ScreenShot
| Created | 2021.08.19 10:03 | Machine | s1_win7_x6401 |
| Filename | cop.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (Artemis, Unsafe, malicious, Attribute, HighConfidence, EPVD, AdwareDealPly, kcloud, Sabsik, score, MachineLearning, Anomalous, Kryptik, EPYG, confidence, HwUBW3sA) | ||
| md5 | 977a62444517295a0cfeb9e6e6f8e27a | ||
| sha256 | 4b6fdf9cbea14e56b10f5e4d5c4c8fbe34de5454ec1b246814a9464e8c81e314 | ||
| ssdeep | 12288:iFaS5hDku4BW/vgeURfvtSotoaM9wx+DgbvenAAAAAAAAAAAAAAAJAA:2f/J4BeOXSotolw4Dgb | ||
| imphash | 8f3e676294c31e2087b43dceda162efb | ||
| impfuzzy | 192:oN3MSbuuaDSUvK9Dso1Xyoo7hGlQG1Q+POQHn:O3BaI9vP1vPOQH | ||
Network IP location
Signature (26cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (40cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x47e7b0 SysFreeString
0x47e7b4 SysReAllocStringLen
0x47e7b8 SysAllocStringLen
advapi32.dll
0x47e7c0 RegQueryValueExA
0x47e7c4 RegOpenKeyExA
0x47e7c8 RegCloseKey
user32.dll
0x47e7d0 GetKeyboardType
0x47e7d4 DestroyWindow
0x47e7d8 LoadStringA
0x47e7dc MessageBoxA
0x47e7e0 CharNextA
kernel32.dll
0x47e7e8 GetACP
0x47e7ec Sleep
0x47e7f0 VirtualFree
0x47e7f4 VirtualAlloc
0x47e7f8 GetCurrentThreadId
0x47e7fc InterlockedDecrement
0x47e800 InterlockedIncrement
0x47e804 VirtualQuery
0x47e808 WideCharToMultiByte
0x47e80c MultiByteToWideChar
0x47e810 lstrlenA
0x47e814 lstrcpynA
0x47e818 LoadLibraryExA
0x47e81c GetThreadLocale
0x47e820 GetStartupInfoA
0x47e824 GetProcAddress
0x47e828 GetModuleHandleA
0x47e82c GetModuleFileNameA
0x47e830 GetLocaleInfoA
0x47e834 GetLastError
0x47e838 GetCommandLineA
0x47e83c FreeLibrary
0x47e840 FindFirstFileA
0x47e844 FindClose
0x47e848 ExitProcess
0x47e84c CompareStringA
0x47e850 WriteFile
0x47e854 UnhandledExceptionFilter
0x47e858 SetFilePointer
0x47e85c SetEndOfFile
0x47e860 RtlUnwind
0x47e864 ReadFile
0x47e868 RaiseException
0x47e86c GetStdHandle
0x47e870 GetFileSize
0x47e874 GetFileType
0x47e878 CreateFileA
0x47e87c CloseHandle
kernel32.dll
0x47e884 TlsSetValue
0x47e888 TlsGetValue
0x47e88c LocalAlloc
0x47e890 GetModuleHandleA
user32.dll
0x47e898 CreateWindowExA
0x47e89c WindowFromPoint
0x47e8a0 WaitMessage
0x47e8a4 UpdateWindow
0x47e8a8 UnregisterClassA
0x47e8ac UnhookWindowsHookEx
0x47e8b0 TranslateMessage
0x47e8b4 TranslateMDISysAccel
0x47e8b8 TrackPopupMenu
0x47e8bc SystemParametersInfoA
0x47e8c0 ShowWindow
0x47e8c4 ShowScrollBar
0x47e8c8 ShowOwnedPopups
0x47e8cc SetWindowsHookExA
0x47e8d0 SetWindowTextA
0x47e8d4 SetWindowPos
0x47e8d8 SetWindowPlacement
0x47e8dc SetWindowLongW
0x47e8e0 SetWindowLongA
0x47e8e4 SetTimer
0x47e8e8 SetScrollRange
0x47e8ec SetScrollPos
0x47e8f0 SetScrollInfo
0x47e8f4 SetRect
0x47e8f8 SetPropA
0x47e8fc SetParent
0x47e900 SetMenuItemInfoA
0x47e904 SetMenu
0x47e908 SetForegroundWindow
0x47e90c SetFocus
0x47e910 SetCursor
0x47e914 SetClipboardData
0x47e918 SetClassLongA
0x47e91c SetCapture
0x47e920 SetActiveWindow
0x47e924 SendMessageW
0x47e928 SendMessageA
0x47e92c ScrollWindow
0x47e930 ScreenToClient
0x47e934 RemovePropA
0x47e938 RemoveMenu
0x47e93c ReleaseDC
0x47e940 ReleaseCapture
0x47e944 RegisterWindowMessageA
0x47e948 RegisterClipboardFormatA
0x47e94c RegisterClassA
0x47e950 RedrawWindow
0x47e954 PtInRect
0x47e958 PostQuitMessage
0x47e95c PostMessageA
0x47e960 PeekMessageW
0x47e964 PeekMessageA
0x47e968 OpenClipboard
0x47e96c OffsetRect
0x47e970 OemToCharA
0x47e974 MessageBoxA
0x47e978 MessageBeep
0x47e97c MapWindowPoints
0x47e980 MapVirtualKeyA
0x47e984 LoadStringA
0x47e988 LoadKeyboardLayoutA
0x47e98c LoadIconA
0x47e990 LoadCursorA
0x47e994 LoadBitmapA
0x47e998 KillTimer
0x47e99c IsZoomed
0x47e9a0 IsWindowVisible
0x47e9a4 IsWindowUnicode
0x47e9a8 IsWindowEnabled
0x47e9ac IsWindow
0x47e9b0 IsRectEmpty
0x47e9b4 IsIconic
0x47e9b8 IsDialogMessageW
0x47e9bc IsDialogMessageA
0x47e9c0 IsChild
0x47e9c4 InvalidateRect
0x47e9c8 IntersectRect
0x47e9cc InsertMenuItemA
0x47e9d0 InsertMenuA
0x47e9d4 InflateRect
0x47e9d8 GetWindowThreadProcessId
0x47e9dc GetWindowTextA
0x47e9e0 GetWindowRect
0x47e9e4 GetWindowPlacement
0x47e9e8 GetWindowLongW
0x47e9ec GetWindowLongA
0x47e9f0 GetWindowDC
0x47e9f4 GetTopWindow
0x47e9f8 GetSystemMetrics
0x47e9fc GetSystemMenu
0x47ea00 GetSysColorBrush
0x47ea04 GetSysColor
0x47ea08 GetSubMenu
0x47ea0c GetScrollRange
0x47ea10 GetScrollPos
0x47ea14 GetScrollInfo
0x47ea18 GetPropA
0x47ea1c GetParent
0x47ea20 GetWindow
0x47ea24 GetMessagePos
0x47ea28 GetMenuStringA
0x47ea2c GetMenuState
0x47ea30 GetMenuItemInfoA
0x47ea34 GetMenuItemID
0x47ea38 GetMenuItemCount
0x47ea3c GetMenu
0x47ea40 GetLastActivePopup
0x47ea44 GetKeyboardState
0x47ea48 GetKeyboardLayoutNameA
0x47ea4c GetKeyboardLayoutList
0x47ea50 GetKeyboardLayout
0x47ea54 GetKeyState
0x47ea58 GetKeyNameTextA
0x47ea5c GetIconInfo
0x47ea60 GetForegroundWindow
0x47ea64 GetFocus
0x47ea68 GetDlgItem
0x47ea6c GetDesktopWindow
0x47ea70 GetDCEx
0x47ea74 GetDC
0x47ea78 GetCursorPos
0x47ea7c GetCursor
0x47ea80 GetClipboardData
0x47ea84 GetClientRect
0x47ea88 GetClassLongA
0x47ea8c GetClassInfoA
0x47ea90 GetCapture
0x47ea94 GetActiveWindow
0x47ea98 FrameRect
0x47ea9c FindWindowA
0x47eaa0 FillRect
0x47eaa4 EqualRect
0x47eaa8 EnumWindows
0x47eaac EnumThreadWindows
0x47eab0 EnumChildWindows
0x47eab4 EndPaint
0x47eab8 EnableWindow
0x47eabc EnableScrollBar
0x47eac0 EnableMenuItem
0x47eac4 EmptyClipboard
0x47eac8 DrawTextA
0x47eacc DrawMenuBar
0x47ead0 DrawIconEx
0x47ead4 DrawIcon
0x47ead8 DrawFrameControl
0x47eadc DrawFocusRect
0x47eae0 DrawEdge
0x47eae4 DispatchMessageW
0x47eae8 DispatchMessageA
0x47eaec DestroyWindow
0x47eaf0 DestroyMenu
0x47eaf4 DestroyIcon
0x47eaf8 DestroyCursor
0x47eafc DeleteMenu
0x47eb00 DefWindowProcA
0x47eb04 DefMDIChildProcA
0x47eb08 DefFrameProcA
0x47eb0c CreatePopupMenu
0x47eb10 CreateMenu
0x47eb14 CreateIcon
0x47eb18 CloseClipboard
0x47eb1c ClientToScreen
0x47eb20 CheckMenuItem
0x47eb24 CallWindowProcA
0x47eb28 CallNextHookEx
0x47eb2c BeginPaint
0x47eb30 CharNextA
0x47eb34 CharLowerBuffA
0x47eb38 CharLowerA
0x47eb3c CharUpperBuffA
0x47eb40 CharToOemA
0x47eb44 AdjustWindowRectEx
0x47eb48 ActivateKeyboardLayout
gdi32.dll
0x47eb50 UnrealizeObject
0x47eb54 StretchBlt
0x47eb58 SetWindowOrgEx
0x47eb5c SetWinMetaFileBits
0x47eb60 SetViewportOrgEx
0x47eb64 SetTextColor
0x47eb68 SetStretchBltMode
0x47eb6c SetROP2
0x47eb70 SetPixel
0x47eb74 SetEnhMetaFileBits
0x47eb78 SetDIBColorTable
0x47eb7c SetBrushOrgEx
0x47eb80 SetBkMode
0x47eb84 SetBkColor
0x47eb88 SelectPalette
0x47eb8c SelectObject
0x47eb90 SaveDC
0x47eb94 RestoreDC
0x47eb98 Rectangle
0x47eb9c RectVisible
0x47eba0 RealizePalette
0x47eba4 PlayEnhMetaFile
0x47eba8 PatBlt
0x47ebac MoveToEx
0x47ebb0 MaskBlt
0x47ebb4 LineTo
0x47ebb8 IntersectClipRect
0x47ebbc GetWindowOrgEx
0x47ebc0 GetWinMetaFileBits
0x47ebc4 GetTextMetricsA
0x47ebc8 GetTextExtentPointA
0x47ebcc GetTextExtentPoint32A
0x47ebd0 GetSystemPaletteEntries
0x47ebd4 GetStockObject
0x47ebd8 GetRgnBox
0x47ebdc GetPixel
0x47ebe0 GetPaletteEntries
0x47ebe4 GetObjectA
0x47ebe8 GetEnhMetaFilePaletteEntries
0x47ebec GetEnhMetaFileHeader
0x47ebf0 GetEnhMetaFileBits
0x47ebf4 GetDeviceCaps
0x47ebf8 GetDIBits
0x47ebfc GetDIBColorTable
0x47ec00 GetDCOrgEx
0x47ec04 GetCurrentPositionEx
0x47ec08 GetClipBox
0x47ec0c GetBrushOrgEx
0x47ec10 GetBitmapBits
0x47ec14 GdiFlush
0x47ec18 ExcludeClipRect
0x47ec1c DeleteObject
0x47ec20 DeleteEnhMetaFile
0x47ec24 DeleteDC
0x47ec28 CreateSolidBrush
0x47ec2c CreatePenIndirect
0x47ec30 CreatePalette
0x47ec34 CreateHalftonePalette
0x47ec38 CreateFontIndirectA
0x47ec3c CreateDIBitmap
0x47ec40 CreateDIBSection
0x47ec44 CreateCompatibleDC
0x47ec48 CreateCompatibleBitmap
0x47ec4c CreateBrushIndirect
0x47ec50 CreateBitmap
0x47ec54 CopyEnhMetaFileA
0x47ec58 BitBlt
version.dll
0x47ec60 VerQueryValueA
0x47ec64 GetFileVersionInfoSizeA
0x47ec68 GetFileVersionInfoA
kernel32.dll
0x47ec70 lstrcpyA
0x47ec74 WriteFile
0x47ec78 WaitForSingleObject
0x47ec7c VirtualQuery
0x47ec80 VirtualProtect
0x47ec84 VirtualAlloc
0x47ec88 SizeofResource
0x47ec8c SetThreadLocale
0x47ec90 SetFilePointer
0x47ec94 SetEvent
0x47ec98 SetErrorMode
0x47ec9c SetEndOfFile
0x47eca0 ResetEvent
0x47eca4 ReadFile
0x47eca8 MulDiv
0x47ecac LockResource
0x47ecb0 LoadResource
0x47ecb4 LoadLibraryA
0x47ecb8 LeaveCriticalSection
0x47ecbc InitializeCriticalSection
0x47ecc0 GlobalUnlock
0x47ecc4 GlobalLock
0x47ecc8 GlobalFree
0x47eccc GlobalFindAtomA
0x47ecd0 GlobalDeleteAtom
0x47ecd4 GlobalAlloc
0x47ecd8 GlobalAddAtomA
0x47ecdc GetVersionExA
0x47ece0 GetVersion
0x47ece4 GetTickCount
0x47ece8 GetThreadLocale
0x47ecec GetStdHandle
0x47ecf0 GetProcAddress
0x47ecf4 GetModuleHandleA
0x47ecf8 GetModuleFileNameA
0x47ecfc GetLocaleInfoA
0x47ed00 GetLocalTime
0x47ed04 GetLastError
0x47ed08 GetFullPathNameA
0x47ed0c GetDiskFreeSpaceA
0x47ed10 GetDateFormatA
0x47ed14 GetCurrentThreadId
0x47ed18 GetCurrentProcessId
0x47ed1c GetCPInfo
0x47ed20 FreeResource
0x47ed24 InterlockedExchange
0x47ed28 FreeLibrary
0x47ed2c FormatMessageA
0x47ed30 FindResourceA
0x47ed34 EnumCalendarInfoA
0x47ed38 EnterCriticalSection
0x47ed3c DeleteCriticalSection
0x47ed40 CreateThread
0x47ed44 CreateFileA
0x47ed48 CreateEventA
0x47ed4c CompareStringA
0x47ed50 CloseHandle
advapi32.dll
0x47ed58 RegQueryValueExA
0x47ed5c RegOpenKeyExA
0x47ed60 RegFlushKey
0x47ed64 RegCloseKey
kernel32.dll
0x47ed6c Sleep
oleaut32.dll
0x47ed74 SafeArrayPtrOfIndex
0x47ed78 SafeArrayGetUBound
0x47ed7c SafeArrayGetLBound
0x47ed80 SafeArrayCreate
0x47ed84 VariantChangeType
0x47ed88 VariantCopy
0x47ed8c VariantClear
0x47ed90 VariantInit
comctl32.dll
0x47ed98 _TrackMouseEvent
0x47ed9c ImageList_SetIconSize
0x47eda0 ImageList_GetIconSize
0x47eda4 ImageList_Write
0x47eda8 ImageList_Read
0x47edac ImageList_GetDragImage
0x47edb0 ImageList_DragShowNolock
0x47edb4 ImageList_DragMove
0x47edb8 ImageList_DragLeave
0x47edbc ImageList_DragEnter
0x47edc0 ImageList_EndDrag
0x47edc4 ImageList_BeginDrag
0x47edc8 ImageList_Remove
0x47edcc ImageList_DrawEx
0x47edd0 ImageList_Replace
0x47edd4 ImageList_Draw
0x47edd8 ImageList_GetBkColor
0x47eddc ImageList_SetBkColor
0x47ede0 ImageList_Add
0x47ede4 ImageList_GetImageCount
0x47ede8 ImageList_Destroy
0x47edec ImageList_Create
shell32.dll
0x47edf4 ShellExecuteA
comdlg32.dll
0x47edfc GetOpenFileNameA
winmm.dll
0x47ee04 PlaySoundA
EAT(Export Address Table) is none
oleaut32.dll
0x47e7b0 SysFreeString
0x47e7b4 SysReAllocStringLen
0x47e7b8 SysAllocStringLen
advapi32.dll
0x47e7c0 RegQueryValueExA
0x47e7c4 RegOpenKeyExA
0x47e7c8 RegCloseKey
user32.dll
0x47e7d0 GetKeyboardType
0x47e7d4 DestroyWindow
0x47e7d8 LoadStringA
0x47e7dc MessageBoxA
0x47e7e0 CharNextA
kernel32.dll
0x47e7e8 GetACP
0x47e7ec Sleep
0x47e7f0 VirtualFree
0x47e7f4 VirtualAlloc
0x47e7f8 GetCurrentThreadId
0x47e7fc InterlockedDecrement
0x47e800 InterlockedIncrement
0x47e804 VirtualQuery
0x47e808 WideCharToMultiByte
0x47e80c MultiByteToWideChar
0x47e810 lstrlenA
0x47e814 lstrcpynA
0x47e818 LoadLibraryExA
0x47e81c GetThreadLocale
0x47e820 GetStartupInfoA
0x47e824 GetProcAddress
0x47e828 GetModuleHandleA
0x47e82c GetModuleFileNameA
0x47e830 GetLocaleInfoA
0x47e834 GetLastError
0x47e838 GetCommandLineA
0x47e83c FreeLibrary
0x47e840 FindFirstFileA
0x47e844 FindClose
0x47e848 ExitProcess
0x47e84c CompareStringA
0x47e850 WriteFile
0x47e854 UnhandledExceptionFilter
0x47e858 SetFilePointer
0x47e85c SetEndOfFile
0x47e860 RtlUnwind
0x47e864 ReadFile
0x47e868 RaiseException
0x47e86c GetStdHandle
0x47e870 GetFileSize
0x47e874 GetFileType
0x47e878 CreateFileA
0x47e87c CloseHandle
kernel32.dll
0x47e884 TlsSetValue
0x47e888 TlsGetValue
0x47e88c LocalAlloc
0x47e890 GetModuleHandleA
user32.dll
0x47e898 CreateWindowExA
0x47e89c WindowFromPoint
0x47e8a0 WaitMessage
0x47e8a4 UpdateWindow
0x47e8a8 UnregisterClassA
0x47e8ac UnhookWindowsHookEx
0x47e8b0 TranslateMessage
0x47e8b4 TranslateMDISysAccel
0x47e8b8 TrackPopupMenu
0x47e8bc SystemParametersInfoA
0x47e8c0 ShowWindow
0x47e8c4 ShowScrollBar
0x47e8c8 ShowOwnedPopups
0x47e8cc SetWindowsHookExA
0x47e8d0 SetWindowTextA
0x47e8d4 SetWindowPos
0x47e8d8 SetWindowPlacement
0x47e8dc SetWindowLongW
0x47e8e0 SetWindowLongA
0x47e8e4 SetTimer
0x47e8e8 SetScrollRange
0x47e8ec SetScrollPos
0x47e8f0 SetScrollInfo
0x47e8f4 SetRect
0x47e8f8 SetPropA
0x47e8fc SetParent
0x47e900 SetMenuItemInfoA
0x47e904 SetMenu
0x47e908 SetForegroundWindow
0x47e90c SetFocus
0x47e910 SetCursor
0x47e914 SetClipboardData
0x47e918 SetClassLongA
0x47e91c SetCapture
0x47e920 SetActiveWindow
0x47e924 SendMessageW
0x47e928 SendMessageA
0x47e92c ScrollWindow
0x47e930 ScreenToClient
0x47e934 RemovePropA
0x47e938 RemoveMenu
0x47e93c ReleaseDC
0x47e940 ReleaseCapture
0x47e944 RegisterWindowMessageA
0x47e948 RegisterClipboardFormatA
0x47e94c RegisterClassA
0x47e950 RedrawWindow
0x47e954 PtInRect
0x47e958 PostQuitMessage
0x47e95c PostMessageA
0x47e960 PeekMessageW
0x47e964 PeekMessageA
0x47e968 OpenClipboard
0x47e96c OffsetRect
0x47e970 OemToCharA
0x47e974 MessageBoxA
0x47e978 MessageBeep
0x47e97c MapWindowPoints
0x47e980 MapVirtualKeyA
0x47e984 LoadStringA
0x47e988 LoadKeyboardLayoutA
0x47e98c LoadIconA
0x47e990 LoadCursorA
0x47e994 LoadBitmapA
0x47e998 KillTimer
0x47e99c IsZoomed
0x47e9a0 IsWindowVisible
0x47e9a4 IsWindowUnicode
0x47e9a8 IsWindowEnabled
0x47e9ac IsWindow
0x47e9b0 IsRectEmpty
0x47e9b4 IsIconic
0x47e9b8 IsDialogMessageW
0x47e9bc IsDialogMessageA
0x47e9c0 IsChild
0x47e9c4 InvalidateRect
0x47e9c8 IntersectRect
0x47e9cc InsertMenuItemA
0x47e9d0 InsertMenuA
0x47e9d4 InflateRect
0x47e9d8 GetWindowThreadProcessId
0x47e9dc GetWindowTextA
0x47e9e0 GetWindowRect
0x47e9e4 GetWindowPlacement
0x47e9e8 GetWindowLongW
0x47e9ec GetWindowLongA
0x47e9f0 GetWindowDC
0x47e9f4 GetTopWindow
0x47e9f8 GetSystemMetrics
0x47e9fc GetSystemMenu
0x47ea00 GetSysColorBrush
0x47ea04 GetSysColor
0x47ea08 GetSubMenu
0x47ea0c GetScrollRange
0x47ea10 GetScrollPos
0x47ea14 GetScrollInfo
0x47ea18 GetPropA
0x47ea1c GetParent
0x47ea20 GetWindow
0x47ea24 GetMessagePos
0x47ea28 GetMenuStringA
0x47ea2c GetMenuState
0x47ea30 GetMenuItemInfoA
0x47ea34 GetMenuItemID
0x47ea38 GetMenuItemCount
0x47ea3c GetMenu
0x47ea40 GetLastActivePopup
0x47ea44 GetKeyboardState
0x47ea48 GetKeyboardLayoutNameA
0x47ea4c GetKeyboardLayoutList
0x47ea50 GetKeyboardLayout
0x47ea54 GetKeyState
0x47ea58 GetKeyNameTextA
0x47ea5c GetIconInfo
0x47ea60 GetForegroundWindow
0x47ea64 GetFocus
0x47ea68 GetDlgItem
0x47ea6c GetDesktopWindow
0x47ea70 GetDCEx
0x47ea74 GetDC
0x47ea78 GetCursorPos
0x47ea7c GetCursor
0x47ea80 GetClipboardData
0x47ea84 GetClientRect
0x47ea88 GetClassLongA
0x47ea8c GetClassInfoA
0x47ea90 GetCapture
0x47ea94 GetActiveWindow
0x47ea98 FrameRect
0x47ea9c FindWindowA
0x47eaa0 FillRect
0x47eaa4 EqualRect
0x47eaa8 EnumWindows
0x47eaac EnumThreadWindows
0x47eab0 EnumChildWindows
0x47eab4 EndPaint
0x47eab8 EnableWindow
0x47eabc EnableScrollBar
0x47eac0 EnableMenuItem
0x47eac4 EmptyClipboard
0x47eac8 DrawTextA
0x47eacc DrawMenuBar
0x47ead0 DrawIconEx
0x47ead4 DrawIcon
0x47ead8 DrawFrameControl
0x47eadc DrawFocusRect
0x47eae0 DrawEdge
0x47eae4 DispatchMessageW
0x47eae8 DispatchMessageA
0x47eaec DestroyWindow
0x47eaf0 DestroyMenu
0x47eaf4 DestroyIcon
0x47eaf8 DestroyCursor
0x47eafc DeleteMenu
0x47eb00 DefWindowProcA
0x47eb04 DefMDIChildProcA
0x47eb08 DefFrameProcA
0x47eb0c CreatePopupMenu
0x47eb10 CreateMenu
0x47eb14 CreateIcon
0x47eb18 CloseClipboard
0x47eb1c ClientToScreen
0x47eb20 CheckMenuItem
0x47eb24 CallWindowProcA
0x47eb28 CallNextHookEx
0x47eb2c BeginPaint
0x47eb30 CharNextA
0x47eb34 CharLowerBuffA
0x47eb38 CharLowerA
0x47eb3c CharUpperBuffA
0x47eb40 CharToOemA
0x47eb44 AdjustWindowRectEx
0x47eb48 ActivateKeyboardLayout
gdi32.dll
0x47eb50 UnrealizeObject
0x47eb54 StretchBlt
0x47eb58 SetWindowOrgEx
0x47eb5c SetWinMetaFileBits
0x47eb60 SetViewportOrgEx
0x47eb64 SetTextColor
0x47eb68 SetStretchBltMode
0x47eb6c SetROP2
0x47eb70 SetPixel
0x47eb74 SetEnhMetaFileBits
0x47eb78 SetDIBColorTable
0x47eb7c SetBrushOrgEx
0x47eb80 SetBkMode
0x47eb84 SetBkColor
0x47eb88 SelectPalette
0x47eb8c SelectObject
0x47eb90 SaveDC
0x47eb94 RestoreDC
0x47eb98 Rectangle
0x47eb9c RectVisible
0x47eba0 RealizePalette
0x47eba4 PlayEnhMetaFile
0x47eba8 PatBlt
0x47ebac MoveToEx
0x47ebb0 MaskBlt
0x47ebb4 LineTo
0x47ebb8 IntersectClipRect
0x47ebbc GetWindowOrgEx
0x47ebc0 GetWinMetaFileBits
0x47ebc4 GetTextMetricsA
0x47ebc8 GetTextExtentPointA
0x47ebcc GetTextExtentPoint32A
0x47ebd0 GetSystemPaletteEntries
0x47ebd4 GetStockObject
0x47ebd8 GetRgnBox
0x47ebdc GetPixel
0x47ebe0 GetPaletteEntries
0x47ebe4 GetObjectA
0x47ebe8 GetEnhMetaFilePaletteEntries
0x47ebec GetEnhMetaFileHeader
0x47ebf0 GetEnhMetaFileBits
0x47ebf4 GetDeviceCaps
0x47ebf8 GetDIBits
0x47ebfc GetDIBColorTable
0x47ec00 GetDCOrgEx
0x47ec04 GetCurrentPositionEx
0x47ec08 GetClipBox
0x47ec0c GetBrushOrgEx
0x47ec10 GetBitmapBits
0x47ec14 GdiFlush
0x47ec18 ExcludeClipRect
0x47ec1c DeleteObject
0x47ec20 DeleteEnhMetaFile
0x47ec24 DeleteDC
0x47ec28 CreateSolidBrush
0x47ec2c CreatePenIndirect
0x47ec30 CreatePalette
0x47ec34 CreateHalftonePalette
0x47ec38 CreateFontIndirectA
0x47ec3c CreateDIBitmap
0x47ec40 CreateDIBSection
0x47ec44 CreateCompatibleDC
0x47ec48 CreateCompatibleBitmap
0x47ec4c CreateBrushIndirect
0x47ec50 CreateBitmap
0x47ec54 CopyEnhMetaFileA
0x47ec58 BitBlt
version.dll
0x47ec60 VerQueryValueA
0x47ec64 GetFileVersionInfoSizeA
0x47ec68 GetFileVersionInfoA
kernel32.dll
0x47ec70 lstrcpyA
0x47ec74 WriteFile
0x47ec78 WaitForSingleObject
0x47ec7c VirtualQuery
0x47ec80 VirtualProtect
0x47ec84 VirtualAlloc
0x47ec88 SizeofResource
0x47ec8c SetThreadLocale
0x47ec90 SetFilePointer
0x47ec94 SetEvent
0x47ec98 SetErrorMode
0x47ec9c SetEndOfFile
0x47eca0 ResetEvent
0x47eca4 ReadFile
0x47eca8 MulDiv
0x47ecac LockResource
0x47ecb0 LoadResource
0x47ecb4 LoadLibraryA
0x47ecb8 LeaveCriticalSection
0x47ecbc InitializeCriticalSection
0x47ecc0 GlobalUnlock
0x47ecc4 GlobalLock
0x47ecc8 GlobalFree
0x47eccc GlobalFindAtomA
0x47ecd0 GlobalDeleteAtom
0x47ecd4 GlobalAlloc
0x47ecd8 GlobalAddAtomA
0x47ecdc GetVersionExA
0x47ece0 GetVersion
0x47ece4 GetTickCount
0x47ece8 GetThreadLocale
0x47ecec GetStdHandle
0x47ecf0 GetProcAddress
0x47ecf4 GetModuleHandleA
0x47ecf8 GetModuleFileNameA
0x47ecfc GetLocaleInfoA
0x47ed00 GetLocalTime
0x47ed04 GetLastError
0x47ed08 GetFullPathNameA
0x47ed0c GetDiskFreeSpaceA
0x47ed10 GetDateFormatA
0x47ed14 GetCurrentThreadId
0x47ed18 GetCurrentProcessId
0x47ed1c GetCPInfo
0x47ed20 FreeResource
0x47ed24 InterlockedExchange
0x47ed28 FreeLibrary
0x47ed2c FormatMessageA
0x47ed30 FindResourceA
0x47ed34 EnumCalendarInfoA
0x47ed38 EnterCriticalSection
0x47ed3c DeleteCriticalSection
0x47ed40 CreateThread
0x47ed44 CreateFileA
0x47ed48 CreateEventA
0x47ed4c CompareStringA
0x47ed50 CloseHandle
advapi32.dll
0x47ed58 RegQueryValueExA
0x47ed5c RegOpenKeyExA
0x47ed60 RegFlushKey
0x47ed64 RegCloseKey
kernel32.dll
0x47ed6c Sleep
oleaut32.dll
0x47ed74 SafeArrayPtrOfIndex
0x47ed78 SafeArrayGetUBound
0x47ed7c SafeArrayGetLBound
0x47ed80 SafeArrayCreate
0x47ed84 VariantChangeType
0x47ed88 VariantCopy
0x47ed8c VariantClear
0x47ed90 VariantInit
comctl32.dll
0x47ed98 _TrackMouseEvent
0x47ed9c ImageList_SetIconSize
0x47eda0 ImageList_GetIconSize
0x47eda4 ImageList_Write
0x47eda8 ImageList_Read
0x47edac ImageList_GetDragImage
0x47edb0 ImageList_DragShowNolock
0x47edb4 ImageList_DragMove
0x47edb8 ImageList_DragLeave
0x47edbc ImageList_DragEnter
0x47edc0 ImageList_EndDrag
0x47edc4 ImageList_BeginDrag
0x47edc8 ImageList_Remove
0x47edcc ImageList_DrawEx
0x47edd0 ImageList_Replace
0x47edd4 ImageList_Draw
0x47edd8 ImageList_GetBkColor
0x47eddc ImageList_SetBkColor
0x47ede0 ImageList_Add
0x47ede4 ImageList_GetImageCount
0x47ede8 ImageList_Destroy
0x47edec ImageList_Create
shell32.dll
0x47edf4 ShellExecuteA
comdlg32.dll
0x47edfc GetOpenFileNameA
winmm.dll
0x47ee04 PlaySoundA
EAT(Export Address Table) is none