ScreenShot
| Created | 2021.07.30 10:46 | Machine | s1_win7_x6402 |
| Filename | downloaddocument.do | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (AIDetect, malware1, Malicious, high confidence, score, Artemis, confidence, Attribute, HighConfidence, Trickpak, Ramnit, Static AI, Malicious PE) | ||
| md5 | 8dcc2d557edcd14aa33dd738ea58f937 | ||
| sha256 | cd774e6a643ce65364e57bdd6e4eea43c08ad5ac157d43d9c232e7bbdce81dd4 | ||
| ssdeep | 12288:gjBb925xIKt+wxNoC2NXH0tndFqvK9tZHkS1oKfqe9KS:A25xIKwlNEtdAvKjLzfES | ||
| imphash | 170fa18cf362a3ea8cc8edbec346f3aa | ||
| impfuzzy | 192:R0z98LObJ53mKOkZtSkoBJxkyuWU79cRc7cxvPPk5XK/35OQF0:a8LC3m1kMUl9EMmSXcpOQF0 | ||
Network IP location
Signature (20cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (17cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 25
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 19
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 25
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 19
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100529b0 SetHandleCount
0x100529b4 GetStdHandle
0x100529b8 GetFileType
0x100529bc GetStartupInfoA
0x100529c0 FreeEnvironmentStringsA
0x100529c4 FreeEnvironmentStringsW
0x100529c8 GetEnvironmentStrings
0x100529cc GetEnvironmentStringsW
0x100529d0 SetUnhandledExceptionFilter
0x100529d4 LCMapStringA
0x100529d8 LCMapStringW
0x100529dc GetStringTypeA
0x100529e0 GetStringTypeW
0x100529e4 IsBadWritePtr
0x100529e8 IsBadCodePtr
0x100529ec SetStdHandle
0x100529f0 CompareStringA
0x100529f4 CompareStringW
0x100529f8 SetEnvironmentVariableA
0x100529fc VirtualAlloc
0x10052a00 GetProfileStringA
0x10052a04 VirtualFree
0x10052a08 HeapCreate
0x10052a0c HeapDestroy
0x10052a10 GetTimeZoneInformation
0x10052a14 GetACP
0x10052a18 HeapSize
0x10052a1c HeapReAlloc
0x10052a20 TerminateProcess
0x10052a24 ExitProcess
0x10052a28 RaiseException
0x10052a2c HeapFree
0x10052a30 GetCommandLineA
0x10052a34 HeapAlloc
0x10052a38 RtlUnwind
0x10052a3c CopyFileA
0x10052a40 FormatMessageA
0x10052a44 FileTimeToLocalFileTime
0x10052a48 FileTimeToSystemTime
0x10052a4c SystemTimeToFileTime
0x10052a50 LocalFileTimeToFileTime
0x10052a54 GetFileSize
0x10052a58 GetShortPathNameA
0x10052a5c GetStringTypeExA
0x10052a60 GetVolumeInformationA
0x10052a64 FindFirstFileA
0x10052a68 FindClose
0x10052a6c DeleteFileA
0x10052a70 MoveFileA
0x10052a74 SetEndOfFile
0x10052a78 UnlockFile
0x10052a7c LockFile
0x10052a80 FlushFileBuffers
0x10052a84 SetFilePointer
0x10052a88 WriteFile
0x10052a8c ReadFile
0x10052a90 CreateFileA
0x10052a94 DuplicateHandle
0x10052a98 GetThreadLocale
0x10052a9c GetCurrentDirectoryA
0x10052aa0 SizeofResource
0x10052aa4 GetOEMCP
0x10052aa8 GetCPInfo
0x10052aac TlsGetValue
0x10052ab0 LocalReAlloc
0x10052ab4 TlsSetValue
0x10052ab8 EnterCriticalSection
0x10052abc LeaveCriticalSection
0x10052ac0 TlsFree
0x10052ac4 GlobalHandle
0x10052ac8 DeleteCriticalSection
0x10052acc TlsAlloc
0x10052ad0 InitializeCriticalSection
0x10052ad4 LocalFree
0x10052ad8 LocalAlloc
0x10052adc SetLastError
0x10052ae0 GlobalFlags
0x10052ae4 GetProcessVersion
0x10052ae8 GlobalReAlloc
0x10052aec GetProfileIntA
0x10052af0 MulDiv
0x10052af4 lstrlenW
0x10052af8 WideCharToMultiByte
0x10052afc InterlockedDecrement
0x10052b00 MultiByteToWideChar
0x10052b04 GetLastError
0x10052b08 GetDiskFreeSpaceA
0x10052b0c GetFileTime
0x10052b10 SetFileTime
0x10052b14 GetFullPathNameA
0x10052b18 GetTempFileNameA
0x10052b1c GetFileAttributesA
0x10052b20 GetTickCount
0x10052b24 WritePrivateProfileStringA
0x10052b28 GetPrivateProfileStringA
0x10052b2c GetPrivateProfileIntA
0x10052b30 InterlockedIncrement
0x10052b34 CloseHandle
0x10052b38 GetModuleFileNameA
0x10052b3c GlobalAlloc
0x10052b40 GetCurrentThread
0x10052b44 lstrcmpA
0x10052b48 GlobalFree
0x10052b4c LoadLibraryA
0x10052b50 FreeLibrary
0x10052b54 FindResourceA
0x10052b58 LoadResource
0x10052b5c LockResource
0x10052b60 GetCurrentThreadId
0x10052b64 lstrcmpiA
0x10052b68 GlobalFindAtomA
0x10052b6c GlobalDeleteAtom
0x10052b70 GetModuleHandleA
0x10052b74 GetProcAddress
0x10052b78 lstrcatA
0x10052b7c lstrcpynA
0x10052b80 GlobalGetAtomNameA
0x10052b84 GlobalAddAtomA
0x10052b88 GetVersion
0x10052b8c lstrcpyA
0x10052b90 lstrlenA
0x10052b94 LoadLibraryW
0x10052b98 GetCurrentProcess
0x10052b9c GlobalSize
0x10052ba0 GlobalLock
0x10052ba4 IsBadReadPtr
0x10052ba8 GlobalUnlock
USER32.dll
0x10052c00 CopyAcceleratorTableA
0x10052c04 GetNextDlgGroupItem
0x10052c08 MessageBeep
0x10052c0c PostThreadMessageA
0x10052c10 CharUpperA
0x10052c14 FindWindowA
0x10052c18 GetTabbedTextExtentA
0x10052c1c InvertRect
0x10052c20 GetDCEx
0x10052c24 LockWindowUpdate
0x10052c28 EndDialog
0x10052c2c CreateDialogIndirectParamA
0x10052c30 GetMenuCheckMarkDimensions
0x10052c34 LoadBitmapA
0x10052c38 GetMenuState
0x10052c3c ModifyMenuA
0x10052c40 SetMenuItemBitmaps
0x10052c44 CheckMenuItem
0x10052c48 EnableMenuItem
0x10052c4c GetNextDlgTabItem
0x10052c50 MoveWindow
0x10052c54 SetWindowTextA
0x10052c58 IsDialogMessageA
0x10052c5c SetDlgItemTextA
0x10052c60 SendDlgItemMessageA
0x10052c64 MapWindowPoints
0x10052c68 GetSysColor
0x10052c6c DispatchMessageA
0x10052c70 ScreenToClient
0x10052c74 DeferWindowPos
0x10052c78 BeginDeferWindowPos
0x10052c7c EndDeferWindowPos
0x10052c80 ScrollWindow
0x10052c84 GetScrollInfo
0x10052c88 SetScrollInfo
0x10052c8c ShowScrollBar
0x10052c90 GetScrollRange
0x10052c94 SetScrollRange
0x10052c98 GetScrollPos
0x10052c9c SetScrollPos
0x10052ca0 GetTopWindow
0x10052ca4 MessageBoxA
0x10052ca8 IsChild
0x10052cac RegisterClassA
0x10052cb0 GetWindowTextLengthA
0x10052cb4 GetWindowTextA
0x10052cb8 DefWindowProcA
0x10052cbc DestroyWindow
0x10052cc0 SetWindowsHookExA
0x10052cc4 CallNextHookEx
0x10052cc8 GetClassLongA
0x10052ccc SetPropA
0x10052cd0 UnhookWindowsHookEx
0x10052cd4 GetPropA
0x10052cd8 CallWindowProcA
0x10052cdc RemovePropA
0x10052ce0 GetMessageTime
0x10052ce4 DrawTextA
0x10052ce8 CharNextA
0x10052cec SetForegroundWindow
0x10052cf0 OffsetRect
0x10052cf4 IntersectRect
0x10052cf8 SystemParametersInfoA
0x10052cfc GetWindowPlacement
0x10052d00 GetWindowRect
0x10052d04 GetSystemMetrics
0x10052d08 GetLastActivePopup
0x10052d0c IsWindowVisible
0x10052d10 IsIconic
0x10052d14 GetFocus
0x10052d18 EqualRect
0x10052d1c CopyRect
0x10052d20 GetDlgItem
0x10052d24 InvalidateRect
0x10052d28 GetKeyState
0x10052d2c GetDlgCtrlID
0x10052d30 UnpackDDElParam
0x10052d34 ReuseDDElParam
0x10052d38 SetActiveWindow
0x10052d3c WinHelpA
0x10052d40 SetMenu
0x10052d44 LoadIconA
0x10052d48 GetClassInfoA
0x10052d4c LoadMenuA
0x10052d50 DestroyMenu
0x10052d54 SetFocus
0x10052d58 ShowWindow
0x10052d5c GetDesktopWindow
0x10052d60 GetWindow
0x10052d64 IsWindowEnabled
0x10052d68 SetCursor
0x10052d6c PeekMessageA
0x10052d70 PostMessageA
0x10052d74 GetCapture
0x10052d78 ReleaseCapture
0x10052d7c LoadAcceleratorsA
0x10052d80 SetRectEmpty
0x10052d84 RegisterWindowMessageA
0x10052d88 GetActiveWindow
0x10052d8c wsprintfA
0x10052d90 GetParent
0x10052d94 GetMenuItemID
0x10052d98 AdjustWindowRectEx
0x10052d9c UpdateWindow
0x10052da0 HideCaret
0x10052da4 ShowCaret
0x10052da8 ExcludeUpdateRgn
0x10052dac DrawFocusRect
0x10052db0 DefDlgProcA
0x10052db4 IsWindowUnicode
0x10052db8 EnableWindow
0x10052dbc TabbedTextOutA
0x10052dc0 EndPaint
0x10052dc4 BeginPaint
0x10052dc8 RedrawWindow
0x10052dcc SetWindowPos
0x10052dd0 GetClientRect
0x10052dd4 GetWindowLongA
0x10052dd8 SetWindowLongA
0x10052ddc IsWindow
0x10052de0 DefMDIChildProcA
0x10052de4 SendMessageA
0x10052de8 DrawMenuBar
0x10052dec TranslateAcceleratorA
0x10052df0 TranslateMDISysAccel
0x10052df4 DefFrameProcA
0x10052df8 CreateWindowExA
0x10052dfc BringWindowToTop
0x10052e00 GetMenu
0x10052e04 DestroyIcon
0x10052e08 GetMenuStringA
0x10052e0c InsertMenuA
0x10052e10 GetForegroundWindow
0x10052e14 GrayStringA
0x10052e18 GetMenuItemCount
0x10052e1c GetSubMenu
0x10052e20 GetWindowDC
0x10052e24 LoadStringA
0x10052e28 GetClassNameA
0x10052e2c GetSysColorBrush
0x10052e30 ClientToScreen
0x10052e34 WindowFromPoint
0x10052e38 KillTimer
0x10052e3c SetTimer
0x10052e40 GetSystemMenu
0x10052e44 DeleteMenu
0x10052e48 AppendMenuA
0x10052e4c SetParent
0x10052e50 IsZoomed
0x10052e54 IsRectEmpty
0x10052e58 SetCapture
0x10052e5c IsClipboardFormatAvailable
0x10052e60 InflateRect
0x10052e64 PtInRect
0x10052e68 FillRect
0x10052e6c SetRect
0x10052e70 GetDC
0x10052e74 ReleaseDC
0x10052e78 LoadCursorA
0x10052e7c DestroyCursor
0x10052e80 RegisterClipboardFormatA
0x10052e84 MapDialogRect
0x10052e88 SetWindowContextHelpId
0x10052e8c PostQuitMessage
0x10052e90 TranslateMessage
0x10052e94 ValidateRect
0x10052e98 GetCursorPos
0x10052e9c GetMessagePos
0x10052ea0 ShowOwnedPopups
0x10052ea4 GetMessageA
GDI32.dll
0x1005286c StartDocA
0x10052870 SetAbortProc
0x10052874 CreateDCA
0x10052878 DeleteDC
0x1005287c GetTextExtentPoint32A
0x10052880 SelectObject
0x10052884 GetTextMetricsA
0x10052888 StretchDIBits
0x1005288c CreateCompatibleDC
0x10052890 CreateCompatibleBitmap
0x10052894 DeleteObject
0x10052898 GetCharWidthA
0x1005289c CreateFontA
0x100528a0 SaveDC
0x100528a4 RestoreDC
0x100528a8 SetBkMode
0x100528ac SetPolyFillMode
0x100528b0 SetROP2
0x100528b4 SetStretchBltMode
0x100528b8 SetMapMode
0x100528bc SetViewportOrgEx
0x100528c0 OffsetViewportOrgEx
0x100528c4 SetViewportExtEx
0x100528c8 ScaleViewportExtEx
0x100528cc SetWindowOrgEx
0x100528d0 SetWindowExtEx
0x100528d4 ScaleWindowExtEx
0x100528d8 SelectClipRgn
0x100528dc ExcludeClipRect
0x100528e0 IntersectClipRect
0x100528e4 MoveToEx
0x100528e8 LineTo
0x100528ec SetTextAlign
0x100528f0 GetCurrentPositionEx
0x100528f4 StartPage
0x100528f8 CreateRectRgn
0x100528fc GetViewportExtEx
0x10052900 GetWindowExtEx
0x10052904 CreateSolidBrush
0x10052908 CreatePatternBrush
0x1005290c PtVisible
0x10052910 RectVisible
0x10052914 TextOutA
0x10052918 ExtTextOutA
0x1005291c Escape
0x10052920 CreateFontIndirectA
0x10052924 GetTextColor
0x10052928 GetBkColor
0x1005292c LPtoDP
0x10052930 GetNearestColor
0x10052934 GetStretchBltMode
0x10052938 GetPolyFillMode
0x1005293c GetTextAlign
0x10052940 GetBkMode
0x10052944 GetROP2
0x10052948 GetTextFaceA
0x1005294c GetWindowOrgEx
0x10052950 CopyMetaFileA
0x10052954 BitBlt
0x10052958 GetMapMode
0x1005295c SetRectRgn
0x10052960 CombineRgn
0x10052964 CreateRectRgnIndirect
0x10052968 EndPage
0x1005296c EndDoc
0x10052970 AbortDoc
0x10052974 GetViewportOrgEx
0x10052978 CreatePen
0x1005297c DPtoLP
0x10052980 Rectangle
0x10052984 GetStockObject
0x10052988 PatBlt
0x1005298c GetDeviceCaps
0x10052990 CreateBitmap
0x10052994 GetObjectA
0x10052998 SetBkColor
0x1005299c SetTextColor
0x100529a0 GetClipBox
0x100529a4 CreateDIBitmap
0x100529a8 GetTextExtentPointA
comdlg32.dll
0x10052ebc GetSaveFileNameA
0x10052ec0 GetFileTitleA
0x10052ec4 GetOpenFileNameA
0x10052ec8 CommDlgExtendedError
0x10052ecc PrintDlgA
WINSPOOL.DRV
0x10052eac OpenPrinterA
0x10052eb0 DocumentPropertiesA
0x10052eb4 ClosePrinter
ADVAPI32.dll
0x10052828 RegQueryValueExA
0x1005282c RegCreateKeyA
0x10052830 RegSetValueA
0x10052834 GetFileSecurityA
0x10052838 SetFileSecurityA
0x1005283c RegDeleteValueA
0x10052840 RegSetValueExA
0x10052844 RegQueryValueA
0x10052848 RegOpenKeyExA
0x1005284c RegCreateKeyExA
0x10052850 RegDeleteKeyA
0x10052854 RegOpenKeyA
0x10052858 RegEnumKeyA
0x1005285c RegCloseKey
SHELL32.dll
0x10052be8 ExtractIconA
0x10052bec DragAcceptFiles
0x10052bf0 DragQueryFileA
0x10052bf4 DragFinish
0x10052bf8 SHGetFileInfoA
COMCTL32.dll
0x10052864 None
oledlg.dll
0x10052f44 None
ole32.dll
0x10052ed4 CoRegisterMessageFilter
0x10052ed8 CoTaskMemAlloc
0x10052edc CreateILockBytesOnHGlobal
0x10052ee0 StgCreateDocfileOnILockBytes
0x10052ee4 StgOpenStorageOnILockBytes
0x10052ee8 CoGetClassObject
0x10052eec CoDisconnectObject
0x10052ef0 StringFromCLSID
0x10052ef4 DoDragDrop
0x10052ef8 OleGetClipboard
0x10052efc OleIsCurrentClipboard
0x10052f00 OleDuplicateData
0x10052f04 OleSetClipboard
0x10052f08 CoTaskMemFree
0x10052f0c ReleaseStgMedium
0x10052f10 RevokeDragDrop
0x10052f14 CoLockObjectExternal
0x10052f18 RegisterDragDrop
0x10052f1c CoFreeUnusedLibraries
0x10052f20 OleUninitialize
0x10052f24 OleInitialize
0x10052f28 CLSIDFromString
0x10052f2c CLSIDFromProgID
0x10052f30 CoRevokeClassObject
0x10052f34 CoRegisterClassObject
0x10052f38 CreateStreamOnHGlobal
0x10052f3c OleFlushClipboard
OLEPRO32.DLL
0x10052be0 None
OLEAUT32.dll
0x10052bb0 SysFreeString
0x10052bb4 SysStringByteLen
0x10052bb8 SysAllocStringLen
0x10052bbc VariantCopy
0x10052bc0 VariantClear
0x10052bc4 VariantChangeType
0x10052bc8 SysAllocString
0x10052bcc VariantTimeToSystemTime
0x10052bd0 SysStringLen
0x10052bd4 SysAllocStringByteLen
0x10052bd8 LoadTypeLib
EAT(Export Address Table) Library
0x10002390 StartW
KERNEL32.dll
0x100529b0 SetHandleCount
0x100529b4 GetStdHandle
0x100529b8 GetFileType
0x100529bc GetStartupInfoA
0x100529c0 FreeEnvironmentStringsA
0x100529c4 FreeEnvironmentStringsW
0x100529c8 GetEnvironmentStrings
0x100529cc GetEnvironmentStringsW
0x100529d0 SetUnhandledExceptionFilter
0x100529d4 LCMapStringA
0x100529d8 LCMapStringW
0x100529dc GetStringTypeA
0x100529e0 GetStringTypeW
0x100529e4 IsBadWritePtr
0x100529e8 IsBadCodePtr
0x100529ec SetStdHandle
0x100529f0 CompareStringA
0x100529f4 CompareStringW
0x100529f8 SetEnvironmentVariableA
0x100529fc VirtualAlloc
0x10052a00 GetProfileStringA
0x10052a04 VirtualFree
0x10052a08 HeapCreate
0x10052a0c HeapDestroy
0x10052a10 GetTimeZoneInformation
0x10052a14 GetACP
0x10052a18 HeapSize
0x10052a1c HeapReAlloc
0x10052a20 TerminateProcess
0x10052a24 ExitProcess
0x10052a28 RaiseException
0x10052a2c HeapFree
0x10052a30 GetCommandLineA
0x10052a34 HeapAlloc
0x10052a38 RtlUnwind
0x10052a3c CopyFileA
0x10052a40 FormatMessageA
0x10052a44 FileTimeToLocalFileTime
0x10052a48 FileTimeToSystemTime
0x10052a4c SystemTimeToFileTime
0x10052a50 LocalFileTimeToFileTime
0x10052a54 GetFileSize
0x10052a58 GetShortPathNameA
0x10052a5c GetStringTypeExA
0x10052a60 GetVolumeInformationA
0x10052a64 FindFirstFileA
0x10052a68 FindClose
0x10052a6c DeleteFileA
0x10052a70 MoveFileA
0x10052a74 SetEndOfFile
0x10052a78 UnlockFile
0x10052a7c LockFile
0x10052a80 FlushFileBuffers
0x10052a84 SetFilePointer
0x10052a88 WriteFile
0x10052a8c ReadFile
0x10052a90 CreateFileA
0x10052a94 DuplicateHandle
0x10052a98 GetThreadLocale
0x10052a9c GetCurrentDirectoryA
0x10052aa0 SizeofResource
0x10052aa4 GetOEMCP
0x10052aa8 GetCPInfo
0x10052aac TlsGetValue
0x10052ab0 LocalReAlloc
0x10052ab4 TlsSetValue
0x10052ab8 EnterCriticalSection
0x10052abc LeaveCriticalSection
0x10052ac0 TlsFree
0x10052ac4 GlobalHandle
0x10052ac8 DeleteCriticalSection
0x10052acc TlsAlloc
0x10052ad0 InitializeCriticalSection
0x10052ad4 LocalFree
0x10052ad8 LocalAlloc
0x10052adc SetLastError
0x10052ae0 GlobalFlags
0x10052ae4 GetProcessVersion
0x10052ae8 GlobalReAlloc
0x10052aec GetProfileIntA
0x10052af0 MulDiv
0x10052af4 lstrlenW
0x10052af8 WideCharToMultiByte
0x10052afc InterlockedDecrement
0x10052b00 MultiByteToWideChar
0x10052b04 GetLastError
0x10052b08 GetDiskFreeSpaceA
0x10052b0c GetFileTime
0x10052b10 SetFileTime
0x10052b14 GetFullPathNameA
0x10052b18 GetTempFileNameA
0x10052b1c GetFileAttributesA
0x10052b20 GetTickCount
0x10052b24 WritePrivateProfileStringA
0x10052b28 GetPrivateProfileStringA
0x10052b2c GetPrivateProfileIntA
0x10052b30 InterlockedIncrement
0x10052b34 CloseHandle
0x10052b38 GetModuleFileNameA
0x10052b3c GlobalAlloc
0x10052b40 GetCurrentThread
0x10052b44 lstrcmpA
0x10052b48 GlobalFree
0x10052b4c LoadLibraryA
0x10052b50 FreeLibrary
0x10052b54 FindResourceA
0x10052b58 LoadResource
0x10052b5c LockResource
0x10052b60 GetCurrentThreadId
0x10052b64 lstrcmpiA
0x10052b68 GlobalFindAtomA
0x10052b6c GlobalDeleteAtom
0x10052b70 GetModuleHandleA
0x10052b74 GetProcAddress
0x10052b78 lstrcatA
0x10052b7c lstrcpynA
0x10052b80 GlobalGetAtomNameA
0x10052b84 GlobalAddAtomA
0x10052b88 GetVersion
0x10052b8c lstrcpyA
0x10052b90 lstrlenA
0x10052b94 LoadLibraryW
0x10052b98 GetCurrentProcess
0x10052b9c GlobalSize
0x10052ba0 GlobalLock
0x10052ba4 IsBadReadPtr
0x10052ba8 GlobalUnlock
USER32.dll
0x10052c00 CopyAcceleratorTableA
0x10052c04 GetNextDlgGroupItem
0x10052c08 MessageBeep
0x10052c0c PostThreadMessageA
0x10052c10 CharUpperA
0x10052c14 FindWindowA
0x10052c18 GetTabbedTextExtentA
0x10052c1c InvertRect
0x10052c20 GetDCEx
0x10052c24 LockWindowUpdate
0x10052c28 EndDialog
0x10052c2c CreateDialogIndirectParamA
0x10052c30 GetMenuCheckMarkDimensions
0x10052c34 LoadBitmapA
0x10052c38 GetMenuState
0x10052c3c ModifyMenuA
0x10052c40 SetMenuItemBitmaps
0x10052c44 CheckMenuItem
0x10052c48 EnableMenuItem
0x10052c4c GetNextDlgTabItem
0x10052c50 MoveWindow
0x10052c54 SetWindowTextA
0x10052c58 IsDialogMessageA
0x10052c5c SetDlgItemTextA
0x10052c60 SendDlgItemMessageA
0x10052c64 MapWindowPoints
0x10052c68 GetSysColor
0x10052c6c DispatchMessageA
0x10052c70 ScreenToClient
0x10052c74 DeferWindowPos
0x10052c78 BeginDeferWindowPos
0x10052c7c EndDeferWindowPos
0x10052c80 ScrollWindow
0x10052c84 GetScrollInfo
0x10052c88 SetScrollInfo
0x10052c8c ShowScrollBar
0x10052c90 GetScrollRange
0x10052c94 SetScrollRange
0x10052c98 GetScrollPos
0x10052c9c SetScrollPos
0x10052ca0 GetTopWindow
0x10052ca4 MessageBoxA
0x10052ca8 IsChild
0x10052cac RegisterClassA
0x10052cb0 GetWindowTextLengthA
0x10052cb4 GetWindowTextA
0x10052cb8 DefWindowProcA
0x10052cbc DestroyWindow
0x10052cc0 SetWindowsHookExA
0x10052cc4 CallNextHookEx
0x10052cc8 GetClassLongA
0x10052ccc SetPropA
0x10052cd0 UnhookWindowsHookEx
0x10052cd4 GetPropA
0x10052cd8 CallWindowProcA
0x10052cdc RemovePropA
0x10052ce0 GetMessageTime
0x10052ce4 DrawTextA
0x10052ce8 CharNextA
0x10052cec SetForegroundWindow
0x10052cf0 OffsetRect
0x10052cf4 IntersectRect
0x10052cf8 SystemParametersInfoA
0x10052cfc GetWindowPlacement
0x10052d00 GetWindowRect
0x10052d04 GetSystemMetrics
0x10052d08 GetLastActivePopup
0x10052d0c IsWindowVisible
0x10052d10 IsIconic
0x10052d14 GetFocus
0x10052d18 EqualRect
0x10052d1c CopyRect
0x10052d20 GetDlgItem
0x10052d24 InvalidateRect
0x10052d28 GetKeyState
0x10052d2c GetDlgCtrlID
0x10052d30 UnpackDDElParam
0x10052d34 ReuseDDElParam
0x10052d38 SetActiveWindow
0x10052d3c WinHelpA
0x10052d40 SetMenu
0x10052d44 LoadIconA
0x10052d48 GetClassInfoA
0x10052d4c LoadMenuA
0x10052d50 DestroyMenu
0x10052d54 SetFocus
0x10052d58 ShowWindow
0x10052d5c GetDesktopWindow
0x10052d60 GetWindow
0x10052d64 IsWindowEnabled
0x10052d68 SetCursor
0x10052d6c PeekMessageA
0x10052d70 PostMessageA
0x10052d74 GetCapture
0x10052d78 ReleaseCapture
0x10052d7c LoadAcceleratorsA
0x10052d80 SetRectEmpty
0x10052d84 RegisterWindowMessageA
0x10052d88 GetActiveWindow
0x10052d8c wsprintfA
0x10052d90 GetParent
0x10052d94 GetMenuItemID
0x10052d98 AdjustWindowRectEx
0x10052d9c UpdateWindow
0x10052da0 HideCaret
0x10052da4 ShowCaret
0x10052da8 ExcludeUpdateRgn
0x10052dac DrawFocusRect
0x10052db0 DefDlgProcA
0x10052db4 IsWindowUnicode
0x10052db8 EnableWindow
0x10052dbc TabbedTextOutA
0x10052dc0 EndPaint
0x10052dc4 BeginPaint
0x10052dc8 RedrawWindow
0x10052dcc SetWindowPos
0x10052dd0 GetClientRect
0x10052dd4 GetWindowLongA
0x10052dd8 SetWindowLongA
0x10052ddc IsWindow
0x10052de0 DefMDIChildProcA
0x10052de4 SendMessageA
0x10052de8 DrawMenuBar
0x10052dec TranslateAcceleratorA
0x10052df0 TranslateMDISysAccel
0x10052df4 DefFrameProcA
0x10052df8 CreateWindowExA
0x10052dfc BringWindowToTop
0x10052e00 GetMenu
0x10052e04 DestroyIcon
0x10052e08 GetMenuStringA
0x10052e0c InsertMenuA
0x10052e10 GetForegroundWindow
0x10052e14 GrayStringA
0x10052e18 GetMenuItemCount
0x10052e1c GetSubMenu
0x10052e20 GetWindowDC
0x10052e24 LoadStringA
0x10052e28 GetClassNameA
0x10052e2c GetSysColorBrush
0x10052e30 ClientToScreen
0x10052e34 WindowFromPoint
0x10052e38 KillTimer
0x10052e3c SetTimer
0x10052e40 GetSystemMenu
0x10052e44 DeleteMenu
0x10052e48 AppendMenuA
0x10052e4c SetParent
0x10052e50 IsZoomed
0x10052e54 IsRectEmpty
0x10052e58 SetCapture
0x10052e5c IsClipboardFormatAvailable
0x10052e60 InflateRect
0x10052e64 PtInRect
0x10052e68 FillRect
0x10052e6c SetRect
0x10052e70 GetDC
0x10052e74 ReleaseDC
0x10052e78 LoadCursorA
0x10052e7c DestroyCursor
0x10052e80 RegisterClipboardFormatA
0x10052e84 MapDialogRect
0x10052e88 SetWindowContextHelpId
0x10052e8c PostQuitMessage
0x10052e90 TranslateMessage
0x10052e94 ValidateRect
0x10052e98 GetCursorPos
0x10052e9c GetMessagePos
0x10052ea0 ShowOwnedPopups
0x10052ea4 GetMessageA
GDI32.dll
0x1005286c StartDocA
0x10052870 SetAbortProc
0x10052874 CreateDCA
0x10052878 DeleteDC
0x1005287c GetTextExtentPoint32A
0x10052880 SelectObject
0x10052884 GetTextMetricsA
0x10052888 StretchDIBits
0x1005288c CreateCompatibleDC
0x10052890 CreateCompatibleBitmap
0x10052894 DeleteObject
0x10052898 GetCharWidthA
0x1005289c CreateFontA
0x100528a0 SaveDC
0x100528a4 RestoreDC
0x100528a8 SetBkMode
0x100528ac SetPolyFillMode
0x100528b0 SetROP2
0x100528b4 SetStretchBltMode
0x100528b8 SetMapMode
0x100528bc SetViewportOrgEx
0x100528c0 OffsetViewportOrgEx
0x100528c4 SetViewportExtEx
0x100528c8 ScaleViewportExtEx
0x100528cc SetWindowOrgEx
0x100528d0 SetWindowExtEx
0x100528d4 ScaleWindowExtEx
0x100528d8 SelectClipRgn
0x100528dc ExcludeClipRect
0x100528e0 IntersectClipRect
0x100528e4 MoveToEx
0x100528e8 LineTo
0x100528ec SetTextAlign
0x100528f0 GetCurrentPositionEx
0x100528f4 StartPage
0x100528f8 CreateRectRgn
0x100528fc GetViewportExtEx
0x10052900 GetWindowExtEx
0x10052904 CreateSolidBrush
0x10052908 CreatePatternBrush
0x1005290c PtVisible
0x10052910 RectVisible
0x10052914 TextOutA
0x10052918 ExtTextOutA
0x1005291c Escape
0x10052920 CreateFontIndirectA
0x10052924 GetTextColor
0x10052928 GetBkColor
0x1005292c LPtoDP
0x10052930 GetNearestColor
0x10052934 GetStretchBltMode
0x10052938 GetPolyFillMode
0x1005293c GetTextAlign
0x10052940 GetBkMode
0x10052944 GetROP2
0x10052948 GetTextFaceA
0x1005294c GetWindowOrgEx
0x10052950 CopyMetaFileA
0x10052954 BitBlt
0x10052958 GetMapMode
0x1005295c SetRectRgn
0x10052960 CombineRgn
0x10052964 CreateRectRgnIndirect
0x10052968 EndPage
0x1005296c EndDoc
0x10052970 AbortDoc
0x10052974 GetViewportOrgEx
0x10052978 CreatePen
0x1005297c DPtoLP
0x10052980 Rectangle
0x10052984 GetStockObject
0x10052988 PatBlt
0x1005298c GetDeviceCaps
0x10052990 CreateBitmap
0x10052994 GetObjectA
0x10052998 SetBkColor
0x1005299c SetTextColor
0x100529a0 GetClipBox
0x100529a4 CreateDIBitmap
0x100529a8 GetTextExtentPointA
comdlg32.dll
0x10052ebc GetSaveFileNameA
0x10052ec0 GetFileTitleA
0x10052ec4 GetOpenFileNameA
0x10052ec8 CommDlgExtendedError
0x10052ecc PrintDlgA
WINSPOOL.DRV
0x10052eac OpenPrinterA
0x10052eb0 DocumentPropertiesA
0x10052eb4 ClosePrinter
ADVAPI32.dll
0x10052828 RegQueryValueExA
0x1005282c RegCreateKeyA
0x10052830 RegSetValueA
0x10052834 GetFileSecurityA
0x10052838 SetFileSecurityA
0x1005283c RegDeleteValueA
0x10052840 RegSetValueExA
0x10052844 RegQueryValueA
0x10052848 RegOpenKeyExA
0x1005284c RegCreateKeyExA
0x10052850 RegDeleteKeyA
0x10052854 RegOpenKeyA
0x10052858 RegEnumKeyA
0x1005285c RegCloseKey
SHELL32.dll
0x10052be8 ExtractIconA
0x10052bec DragAcceptFiles
0x10052bf0 DragQueryFileA
0x10052bf4 DragFinish
0x10052bf8 SHGetFileInfoA
COMCTL32.dll
0x10052864 None
oledlg.dll
0x10052f44 None
ole32.dll
0x10052ed4 CoRegisterMessageFilter
0x10052ed8 CoTaskMemAlloc
0x10052edc CreateILockBytesOnHGlobal
0x10052ee0 StgCreateDocfileOnILockBytes
0x10052ee4 StgOpenStorageOnILockBytes
0x10052ee8 CoGetClassObject
0x10052eec CoDisconnectObject
0x10052ef0 StringFromCLSID
0x10052ef4 DoDragDrop
0x10052ef8 OleGetClipboard
0x10052efc OleIsCurrentClipboard
0x10052f00 OleDuplicateData
0x10052f04 OleSetClipboard
0x10052f08 CoTaskMemFree
0x10052f0c ReleaseStgMedium
0x10052f10 RevokeDragDrop
0x10052f14 CoLockObjectExternal
0x10052f18 RegisterDragDrop
0x10052f1c CoFreeUnusedLibraries
0x10052f20 OleUninitialize
0x10052f24 OleInitialize
0x10052f28 CLSIDFromString
0x10052f2c CLSIDFromProgID
0x10052f30 CoRevokeClassObject
0x10052f34 CoRegisterClassObject
0x10052f38 CreateStreamOnHGlobal
0x10052f3c OleFlushClipboard
OLEPRO32.DLL
0x10052be0 None
OLEAUT32.dll
0x10052bb0 SysFreeString
0x10052bb4 SysStringByteLen
0x10052bb8 SysAllocStringLen
0x10052bbc VariantCopy
0x10052bc0 VariantClear
0x10052bc4 VariantChangeType
0x10052bc8 SysAllocString
0x10052bcc VariantTimeToSystemTime
0x10052bd0 SysStringLen
0x10052bd4 SysAllocStringByteLen
0x10052bd8 LoadTypeLib
EAT(Export Address Table) Library
0x10002390 StartW