ScreenShot
| Created | 2021.09.03 17:21 | Machine | s1_win7_x6401 |
| Filename | tito.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware1, Malicious, high confidence, score, confidence, GenKryptik, FJYD, Generic ML PUA, Static AI, Suspicious PE, kcloud, DelfInject, BScope, Diple, Unsafe, susgen) | ||
| md5 | 7c8efbe367f82fb25ec6c42479a64a25 | ||
| sha256 | 31d59daddd21ce0c7d8af7d24a16d54e3c5bd4b3b3adbd772de05177b7812059 | ||
| ssdeep | 12288:wyL+XIUEkt8A+CSspygap6vXD85pzM4ecXgin8IXY:jS4Tkt7gsHamDqpzMlcQi8Q | ||
| imphash | 4469230dadf10434edb28a90c2a5b8fd | ||
| impfuzzy | 192:o13MDbuuaxSUvK9kso1XE7ZyG1Q+POQrE:C3maq9u81vPOQrE | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (38cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4aa720 SysFreeString
0x4aa724 SysReAllocStringLen
0x4aa728 SysAllocStringLen
advapi32.dll
0x4aa730 RegQueryValueExA
0x4aa734 RegOpenKeyExA
0x4aa738 RegCloseKey
user32.dll
0x4aa740 GetKeyboardType
0x4aa744 DestroyWindow
0x4aa748 LoadStringA
0x4aa74c MessageBoxA
0x4aa750 CharNextA
kernel32.dll
0x4aa758 GetACP
0x4aa75c Sleep
0x4aa760 VirtualFree
0x4aa764 VirtualAlloc
0x4aa768 GetCurrentThreadId
0x4aa76c InterlockedDecrement
0x4aa770 InterlockedIncrement
0x4aa774 VirtualQuery
0x4aa778 WideCharToMultiByte
0x4aa77c MultiByteToWideChar
0x4aa780 lstrlenA
0x4aa784 lstrcpynA
0x4aa788 LoadLibraryExA
0x4aa78c GetThreadLocale
0x4aa790 GetStartupInfoA
0x4aa794 GetProcAddress
0x4aa798 GetModuleHandleA
0x4aa79c GetModuleFileNameA
0x4aa7a0 GetLocaleInfoA
0x4aa7a4 GetCommandLineA
0x4aa7a8 FreeLibrary
0x4aa7ac FindFirstFileA
0x4aa7b0 FindClose
0x4aa7b4 ExitProcess
0x4aa7b8 CompareStringA
0x4aa7bc WriteFile
0x4aa7c0 UnhandledExceptionFilter
0x4aa7c4 RtlUnwind
0x4aa7c8 RaiseException
0x4aa7cc GetStdHandle
kernel32.dll
0x4aa7d4 TlsSetValue
0x4aa7d8 TlsGetValue
0x4aa7dc LocalAlloc
0x4aa7e0 GetModuleHandleA
user32.dll
0x4aa7e8 CreateWindowExA
0x4aa7ec WindowFromPoint
0x4aa7f0 WaitMessage
0x4aa7f4 UpdateWindow
0x4aa7f8 UnregisterClassA
0x4aa7fc UnhookWindowsHookEx
0x4aa800 TranslateMessage
0x4aa804 TranslateMDISysAccel
0x4aa808 TrackPopupMenu
0x4aa80c SystemParametersInfoA
0x4aa810 ShowWindow
0x4aa814 ShowScrollBar
0x4aa818 ShowOwnedPopups
0x4aa81c SetWindowsHookExA
0x4aa820 SetWindowTextA
0x4aa824 SetWindowPos
0x4aa828 SetWindowPlacement
0x4aa82c SetWindowLongW
0x4aa830 SetWindowLongA
0x4aa834 SetTimer
0x4aa838 SetScrollRange
0x4aa83c SetScrollPos
0x4aa840 SetScrollInfo
0x4aa844 SetRect
0x4aa848 SetPropA
0x4aa84c SetParent
0x4aa850 SetMenuItemInfoA
0x4aa854 SetMenu
0x4aa858 SetForegroundWindow
0x4aa85c SetFocus
0x4aa860 SetCursor
0x4aa864 SetClassLongA
0x4aa868 SetCapture
0x4aa86c SetActiveWindow
0x4aa870 SendMessageW
0x4aa874 SendMessageA
0x4aa878 ScrollWindow
0x4aa87c ScreenToClient
0x4aa880 RemovePropA
0x4aa884 RemoveMenu
0x4aa888 ReleaseDC
0x4aa88c ReleaseCapture
0x4aa890 RegisterWindowMessageA
0x4aa894 RegisterClipboardFormatA
0x4aa898 RegisterClassA
0x4aa89c RedrawWindow
0x4aa8a0 PtInRect
0x4aa8a4 PostQuitMessage
0x4aa8a8 PostMessageA
0x4aa8ac PeekMessageW
0x4aa8b0 PeekMessageA
0x4aa8b4 OffsetRect
0x4aa8b8 OemToCharA
0x4aa8bc MessageBoxA
0x4aa8c0 MapWindowPoints
0x4aa8c4 MapVirtualKeyA
0x4aa8c8 LoadStringA
0x4aa8cc LoadKeyboardLayoutA
0x4aa8d0 LoadIconA
0x4aa8d4 LoadCursorA
0x4aa8d8 LoadBitmapA
0x4aa8dc KillTimer
0x4aa8e0 IsZoomed
0x4aa8e4 IsWindowVisible
0x4aa8e8 IsWindowUnicode
0x4aa8ec IsWindowEnabled
0x4aa8f0 IsWindow
0x4aa8f4 IsRectEmpty
0x4aa8f8 IsIconic
0x4aa8fc IsDialogMessageW
0x4aa900 IsDialogMessageA
0x4aa904 IsChild
0x4aa908 InvalidateRect
0x4aa90c IntersectRect
0x4aa910 InsertMenuItemA
0x4aa914 InsertMenuA
0x4aa918 InflateRect
0x4aa91c GetWindowThreadProcessId
0x4aa920 GetWindowTextA
0x4aa924 GetWindowRect
0x4aa928 GetWindowPlacement
0x4aa92c GetWindowLongW
0x4aa930 GetWindowLongA
0x4aa934 GetWindowDC
0x4aa938 GetTopWindow
0x4aa93c GetSystemMetrics
0x4aa940 GetSystemMenu
0x4aa944 GetSysColorBrush
0x4aa948 GetSysColor
0x4aa94c GetSubMenu
0x4aa950 GetScrollRange
0x4aa954 GetScrollPos
0x4aa958 GetScrollInfo
0x4aa95c GetPropA
0x4aa960 GetParent
0x4aa964 GetWindow
0x4aa968 GetMessagePos
0x4aa96c GetMenuStringA
0x4aa970 GetMenuState
0x4aa974 GetMenuItemInfoA
0x4aa978 GetMenuItemID
0x4aa97c GetMenuItemCount
0x4aa980 GetMenu
0x4aa984 GetLastActivePopup
0x4aa988 GetKeyboardState
0x4aa98c GetKeyboardLayoutNameA
0x4aa990 GetKeyboardLayoutList
0x4aa994 GetKeyboardLayout
0x4aa998 GetKeyState
0x4aa99c GetKeyNameTextA
0x4aa9a0 GetIconInfo
0x4aa9a4 GetForegroundWindow
0x4aa9a8 GetFocus
0x4aa9ac GetDesktopWindow
0x4aa9b0 GetDCEx
0x4aa9b4 GetDC
0x4aa9b8 GetCursorPos
0x4aa9bc GetCursor
0x4aa9c0 GetClientRect
0x4aa9c4 GetClassLongA
0x4aa9c8 GetClassInfoA
0x4aa9cc GetCapture
0x4aa9d0 GetActiveWindow
0x4aa9d4 FrameRect
0x4aa9d8 FindWindowA
0x4aa9dc FillRect
0x4aa9e0 EqualRect
0x4aa9e4 EnumWindows
0x4aa9e8 EnumThreadWindows
0x4aa9ec EnumChildWindows
0x4aa9f0 EndPaint
0x4aa9f4 EnableWindow
0x4aa9f8 EnableScrollBar
0x4aa9fc EnableMenuItem
0x4aaa00 DrawTextA
0x4aaa04 DrawMenuBar
0x4aaa08 DrawIconEx
0x4aaa0c DrawIcon
0x4aaa10 DrawFrameControl
0x4aaa14 DrawFocusRect
0x4aaa18 DrawEdge
0x4aaa1c DispatchMessageW
0x4aaa20 DispatchMessageA
0x4aaa24 DestroyWindow
0x4aaa28 DestroyMenu
0x4aaa2c DestroyIcon
0x4aaa30 DestroyCursor
0x4aaa34 DeleteMenu
0x4aaa38 DefWindowProcA
0x4aaa3c DefMDIChildProcA
0x4aaa40 DefFrameProcA
0x4aaa44 CreatePopupMenu
0x4aaa48 CreateMenu
0x4aaa4c CreateIcon
0x4aaa50 ClientToScreen
0x4aaa54 CheckMenuItem
0x4aaa58 CallWindowProcA
0x4aaa5c CallNextHookEx
0x4aaa60 BeginPaint
0x4aaa64 CharNextA
0x4aaa68 CharLowerA
0x4aaa6c CharToOemA
0x4aaa70 AdjustWindowRectEx
0x4aaa74 ActivateKeyboardLayout
gdi32.dll
0x4aaa7c UnrealizeObject
0x4aaa80 StretchBlt
0x4aaa84 SetWindowOrgEx
0x4aaa88 SetViewportOrgEx
0x4aaa8c SetTextColor
0x4aaa90 SetStretchBltMode
0x4aaa94 SetROP2
0x4aaa98 SetPixel
0x4aaa9c SetDIBColorTable
0x4aaaa0 SetBrushOrgEx
0x4aaaa4 SetBkMode
0x4aaaa8 SetBkColor
0x4aaaac SelectPalette
0x4aaab0 SelectObject
0x4aaab4 SelectClipRgn
0x4aaab8 SaveDC
0x4aaabc RestoreDC
0x4aaac0 RectVisible
0x4aaac4 RealizePalette
0x4aaac8 PatBlt
0x4aaacc MoveToEx
0x4aaad0 MaskBlt
0x4aaad4 LineTo
0x4aaad8 IntersectClipRect
0x4aaadc GetWindowOrgEx
0x4aaae0 GetTextMetricsA
0x4aaae4 GetTextExtentPoint32A
0x4aaae8 GetTextAlign
0x4aaaec GetSystemPaletteEntries
0x4aaaf0 GetStockObject
0x4aaaf4 GetRgnBox
0x4aaaf8 GetROP2
0x4aaafc GetPolyFillMode
0x4aab00 GetPixelFormat
0x4aab04 GetPixel
0x4aab08 GetPaletteEntries
0x4aab0c GetObjectA
0x4aab10 GetMapMode
0x4aab14 GetGraphicsMode
0x4aab18 GetDeviceCaps
0x4aab1c GetDIBits
0x4aab20 GetDIBColorTable
0x4aab24 GetDCOrgEx
0x4aab28 GetDCPenColor
0x4aab2c GetDCBrushColor
0x4aab30 GetCurrentPositionEx
0x4aab34 GetClipBox
0x4aab38 GetBrushOrgEx
0x4aab3c GetBkMode
0x4aab40 GetBkColor
0x4aab44 GetBitmapBits
0x4aab48 ExtTextOutA
0x4aab4c ExcludeClipRect
0x4aab50 EnumFontFamiliesExA
0x4aab54 DeleteObject
0x4aab58 DeleteDC
0x4aab5c CreateSolidBrush
0x4aab60 CreatePenIndirect
0x4aab64 CreatePalette
0x4aab68 CreateHalftonePalette
0x4aab6c CreateFontIndirectA
0x4aab70 CreateDIBitmap
0x4aab74 CreateDIBSection
0x4aab78 CreateCompatibleDC
0x4aab7c CreateCompatibleBitmap
0x4aab80 CreateBrushIndirect
0x4aab84 CreateBitmap
0x4aab88 BitBlt
version.dll
0x4aab90 VerQueryValueA
0x4aab94 GetFileVersionInfoSizeA
0x4aab98 GetFileVersionInfoA
kernel32.dll
0x4aaba0 lstrcpyA
0x4aaba4 WriteFile
0x4aaba8 WaitForSingleObject
0x4aabac VirtualQuery
0x4aabb0 VirtualProtect
0x4aabb4 VirtualAlloc
0x4aabb8 SizeofResource
0x4aabbc SetThreadLocale
0x4aabc0 SetFilePointer
0x4aabc4 SetEvent
0x4aabc8 SetErrorMode
0x4aabcc SetEndOfFile
0x4aabd0 ResetEvent
0x4aabd4 ReadFile
0x4aabd8 MulDiv
0x4aabdc LockResource
0x4aabe0 LoadResource
0x4aabe4 LoadLibraryA
0x4aabe8 LeaveCriticalSection
0x4aabec InitializeCriticalSection
0x4aabf0 GlobalFindAtomA
0x4aabf4 GlobalDeleteAtom
0x4aabf8 GlobalAddAtomA
0x4aabfc GetVersionExA
0x4aac00 GetVersion
0x4aac04 GetTickCount
0x4aac08 GetThreadLocale
0x4aac0c GetStdHandle
0x4aac10 GetProcAddress
0x4aac14 GetModuleHandleA
0x4aac18 GetModuleFileNameA
0x4aac1c GetLocaleInfoA
0x4aac20 GetLocalTime
0x4aac24 GetLastError
0x4aac28 GetFullPathNameA
0x4aac2c GetDiskFreeSpaceA
0x4aac30 GetDateFormatA
0x4aac34 GetCurrentThreadId
0x4aac38 GetCurrentProcessId
0x4aac3c GetCPInfo
0x4aac40 FreeResource
0x4aac44 InterlockedExchange
0x4aac48 FreeLibrary
0x4aac4c FormatMessageA
0x4aac50 FindResourceA
0x4aac54 EnumCalendarInfoA
0x4aac58 EnterCriticalSection
0x4aac5c DeleteCriticalSection
0x4aac60 CreateThread
0x4aac64 CreateFileA
0x4aac68 CreateEventA
0x4aac6c CompareStringA
0x4aac70 CloseHandle
advapi32.dll
0x4aac78 RegQueryValueExA
0x4aac7c RegOpenKeyExA
0x4aac80 RegFlushKey
0x4aac84 RegCloseKey
kernel32.dll
0x4aac8c Sleep
oleaut32.dll
0x4aac94 SafeArrayPtrOfIndex
0x4aac98 SafeArrayGetUBound
0x4aac9c SafeArrayGetLBound
0x4aaca0 SafeArrayCreate
0x4aaca4 VariantChangeType
0x4aaca8 VariantCopy
0x4aacac VariantClear
0x4aacb0 VariantInit
comctl32.dll
0x4aacb8 _TrackMouseEvent
0x4aacbc ImageList_SetIconSize
0x4aacc0 ImageList_GetIconSize
0x4aacc4 ImageList_Write
0x4aacc8 ImageList_Read
0x4aaccc ImageList_DragShowNolock
0x4aacd0 ImageList_DragMove
0x4aacd4 ImageList_DragLeave
0x4aacd8 ImageList_DragEnter
0x4aacdc ImageList_EndDrag
0x4aace0 ImageList_BeginDrag
0x4aace4 ImageList_Remove
0x4aace8 ImageList_DrawEx
0x4aacec ImageList_Draw
0x4aacf0 ImageList_GetBkColor
0x4aacf4 ImageList_SetBkColor
0x4aacf8 ImageList_Add
0x4aacfc ImageList_GetImageCount
0x4aad00 ImageList_Destroy
0x4aad04 ImageList_Create
comdlg32.dll
0x4aad0c ChooseColorA
EAT(Export Address Table) is none
oleaut32.dll
0x4aa720 SysFreeString
0x4aa724 SysReAllocStringLen
0x4aa728 SysAllocStringLen
advapi32.dll
0x4aa730 RegQueryValueExA
0x4aa734 RegOpenKeyExA
0x4aa738 RegCloseKey
user32.dll
0x4aa740 GetKeyboardType
0x4aa744 DestroyWindow
0x4aa748 LoadStringA
0x4aa74c MessageBoxA
0x4aa750 CharNextA
kernel32.dll
0x4aa758 GetACP
0x4aa75c Sleep
0x4aa760 VirtualFree
0x4aa764 VirtualAlloc
0x4aa768 GetCurrentThreadId
0x4aa76c InterlockedDecrement
0x4aa770 InterlockedIncrement
0x4aa774 VirtualQuery
0x4aa778 WideCharToMultiByte
0x4aa77c MultiByteToWideChar
0x4aa780 lstrlenA
0x4aa784 lstrcpynA
0x4aa788 LoadLibraryExA
0x4aa78c GetThreadLocale
0x4aa790 GetStartupInfoA
0x4aa794 GetProcAddress
0x4aa798 GetModuleHandleA
0x4aa79c GetModuleFileNameA
0x4aa7a0 GetLocaleInfoA
0x4aa7a4 GetCommandLineA
0x4aa7a8 FreeLibrary
0x4aa7ac FindFirstFileA
0x4aa7b0 FindClose
0x4aa7b4 ExitProcess
0x4aa7b8 CompareStringA
0x4aa7bc WriteFile
0x4aa7c0 UnhandledExceptionFilter
0x4aa7c4 RtlUnwind
0x4aa7c8 RaiseException
0x4aa7cc GetStdHandle
kernel32.dll
0x4aa7d4 TlsSetValue
0x4aa7d8 TlsGetValue
0x4aa7dc LocalAlloc
0x4aa7e0 GetModuleHandleA
user32.dll
0x4aa7e8 CreateWindowExA
0x4aa7ec WindowFromPoint
0x4aa7f0 WaitMessage
0x4aa7f4 UpdateWindow
0x4aa7f8 UnregisterClassA
0x4aa7fc UnhookWindowsHookEx
0x4aa800 TranslateMessage
0x4aa804 TranslateMDISysAccel
0x4aa808 TrackPopupMenu
0x4aa80c SystemParametersInfoA
0x4aa810 ShowWindow
0x4aa814 ShowScrollBar
0x4aa818 ShowOwnedPopups
0x4aa81c SetWindowsHookExA
0x4aa820 SetWindowTextA
0x4aa824 SetWindowPos
0x4aa828 SetWindowPlacement
0x4aa82c SetWindowLongW
0x4aa830 SetWindowLongA
0x4aa834 SetTimer
0x4aa838 SetScrollRange
0x4aa83c SetScrollPos
0x4aa840 SetScrollInfo
0x4aa844 SetRect
0x4aa848 SetPropA
0x4aa84c SetParent
0x4aa850 SetMenuItemInfoA
0x4aa854 SetMenu
0x4aa858 SetForegroundWindow
0x4aa85c SetFocus
0x4aa860 SetCursor
0x4aa864 SetClassLongA
0x4aa868 SetCapture
0x4aa86c SetActiveWindow
0x4aa870 SendMessageW
0x4aa874 SendMessageA
0x4aa878 ScrollWindow
0x4aa87c ScreenToClient
0x4aa880 RemovePropA
0x4aa884 RemoveMenu
0x4aa888 ReleaseDC
0x4aa88c ReleaseCapture
0x4aa890 RegisterWindowMessageA
0x4aa894 RegisterClipboardFormatA
0x4aa898 RegisterClassA
0x4aa89c RedrawWindow
0x4aa8a0 PtInRect
0x4aa8a4 PostQuitMessage
0x4aa8a8 PostMessageA
0x4aa8ac PeekMessageW
0x4aa8b0 PeekMessageA
0x4aa8b4 OffsetRect
0x4aa8b8 OemToCharA
0x4aa8bc MessageBoxA
0x4aa8c0 MapWindowPoints
0x4aa8c4 MapVirtualKeyA
0x4aa8c8 LoadStringA
0x4aa8cc LoadKeyboardLayoutA
0x4aa8d0 LoadIconA
0x4aa8d4 LoadCursorA
0x4aa8d8 LoadBitmapA
0x4aa8dc KillTimer
0x4aa8e0 IsZoomed
0x4aa8e4 IsWindowVisible
0x4aa8e8 IsWindowUnicode
0x4aa8ec IsWindowEnabled
0x4aa8f0 IsWindow
0x4aa8f4 IsRectEmpty
0x4aa8f8 IsIconic
0x4aa8fc IsDialogMessageW
0x4aa900 IsDialogMessageA
0x4aa904 IsChild
0x4aa908 InvalidateRect
0x4aa90c IntersectRect
0x4aa910 InsertMenuItemA
0x4aa914 InsertMenuA
0x4aa918 InflateRect
0x4aa91c GetWindowThreadProcessId
0x4aa920 GetWindowTextA
0x4aa924 GetWindowRect
0x4aa928 GetWindowPlacement
0x4aa92c GetWindowLongW
0x4aa930 GetWindowLongA
0x4aa934 GetWindowDC
0x4aa938 GetTopWindow
0x4aa93c GetSystemMetrics
0x4aa940 GetSystemMenu
0x4aa944 GetSysColorBrush
0x4aa948 GetSysColor
0x4aa94c GetSubMenu
0x4aa950 GetScrollRange
0x4aa954 GetScrollPos
0x4aa958 GetScrollInfo
0x4aa95c GetPropA
0x4aa960 GetParent
0x4aa964 GetWindow
0x4aa968 GetMessagePos
0x4aa96c GetMenuStringA
0x4aa970 GetMenuState
0x4aa974 GetMenuItemInfoA
0x4aa978 GetMenuItemID
0x4aa97c GetMenuItemCount
0x4aa980 GetMenu
0x4aa984 GetLastActivePopup
0x4aa988 GetKeyboardState
0x4aa98c GetKeyboardLayoutNameA
0x4aa990 GetKeyboardLayoutList
0x4aa994 GetKeyboardLayout
0x4aa998 GetKeyState
0x4aa99c GetKeyNameTextA
0x4aa9a0 GetIconInfo
0x4aa9a4 GetForegroundWindow
0x4aa9a8 GetFocus
0x4aa9ac GetDesktopWindow
0x4aa9b0 GetDCEx
0x4aa9b4 GetDC
0x4aa9b8 GetCursorPos
0x4aa9bc GetCursor
0x4aa9c0 GetClientRect
0x4aa9c4 GetClassLongA
0x4aa9c8 GetClassInfoA
0x4aa9cc GetCapture
0x4aa9d0 GetActiveWindow
0x4aa9d4 FrameRect
0x4aa9d8 FindWindowA
0x4aa9dc FillRect
0x4aa9e0 EqualRect
0x4aa9e4 EnumWindows
0x4aa9e8 EnumThreadWindows
0x4aa9ec EnumChildWindows
0x4aa9f0 EndPaint
0x4aa9f4 EnableWindow
0x4aa9f8 EnableScrollBar
0x4aa9fc EnableMenuItem
0x4aaa00 DrawTextA
0x4aaa04 DrawMenuBar
0x4aaa08 DrawIconEx
0x4aaa0c DrawIcon
0x4aaa10 DrawFrameControl
0x4aaa14 DrawFocusRect
0x4aaa18 DrawEdge
0x4aaa1c DispatchMessageW
0x4aaa20 DispatchMessageA
0x4aaa24 DestroyWindow
0x4aaa28 DestroyMenu
0x4aaa2c DestroyIcon
0x4aaa30 DestroyCursor
0x4aaa34 DeleteMenu
0x4aaa38 DefWindowProcA
0x4aaa3c DefMDIChildProcA
0x4aaa40 DefFrameProcA
0x4aaa44 CreatePopupMenu
0x4aaa48 CreateMenu
0x4aaa4c CreateIcon
0x4aaa50 ClientToScreen
0x4aaa54 CheckMenuItem
0x4aaa58 CallWindowProcA
0x4aaa5c CallNextHookEx
0x4aaa60 BeginPaint
0x4aaa64 CharNextA
0x4aaa68 CharLowerA
0x4aaa6c CharToOemA
0x4aaa70 AdjustWindowRectEx
0x4aaa74 ActivateKeyboardLayout
gdi32.dll
0x4aaa7c UnrealizeObject
0x4aaa80 StretchBlt
0x4aaa84 SetWindowOrgEx
0x4aaa88 SetViewportOrgEx
0x4aaa8c SetTextColor
0x4aaa90 SetStretchBltMode
0x4aaa94 SetROP2
0x4aaa98 SetPixel
0x4aaa9c SetDIBColorTable
0x4aaaa0 SetBrushOrgEx
0x4aaaa4 SetBkMode
0x4aaaa8 SetBkColor
0x4aaaac SelectPalette
0x4aaab0 SelectObject
0x4aaab4 SelectClipRgn
0x4aaab8 SaveDC
0x4aaabc RestoreDC
0x4aaac0 RectVisible
0x4aaac4 RealizePalette
0x4aaac8 PatBlt
0x4aaacc MoveToEx
0x4aaad0 MaskBlt
0x4aaad4 LineTo
0x4aaad8 IntersectClipRect
0x4aaadc GetWindowOrgEx
0x4aaae0 GetTextMetricsA
0x4aaae4 GetTextExtentPoint32A
0x4aaae8 GetTextAlign
0x4aaaec GetSystemPaletteEntries
0x4aaaf0 GetStockObject
0x4aaaf4 GetRgnBox
0x4aaaf8 GetROP2
0x4aaafc GetPolyFillMode
0x4aab00 GetPixelFormat
0x4aab04 GetPixel
0x4aab08 GetPaletteEntries
0x4aab0c GetObjectA
0x4aab10 GetMapMode
0x4aab14 GetGraphicsMode
0x4aab18 GetDeviceCaps
0x4aab1c GetDIBits
0x4aab20 GetDIBColorTable
0x4aab24 GetDCOrgEx
0x4aab28 GetDCPenColor
0x4aab2c GetDCBrushColor
0x4aab30 GetCurrentPositionEx
0x4aab34 GetClipBox
0x4aab38 GetBrushOrgEx
0x4aab3c GetBkMode
0x4aab40 GetBkColor
0x4aab44 GetBitmapBits
0x4aab48 ExtTextOutA
0x4aab4c ExcludeClipRect
0x4aab50 EnumFontFamiliesExA
0x4aab54 DeleteObject
0x4aab58 DeleteDC
0x4aab5c CreateSolidBrush
0x4aab60 CreatePenIndirect
0x4aab64 CreatePalette
0x4aab68 CreateHalftonePalette
0x4aab6c CreateFontIndirectA
0x4aab70 CreateDIBitmap
0x4aab74 CreateDIBSection
0x4aab78 CreateCompatibleDC
0x4aab7c CreateCompatibleBitmap
0x4aab80 CreateBrushIndirect
0x4aab84 CreateBitmap
0x4aab88 BitBlt
version.dll
0x4aab90 VerQueryValueA
0x4aab94 GetFileVersionInfoSizeA
0x4aab98 GetFileVersionInfoA
kernel32.dll
0x4aaba0 lstrcpyA
0x4aaba4 WriteFile
0x4aaba8 WaitForSingleObject
0x4aabac VirtualQuery
0x4aabb0 VirtualProtect
0x4aabb4 VirtualAlloc
0x4aabb8 SizeofResource
0x4aabbc SetThreadLocale
0x4aabc0 SetFilePointer
0x4aabc4 SetEvent
0x4aabc8 SetErrorMode
0x4aabcc SetEndOfFile
0x4aabd0 ResetEvent
0x4aabd4 ReadFile
0x4aabd8 MulDiv
0x4aabdc LockResource
0x4aabe0 LoadResource
0x4aabe4 LoadLibraryA
0x4aabe8 LeaveCriticalSection
0x4aabec InitializeCriticalSection
0x4aabf0 GlobalFindAtomA
0x4aabf4 GlobalDeleteAtom
0x4aabf8 GlobalAddAtomA
0x4aabfc GetVersionExA
0x4aac00 GetVersion
0x4aac04 GetTickCount
0x4aac08 GetThreadLocale
0x4aac0c GetStdHandle
0x4aac10 GetProcAddress
0x4aac14 GetModuleHandleA
0x4aac18 GetModuleFileNameA
0x4aac1c GetLocaleInfoA
0x4aac20 GetLocalTime
0x4aac24 GetLastError
0x4aac28 GetFullPathNameA
0x4aac2c GetDiskFreeSpaceA
0x4aac30 GetDateFormatA
0x4aac34 GetCurrentThreadId
0x4aac38 GetCurrentProcessId
0x4aac3c GetCPInfo
0x4aac40 FreeResource
0x4aac44 InterlockedExchange
0x4aac48 FreeLibrary
0x4aac4c FormatMessageA
0x4aac50 FindResourceA
0x4aac54 EnumCalendarInfoA
0x4aac58 EnterCriticalSection
0x4aac5c DeleteCriticalSection
0x4aac60 CreateThread
0x4aac64 CreateFileA
0x4aac68 CreateEventA
0x4aac6c CompareStringA
0x4aac70 CloseHandle
advapi32.dll
0x4aac78 RegQueryValueExA
0x4aac7c RegOpenKeyExA
0x4aac80 RegFlushKey
0x4aac84 RegCloseKey
kernel32.dll
0x4aac8c Sleep
oleaut32.dll
0x4aac94 SafeArrayPtrOfIndex
0x4aac98 SafeArrayGetUBound
0x4aac9c SafeArrayGetLBound
0x4aaca0 SafeArrayCreate
0x4aaca4 VariantChangeType
0x4aaca8 VariantCopy
0x4aacac VariantClear
0x4aacb0 VariantInit
comctl32.dll
0x4aacb8 _TrackMouseEvent
0x4aacbc ImageList_SetIconSize
0x4aacc0 ImageList_GetIconSize
0x4aacc4 ImageList_Write
0x4aacc8 ImageList_Read
0x4aaccc ImageList_DragShowNolock
0x4aacd0 ImageList_DragMove
0x4aacd4 ImageList_DragLeave
0x4aacd8 ImageList_DragEnter
0x4aacdc ImageList_EndDrag
0x4aace0 ImageList_BeginDrag
0x4aace4 ImageList_Remove
0x4aace8 ImageList_DrawEx
0x4aacec ImageList_Draw
0x4aacf0 ImageList_GetBkColor
0x4aacf4 ImageList_SetBkColor
0x4aacf8 ImageList_Add
0x4aacfc ImageList_GetImageCount
0x4aad00 ImageList_Destroy
0x4aad04 ImageList_Create
comdlg32.dll
0x4aad0c ChooseColorA
EAT(Export Address Table) is none