ScreenShot
| Created | 2021.07.25 12:21 | Machine | s1_win7_x6401 |
| Filename | hunt.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (Convagent, Zusy, Unsafe, ZelphiF, dLW@aOIl30pi, Delf, Eldorado, Attribute, HighConfidence, Malicious, Remcos, Qipi, Score, Wacatac, WOAS46, Artemis, R06CH07GN21, Flooder, ICQBomber, susgen, GenKryptik, EKLE, GdSda) | ||
| md5 | 3cdcff9ecdf0ef7399b4326654371b2d | ||
| sha256 | 4825f620ea431958e79491a625aa756aaf26e1305758381d503869b43393a2e0 | ||
| ssdeep | 12288:5IO9jQgjDHNQNDRHhjeg7NNuWVnTT4I0IVx9nm4vNOpRKaGmjtzeVQ1D2X:SQjFDHNQNDR5ekNNbdTT4C7v3G2 | ||
| imphash | eeb274539f353457b7607137bc233150 | ||
| impfuzzy | 192:o13MDbuuaxSUvK9tso1XEJeD1tyG1Q+POQHw:C3maq9xB1vPOQQ | ||
Network IP location
Signature (20cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (38cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x48774c SysFreeString
0x487750 SysReAllocStringLen
0x487754 SysAllocStringLen
advapi32.dll
0x48775c RegQueryValueExA
0x487760 RegOpenKeyExA
0x487764 RegCloseKey
user32.dll
0x48776c GetKeyboardType
0x487770 DestroyWindow
0x487774 LoadStringA
0x487778 MessageBoxA
0x48777c CharNextA
kernel32.dll
0x487784 GetACP
0x487788 Sleep
0x48778c VirtualFree
0x487790 VirtualAlloc
0x487794 GetCurrentThreadId
0x487798 InterlockedDecrement
0x48779c InterlockedIncrement
0x4877a0 VirtualQuery
0x4877a4 WideCharToMultiByte
0x4877a8 MultiByteToWideChar
0x4877ac lstrlenA
0x4877b0 lstrcpynA
0x4877b4 LoadLibraryExA
0x4877b8 GetThreadLocale
0x4877bc GetStartupInfoA
0x4877c0 GetProcAddress
0x4877c4 GetModuleHandleA
0x4877c8 GetModuleFileNameA
0x4877cc GetLocaleInfoA
0x4877d0 GetCommandLineA
0x4877d4 FreeLibrary
0x4877d8 FindFirstFileA
0x4877dc FindClose
0x4877e0 ExitProcess
0x4877e4 CompareStringA
0x4877e8 WriteFile
0x4877ec UnhandledExceptionFilter
0x4877f0 RtlUnwind
0x4877f4 RaiseException
0x4877f8 GetStdHandle
kernel32.dll
0x487800 TlsSetValue
0x487804 TlsGetValue
0x487808 LocalAlloc
0x48780c GetModuleHandleA
user32.dll
0x487814 CreateWindowExA
0x487818 WindowFromPoint
0x48781c WaitMessage
0x487820 UpdateWindow
0x487824 UnregisterClassA
0x487828 UnhookWindowsHookEx
0x48782c TranslateMessage
0x487830 TranslateMDISysAccel
0x487834 TrackPopupMenu
0x487838 SystemParametersInfoA
0x48783c ShowWindow
0x487840 ShowScrollBar
0x487844 ShowOwnedPopups
0x487848 SetWindowsHookExA
0x48784c SetWindowTextA
0x487850 SetWindowPos
0x487854 SetWindowPlacement
0x487858 SetWindowLongW
0x48785c SetWindowLongA
0x487860 SetTimer
0x487864 SetScrollRange
0x487868 SetScrollPos
0x48786c SetScrollInfo
0x487870 SetRect
0x487874 SetPropA
0x487878 SetParent
0x48787c SetMenuItemInfoA
0x487880 SetMenu
0x487884 SetForegroundWindow
0x487888 SetFocus
0x48788c SetCursor
0x487890 SetClassLongA
0x487894 SetCapture
0x487898 SetActiveWindow
0x48789c SendMessageW
0x4878a0 SendMessageA
0x4878a4 ScrollWindow
0x4878a8 ScreenToClient
0x4878ac RemovePropA
0x4878b0 RemoveMenu
0x4878b4 ReleaseDC
0x4878b8 ReleaseCapture
0x4878bc RegisterWindowMessageA
0x4878c0 RegisterClipboardFormatA
0x4878c4 RegisterClassA
0x4878c8 RedrawWindow
0x4878cc PtInRect
0x4878d0 PostQuitMessage
0x4878d4 PostMessageA
0x4878d8 PeekMessageW
0x4878dc PeekMessageA
0x4878e0 OffsetRect
0x4878e4 OemToCharA
0x4878e8 MsgWaitForMultipleObjects
0x4878ec MessageBoxA
0x4878f0 MapWindowPoints
0x4878f4 MapVirtualKeyA
0x4878f8 LoadStringA
0x4878fc LoadKeyboardLayoutA
0x487900 LoadIconA
0x487904 LoadCursorA
0x487908 LoadBitmapA
0x48790c KillTimer
0x487910 IsZoomed
0x487914 IsWindowVisible
0x487918 IsWindowUnicode
0x48791c IsWindowEnabled
0x487920 IsWindow
0x487924 IsRectEmpty
0x487928 IsIconic
0x48792c IsDialogMessageW
0x487930 IsDialogMessageA
0x487934 IsChild
0x487938 InvalidateRect
0x48793c IntersectRect
0x487940 InsertMenuItemA
0x487944 InsertMenuA
0x487948 InflateRect
0x48794c GetWindowThreadProcessId
0x487950 GetWindowTextA
0x487954 GetWindowRect
0x487958 GetWindowPlacement
0x48795c GetWindowLongW
0x487960 GetWindowLongA
0x487964 GetWindowDC
0x487968 GetTopWindow
0x48796c GetSystemMetrics
0x487970 GetSystemMenu
0x487974 GetSysColorBrush
0x487978 GetSysColor
0x48797c GetSubMenu
0x487980 GetScrollRange
0x487984 GetScrollPos
0x487988 GetScrollInfo
0x48798c GetPropA
0x487990 GetParent
0x487994 GetWindow
0x487998 GetMessagePos
0x48799c GetMenuStringA
0x4879a0 GetMenuState
0x4879a4 GetMenuItemInfoA
0x4879a8 GetMenuItemID
0x4879ac GetMenuItemCount
0x4879b0 GetMenu
0x4879b4 GetLastActivePopup
0x4879b8 GetKeyboardState
0x4879bc GetKeyboardLayoutNameA
0x4879c0 GetKeyboardLayoutList
0x4879c4 GetKeyboardLayout
0x4879c8 GetKeyState
0x4879cc GetKeyNameTextA
0x4879d0 GetIconInfo
0x4879d4 GetForegroundWindow
0x4879d8 GetFocus
0x4879dc GetDesktopWindow
0x4879e0 GetDCEx
0x4879e4 GetDC
0x4879e8 GetCursorPos
0x4879ec GetCursor
0x4879f0 GetClipboardData
0x4879f4 GetClientRect
0x4879f8 GetClassLongA
0x4879fc GetClassInfoA
0x487a00 GetCapture
0x487a04 GetActiveWindow
0x487a08 FrameRect
0x487a0c FindWindowA
0x487a10 FillRect
0x487a14 EqualRect
0x487a18 EnumWindows
0x487a1c EnumThreadWindows
0x487a20 EnumChildWindows
0x487a24 EndPaint
0x487a28 EnableWindow
0x487a2c EnableScrollBar
0x487a30 EnableMenuItem
0x487a34 DrawTextA
0x487a38 DrawMenuBar
0x487a3c DrawIconEx
0x487a40 DrawIcon
0x487a44 DrawFrameControl
0x487a48 DrawFocusRect
0x487a4c DrawEdge
0x487a50 DispatchMessageW
0x487a54 DispatchMessageA
0x487a58 DestroyWindow
0x487a5c DestroyMenu
0x487a60 DestroyIcon
0x487a64 DestroyCursor
0x487a68 DeleteMenu
0x487a6c DefWindowProcA
0x487a70 DefMDIChildProcA
0x487a74 DefFrameProcA
0x487a78 CreatePopupMenu
0x487a7c CreateMenu
0x487a80 CreateIcon
0x487a84 ClientToScreen
0x487a88 CheckMenuItem
0x487a8c CallWindowProcA
0x487a90 CallNextHookEx
0x487a94 BeginPaint
0x487a98 CharNextA
0x487a9c CharLowerBuffA
0x487aa0 CharLowerA
0x487aa4 CharToOemA
0x487aa8 AdjustWindowRectEx
0x487aac ActivateKeyboardLayout
gdi32.dll
0x487ab4 UnrealizeObject
0x487ab8 StretchDIBits
0x487abc StretchBlt
0x487ac0 SetWindowOrgEx
0x487ac4 SetWinMetaFileBits
0x487ac8 SetViewportOrgEx
0x487acc SetTextColor
0x487ad0 SetStretchBltMode
0x487ad4 SetROP2
0x487ad8 SetPixel
0x487adc SetPaletteEntries
0x487ae0 SetEnhMetaFileBits
0x487ae4 SetDIBColorTable
0x487ae8 SetBrushOrgEx
0x487aec SetBkMode
0x487af0 SetBkColor
0x487af4 SelectPalette
0x487af8 SelectObject
0x487afc SelectClipRgn
0x487b00 SaveDC
0x487b04 RestoreDC
0x487b08 ResizePalette
0x487b0c Rectangle
0x487b10 RectVisible
0x487b14 RealizePalette
0x487b18 Polyline
0x487b1c PlayEnhMetaFile
0x487b20 PatBlt
0x487b24 MoveToEx
0x487b28 MaskBlt
0x487b2c LineTo
0x487b30 IntersectClipRect
0x487b34 GetWindowOrgEx
0x487b38 GetWinMetaFileBits
0x487b3c GetTextMetricsA
0x487b40 GetTextExtentPoint32A
0x487b44 GetSystemPaletteEntries
0x487b48 GetStockObject
0x487b4c GetRgnBox
0x487b50 GetPixel
0x487b54 GetPaletteEntries
0x487b58 GetObjectA
0x487b5c GetNearestPaletteIndex
0x487b60 GetEnhMetaFilePaletteEntries
0x487b64 GetEnhMetaFileHeader
0x487b68 GetEnhMetaFileBits
0x487b6c GetDeviceCaps
0x487b70 GetDIBits
0x487b74 GetDIBColorTable
0x487b78 GetDCOrgEx
0x487b7c GetCurrentPositionEx
0x487b80 GetClipBox
0x487b84 GetBrushOrgEx
0x487b88 GetBitmapBits
0x487b8c ExtTextOutA
0x487b90 ExcludeClipRect
0x487b94 DeleteObject
0x487b98 DeleteEnhMetaFile
0x487b9c DeleteDC
0x487ba0 CreateSolidBrush
0x487ba4 CreatePenIndirect
0x487ba8 CreatePalette
0x487bac CreateHalftonePalette
0x487bb0 CreateFontIndirectA
0x487bb4 CreateDIBitmap
0x487bb8 CreateDIBSection
0x487bbc CreateCompatibleDC
0x487bc0 CreateCompatibleBitmap
0x487bc4 CreateBrushIndirect
0x487bc8 CreateBitmap
0x487bcc CopyEnhMetaFileA
0x487bd0 BitBlt
version.dll
0x487bd8 VerQueryValueA
0x487bdc GetFileVersionInfoSizeA
0x487be0 GetFileVersionInfoA
kernel32.dll
0x487be8 lstrcpyA
0x487bec lstrcmpiA
0x487bf0 WriteFile
0x487bf4 WaitForSingleObject
0x487bf8 VirtualQuery
0x487bfc VirtualProtect
0x487c00 VirtualAlloc
0x487c04 SizeofResource
0x487c08 SetThreadLocale
0x487c0c SetFilePointer
0x487c10 SetEvent
0x487c14 SetErrorMode
0x487c18 SetEndOfFile
0x487c1c ResetEvent
0x487c20 ReadFile
0x487c24 MulDiv
0x487c28 LockResource
0x487c2c LoadResource
0x487c30 LoadLibraryA
0x487c34 LeaveCriticalSection
0x487c38 InitializeCriticalSection
0x487c3c GlobalFindAtomA
0x487c40 GlobalDeleteAtom
0x487c44 GlobalAddAtomA
0x487c48 GetVersionExA
0x487c4c GetVersion
0x487c50 GetTickCount
0x487c54 GetThreadLocale
0x487c58 GetStdHandle
0x487c5c GetProcAddress
0x487c60 GetModuleHandleA
0x487c64 GetModuleFileNameA
0x487c68 GetLocaleInfoA
0x487c6c GetLocalTime
0x487c70 GetLastError
0x487c74 GetFullPathNameA
0x487c78 GetDiskFreeSpaceA
0x487c7c GetDateFormatA
0x487c80 GetCurrentThreadId
0x487c84 GetCurrentProcessId
0x487c88 GetCPInfo
0x487c8c FreeResource
0x487c90 InterlockedExchange
0x487c94 FreeLibrary
0x487c98 FormatMessageA
0x487c9c FindResourceA
0x487ca0 EnumCalendarInfoA
0x487ca4 EnterCriticalSection
0x487ca8 DeleteCriticalSection
0x487cac CreateThread
0x487cb0 CreateFileA
0x487cb4 CreateEventA
0x487cb8 CompareStringA
0x487cbc CloseHandle
advapi32.dll
0x487cc4 RegQueryValueExA
0x487cc8 RegOpenKeyExA
0x487ccc RegFlushKey
0x487cd0 RegCloseKey
kernel32.dll
0x487cd8 Sleep
oleaut32.dll
0x487ce0 SafeArrayPtrOfIndex
0x487ce4 SafeArrayGetUBound
0x487ce8 SafeArrayGetLBound
0x487cec SafeArrayCreate
0x487cf0 VariantChangeType
0x487cf4 VariantCopy
0x487cf8 VariantClear
0x487cfc VariantInit
comctl32.dll
0x487d04 _TrackMouseEvent
0x487d08 ImageList_SetIconSize
0x487d0c ImageList_GetIconSize
0x487d10 ImageList_Write
0x487d14 ImageList_Read
0x487d18 ImageList_GetDragImage
0x487d1c ImageList_DragShowNolock
0x487d20 ImageList_DragMove
0x487d24 ImageList_DragLeave
0x487d28 ImageList_DragEnter
0x487d2c ImageList_EndDrag
0x487d30 ImageList_BeginDrag
0x487d34 ImageList_Remove
0x487d38 ImageList_DrawEx
0x487d3c ImageList_Replace
0x487d40 ImageList_Draw
0x487d44 ImageList_GetBkColor
0x487d48 ImageList_SetBkColor
0x487d4c ImageList_Add
0x487d50 ImageList_GetImageCount
0x487d54 ImageList_Destroy
0x487d58 ImageList_Create
wsock32.dll
0x487d60 WSACleanup
0x487d64 WSAStartup
EAT(Export Address Table) is none
oleaut32.dll
0x48774c SysFreeString
0x487750 SysReAllocStringLen
0x487754 SysAllocStringLen
advapi32.dll
0x48775c RegQueryValueExA
0x487760 RegOpenKeyExA
0x487764 RegCloseKey
user32.dll
0x48776c GetKeyboardType
0x487770 DestroyWindow
0x487774 LoadStringA
0x487778 MessageBoxA
0x48777c CharNextA
kernel32.dll
0x487784 GetACP
0x487788 Sleep
0x48778c VirtualFree
0x487790 VirtualAlloc
0x487794 GetCurrentThreadId
0x487798 InterlockedDecrement
0x48779c InterlockedIncrement
0x4877a0 VirtualQuery
0x4877a4 WideCharToMultiByte
0x4877a8 MultiByteToWideChar
0x4877ac lstrlenA
0x4877b0 lstrcpynA
0x4877b4 LoadLibraryExA
0x4877b8 GetThreadLocale
0x4877bc GetStartupInfoA
0x4877c0 GetProcAddress
0x4877c4 GetModuleHandleA
0x4877c8 GetModuleFileNameA
0x4877cc GetLocaleInfoA
0x4877d0 GetCommandLineA
0x4877d4 FreeLibrary
0x4877d8 FindFirstFileA
0x4877dc FindClose
0x4877e0 ExitProcess
0x4877e4 CompareStringA
0x4877e8 WriteFile
0x4877ec UnhandledExceptionFilter
0x4877f0 RtlUnwind
0x4877f4 RaiseException
0x4877f8 GetStdHandle
kernel32.dll
0x487800 TlsSetValue
0x487804 TlsGetValue
0x487808 LocalAlloc
0x48780c GetModuleHandleA
user32.dll
0x487814 CreateWindowExA
0x487818 WindowFromPoint
0x48781c WaitMessage
0x487820 UpdateWindow
0x487824 UnregisterClassA
0x487828 UnhookWindowsHookEx
0x48782c TranslateMessage
0x487830 TranslateMDISysAccel
0x487834 TrackPopupMenu
0x487838 SystemParametersInfoA
0x48783c ShowWindow
0x487840 ShowScrollBar
0x487844 ShowOwnedPopups
0x487848 SetWindowsHookExA
0x48784c SetWindowTextA
0x487850 SetWindowPos
0x487854 SetWindowPlacement
0x487858 SetWindowLongW
0x48785c SetWindowLongA
0x487860 SetTimer
0x487864 SetScrollRange
0x487868 SetScrollPos
0x48786c SetScrollInfo
0x487870 SetRect
0x487874 SetPropA
0x487878 SetParent
0x48787c SetMenuItemInfoA
0x487880 SetMenu
0x487884 SetForegroundWindow
0x487888 SetFocus
0x48788c SetCursor
0x487890 SetClassLongA
0x487894 SetCapture
0x487898 SetActiveWindow
0x48789c SendMessageW
0x4878a0 SendMessageA
0x4878a4 ScrollWindow
0x4878a8 ScreenToClient
0x4878ac RemovePropA
0x4878b0 RemoveMenu
0x4878b4 ReleaseDC
0x4878b8 ReleaseCapture
0x4878bc RegisterWindowMessageA
0x4878c0 RegisterClipboardFormatA
0x4878c4 RegisterClassA
0x4878c8 RedrawWindow
0x4878cc PtInRect
0x4878d0 PostQuitMessage
0x4878d4 PostMessageA
0x4878d8 PeekMessageW
0x4878dc PeekMessageA
0x4878e0 OffsetRect
0x4878e4 OemToCharA
0x4878e8 MsgWaitForMultipleObjects
0x4878ec MessageBoxA
0x4878f0 MapWindowPoints
0x4878f4 MapVirtualKeyA
0x4878f8 LoadStringA
0x4878fc LoadKeyboardLayoutA
0x487900 LoadIconA
0x487904 LoadCursorA
0x487908 LoadBitmapA
0x48790c KillTimer
0x487910 IsZoomed
0x487914 IsWindowVisible
0x487918 IsWindowUnicode
0x48791c IsWindowEnabled
0x487920 IsWindow
0x487924 IsRectEmpty
0x487928 IsIconic
0x48792c IsDialogMessageW
0x487930 IsDialogMessageA
0x487934 IsChild
0x487938 InvalidateRect
0x48793c IntersectRect
0x487940 InsertMenuItemA
0x487944 InsertMenuA
0x487948 InflateRect
0x48794c GetWindowThreadProcessId
0x487950 GetWindowTextA
0x487954 GetWindowRect
0x487958 GetWindowPlacement
0x48795c GetWindowLongW
0x487960 GetWindowLongA
0x487964 GetWindowDC
0x487968 GetTopWindow
0x48796c GetSystemMetrics
0x487970 GetSystemMenu
0x487974 GetSysColorBrush
0x487978 GetSysColor
0x48797c GetSubMenu
0x487980 GetScrollRange
0x487984 GetScrollPos
0x487988 GetScrollInfo
0x48798c GetPropA
0x487990 GetParent
0x487994 GetWindow
0x487998 GetMessagePos
0x48799c GetMenuStringA
0x4879a0 GetMenuState
0x4879a4 GetMenuItemInfoA
0x4879a8 GetMenuItemID
0x4879ac GetMenuItemCount
0x4879b0 GetMenu
0x4879b4 GetLastActivePopup
0x4879b8 GetKeyboardState
0x4879bc GetKeyboardLayoutNameA
0x4879c0 GetKeyboardLayoutList
0x4879c4 GetKeyboardLayout
0x4879c8 GetKeyState
0x4879cc GetKeyNameTextA
0x4879d0 GetIconInfo
0x4879d4 GetForegroundWindow
0x4879d8 GetFocus
0x4879dc GetDesktopWindow
0x4879e0 GetDCEx
0x4879e4 GetDC
0x4879e8 GetCursorPos
0x4879ec GetCursor
0x4879f0 GetClipboardData
0x4879f4 GetClientRect
0x4879f8 GetClassLongA
0x4879fc GetClassInfoA
0x487a00 GetCapture
0x487a04 GetActiveWindow
0x487a08 FrameRect
0x487a0c FindWindowA
0x487a10 FillRect
0x487a14 EqualRect
0x487a18 EnumWindows
0x487a1c EnumThreadWindows
0x487a20 EnumChildWindows
0x487a24 EndPaint
0x487a28 EnableWindow
0x487a2c EnableScrollBar
0x487a30 EnableMenuItem
0x487a34 DrawTextA
0x487a38 DrawMenuBar
0x487a3c DrawIconEx
0x487a40 DrawIcon
0x487a44 DrawFrameControl
0x487a48 DrawFocusRect
0x487a4c DrawEdge
0x487a50 DispatchMessageW
0x487a54 DispatchMessageA
0x487a58 DestroyWindow
0x487a5c DestroyMenu
0x487a60 DestroyIcon
0x487a64 DestroyCursor
0x487a68 DeleteMenu
0x487a6c DefWindowProcA
0x487a70 DefMDIChildProcA
0x487a74 DefFrameProcA
0x487a78 CreatePopupMenu
0x487a7c CreateMenu
0x487a80 CreateIcon
0x487a84 ClientToScreen
0x487a88 CheckMenuItem
0x487a8c CallWindowProcA
0x487a90 CallNextHookEx
0x487a94 BeginPaint
0x487a98 CharNextA
0x487a9c CharLowerBuffA
0x487aa0 CharLowerA
0x487aa4 CharToOemA
0x487aa8 AdjustWindowRectEx
0x487aac ActivateKeyboardLayout
gdi32.dll
0x487ab4 UnrealizeObject
0x487ab8 StretchDIBits
0x487abc StretchBlt
0x487ac0 SetWindowOrgEx
0x487ac4 SetWinMetaFileBits
0x487ac8 SetViewportOrgEx
0x487acc SetTextColor
0x487ad0 SetStretchBltMode
0x487ad4 SetROP2
0x487ad8 SetPixel
0x487adc SetPaletteEntries
0x487ae0 SetEnhMetaFileBits
0x487ae4 SetDIBColorTable
0x487ae8 SetBrushOrgEx
0x487aec SetBkMode
0x487af0 SetBkColor
0x487af4 SelectPalette
0x487af8 SelectObject
0x487afc SelectClipRgn
0x487b00 SaveDC
0x487b04 RestoreDC
0x487b08 ResizePalette
0x487b0c Rectangle
0x487b10 RectVisible
0x487b14 RealizePalette
0x487b18 Polyline
0x487b1c PlayEnhMetaFile
0x487b20 PatBlt
0x487b24 MoveToEx
0x487b28 MaskBlt
0x487b2c LineTo
0x487b30 IntersectClipRect
0x487b34 GetWindowOrgEx
0x487b38 GetWinMetaFileBits
0x487b3c GetTextMetricsA
0x487b40 GetTextExtentPoint32A
0x487b44 GetSystemPaletteEntries
0x487b48 GetStockObject
0x487b4c GetRgnBox
0x487b50 GetPixel
0x487b54 GetPaletteEntries
0x487b58 GetObjectA
0x487b5c GetNearestPaletteIndex
0x487b60 GetEnhMetaFilePaletteEntries
0x487b64 GetEnhMetaFileHeader
0x487b68 GetEnhMetaFileBits
0x487b6c GetDeviceCaps
0x487b70 GetDIBits
0x487b74 GetDIBColorTable
0x487b78 GetDCOrgEx
0x487b7c GetCurrentPositionEx
0x487b80 GetClipBox
0x487b84 GetBrushOrgEx
0x487b88 GetBitmapBits
0x487b8c ExtTextOutA
0x487b90 ExcludeClipRect
0x487b94 DeleteObject
0x487b98 DeleteEnhMetaFile
0x487b9c DeleteDC
0x487ba0 CreateSolidBrush
0x487ba4 CreatePenIndirect
0x487ba8 CreatePalette
0x487bac CreateHalftonePalette
0x487bb0 CreateFontIndirectA
0x487bb4 CreateDIBitmap
0x487bb8 CreateDIBSection
0x487bbc CreateCompatibleDC
0x487bc0 CreateCompatibleBitmap
0x487bc4 CreateBrushIndirect
0x487bc8 CreateBitmap
0x487bcc CopyEnhMetaFileA
0x487bd0 BitBlt
version.dll
0x487bd8 VerQueryValueA
0x487bdc GetFileVersionInfoSizeA
0x487be0 GetFileVersionInfoA
kernel32.dll
0x487be8 lstrcpyA
0x487bec lstrcmpiA
0x487bf0 WriteFile
0x487bf4 WaitForSingleObject
0x487bf8 VirtualQuery
0x487bfc VirtualProtect
0x487c00 VirtualAlloc
0x487c04 SizeofResource
0x487c08 SetThreadLocale
0x487c0c SetFilePointer
0x487c10 SetEvent
0x487c14 SetErrorMode
0x487c18 SetEndOfFile
0x487c1c ResetEvent
0x487c20 ReadFile
0x487c24 MulDiv
0x487c28 LockResource
0x487c2c LoadResource
0x487c30 LoadLibraryA
0x487c34 LeaveCriticalSection
0x487c38 InitializeCriticalSection
0x487c3c GlobalFindAtomA
0x487c40 GlobalDeleteAtom
0x487c44 GlobalAddAtomA
0x487c48 GetVersionExA
0x487c4c GetVersion
0x487c50 GetTickCount
0x487c54 GetThreadLocale
0x487c58 GetStdHandle
0x487c5c GetProcAddress
0x487c60 GetModuleHandleA
0x487c64 GetModuleFileNameA
0x487c68 GetLocaleInfoA
0x487c6c GetLocalTime
0x487c70 GetLastError
0x487c74 GetFullPathNameA
0x487c78 GetDiskFreeSpaceA
0x487c7c GetDateFormatA
0x487c80 GetCurrentThreadId
0x487c84 GetCurrentProcessId
0x487c88 GetCPInfo
0x487c8c FreeResource
0x487c90 InterlockedExchange
0x487c94 FreeLibrary
0x487c98 FormatMessageA
0x487c9c FindResourceA
0x487ca0 EnumCalendarInfoA
0x487ca4 EnterCriticalSection
0x487ca8 DeleteCriticalSection
0x487cac CreateThread
0x487cb0 CreateFileA
0x487cb4 CreateEventA
0x487cb8 CompareStringA
0x487cbc CloseHandle
advapi32.dll
0x487cc4 RegQueryValueExA
0x487cc8 RegOpenKeyExA
0x487ccc RegFlushKey
0x487cd0 RegCloseKey
kernel32.dll
0x487cd8 Sleep
oleaut32.dll
0x487ce0 SafeArrayPtrOfIndex
0x487ce4 SafeArrayGetUBound
0x487ce8 SafeArrayGetLBound
0x487cec SafeArrayCreate
0x487cf0 VariantChangeType
0x487cf4 VariantCopy
0x487cf8 VariantClear
0x487cfc VariantInit
comctl32.dll
0x487d04 _TrackMouseEvent
0x487d08 ImageList_SetIconSize
0x487d0c ImageList_GetIconSize
0x487d10 ImageList_Write
0x487d14 ImageList_Read
0x487d18 ImageList_GetDragImage
0x487d1c ImageList_DragShowNolock
0x487d20 ImageList_DragMove
0x487d24 ImageList_DragLeave
0x487d28 ImageList_DragEnter
0x487d2c ImageList_EndDrag
0x487d30 ImageList_BeginDrag
0x487d34 ImageList_Remove
0x487d38 ImageList_DrawEx
0x487d3c ImageList_Replace
0x487d40 ImageList_Draw
0x487d44 ImageList_GetBkColor
0x487d48 ImageList_SetBkColor
0x487d4c ImageList_Add
0x487d50 ImageList_GetImageCount
0x487d54 ImageList_Destroy
0x487d58 ImageList_Create
wsock32.dll
0x487d60 WSACleanup
0x487d64 WSAStartup
EAT(Export Address Table) is none