ScreenShot
| Created | 2021.07.27 18:01 | Machine | s1_win7_x6401 |
| Filename | downloaddocument.do | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (AIDetect, malware1, Artemis, Unsafe, Malicious, score, Trickpak, TrickBot, U6M6PA, kcloud) | ||
| md5 | 8dd7c961c9cdbd69e9a5d86d7809fc50 | ||
| sha256 | 6e057855e21f4c93a4e3825b9711ca07ccec94fed55dbc20e1d3316b2b3dc549 | ||
| ssdeep | 12288:NRd40nqiQQuVRe+vFIRiEPH8nzjDAL2dUIvltfWZ5QCR8URd5Jr:7RVQQuVdFQ8nzgLJIdt0mURPB | ||
| imphash | c5fccb41822a3f434586ee8cc221f1e8 | ||
| impfuzzy | 192:L3+rMRTUK5ENn5XJWbu5rcvcRcSEUPAQPNXU:LXRfqKupwEPAQPNXU | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (18cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 25
ET CNC Feodo Tracker Reported CnC Server group 17
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 17
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 16
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1003d104 HeapReAlloc
0x1003d108 Sleep
0x1003d10c ExitProcess
0x1003d110 HeapSize
0x1003d114 TerminateProcess
0x1003d118 UnhandledExceptionFilter
0x1003d11c SetUnhandledExceptionFilter
0x1003d120 IsDebuggerPresent
0x1003d124 VirtualFree
0x1003d128 HeapCreate
0x1003d12c HeapDestroy
0x1003d130 GetStdHandle
0x1003d134 GetACP
0x1003d138 IsValidCodePage
0x1003d13c LCMapStringA
0x1003d140 LCMapStringW
0x1003d144 SetHandleCount
0x1003d148 GetFileType
0x1003d14c GetStartupInfoA
0x1003d150 FreeEnvironmentStringsA
0x1003d154 VirtualQuery
0x1003d158 FreeEnvironmentStringsW
0x1003d15c GetEnvironmentStringsW
0x1003d160 QueryPerformanceCounter
0x1003d164 GetSystemTimeAsFileTime
0x1003d168 InitializeCriticalSectionAndSpinCount
0x1003d16c GetStringTypeA
0x1003d170 GetStringTypeW
0x1003d174 GetTimeZoneInformation
0x1003d178 GetConsoleCP
0x1003d17c GetConsoleMode
0x1003d180 SetStdHandle
0x1003d184 WriteConsoleA
0x1003d188 GetConsoleOutputCP
0x1003d18c WriteConsoleW
0x1003d190 CompareStringW
0x1003d194 SetEnvironmentVariableA
0x1003d198 GetSystemInfo
0x1003d19c VirtualAlloc
0x1003d1a0 VirtualProtect
0x1003d1a4 RaiseException
0x1003d1a8 RtlUnwind
0x1003d1ac GetCommandLineA
0x1003d1b0 HeapFree
0x1003d1b4 HeapAlloc
0x1003d1b8 GetFileTime
0x1003d1bc GetFileSizeEx
0x1003d1c0 GetFileAttributesA
0x1003d1c4 FileTimeToLocalFileTime
0x1003d1c8 GetTickCount
0x1003d1cc CreateFileA
0x1003d1d0 GetFullPathNameA
0x1003d1d4 GetVolumeInformationA
0x1003d1d8 FindFirstFileA
0x1003d1dc FindClose
0x1003d1e0 DuplicateHandle
0x1003d1e4 GetFileSize
0x1003d1e8 SetEndOfFile
0x1003d1ec UnlockFile
0x1003d1f0 LockFile
0x1003d1f4 FlushFileBuffers
0x1003d1f8 SetFilePointer
0x1003d1fc WriteFile
0x1003d200 ReadFile
0x1003d204 GetOEMCP
0x1003d208 FileTimeToSystemTime
0x1003d20c GetThreadLocale
0x1003d210 TlsFree
0x1003d214 DeleteCriticalSection
0x1003d218 LocalReAlloc
0x1003d21c TlsSetValue
0x1003d220 TlsAlloc
0x1003d224 InitializeCriticalSection
0x1003d228 GlobalHandle
0x1003d22c GlobalReAlloc
0x1003d230 EnterCriticalSection
0x1003d234 TlsGetValue
0x1003d238 LeaveCriticalSection
0x1003d23c LocalAlloc
0x1003d240 InterlockedIncrement
0x1003d244 GetModuleHandleW
0x1003d248 GlobalFlags
0x1003d24c WritePrivateProfileStringA
0x1003d250 GetCurrentThread
0x1003d254 ConvertDefaultLocale
0x1003d258 EnumResourceLanguagesA
0x1003d25c GetLocaleInfoA
0x1003d260 InterlockedExchange
0x1003d264 lstrcmpA
0x1003d268 GlobalGetAtomNameA
0x1003d26c GlobalAddAtomA
0x1003d270 GlobalFindAtomA
0x1003d274 GlobalDeleteAtom
0x1003d278 CompareStringA
0x1003d27c lstrcmpW
0x1003d280 GetCurrentThreadId
0x1003d284 CloseHandle
0x1003d288 FreeLibrary
0x1003d28c InterlockedDecrement
0x1003d290 GlobalFree
0x1003d294 GlobalAlloc
0x1003d298 FormatMessageA
0x1003d29c LocalFree
0x1003d2a0 GetCurrentProcessId
0x1003d2a4 GetModuleFileNameA
0x1003d2a8 GlobalLock
0x1003d2ac GlobalUnlock
0x1003d2b0 MulDiv
0x1003d2b4 LoadLibraryW
0x1003d2b8 GetCurrentProcess
0x1003d2bc CreateMutexA
0x1003d2c0 lstrcmpiA
0x1003d2c4 FreeResource
0x1003d2c8 FindResourceA
0x1003d2cc LoadResource
0x1003d2d0 LockResource
0x1003d2d4 SizeofResource
0x1003d2d8 GetProcAddress
0x1003d2dc GetModuleHandleA
0x1003d2e0 LoadLibraryA
0x1003d2e4 GetLastError
0x1003d2e8 SetLastError
0x1003d2ec GetCPInfo
0x1003d2f0 WideCharToMultiByte
0x1003d2f4 lstrlenW
0x1003d2f8 MultiByteToWideChar
0x1003d2fc lstrlenA
0x1003d300 GetVersionExA
0x1003d304 GetEnvironmentStrings
0x1003d308 GetVersion
USER32.dll
0x1003d368 CharUpperA
0x1003d36c RegisterClipboardFormatA
0x1003d370 PostThreadMessageA
0x1003d374 SetFocus
0x1003d378 GetWindowTextA
0x1003d37c GetForegroundWindow
0x1003d380 SetActiveWindow
0x1003d384 GetDlgItem
0x1003d388 GetTopWindow
0x1003d38c DestroyWindow
0x1003d390 GetMessageTime
0x1003d394 GetMessagePos
0x1003d398 MapWindowPoints
0x1003d39c TrackPopupMenu
0x1003d3a0 SetMenu
0x1003d3a4 SetForegroundWindow
0x1003d3a8 UpdateWindow
0x1003d3ac CreateWindowExA
0x1003d3b0 GetClassInfoExA
0x1003d3b4 GetClassInfoA
0x1003d3b8 RegisterClassA
0x1003d3bc AdjustWindowRectEx
0x1003d3c0 EqualRect
0x1003d3c4 GetDlgCtrlID
0x1003d3c8 DefWindowProcA
0x1003d3cc CallWindowProcA
0x1003d3d0 GetMenu
0x1003d3d4 SetWindowPos
0x1003d3d8 OffsetRect
0x1003d3dc GetWindowPlacement
0x1003d3e0 GetWindow
0x1003d3e4 SetWindowsHookExA
0x1003d3e8 CallNextHookEx
0x1003d3ec GetMessageA
0x1003d3f0 TranslateMessage
0x1003d3f4 DispatchMessageA
0x1003d3f8 GetActiveWindow
0x1003d3fc IsWindowVisible
0x1003d400 GetKeyState
0x1003d404 PeekMessageA
0x1003d408 GetCursorPos
0x1003d40c ValidateRect
0x1003d410 UnhookWindowsHookEx
0x1003d414 IntersectRect
0x1003d418 MessageBeep
0x1003d41c GetMenuStringA
0x1003d420 GetWindowThreadProcessId
0x1003d424 GetWindowLongA
0x1003d428 GetLastActivePopup
0x1003d42c IsWindowEnabled
0x1003d430 EndPaint
0x1003d434 BeginPaint
0x1003d438 GetWindowDC
0x1003d43c ClientToScreen
0x1003d440 ScreenToClient
0x1003d444 SetWindowLongA
0x1003d448 IsWindow
0x1003d44c SetTimer
0x1003d450 GetParent
0x1003d454 PostMessageA
0x1003d458 KillTimer
0x1003d45c GetWindowRect
0x1003d460 PtInRect
0x1003d464 InvalidateRect
0x1003d468 InflateRect
0x1003d46c IsMenu
0x1003d470 DrawIcon
0x1003d474 IsIconic
0x1003d478 GetClientRect
0x1003d47c SendMessageA
0x1003d480 GetSystemMenu
0x1003d484 MessageBoxA
0x1003d488 ShowWindow
0x1003d48c LoadIconA
0x1003d490 GrayStringA
0x1003d494 DrawTextExA
0x1003d498 TabbedTextOutA
0x1003d49c EnableWindow
0x1003d4a0 GetSubMenu
0x1003d4a4 LoadBitmapA
0x1003d4a8 GetSysColorBrush
0x1003d4ac CreatePopupMenu
0x1003d4b0 CreateMenu
0x1003d4b4 GetMenuItemID
0x1003d4b8 CopyRect
0x1003d4bc GetSysColor
0x1003d4c0 FillRect
0x1003d4c4 GetMenuState
0x1003d4c8 ModifyMenuA
0x1003d4cc GetMenuItemCount
0x1003d4d0 AppendMenuA
0x1003d4d4 ReleaseDC
0x1003d4d8 GetDC
0x1003d4dc GetDesktopWindow
0x1003d4e0 GetSystemMetrics
0x1003d4e4 DestroyIcon
0x1003d4e8 DrawIconEx
0x1003d4ec SystemParametersInfoA
0x1003d4f0 DrawTextA
0x1003d4f4 GetNextDlgGroupItem
0x1003d4f8 InvalidateRgn
0x1003d4fc CopyAcceleratorTableA
0x1003d500 CharNextA
0x1003d504 GetMenuItemInfoA
0x1003d508 SetRect
0x1003d50c DrawEdge
0x1003d510 SetCapture
0x1003d514 IsRectEmpty
0x1003d518 LoadCursorA
0x1003d51c ReleaseCapture
0x1003d520 SetCursor
0x1003d524 CreateDialogIndirectParamA
0x1003d528 GetNextDlgTabItem
0x1003d52c EndDialog
0x1003d530 SetWindowContextHelpId
0x1003d534 MapDialogRect
0x1003d538 PostQuitMessage
0x1003d53c MoveWindow
0x1003d540 SetWindowTextA
0x1003d544 IsDialogMessageA
0x1003d548 SetDlgItemTextA
0x1003d54c WindowFromPoint
0x1003d550 SetMenuItemBitmaps
0x1003d554 GetMenuCheckMarkDimensions
0x1003d558 EnableMenuItem
0x1003d55c CheckMenuItem
0x1003d560 RegisterWindowMessageA
0x1003d564 SendDlgItemMessageA
0x1003d568 WinHelpA
0x1003d56c IsChild
0x1003d570 GetCapture
0x1003d574 GetClassLongA
0x1003d578 GetClassNameA
0x1003d57c SetPropA
0x1003d580 GetPropA
0x1003d584 RemovePropA
0x1003d588 DestroyMenu
0x1003d58c GetFocus
GDI32.dll
0x1003d038 RectVisible
0x1003d03c TextOutA
0x1003d040 ExtTextOutA
0x1003d044 Escape
0x1003d048 GetMapMode
0x1003d04c SaveDC
0x1003d050 RestoreDC
0x1003d054 SetBkColor
0x1003d058 SetBkMode
0x1003d05c SetTextColor
0x1003d060 SetMapMode
0x1003d064 GetClipBox
0x1003d068 LineTo
0x1003d06c MoveToEx
0x1003d070 GetViewportExtEx
0x1003d074 PtVisible
0x1003d078 SetViewportOrgEx
0x1003d07c OffsetViewportOrgEx
0x1003d080 SetViewportExtEx
0x1003d084 ScaleViewportExtEx
0x1003d088 SetWindowOrgEx
0x1003d08c SetWindowExtEx
0x1003d090 ScaleWindowExtEx
0x1003d094 ExtSelectClipRgn
0x1003d098 CreateBitmap
0x1003d09c GetStockObject
0x1003d0a0 CreateRectRgnIndirect
0x1003d0a4 GetBkColor
0x1003d0a8 GetTextColor
0x1003d0ac GetRgnBox
0x1003d0b0 Rectangle
0x1003d0b4 PatBlt
0x1003d0b8 SetPixel
0x1003d0bc GetObjectA
0x1003d0c0 DeleteDC
0x1003d0c4 DeleteObject
0x1003d0c8 SelectObject
0x1003d0cc CreateDIBSection
0x1003d0d0 Ellipse
0x1003d0d4 GetTextExtentPoint32A
0x1003d0d8 GetTextExtentPoint32W
0x1003d0dc CreateFontIndirectA
0x1003d0e0 GetBkMode
0x1003d0e4 CreatePen
0x1003d0e8 GetWindowExtEx
0x1003d0ec CreateCompatibleDC
0x1003d0f0 GetDeviceCaps
0x1003d0f4 BitBlt
0x1003d0f8 CreateCompatibleBitmap
0x1003d0fc CreateSolidBrush
COMDLG32.dll
0x1003d030 GetFileTitleA
WINSPOOL.DRV
0x1003d594 DocumentPropertiesA
0x1003d598 ClosePrinter
0x1003d59c OpenPrinterA
ADVAPI32.dll
0x1003d000 RegDeleteKeyA
0x1003d004 RegQueryValueExA
0x1003d008 RegQueryValueA
0x1003d00c RegOpenKeyA
0x1003d010 RegEnumKeyA
0x1003d014 RegOpenKeyExA
0x1003d018 RegSetValueExA
0x1003d01c RegCreateKeyExA
0x1003d020 RegCloseKey
COMCTL32.dll
0x1003d028 InitCommonControlsEx
SHLWAPI.dll
0x1003d354 PathFindFileNameA
0x1003d358 PathStripToRootA
0x1003d35c PathIsUNCA
0x1003d360 PathFindExtensionA
oledlg.dll
0x1003d5e4 None
ole32.dll
0x1003d5a4 CoRevokeClassObject
0x1003d5a8 OleInitialize
0x1003d5ac CoFreeUnusedLibraries
0x1003d5b0 OleUninitialize
0x1003d5b4 CreateILockBytesOnHGlobal
0x1003d5b8 StgCreateDocfileOnILockBytes
0x1003d5bc StgOpenStorageOnILockBytes
0x1003d5c0 CoGetClassObject
0x1003d5c4 OleIsCurrentClipboard
0x1003d5c8 CLSIDFromString
0x1003d5cc CLSIDFromProgID
0x1003d5d0 CoTaskMemAlloc
0x1003d5d4 CoTaskMemFree
0x1003d5d8 OleFlushClipboard
0x1003d5dc CoRegisterMessageFilter
OLEAUT32.dll
0x1003d31c SysAllocStringByteLen
0x1003d320 SysStringLen
0x1003d324 SysAllocStringLen
0x1003d328 VariantClear
0x1003d32c VariantChangeType
0x1003d330 VariantInit
0x1003d334 VariantCopy
0x1003d338 SafeArrayDestroy
0x1003d33c VariantTimeToSystemTime
0x1003d340 SystemTimeToVariantTime
0x1003d344 OleCreateFontIndirect
0x1003d348 SysAllocString
0x1003d34c SysFreeString
OLEACC.dll
0x1003d310 LresultFromObject
0x1003d314 CreateStdAccessibleObject
EAT(Export Address Table) Library
0x100085e0 StartW
KERNEL32.dll
0x1003d104 HeapReAlloc
0x1003d108 Sleep
0x1003d10c ExitProcess
0x1003d110 HeapSize
0x1003d114 TerminateProcess
0x1003d118 UnhandledExceptionFilter
0x1003d11c SetUnhandledExceptionFilter
0x1003d120 IsDebuggerPresent
0x1003d124 VirtualFree
0x1003d128 HeapCreate
0x1003d12c HeapDestroy
0x1003d130 GetStdHandle
0x1003d134 GetACP
0x1003d138 IsValidCodePage
0x1003d13c LCMapStringA
0x1003d140 LCMapStringW
0x1003d144 SetHandleCount
0x1003d148 GetFileType
0x1003d14c GetStartupInfoA
0x1003d150 FreeEnvironmentStringsA
0x1003d154 VirtualQuery
0x1003d158 FreeEnvironmentStringsW
0x1003d15c GetEnvironmentStringsW
0x1003d160 QueryPerformanceCounter
0x1003d164 GetSystemTimeAsFileTime
0x1003d168 InitializeCriticalSectionAndSpinCount
0x1003d16c GetStringTypeA
0x1003d170 GetStringTypeW
0x1003d174 GetTimeZoneInformation
0x1003d178 GetConsoleCP
0x1003d17c GetConsoleMode
0x1003d180 SetStdHandle
0x1003d184 WriteConsoleA
0x1003d188 GetConsoleOutputCP
0x1003d18c WriteConsoleW
0x1003d190 CompareStringW
0x1003d194 SetEnvironmentVariableA
0x1003d198 GetSystemInfo
0x1003d19c VirtualAlloc
0x1003d1a0 VirtualProtect
0x1003d1a4 RaiseException
0x1003d1a8 RtlUnwind
0x1003d1ac GetCommandLineA
0x1003d1b0 HeapFree
0x1003d1b4 HeapAlloc
0x1003d1b8 GetFileTime
0x1003d1bc GetFileSizeEx
0x1003d1c0 GetFileAttributesA
0x1003d1c4 FileTimeToLocalFileTime
0x1003d1c8 GetTickCount
0x1003d1cc CreateFileA
0x1003d1d0 GetFullPathNameA
0x1003d1d4 GetVolumeInformationA
0x1003d1d8 FindFirstFileA
0x1003d1dc FindClose
0x1003d1e0 DuplicateHandle
0x1003d1e4 GetFileSize
0x1003d1e8 SetEndOfFile
0x1003d1ec UnlockFile
0x1003d1f0 LockFile
0x1003d1f4 FlushFileBuffers
0x1003d1f8 SetFilePointer
0x1003d1fc WriteFile
0x1003d200 ReadFile
0x1003d204 GetOEMCP
0x1003d208 FileTimeToSystemTime
0x1003d20c GetThreadLocale
0x1003d210 TlsFree
0x1003d214 DeleteCriticalSection
0x1003d218 LocalReAlloc
0x1003d21c TlsSetValue
0x1003d220 TlsAlloc
0x1003d224 InitializeCriticalSection
0x1003d228 GlobalHandle
0x1003d22c GlobalReAlloc
0x1003d230 EnterCriticalSection
0x1003d234 TlsGetValue
0x1003d238 LeaveCriticalSection
0x1003d23c LocalAlloc
0x1003d240 InterlockedIncrement
0x1003d244 GetModuleHandleW
0x1003d248 GlobalFlags
0x1003d24c WritePrivateProfileStringA
0x1003d250 GetCurrentThread
0x1003d254 ConvertDefaultLocale
0x1003d258 EnumResourceLanguagesA
0x1003d25c GetLocaleInfoA
0x1003d260 InterlockedExchange
0x1003d264 lstrcmpA
0x1003d268 GlobalGetAtomNameA
0x1003d26c GlobalAddAtomA
0x1003d270 GlobalFindAtomA
0x1003d274 GlobalDeleteAtom
0x1003d278 CompareStringA
0x1003d27c lstrcmpW
0x1003d280 GetCurrentThreadId
0x1003d284 CloseHandle
0x1003d288 FreeLibrary
0x1003d28c InterlockedDecrement
0x1003d290 GlobalFree
0x1003d294 GlobalAlloc
0x1003d298 FormatMessageA
0x1003d29c LocalFree
0x1003d2a0 GetCurrentProcessId
0x1003d2a4 GetModuleFileNameA
0x1003d2a8 GlobalLock
0x1003d2ac GlobalUnlock
0x1003d2b0 MulDiv
0x1003d2b4 LoadLibraryW
0x1003d2b8 GetCurrentProcess
0x1003d2bc CreateMutexA
0x1003d2c0 lstrcmpiA
0x1003d2c4 FreeResource
0x1003d2c8 FindResourceA
0x1003d2cc LoadResource
0x1003d2d0 LockResource
0x1003d2d4 SizeofResource
0x1003d2d8 GetProcAddress
0x1003d2dc GetModuleHandleA
0x1003d2e0 LoadLibraryA
0x1003d2e4 GetLastError
0x1003d2e8 SetLastError
0x1003d2ec GetCPInfo
0x1003d2f0 WideCharToMultiByte
0x1003d2f4 lstrlenW
0x1003d2f8 MultiByteToWideChar
0x1003d2fc lstrlenA
0x1003d300 GetVersionExA
0x1003d304 GetEnvironmentStrings
0x1003d308 GetVersion
USER32.dll
0x1003d368 CharUpperA
0x1003d36c RegisterClipboardFormatA
0x1003d370 PostThreadMessageA
0x1003d374 SetFocus
0x1003d378 GetWindowTextA
0x1003d37c GetForegroundWindow
0x1003d380 SetActiveWindow
0x1003d384 GetDlgItem
0x1003d388 GetTopWindow
0x1003d38c DestroyWindow
0x1003d390 GetMessageTime
0x1003d394 GetMessagePos
0x1003d398 MapWindowPoints
0x1003d39c TrackPopupMenu
0x1003d3a0 SetMenu
0x1003d3a4 SetForegroundWindow
0x1003d3a8 UpdateWindow
0x1003d3ac CreateWindowExA
0x1003d3b0 GetClassInfoExA
0x1003d3b4 GetClassInfoA
0x1003d3b8 RegisterClassA
0x1003d3bc AdjustWindowRectEx
0x1003d3c0 EqualRect
0x1003d3c4 GetDlgCtrlID
0x1003d3c8 DefWindowProcA
0x1003d3cc CallWindowProcA
0x1003d3d0 GetMenu
0x1003d3d4 SetWindowPos
0x1003d3d8 OffsetRect
0x1003d3dc GetWindowPlacement
0x1003d3e0 GetWindow
0x1003d3e4 SetWindowsHookExA
0x1003d3e8 CallNextHookEx
0x1003d3ec GetMessageA
0x1003d3f0 TranslateMessage
0x1003d3f4 DispatchMessageA
0x1003d3f8 GetActiveWindow
0x1003d3fc IsWindowVisible
0x1003d400 GetKeyState
0x1003d404 PeekMessageA
0x1003d408 GetCursorPos
0x1003d40c ValidateRect
0x1003d410 UnhookWindowsHookEx
0x1003d414 IntersectRect
0x1003d418 MessageBeep
0x1003d41c GetMenuStringA
0x1003d420 GetWindowThreadProcessId
0x1003d424 GetWindowLongA
0x1003d428 GetLastActivePopup
0x1003d42c IsWindowEnabled
0x1003d430 EndPaint
0x1003d434 BeginPaint
0x1003d438 GetWindowDC
0x1003d43c ClientToScreen
0x1003d440 ScreenToClient
0x1003d444 SetWindowLongA
0x1003d448 IsWindow
0x1003d44c SetTimer
0x1003d450 GetParent
0x1003d454 PostMessageA
0x1003d458 KillTimer
0x1003d45c GetWindowRect
0x1003d460 PtInRect
0x1003d464 InvalidateRect
0x1003d468 InflateRect
0x1003d46c IsMenu
0x1003d470 DrawIcon
0x1003d474 IsIconic
0x1003d478 GetClientRect
0x1003d47c SendMessageA
0x1003d480 GetSystemMenu
0x1003d484 MessageBoxA
0x1003d488 ShowWindow
0x1003d48c LoadIconA
0x1003d490 GrayStringA
0x1003d494 DrawTextExA
0x1003d498 TabbedTextOutA
0x1003d49c EnableWindow
0x1003d4a0 GetSubMenu
0x1003d4a4 LoadBitmapA
0x1003d4a8 GetSysColorBrush
0x1003d4ac CreatePopupMenu
0x1003d4b0 CreateMenu
0x1003d4b4 GetMenuItemID
0x1003d4b8 CopyRect
0x1003d4bc GetSysColor
0x1003d4c0 FillRect
0x1003d4c4 GetMenuState
0x1003d4c8 ModifyMenuA
0x1003d4cc GetMenuItemCount
0x1003d4d0 AppendMenuA
0x1003d4d4 ReleaseDC
0x1003d4d8 GetDC
0x1003d4dc GetDesktopWindow
0x1003d4e0 GetSystemMetrics
0x1003d4e4 DestroyIcon
0x1003d4e8 DrawIconEx
0x1003d4ec SystemParametersInfoA
0x1003d4f0 DrawTextA
0x1003d4f4 GetNextDlgGroupItem
0x1003d4f8 InvalidateRgn
0x1003d4fc CopyAcceleratorTableA
0x1003d500 CharNextA
0x1003d504 GetMenuItemInfoA
0x1003d508 SetRect
0x1003d50c DrawEdge
0x1003d510 SetCapture
0x1003d514 IsRectEmpty
0x1003d518 LoadCursorA
0x1003d51c ReleaseCapture
0x1003d520 SetCursor
0x1003d524 CreateDialogIndirectParamA
0x1003d528 GetNextDlgTabItem
0x1003d52c EndDialog
0x1003d530 SetWindowContextHelpId
0x1003d534 MapDialogRect
0x1003d538 PostQuitMessage
0x1003d53c MoveWindow
0x1003d540 SetWindowTextA
0x1003d544 IsDialogMessageA
0x1003d548 SetDlgItemTextA
0x1003d54c WindowFromPoint
0x1003d550 SetMenuItemBitmaps
0x1003d554 GetMenuCheckMarkDimensions
0x1003d558 EnableMenuItem
0x1003d55c CheckMenuItem
0x1003d560 RegisterWindowMessageA
0x1003d564 SendDlgItemMessageA
0x1003d568 WinHelpA
0x1003d56c IsChild
0x1003d570 GetCapture
0x1003d574 GetClassLongA
0x1003d578 GetClassNameA
0x1003d57c SetPropA
0x1003d580 GetPropA
0x1003d584 RemovePropA
0x1003d588 DestroyMenu
0x1003d58c GetFocus
GDI32.dll
0x1003d038 RectVisible
0x1003d03c TextOutA
0x1003d040 ExtTextOutA
0x1003d044 Escape
0x1003d048 GetMapMode
0x1003d04c SaveDC
0x1003d050 RestoreDC
0x1003d054 SetBkColor
0x1003d058 SetBkMode
0x1003d05c SetTextColor
0x1003d060 SetMapMode
0x1003d064 GetClipBox
0x1003d068 LineTo
0x1003d06c MoveToEx
0x1003d070 GetViewportExtEx
0x1003d074 PtVisible
0x1003d078 SetViewportOrgEx
0x1003d07c OffsetViewportOrgEx
0x1003d080 SetViewportExtEx
0x1003d084 ScaleViewportExtEx
0x1003d088 SetWindowOrgEx
0x1003d08c SetWindowExtEx
0x1003d090 ScaleWindowExtEx
0x1003d094 ExtSelectClipRgn
0x1003d098 CreateBitmap
0x1003d09c GetStockObject
0x1003d0a0 CreateRectRgnIndirect
0x1003d0a4 GetBkColor
0x1003d0a8 GetTextColor
0x1003d0ac GetRgnBox
0x1003d0b0 Rectangle
0x1003d0b4 PatBlt
0x1003d0b8 SetPixel
0x1003d0bc GetObjectA
0x1003d0c0 DeleteDC
0x1003d0c4 DeleteObject
0x1003d0c8 SelectObject
0x1003d0cc CreateDIBSection
0x1003d0d0 Ellipse
0x1003d0d4 GetTextExtentPoint32A
0x1003d0d8 GetTextExtentPoint32W
0x1003d0dc CreateFontIndirectA
0x1003d0e0 GetBkMode
0x1003d0e4 CreatePen
0x1003d0e8 GetWindowExtEx
0x1003d0ec CreateCompatibleDC
0x1003d0f0 GetDeviceCaps
0x1003d0f4 BitBlt
0x1003d0f8 CreateCompatibleBitmap
0x1003d0fc CreateSolidBrush
COMDLG32.dll
0x1003d030 GetFileTitleA
WINSPOOL.DRV
0x1003d594 DocumentPropertiesA
0x1003d598 ClosePrinter
0x1003d59c OpenPrinterA
ADVAPI32.dll
0x1003d000 RegDeleteKeyA
0x1003d004 RegQueryValueExA
0x1003d008 RegQueryValueA
0x1003d00c RegOpenKeyA
0x1003d010 RegEnumKeyA
0x1003d014 RegOpenKeyExA
0x1003d018 RegSetValueExA
0x1003d01c RegCreateKeyExA
0x1003d020 RegCloseKey
COMCTL32.dll
0x1003d028 InitCommonControlsEx
SHLWAPI.dll
0x1003d354 PathFindFileNameA
0x1003d358 PathStripToRootA
0x1003d35c PathIsUNCA
0x1003d360 PathFindExtensionA
oledlg.dll
0x1003d5e4 None
ole32.dll
0x1003d5a4 CoRevokeClassObject
0x1003d5a8 OleInitialize
0x1003d5ac CoFreeUnusedLibraries
0x1003d5b0 OleUninitialize
0x1003d5b4 CreateILockBytesOnHGlobal
0x1003d5b8 StgCreateDocfileOnILockBytes
0x1003d5bc StgOpenStorageOnILockBytes
0x1003d5c0 CoGetClassObject
0x1003d5c4 OleIsCurrentClipboard
0x1003d5c8 CLSIDFromString
0x1003d5cc CLSIDFromProgID
0x1003d5d0 CoTaskMemAlloc
0x1003d5d4 CoTaskMemFree
0x1003d5d8 OleFlushClipboard
0x1003d5dc CoRegisterMessageFilter
OLEAUT32.dll
0x1003d31c SysAllocStringByteLen
0x1003d320 SysStringLen
0x1003d324 SysAllocStringLen
0x1003d328 VariantClear
0x1003d32c VariantChangeType
0x1003d330 VariantInit
0x1003d334 VariantCopy
0x1003d338 SafeArrayDestroy
0x1003d33c VariantTimeToSystemTime
0x1003d340 SystemTimeToVariantTime
0x1003d344 OleCreateFontIndirect
0x1003d348 SysAllocString
0x1003d34c SysFreeString
OLEACC.dll
0x1003d310 LresultFromObject
0x1003d314 CreateStdAccessibleObject
EAT(Export Address Table) Library
0x100085e0 StartW