ScreenShot
| Created | 2021.04.20 09:42 | Machine | s1_win7_x6402 |
| Filename | Iyjomdb_Signed_.xls | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (AIDetect, malware2, malicious, high confidence, Zusy, Fareit, Unsafe, Blocker, usrg, TADC, Attribute, HighConfidence, ENZR, InjectorX, icwfqo, Gencirc, R + Troj, AutoG, Malware@#10fg805is5r4z, DownLoader36, Static AI, Suspicious PE, hdgha, Wacatac, score, R356817, ZelphiF, qHY@aSG3mppi, ai score=88, Limpopo, PasswordStealer, N0ZPNYNXppN, Igent, bUSTeN, InvalidSig, GenKryptik, EKLE, confidence) | ||
| md5 | bebcbeef93c5ee64473336c98c6a13c4 | ||
| sha256 | fdb0d0d3bf868ed29271788015e69f9e193347c1bcd37e518d09e51e6a2da117 | ||
| ssdeep | 24576:FiLDfJXRq+fowpGG7By3Z72mwE8gKmX9hIbEIKn:FiLr5By3Z7NMgKAj | ||
| imphash | c7f986b767e22dea5696886cb4d7da70 | ||
| impfuzzy | 192:33PNk1QIDpbuuArSUvK9RqooqEse7CPbOQ0v:33G1hAA9LvPbOQA | ||
Network IP location
Signature (25cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | A process attempted to delay the analysis task. |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Communicates with host for which no DNS query was performed |
| watch | Disables proxy possibly for traffic interception |
| watch | Looks for the Windows Idle Time to determine the uptime |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (19cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | borland_delphi | Borland Delphi 2.0 - 7.0 / 2005 - 2007 | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | keylogger | Run a keylogger | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_files_operation | Affect private profile | memory |
| info | win_registry | Affect system registries | binaries (upload) |
Network (6cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x483140 DeleteCriticalSection
0x483144 LeaveCriticalSection
0x483148 EnterCriticalSection
0x48314c InitializeCriticalSection
0x483150 VirtualFree
0x483154 VirtualAlloc
0x483158 LocalFree
0x48315c LocalAlloc
0x483160 GetTickCount
0x483164 QueryPerformanceCounter
0x483168 GetVersion
0x48316c GetCurrentThreadId
0x483170 InterlockedDecrement
0x483174 InterlockedIncrement
0x483178 VirtualQuery
0x48317c WideCharToMultiByte
0x483180 MultiByteToWideChar
0x483184 lstrlenA
0x483188 lstrcpynA
0x48318c LoadLibraryExA
0x483190 GetThreadLocale
0x483194 GetStartupInfoA
0x483198 GetProcAddress
0x48319c GetModuleHandleA
0x4831a0 GetModuleFileNameA
0x4831a4 GetLocaleInfoA
0x4831a8 GetCommandLineA
0x4831ac FreeLibrary
0x4831b0 FindFirstFileA
0x4831b4 FindClose
0x4831b8 ExitProcess
0x4831bc WriteFile
0x4831c0 UnhandledExceptionFilter
0x4831c4 RtlUnwind
0x4831c8 RaiseException
0x4831cc GetStdHandle
user32.dll
0x4831d4 GetKeyboardType
0x4831d8 LoadStringA
0x4831dc MessageBoxA
0x4831e0 CharNextA
advapi32.dll
0x4831e8 RegQueryValueExA
0x4831ec RegOpenKeyExA
0x4831f0 RegCloseKey
oleaut32.dll
0x4831f8 SysFreeString
0x4831fc SysReAllocStringLen
0x483200 SysAllocStringLen
kernel32.dll
0x483208 TlsSetValue
0x48320c TlsGetValue
0x483210 LocalAlloc
0x483214 GetModuleHandleA
advapi32.dll
0x48321c RegQueryValueExA
0x483220 RegOpenKeyExA
0x483224 RegCloseKey
kernel32.dll
0x48322c lstrcpyA
0x483230 lstrcmpiA
0x483234 WriteFile
0x483238 WaitForSingleObject
0x48323c VirtualQuery
0x483240 VirtualProtect
0x483244 VirtualAlloc
0x483248 Sleep
0x48324c SizeofResource
0x483250 SetThreadLocale
0x483254 SetFilePointer
0x483258 SetEvent
0x48325c SetErrorMode
0x483260 SetEndOfFile
0x483264 ResetEvent
0x483268 ReadFile
0x48326c MultiByteToWideChar
0x483270 MulDiv
0x483274 LockResource
0x483278 LoadResource
0x48327c LoadLibraryA
0x483280 LeaveCriticalSection
0x483284 InitializeCriticalSection
0x483288 GlobalUnlock
0x48328c GlobalReAlloc
0x483290 GlobalHandle
0x483294 GlobalLock
0x483298 GlobalFree
0x48329c GlobalFindAtomA
0x4832a0 GlobalDeleteAtom
0x4832a4 GlobalAlloc
0x4832a8 GlobalAddAtomA
0x4832ac GetVersionExA
0x4832b0 GetVersion
0x4832b4 GetTickCount
0x4832b8 GetThreadLocale
0x4832bc GetSystemInfo
0x4832c0 GetStringTypeExA
0x4832c4 GetStdHandle
0x4832c8 GetProcAddress
0x4832cc GetModuleHandleA
0x4832d0 GetModuleFileNameA
0x4832d4 GetLocaleInfoA
0x4832d8 GetLocalTime
0x4832dc GetLastError
0x4832e0 GetFullPathNameA
0x4832e4 GetDiskFreeSpaceA
0x4832e8 GetDateFormatA
0x4832ec GetCurrentThreadId
0x4832f0 GetCurrentProcessId
0x4832f4 GetCPInfo
0x4832f8 GetACP
0x4832fc FreeResource
0x483300 InterlockedExchange
0x483304 FreeLibrary
0x483308 FormatMessageA
0x48330c FindResourceA
0x483310 EnumCalendarInfoA
0x483314 EnterCriticalSection
0x483318 DeleteCriticalSection
0x48331c CreateThread
0x483320 CreateFileA
0x483324 CreateEventA
0x483328 CompareStringA
0x48332c CloseHandle
version.dll
0x483334 VerQueryValueA
0x483338 GetFileVersionInfoSizeA
0x48333c GetFileVersionInfoA
gdi32.dll
0x483344 UnrealizeObject
0x483348 StretchBlt
0x48334c SetWindowOrgEx
0x483350 SetWinMetaFileBits
0x483354 SetViewportOrgEx
0x483358 SetTextColor
0x48335c SetStretchBltMode
0x483360 SetROP2
0x483364 SetPixel
0x483368 SetEnhMetaFileBits
0x48336c SetDIBColorTable
0x483370 SetBrushOrgEx
0x483374 SetBkMode
0x483378 SetBkColor
0x48337c SelectPalette
0x483380 SelectObject
0x483384 SelectClipRgn
0x483388 SaveDC
0x48338c RestoreDC
0x483390 Rectangle
0x483394 RectVisible
0x483398 RealizePalette
0x48339c Polyline
0x4833a0 PlayEnhMetaFile
0x4833a4 PatBlt
0x4833a8 MoveToEx
0x4833ac MaskBlt
0x4833b0 LineTo
0x4833b4 IntersectClipRect
0x4833b8 GetWindowOrgEx
0x4833bc GetWinMetaFileBits
0x4833c0 GetTextMetricsA
0x4833c4 GetTextExtentPoint32A
0x4833c8 GetSystemPaletteEntries
0x4833cc GetStockObject
0x4833d0 GetROP2
0x4833d4 GetPolyFillMode
0x4833d8 GetPixel
0x4833dc GetPaletteEntries
0x4833e0 GetObjectA
0x4833e4 GetMapMode
0x4833e8 GetEnhMetaFilePaletteEntries
0x4833ec GetEnhMetaFileHeader
0x4833f0 GetEnhMetaFileBits
0x4833f4 GetDeviceCaps
0x4833f8 GetDIBits
0x4833fc GetDIBColorTable
0x483400 GetDCOrgEx
0x483404 GetCurrentPositionEx
0x483408 GetClipBox
0x48340c GetBrushOrgEx
0x483410 GetBitmapBits
0x483414 GdiFlush
0x483418 ExcludeClipRect
0x48341c DeleteObject
0x483420 DeleteEnhMetaFile
0x483424 DeleteDC
0x483428 CreateSolidBrush
0x48342c CreatePenIndirect
0x483430 CreatePalette
0x483434 CreateHalftonePalette
0x483438 CreateFontIndirectA
0x48343c CreateDIBitmap
0x483440 CreateDIBSection
0x483444 CreateCompatibleDC
0x483448 CreateCompatibleBitmap
0x48344c CreateBrushIndirect
0x483450 CreateBitmap
0x483454 CopyEnhMetaFileA
0x483458 BitBlt
user32.dll
0x483460 CreateWindowExA
0x483464 WindowFromPoint
0x483468 WinHelpA
0x48346c WaitMessage
0x483470 UpdateWindow
0x483474 UnregisterClassA
0x483478 UnhookWindowsHookEx
0x48347c TranslateMessage
0x483480 TranslateMDISysAccel
0x483484 TrackPopupMenu
0x483488 SystemParametersInfoA
0x48348c ShowWindow
0x483490 ShowScrollBar
0x483494 ShowOwnedPopups
0x483498 ShowCursor
0x48349c SetWindowsHookExA
0x4834a0 SetWindowTextA
0x4834a4 SetWindowPos
0x4834a8 SetWindowPlacement
0x4834ac SetWindowLongA
0x4834b0 SetTimer
0x4834b4 SetScrollRange
0x4834b8 SetScrollPos
0x4834bc SetScrollInfo
0x4834c0 SetRect
0x4834c4 SetPropA
0x4834c8 SetParent
0x4834cc SetMenuItemInfoA
0x4834d0 SetMenu
0x4834d4 SetForegroundWindow
0x4834d8 SetFocus
0x4834dc SetCursor
0x4834e0 SetClassLongA
0x4834e4 SetCapture
0x4834e8 SetActiveWindow
0x4834ec SendMessageA
0x4834f0 ScrollWindow
0x4834f4 ScreenToClient
0x4834f8 RemovePropA
0x4834fc RemoveMenu
0x483500 ReleaseDC
0x483504 ReleaseCapture
0x483508 RegisterWindowMessageA
0x48350c RegisterClipboardFormatA
0x483510 RegisterClassA
0x483514 RedrawWindow
0x483518 PtInRect
0x48351c PostQuitMessage
0x483520 PostMessageA
0x483524 PeekMessageA
0x483528 OffsetRect
0x48352c OemToCharA
0x483530 MessageBoxA
0x483534 MapWindowPoints
0x483538 MapVirtualKeyA
0x48353c LoadStringA
0x483540 LoadKeyboardLayoutA
0x483544 LoadIconA
0x483548 LoadCursorA
0x48354c LoadBitmapA
0x483550 KillTimer
0x483554 IsZoomed
0x483558 IsWindowVisible
0x48355c IsWindowEnabled
0x483560 IsWindow
0x483564 IsRectEmpty
0x483568 IsIconic
0x48356c IsDialogMessageA
0x483570 IsChild
0x483574 InvalidateRect
0x483578 IntersectRect
0x48357c InsertMenuItemA
0x483580 InsertMenuA
0x483584 InflateRect
0x483588 GetWindowThreadProcessId
0x48358c GetWindowTextA
0x483590 GetWindowRect
0x483594 GetWindowPlacement
0x483598 GetWindowLongA
0x48359c GetWindowDC
0x4835a0 GetTopWindow
0x4835a4 GetSystemMetrics
0x4835a8 GetSystemMenu
0x4835ac GetSysColorBrush
0x4835b0 GetSysColor
0x4835b4 GetSubMenu
0x4835b8 GetScrollRange
0x4835bc GetScrollPos
0x4835c0 GetScrollInfo
0x4835c4 GetPropA
0x4835c8 GetParent
0x4835cc GetWindow
0x4835d0 GetMenuStringA
0x4835d4 GetMenuState
0x4835d8 GetMenuItemInfoA
0x4835dc GetMenuItemID
0x4835e0 GetMenuItemCount
0x4835e4 GetMenu
0x4835e8 GetLastActivePopup
0x4835ec GetKeyboardState
0x4835f0 GetKeyboardLayoutList
0x4835f4 GetKeyboardLayout
0x4835f8 GetKeyState
0x4835fc GetKeyNameTextA
0x483600 GetIconInfo
0x483604 GetForegroundWindow
0x483608 GetFocus
0x48360c GetDesktopWindow
0x483610 GetDCEx
0x483614 GetDC
0x483618 GetCursorPos
0x48361c GetCursor
0x483620 GetClipboardData
0x483624 GetClientRect
0x483628 GetClassNameA
0x48362c GetClassInfoA
0x483630 GetCapture
0x483634 GetActiveWindow
0x483638 FrameRect
0x48363c FindWindowA
0x483640 FillRect
0x483644 EqualRect
0x483648 EnumWindows
0x48364c EnumThreadWindows
0x483650 EndPaint
0x483654 EnableWindow
0x483658 EnableScrollBar
0x48365c EnableMenuItem
0x483660 DrawTextA
0x483664 DrawMenuBar
0x483668 DrawIconEx
0x48366c DrawIcon
0x483670 DrawFrameControl
0x483674 DrawEdge
0x483678 DispatchMessageA
0x48367c DestroyWindow
0x483680 DestroyMenu
0x483684 DestroyIcon
0x483688 DestroyCursor
0x48368c DeleteMenu
0x483690 DefWindowProcA
0x483694 DefMDIChildProcA
0x483698 DefFrameProcA
0x48369c CreatePopupMenu
0x4836a0 CreateMenu
0x4836a4 CreateIcon
0x4836a8 ClientToScreen
0x4836ac CheckMenuItem
0x4836b0 CallWindowProcA
0x4836b4 CallNextHookEx
0x4836b8 BeginPaint
0x4836bc CharNextA
0x4836c0 CharLowerBuffA
0x4836c4 CharLowerA
0x4836c8 CharUpperBuffA
0x4836cc CharToOemA
0x4836d0 AdjustWindowRectEx
0x4836d4 ActivateKeyboardLayout
kernel32.dll
0x4836dc Sleep
oleaut32.dll
0x4836e4 SafeArrayPtrOfIndex
0x4836e8 SafeArrayPutElement
0x4836ec SafeArrayGetElement
0x4836f0 SafeArrayUnaccessData
0x4836f4 SafeArrayAccessData
0x4836f8 SafeArrayGetUBound
0x4836fc SafeArrayGetLBound
0x483700 SafeArrayCreate
0x483704 VariantChangeType
0x483708 VariantCopyInd
0x48370c VariantCopy
0x483710 VariantClear
0x483714 VariantInit
ole32.dll
0x48371c CoUninitialize
0x483720 CoInitialize
oleaut32.dll
0x483728 GetErrorInfo
0x48372c SysFreeString
comctl32.dll
0x483734 ImageList_SetIconSize
0x483738 ImageList_GetIconSize
0x48373c ImageList_Write
0x483740 ImageList_Read
0x483744 ImageList_GetDragImage
0x483748 ImageList_DragShowNolock
0x48374c ImageList_SetDragCursorImage
0x483750 ImageList_DragMove
0x483754 ImageList_DragLeave
0x483758 ImageList_DragEnter
0x48375c ImageList_EndDrag
0x483760 ImageList_BeginDrag
0x483764 ImageList_Remove
0x483768 ImageList_DrawEx
0x48376c ImageList_Draw
0x483770 ImageList_GetBkColor
0x483774 ImageList_SetBkColor
0x483778 ImageList_ReplaceIcon
0x48377c ImageList_Add
0x483780 ImageList_SetImageCount
0x483784 ImageList_GetImageCount
0x483788 ImageList_Destroy
0x48378c ImageList_Create
0x483790 InitCommonControls
EAT(Export Address Table) is none
kernel32.dll
0x483140 DeleteCriticalSection
0x483144 LeaveCriticalSection
0x483148 EnterCriticalSection
0x48314c InitializeCriticalSection
0x483150 VirtualFree
0x483154 VirtualAlloc
0x483158 LocalFree
0x48315c LocalAlloc
0x483160 GetTickCount
0x483164 QueryPerformanceCounter
0x483168 GetVersion
0x48316c GetCurrentThreadId
0x483170 InterlockedDecrement
0x483174 InterlockedIncrement
0x483178 VirtualQuery
0x48317c WideCharToMultiByte
0x483180 MultiByteToWideChar
0x483184 lstrlenA
0x483188 lstrcpynA
0x48318c LoadLibraryExA
0x483190 GetThreadLocale
0x483194 GetStartupInfoA
0x483198 GetProcAddress
0x48319c GetModuleHandleA
0x4831a0 GetModuleFileNameA
0x4831a4 GetLocaleInfoA
0x4831a8 GetCommandLineA
0x4831ac FreeLibrary
0x4831b0 FindFirstFileA
0x4831b4 FindClose
0x4831b8 ExitProcess
0x4831bc WriteFile
0x4831c0 UnhandledExceptionFilter
0x4831c4 RtlUnwind
0x4831c8 RaiseException
0x4831cc GetStdHandle
user32.dll
0x4831d4 GetKeyboardType
0x4831d8 LoadStringA
0x4831dc MessageBoxA
0x4831e0 CharNextA
advapi32.dll
0x4831e8 RegQueryValueExA
0x4831ec RegOpenKeyExA
0x4831f0 RegCloseKey
oleaut32.dll
0x4831f8 SysFreeString
0x4831fc SysReAllocStringLen
0x483200 SysAllocStringLen
kernel32.dll
0x483208 TlsSetValue
0x48320c TlsGetValue
0x483210 LocalAlloc
0x483214 GetModuleHandleA
advapi32.dll
0x48321c RegQueryValueExA
0x483220 RegOpenKeyExA
0x483224 RegCloseKey
kernel32.dll
0x48322c lstrcpyA
0x483230 lstrcmpiA
0x483234 WriteFile
0x483238 WaitForSingleObject
0x48323c VirtualQuery
0x483240 VirtualProtect
0x483244 VirtualAlloc
0x483248 Sleep
0x48324c SizeofResource
0x483250 SetThreadLocale
0x483254 SetFilePointer
0x483258 SetEvent
0x48325c SetErrorMode
0x483260 SetEndOfFile
0x483264 ResetEvent
0x483268 ReadFile
0x48326c MultiByteToWideChar
0x483270 MulDiv
0x483274 LockResource
0x483278 LoadResource
0x48327c LoadLibraryA
0x483280 LeaveCriticalSection
0x483284 InitializeCriticalSection
0x483288 GlobalUnlock
0x48328c GlobalReAlloc
0x483290 GlobalHandle
0x483294 GlobalLock
0x483298 GlobalFree
0x48329c GlobalFindAtomA
0x4832a0 GlobalDeleteAtom
0x4832a4 GlobalAlloc
0x4832a8 GlobalAddAtomA
0x4832ac GetVersionExA
0x4832b0 GetVersion
0x4832b4 GetTickCount
0x4832b8 GetThreadLocale
0x4832bc GetSystemInfo
0x4832c0 GetStringTypeExA
0x4832c4 GetStdHandle
0x4832c8 GetProcAddress
0x4832cc GetModuleHandleA
0x4832d0 GetModuleFileNameA
0x4832d4 GetLocaleInfoA
0x4832d8 GetLocalTime
0x4832dc GetLastError
0x4832e0 GetFullPathNameA
0x4832e4 GetDiskFreeSpaceA
0x4832e8 GetDateFormatA
0x4832ec GetCurrentThreadId
0x4832f0 GetCurrentProcessId
0x4832f4 GetCPInfo
0x4832f8 GetACP
0x4832fc FreeResource
0x483300 InterlockedExchange
0x483304 FreeLibrary
0x483308 FormatMessageA
0x48330c FindResourceA
0x483310 EnumCalendarInfoA
0x483314 EnterCriticalSection
0x483318 DeleteCriticalSection
0x48331c CreateThread
0x483320 CreateFileA
0x483324 CreateEventA
0x483328 CompareStringA
0x48332c CloseHandle
version.dll
0x483334 VerQueryValueA
0x483338 GetFileVersionInfoSizeA
0x48333c GetFileVersionInfoA
gdi32.dll
0x483344 UnrealizeObject
0x483348 StretchBlt
0x48334c SetWindowOrgEx
0x483350 SetWinMetaFileBits
0x483354 SetViewportOrgEx
0x483358 SetTextColor
0x48335c SetStretchBltMode
0x483360 SetROP2
0x483364 SetPixel
0x483368 SetEnhMetaFileBits
0x48336c SetDIBColorTable
0x483370 SetBrushOrgEx
0x483374 SetBkMode
0x483378 SetBkColor
0x48337c SelectPalette
0x483380 SelectObject
0x483384 SelectClipRgn
0x483388 SaveDC
0x48338c RestoreDC
0x483390 Rectangle
0x483394 RectVisible
0x483398 RealizePalette
0x48339c Polyline
0x4833a0 PlayEnhMetaFile
0x4833a4 PatBlt
0x4833a8 MoveToEx
0x4833ac MaskBlt
0x4833b0 LineTo
0x4833b4 IntersectClipRect
0x4833b8 GetWindowOrgEx
0x4833bc GetWinMetaFileBits
0x4833c0 GetTextMetricsA
0x4833c4 GetTextExtentPoint32A
0x4833c8 GetSystemPaletteEntries
0x4833cc GetStockObject
0x4833d0 GetROP2
0x4833d4 GetPolyFillMode
0x4833d8 GetPixel
0x4833dc GetPaletteEntries
0x4833e0 GetObjectA
0x4833e4 GetMapMode
0x4833e8 GetEnhMetaFilePaletteEntries
0x4833ec GetEnhMetaFileHeader
0x4833f0 GetEnhMetaFileBits
0x4833f4 GetDeviceCaps
0x4833f8 GetDIBits
0x4833fc GetDIBColorTable
0x483400 GetDCOrgEx
0x483404 GetCurrentPositionEx
0x483408 GetClipBox
0x48340c GetBrushOrgEx
0x483410 GetBitmapBits
0x483414 GdiFlush
0x483418 ExcludeClipRect
0x48341c DeleteObject
0x483420 DeleteEnhMetaFile
0x483424 DeleteDC
0x483428 CreateSolidBrush
0x48342c CreatePenIndirect
0x483430 CreatePalette
0x483434 CreateHalftonePalette
0x483438 CreateFontIndirectA
0x48343c CreateDIBitmap
0x483440 CreateDIBSection
0x483444 CreateCompatibleDC
0x483448 CreateCompatibleBitmap
0x48344c CreateBrushIndirect
0x483450 CreateBitmap
0x483454 CopyEnhMetaFileA
0x483458 BitBlt
user32.dll
0x483460 CreateWindowExA
0x483464 WindowFromPoint
0x483468 WinHelpA
0x48346c WaitMessage
0x483470 UpdateWindow
0x483474 UnregisterClassA
0x483478 UnhookWindowsHookEx
0x48347c TranslateMessage
0x483480 TranslateMDISysAccel
0x483484 TrackPopupMenu
0x483488 SystemParametersInfoA
0x48348c ShowWindow
0x483490 ShowScrollBar
0x483494 ShowOwnedPopups
0x483498 ShowCursor
0x48349c SetWindowsHookExA
0x4834a0 SetWindowTextA
0x4834a4 SetWindowPos
0x4834a8 SetWindowPlacement
0x4834ac SetWindowLongA
0x4834b0 SetTimer
0x4834b4 SetScrollRange
0x4834b8 SetScrollPos
0x4834bc SetScrollInfo
0x4834c0 SetRect
0x4834c4 SetPropA
0x4834c8 SetParent
0x4834cc SetMenuItemInfoA
0x4834d0 SetMenu
0x4834d4 SetForegroundWindow
0x4834d8 SetFocus
0x4834dc SetCursor
0x4834e0 SetClassLongA
0x4834e4 SetCapture
0x4834e8 SetActiveWindow
0x4834ec SendMessageA
0x4834f0 ScrollWindow
0x4834f4 ScreenToClient
0x4834f8 RemovePropA
0x4834fc RemoveMenu
0x483500 ReleaseDC
0x483504 ReleaseCapture
0x483508 RegisterWindowMessageA
0x48350c RegisterClipboardFormatA
0x483510 RegisterClassA
0x483514 RedrawWindow
0x483518 PtInRect
0x48351c PostQuitMessage
0x483520 PostMessageA
0x483524 PeekMessageA
0x483528 OffsetRect
0x48352c OemToCharA
0x483530 MessageBoxA
0x483534 MapWindowPoints
0x483538 MapVirtualKeyA
0x48353c LoadStringA
0x483540 LoadKeyboardLayoutA
0x483544 LoadIconA
0x483548 LoadCursorA
0x48354c LoadBitmapA
0x483550 KillTimer
0x483554 IsZoomed
0x483558 IsWindowVisible
0x48355c IsWindowEnabled
0x483560 IsWindow
0x483564 IsRectEmpty
0x483568 IsIconic
0x48356c IsDialogMessageA
0x483570 IsChild
0x483574 InvalidateRect
0x483578 IntersectRect
0x48357c InsertMenuItemA
0x483580 InsertMenuA
0x483584 InflateRect
0x483588 GetWindowThreadProcessId
0x48358c GetWindowTextA
0x483590 GetWindowRect
0x483594 GetWindowPlacement
0x483598 GetWindowLongA
0x48359c GetWindowDC
0x4835a0 GetTopWindow
0x4835a4 GetSystemMetrics
0x4835a8 GetSystemMenu
0x4835ac GetSysColorBrush
0x4835b0 GetSysColor
0x4835b4 GetSubMenu
0x4835b8 GetScrollRange
0x4835bc GetScrollPos
0x4835c0 GetScrollInfo
0x4835c4 GetPropA
0x4835c8 GetParent
0x4835cc GetWindow
0x4835d0 GetMenuStringA
0x4835d4 GetMenuState
0x4835d8 GetMenuItemInfoA
0x4835dc GetMenuItemID
0x4835e0 GetMenuItemCount
0x4835e4 GetMenu
0x4835e8 GetLastActivePopup
0x4835ec GetKeyboardState
0x4835f0 GetKeyboardLayoutList
0x4835f4 GetKeyboardLayout
0x4835f8 GetKeyState
0x4835fc GetKeyNameTextA
0x483600 GetIconInfo
0x483604 GetForegroundWindow
0x483608 GetFocus
0x48360c GetDesktopWindow
0x483610 GetDCEx
0x483614 GetDC
0x483618 GetCursorPos
0x48361c GetCursor
0x483620 GetClipboardData
0x483624 GetClientRect
0x483628 GetClassNameA
0x48362c GetClassInfoA
0x483630 GetCapture
0x483634 GetActiveWindow
0x483638 FrameRect
0x48363c FindWindowA
0x483640 FillRect
0x483644 EqualRect
0x483648 EnumWindows
0x48364c EnumThreadWindows
0x483650 EndPaint
0x483654 EnableWindow
0x483658 EnableScrollBar
0x48365c EnableMenuItem
0x483660 DrawTextA
0x483664 DrawMenuBar
0x483668 DrawIconEx
0x48366c DrawIcon
0x483670 DrawFrameControl
0x483674 DrawEdge
0x483678 DispatchMessageA
0x48367c DestroyWindow
0x483680 DestroyMenu
0x483684 DestroyIcon
0x483688 DestroyCursor
0x48368c DeleteMenu
0x483690 DefWindowProcA
0x483694 DefMDIChildProcA
0x483698 DefFrameProcA
0x48369c CreatePopupMenu
0x4836a0 CreateMenu
0x4836a4 CreateIcon
0x4836a8 ClientToScreen
0x4836ac CheckMenuItem
0x4836b0 CallWindowProcA
0x4836b4 CallNextHookEx
0x4836b8 BeginPaint
0x4836bc CharNextA
0x4836c0 CharLowerBuffA
0x4836c4 CharLowerA
0x4836c8 CharUpperBuffA
0x4836cc CharToOemA
0x4836d0 AdjustWindowRectEx
0x4836d4 ActivateKeyboardLayout
kernel32.dll
0x4836dc Sleep
oleaut32.dll
0x4836e4 SafeArrayPtrOfIndex
0x4836e8 SafeArrayPutElement
0x4836ec SafeArrayGetElement
0x4836f0 SafeArrayUnaccessData
0x4836f4 SafeArrayAccessData
0x4836f8 SafeArrayGetUBound
0x4836fc SafeArrayGetLBound
0x483700 SafeArrayCreate
0x483704 VariantChangeType
0x483708 VariantCopyInd
0x48370c VariantCopy
0x483710 VariantClear
0x483714 VariantInit
ole32.dll
0x48371c CoUninitialize
0x483720 CoInitialize
oleaut32.dll
0x483728 GetErrorInfo
0x48372c SysFreeString
comctl32.dll
0x483734 ImageList_SetIconSize
0x483738 ImageList_GetIconSize
0x48373c ImageList_Write
0x483740 ImageList_Read
0x483744 ImageList_GetDragImage
0x483748 ImageList_DragShowNolock
0x48374c ImageList_SetDragCursorImage
0x483750 ImageList_DragMove
0x483754 ImageList_DragLeave
0x483758 ImageList_DragEnter
0x48375c ImageList_EndDrag
0x483760 ImageList_BeginDrag
0x483764 ImageList_Remove
0x483768 ImageList_DrawEx
0x48376c ImageList_Draw
0x483770 ImageList_GetBkColor
0x483774 ImageList_SetBkColor
0x483778 ImageList_ReplaceIcon
0x48377c ImageList_Add
0x483780 ImageList_SetImageCount
0x483784 ImageList_GetImageCount
0x483788 ImageList_Destroy
0x48378c ImageList_Create
0x483790 InitCommonControls
EAT(Export Address Table) is none