ScreenShot
| Created | 2021.07.02 16:56 | Machine | s1_win7_x6401 |
| Filename | setup_dmysqd02.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (AIDetectVM, malware1, malicious, high confidence, WDJiange, Artemis, Unsafe, INNOmod, confidence, Delf, Eldorado, Attribute, HighConfidence, fcskqj, ApplicUnwnt@#1ct7xhftgq1uw, AGEN, Generic PUA BK, Generic0, ai score=51, AGeneric, GameBox, score, BScope, D suspicious, CLASSIC, UyQXNcPJHsY, Static AI, Suspicious PE, EGXE, FileRepMalware, Genetic) | ||
| md5 | 45149d3d37ac7489767eef18b3feb96b | ||
| sha256 | da57991af6384a2ca4ca947f471a8f56a0cb5078656c23cf4d76180284d55ffa | ||
| ssdeep | 196608:VTNebi35zFQ6tQeUTwhHgUGJCXVG9wXXrh:VTNuaxFWTwApJCXVR | ||
| imphash | 9223d9ba2e2a109d7071eb98e3f6c6f5 | ||
| impfuzzy | 192:ocPNQRuuj/EUhc9z5rozNex45+Fm3D1Kqs0IPbOQMxpklE:NNwjm9ioET1K7PbOQMxN | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for known Chinese AV sofware registry keys |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Sends data using the HTTP POST Method |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (8cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x584a80 SysFreeString
0x584a84 SysReAllocStringLen
0x584a88 SysAllocStringLen
advapi32.dll
0x584a90 RegQueryValueExW
0x584a94 RegOpenKeyExW
0x584a98 RegCloseKey
user32.dll
0x584aa0 GetKeyboardType
0x584aa4 LoadStringW
0x584aa8 MessageBoxA
0x584aac CharNextW
kernel32.dll
0x584ab4 GetACP
0x584ab8 Sleep
0x584abc VirtualFree
0x584ac0 VirtualAlloc
0x584ac4 GetSystemInfo
0x584ac8 GetTickCount
0x584acc QueryPerformanceCounter
0x584ad0 GetVersion
0x584ad4 GetCurrentThreadId
0x584ad8 VirtualQuery
0x584adc WideCharToMultiByte
0x584ae0 SetCurrentDirectoryW
0x584ae4 MultiByteToWideChar
0x584ae8 lstrlenW
0x584aec lstrcpynW
0x584af0 LoadLibraryExW
0x584af4 GetThreadLocale
0x584af8 GetStartupInfoA
0x584afc GetProcAddress
0x584b00 GetModuleHandleW
0x584b04 GetModuleFileNameW
0x584b08 GetLocaleInfoW
0x584b0c GetCurrentDirectoryW
0x584b10 GetCommandLineW
0x584b14 FreeLibrary
0x584b18 FindFirstFileW
0x584b1c FindClose
0x584b20 ExitProcess
0x584b24 ExitThread
0x584b28 CreateThread
0x584b2c CompareStringW
0x584b30 WriteFile
0x584b34 UnhandledExceptionFilter
0x584b38 RtlUnwind
0x584b3c RaiseException
0x584b40 GetStdHandle
0x584b44 CloseHandle
kernel32.dll
0x584b4c TlsSetValue
0x584b50 TlsGetValue
0x584b54 LocalAlloc
0x584b58 GetModuleHandleW
user32.dll
0x584b60 CreateWindowExW
0x584b64 WindowFromPoint
0x584b68 WaitMessage
0x584b6c WaitForInputIdle
0x584b70 UpdateWindow
0x584b74 UnregisterClassW
0x584b78 UnhookWindowsHookEx
0x584b7c TranslateMessage
0x584b80 TranslateMDISysAccel
0x584b84 TrackPopupMenu
0x584b88 SystemParametersInfoW
0x584b8c ShowWindow
0x584b90 ShowScrollBar
0x584b94 ShowOwnedPopups
0x584b98 SetWindowsHookExW
0x584b9c SetWindowTextW
0x584ba0 SetWindowPos
0x584ba4 SetWindowPlacement
0x584ba8 SetWindowLongW
0x584bac SetTimer
0x584bb0 SetScrollRange
0x584bb4 SetScrollPos
0x584bb8 SetScrollInfo
0x584bbc SetRectEmpty
0x584bc0 SetRect
0x584bc4 SetPropW
0x584bc8 SetParent
0x584bcc SetMenuItemInfoW
0x584bd0 SetMenu
0x584bd4 SetForegroundWindow
0x584bd8 SetFocus
0x584bdc SetCursor
0x584be0 SetClassLongW
0x584be4 SetCapture
0x584be8 SetActiveWindow
0x584bec SendNotifyMessageW
0x584bf0 SendMessageTimeoutW
0x584bf4 SendMessageA
0x584bf8 SendMessageW
0x584bfc ScrollWindowEx
0x584c00 ScrollWindow
0x584c04 ScreenToClient
0x584c08 ReplyMessage
0x584c0c RemovePropW
0x584c10 RemoveMenu
0x584c14 ReleaseDC
0x584c18 ReleaseCapture
0x584c1c RegisterWindowMessageW
0x584c20 RegisterClipboardFormatW
0x584c24 RegisterClassW
0x584c28 RedrawWindow
0x584c2c PtInRect
0x584c30 PostQuitMessage
0x584c34 PostMessageW
0x584c38 PeekMessageA
0x584c3c PeekMessageW
0x584c40 OffsetRect
0x584c44 OemToCharBuffA
0x584c48 MsgWaitForMultipleObjectsEx
0x584c4c MsgWaitForMultipleObjects
0x584c50 MessageBoxW
0x584c54 MessageBeep
0x584c58 MapWindowPoints
0x584c5c MapVirtualKeyW
0x584c60 LoadStringW
0x584c64 LoadKeyboardLayoutW
0x584c68 LoadIconW
0x584c6c LoadCursorW
0x584c70 LoadBitmapW
0x584c74 KillTimer
0x584c78 IsZoomed
0x584c7c IsWindowVisible
0x584c80 IsWindowUnicode
0x584c84 IsWindowEnabled
0x584c88 IsWindow
0x584c8c IsRectEmpty
0x584c90 IsIconic
0x584c94 IsDialogMessageA
0x584c98 IsDialogMessageW
0x584c9c IsChild
0x584ca0 InvalidateRect
0x584ca4 IntersectRect
0x584ca8 InsertMenuItemW
0x584cac InsertMenuW
0x584cb0 InflateRect
0x584cb4 GetWindowThreadProcessId
0x584cb8 GetWindowTextW
0x584cbc GetWindowRect
0x584cc0 GetWindowPlacement
0x584cc4 GetWindowLongW
0x584cc8 GetWindowDC
0x584ccc GetTopWindow
0x584cd0 GetSystemMetrics
0x584cd4 GetSystemMenu
0x584cd8 GetSysColorBrush
0x584cdc GetSysColor
0x584ce0 GetSubMenu
0x584ce4 GetScrollRange
0x584ce8 GetScrollPos
0x584cec GetScrollInfo
0x584cf0 GetPropW
0x584cf4 GetParent
0x584cf8 GetWindow
0x584cfc GetMessagePos
0x584d00 GetMessageW
0x584d04 GetMenuStringW
0x584d08 GetMenuState
0x584d0c GetMenuItemInfoW
0x584d10 GetMenuItemID
0x584d14 GetMenuItemCount
0x584d18 GetMenu
0x584d1c GetLastActivePopup
0x584d20 GetKeyboardState
0x584d24 GetKeyboardLayoutNameW
0x584d28 GetKeyboardLayoutList
0x584d2c GetKeyboardLayout
0x584d30 GetKeyState
0x584d34 GetKeyNameTextW
0x584d38 GetIconInfo
0x584d3c GetForegroundWindow
0x584d40 GetFocus
0x584d44 GetDesktopWindow
0x584d48 GetDCEx
0x584d4c GetDC
0x584d50 GetCursorPos
0x584d54 GetCursor
0x584d58 GetClientRect
0x584d5c GetClassLongW
0x584d60 GetClassInfoW
0x584d64 GetCapture
0x584d68 GetActiveWindow
0x584d6c FrameRect
0x584d70 FindWindowExW
0x584d74 FindWindowW
0x584d78 FillRect
0x584d7c ExitWindowsEx
0x584d80 EnumWindows
0x584d84 EnumThreadWindows
0x584d88 EnumChildWindows
0x584d8c EndPaint
0x584d90 EnableWindow
0x584d94 EnableScrollBar
0x584d98 EnableMenuItem
0x584d9c DrawTextExW
0x584da0 DrawTextW
0x584da4 DrawMenuBar
0x584da8 DrawIconEx
0x584dac DrawIcon
0x584db0 DrawFrameControl
0x584db4 DrawFocusRect
0x584db8 DrawEdge
0x584dbc DispatchMessageA
0x584dc0 DispatchMessageW
0x584dc4 DestroyWindow
0x584dc8 DestroyMenu
0x584dcc DestroyIcon
0x584dd0 DestroyCursor
0x584dd4 DeleteMenu
0x584dd8 DefWindowProcW
0x584ddc DefMDIChildProcW
0x584de0 DefFrameProcW
0x584de4 CreatePopupMenu
0x584de8 CreateMenu
0x584dec CreateIcon
0x584df0 ClientToScreen
0x584df4 CheckMenuItem
0x584df8 CharUpperBuffW
0x584dfc CharNextW
0x584e00 CharLowerBuffW
0x584e04 CharLowerW
0x584e08 CallWindowProcW
0x584e0c CallNextHookEx
0x584e10 BringWindowToTop
0x584e14 BeginPaint
0x584e18 AppendMenuW
0x584e1c CharToOemBuffA
0x584e20 AdjustWindowRectEx
0x584e24 ActivateKeyboardLayout
msimg32.dll
0x584e2c AlphaBlend
gdi32.dll
0x584e34 UnrealizeObject
0x584e38 StretchBlt
0x584e3c SetWindowOrgEx
0x584e40 SetViewportOrgEx
0x584e44 SetTextColor
0x584e48 SetStretchBltMode
0x584e4c SetROP2
0x584e50 SetPixel
0x584e54 SetDIBColorTable
0x584e58 SetBrushOrgEx
0x584e5c SetBkMode
0x584e60 SetBkColor
0x584e64 SelectPalette
0x584e68 SelectObject
0x584e6c SaveDC
0x584e70 RoundRect
0x584e74 RestoreDC
0x584e78 RemoveFontResourceW
0x584e7c Rectangle
0x584e80 RectVisible
0x584e84 RealizePalette
0x584e88 Polyline
0x584e8c Pie
0x584e90 PatBlt
0x584e94 MoveToEx
0x584e98 MaskBlt
0x584e9c LineTo
0x584ea0 LineDDA
0x584ea4 IntersectClipRect
0x584ea8 GetWindowOrgEx
0x584eac GetTextMetricsW
0x584eb0 GetTextExtentPointW
0x584eb4 GetTextExtentPoint32W
0x584eb8 GetSystemPaletteEntries
0x584ebc GetStockObject
0x584ec0 GetRgnBox
0x584ec4 GetPixel
0x584ec8 GetPaletteEntries
0x584ecc GetObjectW
0x584ed0 GetDeviceCaps
0x584ed4 GetDIBits
0x584ed8 GetDIBColorTable
0x584edc GetDCOrgEx
0x584ee0 GetCurrentPositionEx
0x584ee4 GetClipBox
0x584ee8 GetBrushOrgEx
0x584eec GetBitmapBits
0x584ef0 GdiFlush
0x584ef4 FrameRgn
0x584ef8 ExtTextOutW
0x584efc ExtFloodFill
0x584f00 ExcludeClipRect
0x584f04 EnumFontsW
0x584f08 Ellipse
0x584f0c DeleteObject
0x584f10 DeleteDC
0x584f14 CreateSolidBrush
0x584f18 CreateRectRgn
0x584f1c CreatePenIndirect
0x584f20 CreatePalette
0x584f24 CreateHalftonePalette
0x584f28 CreateFontIndirectW
0x584f2c CreateDIBitmap
0x584f30 CreateDIBSection
0x584f34 CreateCompatibleDC
0x584f38 CreateCompatibleBitmap
0x584f3c CreateBrushIndirect
0x584f40 CreateBitmap
0x584f44 Chord
0x584f48 BitBlt
0x584f4c Arc
0x584f50 AddFontResourceW
version.dll
0x584f58 VerQueryValueW
0x584f5c GetFileVersionInfoSizeW
0x584f60 GetFileVersionInfoW
mpr.dll
0x584f68 WNetOpenEnumW
0x584f6c WNetGetUniversalNameW
0x584f70 WNetGetConnectionW
0x584f74 WNetEnumResourceW
0x584f78 WNetCloseEnum
kernel32.dll
0x584f80 lstrcpyW
0x584f84 lstrcmpW
0x584f88 WriteProfileStringW
0x584f8c WritePrivateProfileStringW
0x584f90 WriteFile
0x584f94 WideCharToMultiByte
0x584f98 WaitForSingleObject
0x584f9c WaitForMultipleObjectsEx
0x584fa0 VirtualQueryEx
0x584fa4 VirtualQuery
0x584fa8 VirtualFree
0x584fac VirtualAlloc
0x584fb0 TransactNamedPipe
0x584fb4 TerminateProcess
0x584fb8 SwitchToThread
0x584fbc SizeofResource
0x584fc0 SignalObjectAndWait
0x584fc4 SetThreadLocale
0x584fc8 SetNamedPipeHandleState
0x584fcc SetLastError
0x584fd0 SetFileTime
0x584fd4 SetFilePointer
0x584fd8 SetFileAttributesW
0x584fdc SetEvent
0x584fe0 SetErrorMode
0x584fe4 SetEndOfFile
0x584fe8 SetCurrentDirectoryW
0x584fec ResumeThread
0x584ff0 ResetEvent
0x584ff4 RemoveDirectoryW
0x584ff8 ReleaseMutex
0x584ffc ReadFile
0x585000 QueryPerformanceCounter
0x585004 OpenProcess
0x585008 OpenMutexW
0x58500c MultiByteToWideChar
0x585010 MulDiv
0x585014 MoveFileExW
0x585018 MoveFileW
0x58501c LockResource
0x585020 LocalFree
0x585024 LocalFileTimeToFileTime
0x585028 LoadResource
0x58502c LoadLibraryExW
0x585030 LoadLibraryW
0x585034 LeaveCriticalSection
0x585038 IsDBCSLeadByte
0x58503c IsBadWritePtr
0x585040 InitializeCriticalSection
0x585044 GlobalFindAtomW
0x585048 GlobalDeleteAtom
0x58504c GlobalAddAtomW
0x585050 GetWindowsDirectoryW
0x585054 GetVersionExW
0x585058 GetVersion
0x58505c GetUserDefaultLangID
0x585060 GetTickCount
0x585064 GetThreadLocale
0x585068 GetSystemTimeAsFileTime
0x58506c GetSystemInfo
0x585070 GetSystemDirectoryW
0x585074 GetStdHandle
0x585078 GetShortPathNameW
0x58507c GetProfileStringW
0x585080 GetProcAddress
0x585084 GetPrivateProfileStringW
0x585088 GetOverlappedResult
0x58508c GetModuleHandleW
0x585090 GetModuleFileNameW
0x585094 GetLogicalDrives
0x585098 GetLocaleInfoW
0x58509c GetLocalTime
0x5850a0 GetLastError
0x5850a4 GetFullPathNameW
0x5850a8 GetFileSize
0x5850ac GetFileAttributesW
0x5850b0 GetExitCodeThread
0x5850b4 GetExitCodeProcess
0x5850b8 GetEnvironmentVariableW
0x5850bc GetDriveTypeW
0x5850c0 GetDiskFreeSpaceW
0x5850c4 GetDateFormatW
0x5850c8 GetCurrentThreadId
0x5850cc GetCurrentThread
0x5850d0 GetCurrentProcessId
0x5850d4 GetCurrentProcess
0x5850d8 GetCurrentDirectoryW
0x5850dc GetComputerNameW
0x5850e0 GetCommandLineW
0x5850e4 GetCPInfo
0x5850e8 FreeResource
0x5850ec InterlockedIncrement
0x5850f0 InterlockedExchangeAdd
0x5850f4 InterlockedExchange
0x5850f8 InterlockedDecrement
0x5850fc InterlockedCompareExchange
0x585100 FreeLibrary
0x585104 FormatMessageW
0x585108 FlushFileBuffers
0x58510c FindResourceW
0x585110 FindNextFileW
0x585114 FindFirstFileW
0x585118 FindClose
0x58511c FileTimeToSystemTime
0x585120 FileTimeToLocalFileTime
0x585124 EnumCalendarInfoW
0x585128 EnterCriticalSection
0x58512c DeviceIoControl
0x585130 DeleteFileW
0x585134 DeleteCriticalSection
0x585138 CreateThread
0x58513c CreateProcessW
0x585140 CreateNamedPipeW
0x585144 CreateMutexW
0x585148 CreateFileW
0x58514c CreateEventW
0x585150 CreateDirectoryW
0x585154 CopyFileW
0x585158 CompareStringW
0x58515c CompareFileTime
0x585160 CloseHandle
advapi32.dll
0x585168 SetSecurityDescriptorDacl
0x58516c RegSetValueExW
0x585170 RegQueryValueExW
0x585174 RegQueryInfoKeyW
0x585178 RegOpenKeyExW
0x58517c RegFlushKey
0x585180 RegEnumValueW
0x585184 RegEnumKeyExW
0x585188 RegDeleteValueW
0x58518c RegDeleteKeyW
0x585190 RegCreateKeyExW
0x585194 RegCloseKey
0x585198 OpenThreadToken
0x58519c OpenProcessToken
0x5851a0 LookupPrivilegeValueW
0x5851a4 InitializeSecurityDescriptor
0x5851a8 GetUserNameW
0x5851ac GetTokenInformation
0x5851b0 FreeSid
0x5851b4 EqualSid
0x5851b8 AllocateAndInitializeSid
kernel32.dll
0x5851c0 Sleep
comctl32.dll
0x5851c8 InitCommonControls
oleaut32.dll
0x5851d0 GetErrorInfo
0x5851d4 GetActiveObject
0x5851d8 RegisterTypeLib
0x5851dc LoadTypeLib
0x5851e0 SysFreeString
ole32.dll
0x5851e8 OleUninitialize
0x5851ec OleInitialize
0x5851f0 CoTaskMemFree
0x5851f4 CLSIDFromProgID
0x5851f8 CLSIDFromString
0x5851fc StringFromCLSID
0x585200 CoCreateInstance
0x585204 CoFreeUnusedLibraries
0x585208 CoUninitialize
0x58520c CoInitialize
0x585210 IsEqualGUID
oleaut32.dll
0x585218 SafeArrayPtrOfIndex
0x58521c SafeArrayPutElement
0x585220 SafeArrayGetElement
0x585224 SafeArrayGetUBound
0x585228 SafeArrayGetLBound
0x58522c SafeArrayCreate
0x585230 VariantChangeType
0x585234 VariantCopyInd
0x585238 VariantCopy
0x58523c VariantClear
0x585240 VariantInit
comctl32.dll
0x585248 InitializeFlatSB
0x58524c FlatSB_SetScrollProp
0x585250 FlatSB_SetScrollPos
0x585254 FlatSB_SetScrollInfo
0x585258 FlatSB_GetScrollPos
0x58525c FlatSB_GetScrollInfo
0x585260 _TrackMouseEvent
0x585264 ImageList_SetIconSize
0x585268 ImageList_GetIconSize
0x58526c ImageList_Write
0x585270 ImageList_Read
0x585274 ImageList_GetDragImage
0x585278 ImageList_DragShowNolock
0x58527c ImageList_DragMove
0x585280 ImageList_DragLeave
0x585284 ImageList_DragEnter
0x585288 ImageList_EndDrag
0x58528c ImageList_BeginDrag
0x585290 ImageList_Remove
0x585294 ImageList_DrawEx
0x585298 ImageList_Draw
0x58529c ImageList_GetBkColor
0x5852a0 ImageList_SetBkColor
0x5852a4 ImageList_Add
0x5852a8 ImageList_SetImageCount
0x5852ac ImageList_GetImageCount
0x5852b0 ImageList_Destroy
0x5852b4 ImageList_Create
0x5852b8 InitCommonControls
shell32.dll
0x5852c0 ShellExecuteExW
0x5852c4 ShellExecuteW
0x5852c8 SHGetFileInfoW
0x5852cc ExtractIconW
shell32.dll
0x5852d4 SHGetPathFromIDListW
0x5852d8 SHGetMalloc
0x5852dc SHChangeNotify
0x5852e0 SHBrowseForFolderW
comdlg32.dll
0x5852e8 GetSaveFileNameW
0x5852ec GetOpenFileNameW
ole32.dll
0x5852f4 CoDisconnectObject
oleaut32.dll
0x5852fc SysFreeString
advapi32.dll
0x585304 AdjustTokenPrivileges
EAT(Export Address Table) is none
oleaut32.dll
0x584a80 SysFreeString
0x584a84 SysReAllocStringLen
0x584a88 SysAllocStringLen
advapi32.dll
0x584a90 RegQueryValueExW
0x584a94 RegOpenKeyExW
0x584a98 RegCloseKey
user32.dll
0x584aa0 GetKeyboardType
0x584aa4 LoadStringW
0x584aa8 MessageBoxA
0x584aac CharNextW
kernel32.dll
0x584ab4 GetACP
0x584ab8 Sleep
0x584abc VirtualFree
0x584ac0 VirtualAlloc
0x584ac4 GetSystemInfo
0x584ac8 GetTickCount
0x584acc QueryPerformanceCounter
0x584ad0 GetVersion
0x584ad4 GetCurrentThreadId
0x584ad8 VirtualQuery
0x584adc WideCharToMultiByte
0x584ae0 SetCurrentDirectoryW
0x584ae4 MultiByteToWideChar
0x584ae8 lstrlenW
0x584aec lstrcpynW
0x584af0 LoadLibraryExW
0x584af4 GetThreadLocale
0x584af8 GetStartupInfoA
0x584afc GetProcAddress
0x584b00 GetModuleHandleW
0x584b04 GetModuleFileNameW
0x584b08 GetLocaleInfoW
0x584b0c GetCurrentDirectoryW
0x584b10 GetCommandLineW
0x584b14 FreeLibrary
0x584b18 FindFirstFileW
0x584b1c FindClose
0x584b20 ExitProcess
0x584b24 ExitThread
0x584b28 CreateThread
0x584b2c CompareStringW
0x584b30 WriteFile
0x584b34 UnhandledExceptionFilter
0x584b38 RtlUnwind
0x584b3c RaiseException
0x584b40 GetStdHandle
0x584b44 CloseHandle
kernel32.dll
0x584b4c TlsSetValue
0x584b50 TlsGetValue
0x584b54 LocalAlloc
0x584b58 GetModuleHandleW
user32.dll
0x584b60 CreateWindowExW
0x584b64 WindowFromPoint
0x584b68 WaitMessage
0x584b6c WaitForInputIdle
0x584b70 UpdateWindow
0x584b74 UnregisterClassW
0x584b78 UnhookWindowsHookEx
0x584b7c TranslateMessage
0x584b80 TranslateMDISysAccel
0x584b84 TrackPopupMenu
0x584b88 SystemParametersInfoW
0x584b8c ShowWindow
0x584b90 ShowScrollBar
0x584b94 ShowOwnedPopups
0x584b98 SetWindowsHookExW
0x584b9c SetWindowTextW
0x584ba0 SetWindowPos
0x584ba4 SetWindowPlacement
0x584ba8 SetWindowLongW
0x584bac SetTimer
0x584bb0 SetScrollRange
0x584bb4 SetScrollPos
0x584bb8 SetScrollInfo
0x584bbc SetRectEmpty
0x584bc0 SetRect
0x584bc4 SetPropW
0x584bc8 SetParent
0x584bcc SetMenuItemInfoW
0x584bd0 SetMenu
0x584bd4 SetForegroundWindow
0x584bd8 SetFocus
0x584bdc SetCursor
0x584be0 SetClassLongW
0x584be4 SetCapture
0x584be8 SetActiveWindow
0x584bec SendNotifyMessageW
0x584bf0 SendMessageTimeoutW
0x584bf4 SendMessageA
0x584bf8 SendMessageW
0x584bfc ScrollWindowEx
0x584c00 ScrollWindow
0x584c04 ScreenToClient
0x584c08 ReplyMessage
0x584c0c RemovePropW
0x584c10 RemoveMenu
0x584c14 ReleaseDC
0x584c18 ReleaseCapture
0x584c1c RegisterWindowMessageW
0x584c20 RegisterClipboardFormatW
0x584c24 RegisterClassW
0x584c28 RedrawWindow
0x584c2c PtInRect
0x584c30 PostQuitMessage
0x584c34 PostMessageW
0x584c38 PeekMessageA
0x584c3c PeekMessageW
0x584c40 OffsetRect
0x584c44 OemToCharBuffA
0x584c48 MsgWaitForMultipleObjectsEx
0x584c4c MsgWaitForMultipleObjects
0x584c50 MessageBoxW
0x584c54 MessageBeep
0x584c58 MapWindowPoints
0x584c5c MapVirtualKeyW
0x584c60 LoadStringW
0x584c64 LoadKeyboardLayoutW
0x584c68 LoadIconW
0x584c6c LoadCursorW
0x584c70 LoadBitmapW
0x584c74 KillTimer
0x584c78 IsZoomed
0x584c7c IsWindowVisible
0x584c80 IsWindowUnicode
0x584c84 IsWindowEnabled
0x584c88 IsWindow
0x584c8c IsRectEmpty
0x584c90 IsIconic
0x584c94 IsDialogMessageA
0x584c98 IsDialogMessageW
0x584c9c IsChild
0x584ca0 InvalidateRect
0x584ca4 IntersectRect
0x584ca8 InsertMenuItemW
0x584cac InsertMenuW
0x584cb0 InflateRect
0x584cb4 GetWindowThreadProcessId
0x584cb8 GetWindowTextW
0x584cbc GetWindowRect
0x584cc0 GetWindowPlacement
0x584cc4 GetWindowLongW
0x584cc8 GetWindowDC
0x584ccc GetTopWindow
0x584cd0 GetSystemMetrics
0x584cd4 GetSystemMenu
0x584cd8 GetSysColorBrush
0x584cdc GetSysColor
0x584ce0 GetSubMenu
0x584ce4 GetScrollRange
0x584ce8 GetScrollPos
0x584cec GetScrollInfo
0x584cf0 GetPropW
0x584cf4 GetParent
0x584cf8 GetWindow
0x584cfc GetMessagePos
0x584d00 GetMessageW
0x584d04 GetMenuStringW
0x584d08 GetMenuState
0x584d0c GetMenuItemInfoW
0x584d10 GetMenuItemID
0x584d14 GetMenuItemCount
0x584d18 GetMenu
0x584d1c GetLastActivePopup
0x584d20 GetKeyboardState
0x584d24 GetKeyboardLayoutNameW
0x584d28 GetKeyboardLayoutList
0x584d2c GetKeyboardLayout
0x584d30 GetKeyState
0x584d34 GetKeyNameTextW
0x584d38 GetIconInfo
0x584d3c GetForegroundWindow
0x584d40 GetFocus
0x584d44 GetDesktopWindow
0x584d48 GetDCEx
0x584d4c GetDC
0x584d50 GetCursorPos
0x584d54 GetCursor
0x584d58 GetClientRect
0x584d5c GetClassLongW
0x584d60 GetClassInfoW
0x584d64 GetCapture
0x584d68 GetActiveWindow
0x584d6c FrameRect
0x584d70 FindWindowExW
0x584d74 FindWindowW
0x584d78 FillRect
0x584d7c ExitWindowsEx
0x584d80 EnumWindows
0x584d84 EnumThreadWindows
0x584d88 EnumChildWindows
0x584d8c EndPaint
0x584d90 EnableWindow
0x584d94 EnableScrollBar
0x584d98 EnableMenuItem
0x584d9c DrawTextExW
0x584da0 DrawTextW
0x584da4 DrawMenuBar
0x584da8 DrawIconEx
0x584dac DrawIcon
0x584db0 DrawFrameControl
0x584db4 DrawFocusRect
0x584db8 DrawEdge
0x584dbc DispatchMessageA
0x584dc0 DispatchMessageW
0x584dc4 DestroyWindow
0x584dc8 DestroyMenu
0x584dcc DestroyIcon
0x584dd0 DestroyCursor
0x584dd4 DeleteMenu
0x584dd8 DefWindowProcW
0x584ddc DefMDIChildProcW
0x584de0 DefFrameProcW
0x584de4 CreatePopupMenu
0x584de8 CreateMenu
0x584dec CreateIcon
0x584df0 ClientToScreen
0x584df4 CheckMenuItem
0x584df8 CharUpperBuffW
0x584dfc CharNextW
0x584e00 CharLowerBuffW
0x584e04 CharLowerW
0x584e08 CallWindowProcW
0x584e0c CallNextHookEx
0x584e10 BringWindowToTop
0x584e14 BeginPaint
0x584e18 AppendMenuW
0x584e1c CharToOemBuffA
0x584e20 AdjustWindowRectEx
0x584e24 ActivateKeyboardLayout
msimg32.dll
0x584e2c AlphaBlend
gdi32.dll
0x584e34 UnrealizeObject
0x584e38 StretchBlt
0x584e3c SetWindowOrgEx
0x584e40 SetViewportOrgEx
0x584e44 SetTextColor
0x584e48 SetStretchBltMode
0x584e4c SetROP2
0x584e50 SetPixel
0x584e54 SetDIBColorTable
0x584e58 SetBrushOrgEx
0x584e5c SetBkMode
0x584e60 SetBkColor
0x584e64 SelectPalette
0x584e68 SelectObject
0x584e6c SaveDC
0x584e70 RoundRect
0x584e74 RestoreDC
0x584e78 RemoveFontResourceW
0x584e7c Rectangle
0x584e80 RectVisible
0x584e84 RealizePalette
0x584e88 Polyline
0x584e8c Pie
0x584e90 PatBlt
0x584e94 MoveToEx
0x584e98 MaskBlt
0x584e9c LineTo
0x584ea0 LineDDA
0x584ea4 IntersectClipRect
0x584ea8 GetWindowOrgEx
0x584eac GetTextMetricsW
0x584eb0 GetTextExtentPointW
0x584eb4 GetTextExtentPoint32W
0x584eb8 GetSystemPaletteEntries
0x584ebc GetStockObject
0x584ec0 GetRgnBox
0x584ec4 GetPixel
0x584ec8 GetPaletteEntries
0x584ecc GetObjectW
0x584ed0 GetDeviceCaps
0x584ed4 GetDIBits
0x584ed8 GetDIBColorTable
0x584edc GetDCOrgEx
0x584ee0 GetCurrentPositionEx
0x584ee4 GetClipBox
0x584ee8 GetBrushOrgEx
0x584eec GetBitmapBits
0x584ef0 GdiFlush
0x584ef4 FrameRgn
0x584ef8 ExtTextOutW
0x584efc ExtFloodFill
0x584f00 ExcludeClipRect
0x584f04 EnumFontsW
0x584f08 Ellipse
0x584f0c DeleteObject
0x584f10 DeleteDC
0x584f14 CreateSolidBrush
0x584f18 CreateRectRgn
0x584f1c CreatePenIndirect
0x584f20 CreatePalette
0x584f24 CreateHalftonePalette
0x584f28 CreateFontIndirectW
0x584f2c CreateDIBitmap
0x584f30 CreateDIBSection
0x584f34 CreateCompatibleDC
0x584f38 CreateCompatibleBitmap
0x584f3c CreateBrushIndirect
0x584f40 CreateBitmap
0x584f44 Chord
0x584f48 BitBlt
0x584f4c Arc
0x584f50 AddFontResourceW
version.dll
0x584f58 VerQueryValueW
0x584f5c GetFileVersionInfoSizeW
0x584f60 GetFileVersionInfoW
mpr.dll
0x584f68 WNetOpenEnumW
0x584f6c WNetGetUniversalNameW
0x584f70 WNetGetConnectionW
0x584f74 WNetEnumResourceW
0x584f78 WNetCloseEnum
kernel32.dll
0x584f80 lstrcpyW
0x584f84 lstrcmpW
0x584f88 WriteProfileStringW
0x584f8c WritePrivateProfileStringW
0x584f90 WriteFile
0x584f94 WideCharToMultiByte
0x584f98 WaitForSingleObject
0x584f9c WaitForMultipleObjectsEx
0x584fa0 VirtualQueryEx
0x584fa4 VirtualQuery
0x584fa8 VirtualFree
0x584fac VirtualAlloc
0x584fb0 TransactNamedPipe
0x584fb4 TerminateProcess
0x584fb8 SwitchToThread
0x584fbc SizeofResource
0x584fc0 SignalObjectAndWait
0x584fc4 SetThreadLocale
0x584fc8 SetNamedPipeHandleState
0x584fcc SetLastError
0x584fd0 SetFileTime
0x584fd4 SetFilePointer
0x584fd8 SetFileAttributesW
0x584fdc SetEvent
0x584fe0 SetErrorMode
0x584fe4 SetEndOfFile
0x584fe8 SetCurrentDirectoryW
0x584fec ResumeThread
0x584ff0 ResetEvent
0x584ff4 RemoveDirectoryW
0x584ff8 ReleaseMutex
0x584ffc ReadFile
0x585000 QueryPerformanceCounter
0x585004 OpenProcess
0x585008 OpenMutexW
0x58500c MultiByteToWideChar
0x585010 MulDiv
0x585014 MoveFileExW
0x585018 MoveFileW
0x58501c LockResource
0x585020 LocalFree
0x585024 LocalFileTimeToFileTime
0x585028 LoadResource
0x58502c LoadLibraryExW
0x585030 LoadLibraryW
0x585034 LeaveCriticalSection
0x585038 IsDBCSLeadByte
0x58503c IsBadWritePtr
0x585040 InitializeCriticalSection
0x585044 GlobalFindAtomW
0x585048 GlobalDeleteAtom
0x58504c GlobalAddAtomW
0x585050 GetWindowsDirectoryW
0x585054 GetVersionExW
0x585058 GetVersion
0x58505c GetUserDefaultLangID
0x585060 GetTickCount
0x585064 GetThreadLocale
0x585068 GetSystemTimeAsFileTime
0x58506c GetSystemInfo
0x585070 GetSystemDirectoryW
0x585074 GetStdHandle
0x585078 GetShortPathNameW
0x58507c GetProfileStringW
0x585080 GetProcAddress
0x585084 GetPrivateProfileStringW
0x585088 GetOverlappedResult
0x58508c GetModuleHandleW
0x585090 GetModuleFileNameW
0x585094 GetLogicalDrives
0x585098 GetLocaleInfoW
0x58509c GetLocalTime
0x5850a0 GetLastError
0x5850a4 GetFullPathNameW
0x5850a8 GetFileSize
0x5850ac GetFileAttributesW
0x5850b0 GetExitCodeThread
0x5850b4 GetExitCodeProcess
0x5850b8 GetEnvironmentVariableW
0x5850bc GetDriveTypeW
0x5850c0 GetDiskFreeSpaceW
0x5850c4 GetDateFormatW
0x5850c8 GetCurrentThreadId
0x5850cc GetCurrentThread
0x5850d0 GetCurrentProcessId
0x5850d4 GetCurrentProcess
0x5850d8 GetCurrentDirectoryW
0x5850dc GetComputerNameW
0x5850e0 GetCommandLineW
0x5850e4 GetCPInfo
0x5850e8 FreeResource
0x5850ec InterlockedIncrement
0x5850f0 InterlockedExchangeAdd
0x5850f4 InterlockedExchange
0x5850f8 InterlockedDecrement
0x5850fc InterlockedCompareExchange
0x585100 FreeLibrary
0x585104 FormatMessageW
0x585108 FlushFileBuffers
0x58510c FindResourceW
0x585110 FindNextFileW
0x585114 FindFirstFileW
0x585118 FindClose
0x58511c FileTimeToSystemTime
0x585120 FileTimeToLocalFileTime
0x585124 EnumCalendarInfoW
0x585128 EnterCriticalSection
0x58512c DeviceIoControl
0x585130 DeleteFileW
0x585134 DeleteCriticalSection
0x585138 CreateThread
0x58513c CreateProcessW
0x585140 CreateNamedPipeW
0x585144 CreateMutexW
0x585148 CreateFileW
0x58514c CreateEventW
0x585150 CreateDirectoryW
0x585154 CopyFileW
0x585158 CompareStringW
0x58515c CompareFileTime
0x585160 CloseHandle
advapi32.dll
0x585168 SetSecurityDescriptorDacl
0x58516c RegSetValueExW
0x585170 RegQueryValueExW
0x585174 RegQueryInfoKeyW
0x585178 RegOpenKeyExW
0x58517c RegFlushKey
0x585180 RegEnumValueW
0x585184 RegEnumKeyExW
0x585188 RegDeleteValueW
0x58518c RegDeleteKeyW
0x585190 RegCreateKeyExW
0x585194 RegCloseKey
0x585198 OpenThreadToken
0x58519c OpenProcessToken
0x5851a0 LookupPrivilegeValueW
0x5851a4 InitializeSecurityDescriptor
0x5851a8 GetUserNameW
0x5851ac GetTokenInformation
0x5851b0 FreeSid
0x5851b4 EqualSid
0x5851b8 AllocateAndInitializeSid
kernel32.dll
0x5851c0 Sleep
comctl32.dll
0x5851c8 InitCommonControls
oleaut32.dll
0x5851d0 GetErrorInfo
0x5851d4 GetActiveObject
0x5851d8 RegisterTypeLib
0x5851dc LoadTypeLib
0x5851e0 SysFreeString
ole32.dll
0x5851e8 OleUninitialize
0x5851ec OleInitialize
0x5851f0 CoTaskMemFree
0x5851f4 CLSIDFromProgID
0x5851f8 CLSIDFromString
0x5851fc StringFromCLSID
0x585200 CoCreateInstance
0x585204 CoFreeUnusedLibraries
0x585208 CoUninitialize
0x58520c CoInitialize
0x585210 IsEqualGUID
oleaut32.dll
0x585218 SafeArrayPtrOfIndex
0x58521c SafeArrayPutElement
0x585220 SafeArrayGetElement
0x585224 SafeArrayGetUBound
0x585228 SafeArrayGetLBound
0x58522c SafeArrayCreate
0x585230 VariantChangeType
0x585234 VariantCopyInd
0x585238 VariantCopy
0x58523c VariantClear
0x585240 VariantInit
comctl32.dll
0x585248 InitializeFlatSB
0x58524c FlatSB_SetScrollProp
0x585250 FlatSB_SetScrollPos
0x585254 FlatSB_SetScrollInfo
0x585258 FlatSB_GetScrollPos
0x58525c FlatSB_GetScrollInfo
0x585260 _TrackMouseEvent
0x585264 ImageList_SetIconSize
0x585268 ImageList_GetIconSize
0x58526c ImageList_Write
0x585270 ImageList_Read
0x585274 ImageList_GetDragImage
0x585278 ImageList_DragShowNolock
0x58527c ImageList_DragMove
0x585280 ImageList_DragLeave
0x585284 ImageList_DragEnter
0x585288 ImageList_EndDrag
0x58528c ImageList_BeginDrag
0x585290 ImageList_Remove
0x585294 ImageList_DrawEx
0x585298 ImageList_Draw
0x58529c ImageList_GetBkColor
0x5852a0 ImageList_SetBkColor
0x5852a4 ImageList_Add
0x5852a8 ImageList_SetImageCount
0x5852ac ImageList_GetImageCount
0x5852b0 ImageList_Destroy
0x5852b4 ImageList_Create
0x5852b8 InitCommonControls
shell32.dll
0x5852c0 ShellExecuteExW
0x5852c4 ShellExecuteW
0x5852c8 SHGetFileInfoW
0x5852cc ExtractIconW
shell32.dll
0x5852d4 SHGetPathFromIDListW
0x5852d8 SHGetMalloc
0x5852dc SHChangeNotify
0x5852e0 SHBrowseForFolderW
comdlg32.dll
0x5852e8 GetSaveFileNameW
0x5852ec GetOpenFileNameW
ole32.dll
0x5852f4 CoDisconnectObject
oleaut32.dll
0x5852fc SysFreeString
advapi32.dll
0x585304 AdjustTokenPrivileges
EAT(Export Address Table) is none