ScreenShot
| Created | 2021.06.04 18:14 | Machine | s1_win7_x6401 |
| Filename | cc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | a366fb953227608061d99b578d6a31c1 | ||
| sha256 | daa6210400cb3f6a007ac6fe81873136f1ac25fd915579ee7533cc2f40c942d2 | ||
| ssdeep | 12288:4wZeGjiyhybwk6VAn0+A2NUj4pfIMNFYoOOikhoAOpbAF++n/tA:4sjhyZn4VuIMzsAAbAl/tA | ||
| imphash | c13589351b888eacb104575a16a88b27 | ||
| impfuzzy | 192:f3Pnk1Q8mdbuuSrSUvK9RqoaqyseSPOQXo:f381uSA9LTPOQ4 | ||
Network IP location
Signature (21cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Deletes executed files from disk |
| watch | Network activity contains more than one unique useragent |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (33cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | memory |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
| info | Win_Trojan_agentTesla_Zero | Win.Trojan.agentTesla | memory |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x461154 DeleteCriticalSection
0x461158 LeaveCriticalSection
0x46115c EnterCriticalSection
0x461160 InitializeCriticalSection
0x461164 VirtualFree
0x461168 VirtualAlloc
0x46116c LocalFree
0x461170 LocalAlloc
0x461174 GetVersion
0x461178 GetCurrentThreadId
0x46117c InterlockedDecrement
0x461180 InterlockedIncrement
0x461184 VirtualQuery
0x461188 WideCharToMultiByte
0x46118c MultiByteToWideChar
0x461190 lstrlenA
0x461194 lstrcpynA
0x461198 LoadLibraryExA
0x46119c GetThreadLocale
0x4611a0 GetStartupInfoA
0x4611a4 GetProcAddress
0x4611a8 GetModuleHandleA
0x4611ac GetModuleFileNameA
0x4611b0 GetLocaleInfoA
0x4611b4 GetCommandLineA
0x4611b8 FreeLibrary
0x4611bc FindFirstFileA
0x4611c0 FindClose
0x4611c4 ExitProcess
0x4611c8 WriteFile
0x4611cc UnhandledExceptionFilter
0x4611d0 RtlUnwind
0x4611d4 RaiseException
0x4611d8 GetStdHandle
user32.dll
0x4611e0 GetKeyboardType
0x4611e4 LoadStringA
0x4611e8 MessageBoxA
0x4611ec CharNextA
advapi32.dll
0x4611f4 RegQueryValueExA
0x4611f8 RegOpenKeyExA
0x4611fc RegCloseKey
oleaut32.dll
0x461204 SysFreeString
0x461208 SysReAllocStringLen
0x46120c SysAllocStringLen
kernel32.dll
0x461214 TlsSetValue
0x461218 TlsGetValue
0x46121c LocalAlloc
0x461220 GetModuleHandleA
advapi32.dll
0x461228 RegQueryValueExA
0x46122c RegOpenKeyExA
0x461230 RegCloseKey
kernel32.dll
0x461238 lstrcpyA
0x46123c lstrcmpiA
0x461240 WriteFile
0x461244 WaitForSingleObject
0x461248 VirtualQuery
0x46124c VirtualProtect
0x461250 VirtualAlloc
0x461254 Sleep
0x461258 SizeofResource
0x46125c SetThreadLocale
0x461260 SetFilePointer
0x461264 SetEvent
0x461268 SetErrorMode
0x46126c SetEndOfFile
0x461270 ResetEvent
0x461274 ReadFile
0x461278 MultiByteToWideChar
0x46127c MulDiv
0x461280 LockResource
0x461284 LoadResource
0x461288 LoadLibraryA
0x46128c LeaveCriticalSection
0x461290 InitializeCriticalSection
0x461294 GlobalUnlock
0x461298 GlobalSize
0x46129c GlobalReAlloc
0x4612a0 GlobalHandle
0x4612a4 GlobalLock
0x4612a8 GlobalFree
0x4612ac GlobalFindAtomA
0x4612b0 GlobalDeleteAtom
0x4612b4 GlobalAlloc
0x4612b8 GlobalAddAtomA
0x4612bc GetVersionExA
0x4612c0 GetVersion
0x4612c4 GetUserDefaultLCID
0x4612c8 GetTickCount
0x4612cc GetThreadLocale
0x4612d0 GetSystemInfo
0x4612d4 GetStringTypeExA
0x4612d8 GetStdHandle
0x4612dc GetProcAddress
0x4612e0 GetModuleHandleA
0x4612e4 GetModuleFileNameA
0x4612e8 GetLocaleInfoA
0x4612ec GetLocalTime
0x4612f0 GetLastError
0x4612f4 GetFullPathNameA
0x4612f8 GetDiskFreeSpaceA
0x4612fc GetDateFormatA
0x461300 GetCurrentThreadId
0x461304 GetCurrentProcessId
0x461308 GetCPInfo
0x46130c GetACP
0x461310 FreeResource
0x461314 InterlockedExchange
0x461318 FreeLibrary
0x46131c FormatMessageA
0x461320 FindResourceA
0x461324 EnumCalendarInfoA
0x461328 EnterCriticalSection
0x46132c DeleteCriticalSection
0x461330 CreateThread
0x461334 CreateFileA
0x461338 CreateEventA
0x46133c CompareStringA
0x461340 CloseHandle
version.dll
0x461348 VerQueryValueA
0x46134c GetFileVersionInfoSizeA
0x461350 GetFileVersionInfoA
gdi32.dll
0x461358 UnrealizeObject
0x46135c StretchBlt
0x461360 SetWindowOrgEx
0x461364 SetWinMetaFileBits
0x461368 SetViewportOrgEx
0x46136c SetTextColor
0x461370 SetStretchBltMode
0x461374 SetROP2
0x461378 SetPixel
0x46137c SetEnhMetaFileBits
0x461380 SetDIBColorTable
0x461384 SetBrushOrgEx
0x461388 SetBkMode
0x46138c SetBkColor
0x461390 SelectPalette
0x461394 SelectObject
0x461398 SaveDC
0x46139c RestoreDC
0x4613a0 RectVisible
0x4613a4 RealizePalette
0x4613a8 Polyline
0x4613ac PlayEnhMetaFile
0x4613b0 PatBlt
0x4613b4 MoveToEx
0x4613b8 MaskBlt
0x4613bc LineTo
0x4613c0 IntersectClipRect
0x4613c4 GetWindowOrgEx
0x4613c8 GetWinMetaFileBits
0x4613cc GetTextMetricsA
0x4613d0 GetTextExtentPoint32A
0x4613d4 GetSystemPaletteEntries
0x4613d8 GetStockObject
0x4613dc GetPixel
0x4613e0 GetPaletteEntries
0x4613e4 GetObjectA
0x4613e8 GetEnhMetaFilePaletteEntries
0x4613ec GetEnhMetaFileHeader
0x4613f0 GetEnhMetaFileDescriptionA
0x4613f4 GetEnhMetaFileBits
0x4613f8 GetDeviceCaps
0x4613fc GetDIBits
0x461400 GetDIBColorTable
0x461404 GetDCOrgEx
0x461408 GetCurrentPositionEx
0x46140c GetClipBox
0x461410 GetBrushOrgEx
0x461414 GetBitmapBits
0x461418 ExcludeClipRect
0x46141c DeleteObject
0x461420 DeleteEnhMetaFile
0x461424 DeleteDC
0x461428 CreateSolidBrush
0x46142c CreatePenIndirect
0x461430 CreatePalette
0x461434 CreateHalftonePalette
0x461438 CreateFontIndirectA
0x46143c CreateEnhMetaFileA
0x461440 CreateDIBitmap
0x461444 CreateDIBSection
0x461448 CreateCompatibleDC
0x46144c CreateCompatibleBitmap
0x461450 CreateBrushIndirect
0x461454 CreateBitmap
0x461458 CopyEnhMetaFileA
0x46145c CloseEnhMetaFile
0x461460 BitBlt
user32.dll
0x461468 CreateWindowExA
0x46146c WindowFromPoint
0x461470 WinHelpA
0x461474 WaitMessage
0x461478 UpdateWindow
0x46147c UnregisterClassA
0x461480 UnhookWindowsHookEx
0x461484 TranslateMessage
0x461488 TranslateMDISysAccel
0x46148c TrackPopupMenu
0x461490 SystemParametersInfoA
0x461494 ShowWindow
0x461498 ShowScrollBar
0x46149c ShowOwnedPopups
0x4614a0 ShowCursor
0x4614a4 SetWindowsHookExA
0x4614a8 SetWindowPos
0x4614ac SetWindowPlacement
0x4614b0 SetWindowLongA
0x4614b4 SetTimer
0x4614b8 SetScrollRange
0x4614bc SetScrollPos
0x4614c0 SetScrollInfo
0x4614c4 SetRect
0x4614c8 SetPropA
0x4614cc SetParent
0x4614d0 SetMenuItemInfoA
0x4614d4 SetMenu
0x4614d8 SetForegroundWindow
0x4614dc SetFocus
0x4614e0 SetCursor
0x4614e4 SetClassLongA
0x4614e8 SetCapture
0x4614ec SetActiveWindow
0x4614f0 SendMessageA
0x4614f4 ScrollWindow
0x4614f8 ScreenToClient
0x4614fc RemovePropA
0x461500 RemoveMenu
0x461504 ReleaseDC
0x461508 ReleaseCapture
0x46150c RegisterWindowMessageA
0x461510 RegisterClipboardFormatA
0x461514 RegisterClassA
0x461518 RedrawWindow
0x46151c PtInRect
0x461520 PostQuitMessage
0x461524 PostMessageA
0x461528 PeekMessageA
0x46152c OffsetRect
0x461530 OemToCharA
0x461534 MessageBoxA
0x461538 MapWindowPoints
0x46153c MapVirtualKeyA
0x461540 LoadStringA
0x461544 LoadKeyboardLayoutA
0x461548 LoadIconA
0x46154c LoadCursorA
0x461550 LoadBitmapA
0x461554 KillTimer
0x461558 IsZoomed
0x46155c IsWindowVisible
0x461560 IsWindowEnabled
0x461564 IsWindow
0x461568 IsRectEmpty
0x46156c IsIconic
0x461570 IsDialogMessageA
0x461574 IsChild
0x461578 InvalidateRect
0x46157c IntersectRect
0x461580 InsertMenuItemA
0x461584 InsertMenuA
0x461588 InflateRect
0x46158c GetWindowThreadProcessId
0x461590 GetWindowTextA
0x461594 GetWindowRect
0x461598 GetWindowPlacement
0x46159c GetWindowLongA
0x4615a0 GetWindowDC
0x4615a4 GetTopWindow
0x4615a8 GetSystemMetrics
0x4615ac GetSystemMenu
0x4615b0 GetSysColorBrush
0x4615b4 GetSysColor
0x4615b8 GetSubMenu
0x4615bc GetScrollRange
0x4615c0 GetScrollPos
0x4615c4 GetScrollInfo
0x4615c8 GetPropA
0x4615cc GetParent
0x4615d0 GetWindow
0x4615d4 GetMessageTime
0x4615d8 GetMenuStringA
0x4615dc GetMenuState
0x4615e0 GetMenuItemInfoA
0x4615e4 GetMenuItemID
0x4615e8 GetMenuItemCount
0x4615ec GetMenu
0x4615f0 GetLastActivePopup
0x4615f4 GetKeyboardState
0x4615f8 GetKeyboardLayoutList
0x4615fc GetKeyboardLayout
0x461600 GetKeyState
0x461604 GetKeyNameTextA
0x461608 GetIconInfo
0x46160c GetForegroundWindow
0x461610 GetFocus
0x461614 GetDlgItem
0x461618 GetDesktopWindow
0x46161c GetDCEx
0x461620 GetDC
0x461624 GetCursorPos
0x461628 GetCursor
0x46162c GetClipboardData
0x461630 GetClientRect
0x461634 GetClassNameA
0x461638 GetClassInfoA
0x46163c GetCapture
0x461640 GetActiveWindow
0x461644 FrameRect
0x461648 FindWindowA
0x46164c FillRect
0x461650 EqualRect
0x461654 EnumWindows
0x461658 EnumThreadWindows
0x46165c EndPaint
0x461660 EnableWindow
0x461664 EnableScrollBar
0x461668 EnableMenuItem
0x46166c DrawTextA
0x461670 DrawMenuBar
0x461674 DrawIconEx
0x461678 DrawIcon
0x46167c DrawFrameControl
0x461680 DrawEdge
0x461684 DispatchMessageA
0x461688 DestroyWindow
0x46168c DestroyMenu
0x461690 DestroyIcon
0x461694 DestroyCursor
0x461698 DeleteMenu
0x46169c DefWindowProcA
0x4616a0 DefMDIChildProcA
0x4616a4 DefFrameProcA
0x4616a8 CreatePopupMenu
0x4616ac CreateMenu
0x4616b0 CreateIcon
0x4616b4 ClientToScreen
0x4616b8 CheckMenuItem
0x4616bc CallWindowProcA
0x4616c0 CallNextHookEx
0x4616c4 BeginPaint
0x4616c8 CharNextA
0x4616cc CharLowerBuffA
0x4616d0 CharLowerA
0x4616d4 CharToOemA
0x4616d8 AdjustWindowRectEx
0x4616dc ActivateKeyboardLayout
kernel32.dll
0x4616e4 Sleep
oleaut32.dll
0x4616ec SafeArrayPtrOfIndex
0x4616f0 SafeArrayGetUBound
0x4616f4 SafeArrayGetLBound
0x4616f8 SafeArrayCreate
0x4616fc VariantChangeType
0x461700 VariantCopy
0x461704 VariantClear
0x461708 VariantInit
ole32.dll
0x461710 CreateStreamOnHGlobal
0x461714 IsAccelerator
0x461718 OleDraw
0x46171c OleSetMenuDescriptor
0x461720 CoCreateInstance
0x461724 CoGetClassObject
0x461728 CoUninitialize
0x46172c CoInitialize
0x461730 IsEqualGUID
oleaut32.dll
0x461738 GetErrorInfo
0x46173c SysFreeString
comctl32.dll
0x461744 ImageList_SetIconSize
0x461748 ImageList_GetIconSize
0x46174c ImageList_Write
0x461750 ImageList_Read
0x461754 ImageList_GetDragImage
0x461758 ImageList_DragShowNolock
0x46175c ImageList_SetDragCursorImage
0x461760 ImageList_DragMove
0x461764 ImageList_DragLeave
0x461768 ImageList_DragEnter
0x46176c ImageList_EndDrag
0x461770 ImageList_BeginDrag
0x461774 ImageList_Remove
0x461778 ImageList_DrawEx
0x46177c ImageList_Draw
0x461780 ImageList_GetBkColor
0x461784 ImageList_SetBkColor
0x461788 ImageList_ReplaceIcon
0x46178c ImageList_Add
0x461790 ImageList_SetImageCount
0x461794 ImageList_GetImageCount
0x461798 ImageList_Destroy
0x46179c ImageList_Create
comdlg32.dll
0x4617a4 GetSaveFileNameA
0x4617a8 GetOpenFileNameA
EAT(Export Address Table) is none
kernel32.dll
0x461154 DeleteCriticalSection
0x461158 LeaveCriticalSection
0x46115c EnterCriticalSection
0x461160 InitializeCriticalSection
0x461164 VirtualFree
0x461168 VirtualAlloc
0x46116c LocalFree
0x461170 LocalAlloc
0x461174 GetVersion
0x461178 GetCurrentThreadId
0x46117c InterlockedDecrement
0x461180 InterlockedIncrement
0x461184 VirtualQuery
0x461188 WideCharToMultiByte
0x46118c MultiByteToWideChar
0x461190 lstrlenA
0x461194 lstrcpynA
0x461198 LoadLibraryExA
0x46119c GetThreadLocale
0x4611a0 GetStartupInfoA
0x4611a4 GetProcAddress
0x4611a8 GetModuleHandleA
0x4611ac GetModuleFileNameA
0x4611b0 GetLocaleInfoA
0x4611b4 GetCommandLineA
0x4611b8 FreeLibrary
0x4611bc FindFirstFileA
0x4611c0 FindClose
0x4611c4 ExitProcess
0x4611c8 WriteFile
0x4611cc UnhandledExceptionFilter
0x4611d0 RtlUnwind
0x4611d4 RaiseException
0x4611d8 GetStdHandle
user32.dll
0x4611e0 GetKeyboardType
0x4611e4 LoadStringA
0x4611e8 MessageBoxA
0x4611ec CharNextA
advapi32.dll
0x4611f4 RegQueryValueExA
0x4611f8 RegOpenKeyExA
0x4611fc RegCloseKey
oleaut32.dll
0x461204 SysFreeString
0x461208 SysReAllocStringLen
0x46120c SysAllocStringLen
kernel32.dll
0x461214 TlsSetValue
0x461218 TlsGetValue
0x46121c LocalAlloc
0x461220 GetModuleHandleA
advapi32.dll
0x461228 RegQueryValueExA
0x46122c RegOpenKeyExA
0x461230 RegCloseKey
kernel32.dll
0x461238 lstrcpyA
0x46123c lstrcmpiA
0x461240 WriteFile
0x461244 WaitForSingleObject
0x461248 VirtualQuery
0x46124c VirtualProtect
0x461250 VirtualAlloc
0x461254 Sleep
0x461258 SizeofResource
0x46125c SetThreadLocale
0x461260 SetFilePointer
0x461264 SetEvent
0x461268 SetErrorMode
0x46126c SetEndOfFile
0x461270 ResetEvent
0x461274 ReadFile
0x461278 MultiByteToWideChar
0x46127c MulDiv
0x461280 LockResource
0x461284 LoadResource
0x461288 LoadLibraryA
0x46128c LeaveCriticalSection
0x461290 InitializeCriticalSection
0x461294 GlobalUnlock
0x461298 GlobalSize
0x46129c GlobalReAlloc
0x4612a0 GlobalHandle
0x4612a4 GlobalLock
0x4612a8 GlobalFree
0x4612ac GlobalFindAtomA
0x4612b0 GlobalDeleteAtom
0x4612b4 GlobalAlloc
0x4612b8 GlobalAddAtomA
0x4612bc GetVersionExA
0x4612c0 GetVersion
0x4612c4 GetUserDefaultLCID
0x4612c8 GetTickCount
0x4612cc GetThreadLocale
0x4612d0 GetSystemInfo
0x4612d4 GetStringTypeExA
0x4612d8 GetStdHandle
0x4612dc GetProcAddress
0x4612e0 GetModuleHandleA
0x4612e4 GetModuleFileNameA
0x4612e8 GetLocaleInfoA
0x4612ec GetLocalTime
0x4612f0 GetLastError
0x4612f4 GetFullPathNameA
0x4612f8 GetDiskFreeSpaceA
0x4612fc GetDateFormatA
0x461300 GetCurrentThreadId
0x461304 GetCurrentProcessId
0x461308 GetCPInfo
0x46130c GetACP
0x461310 FreeResource
0x461314 InterlockedExchange
0x461318 FreeLibrary
0x46131c FormatMessageA
0x461320 FindResourceA
0x461324 EnumCalendarInfoA
0x461328 EnterCriticalSection
0x46132c DeleteCriticalSection
0x461330 CreateThread
0x461334 CreateFileA
0x461338 CreateEventA
0x46133c CompareStringA
0x461340 CloseHandle
version.dll
0x461348 VerQueryValueA
0x46134c GetFileVersionInfoSizeA
0x461350 GetFileVersionInfoA
gdi32.dll
0x461358 UnrealizeObject
0x46135c StretchBlt
0x461360 SetWindowOrgEx
0x461364 SetWinMetaFileBits
0x461368 SetViewportOrgEx
0x46136c SetTextColor
0x461370 SetStretchBltMode
0x461374 SetROP2
0x461378 SetPixel
0x46137c SetEnhMetaFileBits
0x461380 SetDIBColorTable
0x461384 SetBrushOrgEx
0x461388 SetBkMode
0x46138c SetBkColor
0x461390 SelectPalette
0x461394 SelectObject
0x461398 SaveDC
0x46139c RestoreDC
0x4613a0 RectVisible
0x4613a4 RealizePalette
0x4613a8 Polyline
0x4613ac PlayEnhMetaFile
0x4613b0 PatBlt
0x4613b4 MoveToEx
0x4613b8 MaskBlt
0x4613bc LineTo
0x4613c0 IntersectClipRect
0x4613c4 GetWindowOrgEx
0x4613c8 GetWinMetaFileBits
0x4613cc GetTextMetricsA
0x4613d0 GetTextExtentPoint32A
0x4613d4 GetSystemPaletteEntries
0x4613d8 GetStockObject
0x4613dc GetPixel
0x4613e0 GetPaletteEntries
0x4613e4 GetObjectA
0x4613e8 GetEnhMetaFilePaletteEntries
0x4613ec GetEnhMetaFileHeader
0x4613f0 GetEnhMetaFileDescriptionA
0x4613f4 GetEnhMetaFileBits
0x4613f8 GetDeviceCaps
0x4613fc GetDIBits
0x461400 GetDIBColorTable
0x461404 GetDCOrgEx
0x461408 GetCurrentPositionEx
0x46140c GetClipBox
0x461410 GetBrushOrgEx
0x461414 GetBitmapBits
0x461418 ExcludeClipRect
0x46141c DeleteObject
0x461420 DeleteEnhMetaFile
0x461424 DeleteDC
0x461428 CreateSolidBrush
0x46142c CreatePenIndirect
0x461430 CreatePalette
0x461434 CreateHalftonePalette
0x461438 CreateFontIndirectA
0x46143c CreateEnhMetaFileA
0x461440 CreateDIBitmap
0x461444 CreateDIBSection
0x461448 CreateCompatibleDC
0x46144c CreateCompatibleBitmap
0x461450 CreateBrushIndirect
0x461454 CreateBitmap
0x461458 CopyEnhMetaFileA
0x46145c CloseEnhMetaFile
0x461460 BitBlt
user32.dll
0x461468 CreateWindowExA
0x46146c WindowFromPoint
0x461470 WinHelpA
0x461474 WaitMessage
0x461478 UpdateWindow
0x46147c UnregisterClassA
0x461480 UnhookWindowsHookEx
0x461484 TranslateMessage
0x461488 TranslateMDISysAccel
0x46148c TrackPopupMenu
0x461490 SystemParametersInfoA
0x461494 ShowWindow
0x461498 ShowScrollBar
0x46149c ShowOwnedPopups
0x4614a0 ShowCursor
0x4614a4 SetWindowsHookExA
0x4614a8 SetWindowPos
0x4614ac SetWindowPlacement
0x4614b0 SetWindowLongA
0x4614b4 SetTimer
0x4614b8 SetScrollRange
0x4614bc SetScrollPos
0x4614c0 SetScrollInfo
0x4614c4 SetRect
0x4614c8 SetPropA
0x4614cc SetParent
0x4614d0 SetMenuItemInfoA
0x4614d4 SetMenu
0x4614d8 SetForegroundWindow
0x4614dc SetFocus
0x4614e0 SetCursor
0x4614e4 SetClassLongA
0x4614e8 SetCapture
0x4614ec SetActiveWindow
0x4614f0 SendMessageA
0x4614f4 ScrollWindow
0x4614f8 ScreenToClient
0x4614fc RemovePropA
0x461500 RemoveMenu
0x461504 ReleaseDC
0x461508 ReleaseCapture
0x46150c RegisterWindowMessageA
0x461510 RegisterClipboardFormatA
0x461514 RegisterClassA
0x461518 RedrawWindow
0x46151c PtInRect
0x461520 PostQuitMessage
0x461524 PostMessageA
0x461528 PeekMessageA
0x46152c OffsetRect
0x461530 OemToCharA
0x461534 MessageBoxA
0x461538 MapWindowPoints
0x46153c MapVirtualKeyA
0x461540 LoadStringA
0x461544 LoadKeyboardLayoutA
0x461548 LoadIconA
0x46154c LoadCursorA
0x461550 LoadBitmapA
0x461554 KillTimer
0x461558 IsZoomed
0x46155c IsWindowVisible
0x461560 IsWindowEnabled
0x461564 IsWindow
0x461568 IsRectEmpty
0x46156c IsIconic
0x461570 IsDialogMessageA
0x461574 IsChild
0x461578 InvalidateRect
0x46157c IntersectRect
0x461580 InsertMenuItemA
0x461584 InsertMenuA
0x461588 InflateRect
0x46158c GetWindowThreadProcessId
0x461590 GetWindowTextA
0x461594 GetWindowRect
0x461598 GetWindowPlacement
0x46159c GetWindowLongA
0x4615a0 GetWindowDC
0x4615a4 GetTopWindow
0x4615a8 GetSystemMetrics
0x4615ac GetSystemMenu
0x4615b0 GetSysColorBrush
0x4615b4 GetSysColor
0x4615b8 GetSubMenu
0x4615bc GetScrollRange
0x4615c0 GetScrollPos
0x4615c4 GetScrollInfo
0x4615c8 GetPropA
0x4615cc GetParent
0x4615d0 GetWindow
0x4615d4 GetMessageTime
0x4615d8 GetMenuStringA
0x4615dc GetMenuState
0x4615e0 GetMenuItemInfoA
0x4615e4 GetMenuItemID
0x4615e8 GetMenuItemCount
0x4615ec GetMenu
0x4615f0 GetLastActivePopup
0x4615f4 GetKeyboardState
0x4615f8 GetKeyboardLayoutList
0x4615fc GetKeyboardLayout
0x461600 GetKeyState
0x461604 GetKeyNameTextA
0x461608 GetIconInfo
0x46160c GetForegroundWindow
0x461610 GetFocus
0x461614 GetDlgItem
0x461618 GetDesktopWindow
0x46161c GetDCEx
0x461620 GetDC
0x461624 GetCursorPos
0x461628 GetCursor
0x46162c GetClipboardData
0x461630 GetClientRect
0x461634 GetClassNameA
0x461638 GetClassInfoA
0x46163c GetCapture
0x461640 GetActiveWindow
0x461644 FrameRect
0x461648 FindWindowA
0x46164c FillRect
0x461650 EqualRect
0x461654 EnumWindows
0x461658 EnumThreadWindows
0x46165c EndPaint
0x461660 EnableWindow
0x461664 EnableScrollBar
0x461668 EnableMenuItem
0x46166c DrawTextA
0x461670 DrawMenuBar
0x461674 DrawIconEx
0x461678 DrawIcon
0x46167c DrawFrameControl
0x461680 DrawEdge
0x461684 DispatchMessageA
0x461688 DestroyWindow
0x46168c DestroyMenu
0x461690 DestroyIcon
0x461694 DestroyCursor
0x461698 DeleteMenu
0x46169c DefWindowProcA
0x4616a0 DefMDIChildProcA
0x4616a4 DefFrameProcA
0x4616a8 CreatePopupMenu
0x4616ac CreateMenu
0x4616b0 CreateIcon
0x4616b4 ClientToScreen
0x4616b8 CheckMenuItem
0x4616bc CallWindowProcA
0x4616c0 CallNextHookEx
0x4616c4 BeginPaint
0x4616c8 CharNextA
0x4616cc CharLowerBuffA
0x4616d0 CharLowerA
0x4616d4 CharToOemA
0x4616d8 AdjustWindowRectEx
0x4616dc ActivateKeyboardLayout
kernel32.dll
0x4616e4 Sleep
oleaut32.dll
0x4616ec SafeArrayPtrOfIndex
0x4616f0 SafeArrayGetUBound
0x4616f4 SafeArrayGetLBound
0x4616f8 SafeArrayCreate
0x4616fc VariantChangeType
0x461700 VariantCopy
0x461704 VariantClear
0x461708 VariantInit
ole32.dll
0x461710 CreateStreamOnHGlobal
0x461714 IsAccelerator
0x461718 OleDraw
0x46171c OleSetMenuDescriptor
0x461720 CoCreateInstance
0x461724 CoGetClassObject
0x461728 CoUninitialize
0x46172c CoInitialize
0x461730 IsEqualGUID
oleaut32.dll
0x461738 GetErrorInfo
0x46173c SysFreeString
comctl32.dll
0x461744 ImageList_SetIconSize
0x461748 ImageList_GetIconSize
0x46174c ImageList_Write
0x461750 ImageList_Read
0x461754 ImageList_GetDragImage
0x461758 ImageList_DragShowNolock
0x46175c ImageList_SetDragCursorImage
0x461760 ImageList_DragMove
0x461764 ImageList_DragLeave
0x461768 ImageList_DragEnter
0x46176c ImageList_EndDrag
0x461770 ImageList_BeginDrag
0x461774 ImageList_Remove
0x461778 ImageList_DrawEx
0x46177c ImageList_Draw
0x461780 ImageList_GetBkColor
0x461784 ImageList_SetBkColor
0x461788 ImageList_ReplaceIcon
0x46178c ImageList_Add
0x461790 ImageList_SetImageCount
0x461794 ImageList_GetImageCount
0x461798 ImageList_Destroy
0x46179c ImageList_Create
comdlg32.dll
0x4617a4 GetSaveFileNameA
0x4617a8 GetOpenFileNameA
EAT(Export Address Table) is none