ScreenShot
| Created | 2021.09.04 13:58 | Machine | s1_win7_x6402 |
| Filename | fit.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetect, malware2, malicious, high confidence, ZelphiF, TGW@aKd5o7ji, EPZM, Generic@ML, RDML, aTsu0Y, 2Mz4Z7CIDZ, Fareit, Static AI, Malicious PE, Unsafe, Score, kcloud, Sabsik, BScope, Noon, susgen, confidence) | ||
| md5 | 3386ae032f6d373ca53c4cdd9f2d8071 | ||
| sha256 | e8fd9fa558e765a0a6273a0ba98195347c8c388491e4e6186fccf4d8a69baf84 | ||
| ssdeep | 12288:KAQ4TXPbFLYhC0MPsgGsXxItImX/m/zOOMH9L9T5kLvRJ:KZaZUhJOskXOt/vmb6kLJ | ||
| imphash | 683e36fe1155994747e39b9f335ec7e3 | ||
| impfuzzy | 192:f3Pkk1Q1JYbuuArSUvK9RqooqEKeSPOQRy:f3H1xAA9LrPOQk | ||
Network IP location
Signature (24cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x47a12c DeleteCriticalSection
0x47a130 LeaveCriticalSection
0x47a134 EnterCriticalSection
0x47a138 InitializeCriticalSection
0x47a13c VirtualFree
0x47a140 VirtualAlloc
0x47a144 LocalFree
0x47a148 LocalAlloc
0x47a14c GetVersion
0x47a150 GetCurrentThreadId
0x47a154 InterlockedDecrement
0x47a158 InterlockedIncrement
0x47a15c VirtualQuery
0x47a160 WideCharToMultiByte
0x47a164 MultiByteToWideChar
0x47a168 lstrlenA
0x47a16c lstrcpynA
0x47a170 LoadLibraryExA
0x47a174 GetThreadLocale
0x47a178 GetStartupInfoA
0x47a17c GetProcAddress
0x47a180 GetModuleHandleA
0x47a184 GetModuleFileNameA
0x47a188 GetLocaleInfoA
0x47a18c GetCommandLineA
0x47a190 FreeLibrary
0x47a194 FindFirstFileA
0x47a198 FindClose
0x47a19c ExitProcess
0x47a1a0 WriteFile
0x47a1a4 UnhandledExceptionFilter
0x47a1a8 RtlUnwind
0x47a1ac RaiseException
0x47a1b0 GetStdHandle
user32.dll
0x47a1b8 GetKeyboardType
0x47a1bc LoadStringA
0x47a1c0 MessageBoxA
0x47a1c4 CharNextA
advapi32.dll
0x47a1cc RegQueryValueExA
0x47a1d0 RegOpenKeyExA
0x47a1d4 RegCloseKey
oleaut32.dll
0x47a1dc SysFreeString
0x47a1e0 SysReAllocStringLen
0x47a1e4 SysAllocStringLen
kernel32.dll
0x47a1ec TlsSetValue
0x47a1f0 TlsGetValue
0x47a1f4 LocalAlloc
0x47a1f8 GetModuleHandleA
advapi32.dll
0x47a200 RegQueryValueExA
0x47a204 RegOpenKeyExA
0x47a208 RegCloseKey
kernel32.dll
0x47a210 lstrcpyA
0x47a214 lstrcmpiA
0x47a218 WriteFile
0x47a21c WaitForSingleObject
0x47a220 VirtualQuery
0x47a224 VirtualProtect
0x47a228 VirtualAlloc
0x47a22c Sleep
0x47a230 SizeofResource
0x47a234 SetThreadLocale
0x47a238 SetFilePointer
0x47a23c SetEvent
0x47a240 SetErrorMode
0x47a244 SetEndOfFile
0x47a248 ResetEvent
0x47a24c ReadFile
0x47a250 MulDiv
0x47a254 LockResource
0x47a258 LoadResource
0x47a25c LoadLibraryA
0x47a260 LeaveCriticalSection
0x47a264 InitializeCriticalSection
0x47a268 GlobalUnlock
0x47a26c GlobalReAlloc
0x47a270 GlobalHandle
0x47a274 GlobalLock
0x47a278 GlobalFree
0x47a27c GlobalFindAtomA
0x47a280 GlobalDeleteAtom
0x47a284 GlobalAlloc
0x47a288 GlobalAddAtomA
0x47a28c GetVersionExA
0x47a290 GetVersion
0x47a294 GetTickCount
0x47a298 GetThreadLocale
0x47a29c GetSystemInfo
0x47a2a0 GetStringTypeExA
0x47a2a4 GetStdHandle
0x47a2a8 GetProcAddress
0x47a2ac GetModuleHandleA
0x47a2b0 GetModuleFileNameA
0x47a2b4 GetLocaleInfoA
0x47a2b8 GetLocalTime
0x47a2bc GetLastError
0x47a2c0 GetFullPathNameA
0x47a2c4 GetDiskFreeSpaceA
0x47a2c8 GetDateFormatA
0x47a2cc GetCurrentThreadId
0x47a2d0 GetCurrentProcessId
0x47a2d4 GetCPInfo
0x47a2d8 GetACP
0x47a2dc FreeResource
0x47a2e0 InterlockedExchange
0x47a2e4 FreeLibrary
0x47a2e8 FormatMessageA
0x47a2ec FindResourceA
0x47a2f0 EnumCalendarInfoA
0x47a2f4 EnterCriticalSection
0x47a2f8 DeleteCriticalSection
0x47a2fc CreateThread
0x47a300 CreateFileA
0x47a304 CreateEventA
0x47a308 CompareStringA
0x47a30c CloseHandle
version.dll
0x47a314 VerQueryValueA
0x47a318 GetFileVersionInfoSizeA
0x47a31c GetFileVersionInfoA
gdi32.dll
0x47a324 UnrealizeObject
0x47a328 StretchBlt
0x47a32c SetWindowOrgEx
0x47a330 SetWinMetaFileBits
0x47a334 SetViewportOrgEx
0x47a338 SetTextColor
0x47a33c SetStretchBltMode
0x47a340 SetROP2
0x47a344 SetPixel
0x47a348 SetEnhMetaFileBits
0x47a34c SetDIBColorTable
0x47a350 SetBrushOrgEx
0x47a354 SetBkMode
0x47a358 SetBkColor
0x47a35c SelectPalette
0x47a360 SelectObject
0x47a364 SelectClipRgn
0x47a368 SaveDC
0x47a36c RoundRect
0x47a370 RestoreDC
0x47a374 Rectangle
0x47a378 RectVisible
0x47a37c RealizePalette
0x47a380 Polyline
0x47a384 PlayEnhMetaFile
0x47a388 PatBlt
0x47a38c MoveToEx
0x47a390 MaskBlt
0x47a394 LineTo
0x47a398 IntersectClipRect
0x47a39c GetWindowOrgEx
0x47a3a0 GetWinMetaFileBits
0x47a3a4 GetTextMetricsA
0x47a3a8 GetTextExtentPoint32A
0x47a3ac GetTextAlign
0x47a3b0 GetSystemPaletteEntries
0x47a3b4 GetStockObject
0x47a3b8 GetROP2
0x47a3bc GetPolyFillMode
0x47a3c0 GetPixelFormat
0x47a3c4 GetPixel
0x47a3c8 GetPaletteEntries
0x47a3cc GetObjectA
0x47a3d0 GetMapMode
0x47a3d4 GetGraphicsMode
0x47a3d8 GetEnhMetaFilePaletteEntries
0x47a3dc GetEnhMetaFileHeader
0x47a3e0 GetEnhMetaFileBits
0x47a3e4 GetDeviceCaps
0x47a3e8 GetDIBits
0x47a3ec GetDIBColorTable
0x47a3f0 GetDCOrgEx
0x47a3f4 GetDCPenColor
0x47a3f8 GetDCBrushColor
0x47a3fc GetCurrentPositionEx
0x47a400 GetClipBox
0x47a404 GetBrushOrgEx
0x47a408 GetBkMode
0x47a40c GetBkColor
0x47a410 GetBitmapBits
0x47a414 GdiFlush
0x47a418 ExtTextOutA
0x47a41c ExcludeClipRect
0x47a420 DeleteObject
0x47a424 DeleteEnhMetaFile
0x47a428 DeleteDC
0x47a42c CreateSolidBrush
0x47a430 CreatePenIndirect
0x47a434 CreatePalette
0x47a438 CreateHalftonePalette
0x47a43c CreateFontIndirectA
0x47a440 CreateDIBitmap
0x47a444 CreateDIBSection
0x47a448 CreateCompatibleDC
0x47a44c CreateCompatibleBitmap
0x47a450 CreateBrushIndirect
0x47a454 CreateBitmap
0x47a458 CopyEnhMetaFileA
0x47a45c BitBlt
user32.dll
0x47a464 CreateWindowExA
0x47a468 WindowFromPoint
0x47a46c WinHelpA
0x47a470 WaitMessage
0x47a474 UpdateWindow
0x47a478 UnregisterClassA
0x47a47c UnhookWindowsHookEx
0x47a480 TranslateMessage
0x47a484 TranslateMDISysAccel
0x47a488 TrackPopupMenu
0x47a48c SystemParametersInfoA
0x47a490 ShowWindow
0x47a494 ShowScrollBar
0x47a498 ShowOwnedPopups
0x47a49c ShowCursor
0x47a4a0 SetWindowsHookExA
0x47a4a4 SetWindowTextA
0x47a4a8 SetWindowPos
0x47a4ac SetWindowPlacement
0x47a4b0 SetWindowLongA
0x47a4b4 SetTimer
0x47a4b8 SetScrollRange
0x47a4bc SetScrollPos
0x47a4c0 SetScrollInfo
0x47a4c4 SetRect
0x47a4c8 SetPropA
0x47a4cc SetParent
0x47a4d0 SetMenuItemInfoA
0x47a4d4 SetMenu
0x47a4d8 SetForegroundWindow
0x47a4dc SetFocus
0x47a4e0 SetCursor
0x47a4e4 SetClassLongA
0x47a4e8 SetCapture
0x47a4ec SetActiveWindow
0x47a4f0 SendMessageA
0x47a4f4 ScrollWindow
0x47a4f8 ScreenToClient
0x47a4fc RemovePropA
0x47a500 RemoveMenu
0x47a504 ReleaseDC
0x47a508 ReleaseCapture
0x47a50c RegisterWindowMessageA
0x47a510 RegisterClipboardFormatA
0x47a514 RegisterClassA
0x47a518 RedrawWindow
0x47a51c PtInRect
0x47a520 PostQuitMessage
0x47a524 PostMessageA
0x47a528 PeekMessageA
0x47a52c OffsetRect
0x47a530 OemToCharA
0x47a534 MessageBoxA
0x47a538 MapWindowPoints
0x47a53c MapVirtualKeyA
0x47a540 LoadStringA
0x47a544 LoadKeyboardLayoutA
0x47a548 LoadIconA
0x47a54c LoadCursorA
0x47a550 LoadBitmapA
0x47a554 KillTimer
0x47a558 IsZoomed
0x47a55c IsWindowVisible
0x47a560 IsWindowEnabled
0x47a564 IsWindow
0x47a568 IsRectEmpty
0x47a56c IsIconic
0x47a570 IsDialogMessageA
0x47a574 IsChild
0x47a578 InvalidateRect
0x47a57c IntersectRect
0x47a580 InsertMenuItemA
0x47a584 InsertMenuA
0x47a588 InflateRect
0x47a58c GetWindowThreadProcessId
0x47a590 GetWindowTextA
0x47a594 GetWindowRect
0x47a598 GetWindowPlacement
0x47a59c GetWindowLongA
0x47a5a0 GetWindowDC
0x47a5a4 GetTopWindow
0x47a5a8 GetSystemMetrics
0x47a5ac GetSystemMenu
0x47a5b0 GetSysColorBrush
0x47a5b4 GetSysColor
0x47a5b8 GetSubMenu
0x47a5bc GetScrollRange
0x47a5c0 GetScrollPos
0x47a5c4 GetScrollInfo
0x47a5c8 GetPropA
0x47a5cc GetParent
0x47a5d0 GetWindow
0x47a5d4 GetMenuStringA
0x47a5d8 GetMenuState
0x47a5dc GetMenuItemInfoA
0x47a5e0 GetMenuItemID
0x47a5e4 GetMenuItemCount
0x47a5e8 GetMenu
0x47a5ec GetLastActivePopup
0x47a5f0 GetKeyboardState
0x47a5f4 GetKeyboardLayoutList
0x47a5f8 GetKeyboardLayout
0x47a5fc GetKeyState
0x47a600 GetKeyNameTextA
0x47a604 GetIconInfo
0x47a608 GetForegroundWindow
0x47a60c GetFocus
0x47a610 GetDesktopWindow
0x47a614 GetDCEx
0x47a618 GetDC
0x47a61c GetCursorPos
0x47a620 GetCursor
0x47a624 GetClipboardData
0x47a628 GetClientRect
0x47a62c GetClassNameA
0x47a630 GetClassInfoA
0x47a634 GetCapture
0x47a638 GetActiveWindow
0x47a63c FrameRect
0x47a640 FindWindowA
0x47a644 FillRect
0x47a648 EqualRect
0x47a64c EnumWindows
0x47a650 EnumThreadWindows
0x47a654 EndPaint
0x47a658 EnableWindow
0x47a65c EnableScrollBar
0x47a660 EnableMenuItem
0x47a664 DrawTextA
0x47a668 DrawMenuBar
0x47a66c DrawIconEx
0x47a670 DrawIcon
0x47a674 DrawFrameControl
0x47a678 DrawFocusRect
0x47a67c DrawEdge
0x47a680 DispatchMessageA
0x47a684 DestroyWindow
0x47a688 DestroyMenu
0x47a68c DestroyIcon
0x47a690 DestroyCursor
0x47a694 DeleteMenu
0x47a698 DefWindowProcA
0x47a69c DefMDIChildProcA
0x47a6a0 DefFrameProcA
0x47a6a4 CreatePopupMenu
0x47a6a8 CreateMenu
0x47a6ac CreateIcon
0x47a6b0 ClientToScreen
0x47a6b4 CheckMenuItem
0x47a6b8 CallWindowProcA
0x47a6bc CallNextHookEx
0x47a6c0 BeginPaint
0x47a6c4 CharNextA
0x47a6c8 CharLowerBuffA
0x47a6cc CharLowerA
0x47a6d0 CharToOemA
0x47a6d4 AdjustWindowRectEx
0x47a6d8 ActivateKeyboardLayout
kernel32.dll
0x47a6e0 Sleep
oleaut32.dll
0x47a6e8 SafeArrayPtrOfIndex
0x47a6ec SafeArrayGetUBound
0x47a6f0 SafeArrayGetLBound
0x47a6f4 SafeArrayCreate
0x47a6f8 VariantChangeType
0x47a6fc VariantCopy
0x47a700 VariantClear
0x47a704 VariantInit
comctl32.dll
0x47a70c ImageList_SetIconSize
0x47a710 ImageList_GetIconSize
0x47a714 ImageList_Write
0x47a718 ImageList_Read
0x47a71c ImageList_GetDragImage
0x47a720 ImageList_DragShowNolock
0x47a724 ImageList_SetDragCursorImage
0x47a728 ImageList_DragMove
0x47a72c ImageList_DragLeave
0x47a730 ImageList_DragEnter
0x47a734 ImageList_EndDrag
0x47a738 ImageList_BeginDrag
0x47a73c ImageList_Remove
0x47a740 ImageList_DrawEx
0x47a744 ImageList_Draw
0x47a748 ImageList_GetBkColor
0x47a74c ImageList_SetBkColor
0x47a750 ImageList_ReplaceIcon
0x47a754 ImageList_Add
0x47a758 ImageList_SetImageCount
0x47a75c ImageList_GetImageCount
0x47a760 ImageList_Destroy
0x47a764 ImageList_Create
shell32.dll
0x47a76c ShellExecuteA
EAT(Export Address Table) is none
kernel32.dll
0x47a12c DeleteCriticalSection
0x47a130 LeaveCriticalSection
0x47a134 EnterCriticalSection
0x47a138 InitializeCriticalSection
0x47a13c VirtualFree
0x47a140 VirtualAlloc
0x47a144 LocalFree
0x47a148 LocalAlloc
0x47a14c GetVersion
0x47a150 GetCurrentThreadId
0x47a154 InterlockedDecrement
0x47a158 InterlockedIncrement
0x47a15c VirtualQuery
0x47a160 WideCharToMultiByte
0x47a164 MultiByteToWideChar
0x47a168 lstrlenA
0x47a16c lstrcpynA
0x47a170 LoadLibraryExA
0x47a174 GetThreadLocale
0x47a178 GetStartupInfoA
0x47a17c GetProcAddress
0x47a180 GetModuleHandleA
0x47a184 GetModuleFileNameA
0x47a188 GetLocaleInfoA
0x47a18c GetCommandLineA
0x47a190 FreeLibrary
0x47a194 FindFirstFileA
0x47a198 FindClose
0x47a19c ExitProcess
0x47a1a0 WriteFile
0x47a1a4 UnhandledExceptionFilter
0x47a1a8 RtlUnwind
0x47a1ac RaiseException
0x47a1b0 GetStdHandle
user32.dll
0x47a1b8 GetKeyboardType
0x47a1bc LoadStringA
0x47a1c0 MessageBoxA
0x47a1c4 CharNextA
advapi32.dll
0x47a1cc RegQueryValueExA
0x47a1d0 RegOpenKeyExA
0x47a1d4 RegCloseKey
oleaut32.dll
0x47a1dc SysFreeString
0x47a1e0 SysReAllocStringLen
0x47a1e4 SysAllocStringLen
kernel32.dll
0x47a1ec TlsSetValue
0x47a1f0 TlsGetValue
0x47a1f4 LocalAlloc
0x47a1f8 GetModuleHandleA
advapi32.dll
0x47a200 RegQueryValueExA
0x47a204 RegOpenKeyExA
0x47a208 RegCloseKey
kernel32.dll
0x47a210 lstrcpyA
0x47a214 lstrcmpiA
0x47a218 WriteFile
0x47a21c WaitForSingleObject
0x47a220 VirtualQuery
0x47a224 VirtualProtect
0x47a228 VirtualAlloc
0x47a22c Sleep
0x47a230 SizeofResource
0x47a234 SetThreadLocale
0x47a238 SetFilePointer
0x47a23c SetEvent
0x47a240 SetErrorMode
0x47a244 SetEndOfFile
0x47a248 ResetEvent
0x47a24c ReadFile
0x47a250 MulDiv
0x47a254 LockResource
0x47a258 LoadResource
0x47a25c LoadLibraryA
0x47a260 LeaveCriticalSection
0x47a264 InitializeCriticalSection
0x47a268 GlobalUnlock
0x47a26c GlobalReAlloc
0x47a270 GlobalHandle
0x47a274 GlobalLock
0x47a278 GlobalFree
0x47a27c GlobalFindAtomA
0x47a280 GlobalDeleteAtom
0x47a284 GlobalAlloc
0x47a288 GlobalAddAtomA
0x47a28c GetVersionExA
0x47a290 GetVersion
0x47a294 GetTickCount
0x47a298 GetThreadLocale
0x47a29c GetSystemInfo
0x47a2a0 GetStringTypeExA
0x47a2a4 GetStdHandle
0x47a2a8 GetProcAddress
0x47a2ac GetModuleHandleA
0x47a2b0 GetModuleFileNameA
0x47a2b4 GetLocaleInfoA
0x47a2b8 GetLocalTime
0x47a2bc GetLastError
0x47a2c0 GetFullPathNameA
0x47a2c4 GetDiskFreeSpaceA
0x47a2c8 GetDateFormatA
0x47a2cc GetCurrentThreadId
0x47a2d0 GetCurrentProcessId
0x47a2d4 GetCPInfo
0x47a2d8 GetACP
0x47a2dc FreeResource
0x47a2e0 InterlockedExchange
0x47a2e4 FreeLibrary
0x47a2e8 FormatMessageA
0x47a2ec FindResourceA
0x47a2f0 EnumCalendarInfoA
0x47a2f4 EnterCriticalSection
0x47a2f8 DeleteCriticalSection
0x47a2fc CreateThread
0x47a300 CreateFileA
0x47a304 CreateEventA
0x47a308 CompareStringA
0x47a30c CloseHandle
version.dll
0x47a314 VerQueryValueA
0x47a318 GetFileVersionInfoSizeA
0x47a31c GetFileVersionInfoA
gdi32.dll
0x47a324 UnrealizeObject
0x47a328 StretchBlt
0x47a32c SetWindowOrgEx
0x47a330 SetWinMetaFileBits
0x47a334 SetViewportOrgEx
0x47a338 SetTextColor
0x47a33c SetStretchBltMode
0x47a340 SetROP2
0x47a344 SetPixel
0x47a348 SetEnhMetaFileBits
0x47a34c SetDIBColorTable
0x47a350 SetBrushOrgEx
0x47a354 SetBkMode
0x47a358 SetBkColor
0x47a35c SelectPalette
0x47a360 SelectObject
0x47a364 SelectClipRgn
0x47a368 SaveDC
0x47a36c RoundRect
0x47a370 RestoreDC
0x47a374 Rectangle
0x47a378 RectVisible
0x47a37c RealizePalette
0x47a380 Polyline
0x47a384 PlayEnhMetaFile
0x47a388 PatBlt
0x47a38c MoveToEx
0x47a390 MaskBlt
0x47a394 LineTo
0x47a398 IntersectClipRect
0x47a39c GetWindowOrgEx
0x47a3a0 GetWinMetaFileBits
0x47a3a4 GetTextMetricsA
0x47a3a8 GetTextExtentPoint32A
0x47a3ac GetTextAlign
0x47a3b0 GetSystemPaletteEntries
0x47a3b4 GetStockObject
0x47a3b8 GetROP2
0x47a3bc GetPolyFillMode
0x47a3c0 GetPixelFormat
0x47a3c4 GetPixel
0x47a3c8 GetPaletteEntries
0x47a3cc GetObjectA
0x47a3d0 GetMapMode
0x47a3d4 GetGraphicsMode
0x47a3d8 GetEnhMetaFilePaletteEntries
0x47a3dc GetEnhMetaFileHeader
0x47a3e0 GetEnhMetaFileBits
0x47a3e4 GetDeviceCaps
0x47a3e8 GetDIBits
0x47a3ec GetDIBColorTable
0x47a3f0 GetDCOrgEx
0x47a3f4 GetDCPenColor
0x47a3f8 GetDCBrushColor
0x47a3fc GetCurrentPositionEx
0x47a400 GetClipBox
0x47a404 GetBrushOrgEx
0x47a408 GetBkMode
0x47a40c GetBkColor
0x47a410 GetBitmapBits
0x47a414 GdiFlush
0x47a418 ExtTextOutA
0x47a41c ExcludeClipRect
0x47a420 DeleteObject
0x47a424 DeleteEnhMetaFile
0x47a428 DeleteDC
0x47a42c CreateSolidBrush
0x47a430 CreatePenIndirect
0x47a434 CreatePalette
0x47a438 CreateHalftonePalette
0x47a43c CreateFontIndirectA
0x47a440 CreateDIBitmap
0x47a444 CreateDIBSection
0x47a448 CreateCompatibleDC
0x47a44c CreateCompatibleBitmap
0x47a450 CreateBrushIndirect
0x47a454 CreateBitmap
0x47a458 CopyEnhMetaFileA
0x47a45c BitBlt
user32.dll
0x47a464 CreateWindowExA
0x47a468 WindowFromPoint
0x47a46c WinHelpA
0x47a470 WaitMessage
0x47a474 UpdateWindow
0x47a478 UnregisterClassA
0x47a47c UnhookWindowsHookEx
0x47a480 TranslateMessage
0x47a484 TranslateMDISysAccel
0x47a488 TrackPopupMenu
0x47a48c SystemParametersInfoA
0x47a490 ShowWindow
0x47a494 ShowScrollBar
0x47a498 ShowOwnedPopups
0x47a49c ShowCursor
0x47a4a0 SetWindowsHookExA
0x47a4a4 SetWindowTextA
0x47a4a8 SetWindowPos
0x47a4ac SetWindowPlacement
0x47a4b0 SetWindowLongA
0x47a4b4 SetTimer
0x47a4b8 SetScrollRange
0x47a4bc SetScrollPos
0x47a4c0 SetScrollInfo
0x47a4c4 SetRect
0x47a4c8 SetPropA
0x47a4cc SetParent
0x47a4d0 SetMenuItemInfoA
0x47a4d4 SetMenu
0x47a4d8 SetForegroundWindow
0x47a4dc SetFocus
0x47a4e0 SetCursor
0x47a4e4 SetClassLongA
0x47a4e8 SetCapture
0x47a4ec SetActiveWindow
0x47a4f0 SendMessageA
0x47a4f4 ScrollWindow
0x47a4f8 ScreenToClient
0x47a4fc RemovePropA
0x47a500 RemoveMenu
0x47a504 ReleaseDC
0x47a508 ReleaseCapture
0x47a50c RegisterWindowMessageA
0x47a510 RegisterClipboardFormatA
0x47a514 RegisterClassA
0x47a518 RedrawWindow
0x47a51c PtInRect
0x47a520 PostQuitMessage
0x47a524 PostMessageA
0x47a528 PeekMessageA
0x47a52c OffsetRect
0x47a530 OemToCharA
0x47a534 MessageBoxA
0x47a538 MapWindowPoints
0x47a53c MapVirtualKeyA
0x47a540 LoadStringA
0x47a544 LoadKeyboardLayoutA
0x47a548 LoadIconA
0x47a54c LoadCursorA
0x47a550 LoadBitmapA
0x47a554 KillTimer
0x47a558 IsZoomed
0x47a55c IsWindowVisible
0x47a560 IsWindowEnabled
0x47a564 IsWindow
0x47a568 IsRectEmpty
0x47a56c IsIconic
0x47a570 IsDialogMessageA
0x47a574 IsChild
0x47a578 InvalidateRect
0x47a57c IntersectRect
0x47a580 InsertMenuItemA
0x47a584 InsertMenuA
0x47a588 InflateRect
0x47a58c GetWindowThreadProcessId
0x47a590 GetWindowTextA
0x47a594 GetWindowRect
0x47a598 GetWindowPlacement
0x47a59c GetWindowLongA
0x47a5a0 GetWindowDC
0x47a5a4 GetTopWindow
0x47a5a8 GetSystemMetrics
0x47a5ac GetSystemMenu
0x47a5b0 GetSysColorBrush
0x47a5b4 GetSysColor
0x47a5b8 GetSubMenu
0x47a5bc GetScrollRange
0x47a5c0 GetScrollPos
0x47a5c4 GetScrollInfo
0x47a5c8 GetPropA
0x47a5cc GetParent
0x47a5d0 GetWindow
0x47a5d4 GetMenuStringA
0x47a5d8 GetMenuState
0x47a5dc GetMenuItemInfoA
0x47a5e0 GetMenuItemID
0x47a5e4 GetMenuItemCount
0x47a5e8 GetMenu
0x47a5ec GetLastActivePopup
0x47a5f0 GetKeyboardState
0x47a5f4 GetKeyboardLayoutList
0x47a5f8 GetKeyboardLayout
0x47a5fc GetKeyState
0x47a600 GetKeyNameTextA
0x47a604 GetIconInfo
0x47a608 GetForegroundWindow
0x47a60c GetFocus
0x47a610 GetDesktopWindow
0x47a614 GetDCEx
0x47a618 GetDC
0x47a61c GetCursorPos
0x47a620 GetCursor
0x47a624 GetClipboardData
0x47a628 GetClientRect
0x47a62c GetClassNameA
0x47a630 GetClassInfoA
0x47a634 GetCapture
0x47a638 GetActiveWindow
0x47a63c FrameRect
0x47a640 FindWindowA
0x47a644 FillRect
0x47a648 EqualRect
0x47a64c EnumWindows
0x47a650 EnumThreadWindows
0x47a654 EndPaint
0x47a658 EnableWindow
0x47a65c EnableScrollBar
0x47a660 EnableMenuItem
0x47a664 DrawTextA
0x47a668 DrawMenuBar
0x47a66c DrawIconEx
0x47a670 DrawIcon
0x47a674 DrawFrameControl
0x47a678 DrawFocusRect
0x47a67c DrawEdge
0x47a680 DispatchMessageA
0x47a684 DestroyWindow
0x47a688 DestroyMenu
0x47a68c DestroyIcon
0x47a690 DestroyCursor
0x47a694 DeleteMenu
0x47a698 DefWindowProcA
0x47a69c DefMDIChildProcA
0x47a6a0 DefFrameProcA
0x47a6a4 CreatePopupMenu
0x47a6a8 CreateMenu
0x47a6ac CreateIcon
0x47a6b0 ClientToScreen
0x47a6b4 CheckMenuItem
0x47a6b8 CallWindowProcA
0x47a6bc CallNextHookEx
0x47a6c0 BeginPaint
0x47a6c4 CharNextA
0x47a6c8 CharLowerBuffA
0x47a6cc CharLowerA
0x47a6d0 CharToOemA
0x47a6d4 AdjustWindowRectEx
0x47a6d8 ActivateKeyboardLayout
kernel32.dll
0x47a6e0 Sleep
oleaut32.dll
0x47a6e8 SafeArrayPtrOfIndex
0x47a6ec SafeArrayGetUBound
0x47a6f0 SafeArrayGetLBound
0x47a6f4 SafeArrayCreate
0x47a6f8 VariantChangeType
0x47a6fc VariantCopy
0x47a700 VariantClear
0x47a704 VariantInit
comctl32.dll
0x47a70c ImageList_SetIconSize
0x47a710 ImageList_GetIconSize
0x47a714 ImageList_Write
0x47a718 ImageList_Read
0x47a71c ImageList_GetDragImage
0x47a720 ImageList_DragShowNolock
0x47a724 ImageList_SetDragCursorImage
0x47a728 ImageList_DragMove
0x47a72c ImageList_DragLeave
0x47a730 ImageList_DragEnter
0x47a734 ImageList_EndDrag
0x47a738 ImageList_BeginDrag
0x47a73c ImageList_Remove
0x47a740 ImageList_DrawEx
0x47a744 ImageList_Draw
0x47a748 ImageList_GetBkColor
0x47a74c ImageList_SetBkColor
0x47a750 ImageList_ReplaceIcon
0x47a754 ImageList_Add
0x47a758 ImageList_SetImageCount
0x47a75c ImageList_GetImageCount
0x47a760 ImageList_Destroy
0x47a764 ImageList_Create
shell32.dll
0x47a76c ShellExecuteA
EAT(Export Address Table) is none