ScreenShot
| Created | 2021.07.21 08:39 | Machine | s1_win7_x6401 |
| Filename | gut.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (AIDetect, malware2, malicious, high confidence, QVM05, Unsafe, Attribute, HighConfidence, FileRepMalware, Generic ML PUA, score, Artemis, GenKryptik, DPIE, susgen) | ||
| md5 | af64a7df92d3f72407194dd17b013c86 | ||
| sha256 | 33b1629dc01123f78d568c7638f33ca6619834daad9866f666c00062920b13da | ||
| ssdeep | 12288:4szqT1gEnXaAbWRBOQW/xgYwRTtIvsECmW6l4l1G2YaNlRSsM7/Ssdpk6dz:4sOOSaAbWPOQWZ6ltIvy2AfSF764z | ||
| imphash | 25123f7d748b46edefb4a7db9e8db89d | ||
| impfuzzy | 192:oN3syeuuasSUvK9cpoHX8jBf7XcHGKsM1Q+POQHE:O38a599Ohw1vPOQk | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x491828 SysFreeString
0x49182c SysReAllocStringLen
0x491830 SysAllocStringLen
advapi32.dll
0x491838 RegQueryValueExA
0x49183c RegOpenKeyExA
0x491840 RegCloseKey
user32.dll
0x491848 GetKeyboardType
0x49184c DestroyWindow
0x491850 LoadStringA
0x491854 MessageBoxA
0x491858 CharNextA
kernel32.dll
0x491860 GetACP
0x491864 Sleep
0x491868 VirtualFree
0x49186c VirtualAlloc
0x491870 GetCurrentThreadId
0x491874 InterlockedDecrement
0x491878 InterlockedIncrement
0x49187c VirtualQuery
0x491880 WideCharToMultiByte
0x491884 MultiByteToWideChar
0x491888 lstrlenA
0x49188c lstrcpynA
0x491890 LoadLibraryExA
0x491894 GetThreadLocale
0x491898 GetStartupInfoA
0x49189c GetProcAddress
0x4918a0 GetModuleHandleA
0x4918a4 GetModuleFileNameA
0x4918a8 GetLocaleInfoA
0x4918ac GetLastError
0x4918b0 GetCommandLineA
0x4918b4 FreeLibrary
0x4918b8 FindFirstFileA
0x4918bc FindClose
0x4918c0 ExitProcess
0x4918c4 ExitThread
0x4918c8 CreateThread
0x4918cc CompareStringA
0x4918d0 WriteFile
0x4918d4 UnhandledExceptionFilter
0x4918d8 SetFilePointer
0x4918dc SetEndOfFile
0x4918e0 RtlUnwind
0x4918e4 ReadFile
0x4918e8 RaiseException
0x4918ec GetStdHandle
0x4918f0 GetFileSize
0x4918f4 GetFileType
0x4918f8 CreateFileA
0x4918fc CloseHandle
kernel32.dll
0x491904 TlsSetValue
0x491908 TlsGetValue
0x49190c LocalAlloc
0x491910 GetModuleHandleA
user32.dll
0x491918 CreateWindowExA
0x49191c WindowFromPoint
0x491920 WaitMessage
0x491924 ValidateRect
0x491928 UpdateWindow
0x49192c UnregisterClassA
0x491930 UnionRect
0x491934 UnhookWindowsHookEx
0x491938 TranslateMessage
0x49193c TranslateMDISysAccel
0x491940 TrackPopupMenu
0x491944 SystemParametersInfoA
0x491948 ShowWindow
0x49194c ShowScrollBar
0x491950 ShowOwnedPopups
0x491954 SetWindowsHookExA
0x491958 SetWindowTextA
0x49195c SetWindowPos
0x491960 SetWindowPlacement
0x491964 SetWindowLongW
0x491968 SetWindowLongA
0x49196c SetTimer
0x491970 SetScrollRange
0x491974 SetScrollPos
0x491978 SetScrollInfo
0x49197c SetRect
0x491980 SetPropA
0x491984 SetParent
0x491988 SetMenuItemInfoA
0x49198c SetMenu
0x491990 SetKeyboardState
0x491994 SetForegroundWindow
0x491998 SetFocus
0x49199c SetCursor
0x4919a0 SetClipboardData
0x4919a4 SetClassLongA
0x4919a8 SetCaretPos
0x4919ac SetCapture
0x4919b0 SetActiveWindow
0x4919b4 SendMessageW
0x4919b8 SendMessageA
0x4919bc ScrollWindowEx
0x4919c0 ScrollWindow
0x4919c4 ScreenToClient
0x4919c8 RemovePropA
0x4919cc RemoveMenu
0x4919d0 ReleaseDC
0x4919d4 ReleaseCapture
0x4919d8 RegisterWindowMessageA
0x4919dc RegisterClipboardFormatA
0x4919e0 RegisterClassA
0x4919e4 RedrawWindow
0x4919e8 PtInRect
0x4919ec PostQuitMessage
0x4919f0 PostMessageA
0x4919f4 PeekMessageW
0x4919f8 PeekMessageA
0x4919fc OpenClipboard
0x491a00 OffsetRect
0x491a04 OemToCharA
0x491a08 MsgWaitForMultipleObjects
0x491a0c MessageBoxA
0x491a10 MessageBeep
0x491a14 MapWindowPoints
0x491a18 MapVirtualKeyA
0x491a1c LoadStringA
0x491a20 LoadKeyboardLayoutA
0x491a24 LoadIconA
0x491a28 LoadCursorA
0x491a2c LoadBitmapA
0x491a30 KillTimer
0x491a34 IsZoomed
0x491a38 IsWindowVisible
0x491a3c IsWindowUnicode
0x491a40 IsWindowEnabled
0x491a44 IsWindow
0x491a48 IsRectEmpty
0x491a4c IsIconic
0x491a50 IsDialogMessageW
0x491a54 IsDialogMessageA
0x491a58 IsChild
0x491a5c IsCharAlphaNumericA
0x491a60 IsCharAlphaA
0x491a64 InvalidateRect
0x491a68 IntersectRect
0x491a6c InsertMenuItemA
0x491a70 InsertMenuA
0x491a74 InflateRect
0x491a78 GetWindowThreadProcessId
0x491a7c GetWindowTextA
0x491a80 GetWindowRect
0x491a84 GetWindowPlacement
0x491a88 GetWindowLongW
0x491a8c GetWindowLongA
0x491a90 GetWindowDC
0x491a94 GetTopWindow
0x491a98 GetSystemMetrics
0x491a9c GetSystemMenu
0x491aa0 GetSysColorBrush
0x491aa4 GetSysColor
0x491aa8 GetSubMenu
0x491aac GetScrollRange
0x491ab0 GetScrollPos
0x491ab4 GetScrollInfo
0x491ab8 GetPropA
0x491abc GetParent
0x491ac0 GetWindow
0x491ac4 GetMessageTime
0x491ac8 GetMessagePos
0x491acc GetMenuStringA
0x491ad0 GetMenuState
0x491ad4 GetMenuItemInfoA
0x491ad8 GetMenuItemID
0x491adc GetMenuItemCount
0x491ae0 GetMenu
0x491ae4 GetLastActivePopup
0x491ae8 GetKeyboardState
0x491aec GetKeyboardLayoutNameA
0x491af0 GetKeyboardLayoutList
0x491af4 GetKeyboardLayout
0x491af8 GetKeyState
0x491afc GetKeyNameTextA
0x491b00 GetIconInfo
0x491b04 GetForegroundWindow
0x491b08 GetFocus
0x491b0c GetDoubleClickTime
0x491b10 GetDlgItem
0x491b14 GetDesktopWindow
0x491b18 GetDCEx
0x491b1c GetDC
0x491b20 GetCursorPos
0x491b24 GetCursor
0x491b28 GetClipboardData
0x491b2c GetClientRect
0x491b30 GetClassLongA
0x491b34 GetClassInfoA
0x491b38 GetCaretPos
0x491b3c GetCapture
0x491b40 GetActiveWindow
0x491b44 FrameRect
0x491b48 FindWindowA
0x491b4c FillRect
0x491b50 EqualRect
0x491b54 EnumWindows
0x491b58 EnumThreadWindows
0x491b5c EnumClipboardFormats
0x491b60 EnumChildWindows
0x491b64 EndPaint
0x491b68 EnableWindow
0x491b6c EnableScrollBar
0x491b70 EnableMenuItem
0x491b74 EmptyClipboard
0x491b78 DrawTextA
0x491b7c DrawMenuBar
0x491b80 DrawIconEx
0x491b84 DrawIcon
0x491b88 DrawFrameControl
0x491b8c DrawFocusRect
0x491b90 DrawEdge
0x491b94 DispatchMessageW
0x491b98 DispatchMessageA
0x491b9c DestroyWindow
0x491ba0 DestroyMenu
0x491ba4 DestroyIcon
0x491ba8 DestroyCursor
0x491bac DestroyCaret
0x491bb0 DeleteMenu
0x491bb4 DefWindowProcA
0x491bb8 DefMDIChildProcA
0x491bbc DefFrameProcA
0x491bc0 CreatePopupMenu
0x491bc4 CreateMenu
0x491bc8 CreateIcon
0x491bcc CreateCaret
0x491bd0 CloseClipboard
0x491bd4 ClientToScreen
0x491bd8 CheckMenuItem
0x491bdc CallWindowProcA
0x491be0 CallNextHookEx
0x491be4 BeginPaint
0x491be8 CharNextA
0x491bec CharLowerBuffA
0x491bf0 CharLowerA
0x491bf4 CharUpperBuffA
0x491bf8 CharToOemA
0x491bfc AdjustWindowRectEx
0x491c00 ActivateKeyboardLayout
gdi32.dll
0x491c08 UnrealizeObject
0x491c0c StretchBlt
0x491c10 SetWindowOrgEx
0x491c14 SetWindowExtEx
0x491c18 SetWinMetaFileBits
0x491c1c SetViewportOrgEx
0x491c20 SetViewportExtEx
0x491c24 SetTextColor
0x491c28 SetStretchBltMode
0x491c2c SetROP2
0x491c30 SetPixel
0x491c34 SetMapMode
0x491c38 SetEnhMetaFileBits
0x491c3c SetDIBColorTable
0x491c40 SetBrushOrgEx
0x491c44 SetBkMode
0x491c48 SetBkColor
0x491c4c SelectPalette
0x491c50 SelectObject
0x491c54 SelectClipRgn
0x491c58 SaveDC
0x491c5c RestoreDC
0x491c60 Rectangle
0x491c64 RectVisible
0x491c68 RealizePalette
0x491c6c PolyPolyline
0x491c70 PlayEnhMetaFile
0x491c74 PatBlt
0x491c78 MoveToEx
0x491c7c MaskBlt
0x491c80 LineTo
0x491c84 IntersectClipRect
0x491c88 GetWindowOrgEx
0x491c8c GetWinMetaFileBits
0x491c90 GetTextMetricsA
0x491c94 GetTextExtentPointA
0x491c98 GetTextExtentPoint32A
0x491c9c GetSystemPaletteEntries
0x491ca0 GetStockObject
0x491ca4 GetRgnBox
0x491ca8 GetPixel
0x491cac GetPaletteEntries
0x491cb0 GetObjectA
0x491cb4 GetEnhMetaFilePaletteEntries
0x491cb8 GetEnhMetaFileHeader
0x491cbc GetEnhMetaFileBits
0x491cc0 GetDeviceCaps
0x491cc4 GetDIBits
0x491cc8 GetDIBColorTable
0x491ccc GetDCOrgEx
0x491cd0 GetCurrentPositionEx
0x491cd4 GetClipBox
0x491cd8 GetBrushOrgEx
0x491cdc GetBitmapBits
0x491ce0 GdiFlush
0x491ce4 ExtTextOutA
0x491ce8 ExtCreatePen
0x491cec ExcludeClipRect
0x491cf0 DeleteObject
0x491cf4 DeleteEnhMetaFile
0x491cf8 DeleteDC
0x491cfc CreateSolidBrush
0x491d00 CreatePenIndirect
0x491d04 CreatePalette
0x491d08 CreateHalftonePalette
0x491d0c CreateFontIndirectA
0x491d10 CreateDIBitmap
0x491d14 CreateDIBSection
0x491d18 CreateCompatibleDC
0x491d1c CreateCompatibleBitmap
0x491d20 CreateBrushIndirect
0x491d24 CreateBitmap
0x491d28 CopyEnhMetaFileA
0x491d2c BitBlt
version.dll
0x491d34 VerQueryValueA
0x491d38 GetFileVersionInfoSizeA
0x491d3c GetFileVersionInfoA
kernel32.dll
0x491d44 lstrcpyA
0x491d48 WriteFile
0x491d4c WaitForSingleObject
0x491d50 VirtualQuery
0x491d54 VirtualProtect
0x491d58 VirtualAlloc
0x491d5c SizeofResource
0x491d60 SetThreadLocale
0x491d64 SetFilePointer
0x491d68 SetEvent
0x491d6c SetErrorMode
0x491d70 SetEndOfFile
0x491d74 ResumeThread
0x491d78 ResetEvent
0x491d7c ReadFile
0x491d80 MulDiv
0x491d84 LockResource
0x491d88 LoadResource
0x491d8c LoadLibraryA
0x491d90 LeaveCriticalSection
0x491d94 InitializeCriticalSection
0x491d98 GlobalUnlock
0x491d9c GlobalLock
0x491da0 GlobalFree
0x491da4 GlobalFindAtomA
0x491da8 GlobalDeleteAtom
0x491dac GlobalAlloc
0x491db0 GlobalAddAtomA
0x491db4 GetVersionExA
0x491db8 GetVersion
0x491dbc GetTickCount
0x491dc0 GetThreadLocale
0x491dc4 GetStdHandle
0x491dc8 GetProcAddress
0x491dcc GetModuleHandleA
0x491dd0 GetModuleFileNameA
0x491dd4 GetLocaleInfoA
0x491dd8 GetLocalTime
0x491ddc GetLastError
0x491de0 GetFullPathNameA
0x491de4 GetFileAttributesA
0x491de8 GetExitCodeThread
0x491dec GetDiskFreeSpaceA
0x491df0 GetDateFormatA
0x491df4 GetCurrentThreadId
0x491df8 GetCurrentProcessId
0x491dfc GetCPInfo
0x491e00 FreeResource
0x491e04 InterlockedIncrement
0x491e08 InterlockedExchange
0x491e0c InterlockedDecrement
0x491e10 FreeLibrary
0x491e14 FormatMessageA
0x491e18 FindResourceA
0x491e1c EnumCalendarInfoA
0x491e20 EnterCriticalSection
0x491e24 DeleteCriticalSection
0x491e28 CreateThread
0x491e2c CreateFileA
0x491e30 CreateEventA
0x491e34 CompareStringA
0x491e38 CloseHandle
advapi32.dll
0x491e40 RegQueryValueExA
0x491e44 RegOpenKeyExA
0x491e48 RegFlushKey
0x491e4c RegCloseKey
kernel32.dll
0x491e54 Sleep
oleaut32.dll
0x491e5c SafeArrayPtrOfIndex
0x491e60 SafeArrayGetUBound
0x491e64 SafeArrayGetLBound
0x491e68 SafeArrayCreate
0x491e6c VariantChangeType
0x491e70 VariantCopy
0x491e74 VariantClear
0x491e78 VariantInit
comctl32.dll
0x491e80 _TrackMouseEvent
0x491e84 ImageList_SetIconSize
0x491e88 ImageList_GetIconSize
0x491e8c ImageList_Write
0x491e90 ImageList_Read
0x491e94 ImageList_GetDragImage
0x491e98 ImageList_DragShowNolock
0x491e9c ImageList_DragMove
0x491ea0 ImageList_DragLeave
0x491ea4 ImageList_DragEnter
0x491ea8 ImageList_EndDrag
0x491eac ImageList_BeginDrag
0x491eb0 ImageList_Remove
0x491eb4 ImageList_DrawEx
0x491eb8 ImageList_Replace
0x491ebc ImageList_Draw
0x491ec0 ImageList_GetBkColor
0x491ec4 ImageList_SetBkColor
0x491ec8 ImageList_Add
0x491ecc ImageList_GetImageCount
0x491ed0 ImageList_Destroy
0x491ed4 ImageList_Create
shell32.dll
0x491edc ShellExecuteA
0x491ee0 SHFileOperationA
comdlg32.dll
0x491ee8 GetSaveFileNameA
0x491eec GetOpenFileNameA
kernel32.dll
0x491ef4 MulDiv
EAT(Export Address Table) is none
oleaut32.dll
0x491828 SysFreeString
0x49182c SysReAllocStringLen
0x491830 SysAllocStringLen
advapi32.dll
0x491838 RegQueryValueExA
0x49183c RegOpenKeyExA
0x491840 RegCloseKey
user32.dll
0x491848 GetKeyboardType
0x49184c DestroyWindow
0x491850 LoadStringA
0x491854 MessageBoxA
0x491858 CharNextA
kernel32.dll
0x491860 GetACP
0x491864 Sleep
0x491868 VirtualFree
0x49186c VirtualAlloc
0x491870 GetCurrentThreadId
0x491874 InterlockedDecrement
0x491878 InterlockedIncrement
0x49187c VirtualQuery
0x491880 WideCharToMultiByte
0x491884 MultiByteToWideChar
0x491888 lstrlenA
0x49188c lstrcpynA
0x491890 LoadLibraryExA
0x491894 GetThreadLocale
0x491898 GetStartupInfoA
0x49189c GetProcAddress
0x4918a0 GetModuleHandleA
0x4918a4 GetModuleFileNameA
0x4918a8 GetLocaleInfoA
0x4918ac GetLastError
0x4918b0 GetCommandLineA
0x4918b4 FreeLibrary
0x4918b8 FindFirstFileA
0x4918bc FindClose
0x4918c0 ExitProcess
0x4918c4 ExitThread
0x4918c8 CreateThread
0x4918cc CompareStringA
0x4918d0 WriteFile
0x4918d4 UnhandledExceptionFilter
0x4918d8 SetFilePointer
0x4918dc SetEndOfFile
0x4918e0 RtlUnwind
0x4918e4 ReadFile
0x4918e8 RaiseException
0x4918ec GetStdHandle
0x4918f0 GetFileSize
0x4918f4 GetFileType
0x4918f8 CreateFileA
0x4918fc CloseHandle
kernel32.dll
0x491904 TlsSetValue
0x491908 TlsGetValue
0x49190c LocalAlloc
0x491910 GetModuleHandleA
user32.dll
0x491918 CreateWindowExA
0x49191c WindowFromPoint
0x491920 WaitMessage
0x491924 ValidateRect
0x491928 UpdateWindow
0x49192c UnregisterClassA
0x491930 UnionRect
0x491934 UnhookWindowsHookEx
0x491938 TranslateMessage
0x49193c TranslateMDISysAccel
0x491940 TrackPopupMenu
0x491944 SystemParametersInfoA
0x491948 ShowWindow
0x49194c ShowScrollBar
0x491950 ShowOwnedPopups
0x491954 SetWindowsHookExA
0x491958 SetWindowTextA
0x49195c SetWindowPos
0x491960 SetWindowPlacement
0x491964 SetWindowLongW
0x491968 SetWindowLongA
0x49196c SetTimer
0x491970 SetScrollRange
0x491974 SetScrollPos
0x491978 SetScrollInfo
0x49197c SetRect
0x491980 SetPropA
0x491984 SetParent
0x491988 SetMenuItemInfoA
0x49198c SetMenu
0x491990 SetKeyboardState
0x491994 SetForegroundWindow
0x491998 SetFocus
0x49199c SetCursor
0x4919a0 SetClipboardData
0x4919a4 SetClassLongA
0x4919a8 SetCaretPos
0x4919ac SetCapture
0x4919b0 SetActiveWindow
0x4919b4 SendMessageW
0x4919b8 SendMessageA
0x4919bc ScrollWindowEx
0x4919c0 ScrollWindow
0x4919c4 ScreenToClient
0x4919c8 RemovePropA
0x4919cc RemoveMenu
0x4919d0 ReleaseDC
0x4919d4 ReleaseCapture
0x4919d8 RegisterWindowMessageA
0x4919dc RegisterClipboardFormatA
0x4919e0 RegisterClassA
0x4919e4 RedrawWindow
0x4919e8 PtInRect
0x4919ec PostQuitMessage
0x4919f0 PostMessageA
0x4919f4 PeekMessageW
0x4919f8 PeekMessageA
0x4919fc OpenClipboard
0x491a00 OffsetRect
0x491a04 OemToCharA
0x491a08 MsgWaitForMultipleObjects
0x491a0c MessageBoxA
0x491a10 MessageBeep
0x491a14 MapWindowPoints
0x491a18 MapVirtualKeyA
0x491a1c LoadStringA
0x491a20 LoadKeyboardLayoutA
0x491a24 LoadIconA
0x491a28 LoadCursorA
0x491a2c LoadBitmapA
0x491a30 KillTimer
0x491a34 IsZoomed
0x491a38 IsWindowVisible
0x491a3c IsWindowUnicode
0x491a40 IsWindowEnabled
0x491a44 IsWindow
0x491a48 IsRectEmpty
0x491a4c IsIconic
0x491a50 IsDialogMessageW
0x491a54 IsDialogMessageA
0x491a58 IsChild
0x491a5c IsCharAlphaNumericA
0x491a60 IsCharAlphaA
0x491a64 InvalidateRect
0x491a68 IntersectRect
0x491a6c InsertMenuItemA
0x491a70 InsertMenuA
0x491a74 InflateRect
0x491a78 GetWindowThreadProcessId
0x491a7c GetWindowTextA
0x491a80 GetWindowRect
0x491a84 GetWindowPlacement
0x491a88 GetWindowLongW
0x491a8c GetWindowLongA
0x491a90 GetWindowDC
0x491a94 GetTopWindow
0x491a98 GetSystemMetrics
0x491a9c GetSystemMenu
0x491aa0 GetSysColorBrush
0x491aa4 GetSysColor
0x491aa8 GetSubMenu
0x491aac GetScrollRange
0x491ab0 GetScrollPos
0x491ab4 GetScrollInfo
0x491ab8 GetPropA
0x491abc GetParent
0x491ac0 GetWindow
0x491ac4 GetMessageTime
0x491ac8 GetMessagePos
0x491acc GetMenuStringA
0x491ad0 GetMenuState
0x491ad4 GetMenuItemInfoA
0x491ad8 GetMenuItemID
0x491adc GetMenuItemCount
0x491ae0 GetMenu
0x491ae4 GetLastActivePopup
0x491ae8 GetKeyboardState
0x491aec GetKeyboardLayoutNameA
0x491af0 GetKeyboardLayoutList
0x491af4 GetKeyboardLayout
0x491af8 GetKeyState
0x491afc GetKeyNameTextA
0x491b00 GetIconInfo
0x491b04 GetForegroundWindow
0x491b08 GetFocus
0x491b0c GetDoubleClickTime
0x491b10 GetDlgItem
0x491b14 GetDesktopWindow
0x491b18 GetDCEx
0x491b1c GetDC
0x491b20 GetCursorPos
0x491b24 GetCursor
0x491b28 GetClipboardData
0x491b2c GetClientRect
0x491b30 GetClassLongA
0x491b34 GetClassInfoA
0x491b38 GetCaretPos
0x491b3c GetCapture
0x491b40 GetActiveWindow
0x491b44 FrameRect
0x491b48 FindWindowA
0x491b4c FillRect
0x491b50 EqualRect
0x491b54 EnumWindows
0x491b58 EnumThreadWindows
0x491b5c EnumClipboardFormats
0x491b60 EnumChildWindows
0x491b64 EndPaint
0x491b68 EnableWindow
0x491b6c EnableScrollBar
0x491b70 EnableMenuItem
0x491b74 EmptyClipboard
0x491b78 DrawTextA
0x491b7c DrawMenuBar
0x491b80 DrawIconEx
0x491b84 DrawIcon
0x491b88 DrawFrameControl
0x491b8c DrawFocusRect
0x491b90 DrawEdge
0x491b94 DispatchMessageW
0x491b98 DispatchMessageA
0x491b9c DestroyWindow
0x491ba0 DestroyMenu
0x491ba4 DestroyIcon
0x491ba8 DestroyCursor
0x491bac DestroyCaret
0x491bb0 DeleteMenu
0x491bb4 DefWindowProcA
0x491bb8 DefMDIChildProcA
0x491bbc DefFrameProcA
0x491bc0 CreatePopupMenu
0x491bc4 CreateMenu
0x491bc8 CreateIcon
0x491bcc CreateCaret
0x491bd0 CloseClipboard
0x491bd4 ClientToScreen
0x491bd8 CheckMenuItem
0x491bdc CallWindowProcA
0x491be0 CallNextHookEx
0x491be4 BeginPaint
0x491be8 CharNextA
0x491bec CharLowerBuffA
0x491bf0 CharLowerA
0x491bf4 CharUpperBuffA
0x491bf8 CharToOemA
0x491bfc AdjustWindowRectEx
0x491c00 ActivateKeyboardLayout
gdi32.dll
0x491c08 UnrealizeObject
0x491c0c StretchBlt
0x491c10 SetWindowOrgEx
0x491c14 SetWindowExtEx
0x491c18 SetWinMetaFileBits
0x491c1c SetViewportOrgEx
0x491c20 SetViewportExtEx
0x491c24 SetTextColor
0x491c28 SetStretchBltMode
0x491c2c SetROP2
0x491c30 SetPixel
0x491c34 SetMapMode
0x491c38 SetEnhMetaFileBits
0x491c3c SetDIBColorTable
0x491c40 SetBrushOrgEx
0x491c44 SetBkMode
0x491c48 SetBkColor
0x491c4c SelectPalette
0x491c50 SelectObject
0x491c54 SelectClipRgn
0x491c58 SaveDC
0x491c5c RestoreDC
0x491c60 Rectangle
0x491c64 RectVisible
0x491c68 RealizePalette
0x491c6c PolyPolyline
0x491c70 PlayEnhMetaFile
0x491c74 PatBlt
0x491c78 MoveToEx
0x491c7c MaskBlt
0x491c80 LineTo
0x491c84 IntersectClipRect
0x491c88 GetWindowOrgEx
0x491c8c GetWinMetaFileBits
0x491c90 GetTextMetricsA
0x491c94 GetTextExtentPointA
0x491c98 GetTextExtentPoint32A
0x491c9c GetSystemPaletteEntries
0x491ca0 GetStockObject
0x491ca4 GetRgnBox
0x491ca8 GetPixel
0x491cac GetPaletteEntries
0x491cb0 GetObjectA
0x491cb4 GetEnhMetaFilePaletteEntries
0x491cb8 GetEnhMetaFileHeader
0x491cbc GetEnhMetaFileBits
0x491cc0 GetDeviceCaps
0x491cc4 GetDIBits
0x491cc8 GetDIBColorTable
0x491ccc GetDCOrgEx
0x491cd0 GetCurrentPositionEx
0x491cd4 GetClipBox
0x491cd8 GetBrushOrgEx
0x491cdc GetBitmapBits
0x491ce0 GdiFlush
0x491ce4 ExtTextOutA
0x491ce8 ExtCreatePen
0x491cec ExcludeClipRect
0x491cf0 DeleteObject
0x491cf4 DeleteEnhMetaFile
0x491cf8 DeleteDC
0x491cfc CreateSolidBrush
0x491d00 CreatePenIndirect
0x491d04 CreatePalette
0x491d08 CreateHalftonePalette
0x491d0c CreateFontIndirectA
0x491d10 CreateDIBitmap
0x491d14 CreateDIBSection
0x491d18 CreateCompatibleDC
0x491d1c CreateCompatibleBitmap
0x491d20 CreateBrushIndirect
0x491d24 CreateBitmap
0x491d28 CopyEnhMetaFileA
0x491d2c BitBlt
version.dll
0x491d34 VerQueryValueA
0x491d38 GetFileVersionInfoSizeA
0x491d3c GetFileVersionInfoA
kernel32.dll
0x491d44 lstrcpyA
0x491d48 WriteFile
0x491d4c WaitForSingleObject
0x491d50 VirtualQuery
0x491d54 VirtualProtect
0x491d58 VirtualAlloc
0x491d5c SizeofResource
0x491d60 SetThreadLocale
0x491d64 SetFilePointer
0x491d68 SetEvent
0x491d6c SetErrorMode
0x491d70 SetEndOfFile
0x491d74 ResumeThread
0x491d78 ResetEvent
0x491d7c ReadFile
0x491d80 MulDiv
0x491d84 LockResource
0x491d88 LoadResource
0x491d8c LoadLibraryA
0x491d90 LeaveCriticalSection
0x491d94 InitializeCriticalSection
0x491d98 GlobalUnlock
0x491d9c GlobalLock
0x491da0 GlobalFree
0x491da4 GlobalFindAtomA
0x491da8 GlobalDeleteAtom
0x491dac GlobalAlloc
0x491db0 GlobalAddAtomA
0x491db4 GetVersionExA
0x491db8 GetVersion
0x491dbc GetTickCount
0x491dc0 GetThreadLocale
0x491dc4 GetStdHandle
0x491dc8 GetProcAddress
0x491dcc GetModuleHandleA
0x491dd0 GetModuleFileNameA
0x491dd4 GetLocaleInfoA
0x491dd8 GetLocalTime
0x491ddc GetLastError
0x491de0 GetFullPathNameA
0x491de4 GetFileAttributesA
0x491de8 GetExitCodeThread
0x491dec GetDiskFreeSpaceA
0x491df0 GetDateFormatA
0x491df4 GetCurrentThreadId
0x491df8 GetCurrentProcessId
0x491dfc GetCPInfo
0x491e00 FreeResource
0x491e04 InterlockedIncrement
0x491e08 InterlockedExchange
0x491e0c InterlockedDecrement
0x491e10 FreeLibrary
0x491e14 FormatMessageA
0x491e18 FindResourceA
0x491e1c EnumCalendarInfoA
0x491e20 EnterCriticalSection
0x491e24 DeleteCriticalSection
0x491e28 CreateThread
0x491e2c CreateFileA
0x491e30 CreateEventA
0x491e34 CompareStringA
0x491e38 CloseHandle
advapi32.dll
0x491e40 RegQueryValueExA
0x491e44 RegOpenKeyExA
0x491e48 RegFlushKey
0x491e4c RegCloseKey
kernel32.dll
0x491e54 Sleep
oleaut32.dll
0x491e5c SafeArrayPtrOfIndex
0x491e60 SafeArrayGetUBound
0x491e64 SafeArrayGetLBound
0x491e68 SafeArrayCreate
0x491e6c VariantChangeType
0x491e70 VariantCopy
0x491e74 VariantClear
0x491e78 VariantInit
comctl32.dll
0x491e80 _TrackMouseEvent
0x491e84 ImageList_SetIconSize
0x491e88 ImageList_GetIconSize
0x491e8c ImageList_Write
0x491e90 ImageList_Read
0x491e94 ImageList_GetDragImage
0x491e98 ImageList_DragShowNolock
0x491e9c ImageList_DragMove
0x491ea0 ImageList_DragLeave
0x491ea4 ImageList_DragEnter
0x491ea8 ImageList_EndDrag
0x491eac ImageList_BeginDrag
0x491eb0 ImageList_Remove
0x491eb4 ImageList_DrawEx
0x491eb8 ImageList_Replace
0x491ebc ImageList_Draw
0x491ec0 ImageList_GetBkColor
0x491ec4 ImageList_SetBkColor
0x491ec8 ImageList_Add
0x491ecc ImageList_GetImageCount
0x491ed0 ImageList_Destroy
0x491ed4 ImageList_Create
shell32.dll
0x491edc ShellExecuteA
0x491ee0 SHFileOperationA
comdlg32.dll
0x491ee8 GetSaveFileNameA
0x491eec GetOpenFileNameA
kernel32.dll
0x491ef4 MulDiv
EAT(Export Address Table) is none