ScreenShot
| Created | 2021.06.25 11:36 | Machine | s1_win7_x6402 |
| Filename | pcad164.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (malicious, high confidence, GenericKD, Krserv, Artemis, JackServn, isojtt, Pbzi, Siggen13, R002C0WFI21, susgen, ihgqr, ASMalwS, Ymacco, score, ZedlaF, 6w4@aCnq@MfO, ai score=80, Generic@ML, RDMK, GE0fi5lPQghf2R32bpExDA, HaqZpU9I2PU) | ||
| md5 | 438e38292895c8ea8dc60ccae621dec2 | ||
| sha256 | 7010be12a111333ab5bff9b8ca3b84e71bea912a84d2f24661541c2cf50596c4 | ||
| ssdeep | 196608:EHGwaO5oVJLLTMzpl/+LMzQ8dBUaPEAJnEnukG0ulw44xdwhwpQPoj7+:NwvKVQzr/+7EU4EMnP0uluwaVG | ||
| imphash | 943f97b894cfed065f279d17bee14a18 | ||
| impfuzzy | 192:PXsbEs62eJTxSDR2xoi0hRh5cRc5M/NPby:Pcr62fXxEBNPby | ||
Network IP location
Signature (42cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| danger | Disables Windows Security features |
| watch | Attempts to modify browser security settings |
| watch | Attempts to stop active services |
| watch | Checks for the presence of known devices from debuggers and forensic tools |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Checks the version of Bios |
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| watch | Detects the presence of Wine emulator |
| watch | Detects VirtualBox through the presence of a registry key |
| watch | Detects VMWare through the in instruction feature |
| watch | Drops a binary and executes it |
| watch | Installs itself for autorun at Windows startup |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Connects to a Dynamic DNS Domain |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Expresses interest in specific running processes |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Suricata ids
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003b178 GetFileAttributesA
0x14003b180 GetLocaleInfoA
0x14003b188 GetCPInfo
0x14003b190 GetOEMCP
0x14003b198 GetCurrentDirectoryA
0x14003b1a0 CompareStringW
0x14003b1a8 GetProcessHeap
0x14003b1b0 WriteConsoleW
0x14003b1b8 GetConsoleOutputCP
0x14003b1c0 WriteConsoleA
0x14003b1c8 InitializeCriticalSectionAndSpinCount
0x14003b1d0 GetDriveTypeA
0x14003b1d8 GetTimeZoneInformation
0x14003b1e0 GetTickCount
0x14003b1e8 QueryPerformanceCounter
0x14003b1f0 HeapCreate
0x14003b1f8 HeapSetInformation
0x14003b200 GetEnvironmentStringsW
0x14003b208 FreeEnvironmentStringsW
0x14003b210 GetEnvironmentStrings
0x14003b218 FreeEnvironmentStringsA
0x14003b220 LCMapStringA
0x14003b228 GetStringTypeW
0x14003b230 GetStringTypeA
0x14003b238 GetStdHandle
0x14003b240 SetHandleCount
0x14003b248 GetFileType
0x14003b250 SetStdHandle
0x14003b258 GetConsoleMode
0x14003b260 GetConsoleCP
0x14003b268 IsValidCodePage
0x14003b270 GetACP
0x14003b278 FlsAlloc
0x14003b280 FlsFree
0x14003b288 FlsSetValue
0x14003b290 FlsGetValue
0x14003b298 DecodePointer
0x14003b2a0 EncodePointer
0x14003b2a8 ExitProcess
0x14003b2b0 HeapSize
0x14003b2b8 HeapQueryInformation
0x14003b2c0 HeapReAlloc
0x14003b2c8 HeapFree
0x14003b2d0 HeapAlloc
0x14003b2d8 GetStartupInfoA
0x14003b2e0 GetCommandLineA
0x14003b2e8 GetSystemTimeAsFileTime
0x14003b2f0 CreateDirectoryA
0x14003b2f8 RtlPcToFileHeader
0x14003b300 RaiseException
0x14003b308 RtlCaptureContext
0x14003b310 RtlVirtualUnwind
0x14003b318 IsDebuggerPresent
0x14003b320 SetUnhandledExceptionFilter
0x14003b328 UnhandledExceptionFilter
0x14003b330 RtlUnwindEx
0x14003b338 RtlLookupFunctionEntry
0x14003b340 GlobalFindAtomA
0x14003b348 GlobalDeleteAtom
0x14003b350 lstrcmpW
0x14003b358 GlobalFlags
0x14003b360 GlobalAddAtomA
0x14003b368 CreateFileA
0x14003b370 GetFullPathNameA
0x14003b378 SetEndOfFile
0x14003b380 FlushFileBuffers
0x14003b388 SetFilePointer
0x14003b390 WriteFile
0x14003b398 ReadFile
0x14003b3a0 LoadLibraryA
0x14003b3a8 GetCurrentThreadId
0x14003b3b0 GlobalGetAtomNameA
0x14003b3b8 GetModuleHandleW
0x14003b3c0 CompareStringA
0x14003b3c8 FreeLibrary
0x14003b3d0 DeleteCriticalSection
0x14003b3d8 LocalReAlloc
0x14003b3e0 TlsSetValue
0x14003b3e8 GlobalHandle
0x14003b3f0 GlobalReAlloc
0x14003b3f8 TlsAlloc
0x14003b400 InitializeCriticalSection
0x14003b408 EnterCriticalSection
0x14003b410 TlsGetValue
0x14003b418 LeaveCriticalSection
0x14003b420 LocalAlloc
0x14003b428 GetCurrentProcessId
0x14003b430 lstrcmpA
0x14003b438 GlobalFree
0x14003b440 FormatMessageA
0x14003b448 MultiByteToWideChar
0x14003b450 SetLastError
0x14003b458 FileTimeToLocalFileTime
0x14003b460 FileTimeToSystemTime
0x14003b468 WideCharToMultiByte
0x14003b470 lstrcmpiA
0x14003b478 LocalFree
0x14003b480 DeleteFileA
0x14003b488 RemoveDirectoryA
0x14003b490 Thread32First
0x14003b498 OpenThread
0x14003b4a0 ResumeThread
0x14003b4a8 Thread32Next
0x14003b4b0 FindResourceA
0x14003b4b8 LoadResource
0x14003b4c0 LockResource
0x14003b4c8 SizeofResource
0x14003b4d0 GlobalAlloc
0x14003b4d8 GlobalLock
0x14003b4e0 GlobalUnlock
0x14003b4e8 FreeResource
0x14003b4f0 FindFirstFileA
0x14003b4f8 lstrlenA
0x14003b500 FindNextFileA
0x14003b508 FindClose
0x14003b510 GetSystemDirectoryA
0x14003b518 GetExitCodeThread
0x14003b520 TerminateThread
0x14003b528 GetModuleFileNameA
0x14003b530 FindFirstVolumeA
0x14003b538 QueryDosDeviceA
0x14003b540 FindNextVolumeA
0x14003b548 FindVolumeClose
0x14003b550 GetVolumePathNamesForVolumeNameA
0x14003b558 CreateRemoteThread
0x14003b560 Module32First
0x14003b568 Module32Next
0x14003b570 VirtualAllocEx
0x14003b578 WriteProcessMemory
0x14003b580 SetEnvironmentVariableA
0x14003b588 VirtualFreeEx
0x14003b590 CreateProcessA
0x14003b598 GetExitCodeProcess
0x14003b5a0 WaitForSingleObject
0x14003b5a8 Sleep
0x14003b5b0 GetLastError
0x14003b5b8 GetCurrentProcess
0x14003b5c0 OpenProcess
0x14003b5c8 TerminateProcess
0x14003b5d0 CreateToolhelp32Snapshot
0x14003b5d8 Process32First
0x14003b5e0 CloseHandle
0x14003b5e8 Process32Next
0x14003b5f0 GetSystemTime
0x14003b5f8 GetModuleHandleA
0x14003b600 GetProcAddress
0x14003b608 GetSystemInfo
0x14003b610 GetVersionExA
0x14003b618 GetWindowsDirectoryA
0x14003b620 SetFileAttributesA
0x14003b628 lstrcpyA
0x14003b630 WritePrivateProfileSectionA
0x14003b638 WritePrivateProfileStringA
0x14003b640 GetPrivateProfileStringA
0x14003b648 LCMapStringW
0x14003b650 GetPrivateProfileIntA
USER32.dll
0x14003b6c8 GetMessagePos
0x14003b6d0 MapWindowPoints
0x14003b6d8 SetMenu
0x14003b6e0 SetForegroundWindow
0x14003b6e8 WaitForInputIdle
0x14003b6f0 wsprintfA
0x14003b6f8 KillTimer
0x14003b700 DispatchMessageA
0x14003b708 GetClientRect
0x14003b710 CreateWindowExA
0x14003b718 GetClassInfoExA
0x14003b720 GetClassInfoA
0x14003b728 RegisterClassA
0x14003b730 AdjustWindowRectEx
0x14003b738 CopyRect
0x14003b740 DefWindowProcA
0x14003b748 CallWindowProcA
0x14003b750 GetMenu
0x14003b758 SystemParametersInfoA
0x14003b760 IsIconic
0x14003b768 GetWindowPlacement
0x14003b770 SetMenuItemBitmaps
0x14003b778 GetMenuCheckMarkDimensions
0x14003b780 LoadBitmapA
0x14003b788 ModifyMenuA
0x14003b790 EnableMenuItem
0x14003b798 WinHelpA
0x14003b7a0 SetWindowPos
0x14003b7a8 GetMessageTime
0x14003b7b0 SetWindowLongPtrA
0x14003b7b8 GetWindowLongPtrA
0x14003b7c0 DestroyWindow
0x14003b7c8 GetTopWindow
0x14003b7d0 TranslateMessage
0x14003b7d8 GetMessageA
0x14003b7e0 SetTimer
0x14003b7e8 MessageBoxA
0x14003b7f0 GetWindow
0x14003b7f8 PostMessageA
0x14003b800 GetParent
0x14003b808 FindWindowA
0x14003b810 GetWindowThreadProcessId
0x14003b818 GetSubMenu
0x14003b820 GetMenuItemCount
0x14003b828 GetMenuItemID
0x14003b830 GetMenuState
0x14003b838 EnableWindow
0x14003b840 IsWindowEnabled
0x14003b848 GetLastActivePopup
0x14003b850 LoadIconA
0x14003b858 RegisterWindowMessageA
0x14003b860 PostQuitMessage
0x14003b868 TabbedTextOutA
0x14003b870 DrawTextA
0x14003b878 DrawTextExA
0x14003b880 GrayStringA
0x14003b888 DestroyMenu
0x14003b890 GetForegroundWindow
0x14003b898 RemovePropA
0x14003b8a0 GetPropA
0x14003b8a8 SetPropA
0x14003b8b0 GetClassLongPtrA
0x14003b8b8 GetClassLongA
0x14003b8c0 GetCapture
0x14003b8c8 GetWindowLongA
0x14003b8d0 SendMessageA
0x14003b8d8 UnhookWindowsHookEx
0x14003b8e0 GetSysColorBrush
0x14003b8e8 GetSysColor
0x14003b8f0 ReleaseDC
0x14003b8f8 GetDC
0x14003b900 GetSystemMetrics
0x14003b908 LoadCursorA
0x14003b910 GetWindowTextA
0x14003b918 ValidateRect
0x14003b920 PeekMessageA
0x14003b928 GetKeyState
0x14003b930 CheckMenuItem
0x14003b938 IsWindow
0x14003b940 GetDlgItem
0x14003b948 GetFocus
0x14003b950 ClientToScreen
0x14003b958 GetDlgCtrlID
0x14003b960 GetWindowRect
0x14003b968 GetClassNameA
0x14003b970 PtInRect
0x14003b978 SetWindowTextA
0x14003b980 SetWindowsHookExA
0x14003b988 CallNextHookEx
GDI32.dll
0x14003b0b8 PtVisible
0x14003b0c0 RectVisible
0x14003b0c8 TextOutA
0x14003b0d0 ExtTextOutA
0x14003b0d8 Escape
0x14003b0e0 SelectObject
0x14003b0e8 SetViewportOrgEx
0x14003b0f0 OffsetViewportOrgEx
0x14003b0f8 SetViewportExtEx
0x14003b100 ScaleViewportExtEx
0x14003b108 SetWindowExtEx
0x14003b110 ScaleWindowExtEx
0x14003b118 GetStockObject
0x14003b120 SetMapMode
0x14003b128 GetDeviceCaps
0x14003b130 DeleteObject
0x14003b138 CreateBitmap
0x14003b140 GetClipBox
0x14003b148 SetTextColor
0x14003b150 SetBkColor
0x14003b158 SaveDC
0x14003b160 RestoreDC
0x14003b168 DeleteDC
WINSPOOL.DRV
0x14003b998 OpenPrinterA
0x14003b9a0 DocumentPropertiesA
0x14003b9a8 ClosePrinter
ADVAPI32.dll
0x14003b000 SetEntriesInAclA
0x14003b008 SetNamedSecurityInfoA
0x14003b010 RegCreateKeyExA
0x14003b018 RegSetValueExA
0x14003b020 LookupPrivilegeValueA
0x14003b028 AdjustTokenPrivileges
0x14003b030 AllocateAndInitializeSid
0x14003b038 CheckTokenMembership
0x14003b040 FreeSid
0x14003b048 OpenProcessToken
0x14003b050 GetTokenInformation
0x14003b058 RegOpenKeyExA
0x14003b060 RegQueryValueExA
0x14003b068 RegCloseKey
0x14003b070 CryptEncrypt
0x14003b078 CryptAcquireContextA
0x14003b080 CryptCreateHash
0x14003b088 CryptHashData
0x14003b090 CryptDeriveKey
0x14003b098 CryptDecrypt
0x14003b0a0 CryptDestroyHash
0x14003b0a8 CryptReleaseContext
SHELL32.dll
0x14003b698 ShellExecuteExA
0x14003b6a0 ShellExecuteA
0x14003b6a8 SHGetFolderPathA
OLEAUT32.dll
0x14003b678 VariantInit
0x14003b680 VariantChangeType
0x14003b688 VariantClear
SHLWAPI.dll
0x14003b6b8 PathRemoveFileSpecA
urlmon.dll
0x14003ba20 URLDownloadToFileA
WS2_32.dll
0x14003b9b8 select
0x14003b9c0 htons
0x14003b9c8 getsockname
0x14003b9d0 inet_addr
0x14003b9d8 recv
0x14003b9e0 socket
0x14003b9e8 closesocket
0x14003b9f0 send
0x14003b9f8 WSAStartup
0x14003ba00 connect
0x14003ba08 getpeername
0x14003ba10 setsockopt
OLEACC.dll
0x14003b660 LresultFromObject
0x14003b668 CreateStdAccessibleObject
EAT(Export Address Table) is none
KERNEL32.dll
0x14003b178 GetFileAttributesA
0x14003b180 GetLocaleInfoA
0x14003b188 GetCPInfo
0x14003b190 GetOEMCP
0x14003b198 GetCurrentDirectoryA
0x14003b1a0 CompareStringW
0x14003b1a8 GetProcessHeap
0x14003b1b0 WriteConsoleW
0x14003b1b8 GetConsoleOutputCP
0x14003b1c0 WriteConsoleA
0x14003b1c8 InitializeCriticalSectionAndSpinCount
0x14003b1d0 GetDriveTypeA
0x14003b1d8 GetTimeZoneInformation
0x14003b1e0 GetTickCount
0x14003b1e8 QueryPerformanceCounter
0x14003b1f0 HeapCreate
0x14003b1f8 HeapSetInformation
0x14003b200 GetEnvironmentStringsW
0x14003b208 FreeEnvironmentStringsW
0x14003b210 GetEnvironmentStrings
0x14003b218 FreeEnvironmentStringsA
0x14003b220 LCMapStringA
0x14003b228 GetStringTypeW
0x14003b230 GetStringTypeA
0x14003b238 GetStdHandle
0x14003b240 SetHandleCount
0x14003b248 GetFileType
0x14003b250 SetStdHandle
0x14003b258 GetConsoleMode
0x14003b260 GetConsoleCP
0x14003b268 IsValidCodePage
0x14003b270 GetACP
0x14003b278 FlsAlloc
0x14003b280 FlsFree
0x14003b288 FlsSetValue
0x14003b290 FlsGetValue
0x14003b298 DecodePointer
0x14003b2a0 EncodePointer
0x14003b2a8 ExitProcess
0x14003b2b0 HeapSize
0x14003b2b8 HeapQueryInformation
0x14003b2c0 HeapReAlloc
0x14003b2c8 HeapFree
0x14003b2d0 HeapAlloc
0x14003b2d8 GetStartupInfoA
0x14003b2e0 GetCommandLineA
0x14003b2e8 GetSystemTimeAsFileTime
0x14003b2f0 CreateDirectoryA
0x14003b2f8 RtlPcToFileHeader
0x14003b300 RaiseException
0x14003b308 RtlCaptureContext
0x14003b310 RtlVirtualUnwind
0x14003b318 IsDebuggerPresent
0x14003b320 SetUnhandledExceptionFilter
0x14003b328 UnhandledExceptionFilter
0x14003b330 RtlUnwindEx
0x14003b338 RtlLookupFunctionEntry
0x14003b340 GlobalFindAtomA
0x14003b348 GlobalDeleteAtom
0x14003b350 lstrcmpW
0x14003b358 GlobalFlags
0x14003b360 GlobalAddAtomA
0x14003b368 CreateFileA
0x14003b370 GetFullPathNameA
0x14003b378 SetEndOfFile
0x14003b380 FlushFileBuffers
0x14003b388 SetFilePointer
0x14003b390 WriteFile
0x14003b398 ReadFile
0x14003b3a0 LoadLibraryA
0x14003b3a8 GetCurrentThreadId
0x14003b3b0 GlobalGetAtomNameA
0x14003b3b8 GetModuleHandleW
0x14003b3c0 CompareStringA
0x14003b3c8 FreeLibrary
0x14003b3d0 DeleteCriticalSection
0x14003b3d8 LocalReAlloc
0x14003b3e0 TlsSetValue
0x14003b3e8 GlobalHandle
0x14003b3f0 GlobalReAlloc
0x14003b3f8 TlsAlloc
0x14003b400 InitializeCriticalSection
0x14003b408 EnterCriticalSection
0x14003b410 TlsGetValue
0x14003b418 LeaveCriticalSection
0x14003b420 LocalAlloc
0x14003b428 GetCurrentProcessId
0x14003b430 lstrcmpA
0x14003b438 GlobalFree
0x14003b440 FormatMessageA
0x14003b448 MultiByteToWideChar
0x14003b450 SetLastError
0x14003b458 FileTimeToLocalFileTime
0x14003b460 FileTimeToSystemTime
0x14003b468 WideCharToMultiByte
0x14003b470 lstrcmpiA
0x14003b478 LocalFree
0x14003b480 DeleteFileA
0x14003b488 RemoveDirectoryA
0x14003b490 Thread32First
0x14003b498 OpenThread
0x14003b4a0 ResumeThread
0x14003b4a8 Thread32Next
0x14003b4b0 FindResourceA
0x14003b4b8 LoadResource
0x14003b4c0 LockResource
0x14003b4c8 SizeofResource
0x14003b4d0 GlobalAlloc
0x14003b4d8 GlobalLock
0x14003b4e0 GlobalUnlock
0x14003b4e8 FreeResource
0x14003b4f0 FindFirstFileA
0x14003b4f8 lstrlenA
0x14003b500 FindNextFileA
0x14003b508 FindClose
0x14003b510 GetSystemDirectoryA
0x14003b518 GetExitCodeThread
0x14003b520 TerminateThread
0x14003b528 GetModuleFileNameA
0x14003b530 FindFirstVolumeA
0x14003b538 QueryDosDeviceA
0x14003b540 FindNextVolumeA
0x14003b548 FindVolumeClose
0x14003b550 GetVolumePathNamesForVolumeNameA
0x14003b558 CreateRemoteThread
0x14003b560 Module32First
0x14003b568 Module32Next
0x14003b570 VirtualAllocEx
0x14003b578 WriteProcessMemory
0x14003b580 SetEnvironmentVariableA
0x14003b588 VirtualFreeEx
0x14003b590 CreateProcessA
0x14003b598 GetExitCodeProcess
0x14003b5a0 WaitForSingleObject
0x14003b5a8 Sleep
0x14003b5b0 GetLastError
0x14003b5b8 GetCurrentProcess
0x14003b5c0 OpenProcess
0x14003b5c8 TerminateProcess
0x14003b5d0 CreateToolhelp32Snapshot
0x14003b5d8 Process32First
0x14003b5e0 CloseHandle
0x14003b5e8 Process32Next
0x14003b5f0 GetSystemTime
0x14003b5f8 GetModuleHandleA
0x14003b600 GetProcAddress
0x14003b608 GetSystemInfo
0x14003b610 GetVersionExA
0x14003b618 GetWindowsDirectoryA
0x14003b620 SetFileAttributesA
0x14003b628 lstrcpyA
0x14003b630 WritePrivateProfileSectionA
0x14003b638 WritePrivateProfileStringA
0x14003b640 GetPrivateProfileStringA
0x14003b648 LCMapStringW
0x14003b650 GetPrivateProfileIntA
USER32.dll
0x14003b6c8 GetMessagePos
0x14003b6d0 MapWindowPoints
0x14003b6d8 SetMenu
0x14003b6e0 SetForegroundWindow
0x14003b6e8 WaitForInputIdle
0x14003b6f0 wsprintfA
0x14003b6f8 KillTimer
0x14003b700 DispatchMessageA
0x14003b708 GetClientRect
0x14003b710 CreateWindowExA
0x14003b718 GetClassInfoExA
0x14003b720 GetClassInfoA
0x14003b728 RegisterClassA
0x14003b730 AdjustWindowRectEx
0x14003b738 CopyRect
0x14003b740 DefWindowProcA
0x14003b748 CallWindowProcA
0x14003b750 GetMenu
0x14003b758 SystemParametersInfoA
0x14003b760 IsIconic
0x14003b768 GetWindowPlacement
0x14003b770 SetMenuItemBitmaps
0x14003b778 GetMenuCheckMarkDimensions
0x14003b780 LoadBitmapA
0x14003b788 ModifyMenuA
0x14003b790 EnableMenuItem
0x14003b798 WinHelpA
0x14003b7a0 SetWindowPos
0x14003b7a8 GetMessageTime
0x14003b7b0 SetWindowLongPtrA
0x14003b7b8 GetWindowLongPtrA
0x14003b7c0 DestroyWindow
0x14003b7c8 GetTopWindow
0x14003b7d0 TranslateMessage
0x14003b7d8 GetMessageA
0x14003b7e0 SetTimer
0x14003b7e8 MessageBoxA
0x14003b7f0 GetWindow
0x14003b7f8 PostMessageA
0x14003b800 GetParent
0x14003b808 FindWindowA
0x14003b810 GetWindowThreadProcessId
0x14003b818 GetSubMenu
0x14003b820 GetMenuItemCount
0x14003b828 GetMenuItemID
0x14003b830 GetMenuState
0x14003b838 EnableWindow
0x14003b840 IsWindowEnabled
0x14003b848 GetLastActivePopup
0x14003b850 LoadIconA
0x14003b858 RegisterWindowMessageA
0x14003b860 PostQuitMessage
0x14003b868 TabbedTextOutA
0x14003b870 DrawTextA
0x14003b878 DrawTextExA
0x14003b880 GrayStringA
0x14003b888 DestroyMenu
0x14003b890 GetForegroundWindow
0x14003b898 RemovePropA
0x14003b8a0 GetPropA
0x14003b8a8 SetPropA
0x14003b8b0 GetClassLongPtrA
0x14003b8b8 GetClassLongA
0x14003b8c0 GetCapture
0x14003b8c8 GetWindowLongA
0x14003b8d0 SendMessageA
0x14003b8d8 UnhookWindowsHookEx
0x14003b8e0 GetSysColorBrush
0x14003b8e8 GetSysColor
0x14003b8f0 ReleaseDC
0x14003b8f8 GetDC
0x14003b900 GetSystemMetrics
0x14003b908 LoadCursorA
0x14003b910 GetWindowTextA
0x14003b918 ValidateRect
0x14003b920 PeekMessageA
0x14003b928 GetKeyState
0x14003b930 CheckMenuItem
0x14003b938 IsWindow
0x14003b940 GetDlgItem
0x14003b948 GetFocus
0x14003b950 ClientToScreen
0x14003b958 GetDlgCtrlID
0x14003b960 GetWindowRect
0x14003b968 GetClassNameA
0x14003b970 PtInRect
0x14003b978 SetWindowTextA
0x14003b980 SetWindowsHookExA
0x14003b988 CallNextHookEx
GDI32.dll
0x14003b0b8 PtVisible
0x14003b0c0 RectVisible
0x14003b0c8 TextOutA
0x14003b0d0 ExtTextOutA
0x14003b0d8 Escape
0x14003b0e0 SelectObject
0x14003b0e8 SetViewportOrgEx
0x14003b0f0 OffsetViewportOrgEx
0x14003b0f8 SetViewportExtEx
0x14003b100 ScaleViewportExtEx
0x14003b108 SetWindowExtEx
0x14003b110 ScaleWindowExtEx
0x14003b118 GetStockObject
0x14003b120 SetMapMode
0x14003b128 GetDeviceCaps
0x14003b130 DeleteObject
0x14003b138 CreateBitmap
0x14003b140 GetClipBox
0x14003b148 SetTextColor
0x14003b150 SetBkColor
0x14003b158 SaveDC
0x14003b160 RestoreDC
0x14003b168 DeleteDC
WINSPOOL.DRV
0x14003b998 OpenPrinterA
0x14003b9a0 DocumentPropertiesA
0x14003b9a8 ClosePrinter
ADVAPI32.dll
0x14003b000 SetEntriesInAclA
0x14003b008 SetNamedSecurityInfoA
0x14003b010 RegCreateKeyExA
0x14003b018 RegSetValueExA
0x14003b020 LookupPrivilegeValueA
0x14003b028 AdjustTokenPrivileges
0x14003b030 AllocateAndInitializeSid
0x14003b038 CheckTokenMembership
0x14003b040 FreeSid
0x14003b048 OpenProcessToken
0x14003b050 GetTokenInformation
0x14003b058 RegOpenKeyExA
0x14003b060 RegQueryValueExA
0x14003b068 RegCloseKey
0x14003b070 CryptEncrypt
0x14003b078 CryptAcquireContextA
0x14003b080 CryptCreateHash
0x14003b088 CryptHashData
0x14003b090 CryptDeriveKey
0x14003b098 CryptDecrypt
0x14003b0a0 CryptDestroyHash
0x14003b0a8 CryptReleaseContext
SHELL32.dll
0x14003b698 ShellExecuteExA
0x14003b6a0 ShellExecuteA
0x14003b6a8 SHGetFolderPathA
OLEAUT32.dll
0x14003b678 VariantInit
0x14003b680 VariantChangeType
0x14003b688 VariantClear
SHLWAPI.dll
0x14003b6b8 PathRemoveFileSpecA
urlmon.dll
0x14003ba20 URLDownloadToFileA
WS2_32.dll
0x14003b9b8 select
0x14003b9c0 htons
0x14003b9c8 getsockname
0x14003b9d0 inet_addr
0x14003b9d8 recv
0x14003b9e0 socket
0x14003b9e8 closesocket
0x14003b9f0 send
0x14003b9f8 WSAStartup
0x14003ba00 connect
0x14003ba08 getpeername
0x14003ba10 setsockopt
OLEACC.dll
0x14003b660 LresultFromObject
0x14003b668 CreateStdAccessibleObject
EAT(Export Address Table) is none