ScreenShot
| Created | 2021.04.10 08:52 | Machine | s1_win7_x6402 |
| Filename | ibufen.php.exe | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (malicious, confidence, Trickpak, FileRepMalware, score) | ||
| md5 | de63e7e3da96f915446dff531a4c09dc | ||
| sha256 | 2912dc387b23031fe0bae16d60c066d1837781b14eacaad14a28bbf69f7f0196 | ||
| ssdeep | 12288:WlPw8rbIHS9Ig8fbHiBzGS/lXkit+bB2LW:Mw8rEHS9Ig6C1HNjOB2L | ||
| imphash | 6d6bd235df3ee5ac1f73ff8deff89fd6 | ||
| impfuzzy | 192:699Fy4txUKrq4k4xqIR9MjcRc/c0xBPoQbPX9:2FZTpR9AEOxoQbPX9 | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates hidden or system file |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | keylogger | Run a keylogger | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_private_profile | Affect private profile | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
Network (8cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100340ac FileTimeToLocalFileTime
0x100340b0 GetFileAttributesA
0x100340b4 GetFileTime
0x100340b8 GetTickCount
0x100340bc RtlUnwind
0x100340c0 HeapFree
0x100340c4 HeapAlloc
0x100340c8 HeapReAlloc
0x100340cc VirtualProtect
0x100340d0 GetSystemInfo
0x100340d4 VirtualQuery
0x100340d8 GetCommandLineA
0x100340dc GetProcessHeap
0x100340e0 RaiseException
0x100340e4 HeapSize
0x100340e8 TerminateProcess
0x100340ec UnhandledExceptionFilter
0x100340f0 SetUnhandledExceptionFilter
0x100340f4 IsDebuggerPresent
0x100340f8 Sleep
0x100340fc HeapDestroy
0x10034100 HeapCreate
0x10034104 VirtualFree
0x10034108 GetACP
0x1003410c SetHandleCount
0x10034110 GetFileType
0x10034114 GetStartupInfoA
0x10034118 FreeEnvironmentStringsA
0x1003411c GetEnvironmentStrings
0x10034120 FreeEnvironmentStringsW
0x10034124 GetEnvironmentStringsW
0x10034128 QueryPerformanceCounter
0x1003412c GetSystemTimeAsFileTime
0x10034130 GetStringTypeA
0x10034134 GetStringTypeW
0x10034138 GetTimeZoneInformation
0x1003413c LCMapStringA
0x10034140 LCMapStringW
0x10034144 GetConsoleCP
0x10034148 GetConsoleMode
0x1003414c SetStdHandle
0x10034150 WriteConsoleA
0x10034154 GetConsoleOutputCP
0x10034158 WriteConsoleW
0x1003415c SetEnvironmentVariableA
0x10034160 GetOEMCP
0x10034164 GetCPInfo
0x10034168 CreateFileA
0x1003416c GetFullPathNameA
0x10034170 GetVolumeInformationA
0x10034174 FindFirstFileA
0x10034178 FindClose
0x1003417c GetCurrentProcess
0x10034180 DuplicateHandle
0x10034184 GetFileSize
0x10034188 SetEndOfFile
0x1003418c UnlockFile
0x10034190 LockFile
0x10034194 FlushFileBuffers
0x10034198 SetFilePointer
0x1003419c WriteFile
0x100341a0 ReadFile
0x100341a4 TlsFree
0x100341a8 DeleteCriticalSection
0x100341ac LocalReAlloc
0x100341b0 TlsSetValue
0x100341b4 TlsAlloc
0x100341b8 InitializeCriticalSection
0x100341bc GlobalHandle
0x100341c0 GlobalReAlloc
0x100341c4 EnterCriticalSection
0x100341c8 TlsGetValue
0x100341cc LeaveCriticalSection
0x100341d0 LocalAlloc
0x100341d4 GlobalFlags
0x100341d8 WritePrivateProfileStringA
0x100341dc FileTimeToSystemTime
0x100341e0 InterlockedDecrement
0x100341e4 GetThreadLocale
0x100341e8 InterlockedIncrement
0x100341ec FormatMessageA
0x100341f0 LocalFree
0x100341f4 MulDiv
0x100341f8 GlobalGetAtomNameA
0x100341fc GlobalFindAtomA
0x10034200 lstrcmpW
0x10034204 GetVersionExA
0x10034208 GlobalUnlock
0x1003420c GlobalFree
0x10034210 FreeResource
0x10034214 GetCurrentProcessId
0x10034218 SetLastError
0x1003421c GlobalAddAtomA
0x10034220 CloseHandle
0x10034224 GetCurrentThread
0x10034228 GetCurrentThreadId
0x1003422c ConvertDefaultLocale
0x10034230 GetModuleFileNameA
0x10034234 EnumResourceLanguagesA
0x10034238 GetLocaleInfoA
0x1003423c LoadLibraryA
0x10034240 GlobalLock
0x10034244 lstrcmpA
0x10034248 FreeLibrary
0x1003424c GlobalDeleteAtom
0x10034250 CompareStringW
0x10034254 CompareStringA
0x10034258 GetVersion
0x1003425c GetLastError
0x10034260 InterlockedExchange
0x10034264 lstrlenA
0x10034268 GlobalAlloc
0x1003426c lstrcpyA
0x10034270 WideCharToMultiByte
0x10034274 MultiByteToWideChar
0x10034278 LoadLibraryW
0x1003427c ExitProcess
0x10034280 GetModuleHandleA
0x10034284 GetProcAddress
0x10034288 FindResourceA
0x1003428c LoadResource
0x10034290 LockResource
0x10034294 SizeofResource
0x10034298 GetStdHandle
0x1003429c VirtualAlloc
USER32.dll
0x100342f0 GetNextDlgGroupItem
0x100342f4 MessageBeep
0x100342f8 UnregisterClassA
0x100342fc RegisterClipboardFormatA
0x10034300 PostThreadMessageA
0x10034304 SetCapture
0x10034308 EndPaint
0x1003430c BeginPaint
0x10034310 GetWindowDC
0x10034314 ReleaseDC
0x10034318 GetDC
0x1003431c ClientToScreen
0x10034320 GrayStringA
0x10034324 DrawTextExA
0x10034328 DrawTextA
0x1003432c TabbedTextOutA
0x10034330 DestroyMenu
0x10034334 CharNextA
0x10034338 ShowWindow
0x1003433c MoveWindow
0x10034340 SetWindowTextA
0x10034344 IsDialogMessageA
0x10034348 RegisterWindowMessageA
0x1003434c SendDlgItemMessageA
0x10034350 WinHelpA
0x10034354 IsChild
0x10034358 GetClassLongA
0x1003435c GetClassNameA
0x10034360 SetPropA
0x10034364 GetPropA
0x10034368 RemovePropA
0x1003436c InvalidateRgn
0x10034370 GetWindowTextA
0x10034374 GetForegroundWindow
0x10034378 GetTopWindow
0x1003437c UnhookWindowsHookEx
0x10034380 GetMessageTime
0x10034384 GetMessagePos
0x10034388 MapWindowPoints
0x1003438c SetForegroundWindow
0x10034390 UpdateWindow
0x10034394 GetMenu
0x10034398 GetSubMenu
0x1003439c GetMenuItemID
0x100343a0 GetMenuItemCount
0x100343a4 CreateWindowExA
0x100343a8 GetClassInfoExA
0x100343ac GetClassInfoA
0x100343b0 RegisterClassA
0x100343b4 GetSysColor
0x100343b8 AdjustWindowRectEx
0x100343bc EqualRect
0x100343c0 CopyRect
0x100343c4 PtInRect
0x100343c8 GetDlgCtrlID
0x100343cc DefWindowProcA
0x100343d0 CallWindowProcA
0x100343d4 SetWindowLongA
0x100343d8 OffsetRect
0x100343dc IntersectRect
0x100343e0 SystemParametersInfoA
0x100343e4 GetWindowPlacement
0x100343e8 GetWindowRect
0x100343ec GetWindow
0x100343f0 DrawIcon
0x100343f4 AppendMenuA
0x100343f8 SendMessageA
0x100343fc GetSystemMenu
0x10034400 IsIconic
0x10034404 GetClientRect
0x10034408 SetWindowContextHelpId
0x1003440c MapDialogRect
0x10034410 SetWindowPos
0x10034414 GetDesktopWindow
0x10034418 SetActiveWindow
0x1003441c CreateDialogIndirectParamA
0x10034420 DestroyWindow
0x10034424 IsWindow
0x10034428 GetDlgItem
0x1003442c GetNextDlgTabItem
0x10034430 EndDialog
0x10034434 GetWindowThreadProcessId
0x10034438 GetWindowLongA
0x1003443c InvalidateRect
0x10034440 SetRect
0x10034444 IsRectEmpty
0x10034448 CopyAcceleratorTableA
0x1003444c GetSysColorBrush
0x10034450 ReleaseCapture
0x10034454 SetFocus
0x10034458 LoadCursorA
0x1003445c EnableWindow
0x10034460 LoadIconA
0x10034464 GetSystemMetrics
0x10034468 CharUpperA
0x1003446c PostQuitMessage
0x10034470 PostMessageA
0x10034474 CheckMenuItem
0x10034478 EnableMenuItem
0x1003447c GetMenuState
0x10034480 ModifyMenuA
0x10034484 GetParent
0x10034488 GetFocus
0x1003448c LoadBitmapA
0x10034490 GetMenuCheckMarkDimensions
0x10034494 SetMenuItemBitmaps
0x10034498 ValidateRect
0x1003449c GetCursorPos
0x100344a0 PeekMessageA
0x100344a4 GetKeyState
0x100344a8 IsWindowVisible
0x100344ac GetActiveWindow
0x100344b0 DispatchMessageA
0x100344b4 TranslateMessage
0x100344b8 GetMessageA
0x100344bc CallNextHookEx
0x100344c0 SetWindowsHookExA
0x100344c4 SetCursor
0x100344c8 MessageBoxA
0x100344cc IsWindowEnabled
0x100344d0 GetLastActivePopup
0x100344d4 GetCapture
GDI32.dll
0x10034028 SetViewportExtEx
0x1003402c ScaleViewportExtEx
0x10034030 SetWindowExtEx
0x10034034 ScaleWindowExtEx
0x10034038 ExtSelectClipRgn
0x1003403c DeleteDC
0x10034040 OffsetViewportOrgEx
0x10034044 CreateRectRgnIndirect
0x10034048 GetRgnBox
0x1003404c GetMapMode
0x10034050 SetViewportOrgEx
0x10034054 SelectObject
0x10034058 Escape
0x1003405c TextOutA
0x10034060 RectVisible
0x10034064 PtVisible
0x10034068 GetWindowExtEx
0x1003406c GetViewportExtEx
0x10034070 CreateBitmap
0x10034074 DeleteObject
0x10034078 SetMapMode
0x1003407c RestoreDC
0x10034080 SaveDC
0x10034084 ExtTextOutA
0x10034088 GetTextColor
0x1003408c GetBkColor
0x10034090 GetStockObject
0x10034094 GetDeviceCaps
0x10034098 GetObjectA
0x1003409c SetBkColor
0x100340a0 SetTextColor
0x100340a4 GetClipBox
comdlg32.dll
0x100344ec GetFileTitleA
WINSPOOL.DRV
0x100344dc DocumentPropertiesA
0x100344e0 OpenPrinterA
0x100344e4 ClosePrinter
ADVAPI32.dll
0x10034000 RegSetValueExA
0x10034004 RegCreateKeyExA
0x10034008 RegQueryValueA
0x1003400c RegOpenKeyA
0x10034010 RegEnumKeyA
0x10034014 RegDeleteKeyA
0x10034018 RegOpenKeyExA
0x1003401c RegQueryValueExA
0x10034020 RegCloseKey
SHLWAPI.dll
0x100342dc PathFindFileNameA
0x100342e0 PathStripToRootA
0x100342e4 PathFindExtensionA
0x100342e8 PathIsUNCA
oledlg.dll
0x10034544 None
ole32.dll
0x100344f4 OleInitialize
0x100344f8 CoFreeUnusedLibraries
0x100344fc OleUninitialize
0x10034500 CreateILockBytesOnHGlobal
0x10034504 StgCreateDocfileOnILockBytes
0x10034508 StgOpenStorageOnILockBytes
0x1003450c CoGetClassObject
0x10034510 CoTaskMemAlloc
0x10034514 CoTaskMemFree
0x10034518 CLSIDFromString
0x1003451c CLSIDFromProgID
0x10034520 CoInitialize
0x10034524 CoCreateInstance
0x10034528 CoUninitialize
0x1003452c CreateStreamOnHGlobal
0x10034530 CoRevokeClassObject
0x10034534 CoRegisterMessageFilter
0x10034538 OleFlushClipboard
0x1003453c OleIsCurrentClipboard
OLEAUT32.dll
0x100342a4 SysAllocStringLen
0x100342a8 VariantClear
0x100342ac VariantInit
0x100342b0 SysAllocString
0x100342b4 VariantChangeType
0x100342b8 OleCreateFontIndirect
0x100342bc VariantCopy
0x100342c0 SafeArrayDestroy
0x100342c4 VariantTimeToSystemTime
0x100342c8 SystemTimeToVariantTime
0x100342cc SysStringLen
0x100342d0 SysAllocStringByteLen
0x100342d4 SysFreeString
EAT(Export Address Table) Library
0x100017c0 StartW
KERNEL32.dll
0x100340ac FileTimeToLocalFileTime
0x100340b0 GetFileAttributesA
0x100340b4 GetFileTime
0x100340b8 GetTickCount
0x100340bc RtlUnwind
0x100340c0 HeapFree
0x100340c4 HeapAlloc
0x100340c8 HeapReAlloc
0x100340cc VirtualProtect
0x100340d0 GetSystemInfo
0x100340d4 VirtualQuery
0x100340d8 GetCommandLineA
0x100340dc GetProcessHeap
0x100340e0 RaiseException
0x100340e4 HeapSize
0x100340e8 TerminateProcess
0x100340ec UnhandledExceptionFilter
0x100340f0 SetUnhandledExceptionFilter
0x100340f4 IsDebuggerPresent
0x100340f8 Sleep
0x100340fc HeapDestroy
0x10034100 HeapCreate
0x10034104 VirtualFree
0x10034108 GetACP
0x1003410c SetHandleCount
0x10034110 GetFileType
0x10034114 GetStartupInfoA
0x10034118 FreeEnvironmentStringsA
0x1003411c GetEnvironmentStrings
0x10034120 FreeEnvironmentStringsW
0x10034124 GetEnvironmentStringsW
0x10034128 QueryPerformanceCounter
0x1003412c GetSystemTimeAsFileTime
0x10034130 GetStringTypeA
0x10034134 GetStringTypeW
0x10034138 GetTimeZoneInformation
0x1003413c LCMapStringA
0x10034140 LCMapStringW
0x10034144 GetConsoleCP
0x10034148 GetConsoleMode
0x1003414c SetStdHandle
0x10034150 WriteConsoleA
0x10034154 GetConsoleOutputCP
0x10034158 WriteConsoleW
0x1003415c SetEnvironmentVariableA
0x10034160 GetOEMCP
0x10034164 GetCPInfo
0x10034168 CreateFileA
0x1003416c GetFullPathNameA
0x10034170 GetVolumeInformationA
0x10034174 FindFirstFileA
0x10034178 FindClose
0x1003417c GetCurrentProcess
0x10034180 DuplicateHandle
0x10034184 GetFileSize
0x10034188 SetEndOfFile
0x1003418c UnlockFile
0x10034190 LockFile
0x10034194 FlushFileBuffers
0x10034198 SetFilePointer
0x1003419c WriteFile
0x100341a0 ReadFile
0x100341a4 TlsFree
0x100341a8 DeleteCriticalSection
0x100341ac LocalReAlloc
0x100341b0 TlsSetValue
0x100341b4 TlsAlloc
0x100341b8 InitializeCriticalSection
0x100341bc GlobalHandle
0x100341c0 GlobalReAlloc
0x100341c4 EnterCriticalSection
0x100341c8 TlsGetValue
0x100341cc LeaveCriticalSection
0x100341d0 LocalAlloc
0x100341d4 GlobalFlags
0x100341d8 WritePrivateProfileStringA
0x100341dc FileTimeToSystemTime
0x100341e0 InterlockedDecrement
0x100341e4 GetThreadLocale
0x100341e8 InterlockedIncrement
0x100341ec FormatMessageA
0x100341f0 LocalFree
0x100341f4 MulDiv
0x100341f8 GlobalGetAtomNameA
0x100341fc GlobalFindAtomA
0x10034200 lstrcmpW
0x10034204 GetVersionExA
0x10034208 GlobalUnlock
0x1003420c GlobalFree
0x10034210 FreeResource
0x10034214 GetCurrentProcessId
0x10034218 SetLastError
0x1003421c GlobalAddAtomA
0x10034220 CloseHandle
0x10034224 GetCurrentThread
0x10034228 GetCurrentThreadId
0x1003422c ConvertDefaultLocale
0x10034230 GetModuleFileNameA
0x10034234 EnumResourceLanguagesA
0x10034238 GetLocaleInfoA
0x1003423c LoadLibraryA
0x10034240 GlobalLock
0x10034244 lstrcmpA
0x10034248 FreeLibrary
0x1003424c GlobalDeleteAtom
0x10034250 CompareStringW
0x10034254 CompareStringA
0x10034258 GetVersion
0x1003425c GetLastError
0x10034260 InterlockedExchange
0x10034264 lstrlenA
0x10034268 GlobalAlloc
0x1003426c lstrcpyA
0x10034270 WideCharToMultiByte
0x10034274 MultiByteToWideChar
0x10034278 LoadLibraryW
0x1003427c ExitProcess
0x10034280 GetModuleHandleA
0x10034284 GetProcAddress
0x10034288 FindResourceA
0x1003428c LoadResource
0x10034290 LockResource
0x10034294 SizeofResource
0x10034298 GetStdHandle
0x1003429c VirtualAlloc
USER32.dll
0x100342f0 GetNextDlgGroupItem
0x100342f4 MessageBeep
0x100342f8 UnregisterClassA
0x100342fc RegisterClipboardFormatA
0x10034300 PostThreadMessageA
0x10034304 SetCapture
0x10034308 EndPaint
0x1003430c BeginPaint
0x10034310 GetWindowDC
0x10034314 ReleaseDC
0x10034318 GetDC
0x1003431c ClientToScreen
0x10034320 GrayStringA
0x10034324 DrawTextExA
0x10034328 DrawTextA
0x1003432c TabbedTextOutA
0x10034330 DestroyMenu
0x10034334 CharNextA
0x10034338 ShowWindow
0x1003433c MoveWindow
0x10034340 SetWindowTextA
0x10034344 IsDialogMessageA
0x10034348 RegisterWindowMessageA
0x1003434c SendDlgItemMessageA
0x10034350 WinHelpA
0x10034354 IsChild
0x10034358 GetClassLongA
0x1003435c GetClassNameA
0x10034360 SetPropA
0x10034364 GetPropA
0x10034368 RemovePropA
0x1003436c InvalidateRgn
0x10034370 GetWindowTextA
0x10034374 GetForegroundWindow
0x10034378 GetTopWindow
0x1003437c UnhookWindowsHookEx
0x10034380 GetMessageTime
0x10034384 GetMessagePos
0x10034388 MapWindowPoints
0x1003438c SetForegroundWindow
0x10034390 UpdateWindow
0x10034394 GetMenu
0x10034398 GetSubMenu
0x1003439c GetMenuItemID
0x100343a0 GetMenuItemCount
0x100343a4 CreateWindowExA
0x100343a8 GetClassInfoExA
0x100343ac GetClassInfoA
0x100343b0 RegisterClassA
0x100343b4 GetSysColor
0x100343b8 AdjustWindowRectEx
0x100343bc EqualRect
0x100343c0 CopyRect
0x100343c4 PtInRect
0x100343c8 GetDlgCtrlID
0x100343cc DefWindowProcA
0x100343d0 CallWindowProcA
0x100343d4 SetWindowLongA
0x100343d8 OffsetRect
0x100343dc IntersectRect
0x100343e0 SystemParametersInfoA
0x100343e4 GetWindowPlacement
0x100343e8 GetWindowRect
0x100343ec GetWindow
0x100343f0 DrawIcon
0x100343f4 AppendMenuA
0x100343f8 SendMessageA
0x100343fc GetSystemMenu
0x10034400 IsIconic
0x10034404 GetClientRect
0x10034408 SetWindowContextHelpId
0x1003440c MapDialogRect
0x10034410 SetWindowPos
0x10034414 GetDesktopWindow
0x10034418 SetActiveWindow
0x1003441c CreateDialogIndirectParamA
0x10034420 DestroyWindow
0x10034424 IsWindow
0x10034428 GetDlgItem
0x1003442c GetNextDlgTabItem
0x10034430 EndDialog
0x10034434 GetWindowThreadProcessId
0x10034438 GetWindowLongA
0x1003443c InvalidateRect
0x10034440 SetRect
0x10034444 IsRectEmpty
0x10034448 CopyAcceleratorTableA
0x1003444c GetSysColorBrush
0x10034450 ReleaseCapture
0x10034454 SetFocus
0x10034458 LoadCursorA
0x1003445c EnableWindow
0x10034460 LoadIconA
0x10034464 GetSystemMetrics
0x10034468 CharUpperA
0x1003446c PostQuitMessage
0x10034470 PostMessageA
0x10034474 CheckMenuItem
0x10034478 EnableMenuItem
0x1003447c GetMenuState
0x10034480 ModifyMenuA
0x10034484 GetParent
0x10034488 GetFocus
0x1003448c LoadBitmapA
0x10034490 GetMenuCheckMarkDimensions
0x10034494 SetMenuItemBitmaps
0x10034498 ValidateRect
0x1003449c GetCursorPos
0x100344a0 PeekMessageA
0x100344a4 GetKeyState
0x100344a8 IsWindowVisible
0x100344ac GetActiveWindow
0x100344b0 DispatchMessageA
0x100344b4 TranslateMessage
0x100344b8 GetMessageA
0x100344bc CallNextHookEx
0x100344c0 SetWindowsHookExA
0x100344c4 SetCursor
0x100344c8 MessageBoxA
0x100344cc IsWindowEnabled
0x100344d0 GetLastActivePopup
0x100344d4 GetCapture
GDI32.dll
0x10034028 SetViewportExtEx
0x1003402c ScaleViewportExtEx
0x10034030 SetWindowExtEx
0x10034034 ScaleWindowExtEx
0x10034038 ExtSelectClipRgn
0x1003403c DeleteDC
0x10034040 OffsetViewportOrgEx
0x10034044 CreateRectRgnIndirect
0x10034048 GetRgnBox
0x1003404c GetMapMode
0x10034050 SetViewportOrgEx
0x10034054 SelectObject
0x10034058 Escape
0x1003405c TextOutA
0x10034060 RectVisible
0x10034064 PtVisible
0x10034068 GetWindowExtEx
0x1003406c GetViewportExtEx
0x10034070 CreateBitmap
0x10034074 DeleteObject
0x10034078 SetMapMode
0x1003407c RestoreDC
0x10034080 SaveDC
0x10034084 ExtTextOutA
0x10034088 GetTextColor
0x1003408c GetBkColor
0x10034090 GetStockObject
0x10034094 GetDeviceCaps
0x10034098 GetObjectA
0x1003409c SetBkColor
0x100340a0 SetTextColor
0x100340a4 GetClipBox
comdlg32.dll
0x100344ec GetFileTitleA
WINSPOOL.DRV
0x100344dc DocumentPropertiesA
0x100344e0 OpenPrinterA
0x100344e4 ClosePrinter
ADVAPI32.dll
0x10034000 RegSetValueExA
0x10034004 RegCreateKeyExA
0x10034008 RegQueryValueA
0x1003400c RegOpenKeyA
0x10034010 RegEnumKeyA
0x10034014 RegDeleteKeyA
0x10034018 RegOpenKeyExA
0x1003401c RegQueryValueExA
0x10034020 RegCloseKey
SHLWAPI.dll
0x100342dc PathFindFileNameA
0x100342e0 PathStripToRootA
0x100342e4 PathFindExtensionA
0x100342e8 PathIsUNCA
oledlg.dll
0x10034544 None
ole32.dll
0x100344f4 OleInitialize
0x100344f8 CoFreeUnusedLibraries
0x100344fc OleUninitialize
0x10034500 CreateILockBytesOnHGlobal
0x10034504 StgCreateDocfileOnILockBytes
0x10034508 StgOpenStorageOnILockBytes
0x1003450c CoGetClassObject
0x10034510 CoTaskMemAlloc
0x10034514 CoTaskMemFree
0x10034518 CLSIDFromString
0x1003451c CLSIDFromProgID
0x10034520 CoInitialize
0x10034524 CoCreateInstance
0x10034528 CoUninitialize
0x1003452c CreateStreamOnHGlobal
0x10034530 CoRevokeClassObject
0x10034534 CoRegisterMessageFilter
0x10034538 OleFlushClipboard
0x1003453c OleIsCurrentClipboard
OLEAUT32.dll
0x100342a4 SysAllocStringLen
0x100342a8 VariantClear
0x100342ac VariantInit
0x100342b0 SysAllocString
0x100342b4 VariantChangeType
0x100342b8 OleCreateFontIndirect
0x100342bc VariantCopy
0x100342c0 SafeArrayDestroy
0x100342c4 VariantTimeToSystemTime
0x100342c8 SystemTimeToVariantTime
0x100342cc SysStringLen
0x100342d0 SysAllocStringByteLen
0x100342d4 SysFreeString
EAT(Export Address Table) Library
0x100017c0 StartW