourceA
0x488220 CreateThread
0x488224 OpenProcess
0x488228 CreateToolhelp32Snapshot
0x48822c Process32First
0x488230 Process32Next
0x488234 LoadLibraryA
0x488238 FreeLibrary
0x48823c GetFileSize
0x488240 SetFilePointer
0x488244 WriteFile
0x488248 GetFileAttributesW
0x48824c lstrcmpiW
0x488250 lstrcmpW
0x488254 MulDiv
0x488258 FormatMessageW
0x48825c MultiByteToWideChar
0x488260 WideCharToMultiByte
0x488264 GetModuleFileNameW
0x488268 GetComputerNameA
0x48826c LocalAlloc
0x488270 GetExitCodeThread
0x488274 SystemTimeToFileTime
0x488278 MoveFileW
0x48827c DeleteFileW
0x488280 GetTempPathW
0x488284 CreateFileW
0x488288 FindFirstFileW
0x48828c FindClose
0x488290 CreateFileA
0x488294 DeviceIoControl
0x488298 GetUserDefaultUILanguage
0x48829c GetLocaleInfoA
0x4882a0 CreateDirectoryW
0x4882a4 SetCurrentDirectoryW
0x4882a8 GetStartupInfoW
0x4882ac CreateProcessW
0x4882b0 GetModuleHandleA
0x4882b4 GetProcAddress
0x4882b8 SetProcessShutdownParameters
0x4882bc GetVersionExA
0x4882c0 GetCurrentProcess
0x4882c4 GetLastError
0x4882c8 CloseHandle
0x4882cc LocalFree
0x4882d0 GetCurrentThreadId
0x4882d4 GetCurrentProcessId
0x4882d8 Sleep
0x4882dc GetTickCount
0x4882e0 QueryPerformanceFrequency
0x4882e4 QueryPerformanceCounter
0x4882e8 InterlockedIncrement
0x4882ec InterlockedDecrement
0x4882f0 lstrlenA
0x4882f4 lstrlenW
0x4882f8 TerminateProcess
0x4882fc GlobalUnlock
0x488300 GlobalLock
0x488304 SystemTimeToTzSpecificLocalTime
0x488308 GetFileSizeEx
0x48830c SetEndOfFile
0x488310 SetFilePointerEx
0x488314 GlobalAlloc
0x488318 GetDriveTypeW
0x48831c RemoveDirectoryW
0x488320 FindNextFileW
0x488324 SetFileAttributesW
0x488328 GetLogicalDrives
0x48832c ProcessIdToSessionId
0x488330 SleepEx
0x488334 CreateDirectoryA
0x488338 DeleteFileA
0x48833c GlobalFree
0x488340 IsBadReadPtr
0x488344 lstrcmpA
0x488348 LocalFileTimeToFileTime
0x48834c LoadLibraryW
0x488350 lstrcpyA
0x488354 GetCurrentDirectoryA
0x488358 FindResourceA
0x48835c DuplicateHandle
0x488360 CreateSemaphoreA
0x488364 SetThreadPriority
0x488368 TlsSetValue
0x48836c GetCurrentThread
0x488370 TlsAlloc
0x488374 ResumeThread
0x488378 TlsGetValue
0x48837c InterlockedExchange
0x488380 GetStartupInfoA
0x488384 ResetEvent
EAT(Export Address Table) is none
WS2_32.dll
0x488858 WSAGetLastError
0x48885c send
0x488860 recv
0x488864 select
0x488868 WSAStartup
0x48886c getpeername
0x488870 getservbyport
0x488874 ntohs
0x488878 gethostbyaddr
0x48887c gethostbyname
0x488880 inet_addr
0x488884 getservbyname
0x488888 htonl
0x48888c inet_ntoa
0x488890 WSAIoctl
0x488894 connect
0x488898 accept
0x48889c htons
0x4888a0 ind
0x4888a4 listen
0x4888a8 socket
0x4888ac __WSAFDIsSet
0x4888b0 shutdown
0x4888b4 setsockopt
0x4888b8 ioctlsocket
0x4888bc WSACleanup
0x4888c0 closesocket
GDI32.dll
0x4880e8 SetStretchBltMode
0x4880ec LineTo
0x4880f0 MoveToEx
0x4880f4 Ellipse
0x4880f8 GetDIBits
0x4880fc CreateCompatibleBitmap
0x488100 RealizePalette
0x488104 SelectPalette
0x488108 CreatePalette
0x48810c GetSystemPaletteEntries
0x488110 GdiFlush
0x488114 CombineRgn
0x488118 StretchBlt
0x48811c CreateDIBitmap
0x488120 DeleteDC
0x488124 SetBkMode
0x488128 SelectObject
0x48812c CreateCompatibleDC
0x488130 CreatePatternBrush
0x488134 GetBitmapBits
0x488138 GetObjectA
0x48813c BitBlt
0x488140 CreateFontIndirectA
0x488144 DPtoLP
0x488148 CreateRectRgn
0x48814c ExtTextOutA
0x488150 CreateDIBSection
0x488154 SetBitmapBits
0x488158 CreateRectRgnIndirect
0x48815c SelectClipRgn
0x488160 TextOutW
0x488164 SetTextAlign
0x488168 SetBrushOrgEx
0x48816c ExtTextOutW
0x488170 SetTextColor
0x488174 SetBkColor
0x488178 GetTextExtentPoint32W
0x48817c CreateFontA
0x488180 CreateFontIndirectW
0x488184 GetStockObject
0x488188 GetRegionData
0x48818c CreateSolidBrush
0x488190 DeleteObject
0x488194 GetDeviceCaps
USER32.dll
0x488590 FindWindowA
0x488594 OpenDesktopA
0x488598 SendMessageTimeoutA
0x48859c IntersectRect
0x4885a0 LoadIconA
0x4885a4 EqualRect
0x4885a8 EnumDisplaySettingsExW
0x4885ac EnumDisplayDevicesW
0x4885b0 GetCursorInfo
0x4885b4 OpenInputDesktop
0x4885b8 CloseDesktop
0x4885bc GetUserObjectInformationA
0x4885c0 GetThreadDesktop
0x4885c4 EmptyClipboard
0x4885c8 RegisterClassExA
0x4885cc PeekMessageA
0x4885d0 MsgWaitForMultipleObjects
0x4885d4 MapVirtualKeyW
0x4885d8 SendInput
0x4885dc LockWorkStation
0x4885e0 SetThreadDesktop
0x4885e4 SetDlgItemTextA
0x4885e8 SetDlgItemInt
0x4885ec CallNextHookEx
0x4885f0 SetWindowsHookExA
0x4885f4 UnhookWindowsHookEx
0x4885f8 DestroyAcceleratorTable
0x4885fc TranslateAcceleratorA
0x488600 CreateAcceleratorTableA
0x488604 SetWindowTextA
0x488608 ReleaseCapture
0x48860c SetCapture
0x488610 GetAsyncKeyState
0x488614 RegisterClassExW
0x488618 DestroyCursor
0x48861c MessageBeep
0x488620 SetClipboardData
0x488624 IsWindowVisible
0x488628 SwitchToThisWindow
0x48862c SendMessageA
0x488630 FindWindowW
0x488634 MessageBoxA
0x488638 ShowWindow
0x48863c wsprintfA
0x488640 wsprintfW
0x488644 SetCursorPos
0x488648 GetClipboardOwner
0x48864c OpenClipboard
0x488650 GetClipboardData
0x488654 CloseClipboard
0x488658 ShowWindowAsync
0x48865c GetWindowDC
0x488660 SetScrollInfo
0x488664 GetWindow
0x488668 WindowFromPoint
0x48866c SetClassLongW
0x488670 ChangeClipboardChain
0x488674 ReleaseDC
0x488678 GetDC
0x48867c DestroyIcon
0x488680 LoadImageA
0x488684 GetIconInfo
0x488688 EnableWindow
0x48868c SetDlgItemTextW
0x488690 DestroyWindow
0x488694 SetWindowPos
0x488698 MapWindowPoints
0x48869c InsertMenuItemW
0x4886a0 InsertMenuItemA
0x4886a4 EnumWindows
0x4886a8 GetClassNameA
0x4886ac GetWindowTextA
0x4886b0 KillTimer
0x4886b4 GetWindowLongW
0x4886b8 PostMessageA
0x4886bc DrawTextW
0x4886c0 SetRect
0x4886c4 ShowScrollBar
0x4886c8 IsIconic
0x4886cc ScrollWindowEx
0x4886d0 AdjustWindowRectEx
0x4886d4 GetMenuState
0x4886d8 GetWindowPlacement
0x4886dc SetWindowPlacement
0x4886e0 GetSysColorBrush
0x4886e4 AppendMenuW
0x4886e8 SetClipboardViewer
0x4886ec DrawTextA
0x4886f0 EndDialog
0x4886f4 CreateDialogParamW
0x4886f8 DialogBoxParamA
0x4886fc CallWindowProcW
0x488700 CallWindowProcA
0x488704 DefWindowProcA
0x488708 IsWindowUnicode
0x48870c GetSystemMenu
0x488710 RedrawWindow
0x488714 ScreenToClient
0x488718 DrawStateA
0x48871c DrawEdge
0x488720 GetClientRect
0x488724 CreateWindowExA
0x488728 IsWindow
0x48872c GetParent
0x488730 GetWindowLongA
0x488734 MonitorFromWindow
0x488738 GetMonitorInfoW
0x48873c EnumDisplaySettingsW
0x488740 GetForegroundWindow
0x488744 GetWindowThreadProcessId
0x488748 AttachThreadInput
0x48874c SetActiveWindow
0x488750 SetCursor
0x488754 SetTimer
0x488758 PostThreadMessageA
0x48875c MoveWindow
0x488760 BeginPaint
0x488764 EndPaint
0x488768 GetDlgItemInt
0x48876c SendDlgItemMessageA
0x488770 MapDialogRect
0x488774 SetWindowLongA
0x488778 ClientToScreen
0x48877c LoadCursorA
0x488780 RegisterClassW
0x488784 CreateWindowExW
0x488788 SetWindowLongW
0x48878c GetMessageA
0x488790 IsDialogMessageA
0x488794 TranslateMessage
0x488798 DispatchMessageA
0x48879c SetWindowTextW
0x4887a0 SetMenu
0x4887a4 LoadMenuA
0x4887a8 GetMenuItemInfoA
0x4887ac SetMenuItemInfoA
0x4887b0 GetSubMenu
0x4887b4 SetMenuItemInfoW
0x4887b8 GetMenuItemID
0x4887bc EnableMenuItem
0x4887c0 GetMenuItemCount
0x4887c4 CheckMenuItem
0x4887c8 GetKeyState
0x4887cc InvalidateRect
0x4887d0 UpdateWindow
0x4887d4 SetForegroundWindow
0x4887d8 SetFocus
0x4887dc GetFocus
0x4887e0 PostQuitMessage
0x4887e4 DefWindowProcW
0x4887e8 CreatePopupMenu
0x4887ec GetCursorPos
0x4887f0 TrackPopupMenu
0x4887f4 GetSysColor
0x4887f8 GetSystemMetrics
0x4887fc GetMenuItemInfoW
0x488800 DrawMenuBar
0x488804 AppendMenuA
0x488808 SystemParametersInfoW
0x48880c DestroyMenu
0x488810 GetDlgItem
0x488814 MessageBoxW
0x488818 SendMessageW
0x48881c GetWindowRect
0x488820 SystemParametersInfoA
SHELL32.dll
0x48853c SHBrowseForFolderW
0x488540 SHGetPathFromIDListW
0x488544 SHGetMalloc
0x488548 Shell_NotifyIconA
0x48854c SHGetFolderPathW
0x488550 ShellExecuteExW
0x488554 SHGetFileInfoW
0x488558 SHGetFolderPathA
0x48855c ShellExecuteW
0x488560 SHGetSpecialFolderPathW
0x488564 ShellExecuteA
MSVCRT.dll
0x48838c _strnicmp
0x488390 _strupr
0x488394 _strlwr
0x488398 _wcsicmp
0x48839c strchr
0x4883a0 _controlfp
0x4883a4 _iob
0x4883a8 __set_app_type
0x4883ac __p__fmode
0x4883b0 __p__commode
0x4883b4 _adjust_fdiv
0x4883b8 __setusermatherr
0x4883bc _initterm
0x4883c0 __getmainargs
0x4883c4 _acmdln
0x4883c8 __CxxFrameHandler
0x4883cc strlen
0x4883d0 isspace
0x4883d4 memchr
0x4883d8 _errno
0x4883dc strtol
0x4883e0 isdigit
0x4883e4 strstr
0x4883e8 memcpy
0x4883ec ??2@YAPAXI@Z
0x4883f0 _purecall
0x4883f4 free
0x4883f8 memset
0x4883fc malloc
0x488400 sprintf
0x488404 printf
0x488408 fwrite
0x48840c srand
0x488410 time
0x488414 _CxxThrowException
0x488418 rand
0x48841c atol
0x488420 _stricmp
0x488424 isprint
0x488428 tolower
0x48842c strncpy
0x488430 wcslen
0x488434 atoi
0x488438 abs
0x48843c wcscpy
0x488440 strcmp
0x488444 strcpy
0x488448 memcmp
0x48844c iswspace
0x488450 wcsncmp
0x488454 _wtoi
0x488458 _ultow
0x48845c wcschr
0x488460 _stat
0x488464 swprintf
0x488468 _ftol
0x48846c strcat
0x488470 strtoul
0x488474 calloc
0x488478 _rotl
0x48847c _rotr
0x488480 fopen
0x488484 fread
0x488488 fclose
0x48848c fseek
0x488490 ftell
0x488494 fflush
0x488498 wcsncpy
0x48849c wcsrchr
0x4884a0 vsprintf
0x4884a4 vswprintf
0x4884a8 memmove
0x4884ac strrchr
0x4884b0 strncmp
0x4884b4 mbstowcs
0x4884b8 wcscmp
0x4884bc wcsstr
0x4884c0 iswdigit
0x4884c4 _beginthreadex
0x4884c8 _endthreadex
0x4884cc cos
0x4884d0 floor
0x4884d4 sin
0x4884d8 atof
0x4884dc _i64tow
0x4884e0 wcscat
0x4884e4 realloc
0x4884e8 exit
0x4884ec fprintf
0x4884f0 sscanf
0x4884f4 getenv
0x4884f8 fputc
0x4884fc _CIpow
0x488500 _CIacos
0x488504 ??1type_info@@UAE@XZ
0x488508 __dllonexit
0x48850c _onexit
0x488510 _except_handler3
0x488514 ?terminate@@YAXXZ
0x488518 _exit
0x48851c _XcptFilter
Secur32.dll
0x488574 FreeCredentialsHandle
0x488578 InitializeSecurityContextA
0x48857c CompleteAuthToken
0x488580 FreeContextBuffer
0x488584 AcquireCredentialsHandleA
0x488588 QuerySecurityPackageInfoA
SETUPAPI.dll
0x488524 SetupDiGetDeviceRegistryPropertyA
0x488528 SetupDiClassGuidsFromNameA
0x48852c SetupDiEnumDeviceInfo
0x488530 SetupDiDestroyDeviceInfoList
0x488534 SetupDiGetClassDevsA
iphlpapi.dll
0x4888d4 GetAdaptersInfo
ADVAPI32.dll
0x488000 ConvertSidToStringSidA
0x488004 GetTokenInformation
0x488008 OpenProcessToken
0x48800c RegCloseKey
0x488010 RegQueryValueExA
0x488014 RegOpenKeyExA
0x488018 FreeSid
0x48801c SetFileSecurityW
0x488020 SetSecurityDescriptorDacl
0x488024 InitializeSecurityDescriptor
0x488028 AllocateAndInitializeSid
0x48802c ImpersonateLoggedOnUser
0x488030 RevertToSelf
0x488034 GetUserNameA
0x488038 StartServiceCtrlDispatcherW
0x48803c RegisterServiceCtrlHandlerExA
0x488040 SetServiceStatus
0x488044 SetTokenInformation
0x488048 DuplicateTokenEx
0x48804c CreateProcessAsUserW
0x488050 QueryServiceStatus
0x488054 CloseServiceHandle
0x488058 OpenServiceA
0x48805c OpenSCManagerA
0x488060 CreateServiceW
0x488064 DeleteService
0x488068 ControlService
0x48806c StartServiceA
0x488070 StartServiceW
0x488074 RegCreateKeyExA
0x488078 RegQueryValueExW
0x48807c RegSetValueExW
0x488080 RegSetValueExA
0x488084 RegDeleteKeyA
0x488088 RegDeleteValueW
0x48808c RegCreateKeyExW
0x488090 RegEnumKeyExW
0x488094 RegOpenKeyExW
0x488098 SetEntriesInAclA
SHLWAPI.dll
0x48856c PathGetDriveNumberA
comdlg32.dll
0x4888c8 GetOpenFileNameW
0x4888cc GetSaveFileNameW
USERENV.dll
0x488828 LoadUserProfileA
0x48882c UnloadUserProfile
COMCTL32.dll
0x4880a0 CreateToolbarEx
0x4880a4 ImageList_Create
0x4880a8 ImageList_Draw
0x4880ac ImageList_Destroy
0x4880b0 None
0x4880b4 ImageList_GetIconSize
0x4880b8 ImageList_ReplaceIcon
0x4880bc ImageList_Add
0x4880c0 ImageList_Duplicate
0x4880c4 _TrackMouseEvent
0x4880c8 CreatePropertySheetPageW
0x4880cc PropertySheetW
WININET.dll
0x488834 HttpSendRequestA
0x488838 HttpQueryInfoA
0x48883c InternetConnectA
0x488840 InternetSetOptionA
0x488844 InternetCloseHandle
0x488848 InternetReadFile
0x48884c InternetOpenA
0x488850 HttpOpenRequestA
DSOUND.dll
0x4880d4 None
0x4880d8 None
0x4880dc None
0x4880e0 None
KERNEL32.dll
0x48819c SizeofResource
0x4881a0 LoadResource
0x4881a4 LockResource
0x4881a8 GetLocalTime
0x4881ac TryEnterCriticalSection
0x4881b0 LeaveCriticalSection
0x4881b4 EnterCriticalSection
0x4881b8 DeleteCriticalSection
0x4881bc InitializeCriticalSection
0x4881c0 SetFileTime
0x4881c4 GetFileTime
0x4881c8 OpenMutexA
0x4881cc CreateMutexA
0x4881d0 FindResourceExA
0x4881d4 SetEvent
0x4881d8 OpenEventA
0x4881dc CreateEventA
0x4881e0 ExitProcess
0x4881e4 SetUnhandledExceptionFilter
0x4881e8 GetSystemDirectoryA
0x4881ec CompareFileTime
0x4881f0 GetSystemTimeAsFileTime
0x4881f4 GetSystemDirectoryW
0x4881f8 lstrcatW
0x4881fc FileTimeToSystemTime
0x488200 WaitNamedPipeW
0x488204 ReadFile
0x488208 SetLastError
0x48820c GetExitCodeProcess
0x488210 WaitForSingleObject
0x488214 BeginUpdateResourceW
0x488218 EndUpdateResourceW
0x48821c UpdateResourceA
0x488220 CreateThread
0x488224 OpenProcess
0x488228 CreateToolhelp32Snapshot
0x48822c Process32First
0x488230 Process32Next
0x488234 LoadLibraryA
0x488238 FreeLibrary
0x48823c GetFileSize
0x488240 SetFilePointer
0x488244 WriteFile
0x488248 GetFileAttributesW
0x48824c lstrcmpiW
0x488250 lstrcmpW
0x488254 MulDiv
0x488258 FormatMessageW
0x48825c MultiByteToWideChar
0x488260 WideCharToMultiByte
0x488264 GetModuleFileNameW
0x488268 GetComputerNameA
0x48826c LocalAlloc
0x488270 GetExitCodeThread
0x488274 SystemTimeToFileTime
0x488278 MoveFileW
0x48827c DeleteFileW
0x488280 GetTempPathW
0x488284 CreateFileW
0x488288 FindFirstFileW
0x48828c FindClose
0x488290 CreateFileA
0x488294 DeviceIoControl
0x488298 GetUserDefaultUILanguage
0x48829c GetLocaleInfoA
0x4882a0 CreateDirectoryW
0x4882a4 SetCurrentDirectoryW
0x4882a8 GetStartupInfoW
0x4882ac CreateProcessW
0x4882b0 GetModuleHandleA
0x4882b4 GetProcAddress
0x4882b8 SetProcessShutdownParameters
0x4882bc GetVersionExA
0x4882c0 GetCurrentProcess
0x4882c4 GetLastError
0x4882c8 CloseHandle
0x4882cc LocalFree
0x4882d0 GetCurrentThreadId
0x4882d4 GetCurrentProcessId
0x4882d8 Sleep
0x4882dc GetTickCount
0x4882e0 QueryPerformanceFrequency
0x4882e4 QueryPerformanceCounter
0x4882e8 InterlockedIncrement
0x4882ec InterlockedDecrement
0x4882f0 lstrlenA
0x4882f4 lstrlenW
0x4882f8 TerminateProcess
0x4882fc GlobalUnlock
0x488300 GlobalLock
0x488304 SystemTimeToTzSpecificLocalTime
0x488308 GetFileSizeEx
0x48830c SetEndOfFile
0x488310 SetFilePointerEx
0x488314 GlobalAlloc
0x488318 GetDriveTypeW
0x48831c RemoveDirectoryW
0x488320 FindNextFileW
0x488324 SetFileAttributesW
0x488328 GetLogicalDrives
0x48832c ProcessIdToSessionId
0x488330 SleepEx
0x488334 CreateDirectoryA
0x488338 DeleteFileA
0x48833c GlobalFree
0x488340 IsBadReadPtr
0x488344 lstrcmpA
0x488348 LocalFileTimeToFileTime
0x48834c LoadLibraryW
0x488350 lstrcpyA
0x488354 GetCurrentDirectoryA
0x488358 FindResourceA
0x48835c DuplicateHandle
0x488360 CreateSemaphoreA
0x488364 SetThreadPriority
0x488368 TlsSetValue
0x48836c GetCurrentThread
0x488370 TlsAlloc
0x488374 ResumeThread
0x488378 TlsGetValue
0x48837c InterlockedExchange
0x488380 GetStartupInfoA
0x488384 ResetEvent
EAT(Export Address Table) is none