ScreenShot
| Created | 2021.06.25 09:53 | Machine | s1_win7_x6402 |
| Filename | Zeus_online_21060801.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (Johnnie, Artemis, Unsafe, Wacapew, malicious, OJGB, Attribute, HighConfidence, yaoyw@0, ai score=87, R002H09FJ21, PossibleThreat, ZexaF, AxX@amuh9Mkj, confidence) | ||
| md5 | 6fbc0679860048dd6641e4230e0d4656 | ||
| sha256 | 0ed0c776fd482bbce2989268f0ea7e54c94a56c843a261a9241e1d761224ba17 | ||
| ssdeep | 98304:yZKBppPzUOMTmTNaLhehqeR7Nr1HB/KJNNNbEl:yZKB3PemXZHB/KvEl | ||
| imphash | 6abe8a070b485e1057105b1c5eedc232 | ||
| impfuzzy | 192:QxW9aWl9F3cBasWIT2arW/l2lxn9VJNnFiE6h:QKv3cBastT/n9VJNncE6h | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x5fc134 GetFileInformationByHandle
0x5fc138 GetDriveTypeW
0x5fc13c GetModuleHandleExW
0x5fc140 ExitThread
0x5fc144 RtlUnwind
0x5fc148 UnregisterWaitEx
0x5fc14c QueryDepthSList
0x5fc150 InterlockedFlushSList
0x5fc154 InterlockedPushEntrySList
0x5fc158 InterlockedPopEntrySList
0x5fc15c VirtualProtect
0x5fc160 LoadLibraryExW
0x5fc164 FreeLibraryAndExitThread
0x5fc168 GetThreadTimes
0x5fc16c UnregisterWait
0x5fc170 RegisterWaitForSingleObject
0x5fc174 SetThreadAffinityMask
0x5fc178 GetNumaHighestNodeNumber
0x5fc17c DeleteTimerQueueTimer
0x5fc180 ChangeTimerQueueTimer
0x5fc184 CreateTimerQueueTimer
0x5fc188 GetLogicalProcessorInformation
0x5fc18c GetThreadPriority
0x5fc190 SetThreadPriority
0x5fc194 CreateThread
0x5fc198 SignalObjectAndWait
0x5fc19c CreateTimerQueue
0x5fc1a0 GetSystemTime
0x5fc1a4 LoadLibraryA
0x5fc1a8 FlushConsoleInputBuffer
0x5fc1ac FormatMessageA
0x5fc1b0 PeekNamedPipe
0x5fc1b4 GetStdHandle
0x5fc1b8 ExpandEnvironmentStringsA
0x5fc1bc VerifyVersionInfoW
0x5fc1c0 VerSetConditionMask
0x5fc1c4 SleepEx
0x5fc1c8 GetModuleHandleA
0x5fc1cc GetSystemDirectoryW
0x5fc1d0 SetEndOfFile
0x5fc1d4 WaitForMultipleObjects
0x5fc1d8 FreeLibrary
0x5fc1dc CreateSemaphoreW
0x5fc1e0 WaitForSingleObject
0x5fc1e4 ReleaseSemaphore
0x5fc1e8 InitializeCriticalSection
0x5fc1ec FileTimeToLocalFileTime
0x5fc1f0 FileTimeToDosDateTime
0x5fc1f4 VirtualFree
0x5fc1f8 VirtualAlloc
0x5fc1fc HeapReAlloc
0x5fc200 GlobalMemoryStatus
0x5fc204 GetSystemInfo
0x5fc208 LocalFileTimeToFileTime
0x5fc20c GetVersionExW
0x5fc210 FindNextFileW
0x5fc214 FindFirstFileW
0x5fc218 FindClose
0x5fc21c ReadConsoleW
0x5fc220 GetDateFormatW
0x5fc224 GetTimeFormatW
0x5fc228 HeapSize
0x5fc22c IsValidLocale
0x5fc230 GetUserDefaultLCID
0x5fc234 EnumSystemLocalesW
0x5fc238 GetTimeZoneInformation
0x5fc23c FindFirstFileExW
0x5fc240 IsValidCodePage
0x5fc244 GetOEMCP
0x5fc248 GetCommandLineA
0x5fc24c GetCommandLineW
0x5fc250 GetEnvironmentStringsW
0x5fc254 GlobalLock
0x5fc258 GlobalUnlock
0x5fc25c GlobalAlloc
0x5fc260 InitializeCriticalSectionAndSpinCount
0x5fc264 GetLocalTime
0x5fc268 SystemTimeToFileTime
0x5fc26c DosDateTimeToFileTime
0x5fc270 GetCurrentProcess
0x5fc274 DuplicateHandle
0x5fc278 WriteFile
0x5fc27c SetFileTime
0x5fc280 GetFileType
0x5fc284 FileTimeToSystemTime
0x5fc288 GetFileSize
0x5fc28c CreateFileW
0x5fc290 FreeResource
0x5fc294 ExitProcess
0x5fc298 LoadLibraryW
0x5fc29c GetProcAddress
0x5fc2a0 GetModuleHandleW
0x5fc2a4 GetTickCount
0x5fc2a8 GetCurrentDirectoryW
0x5fc2ac GetACP
0x5fc2b0 MoveFileW
0x5fc2b4 lstrlenW
0x5fc2b8 SetFilePointerEx
0x5fc2bc HeapFree
0x5fc2c0 HeapAlloc
0x5fc2c4 HeapDestroy
0x5fc2c8 ReadFile
0x5fc2cc SetFileAttributesW
0x5fc2d0 MoveFileExW
0x5fc2d4 GetFileAttributesW
0x5fc2d8 LocalFree
0x5fc2dc OutputDebugStringW
0x5fc2e0 InitializeSListHead
0x5fc2e4 GetCurrentProcessId
0x5fc2e8 GetStartupInfoW
0x5fc2ec IsDebuggerPresent
0x5fc2f0 IsProcessorFeaturePresent
0x5fc2f4 SetFilePointer
0x5fc2f8 GetFileSizeEx
0x5fc2fc CreateFileA
0x5fc300 WinExec
0x5fc304 TerminateProcess
0x5fc308 SetUnhandledExceptionFilter
0x5fc30c UnhandledExceptionFilter
0x5fc310 ResetEvent
0x5fc314 SetEvent
0x5fc318 Sleep
0x5fc31c CreateProcessA
0x5fc320 GetModuleFileNameA
0x5fc324 CreateDirectoryW
0x5fc328 GetCPInfo
0x5fc32c GetLocaleInfoW
0x5fc330 LCMapStringW
0x5fc334 CompareStringW
0x5fc338 QueryPerformanceFrequency
0x5fc33c FreeEnvironmentStringsW
0x5fc340 QueryPerformanceCounter
0x5fc344 GetSystemTimeAsFileTime
0x5fc348 TlsFree
0x5fc34c TlsSetValue
0x5fc350 CloseHandle
0x5fc354 DecodePointer
0x5fc358 FindResourceExW
0x5fc35c FindResourceW
0x5fc360 SizeofResource
0x5fc364 LockResource
0x5fc368 LoadResource
0x5fc36c DeleteCriticalSection
0x5fc370 InitializeCriticalSectionEx
0x5fc374 GetLastError
0x5fc378 RaiseException
0x5fc37c WideCharToMultiByte
0x5fc380 MultiByteToWideChar
0x5fc384 GetModuleFileNameW
0x5fc388 GetProcessHeap
0x5fc38c TlsGetValue
0x5fc390 TlsAlloc
0x5fc394 CreateEventW
0x5fc398 SetLastError
0x5fc39c EncodePointer
0x5fc3a0 WriteConsoleW
0x5fc3a4 GetStringTypeW
0x5fc3a8 ReadConsoleInputW
0x5fc3ac SetConsoleMode
0x5fc3b0 GetFileAttributesExW
0x5fc3b4 TryEnterCriticalSection
0x5fc3b8 LeaveCriticalSection
0x5fc3bc EnterCriticalSection
0x5fc3c0 GetCurrentThreadId
0x5fc3c4 GetCurrentThread
0x5fc3c8 SwitchToThread
0x5fc3cc WaitForSingleObjectEx
0x5fc3d0 FormatMessageW
0x5fc3d4 SystemTimeToTzSpecificLocalTime
0x5fc3d8 SetConsoleCtrlHandler
0x5fc3dc GetConsoleCP
0x5fc3e0 FlushFileBuffers
0x5fc3e4 MulDiv
0x5fc3e8 GetConsoleMode
0x5fc3ec GetTempPathW
0x5fc3f0 GetProcessAffinityMask
0x5fc3f4 DeleteFileW
0x5fc3f8 SetEnvironmentVariableW
0x5fc3fc SetStdHandle
0x5fc400 GetFullPathNameW
USER32.dll
0x5fc450 SetCapture
0x5fc454 ReleaseCapture
0x5fc458 SetTimer
0x5fc45c KillTimer
0x5fc460 GetDC
0x5fc464 ReleaseDC
0x5fc468 BeginPaint
0x5fc46c EndPaint
0x5fc470 GetUpdateRect
0x5fc474 InvalidateRect
0x5fc478 GetClientRect
0x5fc47c GetWindowRect
0x5fc480 GetCursorPos
0x5fc484 IsIconic
0x5fc488 MapWindowPoints
0x5fc48c IntersectRect
0x5fc490 IsRectEmpty
0x5fc494 PtInRect
0x5fc498 GetWindowLongW
0x5fc49c GetKeyState
0x5fc4a0 GetFocus
0x5fc4a4 GetActiveWindow
0x5fc4a8 SetWindowLongW
0x5fc4ac CharUpperW
0x5fc4b0 CharPrevExA
0x5fc4b4 GetProcessWindowStation
0x5fc4b8 GetUserObjectInformationW
0x5fc4bc MessageBoxA
0x5fc4c0 IsWindowVisible
0x5fc4c4 SetWindowPos
0x5fc4c8 DestroyWindow
0x5fc4cc IsWindow
0x5fc4d0 CreateWindowExW
0x5fc4d4 PostMessageW
0x5fc4d8 SendMessageW
0x5fc4dc DispatchMessageW
0x5fc4e0 SetFocus
0x5fc4e4 TranslateMessage
0x5fc4e8 GetMessageW
0x5fc4ec LoadCursorW
0x5fc4f0 OffsetRect
0x5fc4f4 UnionRect
0x5fc4f8 GetParent
0x5fc4fc GetWindow
0x5fc500 IsZoomed
0x5fc504 CharNextW
0x5fc508 SetCursor
0x5fc50c wvsprintfW
0x5fc510 PostQuitMessage
0x5fc514 wsprintfW
0x5fc518 ScreenToClient
0x5fc51c SetWindowRgn
0x5fc520 GetGUIThreadInfo
0x5fc524 InvalidateRgn
0x5fc528 CreateAcceleratorTableW
0x5fc52c MoveWindow
0x5fc530 GetWindowTextLengthW
0x5fc534 GetWindowTextW
0x5fc538 SetWindowTextW
0x5fc53c GetSysColor
0x5fc540 ClientToScreen
0x5fc544 GetCaretPos
0x5fc548 SetCaretPos
0x5fc54c ShowCaret
0x5fc550 HideCaret
0x5fc554 GetCaretBlinkTime
0x5fc558 CreateCaret
0x5fc55c SetRect
0x5fc560 FillRect
0x5fc564 DrawTextW
0x5fc568 CharPrevW
0x5fc56c GetPropW
0x5fc570 SetPropW
0x5fc574 EnableWindow
0x5fc578 ShowWindow
0x5fc57c GetClassInfoExW
0x5fc580 RegisterClassExW
0x5fc584 RegisterClassW
0x5fc588 CallWindowProcW
0x5fc58c DefWindowProcW
0x5fc590 GetMonitorInfoW
0x5fc594 MonitorFromWindow
0x5fc598 MessageBoxW
GDI32.dll
0x5fc07c CreatePatternBrush
0x5fc080 GetObjectA
0x5fc084 GetDeviceCaps
0x5fc088 GdiFlush
0x5fc08c ExtTextOutW
0x5fc090 TextOutW
0x5fc094 MoveToEx
0x5fc098 CreateDIBSection
0x5fc09c SetTextColor
0x5fc0a0 SetStretchBltMode
0x5fc0a4 StretchBlt
0x5fc0a8 SetBkMode
0x5fc0ac SetBkColor
0x5fc0b0 ExtSelectClipRgn
0x5fc0b4 SelectClipRgn
0x5fc0b8 RoundRect
0x5fc0bc LineTo
0x5fc0c0 GetTextExtentPoint32W
0x5fc0c4 GetClipBox
0x5fc0c8 GetCharABCWidthsW
0x5fc0cc CreateSolidBrush
0x5fc0d0 CreateRectRgnIndirect
0x5fc0d4 CreatePenIndirect
0x5fc0d8 CombineRgn
0x5fc0dc CreateRoundRectRgn
0x5fc0e0 SetWindowOrgEx
0x5fc0e4 GetObjectW
0x5fc0e8 GetTextMetricsW
0x5fc0ec SelectObject
0x5fc0f0 SaveDC
0x5fc0f4 RestoreDC
0x5fc0f8 Rectangle
0x5fc0fc GetStockObject
0x5fc100 DeleteObject
0x5fc104 DeleteDC
0x5fc108 CreatePen
0x5fc10c CreateCompatibleDC
0x5fc110 CreateCompatibleBitmap
0x5fc114 BitBlt
0x5fc118 CreateFontIndirectW
ADVAPI32.dll
0x5fc000 CryptGetUserKey
0x5fc004 RegCloseKey
0x5fc008 DeregisterEventSource
0x5fc00c RegisterEventSourceA
0x5fc010 ReportEventA
0x5fc014 CryptAcquireContextA
0x5fc018 CryptReleaseContext
0x5fc01c CryptDestroyKey
0x5fc020 CryptSetHashParam
0x5fc024 CryptGetProvParam
0x5fc028 RegCreateKeyExW
0x5fc02c CryptExportKey
0x5fc030 CryptDecrypt
0x5fc034 CryptCreateHash
0x5fc038 CryptDestroyHash
0x5fc03c CryptSignHashA
0x5fc040 CryptEnumProvidersA
0x5fc044 RegSetValueExW
SHELL32.dll
0x5fc424 SHCreateItemFromParsingName
0x5fc428 SHGetPathFromIDListW
0x5fc42c SHGetSpecialFolderLocation
0x5fc430 ShellExecuteA
0x5fc434 SHBrowseForFolderW
0x5fc438 SHCreateDirectoryExW
0x5fc43c SHFileOperationW
ole32.dll
0x5fc718 CreateStreamOnHGlobal
0x5fc71c OleLockRunning
0x5fc720 CLSIDFromProgID
0x5fc724 CoTaskMemFree
0x5fc728 CoUninitialize
0x5fc72c CoInitialize
0x5fc730 CoCreateInstance
0x5fc734 CLSIDFromString
OLEAUT32.dll
0x5fc408 SysAllocStringLen
0x5fc40c VariantCopy
0x5fc410 SysAllocString
0x5fc414 SysFreeString
0x5fc418 VariantInit
0x5fc41c VariantClear
gdiplus.dll
0x5fc668 GdipAlloc
0x5fc66c GdipSetTextRenderingHint
0x5fc670 GdipFree
0x5fc674 GdipGetPropertyItem
0x5fc678 GdipGetPropertyItemSize
0x5fc67c GdipImageSelectActiveFrame
0x5fc680 GdipImageGetFrameDimensionsList
0x5fc684 GdipImageGetFrameDimensionsCount
0x5fc688 GdipGetImageHeight
0x5fc68c GdipGetImageWidth
0x5fc690 GdipLoadImageFromStreamICM
0x5fc694 GdipLoadImageFromStream
0x5fc698 GdipSetStringFormatLineAlign
0x5fc69c GdipSetStringFormatAlign
0x5fc6a0 GdipDeleteStringFormat
0x5fc6a4 GdipCreateStringFormat
0x5fc6a8 GdipDrawString
0x5fc6ac GdipGetFamily
0x5fc6b0 GdipDeleteFont
0x5fc6b4 GdipCreateFontFromLogfontA
0x5fc6b8 GdipCreateFontFromDC
0x5fc6bc GdipDeleteFontFamily
0x5fc6c0 GdipDrawImageRectI
0x5fc6c4 GdipDrawImage
0x5fc6c8 GdipGraphicsClear
0x5fc6cc GdipSetInterpolationMode
0x5fc6d0 GdipImageGetFrameCount
0x5fc6d4 GdipSetPixelOffsetMode
0x5fc6d8 GdipSetSmoothingMode
0x5fc6dc GdipSetCompositingQuality
0x5fc6e0 GdipDeleteGraphics
0x5fc6e4 GdipCreateFromHDC
0x5fc6e8 GdipCreateBitmapFromScan0
0x5fc6ec GdipGetImageGraphicsContext
0x5fc6f0 GdipDisposeImage
0x5fc6f4 GdipCloneImage
0x5fc6f8 GdipCreateLineBrushI
0x5fc6fc GdipDeleteBrush
0x5fc700 GdipCloneBrush
0x5fc704 GdiplusShutdown
0x5fc708 GdiplusStartup
SHLWAPI.dll
0x5fc444 SHCreateStreamOnFileEx
0x5fc448 PathFileExistsW
WS2_32.dll
0x5fc5e8 WSAStartup
0x5fc5ec WSACleanup
0x5fc5f0 __WSAFDIsSet
0x5fc5f4 WSAIoctl
0x5fc5f8 WSASetLastError
0x5fc5fc setsockopt
0x5fc600 ntohs
0x5fc604 htons
0x5fc608 getsockopt
0x5fc60c getsockname
0x5fc610 getpeername
0x5fc614 connect
0x5fc618 ind
0x5fc61c recv
0x5fc620 socket
0x5fc624 WSAGetLastError
0x5fc628 send
0x5fc62c closesocket
0x5fc630 getservbyname
0x5fc634 shutdown
0x5fc638 gethostbyname
0x5fc63c select
0x5fc640 gethostname
0x5fc644 ioctlsocket
0x5fc648 sendto
0x5fc64c recvfrom
0x5fc650 freeaddrinfo
0x5fc654 getaddrinfo
0x5fc658 listen
0x5fc65c htonl
0x5fc660 accept
WLDAP32.dll
0x5fc5a0 None
0x5fc5a4 None
0x5fc5a8 None
0x5fc5ac None
0x5fc5b0 None
0x5fc5b4 None
0x5fc5b8 None
0x5fc5bc None
0x5fc5c0 None
0x5fc5c4 None
0x5fc5c8 None
0x5fc5cc None
0x5fc5d0 None
0x5fc5d4 None
0x5fc5d8 None
0x5fc5dc None
0x5fc5e0 None
imagehlp.dll
0x5fc710 MakeSureDirectoryPathExists
COMCTL32.dll
0x5fc04c InitCommonControlsEx
0x5fc050 _TrackMouseEvent
0x5fc054 None
IMM32.dll
0x5fc120 ImmSetCompositionWindow
0x5fc124 ImmSetCompositionFontW
0x5fc128 ImmReleaseContext
0x5fc12c ImmGetContext
CRYPT32.dll
0x5fc05c CertGetCertificateContextProperty
0x5fc060 CertOpenStore
0x5fc064 CertCloseStore
0x5fc068 CertEnumCertificatesInStore
0x5fc06c CertFindCertificateInStore
0x5fc070 CertDuplicateCertificateContext
0x5fc074 CertFreeCertificateContext
EAT(Export Address Table) is none
KERNEL32.dll
0x5fc134 GetFileInformationByHandle
0x5fc138 GetDriveTypeW
0x5fc13c GetModuleHandleExW
0x5fc140 ExitThread
0x5fc144 RtlUnwind
0x5fc148 UnregisterWaitEx
0x5fc14c QueryDepthSList
0x5fc150 InterlockedFlushSList
0x5fc154 InterlockedPushEntrySList
0x5fc158 InterlockedPopEntrySList
0x5fc15c VirtualProtect
0x5fc160 LoadLibraryExW
0x5fc164 FreeLibraryAndExitThread
0x5fc168 GetThreadTimes
0x5fc16c UnregisterWait
0x5fc170 RegisterWaitForSingleObject
0x5fc174 SetThreadAffinityMask
0x5fc178 GetNumaHighestNodeNumber
0x5fc17c DeleteTimerQueueTimer
0x5fc180 ChangeTimerQueueTimer
0x5fc184 CreateTimerQueueTimer
0x5fc188 GetLogicalProcessorInformation
0x5fc18c GetThreadPriority
0x5fc190 SetThreadPriority
0x5fc194 CreateThread
0x5fc198 SignalObjectAndWait
0x5fc19c CreateTimerQueue
0x5fc1a0 GetSystemTime
0x5fc1a4 LoadLibraryA
0x5fc1a8 FlushConsoleInputBuffer
0x5fc1ac FormatMessageA
0x5fc1b0 PeekNamedPipe
0x5fc1b4 GetStdHandle
0x5fc1b8 ExpandEnvironmentStringsA
0x5fc1bc VerifyVersionInfoW
0x5fc1c0 VerSetConditionMask
0x5fc1c4 SleepEx
0x5fc1c8 GetModuleHandleA
0x5fc1cc GetSystemDirectoryW
0x5fc1d0 SetEndOfFile
0x5fc1d4 WaitForMultipleObjects
0x5fc1d8 FreeLibrary
0x5fc1dc CreateSemaphoreW
0x5fc1e0 WaitForSingleObject
0x5fc1e4 ReleaseSemaphore
0x5fc1e8 InitializeCriticalSection
0x5fc1ec FileTimeToLocalFileTime
0x5fc1f0 FileTimeToDosDateTime
0x5fc1f4 VirtualFree
0x5fc1f8 VirtualAlloc
0x5fc1fc HeapReAlloc
0x5fc200 GlobalMemoryStatus
0x5fc204 GetSystemInfo
0x5fc208 LocalFileTimeToFileTime
0x5fc20c GetVersionExW
0x5fc210 FindNextFileW
0x5fc214 FindFirstFileW
0x5fc218 FindClose
0x5fc21c ReadConsoleW
0x5fc220 GetDateFormatW
0x5fc224 GetTimeFormatW
0x5fc228 HeapSize
0x5fc22c IsValidLocale
0x5fc230 GetUserDefaultLCID
0x5fc234 EnumSystemLocalesW
0x5fc238 GetTimeZoneInformation
0x5fc23c FindFirstFileExW
0x5fc240 IsValidCodePage
0x5fc244 GetOEMCP
0x5fc248 GetCommandLineA
0x5fc24c GetCommandLineW
0x5fc250 GetEnvironmentStringsW
0x5fc254 GlobalLock
0x5fc258 GlobalUnlock
0x5fc25c GlobalAlloc
0x5fc260 InitializeCriticalSectionAndSpinCount
0x5fc264 GetLocalTime
0x5fc268 SystemTimeToFileTime
0x5fc26c DosDateTimeToFileTime
0x5fc270 GetCurrentProcess
0x5fc274 DuplicateHandle
0x5fc278 WriteFile
0x5fc27c SetFileTime
0x5fc280 GetFileType
0x5fc284 FileTimeToSystemTime
0x5fc288 GetFileSize
0x5fc28c CreateFileW
0x5fc290 FreeResource
0x5fc294 ExitProcess
0x5fc298 LoadLibraryW
0x5fc29c GetProcAddress
0x5fc2a0 GetModuleHandleW
0x5fc2a4 GetTickCount
0x5fc2a8 GetCurrentDirectoryW
0x5fc2ac GetACP
0x5fc2b0 MoveFileW
0x5fc2b4 lstrlenW
0x5fc2b8 SetFilePointerEx
0x5fc2bc HeapFree
0x5fc2c0 HeapAlloc
0x5fc2c4 HeapDestroy
0x5fc2c8 ReadFile
0x5fc2cc SetFileAttributesW
0x5fc2d0 MoveFileExW
0x5fc2d4 GetFileAttributesW
0x5fc2d8 LocalFree
0x5fc2dc OutputDebugStringW
0x5fc2e0 InitializeSListHead
0x5fc2e4 GetCurrentProcessId
0x5fc2e8 GetStartupInfoW
0x5fc2ec IsDebuggerPresent
0x5fc2f0 IsProcessorFeaturePresent
0x5fc2f4 SetFilePointer
0x5fc2f8 GetFileSizeEx
0x5fc2fc CreateFileA
0x5fc300 WinExec
0x5fc304 TerminateProcess
0x5fc308 SetUnhandledExceptionFilter
0x5fc30c UnhandledExceptionFilter
0x5fc310 ResetEvent
0x5fc314 SetEvent
0x5fc318 Sleep
0x5fc31c CreateProcessA
0x5fc320 GetModuleFileNameA
0x5fc324 CreateDirectoryW
0x5fc328 GetCPInfo
0x5fc32c GetLocaleInfoW
0x5fc330 LCMapStringW
0x5fc334 CompareStringW
0x5fc338 QueryPerformanceFrequency
0x5fc33c FreeEnvironmentStringsW
0x5fc340 QueryPerformanceCounter
0x5fc344 GetSystemTimeAsFileTime
0x5fc348 TlsFree
0x5fc34c TlsSetValue
0x5fc350 CloseHandle
0x5fc354 DecodePointer
0x5fc358 FindResourceExW
0x5fc35c FindResourceW
0x5fc360 SizeofResource
0x5fc364 LockResource
0x5fc368 LoadResource
0x5fc36c DeleteCriticalSection
0x5fc370 InitializeCriticalSectionEx
0x5fc374 GetLastError
0x5fc378 RaiseException
0x5fc37c WideCharToMultiByte
0x5fc380 MultiByteToWideChar
0x5fc384 GetModuleFileNameW
0x5fc388 GetProcessHeap
0x5fc38c TlsGetValue
0x5fc390 TlsAlloc
0x5fc394 CreateEventW
0x5fc398 SetLastError
0x5fc39c EncodePointer
0x5fc3a0 WriteConsoleW
0x5fc3a4 GetStringTypeW
0x5fc3a8 ReadConsoleInputW
0x5fc3ac SetConsoleMode
0x5fc3b0 GetFileAttributesExW
0x5fc3b4 TryEnterCriticalSection
0x5fc3b8 LeaveCriticalSection
0x5fc3bc EnterCriticalSection
0x5fc3c0 GetCurrentThreadId
0x5fc3c4 GetCurrentThread
0x5fc3c8 SwitchToThread
0x5fc3cc WaitForSingleObjectEx
0x5fc3d0 FormatMessageW
0x5fc3d4 SystemTimeToTzSpecificLocalTime
0x5fc3d8 SetConsoleCtrlHandler
0x5fc3dc GetConsoleCP
0x5fc3e0 FlushFileBuffers
0x5fc3e4 MulDiv
0x5fc3e8 GetConsoleMode
0x5fc3ec GetTempPathW
0x5fc3f0 GetProcessAffinityMask
0x5fc3f4 DeleteFileW
0x5fc3f8 SetEnvironmentVariableW
0x5fc3fc SetStdHandle
0x5fc400 GetFullPathNameW
USER32.dll
0x5fc450 SetCapture
0x5fc454 ReleaseCapture
0x5fc458 SetTimer
0x5fc45c KillTimer
0x5fc460 GetDC
0x5fc464 ReleaseDC
0x5fc468 BeginPaint
0x5fc46c EndPaint
0x5fc470 GetUpdateRect
0x5fc474 InvalidateRect
0x5fc478 GetClientRect
0x5fc47c GetWindowRect
0x5fc480 GetCursorPos
0x5fc484 IsIconic
0x5fc488 MapWindowPoints
0x5fc48c IntersectRect
0x5fc490 IsRectEmpty
0x5fc494 PtInRect
0x5fc498 GetWindowLongW
0x5fc49c GetKeyState
0x5fc4a0 GetFocus
0x5fc4a4 GetActiveWindow
0x5fc4a8 SetWindowLongW
0x5fc4ac CharUpperW
0x5fc4b0 CharPrevExA
0x5fc4b4 GetProcessWindowStation
0x5fc4b8 GetUserObjectInformationW
0x5fc4bc MessageBoxA
0x5fc4c0 IsWindowVisible
0x5fc4c4 SetWindowPos
0x5fc4c8 DestroyWindow
0x5fc4cc IsWindow
0x5fc4d0 CreateWindowExW
0x5fc4d4 PostMessageW
0x5fc4d8 SendMessageW
0x5fc4dc DispatchMessageW
0x5fc4e0 SetFocus
0x5fc4e4 TranslateMessage
0x5fc4e8 GetMessageW
0x5fc4ec LoadCursorW
0x5fc4f0 OffsetRect
0x5fc4f4 UnionRect
0x5fc4f8 GetParent
0x5fc4fc GetWindow
0x5fc500 IsZoomed
0x5fc504 CharNextW
0x5fc508 SetCursor
0x5fc50c wvsprintfW
0x5fc510 PostQuitMessage
0x5fc514 wsprintfW
0x5fc518 ScreenToClient
0x5fc51c SetWindowRgn
0x5fc520 GetGUIThreadInfo
0x5fc524 InvalidateRgn
0x5fc528 CreateAcceleratorTableW
0x5fc52c MoveWindow
0x5fc530 GetWindowTextLengthW
0x5fc534 GetWindowTextW
0x5fc538 SetWindowTextW
0x5fc53c GetSysColor
0x5fc540 ClientToScreen
0x5fc544 GetCaretPos
0x5fc548 SetCaretPos
0x5fc54c ShowCaret
0x5fc550 HideCaret
0x5fc554 GetCaretBlinkTime
0x5fc558 CreateCaret
0x5fc55c SetRect
0x5fc560 FillRect
0x5fc564 DrawTextW
0x5fc568 CharPrevW
0x5fc56c GetPropW
0x5fc570 SetPropW
0x5fc574 EnableWindow
0x5fc578 ShowWindow
0x5fc57c GetClassInfoExW
0x5fc580 RegisterClassExW
0x5fc584 RegisterClassW
0x5fc588 CallWindowProcW
0x5fc58c DefWindowProcW
0x5fc590 GetMonitorInfoW
0x5fc594 MonitorFromWindow
0x5fc598 MessageBoxW
GDI32.dll
0x5fc07c CreatePatternBrush
0x5fc080 GetObjectA
0x5fc084 GetDeviceCaps
0x5fc088 GdiFlush
0x5fc08c ExtTextOutW
0x5fc090 TextOutW
0x5fc094 MoveToEx
0x5fc098 CreateDIBSection
0x5fc09c SetTextColor
0x5fc0a0 SetStretchBltMode
0x5fc0a4 StretchBlt
0x5fc0a8 SetBkMode
0x5fc0ac SetBkColor
0x5fc0b0 ExtSelectClipRgn
0x5fc0b4 SelectClipRgn
0x5fc0b8 RoundRect
0x5fc0bc LineTo
0x5fc0c0 GetTextExtentPoint32W
0x5fc0c4 GetClipBox
0x5fc0c8 GetCharABCWidthsW
0x5fc0cc CreateSolidBrush
0x5fc0d0 CreateRectRgnIndirect
0x5fc0d4 CreatePenIndirect
0x5fc0d8 CombineRgn
0x5fc0dc CreateRoundRectRgn
0x5fc0e0 SetWindowOrgEx
0x5fc0e4 GetObjectW
0x5fc0e8 GetTextMetricsW
0x5fc0ec SelectObject
0x5fc0f0 SaveDC
0x5fc0f4 RestoreDC
0x5fc0f8 Rectangle
0x5fc0fc GetStockObject
0x5fc100 DeleteObject
0x5fc104 DeleteDC
0x5fc108 CreatePen
0x5fc10c CreateCompatibleDC
0x5fc110 CreateCompatibleBitmap
0x5fc114 BitBlt
0x5fc118 CreateFontIndirectW
ADVAPI32.dll
0x5fc000 CryptGetUserKey
0x5fc004 RegCloseKey
0x5fc008 DeregisterEventSource
0x5fc00c RegisterEventSourceA
0x5fc010 ReportEventA
0x5fc014 CryptAcquireContextA
0x5fc018 CryptReleaseContext
0x5fc01c CryptDestroyKey
0x5fc020 CryptSetHashParam
0x5fc024 CryptGetProvParam
0x5fc028 RegCreateKeyExW
0x5fc02c CryptExportKey
0x5fc030 CryptDecrypt
0x5fc034 CryptCreateHash
0x5fc038 CryptDestroyHash
0x5fc03c CryptSignHashA
0x5fc040 CryptEnumProvidersA
0x5fc044 RegSetValueExW
SHELL32.dll
0x5fc424 SHCreateItemFromParsingName
0x5fc428 SHGetPathFromIDListW
0x5fc42c SHGetSpecialFolderLocation
0x5fc430 ShellExecuteA
0x5fc434 SHBrowseForFolderW
0x5fc438 SHCreateDirectoryExW
0x5fc43c SHFileOperationW
ole32.dll
0x5fc718 CreateStreamOnHGlobal
0x5fc71c OleLockRunning
0x5fc720 CLSIDFromProgID
0x5fc724 CoTaskMemFree
0x5fc728 CoUninitialize
0x5fc72c CoInitialize
0x5fc730 CoCreateInstance
0x5fc734 CLSIDFromString
OLEAUT32.dll
0x5fc408 SysAllocStringLen
0x5fc40c VariantCopy
0x5fc410 SysAllocString
0x5fc414 SysFreeString
0x5fc418 VariantInit
0x5fc41c VariantClear
gdiplus.dll
0x5fc668 GdipAlloc
0x5fc66c GdipSetTextRenderingHint
0x5fc670 GdipFree
0x5fc674 GdipGetPropertyItem
0x5fc678 GdipGetPropertyItemSize
0x5fc67c GdipImageSelectActiveFrame
0x5fc680 GdipImageGetFrameDimensionsList
0x5fc684 GdipImageGetFrameDimensionsCount
0x5fc688 GdipGetImageHeight
0x5fc68c GdipGetImageWidth
0x5fc690 GdipLoadImageFromStreamICM
0x5fc694 GdipLoadImageFromStream
0x5fc698 GdipSetStringFormatLineAlign
0x5fc69c GdipSetStringFormatAlign
0x5fc6a0 GdipDeleteStringFormat
0x5fc6a4 GdipCreateStringFormat
0x5fc6a8 GdipDrawString
0x5fc6ac GdipGetFamily
0x5fc6b0 GdipDeleteFont
0x5fc6b4 GdipCreateFontFromLogfontA
0x5fc6b8 GdipCreateFontFromDC
0x5fc6bc GdipDeleteFontFamily
0x5fc6c0 GdipDrawImageRectI
0x5fc6c4 GdipDrawImage
0x5fc6c8 GdipGraphicsClear
0x5fc6cc GdipSetInterpolationMode
0x5fc6d0 GdipImageGetFrameCount
0x5fc6d4 GdipSetPixelOffsetMode
0x5fc6d8 GdipSetSmoothingMode
0x5fc6dc GdipSetCompositingQuality
0x5fc6e0 GdipDeleteGraphics
0x5fc6e4 GdipCreateFromHDC
0x5fc6e8 GdipCreateBitmapFromScan0
0x5fc6ec GdipGetImageGraphicsContext
0x5fc6f0 GdipDisposeImage
0x5fc6f4 GdipCloneImage
0x5fc6f8 GdipCreateLineBrushI
0x5fc6fc GdipDeleteBrush
0x5fc700 GdipCloneBrush
0x5fc704 GdiplusShutdown
0x5fc708 GdiplusStartup
SHLWAPI.dll
0x5fc444 SHCreateStreamOnFileEx
0x5fc448 PathFileExistsW
WS2_32.dll
0x5fc5e8 WSAStartup
0x5fc5ec WSACleanup
0x5fc5f0 __WSAFDIsSet
0x5fc5f4 WSAIoctl
0x5fc5f8 WSASetLastError
0x5fc5fc setsockopt
0x5fc600 ntohs
0x5fc604 htons
0x5fc608 getsockopt
0x5fc60c getsockname
0x5fc610 getpeername
0x5fc614 connect
0x5fc618 ind
0x5fc61c recv
0x5fc620 socket
0x5fc624 WSAGetLastError
0x5fc628 send
0x5fc62c closesocket
0x5fc630 getservbyname
0x5fc634 shutdown
0x5fc638 gethostbyname
0x5fc63c select
0x5fc640 gethostname
0x5fc644 ioctlsocket
0x5fc648 sendto
0x5fc64c recvfrom
0x5fc650 freeaddrinfo
0x5fc654 getaddrinfo
0x5fc658 listen
0x5fc65c htonl
0x5fc660 accept
WLDAP32.dll
0x5fc5a0 None
0x5fc5a4 None
0x5fc5a8 None
0x5fc5ac None
0x5fc5b0 None
0x5fc5b4 None
0x5fc5b8 None
0x5fc5bc None
0x5fc5c0 None
0x5fc5c4 None
0x5fc5c8 None
0x5fc5cc None
0x5fc5d0 None
0x5fc5d4 None
0x5fc5d8 None
0x5fc5dc None
0x5fc5e0 None
imagehlp.dll
0x5fc710 MakeSureDirectoryPathExists
COMCTL32.dll
0x5fc04c InitCommonControlsEx
0x5fc050 _TrackMouseEvent
0x5fc054 None
IMM32.dll
0x5fc120 ImmSetCompositionWindow
0x5fc124 ImmSetCompositionFontW
0x5fc128 ImmReleaseContext
0x5fc12c ImmGetContext
CRYPT32.dll
0x5fc05c CertGetCertificateContextProperty
0x5fc060 CertOpenStore
0x5fc064 CertCloseStore
0x5fc068 CertEnumCertificatesInStore
0x5fc06c CertFindCertificateInStore
0x5fc070 CertDuplicateCertificateContext
0x5fc074 CertFreeCertificateContext
EAT(Export Address Table) is none