ScreenShot
| Created | 2021.04.21 16:00 | Machine | s1_win7_x6401 |
| Filename | AeroAdmin.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 42cf36e9d42beb230502e33d34ea0b05 | ||
| sha256 | 657cebf189115e7b8c2c64102392bd56299eef02711e6807331f992247206029 | ||
| ssdeep | 49152:OcxFrsKnp7e7K6npEIGAJdfbgrWRmD86RKu+XT/4dKHMxfk0d/bYnadM02p:76KnvygcebVKafk | ||
| imphash | d4867fd86e6829ed89489a22636b7b81 | ||
| impfuzzy | 192:HlRRa5dKCF7fHOkQdfXWXoCZ18VnNirZ9ZvpQt6IewrlK:HlRRq17K6LKNic6IM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (20cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | escalate_priv | Escalade priviledges | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasDigitalSignature | DigitalSignature Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | keylogger | Run a keylogger | binaries (upload) |
| info | network_dns | Communications use DNS | binaries (upload) |
| info | network_dropper | File downloader/dropper | binaries (upload) |
| info | network_tcp_listen | Listen for incoming communication | binaries (upload) |
| info | network_tcp_socket | Communications over RAW socket | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | sniff_audio | Record Audio | binaries (upload) |
| info | Str_Win32_Winsock2_Library | Match Winsock 2 API library declaration | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
| info | win_token | Affect system token | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x605138 GetVersionExW
0x60513c GetCommandLineW
0x605140 WTSGetActiveConsoleSessionId
0x605144 AttachConsole
0x605148 ProcessIdToSessionId
0x60514c GetTickCount
0x605150 GetFileSize
0x605154 FreeLibrary
0x605158 GetModuleFileNameW
0x60515c DeleteFileW
0x605160 CreateFileW
0x605164 LoadLibraryW
0x605168 DecodePointer
0x60516c GetModuleHandleW
0x605170 RaiseException
0x605174 ReadFile
0x605178 WriteFile
0x60517c TlsFree
0x605180 PostQueuedCompletionStatus
0x605184 SetEvent
0x605188 QueueUserAPC
0x60518c TerminateThread
0x605190 WaitForMultipleObjects
0x605194 Sleep
0x605198 DeleteCriticalSection
0x60519c InitializeCriticalSectionAndSpinCount
0x6051a0 CloseHandle
0x6051a4 WaitForSingleObject
0x6051a8 GetCurrentProcessId
0x6051ac LeaveCriticalSection
0x6051b0 EnterCriticalSection
0x6051b4 GetLastError
0x6051b8 TlsAlloc
0x6051bc WideCharToMultiByte
0x6051c0 FormatMessageA
0x6051c4 OpenProcess
0x6051c8 TerminateProcess
0x6051cc AreFileApisANSI
0x6051d0 GetProcAddress
0x6051d4 FormatMessageW
0x6051d8 LocalFree
0x6051dc InterlockedExchangeAdd
0x6051e0 WriteConsoleW
0x6051e4 SetStdHandle
0x6051e8 SetEnvironmentVariableW
0x6051ec SetEnvironmentVariableA
0x6051f0 FreeEnvironmentStringsW
0x6051f4 GetEnvironmentStringsW
0x6051f8 GetCommandLineA
0x6051fc GetOEMCP
0x605200 IsValidCodePage
0x605204 FindNextFileA
0x605208 FindFirstFileExA
0x60520c HeapSize
0x605210 GetTimeZoneInformation
0x605214 HeapReAlloc
0x605218 ReadConsoleW
0x60521c InterlockedExchange
0x605220 InterlockedDecrement
0x605224 InterlockedIncrement
0x605228 MultiByteToWideChar
0x60522c GetStringTypeW
0x605230 QueryPerformanceCounter
0x605234 QueryPerformanceFrequency
0x605238 DuplicateHandle
0x60523c WaitForSingleObjectEx
0x605240 GetCurrentProcess
0x605244 SwitchToThread
0x605248 GetCurrentThread
0x60524c GetCurrentThreadId
0x605250 GetExitCodeThread
0x605254 TryEnterCriticalSection
0x605258 EncodePointer
0x60525c SetLastError
0x605260 CreateEventW
0x605264 TlsGetValue
0x605268 TlsSetValue
0x60526c GetSystemTimeAsFileTime
0x605270 CompareStringW
0x605274 LCMapStringW
0x605278 GetLocaleInfoW
0x60527c GetCPInfo
0x605280 IsDebuggerPresent
0x605284 OutputDebugStringW
0x605288 SleepEx
0x60528c CreateToolhelp32Snapshot
0x605290 Process32FirstW
0x605294 Process32NextW
0x605298 GetExitCodeProcess
0x60529c UnmapViewOfFile
0x6052a0 CreateFileMappingW
0x6052a4 MapViewOfFile
0x6052a8 OpenFileMappingW
0x6052ac GetUserGeoID
0x6052b0 GetGeoInfoW
0x6052b4 GlobalAlloc
0x6052b8 GlobalLock
0x6052bc GlobalUnlock
0x6052c0 GlobalFree
0x6052c4 SetThreadExecutionState
0x6052c8 GetConsoleWindow
0x6052cc CreateDirectoryW
0x6052d0 InterlockedCompareExchange
0x6052d4 CreateIoCompletionPort
0x6052d8 SetWaitableTimer
0x6052dc GetQueuedCompletionStatus
0x6052e0 VerSetConditionMask
0x6052e4 VerifyVersionInfoW
0x6052e8 CompareFileTime
0x6052ec FileTimeToSystemTime
0x6052f0 SystemTimeToTzSpecificLocalTime
0x6052f4 SetCurrentDirectoryW
0x6052f8 LoadLibraryA
0x6052fc LocalAlloc
0x605300 GetFileAttributesW
0x605304 OutputDebugStringA
0x605308 FreeConsole
0x60530c SetConsoleCtrlHandler
0x605310 GenerateConsoleCtrlEvent
0x605314 GetThreadTimes
0x605318 DeviceIoControl
0x60531c SetPriorityClass
0x605320 HeapAlloc
0x605324 GetProcessHeap
0x605328 HeapFree
0x60532c GetComputerNameW
0x605330 GetUserDefaultUILanguage
0x605334 FindResourceW
0x605338 LockResource
0x60533c LoadResource
0x605340 SizeofResource
0x605344 MoveFileW
0x605348 GetLogicalDriveStringsW
0x60534c GetVolumeInformationW
0x605350 GetDiskFreeSpaceExW
0x605354 FindFirstFileW
0x605358 FindNextFileW
0x60535c FindClose
0x605360 RemoveDirectoryW
0x605364 GetFileAttributesExW
0x605368 SetFileTime
0x60536c SetFilePointer
0x605370 SetEndOfFile
0x605374 ResetEvent
0x605378 InitializeSListHead
0x60537c UnhandledExceptionFilter
0x605380 SetUnhandledExceptionFilter
0x605384 IsProcessorFeaturePresent
0x605388 GetStartupInfoW
0x60538c CreateTimerQueue
0x605390 SignalObjectAndWait
0x605394 CreateThread
0x605398 SetThreadPriority
0x60539c GetThreadPriority
0x6053a0 GetLogicalProcessorInformation
0x6053a4 CreateTimerQueueTimer
0x6053a8 ChangeTimerQueueTimer
0x6053ac DeleteTimerQueueTimer
0x6053b0 GetNumaHighestNodeNumber
0x6053b4 GetProcessAffinityMask
0x6053b8 SetThreadAffinityMask
0x6053bc RegisterWaitForSingleObject
0x6053c0 UnregisterWait
0x6053c4 FreeLibraryAndExitThread
0x6053c8 GetModuleHandleA
0x6053cc LoadLibraryExW
0x6053d0 VirtualAlloc
0x6053d4 VirtualProtect
0x6053d8 VirtualFree
0x6053dc ReleaseSemaphore
0x6053e0 InterlockedPopEntrySList
0x6053e4 InterlockedPushEntrySList
0x6053e8 InterlockedFlushSList
0x6053ec QueryDepthSList
0x6053f0 UnregisterWaitEx
0x6053f4 RtlUnwind
0x6053f8 ExitProcess
0x6053fc GetModuleHandleExW
0x605400 ExitThread
0x605404 GetModuleFileNameA
0x605408 GetStdHandle
0x60540c GetACP
0x605410 GetDateFormatW
0x605414 GetTimeFormatW
0x605418 IsValidLocale
0x60541c GetUserDefaultLCID
0x605420 EnumSystemLocalesW
0x605424 GetFileType
0x605428 FlushFileBuffers
0x60542c GetConsoleCP
0x605430 GetConsoleMode
0x605434 SetFilePointerEx
USER32.dll
0x6054a0 EnumDisplaySettingsW
0x6054a4 ChangeDisplaySettingsExW
0x6054a8 GetClipboardData
0x6054ac OpenDesktopW
0x6054b0 SetThreadDesktop
0x6054b4 CloseDesktop
0x6054b8 MapVirtualKeyW
0x6054bc SystemParametersInfoW
0x6054c0 EnableWindow
0x6054c4 GetWindowRect
0x6054c8 GetAsyncKeyState
0x6054cc GetClientRect
0x6054d0 InvalidateRect
0x6054d4 SetMenu
0x6054d8 AdjustWindowRect
0x6054dc SetFocus
0x6054e0 SetWindowPos
0x6054e4 EnableMenuItem
0x6054e8 GetSystemMenu
0x6054ec GetWindowTextW
0x6054f0 MoveWindow
0x6054f4 FillRect
0x6054f8 UpdateWindow
0x6054fc ScreenToClient
0x605500 DrawTextW
0x605504 CallNextHookEx
0x605508 ClientToScreen
0x60550c SetWindowsHookExW
0x605510 BroadcastSystemMessageW
0x605514 UnhookWindowsHookEx
0x605518 SetWindowTextA
0x60551c GetWindowTextA
0x605520 IsDlgButtonChecked
0x605524 GetMenu
0x605528 DrawEdge
0x60552c DrawTextExW
0x605530 DrawFrameControl
0x605534 GetParent
0x605538 GetKeyboardState
0x60553c ToAscii
0x605540 SetScrollPos
0x605544 ShowScrollBar
0x605548 SetScrollRange
0x60554c HideCaret
0x605550 ShowCaret
0x605554 MessageBeep
0x605558 SetCaretPos
0x60555c RegisterClassW
0x605560 BeginPaint
0x605564 EndPaint
0x605568 GetFocus
0x60556c GetScrollPos
0x605570 GetScrollRange
0x605574 CreateCaret
0x605578 EnumDisplayDevicesW
0x60557c GetWindowPlacement
0x605580 DrawIconEx
0x605584 DestroyIcon
0x605588 GetDesktopWindow
0x60558c GetMonitorInfoW
0x605590 OpenWindowStationW
0x605594 SetProcessWindowStation
0x605598 CloseWindowStation
0x60559c OpenInputDesktop
0x6055a0 GetUserObjectInformationW
0x6055a4 EnumDisplayMonitors
0x6055a8 GetWindowDC
0x6055ac DestroyCursor
0x6055b0 GetCursorInfo
0x6055b4 GetIconInfo
0x6055b8 CreateIconIndirect
0x6055bc GetDCEx
0x6055c0 SetWindowLongW
0x6055c4 LoadIconW
0x6055c8 GetGuiResources
0x6055cc GetMenuBarInfo
0x6055d0 CreateMenu
0x6055d4 InsertMenuItemW
0x6055d8 DrawMenuBar
0x6055dc MapWindowPoints
0x6055e0 SetClipboardData
0x6055e4 EmptyClipboard
0x6055e8 OpenClipboard
0x6055ec DispatchMessageW
0x6055f0 mouse_event
0x6055f4 ReleaseDC
0x6055f8 GetDC
0x6055fc SendInput
0x605600 LockWorkStation
0x605604 ChangeDisplaySettingsW
0x605608 GetWindowLongW
0x60560c ExitWindowsEx
0x605610 wsprintfW
0x605614 PeekMessageW
0x605618 TranslateMessage
0x60561c MessageBoxW
0x605620 SendMessageW
0x605624 GetDlgItem
0x605628 CreateWindowExW
0x60562c DestroyWindow
0x605630 PostQuitMessage
0x605634 ShowWindow
0x605638 SetForegroundWindow
0x60563c DefWindowProcW
0x605640 GetCursorPos
0x605644 CreatePopupMenu
0x605648 InsertMenuW
0x60564c TrackPopupMenu
0x605650 DestroyMenu
0x605654 FindWindowW
0x605658 LoadImageW
0x60565c SetWindowTextW
0x605660 SetClassLongW
0x605664 PostMessageW
0x605668 GetSystemMetrics
0x60566c RegisterClassExW
0x605670 SetCursor
0x605674 LoadCursorW
0x605678 DestroyCaret
0x60567c CloseClipboard
GDI32.dll
0x6050a4 GetObjectW
0x6050a8 RestoreDC
0x6050ac SaveDC
0x6050b0 GetDIBits
0x6050b4 DeleteDC
0x6050b8 GetBitmapBits
0x6050bc CreateCompatibleBitmap
0x6050c0 CreatePatternBrush
0x6050c4 CreateDIBitmap
0x6050c8 GetTextMetricsW
0x6050cc GetTextExtentPoint32W
0x6050d0 SetROP2
0x6050d4 CreateBitmap
0x6050d8 CreatePen
0x6050dc Rectangle
0x6050e0 SetTextColor
0x6050e4 CreateFontIndirectW
0x6050e8 SetBkMode
0x6050ec SetBrushOrgEx
0x6050f0 BitBlt
0x6050f4 SelectObject
0x6050f8 CreateDIBSection
0x6050fc CreateCompatibleDC
0x605100 DeleteObject
0x605104 CreateSolidBrush
0x605108 CreateFontW
0x60510c GetDeviceCaps
0x605110 SetBkColor
0x605114 ExtTextOutW
0x605118 GetStockObject
0x60511c GetROP2
SHELL32.dll
0x605470 ShellExecuteExW
0x605474 Shell_NotifyIconW
0x605478 CommandLineToArgvW
0x60547c ShellExecuteW
0x605480 SHGetFolderPathW
0x605484 SHGetFileInfoW
0x605488 SHBrowseForFolderW
0x60548c SHGetPathFromIDListW
0x605490 SHGetMalloc
0x605494 SHGetSpecialFolderPathW
0x605498 None
ole32.dll
0x605780 CoInitialize
0x605784 CreateStreamOnHGlobal
0x605788 CoUninitialize
0x60578c CoInitializeEx
0x605790 CoCreateInstance
OLEAUT32.dll
0x605454 VariantInit
0x605458 VariantClear
0x60545c SysAllocString
0x605460 SysStringLen
0x605464 SysAllocStringByteLen
0x605468 SysFreeString
WS2_32.dll
0x6056d4 gethostname
0x6056d8 setsockopt
0x6056dc WSACleanup
0x6056e0 WSAStartup
0x6056e4 WSASetLastError
0x6056e8 shutdown
0x6056ec WSARecv
0x6056f0 WSASend
0x6056f4 ntohl
0x6056f8 getpeername
0x6056fc accept
0x605700 connect
0x605704 WSASocketW
0x605708 listen
0x60570c getsockopt
0x605710 inet_ntoa
0x605714 gethostbyname
0x605718 recv
0x60571c select
0x605720 WSAGetLastError
0x605724 getaddrinfo
0x605728 socket
0x60572c freeaddrinfo
0x605730 ind
0x605734 closesocket
0x605738 ioctlsocket
0x60573c send
urlmon.dll
0x605798 URLDownloadToFileW
0x60579c URLOpenBlockingStreamW
WINMM.dll
0x605690 timeEndPeriod
0x605694 timeBeginPeriod
0x605698 waveOutClose
0x60569c waveOutWrite
0x6056a0 waveOutPrepareHeader
0x6056a4 waveOutUnprepareHeader
0x6056a8 waveOutOpen
0x6056ac waveInClose
0x6056b0 waveInUnprepareHeader
0x6056b4 waveInAddBuffer
0x6056b8 waveInGetNumDevs
0x6056bc waveInGetDevCapsW
0x6056c0 waveInOpen
0x6056c4 waveInPrepareHeader
0x6056c8 waveInStart
0x6056cc waveInReset
WTSAPI32.dll
0x605744 WTSFreeMemory
0x605748 WTSQuerySessionInformationW
0x60574c WTSEnumerateSessionsW
USERENV.dll
0x605684 CreateEnvironmentBlock
0x605688 DestroyEnvironmentBlock
IPHLPAPI.DLL
0x605124 GetBestInterface
0x605128 IcmpSendEcho
0x60512c IcmpCreateFile
0x605130 GetAdaptersAddresses
MPR.dll
0x60543c WNetCloseEnum
0x605440 WNetOpenEnumW
0x605444 WNetEnumResourceW
gdiplus.dll
0x605754 GdipGetImageEncoders
0x605758 GdipSaveImageToStream
0x60575c GdipCloneImage
0x605760 GdipCreateBitmapFromHBITMAP
0x605764 GdipGetImageEncodersSize
0x605768 GdiplusStartup
0x60576c GdiplusShutdown
0x605770 GdipAlloc
0x605774 GdipDisposeImage
0x605778 GdipFree
MSIMG32.dll
0x60544c AlphaBlend
COMCTL32.dll
0x605090 InitCommonControlsEx
0x605094 None
COMDLG32.dll
0x60509c GetOpenFileNameW
ADVAPI32.dll
0x605000 RegQueryValueExW
0x605004 RegisterServiceCtrlHandlerExW
0x605008 OpenSCManagerW
0x60500c CreateServiceW
0x605010 ChangeServiceConfig2W
0x605014 CloseServiceHandle
0x605018 RegCreateKeyExW
0x60501c OpenServiceW
0x605020 DeleteService
0x605024 StartServiceW
0x605028 StartServiceCtrlDispatcherW
0x60502c AllocateAndInitializeSid
0x605030 CheckTokenMembership
0x605034 FreeSid
0x605038 SetSecurityInfo
0x60503c SetEntriesInAclW
0x605040 InitializeSecurityDescriptor
0x605044 SetSecurityDescriptorDacl
0x605048 SetFileSecurityW
0x60504c CryptReleaseContext
0x605050 CryptGenRandom
0x605054 CryptAcquireContextW
0x605058 GetTokenInformation
0x60505c LookupAccountSidW
0x605060 CreateProcessAsUserW
0x605064 AdjustTokenPrivileges
0x605068 SetTokenInformation
0x60506c DuplicateTokenEx
0x605070 LookupPrivilegeValueW
0x605074 OpenProcessToken
0x605078 RegCloseKey
0x60507c RegDeleteValueW
0x605080 RegSetValueExW
0x605084 SetServiceStatus
0x605088 RegOpenKeyExW
EAT(Export Address Table) is none
KERNEL32.dll
0x605138 GetVersionExW
0x60513c GetCommandLineW
0x605140 WTSGetActiveConsoleSessionId
0x605144 AttachConsole
0x605148 ProcessIdToSessionId
0x60514c GetTickCount
0x605150 GetFileSize
0x605154 FreeLibrary
0x605158 GetModuleFileNameW
0x60515c DeleteFileW
0x605160 CreateFileW
0x605164 LoadLibraryW
0x605168 DecodePointer
0x60516c GetModuleHandleW
0x605170 RaiseException
0x605174 ReadFile
0x605178 WriteFile
0x60517c TlsFree
0x605180 PostQueuedCompletionStatus
0x605184 SetEvent
0x605188 QueueUserAPC
0x60518c TerminateThread
0x605190 WaitForMultipleObjects
0x605194 Sleep
0x605198 DeleteCriticalSection
0x60519c InitializeCriticalSectionAndSpinCount
0x6051a0 CloseHandle
0x6051a4 WaitForSingleObject
0x6051a8 GetCurrentProcessId
0x6051ac LeaveCriticalSection
0x6051b0 EnterCriticalSection
0x6051b4 GetLastError
0x6051b8 TlsAlloc
0x6051bc WideCharToMultiByte
0x6051c0 FormatMessageA
0x6051c4 OpenProcess
0x6051c8 TerminateProcess
0x6051cc AreFileApisANSI
0x6051d0 GetProcAddress
0x6051d4 FormatMessageW
0x6051d8 LocalFree
0x6051dc InterlockedExchangeAdd
0x6051e0 WriteConsoleW
0x6051e4 SetStdHandle
0x6051e8 SetEnvironmentVariableW
0x6051ec SetEnvironmentVariableA
0x6051f0 FreeEnvironmentStringsW
0x6051f4 GetEnvironmentStringsW
0x6051f8 GetCommandLineA
0x6051fc GetOEMCP
0x605200 IsValidCodePage
0x605204 FindNextFileA
0x605208 FindFirstFileExA
0x60520c HeapSize
0x605210 GetTimeZoneInformation
0x605214 HeapReAlloc
0x605218 ReadConsoleW
0x60521c InterlockedExchange
0x605220 InterlockedDecrement
0x605224 InterlockedIncrement
0x605228 MultiByteToWideChar
0x60522c GetStringTypeW
0x605230 QueryPerformanceCounter
0x605234 QueryPerformanceFrequency
0x605238 DuplicateHandle
0x60523c WaitForSingleObjectEx
0x605240 GetCurrentProcess
0x605244 SwitchToThread
0x605248 GetCurrentThread
0x60524c GetCurrentThreadId
0x605250 GetExitCodeThread
0x605254 TryEnterCriticalSection
0x605258 EncodePointer
0x60525c SetLastError
0x605260 CreateEventW
0x605264 TlsGetValue
0x605268 TlsSetValue
0x60526c GetSystemTimeAsFileTime
0x605270 CompareStringW
0x605274 LCMapStringW
0x605278 GetLocaleInfoW
0x60527c GetCPInfo
0x605280 IsDebuggerPresent
0x605284 OutputDebugStringW
0x605288 SleepEx
0x60528c CreateToolhelp32Snapshot
0x605290 Process32FirstW
0x605294 Process32NextW
0x605298 GetExitCodeProcess
0x60529c UnmapViewOfFile
0x6052a0 CreateFileMappingW
0x6052a4 MapViewOfFile
0x6052a8 OpenFileMappingW
0x6052ac GetUserGeoID
0x6052b0 GetGeoInfoW
0x6052b4 GlobalAlloc
0x6052b8 GlobalLock
0x6052bc GlobalUnlock
0x6052c0 GlobalFree
0x6052c4 SetThreadExecutionState
0x6052c8 GetConsoleWindow
0x6052cc CreateDirectoryW
0x6052d0 InterlockedCompareExchange
0x6052d4 CreateIoCompletionPort
0x6052d8 SetWaitableTimer
0x6052dc GetQueuedCompletionStatus
0x6052e0 VerSetConditionMask
0x6052e4 VerifyVersionInfoW
0x6052e8 CompareFileTime
0x6052ec FileTimeToSystemTime
0x6052f0 SystemTimeToTzSpecificLocalTime
0x6052f4 SetCurrentDirectoryW
0x6052f8 LoadLibraryA
0x6052fc LocalAlloc
0x605300 GetFileAttributesW
0x605304 OutputDebugStringA
0x605308 FreeConsole
0x60530c SetConsoleCtrlHandler
0x605310 GenerateConsoleCtrlEvent
0x605314 GetThreadTimes
0x605318 DeviceIoControl
0x60531c SetPriorityClass
0x605320 HeapAlloc
0x605324 GetProcessHeap
0x605328 HeapFree
0x60532c GetComputerNameW
0x605330 GetUserDefaultUILanguage
0x605334 FindResourceW
0x605338 LockResource
0x60533c LoadResource
0x605340 SizeofResource
0x605344 MoveFileW
0x605348 GetLogicalDriveStringsW
0x60534c GetVolumeInformationW
0x605350 GetDiskFreeSpaceExW
0x605354 FindFirstFileW
0x605358 FindNextFileW
0x60535c FindClose
0x605360 RemoveDirectoryW
0x605364 GetFileAttributesExW
0x605368 SetFileTime
0x60536c SetFilePointer
0x605370 SetEndOfFile
0x605374 ResetEvent
0x605378 InitializeSListHead
0x60537c UnhandledExceptionFilter
0x605380 SetUnhandledExceptionFilter
0x605384 IsProcessorFeaturePresent
0x605388 GetStartupInfoW
0x60538c CreateTimerQueue
0x605390 SignalObjectAndWait
0x605394 CreateThread
0x605398 SetThreadPriority
0x60539c GetThreadPriority
0x6053a0 GetLogicalProcessorInformation
0x6053a4 CreateTimerQueueTimer
0x6053a8 ChangeTimerQueueTimer
0x6053ac DeleteTimerQueueTimer
0x6053b0 GetNumaHighestNodeNumber
0x6053b4 GetProcessAffinityMask
0x6053b8 SetThreadAffinityMask
0x6053bc RegisterWaitForSingleObject
0x6053c0 UnregisterWait
0x6053c4 FreeLibraryAndExitThread
0x6053c8 GetModuleHandleA
0x6053cc LoadLibraryExW
0x6053d0 VirtualAlloc
0x6053d4 VirtualProtect
0x6053d8 VirtualFree
0x6053dc ReleaseSemaphore
0x6053e0 InterlockedPopEntrySList
0x6053e4 InterlockedPushEntrySList
0x6053e8 InterlockedFlushSList
0x6053ec QueryDepthSList
0x6053f0 UnregisterWaitEx
0x6053f4 RtlUnwind
0x6053f8 ExitProcess
0x6053fc GetModuleHandleExW
0x605400 ExitThread
0x605404 GetModuleFileNameA
0x605408 GetStdHandle
0x60540c GetACP
0x605410 GetDateFormatW
0x605414 GetTimeFormatW
0x605418 IsValidLocale
0x60541c GetUserDefaultLCID
0x605420 EnumSystemLocalesW
0x605424 GetFileType
0x605428 FlushFileBuffers
0x60542c GetConsoleCP
0x605430 GetConsoleMode
0x605434 SetFilePointerEx
USER32.dll
0x6054a0 EnumDisplaySettingsW
0x6054a4 ChangeDisplaySettingsExW
0x6054a8 GetClipboardData
0x6054ac OpenDesktopW
0x6054b0 SetThreadDesktop
0x6054b4 CloseDesktop
0x6054b8 MapVirtualKeyW
0x6054bc SystemParametersInfoW
0x6054c0 EnableWindow
0x6054c4 GetWindowRect
0x6054c8 GetAsyncKeyState
0x6054cc GetClientRect
0x6054d0 InvalidateRect
0x6054d4 SetMenu
0x6054d8 AdjustWindowRect
0x6054dc SetFocus
0x6054e0 SetWindowPos
0x6054e4 EnableMenuItem
0x6054e8 GetSystemMenu
0x6054ec GetWindowTextW
0x6054f0 MoveWindow
0x6054f4 FillRect
0x6054f8 UpdateWindow
0x6054fc ScreenToClient
0x605500 DrawTextW
0x605504 CallNextHookEx
0x605508 ClientToScreen
0x60550c SetWindowsHookExW
0x605510 BroadcastSystemMessageW
0x605514 UnhookWindowsHookEx
0x605518 SetWindowTextA
0x60551c GetWindowTextA
0x605520 IsDlgButtonChecked
0x605524 GetMenu
0x605528 DrawEdge
0x60552c DrawTextExW
0x605530 DrawFrameControl
0x605534 GetParent
0x605538 GetKeyboardState
0x60553c ToAscii
0x605540 SetScrollPos
0x605544 ShowScrollBar
0x605548 SetScrollRange
0x60554c HideCaret
0x605550 ShowCaret
0x605554 MessageBeep
0x605558 SetCaretPos
0x60555c RegisterClassW
0x605560 BeginPaint
0x605564 EndPaint
0x605568 GetFocus
0x60556c GetScrollPos
0x605570 GetScrollRange
0x605574 CreateCaret
0x605578 EnumDisplayDevicesW
0x60557c GetWindowPlacement
0x605580 DrawIconEx
0x605584 DestroyIcon
0x605588 GetDesktopWindow
0x60558c GetMonitorInfoW
0x605590 OpenWindowStationW
0x605594 SetProcessWindowStation
0x605598 CloseWindowStation
0x60559c OpenInputDesktop
0x6055a0 GetUserObjectInformationW
0x6055a4 EnumDisplayMonitors
0x6055a8 GetWindowDC
0x6055ac DestroyCursor
0x6055b0 GetCursorInfo
0x6055b4 GetIconInfo
0x6055b8 CreateIconIndirect
0x6055bc GetDCEx
0x6055c0 SetWindowLongW
0x6055c4 LoadIconW
0x6055c8 GetGuiResources
0x6055cc GetMenuBarInfo
0x6055d0 CreateMenu
0x6055d4 InsertMenuItemW
0x6055d8 DrawMenuBar
0x6055dc MapWindowPoints
0x6055e0 SetClipboardData
0x6055e4 EmptyClipboard
0x6055e8 OpenClipboard
0x6055ec DispatchMessageW
0x6055f0 mouse_event
0x6055f4 ReleaseDC
0x6055f8 GetDC
0x6055fc SendInput
0x605600 LockWorkStation
0x605604 ChangeDisplaySettingsW
0x605608 GetWindowLongW
0x60560c ExitWindowsEx
0x605610 wsprintfW
0x605614 PeekMessageW
0x605618 TranslateMessage
0x60561c MessageBoxW
0x605620 SendMessageW
0x605624 GetDlgItem
0x605628 CreateWindowExW
0x60562c DestroyWindow
0x605630 PostQuitMessage
0x605634 ShowWindow
0x605638 SetForegroundWindow
0x60563c DefWindowProcW
0x605640 GetCursorPos
0x605644 CreatePopupMenu
0x605648 InsertMenuW
0x60564c TrackPopupMenu
0x605650 DestroyMenu
0x605654 FindWindowW
0x605658 LoadImageW
0x60565c SetWindowTextW
0x605660 SetClassLongW
0x605664 PostMessageW
0x605668 GetSystemMetrics
0x60566c RegisterClassExW
0x605670 SetCursor
0x605674 LoadCursorW
0x605678 DestroyCaret
0x60567c CloseClipboard
GDI32.dll
0x6050a4 GetObjectW
0x6050a8 RestoreDC
0x6050ac SaveDC
0x6050b0 GetDIBits
0x6050b4 DeleteDC
0x6050b8 GetBitmapBits
0x6050bc CreateCompatibleBitmap
0x6050c0 CreatePatternBrush
0x6050c4 CreateDIBitmap
0x6050c8 GetTextMetricsW
0x6050cc GetTextExtentPoint32W
0x6050d0 SetROP2
0x6050d4 CreateBitmap
0x6050d8 CreatePen
0x6050dc Rectangle
0x6050e0 SetTextColor
0x6050e4 CreateFontIndirectW
0x6050e8 SetBkMode
0x6050ec SetBrushOrgEx
0x6050f0 BitBlt
0x6050f4 SelectObject
0x6050f8 CreateDIBSection
0x6050fc CreateCompatibleDC
0x605100 DeleteObject
0x605104 CreateSolidBrush
0x605108 CreateFontW
0x60510c GetDeviceCaps
0x605110 SetBkColor
0x605114 ExtTextOutW
0x605118 GetStockObject
0x60511c GetROP2
SHELL32.dll
0x605470 ShellExecuteExW
0x605474 Shell_NotifyIconW
0x605478 CommandLineToArgvW
0x60547c ShellExecuteW
0x605480 SHGetFolderPathW
0x605484 SHGetFileInfoW
0x605488 SHBrowseForFolderW
0x60548c SHGetPathFromIDListW
0x605490 SHGetMalloc
0x605494 SHGetSpecialFolderPathW
0x605498 None
ole32.dll
0x605780 CoInitialize
0x605784 CreateStreamOnHGlobal
0x605788 CoUninitialize
0x60578c CoInitializeEx
0x605790 CoCreateInstance
OLEAUT32.dll
0x605454 VariantInit
0x605458 VariantClear
0x60545c SysAllocString
0x605460 SysStringLen
0x605464 SysAllocStringByteLen
0x605468 SysFreeString
WS2_32.dll
0x6056d4 gethostname
0x6056d8 setsockopt
0x6056dc WSACleanup
0x6056e0 WSAStartup
0x6056e4 WSASetLastError
0x6056e8 shutdown
0x6056ec WSARecv
0x6056f0 WSASend
0x6056f4 ntohl
0x6056f8 getpeername
0x6056fc accept
0x605700 connect
0x605704 WSASocketW
0x605708 listen
0x60570c getsockopt
0x605710 inet_ntoa
0x605714 gethostbyname
0x605718 recv
0x60571c select
0x605720 WSAGetLastError
0x605724 getaddrinfo
0x605728 socket
0x60572c freeaddrinfo
0x605730 ind
0x605734 closesocket
0x605738 ioctlsocket
0x60573c send
urlmon.dll
0x605798 URLDownloadToFileW
0x60579c URLOpenBlockingStreamW
WINMM.dll
0x605690 timeEndPeriod
0x605694 timeBeginPeriod
0x605698 waveOutClose
0x60569c waveOutWrite
0x6056a0 waveOutPrepareHeader
0x6056a4 waveOutUnprepareHeader
0x6056a8 waveOutOpen
0x6056ac waveInClose
0x6056b0 waveInUnprepareHeader
0x6056b4 waveInAddBuffer
0x6056b8 waveInGetNumDevs
0x6056bc waveInGetDevCapsW
0x6056c0 waveInOpen
0x6056c4 waveInPrepareHeader
0x6056c8 waveInStart
0x6056cc waveInReset
WTSAPI32.dll
0x605744 WTSFreeMemory
0x605748 WTSQuerySessionInformationW
0x60574c WTSEnumerateSessionsW
USERENV.dll
0x605684 CreateEnvironmentBlock
0x605688 DestroyEnvironmentBlock
IPHLPAPI.DLL
0x605124 GetBestInterface
0x605128 IcmpSendEcho
0x60512c IcmpCreateFile
0x605130 GetAdaptersAddresses
MPR.dll
0x60543c WNetCloseEnum
0x605440 WNetOpenEnumW
0x605444 WNetEnumResourceW
gdiplus.dll
0x605754 GdipGetImageEncoders
0x605758 GdipSaveImageToStream
0x60575c GdipCloneImage
0x605760 GdipCreateBitmapFromHBITMAP
0x605764 GdipGetImageEncodersSize
0x605768 GdiplusStartup
0x60576c GdiplusShutdown
0x605770 GdipAlloc
0x605774 GdipDisposeImage
0x605778 GdipFree
MSIMG32.dll
0x60544c AlphaBlend
COMCTL32.dll
0x605090 InitCommonControlsEx
0x605094 None
COMDLG32.dll
0x60509c GetOpenFileNameW
ADVAPI32.dll
0x605000 RegQueryValueExW
0x605004 RegisterServiceCtrlHandlerExW
0x605008 OpenSCManagerW
0x60500c CreateServiceW
0x605010 ChangeServiceConfig2W
0x605014 CloseServiceHandle
0x605018 RegCreateKeyExW
0x60501c OpenServiceW
0x605020 DeleteService
0x605024 StartServiceW
0x605028 StartServiceCtrlDispatcherW
0x60502c AllocateAndInitializeSid
0x605030 CheckTokenMembership
0x605034 FreeSid
0x605038 SetSecurityInfo
0x60503c SetEntriesInAclW
0x605040 InitializeSecurityDescriptor
0x605044 SetSecurityDescriptorDacl
0x605048 SetFileSecurityW
0x60504c CryptReleaseContext
0x605050 CryptGenRandom
0x605054 CryptAcquireContextW
0x605058 GetTokenInformation
0x60505c LookupAccountSidW
0x605060 CreateProcessAsUserW
0x605064 AdjustTokenPrivileges
0x605068 SetTokenInformation
0x60506c DuplicateTokenEx
0x605070 LookupPrivilegeValueW
0x605074 OpenProcessToken
0x605078 RegCloseKey
0x60507c RegDeleteValueW
0x605080 RegSetValueExW
0x605084 SetServiceStatus
0x605088 RegOpenKeyExW
EAT(Export Address Table) is none