ScreenShot
| Created | 2021.08.26 08:37 | Machine | s1_win7_x6402 |
| Filename | bill.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 18 detected (AIDetect, malware2, malicious, high confidence, Unsafe, ZelphiF, UGW@amxrxlci, EPZM, Diple, Fareit, Static AI, Suspicious PE, Sabsik, score, BScope, Noon, susgen) | ||
| md5 | 27ee757d743631d49dcb3c6d7c90dfbe | ||
| sha256 | dc1bb96ddee60e15d3344fc4b0413634a54974ef9e854628157800c9d695f028 | ||
| ssdeep | 12288:vFtHRwMpWIIyKj9X1WxQ3jC0CJVYT+R0ws8YAX2ujF5JjFWVJq2O:vFtxwR9uwvQYYds/+TJ581O | ||
| imphash | 5a802a354982a97544e495df27ee8291 | ||
| impfuzzy | 192:f3ZDC7k1DJImmbuuArSUvK9RqooqyKeSPOQRf1:f391DWAA9LdPOQB1 | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x48412c DeleteCriticalSection
0x484130 LeaveCriticalSection
0x484134 EnterCriticalSection
0x484138 InitializeCriticalSection
0x48413c VirtualFree
0x484140 VirtualAlloc
0x484144 LocalFree
0x484148 LocalAlloc
0x48414c GetVersion
0x484150 GetCurrentThreadId
0x484154 InterlockedDecrement
0x484158 InterlockedIncrement
0x48415c VirtualQuery
0x484160 WideCharToMultiByte
0x484164 MultiByteToWideChar
0x484168 lstrlenA
0x48416c lstrcpynA
0x484170 LoadLibraryExA
0x484174 GetThreadLocale
0x484178 GetStartupInfoA
0x48417c GetProcAddress
0x484180 GetModuleHandleA
0x484184 GetModuleFileNameA
0x484188 GetLocaleInfoA
0x48418c GetCommandLineA
0x484190 FreeLibrary
0x484194 FindFirstFileA
0x484198 FindClose
0x48419c ExitProcess
0x4841a0 WriteFile
0x4841a4 UnhandledExceptionFilter
0x4841a8 RtlUnwind
0x4841ac RaiseException
0x4841b0 GetStdHandle
user32.dll
0x4841b8 GetKeyboardType
0x4841bc LoadStringA
0x4841c0 MessageBoxA
0x4841c4 CharNextA
advapi32.dll
0x4841cc RegQueryValueExA
0x4841d0 RegOpenKeyExA
0x4841d4 RegCloseKey
oleaut32.dll
0x4841dc SysFreeString
0x4841e0 SysReAllocStringLen
0x4841e4 SysAllocStringLen
kernel32.dll
0x4841ec TlsSetValue
0x4841f0 TlsGetValue
0x4841f4 LocalAlloc
0x4841f8 GetModuleHandleA
advapi32.dll
0x484200 RegQueryValueExA
0x484204 RegOpenKeyExA
0x484208 RegCloseKey
kernel32.dll
0x484210 lstrcpyA
0x484214 lstrcmpiA
0x484218 WriteProcessMemory
0x48421c WritePrivateProfileStringA
0x484220 WriteFile
0x484224 WaitForSingleObject
0x484228 VirtualQuery
0x48422c VirtualProtect
0x484230 VirtualFree
0x484234 VirtualAllocEx
0x484238 VirtualAlloc
0x48423c Sleep
0x484240 SizeofResource
0x484244 SetThreadLocale
0x484248 SetFilePointer
0x48424c SetEvent
0x484250 SetErrorMode
0x484254 SetEndOfFile
0x484258 ResumeThread
0x48425c ResetEvent
0x484260 ReadProcessMemory
0x484264 ReadFile
0x484268 MulDiv
0x48426c LockResource
0x484270 LoadResource
0x484274 LoadLibraryA
0x484278 LeaveCriticalSection
0x48427c InitializeCriticalSection
0x484280 GlobalUnlock
0x484284 GlobalReAlloc
0x484288 GlobalHandle
0x48428c GlobalLock
0x484290 GlobalFree
0x484294 GlobalFindAtomA
0x484298 GlobalDeleteAtom
0x48429c GlobalAlloc
0x4842a0 GlobalAddAtomA
0x4842a4 GetVersionExA
0x4842a8 GetVersion
0x4842ac GetTickCount
0x4842b0 GetThreadLocale
0x4842b4 GetSystemInfo
0x4842b8 GetStringTypeExA
0x4842bc GetStdHandle
0x4842c0 GetProcAddress
0x4842c4 GetPrivateProfileStringA
0x4842c8 GetModuleHandleA
0x4842cc GetModuleFileNameA
0x4842d0 GetLocaleInfoA
0x4842d4 GetLocalTime
0x4842d8 GetLastError
0x4842dc GetFullPathNameA
0x4842e0 GetExitCodeThread
0x4842e4 GetDiskFreeSpaceA
0x4842e8 GetDateFormatA
0x4842ec GetCurrentThreadId
0x4842f0 GetCurrentProcessId
0x4842f4 GetCPInfo
0x4842f8 GetACP
0x4842fc FreeResource
0x484300 InterlockedExchange
0x484304 FreeLibrary
0x484308 FormatMessageA
0x48430c FindResourceA
0x484310 FindFirstFileA
0x484314 FindClose
0x484318 FileTimeToLocalFileTime
0x48431c FileTimeToDosDateTime
0x484320 ExitProcess
0x484324 EnumCalendarInfoA
0x484328 EnterCriticalSection
0x48432c DeleteCriticalSection
0x484330 CreateThread
0x484334 CreateRemoteThread
0x484338 CreateProcessA
0x48433c CreateFileA
0x484340 CreateEventA
0x484344 CompareStringA
0x484348 CloseHandle
version.dll
0x484350 VerQueryValueA
0x484354 GetFileVersionInfoSizeA
0x484358 GetFileVersionInfoA
gdi32.dll
0x484360 UnrealizeObject
0x484364 StretchBlt
0x484368 SetWindowOrgEx
0x48436c SetWinMetaFileBits
0x484370 SetViewportOrgEx
0x484374 SetTextColor
0x484378 SetStretchBltMode
0x48437c SetROP2
0x484380 SetPixel
0x484384 SetEnhMetaFileBits
0x484388 SetDIBColorTable
0x48438c SetBrushOrgEx
0x484390 SetBkMode
0x484394 SetBkColor
0x484398 SelectPalette
0x48439c SelectObject
0x4843a0 SelectClipRgn
0x4843a4 SaveDC
0x4843a8 RestoreDC
0x4843ac Rectangle
0x4843b0 RectVisible
0x4843b4 RealizePalette
0x4843b8 Polyline
0x4843bc PlayEnhMetaFile
0x4843c0 PatBlt
0x4843c4 MoveToEx
0x4843c8 MaskBlt
0x4843cc LineTo
0x4843d0 IntersectClipRect
0x4843d4 GetWindowOrgEx
0x4843d8 GetWinMetaFileBits
0x4843dc GetTextMetricsA
0x4843e0 GetTextExtentPoint32A
0x4843e4 GetSystemPaletteEntries
0x4843e8 GetStockObject
0x4843ec GetPixel
0x4843f0 GetPaletteEntries
0x4843f4 GetObjectA
0x4843f8 GetEnhMetaFilePaletteEntries
0x4843fc GetEnhMetaFileHeader
0x484400 GetEnhMetaFileBits
0x484404 GetDeviceCaps
0x484408 GetDIBits
0x48440c GetDIBColorTable
0x484410 GetDCOrgEx
0x484414 GetCurrentPositionEx
0x484418 GetClipBox
0x48441c GetBrushOrgEx
0x484420 GetBitmapBits
0x484424 GdiFlush
0x484428 ExtTextOutA
0x48442c ExcludeClipRect
0x484430 EnumFontFamiliesExA
0x484434 DeleteObject
0x484438 DeleteEnhMetaFile
0x48443c DeleteDC
0x484440 CreateSolidBrush
0x484444 CreatePenIndirect
0x484448 CreatePalette
0x48444c CreateHalftonePalette
0x484450 CreateFontIndirectA
0x484454 CreateDIBitmap
0x484458 CreateDIBSection
0x48445c CreateCompatibleDC
0x484460 CreateCompatibleBitmap
0x484464 CreateBrushIndirect
0x484468 CreateBitmap
0x48446c CopyEnhMetaFileA
0x484470 BitBlt
user32.dll
0x484478 CreateWindowExA
0x48447c WindowFromPoint
0x484480 WinHelpA
0x484484 WaitMessage
0x484488 UpdateWindow
0x48448c UnregisterClassA
0x484490 UnhookWindowsHookEx
0x484494 TranslateMessage
0x484498 TranslateMDISysAccel
0x48449c TrackPopupMenu
0x4844a0 SystemParametersInfoA
0x4844a4 ShowWindow
0x4844a8 ShowScrollBar
0x4844ac ShowOwnedPopups
0x4844b0 ShowCursor
0x4844b4 SetWindowsHookExA
0x4844b8 SetWindowTextA
0x4844bc SetWindowPos
0x4844c0 SetWindowPlacement
0x4844c4 SetWindowLongA
0x4844c8 SetTimer
0x4844cc SetScrollRange
0x4844d0 SetScrollPos
0x4844d4 SetScrollInfo
0x4844d8 SetRect
0x4844dc SetPropA
0x4844e0 SetParent
0x4844e4 SetMenuItemInfoA
0x4844e8 SetMenu
0x4844ec SetForegroundWindow
0x4844f0 SetFocus
0x4844f4 SetCursor
0x4844f8 SetClassLongA
0x4844fc SetCapture
0x484500 SetActiveWindow
0x484504 SendMessageA
0x484508 ScrollWindow
0x48450c ScreenToClient
0x484510 RemovePropA
0x484514 RemoveMenu
0x484518 ReleaseDC
0x48451c ReleaseCapture
0x484520 RegisterWindowMessageA
0x484524 RegisterClipboardFormatA
0x484528 RegisterClassA
0x48452c RedrawWindow
0x484530 PtInRect
0x484534 PostQuitMessage
0x484538 PostMessageA
0x48453c PeekMessageA
0x484540 OffsetRect
0x484544 OemToCharA
0x484548 MessageBoxA
0x48454c MapWindowPoints
0x484550 MapVirtualKeyA
0x484554 LoadStringA
0x484558 LoadKeyboardLayoutA
0x48455c LoadIconA
0x484560 LoadCursorA
0x484564 LoadBitmapA
0x484568 KillTimer
0x48456c IsZoomed
0x484570 IsWindowVisible
0x484574 IsWindowEnabled
0x484578 IsWindow
0x48457c IsRectEmpty
0x484580 IsIconic
0x484584 IsDialogMessageA
0x484588 IsChild
0x48458c InvalidateRect
0x484590 IntersectRect
0x484594 InsertMenuItemA
0x484598 InsertMenuA
0x48459c InflateRect
0x4845a0 GetWindowThreadProcessId
0x4845a4 GetWindowTextA
0x4845a8 GetWindowRect
0x4845ac GetWindowPlacement
0x4845b0 GetWindowLongA
0x4845b4 GetWindowDC
0x4845b8 GetTopWindow
0x4845bc GetSystemMetrics
0x4845c0 GetSystemMenu
0x4845c4 GetSysColorBrush
0x4845c8 GetSysColor
0x4845cc GetSubMenu
0x4845d0 GetScrollRange
0x4845d4 GetScrollPos
0x4845d8 GetScrollInfo
0x4845dc GetPropA
0x4845e0 GetParent
0x4845e4 GetWindow
0x4845e8 GetMenuStringA
0x4845ec GetMenuState
0x4845f0 GetMenuItemInfoA
0x4845f4 GetMenuItemID
0x4845f8 GetMenuItemCount
0x4845fc GetMenu
0x484600 GetLastActivePopup
0x484604 GetKeyboardState
0x484608 GetKeyboardLayoutList
0x48460c GetKeyboardLayout
0x484610 GetKeyState
0x484614 GetKeyNameTextA
0x484618 GetIconInfo
0x48461c GetForegroundWindow
0x484620 GetFocus
0x484624 GetDlgItem
0x484628 GetDesktopWindow
0x48462c GetDCEx
0x484630 GetDC
0x484634 GetCursorPos
0x484638 GetCursor
0x48463c GetClipboardData
0x484640 GetClientRect
0x484644 GetClassNameA
0x484648 GetClassInfoA
0x48464c GetCapture
0x484650 GetActiveWindow
0x484654 FrameRect
0x484658 FindWindowA
0x48465c FillRect
0x484660 EqualRect
0x484664 EnumWindows
0x484668 EnumThreadWindows
0x48466c EndPaint
0x484670 EnableWindow
0x484674 EnableScrollBar
0x484678 EnableMenuItem
0x48467c DrawTextA
0x484680 DrawMenuBar
0x484684 DrawIconEx
0x484688 DrawIcon
0x48468c DrawFrameControl
0x484690 DrawFocusRect
0x484694 DrawEdge
0x484698 DispatchMessageA
0x48469c DestroyWindow
0x4846a0 DestroyMenu
0x4846a4 DestroyIcon
0x4846a8 DestroyCursor
0x4846ac DeleteMenu
0x4846b0 DefWindowProcA
0x4846b4 DefMDIChildProcA
0x4846b8 DefFrameProcA
0x4846bc CreatePopupMenu
0x4846c0 CreateMenu
0x4846c4 CreateIcon
0x4846c8 ClientToScreen
0x4846cc CheckMenuItem
0x4846d0 CallWindowProcA
0x4846d4 CallNextHookEx
0x4846d8 BeginPaint
0x4846dc CharNextA
0x4846e0 CharLowerBuffA
0x4846e4 CharLowerA
0x4846e8 CharToOemA
0x4846ec AdjustWindowRectEx
0x4846f0 ActivateKeyboardLayout
kernel32.dll
0x4846f8 Sleep
oleaut32.dll
0x484700 SafeArrayPtrOfIndex
0x484704 SafeArrayGetUBound
0x484708 SafeArrayGetLBound
0x48470c SafeArrayCreate
0x484710 VariantChangeType
0x484714 VariantCopy
0x484718 VariantClear
0x48471c VariantInit
comctl32.dll
0x484724 ImageList_SetIconSize
0x484728 ImageList_GetIconSize
0x48472c ImageList_Write
0x484730 ImageList_Read
0x484734 ImageList_GetDragImage
0x484738 ImageList_DragShowNolock
0x48473c ImageList_SetDragCursorImage
0x484740 ImageList_DragMove
0x484744 ImageList_DragLeave
0x484748 ImageList_DragEnter
0x48474c ImageList_EndDrag
0x484750 ImageList_BeginDrag
0x484754 ImageList_Remove
0x484758 ImageList_DrawEx
0x48475c ImageList_Replace
0x484760 ImageList_Draw
0x484764 ImageList_GetBkColor
0x484768 ImageList_SetBkColor
0x48476c ImageList_ReplaceIcon
0x484770 ImageList_Add
0x484774 ImageList_SetImageCount
0x484778 ImageList_GetImageCount
0x48477c ImageList_Destroy
0x484780 ImageList_Create
0x484784 InitCommonControls
comdlg32.dll
0x48478c ChooseColorA
0x484790 GetSaveFileNameA
0x484794 GetOpenFileNameA
EAT(Export Address Table) is none
kernel32.dll
0x48412c DeleteCriticalSection
0x484130 LeaveCriticalSection
0x484134 EnterCriticalSection
0x484138 InitializeCriticalSection
0x48413c VirtualFree
0x484140 VirtualAlloc
0x484144 LocalFree
0x484148 LocalAlloc
0x48414c GetVersion
0x484150 GetCurrentThreadId
0x484154 InterlockedDecrement
0x484158 InterlockedIncrement
0x48415c VirtualQuery
0x484160 WideCharToMultiByte
0x484164 MultiByteToWideChar
0x484168 lstrlenA
0x48416c lstrcpynA
0x484170 LoadLibraryExA
0x484174 GetThreadLocale
0x484178 GetStartupInfoA
0x48417c GetProcAddress
0x484180 GetModuleHandleA
0x484184 GetModuleFileNameA
0x484188 GetLocaleInfoA
0x48418c GetCommandLineA
0x484190 FreeLibrary
0x484194 FindFirstFileA
0x484198 FindClose
0x48419c ExitProcess
0x4841a0 WriteFile
0x4841a4 UnhandledExceptionFilter
0x4841a8 RtlUnwind
0x4841ac RaiseException
0x4841b0 GetStdHandle
user32.dll
0x4841b8 GetKeyboardType
0x4841bc LoadStringA
0x4841c0 MessageBoxA
0x4841c4 CharNextA
advapi32.dll
0x4841cc RegQueryValueExA
0x4841d0 RegOpenKeyExA
0x4841d4 RegCloseKey
oleaut32.dll
0x4841dc SysFreeString
0x4841e0 SysReAllocStringLen
0x4841e4 SysAllocStringLen
kernel32.dll
0x4841ec TlsSetValue
0x4841f0 TlsGetValue
0x4841f4 LocalAlloc
0x4841f8 GetModuleHandleA
advapi32.dll
0x484200 RegQueryValueExA
0x484204 RegOpenKeyExA
0x484208 RegCloseKey
kernel32.dll
0x484210 lstrcpyA
0x484214 lstrcmpiA
0x484218 WriteProcessMemory
0x48421c WritePrivateProfileStringA
0x484220 WriteFile
0x484224 WaitForSingleObject
0x484228 VirtualQuery
0x48422c VirtualProtect
0x484230 VirtualFree
0x484234 VirtualAllocEx
0x484238 VirtualAlloc
0x48423c Sleep
0x484240 SizeofResource
0x484244 SetThreadLocale
0x484248 SetFilePointer
0x48424c SetEvent
0x484250 SetErrorMode
0x484254 SetEndOfFile
0x484258 ResumeThread
0x48425c ResetEvent
0x484260 ReadProcessMemory
0x484264 ReadFile
0x484268 MulDiv
0x48426c LockResource
0x484270 LoadResource
0x484274 LoadLibraryA
0x484278 LeaveCriticalSection
0x48427c InitializeCriticalSection
0x484280 GlobalUnlock
0x484284 GlobalReAlloc
0x484288 GlobalHandle
0x48428c GlobalLock
0x484290 GlobalFree
0x484294 GlobalFindAtomA
0x484298 GlobalDeleteAtom
0x48429c GlobalAlloc
0x4842a0 GlobalAddAtomA
0x4842a4 GetVersionExA
0x4842a8 GetVersion
0x4842ac GetTickCount
0x4842b0 GetThreadLocale
0x4842b4 GetSystemInfo
0x4842b8 GetStringTypeExA
0x4842bc GetStdHandle
0x4842c0 GetProcAddress
0x4842c4 GetPrivateProfileStringA
0x4842c8 GetModuleHandleA
0x4842cc GetModuleFileNameA
0x4842d0 GetLocaleInfoA
0x4842d4 GetLocalTime
0x4842d8 GetLastError
0x4842dc GetFullPathNameA
0x4842e0 GetExitCodeThread
0x4842e4 GetDiskFreeSpaceA
0x4842e8 GetDateFormatA
0x4842ec GetCurrentThreadId
0x4842f0 GetCurrentProcessId
0x4842f4 GetCPInfo
0x4842f8 GetACP
0x4842fc FreeResource
0x484300 InterlockedExchange
0x484304 FreeLibrary
0x484308 FormatMessageA
0x48430c FindResourceA
0x484310 FindFirstFileA
0x484314 FindClose
0x484318 FileTimeToLocalFileTime
0x48431c FileTimeToDosDateTime
0x484320 ExitProcess
0x484324 EnumCalendarInfoA
0x484328 EnterCriticalSection
0x48432c DeleteCriticalSection
0x484330 CreateThread
0x484334 CreateRemoteThread
0x484338 CreateProcessA
0x48433c CreateFileA
0x484340 CreateEventA
0x484344 CompareStringA
0x484348 CloseHandle
version.dll
0x484350 VerQueryValueA
0x484354 GetFileVersionInfoSizeA
0x484358 GetFileVersionInfoA
gdi32.dll
0x484360 UnrealizeObject
0x484364 StretchBlt
0x484368 SetWindowOrgEx
0x48436c SetWinMetaFileBits
0x484370 SetViewportOrgEx
0x484374 SetTextColor
0x484378 SetStretchBltMode
0x48437c SetROP2
0x484380 SetPixel
0x484384 SetEnhMetaFileBits
0x484388 SetDIBColorTable
0x48438c SetBrushOrgEx
0x484390 SetBkMode
0x484394 SetBkColor
0x484398 SelectPalette
0x48439c SelectObject
0x4843a0 SelectClipRgn
0x4843a4 SaveDC
0x4843a8 RestoreDC
0x4843ac Rectangle
0x4843b0 RectVisible
0x4843b4 RealizePalette
0x4843b8 Polyline
0x4843bc PlayEnhMetaFile
0x4843c0 PatBlt
0x4843c4 MoveToEx
0x4843c8 MaskBlt
0x4843cc LineTo
0x4843d0 IntersectClipRect
0x4843d4 GetWindowOrgEx
0x4843d8 GetWinMetaFileBits
0x4843dc GetTextMetricsA
0x4843e0 GetTextExtentPoint32A
0x4843e4 GetSystemPaletteEntries
0x4843e8 GetStockObject
0x4843ec GetPixel
0x4843f0 GetPaletteEntries
0x4843f4 GetObjectA
0x4843f8 GetEnhMetaFilePaletteEntries
0x4843fc GetEnhMetaFileHeader
0x484400 GetEnhMetaFileBits
0x484404 GetDeviceCaps
0x484408 GetDIBits
0x48440c GetDIBColorTable
0x484410 GetDCOrgEx
0x484414 GetCurrentPositionEx
0x484418 GetClipBox
0x48441c GetBrushOrgEx
0x484420 GetBitmapBits
0x484424 GdiFlush
0x484428 ExtTextOutA
0x48442c ExcludeClipRect
0x484430 EnumFontFamiliesExA
0x484434 DeleteObject
0x484438 DeleteEnhMetaFile
0x48443c DeleteDC
0x484440 CreateSolidBrush
0x484444 CreatePenIndirect
0x484448 CreatePalette
0x48444c CreateHalftonePalette
0x484450 CreateFontIndirectA
0x484454 CreateDIBitmap
0x484458 CreateDIBSection
0x48445c CreateCompatibleDC
0x484460 CreateCompatibleBitmap
0x484464 CreateBrushIndirect
0x484468 CreateBitmap
0x48446c CopyEnhMetaFileA
0x484470 BitBlt
user32.dll
0x484478 CreateWindowExA
0x48447c WindowFromPoint
0x484480 WinHelpA
0x484484 WaitMessage
0x484488 UpdateWindow
0x48448c UnregisterClassA
0x484490 UnhookWindowsHookEx
0x484494 TranslateMessage
0x484498 TranslateMDISysAccel
0x48449c TrackPopupMenu
0x4844a0 SystemParametersInfoA
0x4844a4 ShowWindow
0x4844a8 ShowScrollBar
0x4844ac ShowOwnedPopups
0x4844b0 ShowCursor
0x4844b4 SetWindowsHookExA
0x4844b8 SetWindowTextA
0x4844bc SetWindowPos
0x4844c0 SetWindowPlacement
0x4844c4 SetWindowLongA
0x4844c8 SetTimer
0x4844cc SetScrollRange
0x4844d0 SetScrollPos
0x4844d4 SetScrollInfo
0x4844d8 SetRect
0x4844dc SetPropA
0x4844e0 SetParent
0x4844e4 SetMenuItemInfoA
0x4844e8 SetMenu
0x4844ec SetForegroundWindow
0x4844f0 SetFocus
0x4844f4 SetCursor
0x4844f8 SetClassLongA
0x4844fc SetCapture
0x484500 SetActiveWindow
0x484504 SendMessageA
0x484508 ScrollWindow
0x48450c ScreenToClient
0x484510 RemovePropA
0x484514 RemoveMenu
0x484518 ReleaseDC
0x48451c ReleaseCapture
0x484520 RegisterWindowMessageA
0x484524 RegisterClipboardFormatA
0x484528 RegisterClassA
0x48452c RedrawWindow
0x484530 PtInRect
0x484534 PostQuitMessage
0x484538 PostMessageA
0x48453c PeekMessageA
0x484540 OffsetRect
0x484544 OemToCharA
0x484548 MessageBoxA
0x48454c MapWindowPoints
0x484550 MapVirtualKeyA
0x484554 LoadStringA
0x484558 LoadKeyboardLayoutA
0x48455c LoadIconA
0x484560 LoadCursorA
0x484564 LoadBitmapA
0x484568 KillTimer
0x48456c IsZoomed
0x484570 IsWindowVisible
0x484574 IsWindowEnabled
0x484578 IsWindow
0x48457c IsRectEmpty
0x484580 IsIconic
0x484584 IsDialogMessageA
0x484588 IsChild
0x48458c InvalidateRect
0x484590 IntersectRect
0x484594 InsertMenuItemA
0x484598 InsertMenuA
0x48459c InflateRect
0x4845a0 GetWindowThreadProcessId
0x4845a4 GetWindowTextA
0x4845a8 GetWindowRect
0x4845ac GetWindowPlacement
0x4845b0 GetWindowLongA
0x4845b4 GetWindowDC
0x4845b8 GetTopWindow
0x4845bc GetSystemMetrics
0x4845c0 GetSystemMenu
0x4845c4 GetSysColorBrush
0x4845c8 GetSysColor
0x4845cc GetSubMenu
0x4845d0 GetScrollRange
0x4845d4 GetScrollPos
0x4845d8 GetScrollInfo
0x4845dc GetPropA
0x4845e0 GetParent
0x4845e4 GetWindow
0x4845e8 GetMenuStringA
0x4845ec GetMenuState
0x4845f0 GetMenuItemInfoA
0x4845f4 GetMenuItemID
0x4845f8 GetMenuItemCount
0x4845fc GetMenu
0x484600 GetLastActivePopup
0x484604 GetKeyboardState
0x484608 GetKeyboardLayoutList
0x48460c GetKeyboardLayout
0x484610 GetKeyState
0x484614 GetKeyNameTextA
0x484618 GetIconInfo
0x48461c GetForegroundWindow
0x484620 GetFocus
0x484624 GetDlgItem
0x484628 GetDesktopWindow
0x48462c GetDCEx
0x484630 GetDC
0x484634 GetCursorPos
0x484638 GetCursor
0x48463c GetClipboardData
0x484640 GetClientRect
0x484644 GetClassNameA
0x484648 GetClassInfoA
0x48464c GetCapture
0x484650 GetActiveWindow
0x484654 FrameRect
0x484658 FindWindowA
0x48465c FillRect
0x484660 EqualRect
0x484664 EnumWindows
0x484668 EnumThreadWindows
0x48466c EndPaint
0x484670 EnableWindow
0x484674 EnableScrollBar
0x484678 EnableMenuItem
0x48467c DrawTextA
0x484680 DrawMenuBar
0x484684 DrawIconEx
0x484688 DrawIcon
0x48468c DrawFrameControl
0x484690 DrawFocusRect
0x484694 DrawEdge
0x484698 DispatchMessageA
0x48469c DestroyWindow
0x4846a0 DestroyMenu
0x4846a4 DestroyIcon
0x4846a8 DestroyCursor
0x4846ac DeleteMenu
0x4846b0 DefWindowProcA
0x4846b4 DefMDIChildProcA
0x4846b8 DefFrameProcA
0x4846bc CreatePopupMenu
0x4846c0 CreateMenu
0x4846c4 CreateIcon
0x4846c8 ClientToScreen
0x4846cc CheckMenuItem
0x4846d0 CallWindowProcA
0x4846d4 CallNextHookEx
0x4846d8 BeginPaint
0x4846dc CharNextA
0x4846e0 CharLowerBuffA
0x4846e4 CharLowerA
0x4846e8 CharToOemA
0x4846ec AdjustWindowRectEx
0x4846f0 ActivateKeyboardLayout
kernel32.dll
0x4846f8 Sleep
oleaut32.dll
0x484700 SafeArrayPtrOfIndex
0x484704 SafeArrayGetUBound
0x484708 SafeArrayGetLBound
0x48470c SafeArrayCreate
0x484710 VariantChangeType
0x484714 VariantCopy
0x484718 VariantClear
0x48471c VariantInit
comctl32.dll
0x484724 ImageList_SetIconSize
0x484728 ImageList_GetIconSize
0x48472c ImageList_Write
0x484730 ImageList_Read
0x484734 ImageList_GetDragImage
0x484738 ImageList_DragShowNolock
0x48473c ImageList_SetDragCursorImage
0x484740 ImageList_DragMove
0x484744 ImageList_DragLeave
0x484748 ImageList_DragEnter
0x48474c ImageList_EndDrag
0x484750 ImageList_BeginDrag
0x484754 ImageList_Remove
0x484758 ImageList_DrawEx
0x48475c ImageList_Replace
0x484760 ImageList_Draw
0x484764 ImageList_GetBkColor
0x484768 ImageList_SetBkColor
0x48476c ImageList_ReplaceIcon
0x484770 ImageList_Add
0x484774 ImageList_SetImageCount
0x484778 ImageList_GetImageCount
0x48477c ImageList_Destroy
0x484780 ImageList_Create
0x484784 InitCommonControls
comdlg32.dll
0x48478c ChooseColorA
0x484790 GetSaveFileNameA
0x484794 GetOpenFileNameA
EAT(Export Address Table) is none