ScreenShot
| Created | 2021.07.14 17:00 | Machine | s1_win7_x6401 |
| Filename | rc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (malicious, high confidence, GenericKD, Fareit, Unsafe, confidence, Delf, Eldorado, EPSR, AveMaria, PWSX, Inject4, kcloud, DelfInject, score, R430971, ZelphiF, YGX@aGLEHdci, ai score=82, TScope, BitRAT, Generic@ML, RDMK, zg5psnsRqThCX4r1JjoQw, susgen, EPMJ, GdSda, HgIASYUA) | ||
| md5 | 0d1a243f89e21f7c54a6210e5aa36d69 | ||
| sha256 | fff4247394bb0e5f9ad20e8c3f00903a82562ae9eecf701447914bd744b0e61c | ||
| ssdeep | 12288:PXjVVvgR6lgIdw67J0/BVEULCi/FKGI9isgfDeuPqOeAM:PXjfrR+6dwJLxsr9isgfKPb | ||
| imphash | 81b44cc9bb38ca599d2bb46a023cd8f4 | ||
| impfuzzy | 192:334I8k1sTQ3QbuuAxSUvK9yqooqEXA72POQRfDo:33h1sHAq9AEPOQF8 | ||
Network IP location
Signature (29cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | Executed a process and injected code into it |
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| warning | Generates some ICMP traffic |
| watch | A process attempted to delay the analysis task. |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Deletes executed files from disk |
| watch | Installs an hook procedure to monitor for mouse events |
| watch | Installs itself for autorun at Windows startup |
| watch | Looks for the Windows Idle Time to determine the uptime |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x48a140 DeleteCriticalSection
0x48a144 LeaveCriticalSection
0x48a148 EnterCriticalSection
0x48a14c InitializeCriticalSection
0x48a150 VirtualFree
0x48a154 VirtualAlloc
0x48a158 LocalFree
0x48a15c LocalAlloc
0x48a160 GetTickCount
0x48a164 QueryPerformanceCounter
0x48a168 GetVersion
0x48a16c GetCurrentThreadId
0x48a170 InterlockedDecrement
0x48a174 InterlockedIncrement
0x48a178 VirtualQuery
0x48a17c WideCharToMultiByte
0x48a180 MultiByteToWideChar
0x48a184 lstrlenA
0x48a188 lstrcpynA
0x48a18c LoadLibraryExA
0x48a190 GetThreadLocale
0x48a194 GetStartupInfoA
0x48a198 GetProcAddress
0x48a19c GetModuleHandleA
0x48a1a0 GetModuleFileNameA
0x48a1a4 GetLocaleInfoA
0x48a1a8 GetLastError
0x48a1ac GetCommandLineA
0x48a1b0 FreeLibrary
0x48a1b4 FindFirstFileA
0x48a1b8 FindClose
0x48a1bc ExitProcess
0x48a1c0 WriteFile
0x48a1c4 UnhandledExceptionFilter
0x48a1c8 SetFilePointer
0x48a1cc SetEndOfFile
0x48a1d0 RtlUnwind
0x48a1d4 ReadFile
0x48a1d8 RaiseException
0x48a1dc GetStdHandle
0x48a1e0 GetFileSize
0x48a1e4 GetFileType
0x48a1e8 CreateFileA
0x48a1ec CloseHandle
user32.dll
0x48a1f4 GetKeyboardType
0x48a1f8 LoadStringA
0x48a1fc MessageBoxA
0x48a200 CharNextA
advapi32.dll
0x48a208 RegQueryValueExA
0x48a20c RegOpenKeyExA
0x48a210 RegCloseKey
oleaut32.dll
0x48a218 SysFreeString
0x48a21c SysReAllocStringLen
0x48a220 SysAllocStringLen
kernel32.dll
0x48a228 TlsSetValue
0x48a22c TlsGetValue
0x48a230 LocalAlloc
0x48a234 GetModuleHandleA
advapi32.dll
0x48a23c RegQueryValueExA
0x48a240 RegOpenKeyExA
0x48a244 RegCloseKey
kernel32.dll
0x48a24c lstrcpyA
0x48a250 lstrcmpiA
0x48a254 WriteFile
0x48a258 WaitForSingleObject
0x48a25c VirtualQuery
0x48a260 VirtualProtect
0x48a264 VirtualAlloc
0x48a268 Sleep
0x48a26c SizeofResource
0x48a270 SetThreadLocale
0x48a274 SetFilePointer
0x48a278 SetEvent
0x48a27c SetErrorMode
0x48a280 SetEndOfFile
0x48a284 ResetEvent
0x48a288 ReadFile
0x48a28c MulDiv
0x48a290 LockResource
0x48a294 LoadResource
0x48a298 LoadLibraryA
0x48a29c LeaveCriticalSection
0x48a2a0 InitializeCriticalSection
0x48a2a4 GlobalUnlock
0x48a2a8 GlobalSize
0x48a2ac GlobalReAlloc
0x48a2b0 GlobalHandle
0x48a2b4 GlobalLock
0x48a2b8 GlobalFree
0x48a2bc GlobalFindAtomA
0x48a2c0 GlobalDeleteAtom
0x48a2c4 GlobalAlloc
0x48a2c8 GlobalAddAtomA
0x48a2cc GetVersionExA
0x48a2d0 GetVersion
0x48a2d4 GetTickCount
0x48a2d8 GetThreadLocale
0x48a2dc GetSystemInfo
0x48a2e0 GetStringTypeExA
0x48a2e4 GetStdHandle
0x48a2e8 GetProfileStringA
0x48a2ec GetProcAddress
0x48a2f0 GetModuleHandleA
0x48a2f4 GetModuleFileNameA
0x48a2f8 GetLocaleInfoA
0x48a2fc GetLocalTime
0x48a300 GetLastError
0x48a304 GetFullPathNameA
0x48a308 GetDiskFreeSpaceA
0x48a30c GetDateFormatA
0x48a310 GetCurrentThreadId
0x48a314 GetCurrentProcessId
0x48a318 GetCPInfo
0x48a31c GetACP
0x48a320 FreeResource
0x48a324 InterlockedExchange
0x48a328 FreeLibrary
0x48a32c FormatMessageA
0x48a330 FindResourceA
0x48a334 FindFirstFileA
0x48a338 FindClose
0x48a33c FileTimeToLocalFileTime
0x48a340 FileTimeToDosDateTime
0x48a344 EnumCalendarInfoA
0x48a348 EnterCriticalSection
0x48a34c DeleteFileA
0x48a350 DeleteCriticalSection
0x48a354 CreateThread
0x48a358 CreateFileA
0x48a35c CreateEventA
0x48a360 CompareStringA
0x48a364 CloseHandle
version.dll
0x48a36c VerQueryValueA
0x48a370 GetFileVersionInfoSizeA
0x48a374 GetFileVersionInfoA
gdi32.dll
0x48a37c UnrealizeObject
0x48a380 StretchBlt
0x48a384 SetWindowOrgEx
0x48a388 SetWinMetaFileBits
0x48a38c SetViewportOrgEx
0x48a390 SetTextColor
0x48a394 SetTextAlign
0x48a398 SetStretchBltMode
0x48a39c SetROP2
0x48a3a0 SetPixel
0x48a3a4 SetGraphicsMode
0x48a3a8 SetEnhMetaFileBits
0x48a3ac SetDIBColorTable
0x48a3b0 SetBrushOrgEx
0x48a3b4 SetBkMode
0x48a3b8 SetBkColor
0x48a3bc SelectPalette
0x48a3c0 SelectObject
0x48a3c4 SelectClipRgn
0x48a3c8 SaveDC
0x48a3cc RestoreDC
0x48a3d0 Rectangle
0x48a3d4 RectVisible
0x48a3d8 RealizePalette
0x48a3dc PtInRegion
0x48a3e0 Polygon
0x48a3e4 PlayEnhMetaFile
0x48a3e8 PatBlt
0x48a3ec MoveToEx
0x48a3f0 MaskBlt
0x48a3f4 LineTo
0x48a3f8 IntersectClipRect
0x48a3fc GetWindowOrgEx
0x48a400 GetWinMetaFileBits
0x48a404 GetTextMetricsA
0x48a408 GetTextExtentPointA
0x48a40c GetTextExtentPoint32A
0x48a410 GetTextAlign
0x48a414 GetSystemPaletteEntries
0x48a418 GetStockObject
0x48a41c GetRgnBox
0x48a420 GetPixel
0x48a424 GetPaletteEntries
0x48a428 GetObjectA
0x48a42c GetEnhMetaFilePaletteEntries
0x48a430 GetEnhMetaFileHeader
0x48a434 GetEnhMetaFileBits
0x48a438 GetDeviceCaps
0x48a43c GetDIBits
0x48a440 GetDIBColorTable
0x48a444 GetDCOrgEx
0x48a448 GetCurrentPositionEx
0x48a44c GetClipBox
0x48a450 GetBrushOrgEx
0x48a454 GetBitmapBits
0x48a458 GdiFlush
0x48a45c ExtTextOutA
0x48a460 ExcludeClipRect
0x48a464 EndPage
0x48a468 EndDoc
0x48a46c Ellipse
0x48a470 DeleteObject
0x48a474 DeleteEnhMetaFile
0x48a478 DeleteDC
0x48a47c CreateSolidBrush
0x48a480 CreateRectRgn
0x48a484 CreatePolygonRgn
0x48a488 CreatePenIndirect
0x48a48c CreatePalette
0x48a490 CreateICA
0x48a494 CreateHalftonePalette
0x48a498 CreateFontIndirectA
0x48a49c CreateEllipticRgn
0x48a4a0 CreateDIBitmap
0x48a4a4 CreateDIBSection
0x48a4a8 CreateDCA
0x48a4ac CreateCompatibleDC
0x48a4b0 CreateCompatibleBitmap
0x48a4b4 CreateBrushIndirect
0x48a4b8 CreateBitmap
0x48a4bc CopyEnhMetaFileA
0x48a4c0 BitBlt
user32.dll
0x48a4c8 CreateWindowExA
0x48a4cc WindowFromPoint
0x48a4d0 WinHelpA
0x48a4d4 WaitMessage
0x48a4d8 UpdateWindow
0x48a4dc UnregisterClassA
0x48a4e0 UnhookWindowsHookEx
0x48a4e4 TranslateMessage
0x48a4e8 TranslateMDISysAccel
0x48a4ec TrackPopupMenu
0x48a4f0 SystemParametersInfoA
0x48a4f4 ShowWindow
0x48a4f8 ShowScrollBar
0x48a4fc ShowOwnedPopups
0x48a500 ShowCursor
0x48a504 SetWindowsHookExA
0x48a508 SetWindowTextA
0x48a50c SetWindowPos
0x48a510 SetWindowPlacement
0x48a514 SetWindowLongA
0x48a518 SetTimer
0x48a51c SetScrollRange
0x48a520 SetScrollPos
0x48a524 SetScrollInfo
0x48a528 SetRect
0x48a52c SetPropA
0x48a530 SetParent
0x48a534 SetMenuItemInfoA
0x48a538 SetMenu
0x48a53c SetForegroundWindow
0x48a540 SetFocus
0x48a544 SetCursor
0x48a548 SetClipboardData
0x48a54c SetClassLongA
0x48a550 SetCapture
0x48a554 SetActiveWindow
0x48a558 SendMessageA
0x48a55c ScrollWindow
0x48a560 ScreenToClient
0x48a564 RemovePropA
0x48a568 RemoveMenu
0x48a56c ReleaseDC
0x48a570 ReleaseCapture
0x48a574 RegisterWindowMessageA
0x48a578 RegisterClipboardFormatA
0x48a57c RegisterClassA
0x48a580 RedrawWindow
0x48a584 PtInRect
0x48a588 PostQuitMessage
0x48a58c PostMessageA
0x48a590 PeekMessageA
0x48a594 OpenClipboard
0x48a598 OffsetRect
0x48a59c OemToCharA
0x48a5a0 MessageBoxA
0x48a5a4 MessageBeep
0x48a5a8 MapWindowPoints
0x48a5ac MapVirtualKeyA
0x48a5b0 LoadStringA
0x48a5b4 LoadKeyboardLayoutA
0x48a5b8 LoadIconA
0x48a5bc LoadCursorA
0x48a5c0 LoadBitmapA
0x48a5c4 KillTimer
0x48a5c8 IsZoomed
0x48a5cc IsWindowVisible
0x48a5d0 IsWindowEnabled
0x48a5d4 IsWindow
0x48a5d8 IsRectEmpty
0x48a5dc IsIconic
0x48a5e0 IsDialogMessageA
0x48a5e4 IsChild
0x48a5e8 InvalidateRect
0x48a5ec IntersectRect
0x48a5f0 InsertMenuItemA
0x48a5f4 InsertMenuA
0x48a5f8 InflateRect
0x48a5fc GetWindowThreadProcessId
0x48a600 GetWindowTextA
0x48a604 GetWindowRect
0x48a608 GetWindowPlacement
0x48a60c GetWindowLongA
0x48a610 GetWindowDC
0x48a614 GetTopWindow
0x48a618 GetSystemMetrics
0x48a61c GetSystemMenu
0x48a620 GetSysColorBrush
0x48a624 GetSysColor
0x48a628 GetSubMenu
0x48a62c GetScrollRange
0x48a630 GetScrollPos
0x48a634 GetScrollInfo
0x48a638 GetPropA
0x48a63c GetParent
0x48a640 GetWindow
0x48a644 GetMenuStringA
0x48a648 GetMenuState
0x48a64c GetMenuItemInfoA
0x48a650 GetMenuItemID
0x48a654 GetMenuItemCount
0x48a658 GetMenu
0x48a65c GetLastActivePopup
0x48a660 GetKeyboardState
0x48a664 GetKeyboardLayoutList
0x48a668 GetKeyboardLayout
0x48a66c GetKeyState
0x48a670 GetKeyNameTextA
0x48a674 GetIconInfo
0x48a678 GetForegroundWindow
0x48a67c GetFocus
0x48a680 GetDesktopWindow
0x48a684 GetDCEx
0x48a688 GetDC
0x48a68c GetCursorPos
0x48a690 GetCursor
0x48a694 GetClipboardData
0x48a698 GetClientRect
0x48a69c GetClassNameA
0x48a6a0 GetClassInfoA
0x48a6a4 GetCapture
0x48a6a8 GetActiveWindow
0x48a6ac FrameRect
0x48a6b0 FindWindowA
0x48a6b4 FillRect
0x48a6b8 EqualRect
0x48a6bc EnumWindows
0x48a6c0 EnumThreadWindows
0x48a6c4 EndPaint
0x48a6c8 EnableWindow
0x48a6cc EnableScrollBar
0x48a6d0 EnableMenuItem
0x48a6d4 EmptyClipboard
0x48a6d8 DrawTextA
0x48a6dc DrawMenuBar
0x48a6e0 DrawIconEx
0x48a6e4 DrawIcon
0x48a6e8 DrawFrameControl
0x48a6ec DrawEdge
0x48a6f0 DispatchMessageA
0x48a6f4 DestroyWindow
0x48a6f8 DestroyMenu
0x48a6fc DestroyIcon
0x48a700 DestroyCursor
0x48a704 DeleteMenu
0x48a708 DefWindowProcA
0x48a70c DefMDIChildProcA
0x48a710 DefFrameProcA
0x48a714 CreatePopupMenu
0x48a718 CreateMenu
0x48a71c CreateIcon
0x48a720 CloseClipboard
0x48a724 ClipCursor
0x48a728 ClientToScreen
0x48a72c CheckMenuItem
0x48a730 CallWindowProcA
0x48a734 CallNextHookEx
0x48a738 BeginPaint
0x48a73c CharNextA
0x48a740 CharLowerBuffA
0x48a744 CharLowerA
0x48a748 CharUpperBuffA
0x48a74c CharToOemA
0x48a750 AdjustWindowRectEx
0x48a754 ActivateKeyboardLayout
kernel32.dll
0x48a75c Sleep
oleaut32.dll
0x48a764 SafeArrayPtrOfIndex
0x48a768 SafeArrayGetUBound
0x48a76c SafeArrayGetLBound
0x48a770 SafeArrayCreate
0x48a774 VariantChangeType
0x48a778 VariantCopy
0x48a77c VariantClear
0x48a780 VariantInit
comctl32.dll
0x48a788 ImageList_SetIconSize
0x48a78c ImageList_GetIconSize
0x48a790 ImageList_Write
0x48a794 ImageList_Read
0x48a798 ImageList_GetDragImage
0x48a79c ImageList_DragShowNolock
0x48a7a0 ImageList_SetDragCursorImage
0x48a7a4 ImageList_DragMove
0x48a7a8 ImageList_DragLeave
0x48a7ac ImageList_DragEnter
0x48a7b0 ImageList_EndDrag
0x48a7b4 ImageList_BeginDrag
0x48a7b8 ImageList_Remove
0x48a7bc ImageList_DrawEx
0x48a7c0 ImageList_Draw
0x48a7c4 ImageList_GetBkColor
0x48a7c8 ImageList_SetBkColor
0x48a7cc ImageList_ReplaceIcon
0x48a7d0 ImageList_Add
0x48a7d4 ImageList_SetImageCount
0x48a7d8 ImageList_GetImageCount
0x48a7dc ImageList_Destroy
0x48a7e0 ImageList_Create
0x48a7e4 InitCommonControls
winspool.drv
0x48a7ec OpenPrinterA
0x48a7f0 EnumPrintersA
0x48a7f4 DocumentPropertiesA
0x48a7f8 ClosePrinter
comdlg32.dll
0x48a800 PrintDlgA
EAT(Export Address Table) is none
kernel32.dll
0x48a140 DeleteCriticalSection
0x48a144 LeaveCriticalSection
0x48a148 EnterCriticalSection
0x48a14c InitializeCriticalSection
0x48a150 VirtualFree
0x48a154 VirtualAlloc
0x48a158 LocalFree
0x48a15c LocalAlloc
0x48a160 GetTickCount
0x48a164 QueryPerformanceCounter
0x48a168 GetVersion
0x48a16c GetCurrentThreadId
0x48a170 InterlockedDecrement
0x48a174 InterlockedIncrement
0x48a178 VirtualQuery
0x48a17c WideCharToMultiByte
0x48a180 MultiByteToWideChar
0x48a184 lstrlenA
0x48a188 lstrcpynA
0x48a18c LoadLibraryExA
0x48a190 GetThreadLocale
0x48a194 GetStartupInfoA
0x48a198 GetProcAddress
0x48a19c GetModuleHandleA
0x48a1a0 GetModuleFileNameA
0x48a1a4 GetLocaleInfoA
0x48a1a8 GetLastError
0x48a1ac GetCommandLineA
0x48a1b0 FreeLibrary
0x48a1b4 FindFirstFileA
0x48a1b8 FindClose
0x48a1bc ExitProcess
0x48a1c0 WriteFile
0x48a1c4 UnhandledExceptionFilter
0x48a1c8 SetFilePointer
0x48a1cc SetEndOfFile
0x48a1d0 RtlUnwind
0x48a1d4 ReadFile
0x48a1d8 RaiseException
0x48a1dc GetStdHandle
0x48a1e0 GetFileSize
0x48a1e4 GetFileType
0x48a1e8 CreateFileA
0x48a1ec CloseHandle
user32.dll
0x48a1f4 GetKeyboardType
0x48a1f8 LoadStringA
0x48a1fc MessageBoxA
0x48a200 CharNextA
advapi32.dll
0x48a208 RegQueryValueExA
0x48a20c RegOpenKeyExA
0x48a210 RegCloseKey
oleaut32.dll
0x48a218 SysFreeString
0x48a21c SysReAllocStringLen
0x48a220 SysAllocStringLen
kernel32.dll
0x48a228 TlsSetValue
0x48a22c TlsGetValue
0x48a230 LocalAlloc
0x48a234 GetModuleHandleA
advapi32.dll
0x48a23c RegQueryValueExA
0x48a240 RegOpenKeyExA
0x48a244 RegCloseKey
kernel32.dll
0x48a24c lstrcpyA
0x48a250 lstrcmpiA
0x48a254 WriteFile
0x48a258 WaitForSingleObject
0x48a25c VirtualQuery
0x48a260 VirtualProtect
0x48a264 VirtualAlloc
0x48a268 Sleep
0x48a26c SizeofResource
0x48a270 SetThreadLocale
0x48a274 SetFilePointer
0x48a278 SetEvent
0x48a27c SetErrorMode
0x48a280 SetEndOfFile
0x48a284 ResetEvent
0x48a288 ReadFile
0x48a28c MulDiv
0x48a290 LockResource
0x48a294 LoadResource
0x48a298 LoadLibraryA
0x48a29c LeaveCriticalSection
0x48a2a0 InitializeCriticalSection
0x48a2a4 GlobalUnlock
0x48a2a8 GlobalSize
0x48a2ac GlobalReAlloc
0x48a2b0 GlobalHandle
0x48a2b4 GlobalLock
0x48a2b8 GlobalFree
0x48a2bc GlobalFindAtomA
0x48a2c0 GlobalDeleteAtom
0x48a2c4 GlobalAlloc
0x48a2c8 GlobalAddAtomA
0x48a2cc GetVersionExA
0x48a2d0 GetVersion
0x48a2d4 GetTickCount
0x48a2d8 GetThreadLocale
0x48a2dc GetSystemInfo
0x48a2e0 GetStringTypeExA
0x48a2e4 GetStdHandle
0x48a2e8 GetProfileStringA
0x48a2ec GetProcAddress
0x48a2f0 GetModuleHandleA
0x48a2f4 GetModuleFileNameA
0x48a2f8 GetLocaleInfoA
0x48a2fc GetLocalTime
0x48a300 GetLastError
0x48a304 GetFullPathNameA
0x48a308 GetDiskFreeSpaceA
0x48a30c GetDateFormatA
0x48a310 GetCurrentThreadId
0x48a314 GetCurrentProcessId
0x48a318 GetCPInfo
0x48a31c GetACP
0x48a320 FreeResource
0x48a324 InterlockedExchange
0x48a328 FreeLibrary
0x48a32c FormatMessageA
0x48a330 FindResourceA
0x48a334 FindFirstFileA
0x48a338 FindClose
0x48a33c FileTimeToLocalFileTime
0x48a340 FileTimeToDosDateTime
0x48a344 EnumCalendarInfoA
0x48a348 EnterCriticalSection
0x48a34c DeleteFileA
0x48a350 DeleteCriticalSection
0x48a354 CreateThread
0x48a358 CreateFileA
0x48a35c CreateEventA
0x48a360 CompareStringA
0x48a364 CloseHandle
version.dll
0x48a36c VerQueryValueA
0x48a370 GetFileVersionInfoSizeA
0x48a374 GetFileVersionInfoA
gdi32.dll
0x48a37c UnrealizeObject
0x48a380 StretchBlt
0x48a384 SetWindowOrgEx
0x48a388 SetWinMetaFileBits
0x48a38c SetViewportOrgEx
0x48a390 SetTextColor
0x48a394 SetTextAlign
0x48a398 SetStretchBltMode
0x48a39c SetROP2
0x48a3a0 SetPixel
0x48a3a4 SetGraphicsMode
0x48a3a8 SetEnhMetaFileBits
0x48a3ac SetDIBColorTable
0x48a3b0 SetBrushOrgEx
0x48a3b4 SetBkMode
0x48a3b8 SetBkColor
0x48a3bc SelectPalette
0x48a3c0 SelectObject
0x48a3c4 SelectClipRgn
0x48a3c8 SaveDC
0x48a3cc RestoreDC
0x48a3d0 Rectangle
0x48a3d4 RectVisible
0x48a3d8 RealizePalette
0x48a3dc PtInRegion
0x48a3e0 Polygon
0x48a3e4 PlayEnhMetaFile
0x48a3e8 PatBlt
0x48a3ec MoveToEx
0x48a3f0 MaskBlt
0x48a3f4 LineTo
0x48a3f8 IntersectClipRect
0x48a3fc GetWindowOrgEx
0x48a400 GetWinMetaFileBits
0x48a404 GetTextMetricsA
0x48a408 GetTextExtentPointA
0x48a40c GetTextExtentPoint32A
0x48a410 GetTextAlign
0x48a414 GetSystemPaletteEntries
0x48a418 GetStockObject
0x48a41c GetRgnBox
0x48a420 GetPixel
0x48a424 GetPaletteEntries
0x48a428 GetObjectA
0x48a42c GetEnhMetaFilePaletteEntries
0x48a430 GetEnhMetaFileHeader
0x48a434 GetEnhMetaFileBits
0x48a438 GetDeviceCaps
0x48a43c GetDIBits
0x48a440 GetDIBColorTable
0x48a444 GetDCOrgEx
0x48a448 GetCurrentPositionEx
0x48a44c GetClipBox
0x48a450 GetBrushOrgEx
0x48a454 GetBitmapBits
0x48a458 GdiFlush
0x48a45c ExtTextOutA
0x48a460 ExcludeClipRect
0x48a464 EndPage
0x48a468 EndDoc
0x48a46c Ellipse
0x48a470 DeleteObject
0x48a474 DeleteEnhMetaFile
0x48a478 DeleteDC
0x48a47c CreateSolidBrush
0x48a480 CreateRectRgn
0x48a484 CreatePolygonRgn
0x48a488 CreatePenIndirect
0x48a48c CreatePalette
0x48a490 CreateICA
0x48a494 CreateHalftonePalette
0x48a498 CreateFontIndirectA
0x48a49c CreateEllipticRgn
0x48a4a0 CreateDIBitmap
0x48a4a4 CreateDIBSection
0x48a4a8 CreateDCA
0x48a4ac CreateCompatibleDC
0x48a4b0 CreateCompatibleBitmap
0x48a4b4 CreateBrushIndirect
0x48a4b8 CreateBitmap
0x48a4bc CopyEnhMetaFileA
0x48a4c0 BitBlt
user32.dll
0x48a4c8 CreateWindowExA
0x48a4cc WindowFromPoint
0x48a4d0 WinHelpA
0x48a4d4 WaitMessage
0x48a4d8 UpdateWindow
0x48a4dc UnregisterClassA
0x48a4e0 UnhookWindowsHookEx
0x48a4e4 TranslateMessage
0x48a4e8 TranslateMDISysAccel
0x48a4ec TrackPopupMenu
0x48a4f0 SystemParametersInfoA
0x48a4f4 ShowWindow
0x48a4f8 ShowScrollBar
0x48a4fc ShowOwnedPopups
0x48a500 ShowCursor
0x48a504 SetWindowsHookExA
0x48a508 SetWindowTextA
0x48a50c SetWindowPos
0x48a510 SetWindowPlacement
0x48a514 SetWindowLongA
0x48a518 SetTimer
0x48a51c SetScrollRange
0x48a520 SetScrollPos
0x48a524 SetScrollInfo
0x48a528 SetRect
0x48a52c SetPropA
0x48a530 SetParent
0x48a534 SetMenuItemInfoA
0x48a538 SetMenu
0x48a53c SetForegroundWindow
0x48a540 SetFocus
0x48a544 SetCursor
0x48a548 SetClipboardData
0x48a54c SetClassLongA
0x48a550 SetCapture
0x48a554 SetActiveWindow
0x48a558 SendMessageA
0x48a55c ScrollWindow
0x48a560 ScreenToClient
0x48a564 RemovePropA
0x48a568 RemoveMenu
0x48a56c ReleaseDC
0x48a570 ReleaseCapture
0x48a574 RegisterWindowMessageA
0x48a578 RegisterClipboardFormatA
0x48a57c RegisterClassA
0x48a580 RedrawWindow
0x48a584 PtInRect
0x48a588 PostQuitMessage
0x48a58c PostMessageA
0x48a590 PeekMessageA
0x48a594 OpenClipboard
0x48a598 OffsetRect
0x48a59c OemToCharA
0x48a5a0 MessageBoxA
0x48a5a4 MessageBeep
0x48a5a8 MapWindowPoints
0x48a5ac MapVirtualKeyA
0x48a5b0 LoadStringA
0x48a5b4 LoadKeyboardLayoutA
0x48a5b8 LoadIconA
0x48a5bc LoadCursorA
0x48a5c0 LoadBitmapA
0x48a5c4 KillTimer
0x48a5c8 IsZoomed
0x48a5cc IsWindowVisible
0x48a5d0 IsWindowEnabled
0x48a5d4 IsWindow
0x48a5d8 IsRectEmpty
0x48a5dc IsIconic
0x48a5e0 IsDialogMessageA
0x48a5e4 IsChild
0x48a5e8 InvalidateRect
0x48a5ec IntersectRect
0x48a5f0 InsertMenuItemA
0x48a5f4 InsertMenuA
0x48a5f8 InflateRect
0x48a5fc GetWindowThreadProcessId
0x48a600 GetWindowTextA
0x48a604 GetWindowRect
0x48a608 GetWindowPlacement
0x48a60c GetWindowLongA
0x48a610 GetWindowDC
0x48a614 GetTopWindow
0x48a618 GetSystemMetrics
0x48a61c GetSystemMenu
0x48a620 GetSysColorBrush
0x48a624 GetSysColor
0x48a628 GetSubMenu
0x48a62c GetScrollRange
0x48a630 GetScrollPos
0x48a634 GetScrollInfo
0x48a638 GetPropA
0x48a63c GetParent
0x48a640 GetWindow
0x48a644 GetMenuStringA
0x48a648 GetMenuState
0x48a64c GetMenuItemInfoA
0x48a650 GetMenuItemID
0x48a654 GetMenuItemCount
0x48a658 GetMenu
0x48a65c GetLastActivePopup
0x48a660 GetKeyboardState
0x48a664 GetKeyboardLayoutList
0x48a668 GetKeyboardLayout
0x48a66c GetKeyState
0x48a670 GetKeyNameTextA
0x48a674 GetIconInfo
0x48a678 GetForegroundWindow
0x48a67c GetFocus
0x48a680 GetDesktopWindow
0x48a684 GetDCEx
0x48a688 GetDC
0x48a68c GetCursorPos
0x48a690 GetCursor
0x48a694 GetClipboardData
0x48a698 GetClientRect
0x48a69c GetClassNameA
0x48a6a0 GetClassInfoA
0x48a6a4 GetCapture
0x48a6a8 GetActiveWindow
0x48a6ac FrameRect
0x48a6b0 FindWindowA
0x48a6b4 FillRect
0x48a6b8 EqualRect
0x48a6bc EnumWindows
0x48a6c0 EnumThreadWindows
0x48a6c4 EndPaint
0x48a6c8 EnableWindow
0x48a6cc EnableScrollBar
0x48a6d0 EnableMenuItem
0x48a6d4 EmptyClipboard
0x48a6d8 DrawTextA
0x48a6dc DrawMenuBar
0x48a6e0 DrawIconEx
0x48a6e4 DrawIcon
0x48a6e8 DrawFrameControl
0x48a6ec DrawEdge
0x48a6f0 DispatchMessageA
0x48a6f4 DestroyWindow
0x48a6f8 DestroyMenu
0x48a6fc DestroyIcon
0x48a700 DestroyCursor
0x48a704 DeleteMenu
0x48a708 DefWindowProcA
0x48a70c DefMDIChildProcA
0x48a710 DefFrameProcA
0x48a714 CreatePopupMenu
0x48a718 CreateMenu
0x48a71c CreateIcon
0x48a720 CloseClipboard
0x48a724 ClipCursor
0x48a728 ClientToScreen
0x48a72c CheckMenuItem
0x48a730 CallWindowProcA
0x48a734 CallNextHookEx
0x48a738 BeginPaint
0x48a73c CharNextA
0x48a740 CharLowerBuffA
0x48a744 CharLowerA
0x48a748 CharUpperBuffA
0x48a74c CharToOemA
0x48a750 AdjustWindowRectEx
0x48a754 ActivateKeyboardLayout
kernel32.dll
0x48a75c Sleep
oleaut32.dll
0x48a764 SafeArrayPtrOfIndex
0x48a768 SafeArrayGetUBound
0x48a76c SafeArrayGetLBound
0x48a770 SafeArrayCreate
0x48a774 VariantChangeType
0x48a778 VariantCopy
0x48a77c VariantClear
0x48a780 VariantInit
comctl32.dll
0x48a788 ImageList_SetIconSize
0x48a78c ImageList_GetIconSize
0x48a790 ImageList_Write
0x48a794 ImageList_Read
0x48a798 ImageList_GetDragImage
0x48a79c ImageList_DragShowNolock
0x48a7a0 ImageList_SetDragCursorImage
0x48a7a4 ImageList_DragMove
0x48a7a8 ImageList_DragLeave
0x48a7ac ImageList_DragEnter
0x48a7b0 ImageList_EndDrag
0x48a7b4 ImageList_BeginDrag
0x48a7b8 ImageList_Remove
0x48a7bc ImageList_DrawEx
0x48a7c0 ImageList_Draw
0x48a7c4 ImageList_GetBkColor
0x48a7c8 ImageList_SetBkColor
0x48a7cc ImageList_ReplaceIcon
0x48a7d0 ImageList_Add
0x48a7d4 ImageList_SetImageCount
0x48a7d8 ImageList_GetImageCount
0x48a7dc ImageList_Destroy
0x48a7e0 ImageList_Create
0x48a7e4 InitCommonControls
winspool.drv
0x48a7ec OpenPrinterA
0x48a7f0 EnumPrintersA
0x48a7f4 DocumentPropertiesA
0x48a7f8 ClosePrinter
comdlg32.dll
0x48a800 PrintDlgA
EAT(Export Address Table) is none