ScreenShot
| Created | 2021.08.10 09:31 | Machine | s1_win7_x6403 |
| Filename | المريض باسل دراغمة_0001 pdf.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (Bobik, ZelphiF, @V0@aaHM2lli, Attribute, HighConfidence, FileRepMalware, Wopq, AGEN, Wacatac, Malicious, score, Artemis, TScope, Delf, TA402, Molerats, CLASSIC, HgIASZ8A) | ||
| md5 | d60edd62ea6f2965e663c1a4ed2fdea8 | ||
| sha256 | f2f36a72cfb25cef74ff0ea8e3ad1c49c6dc3e128fd60a2717f4c5a225e20df2 | ||
| ssdeep | 49152:Gbr+E4KzVfTYS+mb2euhB9/RgE4ksagGKHMn6sE3HYTa+1ak5HomXobrZM6bbbzu:Gbt4rmb2euhB9/lwGlne6jodbNBW | ||
| imphash | a542c6e23f93e2b715c5c21c22b23839 | ||
| impfuzzy | 192:Ncdq8Uu5dVYTexCWTOwI7ueQTO7uNjv4DBITF0+TBwNyEO:NcEEPTOGeQTOUv4DBIpHFwPO | ||
Network IP location
Signature (28cnts)
| Level | Description |
|---|---|
| watch | Executes one or more WMI queries |
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process acrord32.exe |
| watch | One or more non-whitelisted processes were created |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates (office) documents on the filesystem |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Sends data using the HTTP POST Method |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Tries to locate where the browsers are installed |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | PDF_Format_Z | PDF Format | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (10cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE MICROPSIA CnC Checkin
ET MALWARE MICROPSIA Screenshot Upload M3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE MICROPSIA CnC Checkin
ET MALWARE MICROPSIA Screenshot Upload M3
PE API
IAT(Import Address Table) Library
winspool.drv
0x6f1944 DocumentPropertiesW
0x6f1948 ClosePrinter
0x6f194c OpenPrinterW
0x6f1950 GetDefaultPrinterW
0x6f1954 EnumPrintersW
comctl32.dll
0x6f195c ImageList_GetImageInfo
0x6f1960 FlatSB_SetScrollInfo
0x6f1964 ImageList_DragMove
0x6f1968 ImageList_Destroy
0x6f196c _TrackMouseEvent
0x6f1970 ImageList_DragShowNolock
0x6f1974 ImageList_Add
0x6f1978 FlatSB_SetScrollProp
0x6f197c ImageList_GetDragImage
0x6f1980 ImageList_Create
0x6f1984 ImageList_EndDrag
0x6f1988 ImageList_DrawEx
0x6f198c ImageList_SetImageCount
0x6f1990 FlatSB_GetScrollPos
0x6f1994 FlatSB_SetScrollPos
0x6f1998 InitializeFlatSB
0x6f199c ImageList_Copy
0x6f19a0 FlatSB_GetScrollInfo
0x6f19a4 ImageList_Write
0x6f19a8 ImageList_DrawIndirect
0x6f19ac ImageList_SetBkColor
0x6f19b0 ImageList_GetBkColor
0x6f19b4 ImageList_BeginDrag
0x6f19b8 ImageList_GetIcon
0x6f19bc ImageList_Replace
0x6f19c0 ImageList_GetImageCount
0x6f19c4 ImageList_DragEnter
0x6f19c8 ImageList_GetIconSize
0x6f19cc ImageList_SetIconSize
0x6f19d0 ImageList_Read
0x6f19d4 ImageList_DragLeave
0x6f19d8 ImageList_LoadImageW
0x6f19dc ImageList_Draw
0x6f19e0 ImageList_Remove
0x6f19e4 ImageList_ReplaceIcon
0x6f19e8 ImageList_SetOverlayImage
shell32.dll
0x6f19f0 SHGetSpecialFolderLocation
0x6f19f4 Shell_NotifyIconW
0x6f19f8 ShellExecuteW
0x6f19fc SHGetPathFromIDListW
user32.dll
0x6f1a04 CopyImage
0x6f1a08 CreateWindowExW
0x6f1a0c GetMenuItemInfoW
0x6f1a10 SetMenuItemInfoW
0x6f1a14 DefFrameProcW
0x6f1a18 GetDCEx
0x6f1a1c PeekMessageW
0x6f1a20 MonitorFromWindow
0x6f1a24 GetDlgCtrlID
0x6f1a28 SetTimer
0x6f1a2c WindowFromPoint
0x6f1a30 BeginPaint
0x6f1a34 RegisterClipboardFormatW
0x6f1a38 FrameRect
0x6f1a3c MapVirtualKeyW
0x6f1a40 IsWindowUnicode
0x6f1a44 RegisterWindowMessageW
0x6f1a48 FillRect
0x6f1a4c GetMenuStringW
0x6f1a50 DispatchMessageW
0x6f1a54 CreateAcceleratorTableW
0x6f1a58 SendMessageA
0x6f1a5c DefMDIChildProcW
0x6f1a60 EnumWindows
0x6f1a64 GetClassInfoW
0x6f1a68 ShowOwnedPopups
0x6f1a6c GetSystemMenu
0x6f1a70 GetScrollRange
0x6f1a74 SetScrollPos
0x6f1a78 GetScrollPos
0x6f1a7c GetActiveWindow
0x6f1a80 SetActiveWindow
0x6f1a84 DrawEdge
0x6f1a88 GetKeyboardLayoutList
0x6f1a8c LoadBitmapW
0x6f1a90 DrawFocusRect
0x6f1a94 EnumChildWindows
0x6f1a98 GetScrollBarInfo
0x6f1a9c ReleaseCapture
0x6f1aa0 UnhookWindowsHookEx
0x6f1aa4 LoadCursorW
0x6f1aa8 GetCapture
0x6f1aac SetCapture
0x6f1ab0 CreatePopupMenu
0x6f1ab4 ScrollWindow
0x6f1ab8 ShowCaret
0x6f1abc GetMenuItemID
0x6f1ac0 GetLastActivePopup
0x6f1ac4 CharLowerBuffW
0x6f1ac8 GetSystemMetrics
0x6f1acc SetWindowLongW
0x6f1ad0 PostMessageW
0x6f1ad4 DrawMenuBar
0x6f1ad8 SetParent
0x6f1adc IsZoomed
0x6f1ae0 CharUpperBuffW
0x6f1ae4 GetClientRect
0x6f1ae8 IsChild
0x6f1aec ClientToScreen
0x6f1af0 GetClipboardData
0x6f1af4 SetClipboardData
0x6f1af8 SetWindowPlacement
0x6f1afc IsIconic
0x6f1b00 CallNextHookEx
0x6f1b04 GetMonitorInfoW
0x6f1b08 ShowWindow
0x6f1b0c CheckMenuItem
0x6f1b10 CharUpperW
0x6f1b14 DefWindowProcW
0x6f1b18 GetForegroundWindow
0x6f1b1c SetForegroundWindow
0x6f1b20 GetWindowTextW
0x6f1b24 EnableWindow
0x6f1b28 DestroyWindow
0x6f1b2c IsDialogMessageW
0x6f1b30 EndMenu
0x6f1b34 RegisterClassW
0x6f1b38 CharNextW
0x6f1b3c GetWindowThreadProcessId
0x6f1b40 RedrawWindow
0x6f1b44 GetDC
0x6f1b48 GetFocus
0x6f1b4c SetFocus
0x6f1b50 EndPaint
0x6f1b54 ReleaseDC
0x6f1b58 MsgWaitForMultipleObjectsEx
0x6f1b5c LoadKeyboardLayoutW
0x6f1b60 GetClassLongW
0x6f1b64 ActivateKeyboardLayout
0x6f1b68 GetParent
0x6f1b6c DrawTextW
0x6f1b70 SetScrollRange
0x6f1b74 MonitorFromRect
0x6f1b78 InsertMenuItemW
0x6f1b7c PeekMessageA
0x6f1b80 GetPropW
0x6f1b84 SetClassLongW
0x6f1b88 MessageBoxW
0x6f1b8c MessageBeep
0x6f1b90 SetPropW
0x6f1b94 RemovePropW
0x6f1b98 UpdateWindow
0x6f1b9c GetSubMenu
0x6f1ba0 MsgWaitForMultipleObjects
0x6f1ba4 DestroyMenu
0x6f1ba8 DestroyIcon
0x6f1bac SetWindowsHookExW
0x6f1bb0 EmptyClipboard
0x6f1bb4 IsWindowVisible
0x6f1bb8 DispatchMessageA
0x6f1bbc UnregisterClassW
0x6f1bc0 GetTopWindow
0x6f1bc4 SendMessageW
0x6f1bc8 AdjustWindowRectEx
0x6f1bcc DrawIcon
0x6f1bd0 IsWindow
0x6f1bd4 EnumThreadWindows
0x6f1bd8 InvalidateRect
0x6f1bdc GetKeyboardState
0x6f1be0 DrawFrameControl
0x6f1be4 ScreenToClient
0x6f1be8 SetCursor
0x6f1bec CreateIcon
0x6f1bf0 CreateMenu
0x6f1bf4 LoadStringW
0x6f1bf8 CharLowerW
0x6f1bfc SetWindowRgn
0x6f1c00 SetWindowPos
0x6f1c04 GetMenuItemCount
0x6f1c08 RemoveMenu
0x6f1c0c GetSysColorBrush
0x6f1c10 GetKeyboardLayoutNameW
0x6f1c14 GetWindowDC
0x6f1c18 TranslateMessage
0x6f1c1c OpenClipboard
0x6f1c20 DrawTextExW
0x6f1c24 MapWindowPoints
0x6f1c28 EnumDisplayMonitors
0x6f1c2c CallWindowProcW
0x6f1c30 CloseClipboard
0x6f1c34 DestroyCursor
0x6f1c38 GetScrollInfo
0x6f1c3c SetWindowTextW
0x6f1c40 GetMessageExtraInfo
0x6f1c44 EnableScrollBar
0x6f1c48 GetSysColor
0x6f1c4c TrackPopupMenu
0x6f1c50 CopyIcon
0x6f1c54 DrawIconEx
0x6f1c58 PostQuitMessage
0x6f1c5c GetClassNameW
0x6f1c60 ShowScrollBar
0x6f1c64 EnableMenuItem
0x6f1c68 GetIconInfo
0x6f1c6c GetMessagePos
0x6f1c70 SetScrollInfo
0x6f1c74 GetKeyNameTextW
0x6f1c78 GetDesktopWindow
0x6f1c7c GetCursorPos
0x6f1c80 SetCursorPos
0x6f1c84 HideCaret
0x6f1c88 GetMenu
0x6f1c8c GetMenuState
0x6f1c90 SetMenu
0x6f1c94 SetRect
0x6f1c98 GetKeyState
0x6f1c9c FindWindowExW
0x6f1ca0 MonitorFromPoint
0x6f1ca4 SystemParametersInfoW
0x6f1ca8 LoadIconW
0x6f1cac GetCursor
0x6f1cb0 GetWindow
0x6f1cb4 GetWindowLongW
0x6f1cb8 GetWindowRect
0x6f1cbc InsertMenuW
0x6f1cc0 KillTimer
0x6f1cc4 WaitMessage
0x6f1cc8 IsWindowEnabled
0x6f1ccc IsDialogMessageA
0x6f1cd0 TranslateMDISysAccel
0x6f1cd4 GetWindowPlacement
0x6f1cd8 CreateIconIndirect
0x6f1cdc FindWindowW
0x6f1ce0 DeleteMenu
0x6f1ce4 GetKeyboardLayout
version.dll
0x6f1cec GetFileVersionInfoSizeW
0x6f1cf0 VerQueryValueW
0x6f1cf4 GetFileVersionInfoW
oleaut32.dll
0x6f1cfc GetErrorInfo
0x6f1d00 SysFreeString
0x6f1d04 VariantClear
0x6f1d08 VariantInit
0x6f1d0c SysReAllocStringLen
0x6f1d10 SafeArrayCreate
0x6f1d14 SafeArrayGetElement
0x6f1d18 SysAllocStringLen
0x6f1d1c SafeArrayPtrOfIndex
0x6f1d20 SafeArrayGetUBound
0x6f1d24 SafeArrayGetLBound
0x6f1d28 VariantCopy
0x6f1d2c VariantChangeType
advapi32.dll
0x6f1d34 RegSetValueExW
0x6f1d38 RegConnectRegistryW
0x6f1d3c RegEnumKeyExW
0x6f1d40 RegLoadKeyW
0x6f1d44 RegDeleteKeyW
0x6f1d48 RegOpenKeyExW
0x6f1d4c RegQueryInfoKeyW
0x6f1d50 RegUnLoadKeyW
0x6f1d54 RegSaveKeyW
0x6f1d58 RegDeleteValueW
0x6f1d5c RegReplaceKeyW
0x6f1d60 RegFlushKey
0x6f1d64 RegQueryValueExW
0x6f1d68 RegEnumValueW
0x6f1d6c RegCloseKey
0x6f1d70 RegCreateKeyExW
0x6f1d74 RegRestoreKeyW
netapi32.dll
0x6f1d7c NetWkstaGetInfo
0x6f1d80 NetApiBufferFree
msvcrt.dll
0x6f1d88 memcpy
0x6f1d8c memset
winhttp.dll
0x6f1d94 WinHttpGetIEProxyConfigForCurrentUser
0x6f1d98 WinHttpSetTimeouts
0x6f1d9c WinHttpSetStatusCallback
0x6f1da0 WinHttpConnect
0x6f1da4 WinHttpReceiveResponse
0x6f1da8 WinHttpQueryAuthSchemes
0x6f1dac WinHttpGetProxyForUrl
0x6f1db0 WinHttpReadData
0x6f1db4 WinHttpCloseHandle
0x6f1db8 WinHttpQueryHeaders
0x6f1dbc WinHttpOpenRequest
0x6f1dc0 WinHttpAddRequestHeaders
0x6f1dc4 WinHttpOpen
0x6f1dc8 WinHttpWriteData
0x6f1dcc WinHttpSetCredentials
0x6f1dd0 WinHttpQueryDataAvailable
0x6f1dd4 WinHttpSetOption
0x6f1dd8 WinHttpSendRequest
0x6f1ddc WinHttpQueryOption
kernel32.dll
0x6f1de4 GetACP
0x6f1de8 LocalFree
0x6f1dec CloseHandle
0x6f1df0 GetCurrentProcessId
0x6f1df4 SizeofResource
0x6f1df8 VirtualProtect
0x6f1dfc TerminateThread
0x6f1e00 QueryPerformanceFrequency
0x6f1e04 IsDebuggerPresent
0x6f1e08 VirtualFree
0x6f1e0c GetFullPathNameW
0x6f1e10 ExitProcess
0x6f1e14 HeapAlloc
0x6f1e18 GetCPInfoExW
0x6f1e1c RtlUnwind
0x6f1e20 GetCPInfo
0x6f1e24 EnumSystemLocalesW
0x6f1e28 GetStdHandle
0x6f1e2c GetTimeZoneInformation
0x6f1e30 GetModuleHandleW
0x6f1e34 FreeLibrary
0x6f1e38 TryEnterCriticalSection
0x6f1e3c HeapDestroy
0x6f1e40 ReadFile
0x6f1e44 CreateProcessW
0x6f1e48 GetLastError
0x6f1e4c GetModuleFileNameW
0x6f1e50 SetLastError
0x6f1e54 GlobalAlloc
0x6f1e58 GlobalUnlock
0x6f1e5c FindResourceW
0x6f1e60 CreateThread
0x6f1e64 CompareStringW
0x6f1e68 CreateMutexW
0x6f1e6c LoadLibraryA
0x6f1e70 ResetEvent
0x6f1e74 MulDiv
0x6f1e78 FreeResource
0x6f1e7c GetVersion
0x6f1e80 RaiseException
0x6f1e84 GlobalAddAtomW
0x6f1e88 FormatMessageW
0x6f1e8c SwitchToThread
0x6f1e90 GetExitCodeThread
0x6f1e94 GetCurrentThread
0x6f1e98 LoadLibraryExW
0x6f1e9c LockResource
0x6f1ea0 FileTimeToSystemTime
0x6f1ea4 GetCurrentThreadId
0x6f1ea8 UnhandledExceptionFilter
0x6f1eac VirtualQuery
0x6f1eb0 GlobalFindAtomW
0x6f1eb4 VirtualQueryEx
0x6f1eb8 GlobalFree
0x6f1ebc Sleep
0x6f1ec0 EnterCriticalSection
0x6f1ec4 SetFilePointer
0x6f1ec8 LoadResource
0x6f1ecc SuspendThread
0x6f1ed0 GetTickCount
0x6f1ed4 GetStartupInfoW
0x6f1ed8 GlobalDeleteAtom
0x6f1edc GetFileAttributesW
0x6f1ee0 InitializeCriticalSection
0x6f1ee4 GetThreadPriority
0x6f1ee8 GetCurrentProcess
0x6f1eec SetThreadPriority
0x6f1ef0 GlobalLock
0x6f1ef4 VirtualAlloc
0x6f1ef8 GetSystemInfo
0x6f1efc GetCommandLineW
0x6f1f00 LeaveCriticalSection
0x6f1f04 GetProcAddress
0x6f1f08 ResumeThread
0x6f1f0c GetVersionExW
0x6f1f10 VerifyVersionInfoW
0x6f1f14 HeapCreate
0x6f1f18 LCMapStringW
0x6f1f1c VerSetConditionMask
0x6f1f20 GetDiskFreeSpaceW
0x6f1f24 FindFirstFileW
0x6f1f28 GetUserDefaultUILanguage
0x6f1f2c lstrlenW
0x6f1f30 QueryPerformanceCounter
0x6f1f34 SetEndOfFile
0x6f1f38 HeapFree
0x6f1f3c WideCharToMultiByte
0x6f1f40 FindClose
0x6f1f44 MultiByteToWideChar
0x6f1f48 LoadLibraryW
0x6f1f4c SetEvent
0x6f1f50 CreateFileW
0x6f1f54 GetLocaleInfoW
0x6f1f58 EnumResourceNamesW
0x6f1f5c DeleteFileW
0x6f1f60 GetLocalTime
0x6f1f64 GetEnvironmentVariableW
0x6f1f68 WaitForSingleObject
0x6f1f6c WriteFile
0x6f1f70 ExitThread
0x6f1f74 CreatePipe
0x6f1f78 DeleteCriticalSection
0x6f1f7c GetDateFormatW
0x6f1f80 TlsGetValue
0x6f1f84 SetErrorMode
0x6f1f88 IsValidLocale
0x6f1f8c TlsSetValue
0x6f1f90 CreateDirectoryW
0x6f1f94 GetSystemDefaultUILanguage
0x6f1f98 EnumCalendarInfoW
0x6f1f9c LocalAlloc
0x6f1fa0 RemoveDirectoryW
0x6f1fa4 CreateEventW
0x6f1fa8 WaitForMultipleObjectsEx
0x6f1fac SetThreadLocale
0x6f1fb0 GetThreadLocale
ole32.dll
0x6f1fb8 CreateBindCtx
0x6f1fbc MkParseDisplayName
0x6f1fc0 CoCreateInstance
0x6f1fc4 CoUninitialize
0x6f1fc8 IsEqualGUID
0x6f1fcc OleInitialize
0x6f1fd0 CLSIDFromProgID
0x6f1fd4 OleUninitialize
0x6f1fd8 CoInitialize
0x6f1fdc CoTaskMemFree
0x6f1fe0 CoTaskMemAlloc
0x6f1fe4 StringFromCLSID
gdi32.dll
0x6f1fec Pie
0x6f1ff0 SetBkMode
0x6f1ff4 CreateCompatibleBitmap
0x6f1ff8 GetEnhMetaFileHeader
0x6f1ffc RectVisible
0x6f2000 AngleArc
0x6f2004 SetAbortProc
0x6f2008 SetTextColor
0x6f200c StretchBlt
0x6f2010 RoundRect
0x6f2014 RestoreDC
0x6f2018 SetRectRgn
0x6f201c GetTextMetricsW
0x6f2020 GetWindowOrgEx
0x6f2024 CreatePalette
0x6f2028 PolyBezierTo
0x6f202c CreateICW
0x6f2030 CreateDCW
0x6f2034 GetStockObject
0x6f2038 CreateSolidBrush
0x6f203c Polygon
0x6f2040 MoveToEx
0x6f2044 PlayEnhMetaFile
0x6f2048 Ellipse
0x6f204c StartPage
0x6f2050 GetBitmapBits
0x6f2054 StartDocW
0x6f2058 GetSystemPaletteEntries
0x6f205c GetEnhMetaFileBits
0x6f2060 AbortDoc
0x6f2064 GetEnhMetaFilePaletteEntries
0x6f2068 CreatePenIndirect
0x6f206c CreateFontIndirectW
0x6f2070 PolyBezier
0x6f2074 EndDoc
0x6f2078 GetObjectW
0x6f207c GetWinMetaFileBits
0x6f2080 SetROP2
0x6f2084 GetEnhMetaFileDescriptionW
0x6f2088 ArcTo
0x6f208c Arc
0x6f2090 SelectPalette
0x6f2094 ExcludeClipRect
0x6f2098 MaskBlt
0x6f209c SetWindowOrgEx
0x6f20a0 EndPage
0x6f20a4 DeleteEnhMetaFile
0x6f20a8 Chord
0x6f20ac SetDIBits
0x6f20b0 SetViewportOrgEx
0x6f20b4 CreateRectRgn
0x6f20b8 RealizePalette
0x6f20bc SetDIBColorTable
0x6f20c0 GetDIBColorTable
0x6f20c4 CreateBrushIndirect
0x6f20c8 PatBlt
0x6f20cc SetEnhMetaFileBits
0x6f20d0 Rectangle
0x6f20d4 SaveDC
0x6f20d8 DeleteDC
0x6f20dc FrameRgn
0x6f20e0 BitBlt
0x6f20e4 GetDeviceCaps
0x6f20e8 GetTextExtentPoint32W
0x6f20ec GetClipBox
0x6f20f0 IntersectClipRect
0x6f20f4 Polyline
0x6f20f8 CreateBitmap
0x6f20fc SetWinMetaFileBits
0x6f2100 GetStretchBltMode
0x6f2104 CreateDIBitmap
0x6f2108 SetStretchBltMode
0x6f210c GetDIBits
0x6f2110 CreateDIBSection
0x6f2114 LineTo
0x6f2118 GetRgnBox
0x6f211c EnumFontsW
0x6f2120 CreateHalftonePalette
0x6f2124 SelectObject
0x6f2128 DeleteObject
0x6f212c ExtFloodFill
0x6f2130 UnrealizeObject
0x6f2134 CopyEnhMetaFileW
0x6f2138 SetBkColor
0x6f213c CreateCompatibleDC
0x6f2140 GetBrushOrgEx
0x6f2144 GetCurrentPositionEx
0x6f2148 GetTextExtentPointW
0x6f214c ExtTextOutW
0x6f2150 SetBrushOrgEx
0x6f2154 GetPixel
0x6f2158 GdiFlush
0x6f215c SetPixel
0x6f2160 EnumFontFamiliesExW
0x6f2164 StretchDIBits
0x6f2168 GetPaletteEntries
EAT(Export Address Table) Library
0x4e0f34 TMethodImplementationIntercept
0x4113dc __dbk_fcall_wrapper
0x6ed640 dbkFCallWrapperAddr
winspool.drv
0x6f1944 DocumentPropertiesW
0x6f1948 ClosePrinter
0x6f194c OpenPrinterW
0x6f1950 GetDefaultPrinterW
0x6f1954 EnumPrintersW
comctl32.dll
0x6f195c ImageList_GetImageInfo
0x6f1960 FlatSB_SetScrollInfo
0x6f1964 ImageList_DragMove
0x6f1968 ImageList_Destroy
0x6f196c _TrackMouseEvent
0x6f1970 ImageList_DragShowNolock
0x6f1974 ImageList_Add
0x6f1978 FlatSB_SetScrollProp
0x6f197c ImageList_GetDragImage
0x6f1980 ImageList_Create
0x6f1984 ImageList_EndDrag
0x6f1988 ImageList_DrawEx
0x6f198c ImageList_SetImageCount
0x6f1990 FlatSB_GetScrollPos
0x6f1994 FlatSB_SetScrollPos
0x6f1998 InitializeFlatSB
0x6f199c ImageList_Copy
0x6f19a0 FlatSB_GetScrollInfo
0x6f19a4 ImageList_Write
0x6f19a8 ImageList_DrawIndirect
0x6f19ac ImageList_SetBkColor
0x6f19b0 ImageList_GetBkColor
0x6f19b4 ImageList_BeginDrag
0x6f19b8 ImageList_GetIcon
0x6f19bc ImageList_Replace
0x6f19c0 ImageList_GetImageCount
0x6f19c4 ImageList_DragEnter
0x6f19c8 ImageList_GetIconSize
0x6f19cc ImageList_SetIconSize
0x6f19d0 ImageList_Read
0x6f19d4 ImageList_DragLeave
0x6f19d8 ImageList_LoadImageW
0x6f19dc ImageList_Draw
0x6f19e0 ImageList_Remove
0x6f19e4 ImageList_ReplaceIcon
0x6f19e8 ImageList_SetOverlayImage
shell32.dll
0x6f19f0 SHGetSpecialFolderLocation
0x6f19f4 Shell_NotifyIconW
0x6f19f8 ShellExecuteW
0x6f19fc SHGetPathFromIDListW
user32.dll
0x6f1a04 CopyImage
0x6f1a08 CreateWindowExW
0x6f1a0c GetMenuItemInfoW
0x6f1a10 SetMenuItemInfoW
0x6f1a14 DefFrameProcW
0x6f1a18 GetDCEx
0x6f1a1c PeekMessageW
0x6f1a20 MonitorFromWindow
0x6f1a24 GetDlgCtrlID
0x6f1a28 SetTimer
0x6f1a2c WindowFromPoint
0x6f1a30 BeginPaint
0x6f1a34 RegisterClipboardFormatW
0x6f1a38 FrameRect
0x6f1a3c MapVirtualKeyW
0x6f1a40 IsWindowUnicode
0x6f1a44 RegisterWindowMessageW
0x6f1a48 FillRect
0x6f1a4c GetMenuStringW
0x6f1a50 DispatchMessageW
0x6f1a54 CreateAcceleratorTableW
0x6f1a58 SendMessageA
0x6f1a5c DefMDIChildProcW
0x6f1a60 EnumWindows
0x6f1a64 GetClassInfoW
0x6f1a68 ShowOwnedPopups
0x6f1a6c GetSystemMenu
0x6f1a70 GetScrollRange
0x6f1a74 SetScrollPos
0x6f1a78 GetScrollPos
0x6f1a7c GetActiveWindow
0x6f1a80 SetActiveWindow
0x6f1a84 DrawEdge
0x6f1a88 GetKeyboardLayoutList
0x6f1a8c LoadBitmapW
0x6f1a90 DrawFocusRect
0x6f1a94 EnumChildWindows
0x6f1a98 GetScrollBarInfo
0x6f1a9c ReleaseCapture
0x6f1aa0 UnhookWindowsHookEx
0x6f1aa4 LoadCursorW
0x6f1aa8 GetCapture
0x6f1aac SetCapture
0x6f1ab0 CreatePopupMenu
0x6f1ab4 ScrollWindow
0x6f1ab8 ShowCaret
0x6f1abc GetMenuItemID
0x6f1ac0 GetLastActivePopup
0x6f1ac4 CharLowerBuffW
0x6f1ac8 GetSystemMetrics
0x6f1acc SetWindowLongW
0x6f1ad0 PostMessageW
0x6f1ad4 DrawMenuBar
0x6f1ad8 SetParent
0x6f1adc IsZoomed
0x6f1ae0 CharUpperBuffW
0x6f1ae4 GetClientRect
0x6f1ae8 IsChild
0x6f1aec ClientToScreen
0x6f1af0 GetClipboardData
0x6f1af4 SetClipboardData
0x6f1af8 SetWindowPlacement
0x6f1afc IsIconic
0x6f1b00 CallNextHookEx
0x6f1b04 GetMonitorInfoW
0x6f1b08 ShowWindow
0x6f1b0c CheckMenuItem
0x6f1b10 CharUpperW
0x6f1b14 DefWindowProcW
0x6f1b18 GetForegroundWindow
0x6f1b1c SetForegroundWindow
0x6f1b20 GetWindowTextW
0x6f1b24 EnableWindow
0x6f1b28 DestroyWindow
0x6f1b2c IsDialogMessageW
0x6f1b30 EndMenu
0x6f1b34 RegisterClassW
0x6f1b38 CharNextW
0x6f1b3c GetWindowThreadProcessId
0x6f1b40 RedrawWindow
0x6f1b44 GetDC
0x6f1b48 GetFocus
0x6f1b4c SetFocus
0x6f1b50 EndPaint
0x6f1b54 ReleaseDC
0x6f1b58 MsgWaitForMultipleObjectsEx
0x6f1b5c LoadKeyboardLayoutW
0x6f1b60 GetClassLongW
0x6f1b64 ActivateKeyboardLayout
0x6f1b68 GetParent
0x6f1b6c DrawTextW
0x6f1b70 SetScrollRange
0x6f1b74 MonitorFromRect
0x6f1b78 InsertMenuItemW
0x6f1b7c PeekMessageA
0x6f1b80 GetPropW
0x6f1b84 SetClassLongW
0x6f1b88 MessageBoxW
0x6f1b8c MessageBeep
0x6f1b90 SetPropW
0x6f1b94 RemovePropW
0x6f1b98 UpdateWindow
0x6f1b9c GetSubMenu
0x6f1ba0 MsgWaitForMultipleObjects
0x6f1ba4 DestroyMenu
0x6f1ba8 DestroyIcon
0x6f1bac SetWindowsHookExW
0x6f1bb0 EmptyClipboard
0x6f1bb4 IsWindowVisible
0x6f1bb8 DispatchMessageA
0x6f1bbc UnregisterClassW
0x6f1bc0 GetTopWindow
0x6f1bc4 SendMessageW
0x6f1bc8 AdjustWindowRectEx
0x6f1bcc DrawIcon
0x6f1bd0 IsWindow
0x6f1bd4 EnumThreadWindows
0x6f1bd8 InvalidateRect
0x6f1bdc GetKeyboardState
0x6f1be0 DrawFrameControl
0x6f1be4 ScreenToClient
0x6f1be8 SetCursor
0x6f1bec CreateIcon
0x6f1bf0 CreateMenu
0x6f1bf4 LoadStringW
0x6f1bf8 CharLowerW
0x6f1bfc SetWindowRgn
0x6f1c00 SetWindowPos
0x6f1c04 GetMenuItemCount
0x6f1c08 RemoveMenu
0x6f1c0c GetSysColorBrush
0x6f1c10 GetKeyboardLayoutNameW
0x6f1c14 GetWindowDC
0x6f1c18 TranslateMessage
0x6f1c1c OpenClipboard
0x6f1c20 DrawTextExW
0x6f1c24 MapWindowPoints
0x6f1c28 EnumDisplayMonitors
0x6f1c2c CallWindowProcW
0x6f1c30 CloseClipboard
0x6f1c34 DestroyCursor
0x6f1c38 GetScrollInfo
0x6f1c3c SetWindowTextW
0x6f1c40 GetMessageExtraInfo
0x6f1c44 EnableScrollBar
0x6f1c48 GetSysColor
0x6f1c4c TrackPopupMenu
0x6f1c50 CopyIcon
0x6f1c54 DrawIconEx
0x6f1c58 PostQuitMessage
0x6f1c5c GetClassNameW
0x6f1c60 ShowScrollBar
0x6f1c64 EnableMenuItem
0x6f1c68 GetIconInfo
0x6f1c6c GetMessagePos
0x6f1c70 SetScrollInfo
0x6f1c74 GetKeyNameTextW
0x6f1c78 GetDesktopWindow
0x6f1c7c GetCursorPos
0x6f1c80 SetCursorPos
0x6f1c84 HideCaret
0x6f1c88 GetMenu
0x6f1c8c GetMenuState
0x6f1c90 SetMenu
0x6f1c94 SetRect
0x6f1c98 GetKeyState
0x6f1c9c FindWindowExW
0x6f1ca0 MonitorFromPoint
0x6f1ca4 SystemParametersInfoW
0x6f1ca8 LoadIconW
0x6f1cac GetCursor
0x6f1cb0 GetWindow
0x6f1cb4 GetWindowLongW
0x6f1cb8 GetWindowRect
0x6f1cbc InsertMenuW
0x6f1cc0 KillTimer
0x6f1cc4 WaitMessage
0x6f1cc8 IsWindowEnabled
0x6f1ccc IsDialogMessageA
0x6f1cd0 TranslateMDISysAccel
0x6f1cd4 GetWindowPlacement
0x6f1cd8 CreateIconIndirect
0x6f1cdc FindWindowW
0x6f1ce0 DeleteMenu
0x6f1ce4 GetKeyboardLayout
version.dll
0x6f1cec GetFileVersionInfoSizeW
0x6f1cf0 VerQueryValueW
0x6f1cf4 GetFileVersionInfoW
oleaut32.dll
0x6f1cfc GetErrorInfo
0x6f1d00 SysFreeString
0x6f1d04 VariantClear
0x6f1d08 VariantInit
0x6f1d0c SysReAllocStringLen
0x6f1d10 SafeArrayCreate
0x6f1d14 SafeArrayGetElement
0x6f1d18 SysAllocStringLen
0x6f1d1c SafeArrayPtrOfIndex
0x6f1d20 SafeArrayGetUBound
0x6f1d24 SafeArrayGetLBound
0x6f1d28 VariantCopy
0x6f1d2c VariantChangeType
advapi32.dll
0x6f1d34 RegSetValueExW
0x6f1d38 RegConnectRegistryW
0x6f1d3c RegEnumKeyExW
0x6f1d40 RegLoadKeyW
0x6f1d44 RegDeleteKeyW
0x6f1d48 RegOpenKeyExW
0x6f1d4c RegQueryInfoKeyW
0x6f1d50 RegUnLoadKeyW
0x6f1d54 RegSaveKeyW
0x6f1d58 RegDeleteValueW
0x6f1d5c RegReplaceKeyW
0x6f1d60 RegFlushKey
0x6f1d64 RegQueryValueExW
0x6f1d68 RegEnumValueW
0x6f1d6c RegCloseKey
0x6f1d70 RegCreateKeyExW
0x6f1d74 RegRestoreKeyW
netapi32.dll
0x6f1d7c NetWkstaGetInfo
0x6f1d80 NetApiBufferFree
msvcrt.dll
0x6f1d88 memcpy
0x6f1d8c memset
winhttp.dll
0x6f1d94 WinHttpGetIEProxyConfigForCurrentUser
0x6f1d98 WinHttpSetTimeouts
0x6f1d9c WinHttpSetStatusCallback
0x6f1da0 WinHttpConnect
0x6f1da4 WinHttpReceiveResponse
0x6f1da8 WinHttpQueryAuthSchemes
0x6f1dac WinHttpGetProxyForUrl
0x6f1db0 WinHttpReadData
0x6f1db4 WinHttpCloseHandle
0x6f1db8 WinHttpQueryHeaders
0x6f1dbc WinHttpOpenRequest
0x6f1dc0 WinHttpAddRequestHeaders
0x6f1dc4 WinHttpOpen
0x6f1dc8 WinHttpWriteData
0x6f1dcc WinHttpSetCredentials
0x6f1dd0 WinHttpQueryDataAvailable
0x6f1dd4 WinHttpSetOption
0x6f1dd8 WinHttpSendRequest
0x6f1ddc WinHttpQueryOption
kernel32.dll
0x6f1de4 GetACP
0x6f1de8 LocalFree
0x6f1dec CloseHandle
0x6f1df0 GetCurrentProcessId
0x6f1df4 SizeofResource
0x6f1df8 VirtualProtect
0x6f1dfc TerminateThread
0x6f1e00 QueryPerformanceFrequency
0x6f1e04 IsDebuggerPresent
0x6f1e08 VirtualFree
0x6f1e0c GetFullPathNameW
0x6f1e10 ExitProcess
0x6f1e14 HeapAlloc
0x6f1e18 GetCPInfoExW
0x6f1e1c RtlUnwind
0x6f1e20 GetCPInfo
0x6f1e24 EnumSystemLocalesW
0x6f1e28 GetStdHandle
0x6f1e2c GetTimeZoneInformation
0x6f1e30 GetModuleHandleW
0x6f1e34 FreeLibrary
0x6f1e38 TryEnterCriticalSection
0x6f1e3c HeapDestroy
0x6f1e40 ReadFile
0x6f1e44 CreateProcessW
0x6f1e48 GetLastError
0x6f1e4c GetModuleFileNameW
0x6f1e50 SetLastError
0x6f1e54 GlobalAlloc
0x6f1e58 GlobalUnlock
0x6f1e5c FindResourceW
0x6f1e60 CreateThread
0x6f1e64 CompareStringW
0x6f1e68 CreateMutexW
0x6f1e6c LoadLibraryA
0x6f1e70 ResetEvent
0x6f1e74 MulDiv
0x6f1e78 FreeResource
0x6f1e7c GetVersion
0x6f1e80 RaiseException
0x6f1e84 GlobalAddAtomW
0x6f1e88 FormatMessageW
0x6f1e8c SwitchToThread
0x6f1e90 GetExitCodeThread
0x6f1e94 GetCurrentThread
0x6f1e98 LoadLibraryExW
0x6f1e9c LockResource
0x6f1ea0 FileTimeToSystemTime
0x6f1ea4 GetCurrentThreadId
0x6f1ea8 UnhandledExceptionFilter
0x6f1eac VirtualQuery
0x6f1eb0 GlobalFindAtomW
0x6f1eb4 VirtualQueryEx
0x6f1eb8 GlobalFree
0x6f1ebc Sleep
0x6f1ec0 EnterCriticalSection
0x6f1ec4 SetFilePointer
0x6f1ec8 LoadResource
0x6f1ecc SuspendThread
0x6f1ed0 GetTickCount
0x6f1ed4 GetStartupInfoW
0x6f1ed8 GlobalDeleteAtom
0x6f1edc GetFileAttributesW
0x6f1ee0 InitializeCriticalSection
0x6f1ee4 GetThreadPriority
0x6f1ee8 GetCurrentProcess
0x6f1eec SetThreadPriority
0x6f1ef0 GlobalLock
0x6f1ef4 VirtualAlloc
0x6f1ef8 GetSystemInfo
0x6f1efc GetCommandLineW
0x6f1f00 LeaveCriticalSection
0x6f1f04 GetProcAddress
0x6f1f08 ResumeThread
0x6f1f0c GetVersionExW
0x6f1f10 VerifyVersionInfoW
0x6f1f14 HeapCreate
0x6f1f18 LCMapStringW
0x6f1f1c VerSetConditionMask
0x6f1f20 GetDiskFreeSpaceW
0x6f1f24 FindFirstFileW
0x6f1f28 GetUserDefaultUILanguage
0x6f1f2c lstrlenW
0x6f1f30 QueryPerformanceCounter
0x6f1f34 SetEndOfFile
0x6f1f38 HeapFree
0x6f1f3c WideCharToMultiByte
0x6f1f40 FindClose
0x6f1f44 MultiByteToWideChar
0x6f1f48 LoadLibraryW
0x6f1f4c SetEvent
0x6f1f50 CreateFileW
0x6f1f54 GetLocaleInfoW
0x6f1f58 EnumResourceNamesW
0x6f1f5c DeleteFileW
0x6f1f60 GetLocalTime
0x6f1f64 GetEnvironmentVariableW
0x6f1f68 WaitForSingleObject
0x6f1f6c WriteFile
0x6f1f70 ExitThread
0x6f1f74 CreatePipe
0x6f1f78 DeleteCriticalSection
0x6f1f7c GetDateFormatW
0x6f1f80 TlsGetValue
0x6f1f84 SetErrorMode
0x6f1f88 IsValidLocale
0x6f1f8c TlsSetValue
0x6f1f90 CreateDirectoryW
0x6f1f94 GetSystemDefaultUILanguage
0x6f1f98 EnumCalendarInfoW
0x6f1f9c LocalAlloc
0x6f1fa0 RemoveDirectoryW
0x6f1fa4 CreateEventW
0x6f1fa8 WaitForMultipleObjectsEx
0x6f1fac SetThreadLocale
0x6f1fb0 GetThreadLocale
ole32.dll
0x6f1fb8 CreateBindCtx
0x6f1fbc MkParseDisplayName
0x6f1fc0 CoCreateInstance
0x6f1fc4 CoUninitialize
0x6f1fc8 IsEqualGUID
0x6f1fcc OleInitialize
0x6f1fd0 CLSIDFromProgID
0x6f1fd4 OleUninitialize
0x6f1fd8 CoInitialize
0x6f1fdc CoTaskMemFree
0x6f1fe0 CoTaskMemAlloc
0x6f1fe4 StringFromCLSID
gdi32.dll
0x6f1fec Pie
0x6f1ff0 SetBkMode
0x6f1ff4 CreateCompatibleBitmap
0x6f1ff8 GetEnhMetaFileHeader
0x6f1ffc RectVisible
0x6f2000 AngleArc
0x6f2004 SetAbortProc
0x6f2008 SetTextColor
0x6f200c StretchBlt
0x6f2010 RoundRect
0x6f2014 RestoreDC
0x6f2018 SetRectRgn
0x6f201c GetTextMetricsW
0x6f2020 GetWindowOrgEx
0x6f2024 CreatePalette
0x6f2028 PolyBezierTo
0x6f202c CreateICW
0x6f2030 CreateDCW
0x6f2034 GetStockObject
0x6f2038 CreateSolidBrush
0x6f203c Polygon
0x6f2040 MoveToEx
0x6f2044 PlayEnhMetaFile
0x6f2048 Ellipse
0x6f204c StartPage
0x6f2050 GetBitmapBits
0x6f2054 StartDocW
0x6f2058 GetSystemPaletteEntries
0x6f205c GetEnhMetaFileBits
0x6f2060 AbortDoc
0x6f2064 GetEnhMetaFilePaletteEntries
0x6f2068 CreatePenIndirect
0x6f206c CreateFontIndirectW
0x6f2070 PolyBezier
0x6f2074 EndDoc
0x6f2078 GetObjectW
0x6f207c GetWinMetaFileBits
0x6f2080 SetROP2
0x6f2084 GetEnhMetaFileDescriptionW
0x6f2088 ArcTo
0x6f208c Arc
0x6f2090 SelectPalette
0x6f2094 ExcludeClipRect
0x6f2098 MaskBlt
0x6f209c SetWindowOrgEx
0x6f20a0 EndPage
0x6f20a4 DeleteEnhMetaFile
0x6f20a8 Chord
0x6f20ac SetDIBits
0x6f20b0 SetViewportOrgEx
0x6f20b4 CreateRectRgn
0x6f20b8 RealizePalette
0x6f20bc SetDIBColorTable
0x6f20c0 GetDIBColorTable
0x6f20c4 CreateBrushIndirect
0x6f20c8 PatBlt
0x6f20cc SetEnhMetaFileBits
0x6f20d0 Rectangle
0x6f20d4 SaveDC
0x6f20d8 DeleteDC
0x6f20dc FrameRgn
0x6f20e0 BitBlt
0x6f20e4 GetDeviceCaps
0x6f20e8 GetTextExtentPoint32W
0x6f20ec GetClipBox
0x6f20f0 IntersectClipRect
0x6f20f4 Polyline
0x6f20f8 CreateBitmap
0x6f20fc SetWinMetaFileBits
0x6f2100 GetStretchBltMode
0x6f2104 CreateDIBitmap
0x6f2108 SetStretchBltMode
0x6f210c GetDIBits
0x6f2110 CreateDIBSection
0x6f2114 LineTo
0x6f2118 GetRgnBox
0x6f211c EnumFontsW
0x6f2120 CreateHalftonePalette
0x6f2124 SelectObject
0x6f2128 DeleteObject
0x6f212c ExtFloodFill
0x6f2130 UnrealizeObject
0x6f2134 CopyEnhMetaFileW
0x6f2138 SetBkColor
0x6f213c CreateCompatibleDC
0x6f2140 GetBrushOrgEx
0x6f2144 GetCurrentPositionEx
0x6f2148 GetTextExtentPointW
0x6f214c ExtTextOutW
0x6f2150 SetBrushOrgEx
0x6f2154 GetPixel
0x6f2158 GdiFlush
0x6f215c SetPixel
0x6f2160 EnumFontFamiliesExW
0x6f2164 StretchDIBits
0x6f2168 GetPaletteEntries
EAT(Export Address Table) Library
0x4e0f34 TMethodImplementationIntercept
0x4113dc __dbk_fcall_wrapper
0x6ed640 dbkFCallWrapperAddr