ScreenShot
| Created | 2021.09.02 07:52 | Machine | s1_win7_x6402 |
| Filename | tud.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetect, malware2, Malicious, high confidence, Artemis, Unsafe, Save, confidence, EQAB, Generic@ML, RDML, KjoJnkuSNGEjaEGlJK8uoA, Generic ML PUA, Fareit, Score, Sabsik, BScope, Noon, Static AI, Malicious PE, susgen) | ||
| md5 | ce5d381161004cbbd80eaf1f37089cb2 | ||
| sha256 | b0f43b627353f91afa5e4a9c5eea655f5375e497933a6e37c3c0f8a5a29a2889 | ||
| ssdeep | 12288:uEkuPF5S618CS6qkVdQOHvDc9aGKqa/yAXKQcj2SKI:uE/HS61uyswGKqXAzcR | ||
| imphash | ee4f103a4bbb8328057c2211d7594d0a | ||
| impfuzzy | 96:8cfpHYU3O0MJ4fXhp4U8zS10+Yvbuu2DrSUvK9LVqo1GqEonDwPOQRZI:f3Pkk1QvbuuSrSUvK9RqooqEoEPOQRi | ||
Network IP location
Signature (21cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x48e118 DeleteCriticalSection
0x48e11c LeaveCriticalSection
0x48e120 EnterCriticalSection
0x48e124 InitializeCriticalSection
0x48e128 VirtualFree
0x48e12c VirtualAlloc
0x48e130 LocalFree
0x48e134 LocalAlloc
0x48e138 GetVersion
0x48e13c GetCurrentThreadId
0x48e140 InterlockedDecrement
0x48e144 InterlockedIncrement
0x48e148 VirtualQuery
0x48e14c WideCharToMultiByte
0x48e150 MultiByteToWideChar
0x48e154 lstrlenA
0x48e158 lstrcpynA
0x48e15c LoadLibraryExA
0x48e160 GetThreadLocale
0x48e164 GetStartupInfoA
0x48e168 GetProcAddress
0x48e16c GetModuleHandleA
0x48e170 GetModuleFileNameA
0x48e174 GetLocaleInfoA
0x48e178 GetCommandLineA
0x48e17c FreeLibrary
0x48e180 FindFirstFileA
0x48e184 FindClose
0x48e188 ExitProcess
0x48e18c WriteFile
0x48e190 UnhandledExceptionFilter
0x48e194 RtlUnwind
0x48e198 RaiseException
0x48e19c GetStdHandle
user32.dll
0x48e1a4 GetKeyboardType
0x48e1a8 LoadStringA
0x48e1ac MessageBoxA
0x48e1b0 CharNextA
advapi32.dll
0x48e1b8 RegQueryValueExA
0x48e1bc RegOpenKeyExA
0x48e1c0 RegCloseKey
oleaut32.dll
0x48e1c8 SysFreeString
0x48e1cc SysReAllocStringLen
0x48e1d0 SysAllocStringLen
kernel32.dll
0x48e1d8 TlsSetValue
0x48e1dc TlsGetValue
0x48e1e0 LocalAlloc
0x48e1e4 GetModuleHandleA
advapi32.dll
0x48e1ec RegQueryValueExA
0x48e1f0 RegOpenKeyExA
0x48e1f4 RegCloseKey
kernel32.dll
0x48e1fc lstrcpyA
0x48e200 lstrcmpiA
0x48e204 WriteFile
0x48e208 WaitForSingleObject
0x48e20c VirtualQuery
0x48e210 VirtualProtect
0x48e214 VirtualAlloc
0x48e218 Sleep
0x48e21c SizeofResource
0x48e220 SetThreadLocale
0x48e224 SetFilePointer
0x48e228 SetEvent
0x48e22c SetErrorMode
0x48e230 SetEndOfFile
0x48e234 ResetEvent
0x48e238 ReadFile
0x48e23c MulDiv
0x48e240 LockResource
0x48e244 LoadResource
0x48e248 LoadLibraryA
0x48e24c LeaveCriticalSection
0x48e250 InitializeCriticalSection
0x48e254 GlobalUnlock
0x48e258 GlobalReAlloc
0x48e25c GlobalHandle
0x48e260 GlobalLock
0x48e264 GlobalFree
0x48e268 GlobalFindAtomA
0x48e26c GlobalDeleteAtom
0x48e270 GlobalAlloc
0x48e274 GlobalAddAtomA
0x48e278 GetVersionExA
0x48e27c GetVersion
0x48e280 GetTickCount
0x48e284 GetThreadLocale
0x48e288 GetSystemInfo
0x48e28c GetStringTypeExA
0x48e290 GetStdHandle
0x48e294 GetProcAddress
0x48e298 GetModuleHandleA
0x48e29c GetModuleFileNameA
0x48e2a0 GetLocaleInfoA
0x48e2a4 GetLocalTime
0x48e2a8 GetLastError
0x48e2ac GetFullPathNameA
0x48e2b0 GetDiskFreeSpaceA
0x48e2b4 GetDateFormatA
0x48e2b8 GetCurrentThreadId
0x48e2bc GetCurrentProcessId
0x48e2c0 GetCPInfo
0x48e2c4 GetACP
0x48e2c8 FreeResource
0x48e2cc InterlockedExchange
0x48e2d0 FreeLibrary
0x48e2d4 FormatMessageA
0x48e2d8 FindResourceA
0x48e2dc EnumCalendarInfoA
0x48e2e0 EnterCriticalSection
0x48e2e4 DeleteCriticalSection
0x48e2e8 CreateThread
0x48e2ec CreateFileA
0x48e2f0 CreateEventA
0x48e2f4 CompareStringA
0x48e2f8 CloseHandle
version.dll
0x48e300 VerQueryValueA
0x48e304 GetFileVersionInfoSizeA
0x48e308 GetFileVersionInfoA
gdi32.dll
0x48e310 UnrealizeObject
0x48e314 StretchBlt
0x48e318 SetWindowOrgEx
0x48e31c SetViewportOrgEx
0x48e320 SetTextColor
0x48e324 SetStretchBltMode
0x48e328 SetROP2
0x48e32c SetPixel
0x48e330 SetDIBColorTable
0x48e334 SetBrushOrgEx
0x48e338 SetBkMode
0x48e33c SetBkColor
0x48e340 SelectPalette
0x48e344 SelectObject
0x48e348 SaveDC
0x48e34c RestoreDC
0x48e350 Rectangle
0x48e354 RectVisible
0x48e358 RealizePalette
0x48e35c PatBlt
0x48e360 MoveToEx
0x48e364 MaskBlt
0x48e368 LineTo
0x48e36c IntersectClipRect
0x48e370 GetWindowOrgEx
0x48e374 GetTextMetricsA
0x48e378 GetTextExtentPoint32A
0x48e37c GetTextAlign
0x48e380 GetSystemPaletteEntries
0x48e384 GetStockObject
0x48e388 GetPolyFillMode
0x48e38c GetPixelFormat
0x48e390 GetPixel
0x48e394 GetPaletteEntries
0x48e398 GetObjectA
0x48e39c GetMapMode
0x48e3a0 GetGraphicsMode
0x48e3a4 GetDeviceCaps
0x48e3a8 GetDIBits
0x48e3ac GetDIBColorTable
0x48e3b0 GetDCOrgEx
0x48e3b4 GetDCPenColor
0x48e3b8 GetDCBrushColor
0x48e3bc GetCurrentPositionEx
0x48e3c0 GetClipBox
0x48e3c4 GetBrushOrgEx
0x48e3c8 GetBkMode
0x48e3cc GetBkColor
0x48e3d0 GetBitmapBits
0x48e3d4 GdiFlush
0x48e3d8 ExcludeClipRect
0x48e3dc DeleteObject
0x48e3e0 DeleteDC
0x48e3e4 CreateSolidBrush
0x48e3e8 CreateRectRgn
0x48e3ec CreatePenIndirect
0x48e3f0 CreatePalette
0x48e3f4 CreateHalftonePalette
0x48e3f8 CreateFontIndirectA
0x48e3fc CreateDIBitmap
0x48e400 CreateDIBSection
0x48e404 CreateCompatibleDC
0x48e408 CreateCompatibleBitmap
0x48e40c CreateBrushIndirect
0x48e410 CreateBitmap
0x48e414 CombineRgn
0x48e418 BitBlt
user32.dll
0x48e420 CreateWindowExA
0x48e424 WindowFromPoint
0x48e428 WinHelpA
0x48e42c WaitMessage
0x48e430 UpdateWindow
0x48e434 UnregisterClassA
0x48e438 UnhookWindowsHookEx
0x48e43c TranslateMessage
0x48e440 TranslateMDISysAccel
0x48e444 TrackPopupMenu
0x48e448 SystemParametersInfoA
0x48e44c ShowWindow
0x48e450 ShowScrollBar
0x48e454 ShowOwnedPopups
0x48e458 ShowCursor
0x48e45c SetWindowsHookExA
0x48e460 SetWindowPos
0x48e464 SetWindowPlacement
0x48e468 SetWindowLongA
0x48e46c SetTimer
0x48e470 SetScrollRange
0x48e474 SetScrollPos
0x48e478 SetScrollInfo
0x48e47c SetRect
0x48e480 SetPropA
0x48e484 SetParent
0x48e488 SetMenuItemInfoA
0x48e48c SetMenu
0x48e490 SetForegroundWindow
0x48e494 SetFocus
0x48e498 SetCursor
0x48e49c SetClassLongA
0x48e4a0 SetCapture
0x48e4a4 SetActiveWindow
0x48e4a8 SendMessageA
0x48e4ac ScrollWindow
0x48e4b0 ScreenToClient
0x48e4b4 RemovePropA
0x48e4b8 RemoveMenu
0x48e4bc ReleaseDC
0x48e4c0 ReleaseCapture
0x48e4c4 RegisterWindowMessageA
0x48e4c8 RegisterClipboardFormatA
0x48e4cc RegisterClassA
0x48e4d0 RedrawWindow
0x48e4d4 PtInRect
0x48e4d8 PostQuitMessage
0x48e4dc PostMessageA
0x48e4e0 PeekMessageA
0x48e4e4 OffsetRect
0x48e4e8 OemToCharA
0x48e4ec MessageBoxA
0x48e4f0 MapWindowPoints
0x48e4f4 MapVirtualKeyA
0x48e4f8 LoadStringA
0x48e4fc LoadKeyboardLayoutA
0x48e500 LoadIconA
0x48e504 LoadCursorA
0x48e508 LoadBitmapA
0x48e50c KillTimer
0x48e510 IsZoomed
0x48e514 IsWindowVisible
0x48e518 IsWindowEnabled
0x48e51c IsWindow
0x48e520 IsRectEmpty
0x48e524 IsIconic
0x48e528 IsDialogMessageA
0x48e52c IsChild
0x48e530 InvalidateRect
0x48e534 IntersectRect
0x48e538 InsertMenuItemA
0x48e53c InsertMenuA
0x48e540 InflateRect
0x48e544 GetWindowThreadProcessId
0x48e548 GetWindowTextA
0x48e54c GetWindowRect
0x48e550 GetWindowPlacement
0x48e554 GetWindowLongA
0x48e558 GetWindowDC
0x48e55c GetTopWindow
0x48e560 GetSystemMetrics
0x48e564 GetSystemMenu
0x48e568 GetSysColorBrush
0x48e56c GetSysColor
0x48e570 GetSubMenu
0x48e574 GetScrollRange
0x48e578 GetScrollPos
0x48e57c GetScrollInfo
0x48e580 GetPropA
0x48e584 GetParent
0x48e588 GetWindow
0x48e58c GetMenuStringA
0x48e590 GetMenuState
0x48e594 GetMenuItemInfoA
0x48e598 GetMenuItemID
0x48e59c GetMenuItemCount
0x48e5a0 GetMenu
0x48e5a4 GetLastActivePopup
0x48e5a8 GetKeyboardState
0x48e5ac GetKeyboardLayoutList
0x48e5b0 GetKeyboardLayout
0x48e5b4 GetKeyState
0x48e5b8 GetKeyNameTextA
0x48e5bc GetIconInfo
0x48e5c0 GetForegroundWindow
0x48e5c4 GetFocus
0x48e5c8 GetDesktopWindow
0x48e5cc GetDCEx
0x48e5d0 GetDC
0x48e5d4 GetCursorPos
0x48e5d8 GetCursor
0x48e5dc GetClientRect
0x48e5e0 GetClassNameA
0x48e5e4 GetClassInfoA
0x48e5e8 GetCapture
0x48e5ec GetActiveWindow
0x48e5f0 FrameRect
0x48e5f4 FindWindowA
0x48e5f8 FillRect
0x48e5fc EqualRect
0x48e600 EnumWindows
0x48e604 EnumThreadWindows
0x48e608 EndPaint
0x48e60c EnableWindow
0x48e610 EnableScrollBar
0x48e614 EnableMenuItem
0x48e618 DrawTextA
0x48e61c DrawMenuBar
0x48e620 DrawIconEx
0x48e624 DrawIcon
0x48e628 DrawFrameControl
0x48e62c DrawFocusRect
0x48e630 DrawEdge
0x48e634 DispatchMessageA
0x48e638 DestroyWindow
0x48e63c DestroyMenu
0x48e640 DestroyIcon
0x48e644 DestroyCursor
0x48e648 DeleteMenu
0x48e64c DefWindowProcA
0x48e650 DefMDIChildProcA
0x48e654 DefFrameProcA
0x48e658 CreatePopupMenu
0x48e65c CreateMenu
0x48e660 CreateIcon
0x48e664 ClientToScreen
0x48e668 CheckMenuItem
0x48e66c CallWindowProcA
0x48e670 CallNextHookEx
0x48e674 BeginPaint
0x48e678 CharNextA
0x48e67c CharLowerA
0x48e680 CharToOemA
0x48e684 AdjustWindowRectEx
0x48e688 ActivateKeyboardLayout
kernel32.dll
0x48e690 Sleep
oleaut32.dll
0x48e698 SafeArrayPtrOfIndex
0x48e69c SafeArrayGetUBound
0x48e6a0 SafeArrayGetLBound
0x48e6a4 SafeArrayCreate
0x48e6a8 VariantChangeType
0x48e6ac VariantCopy
0x48e6b0 VariantClear
0x48e6b4 VariantInit
comctl32.dll
0x48e6bc ImageList_SetIconSize
0x48e6c0 ImageList_GetIconSize
0x48e6c4 ImageList_Write
0x48e6c8 ImageList_Read
0x48e6cc ImageList_GetDragImage
0x48e6d0 ImageList_DragShowNolock
0x48e6d4 ImageList_SetDragCursorImage
0x48e6d8 ImageList_DragMove
0x48e6dc ImageList_DragLeave
0x48e6e0 ImageList_DragEnter
0x48e6e4 ImageList_EndDrag
0x48e6e8 ImageList_BeginDrag
0x48e6ec ImageList_Remove
0x48e6f0 ImageList_DrawEx
0x48e6f4 ImageList_Replace
0x48e6f8 ImageList_Draw
0x48e6fc ImageList_GetBkColor
0x48e700 ImageList_SetBkColor
0x48e704 ImageList_ReplaceIcon
0x48e708 ImageList_Add
0x48e70c ImageList_SetImageCount
0x48e710 ImageList_GetImageCount
0x48e714 ImageList_Destroy
0x48e718 ImageList_Create
EAT(Export Address Table) is none
kernel32.dll
0x48e118 DeleteCriticalSection
0x48e11c LeaveCriticalSection
0x48e120 EnterCriticalSection
0x48e124 InitializeCriticalSection
0x48e128 VirtualFree
0x48e12c VirtualAlloc
0x48e130 LocalFree
0x48e134 LocalAlloc
0x48e138 GetVersion
0x48e13c GetCurrentThreadId
0x48e140 InterlockedDecrement
0x48e144 InterlockedIncrement
0x48e148 VirtualQuery
0x48e14c WideCharToMultiByte
0x48e150 MultiByteToWideChar
0x48e154 lstrlenA
0x48e158 lstrcpynA
0x48e15c LoadLibraryExA
0x48e160 GetThreadLocale
0x48e164 GetStartupInfoA
0x48e168 GetProcAddress
0x48e16c GetModuleHandleA
0x48e170 GetModuleFileNameA
0x48e174 GetLocaleInfoA
0x48e178 GetCommandLineA
0x48e17c FreeLibrary
0x48e180 FindFirstFileA
0x48e184 FindClose
0x48e188 ExitProcess
0x48e18c WriteFile
0x48e190 UnhandledExceptionFilter
0x48e194 RtlUnwind
0x48e198 RaiseException
0x48e19c GetStdHandle
user32.dll
0x48e1a4 GetKeyboardType
0x48e1a8 LoadStringA
0x48e1ac MessageBoxA
0x48e1b0 CharNextA
advapi32.dll
0x48e1b8 RegQueryValueExA
0x48e1bc RegOpenKeyExA
0x48e1c0 RegCloseKey
oleaut32.dll
0x48e1c8 SysFreeString
0x48e1cc SysReAllocStringLen
0x48e1d0 SysAllocStringLen
kernel32.dll
0x48e1d8 TlsSetValue
0x48e1dc TlsGetValue
0x48e1e0 LocalAlloc
0x48e1e4 GetModuleHandleA
advapi32.dll
0x48e1ec RegQueryValueExA
0x48e1f0 RegOpenKeyExA
0x48e1f4 RegCloseKey
kernel32.dll
0x48e1fc lstrcpyA
0x48e200 lstrcmpiA
0x48e204 WriteFile
0x48e208 WaitForSingleObject
0x48e20c VirtualQuery
0x48e210 VirtualProtect
0x48e214 VirtualAlloc
0x48e218 Sleep
0x48e21c SizeofResource
0x48e220 SetThreadLocale
0x48e224 SetFilePointer
0x48e228 SetEvent
0x48e22c SetErrorMode
0x48e230 SetEndOfFile
0x48e234 ResetEvent
0x48e238 ReadFile
0x48e23c MulDiv
0x48e240 LockResource
0x48e244 LoadResource
0x48e248 LoadLibraryA
0x48e24c LeaveCriticalSection
0x48e250 InitializeCriticalSection
0x48e254 GlobalUnlock
0x48e258 GlobalReAlloc
0x48e25c GlobalHandle
0x48e260 GlobalLock
0x48e264 GlobalFree
0x48e268 GlobalFindAtomA
0x48e26c GlobalDeleteAtom
0x48e270 GlobalAlloc
0x48e274 GlobalAddAtomA
0x48e278 GetVersionExA
0x48e27c GetVersion
0x48e280 GetTickCount
0x48e284 GetThreadLocale
0x48e288 GetSystemInfo
0x48e28c GetStringTypeExA
0x48e290 GetStdHandle
0x48e294 GetProcAddress
0x48e298 GetModuleHandleA
0x48e29c GetModuleFileNameA
0x48e2a0 GetLocaleInfoA
0x48e2a4 GetLocalTime
0x48e2a8 GetLastError
0x48e2ac GetFullPathNameA
0x48e2b0 GetDiskFreeSpaceA
0x48e2b4 GetDateFormatA
0x48e2b8 GetCurrentThreadId
0x48e2bc GetCurrentProcessId
0x48e2c0 GetCPInfo
0x48e2c4 GetACP
0x48e2c8 FreeResource
0x48e2cc InterlockedExchange
0x48e2d0 FreeLibrary
0x48e2d4 FormatMessageA
0x48e2d8 FindResourceA
0x48e2dc EnumCalendarInfoA
0x48e2e0 EnterCriticalSection
0x48e2e4 DeleteCriticalSection
0x48e2e8 CreateThread
0x48e2ec CreateFileA
0x48e2f0 CreateEventA
0x48e2f4 CompareStringA
0x48e2f8 CloseHandle
version.dll
0x48e300 VerQueryValueA
0x48e304 GetFileVersionInfoSizeA
0x48e308 GetFileVersionInfoA
gdi32.dll
0x48e310 UnrealizeObject
0x48e314 StretchBlt
0x48e318 SetWindowOrgEx
0x48e31c SetViewportOrgEx
0x48e320 SetTextColor
0x48e324 SetStretchBltMode
0x48e328 SetROP2
0x48e32c SetPixel
0x48e330 SetDIBColorTable
0x48e334 SetBrushOrgEx
0x48e338 SetBkMode
0x48e33c SetBkColor
0x48e340 SelectPalette
0x48e344 SelectObject
0x48e348 SaveDC
0x48e34c RestoreDC
0x48e350 Rectangle
0x48e354 RectVisible
0x48e358 RealizePalette
0x48e35c PatBlt
0x48e360 MoveToEx
0x48e364 MaskBlt
0x48e368 LineTo
0x48e36c IntersectClipRect
0x48e370 GetWindowOrgEx
0x48e374 GetTextMetricsA
0x48e378 GetTextExtentPoint32A
0x48e37c GetTextAlign
0x48e380 GetSystemPaletteEntries
0x48e384 GetStockObject
0x48e388 GetPolyFillMode
0x48e38c GetPixelFormat
0x48e390 GetPixel
0x48e394 GetPaletteEntries
0x48e398 GetObjectA
0x48e39c GetMapMode
0x48e3a0 GetGraphicsMode
0x48e3a4 GetDeviceCaps
0x48e3a8 GetDIBits
0x48e3ac GetDIBColorTable
0x48e3b0 GetDCOrgEx
0x48e3b4 GetDCPenColor
0x48e3b8 GetDCBrushColor
0x48e3bc GetCurrentPositionEx
0x48e3c0 GetClipBox
0x48e3c4 GetBrushOrgEx
0x48e3c8 GetBkMode
0x48e3cc GetBkColor
0x48e3d0 GetBitmapBits
0x48e3d4 GdiFlush
0x48e3d8 ExcludeClipRect
0x48e3dc DeleteObject
0x48e3e0 DeleteDC
0x48e3e4 CreateSolidBrush
0x48e3e8 CreateRectRgn
0x48e3ec CreatePenIndirect
0x48e3f0 CreatePalette
0x48e3f4 CreateHalftonePalette
0x48e3f8 CreateFontIndirectA
0x48e3fc CreateDIBitmap
0x48e400 CreateDIBSection
0x48e404 CreateCompatibleDC
0x48e408 CreateCompatibleBitmap
0x48e40c CreateBrushIndirect
0x48e410 CreateBitmap
0x48e414 CombineRgn
0x48e418 BitBlt
user32.dll
0x48e420 CreateWindowExA
0x48e424 WindowFromPoint
0x48e428 WinHelpA
0x48e42c WaitMessage
0x48e430 UpdateWindow
0x48e434 UnregisterClassA
0x48e438 UnhookWindowsHookEx
0x48e43c TranslateMessage
0x48e440 TranslateMDISysAccel
0x48e444 TrackPopupMenu
0x48e448 SystemParametersInfoA
0x48e44c ShowWindow
0x48e450 ShowScrollBar
0x48e454 ShowOwnedPopups
0x48e458 ShowCursor
0x48e45c SetWindowsHookExA
0x48e460 SetWindowPos
0x48e464 SetWindowPlacement
0x48e468 SetWindowLongA
0x48e46c SetTimer
0x48e470 SetScrollRange
0x48e474 SetScrollPos
0x48e478 SetScrollInfo
0x48e47c SetRect
0x48e480 SetPropA
0x48e484 SetParent
0x48e488 SetMenuItemInfoA
0x48e48c SetMenu
0x48e490 SetForegroundWindow
0x48e494 SetFocus
0x48e498 SetCursor
0x48e49c SetClassLongA
0x48e4a0 SetCapture
0x48e4a4 SetActiveWindow
0x48e4a8 SendMessageA
0x48e4ac ScrollWindow
0x48e4b0 ScreenToClient
0x48e4b4 RemovePropA
0x48e4b8 RemoveMenu
0x48e4bc ReleaseDC
0x48e4c0 ReleaseCapture
0x48e4c4 RegisterWindowMessageA
0x48e4c8 RegisterClipboardFormatA
0x48e4cc RegisterClassA
0x48e4d0 RedrawWindow
0x48e4d4 PtInRect
0x48e4d8 PostQuitMessage
0x48e4dc PostMessageA
0x48e4e0 PeekMessageA
0x48e4e4 OffsetRect
0x48e4e8 OemToCharA
0x48e4ec MessageBoxA
0x48e4f0 MapWindowPoints
0x48e4f4 MapVirtualKeyA
0x48e4f8 LoadStringA
0x48e4fc LoadKeyboardLayoutA
0x48e500 LoadIconA
0x48e504 LoadCursorA
0x48e508 LoadBitmapA
0x48e50c KillTimer
0x48e510 IsZoomed
0x48e514 IsWindowVisible
0x48e518 IsWindowEnabled
0x48e51c IsWindow
0x48e520 IsRectEmpty
0x48e524 IsIconic
0x48e528 IsDialogMessageA
0x48e52c IsChild
0x48e530 InvalidateRect
0x48e534 IntersectRect
0x48e538 InsertMenuItemA
0x48e53c InsertMenuA
0x48e540 InflateRect
0x48e544 GetWindowThreadProcessId
0x48e548 GetWindowTextA
0x48e54c GetWindowRect
0x48e550 GetWindowPlacement
0x48e554 GetWindowLongA
0x48e558 GetWindowDC
0x48e55c GetTopWindow
0x48e560 GetSystemMetrics
0x48e564 GetSystemMenu
0x48e568 GetSysColorBrush
0x48e56c GetSysColor
0x48e570 GetSubMenu
0x48e574 GetScrollRange
0x48e578 GetScrollPos
0x48e57c GetScrollInfo
0x48e580 GetPropA
0x48e584 GetParent
0x48e588 GetWindow
0x48e58c GetMenuStringA
0x48e590 GetMenuState
0x48e594 GetMenuItemInfoA
0x48e598 GetMenuItemID
0x48e59c GetMenuItemCount
0x48e5a0 GetMenu
0x48e5a4 GetLastActivePopup
0x48e5a8 GetKeyboardState
0x48e5ac GetKeyboardLayoutList
0x48e5b0 GetKeyboardLayout
0x48e5b4 GetKeyState
0x48e5b8 GetKeyNameTextA
0x48e5bc GetIconInfo
0x48e5c0 GetForegroundWindow
0x48e5c4 GetFocus
0x48e5c8 GetDesktopWindow
0x48e5cc GetDCEx
0x48e5d0 GetDC
0x48e5d4 GetCursorPos
0x48e5d8 GetCursor
0x48e5dc GetClientRect
0x48e5e0 GetClassNameA
0x48e5e4 GetClassInfoA
0x48e5e8 GetCapture
0x48e5ec GetActiveWindow
0x48e5f0 FrameRect
0x48e5f4 FindWindowA
0x48e5f8 FillRect
0x48e5fc EqualRect
0x48e600 EnumWindows
0x48e604 EnumThreadWindows
0x48e608 EndPaint
0x48e60c EnableWindow
0x48e610 EnableScrollBar
0x48e614 EnableMenuItem
0x48e618 DrawTextA
0x48e61c DrawMenuBar
0x48e620 DrawIconEx
0x48e624 DrawIcon
0x48e628 DrawFrameControl
0x48e62c DrawFocusRect
0x48e630 DrawEdge
0x48e634 DispatchMessageA
0x48e638 DestroyWindow
0x48e63c DestroyMenu
0x48e640 DestroyIcon
0x48e644 DestroyCursor
0x48e648 DeleteMenu
0x48e64c DefWindowProcA
0x48e650 DefMDIChildProcA
0x48e654 DefFrameProcA
0x48e658 CreatePopupMenu
0x48e65c CreateMenu
0x48e660 CreateIcon
0x48e664 ClientToScreen
0x48e668 CheckMenuItem
0x48e66c CallWindowProcA
0x48e670 CallNextHookEx
0x48e674 BeginPaint
0x48e678 CharNextA
0x48e67c CharLowerA
0x48e680 CharToOemA
0x48e684 AdjustWindowRectEx
0x48e688 ActivateKeyboardLayout
kernel32.dll
0x48e690 Sleep
oleaut32.dll
0x48e698 SafeArrayPtrOfIndex
0x48e69c SafeArrayGetUBound
0x48e6a0 SafeArrayGetLBound
0x48e6a4 SafeArrayCreate
0x48e6a8 VariantChangeType
0x48e6ac VariantCopy
0x48e6b0 VariantClear
0x48e6b4 VariantInit
comctl32.dll
0x48e6bc ImageList_SetIconSize
0x48e6c0 ImageList_GetIconSize
0x48e6c4 ImageList_Write
0x48e6c8 ImageList_Read
0x48e6cc ImageList_GetDragImage
0x48e6d0 ImageList_DragShowNolock
0x48e6d4 ImageList_SetDragCursorImage
0x48e6d8 ImageList_DragMove
0x48e6dc ImageList_DragLeave
0x48e6e0 ImageList_DragEnter
0x48e6e4 ImageList_EndDrag
0x48e6e8 ImageList_BeginDrag
0x48e6ec ImageList_Remove
0x48e6f0 ImageList_DrawEx
0x48e6f4 ImageList_Replace
0x48e6f8 ImageList_Draw
0x48e6fc ImageList_GetBkColor
0x48e700 ImageList_SetBkColor
0x48e704 ImageList_ReplaceIcon
0x48e708 ImageList_Add
0x48e70c ImageList_SetImageCount
0x48e710 ImageList_GetImageCount
0x48e714 ImageList_Destroy
0x48e718 ImageList_Create
EAT(Export Address Table) is none