ScreenShot
| Created | 2021.09.06 18:06 | Machine | s1_win7_x6402 |
| Filename | rc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, 100%, Delf, Eldorado, EQAC, Malware@#1dsgalb7em3l3, DownLoader41, Static AI, Suspicious PE, jpmwr, ai score=88, kcloud, DelfInject, score, R439951, RemcosRAT, BScope, Noon, FormBook, susgen) | ||
| md5 | e0fcb3e605e5fffbb4e30deed0af01cb | ||
| sha256 | 2c4676718b5d15a4ad386f3398efe07779ca2581b4643a7793d9af126c1e448a | ||
| ssdeep | 12288:K1+UzwWLYx9/EISfjI3916W3WOsA0QLEkpwaGKqa/y31pKQcj2VncY:+BfYx9tGjI39DmOs5KTGKqX37cSc | ||
| imphash | 1407e2d87d7efca6bd106fef3862efae | ||
| impfuzzy | 192:o13MDbuuaxSUvK9kso1XEpehIPyG1hH+POQk:C3maq9um1hePOQk | ||
Network IP location
Signature (24cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4ab72c SysFreeString
0x4ab730 SysReAllocStringLen
0x4ab734 SysAllocStringLen
advapi32.dll
0x4ab73c RegQueryValueExA
0x4ab740 RegOpenKeyExA
0x4ab744 RegCloseKey
user32.dll
0x4ab74c GetKeyboardType
0x4ab750 DestroyWindow
0x4ab754 LoadStringA
0x4ab758 MessageBoxA
0x4ab75c CharNextA
kernel32.dll
0x4ab764 GetACP
0x4ab768 Sleep
0x4ab76c VirtualFree
0x4ab770 VirtualAlloc
0x4ab774 GetCurrentThreadId
0x4ab778 InterlockedDecrement
0x4ab77c InterlockedIncrement
0x4ab780 VirtualQuery
0x4ab784 WideCharToMultiByte
0x4ab788 MultiByteToWideChar
0x4ab78c lstrlenA
0x4ab790 lstrcpynA
0x4ab794 LoadLibraryExA
0x4ab798 GetThreadLocale
0x4ab79c GetStartupInfoA
0x4ab7a0 GetProcAddress
0x4ab7a4 GetModuleHandleA
0x4ab7a8 GetModuleFileNameA
0x4ab7ac GetLocaleInfoA
0x4ab7b0 GetCommandLineA
0x4ab7b4 FreeLibrary
0x4ab7b8 FindFirstFileA
0x4ab7bc FindClose
0x4ab7c0 ExitProcess
0x4ab7c4 CompareStringA
0x4ab7c8 WriteFile
0x4ab7cc UnhandledExceptionFilter
0x4ab7d0 RtlUnwind
0x4ab7d4 RaiseException
0x4ab7d8 GetStdHandle
kernel32.dll
0x4ab7e0 TlsSetValue
0x4ab7e4 TlsGetValue
0x4ab7e8 LocalAlloc
0x4ab7ec GetModuleHandleA
user32.dll
0x4ab7f4 CreateWindowExA
0x4ab7f8 WindowFromPoint
0x4ab7fc WaitMessage
0x4ab800 UpdateWindow
0x4ab804 UnregisterClassA
0x4ab808 UnhookWindowsHookEx
0x4ab80c TranslateMessage
0x4ab810 TranslateMDISysAccel
0x4ab814 TrackPopupMenu
0x4ab818 SystemParametersInfoA
0x4ab81c ShowWindow
0x4ab820 ShowScrollBar
0x4ab824 ShowOwnedPopups
0x4ab828 SetWindowsHookExA
0x4ab82c SetWindowTextA
0x4ab830 SetWindowPos
0x4ab834 SetWindowPlacement
0x4ab838 SetWindowLongW
0x4ab83c SetWindowLongA
0x4ab840 SetTimer
0x4ab844 SetScrollRange
0x4ab848 SetScrollPos
0x4ab84c SetScrollInfo
0x4ab850 SetRect
0x4ab854 SetPropA
0x4ab858 SetParent
0x4ab85c SetMenuItemInfoA
0x4ab860 SetMenu
0x4ab864 SetForegroundWindow
0x4ab868 SetFocus
0x4ab86c SetCursor
0x4ab870 SetClassLongA
0x4ab874 SetCapture
0x4ab878 SetActiveWindow
0x4ab87c SendMessageW
0x4ab880 SendMessageA
0x4ab884 ScrollWindow
0x4ab888 ScreenToClient
0x4ab88c RemovePropA
0x4ab890 RemoveMenu
0x4ab894 ReleaseDC
0x4ab898 ReleaseCapture
0x4ab89c RegisterWindowMessageA
0x4ab8a0 RegisterClipboardFormatA
0x4ab8a4 RegisterClassA
0x4ab8a8 RedrawWindow
0x4ab8ac PtInRect
0x4ab8b0 PostQuitMessage
0x4ab8b4 PostMessageA
0x4ab8b8 PeekMessageW
0x4ab8bc PeekMessageA
0x4ab8c0 OffsetRect
0x4ab8c4 OemToCharA
0x4ab8c8 MessageBoxA
0x4ab8cc MapWindowPoints
0x4ab8d0 MapVirtualKeyA
0x4ab8d4 LoadStringA
0x4ab8d8 LoadKeyboardLayoutA
0x4ab8dc LoadIconA
0x4ab8e0 LoadCursorA
0x4ab8e4 LoadBitmapA
0x4ab8e8 KillTimer
0x4ab8ec IsZoomed
0x4ab8f0 IsWindowVisible
0x4ab8f4 IsWindowUnicode
0x4ab8f8 IsWindowEnabled
0x4ab8fc IsWindow
0x4ab900 IsRectEmpty
0x4ab904 IsIconic
0x4ab908 IsDialogMessageW
0x4ab90c IsDialogMessageA
0x4ab910 IsChild
0x4ab914 InvalidateRect
0x4ab918 IntersectRect
0x4ab91c InsertMenuItemA
0x4ab920 InsertMenuA
0x4ab924 InflateRect
0x4ab928 GetWindowThreadProcessId
0x4ab92c GetWindowTextA
0x4ab930 GetWindowRect
0x4ab934 GetWindowPlacement
0x4ab938 GetWindowLongW
0x4ab93c GetWindowLongA
0x4ab940 GetWindowDC
0x4ab944 GetTopWindow
0x4ab948 GetSystemMetrics
0x4ab94c GetSystemMenu
0x4ab950 GetSysColorBrush
0x4ab954 GetSysColor
0x4ab958 GetSubMenu
0x4ab95c GetScrollRange
0x4ab960 GetScrollPos
0x4ab964 GetScrollInfo
0x4ab968 GetPropA
0x4ab96c GetParent
0x4ab970 GetWindow
0x4ab974 GetMessagePos
0x4ab978 GetMenuStringA
0x4ab97c GetMenuState
0x4ab980 GetMenuItemInfoA
0x4ab984 GetMenuItemID
0x4ab988 GetMenuItemCount
0x4ab98c GetMenu
0x4ab990 GetLastActivePopup
0x4ab994 GetKeyboardState
0x4ab998 GetKeyboardLayoutNameA
0x4ab99c GetKeyboardLayoutList
0x4ab9a0 GetKeyboardLayout
0x4ab9a4 GetKeyState
0x4ab9a8 GetKeyNameTextA
0x4ab9ac GetIconInfo
0x4ab9b0 GetForegroundWindow
0x4ab9b4 GetFocus
0x4ab9b8 GetDesktopWindow
0x4ab9bc GetDCEx
0x4ab9c0 GetDC
0x4ab9c4 GetCursorPos
0x4ab9c8 GetCursor
0x4ab9cc GetClipboardData
0x4ab9d0 GetClientRect
0x4ab9d4 GetClassLongA
0x4ab9d8 GetClassInfoA
0x4ab9dc GetCapture
0x4ab9e0 GetActiveWindow
0x4ab9e4 FrameRect
0x4ab9e8 FindWindowA
0x4ab9ec FillRect
0x4ab9f0 EqualRect
0x4ab9f4 EnumWindows
0x4ab9f8 EnumThreadWindows
0x4ab9fc EnumChildWindows
0x4aba00 EndPaint
0x4aba04 EnableWindow
0x4aba08 EnableScrollBar
0x4aba0c EnableMenuItem
0x4aba10 DrawTextA
0x4aba14 DrawMenuBar
0x4aba18 DrawIconEx
0x4aba1c DrawIcon
0x4aba20 DrawFrameControl
0x4aba24 DrawEdge
0x4aba28 DispatchMessageW
0x4aba2c DispatchMessageA
0x4aba30 DestroyWindow
0x4aba34 DestroyMenu
0x4aba38 DestroyIcon
0x4aba3c DestroyCursor
0x4aba40 DeleteMenu
0x4aba44 DefWindowProcA
0x4aba48 DefMDIChildProcA
0x4aba4c DefFrameProcA
0x4aba50 CreatePopupMenu
0x4aba54 CreateMenu
0x4aba58 CreateIcon
0x4aba5c ClientToScreen
0x4aba60 CheckMenuItem
0x4aba64 CallWindowProcA
0x4aba68 CallNextHookEx
0x4aba6c BeginPaint
0x4aba70 CharNextA
0x4aba74 CharLowerBuffA
0x4aba78 CharLowerA
0x4aba7c CharToOemA
0x4aba80 AdjustWindowRectEx
0x4aba84 ActivateKeyboardLayout
gdi32.dll
0x4aba8c UnrealizeObject
0x4aba90 StretchBlt
0x4aba94 SetWindowOrgEx
0x4aba98 SetWinMetaFileBits
0x4aba9c SetViewportOrgEx
0x4abaa0 SetTextColor
0x4abaa4 SetStretchBltMode
0x4abaa8 SetROP2
0x4abaac SetPixel
0x4abab0 SetEnhMetaFileBits
0x4abab4 SetDIBColorTable
0x4abab8 SetBrushOrgEx
0x4ababc SetBkMode
0x4abac0 SetBkColor
0x4abac4 SelectPalette
0x4abac8 SelectObject
0x4abacc SaveDC
0x4abad0 RestoreDC
0x4abad4 RectVisible
0x4abad8 RealizePalette
0x4abadc PlayEnhMetaFile
0x4abae0 PatBlt
0x4abae4 MoveToEx
0x4abae8 MaskBlt
0x4abaec LineTo
0x4abaf0 IntersectClipRect
0x4abaf4 GetWindowOrgEx
0x4abaf8 GetWinMetaFileBits
0x4abafc GetTextMetricsA
0x4abb00 GetTextExtentPoint32A
0x4abb04 GetTextAlign
0x4abb08 GetSystemPaletteEntries
0x4abb0c GetStockObject
0x4abb10 GetRgnBox
0x4abb14 GetROP2
0x4abb18 GetPolyFillMode
0x4abb1c GetPixelFormat
0x4abb20 GetPixel
0x4abb24 GetPaletteEntries
0x4abb28 GetObjectA
0x4abb2c GetMapMode
0x4abb30 GetGraphicsMode
0x4abb34 GetEnhMetaFilePaletteEntries
0x4abb38 GetEnhMetaFileHeader
0x4abb3c GetEnhMetaFileBits
0x4abb40 GetDeviceCaps
0x4abb44 GetDIBits
0x4abb48 GetDIBColorTable
0x4abb4c GetDCOrgEx
0x4abb50 GetDCPenColor
0x4abb54 GetDCBrushColor
0x4abb58 GetCurrentPositionEx
0x4abb5c GetClipBox
0x4abb60 GetBrushOrgEx
0x4abb64 GetBkMode
0x4abb68 GetBkColor
0x4abb6c GetBitmapBits
0x4abb70 GdiFlush
0x4abb74 ExcludeClipRect
0x4abb78 DeleteObject
0x4abb7c DeleteEnhMetaFile
0x4abb80 DeleteDC
0x4abb84 CreateSolidBrush
0x4abb88 CreatePenIndirect
0x4abb8c CreatePalette
0x4abb90 CreateHalftonePalette
0x4abb94 CreateFontIndirectA
0x4abb98 CreateDIBitmap
0x4abb9c CreateDIBSection
0x4abba0 CreateCompatibleDC
0x4abba4 CreateCompatibleBitmap
0x4abba8 CreateBrushIndirect
0x4abbac CreateBitmap
0x4abbb0 CopyEnhMetaFileA
0x4abbb4 BitBlt
version.dll
0x4abbbc VerQueryValueA
0x4abbc0 GetFileVersionInfoSizeA
0x4abbc4 GetFileVersionInfoA
kernel32.dll
0x4abbcc lstrcpyA
0x4abbd0 lstrcmpiA
0x4abbd4 WriteFile
0x4abbd8 WaitForSingleObject
0x4abbdc VirtualQuery
0x4abbe0 VirtualProtect
0x4abbe4 VirtualAlloc
0x4abbe8 SizeofResource
0x4abbec SetThreadLocale
0x4abbf0 SetFilePointer
0x4abbf4 SetEvent
0x4abbf8 SetErrorMode
0x4abbfc SetEndOfFile
0x4abc00 ResetEvent
0x4abc04 ReadFile
0x4abc08 MulDiv
0x4abc0c LockResource
0x4abc10 LoadResource
0x4abc14 LoadLibraryA
0x4abc18 LeaveCriticalSection
0x4abc1c InitializeCriticalSection
0x4abc20 GlobalFindAtomA
0x4abc24 GlobalDeleteAtom
0x4abc28 GlobalAddAtomA
0x4abc2c GetVersionExA
0x4abc30 GetVersion
0x4abc34 GetTickCount
0x4abc38 GetThreadLocale
0x4abc3c GetStdHandle
0x4abc40 GetProcAddress
0x4abc44 GetModuleHandleA
0x4abc48 GetModuleFileNameA
0x4abc4c GetLocaleInfoA
0x4abc50 GetLocalTime
0x4abc54 GetLastError
0x4abc58 GetFullPathNameA
0x4abc5c GetDiskFreeSpaceA
0x4abc60 GetDateFormatA
0x4abc64 GetCurrentThreadId
0x4abc68 GetCurrentProcessId
0x4abc6c GetCPInfo
0x4abc70 FreeResource
0x4abc74 InterlockedExchange
0x4abc78 FreeLibrary
0x4abc7c FormatMessageA
0x4abc80 FindResourceA
0x4abc84 ExitProcess
0x4abc88 EnumCalendarInfoA
0x4abc8c EnterCriticalSection
0x4abc90 DeleteCriticalSection
0x4abc94 CreateThread
0x4abc98 CreateFileA
0x4abc9c CreateEventA
0x4abca0 CompareStringA
0x4abca4 CloseHandle
advapi32.dll
0x4abcac RegQueryValueExA
0x4abcb0 RegOpenKeyExA
0x4abcb4 RegFlushKey
0x4abcb8 RegCloseKey
kernel32.dll
0x4abcc0 Sleep
oleaut32.dll
0x4abcc8 SafeArrayPtrOfIndex
0x4abccc SafeArrayGetUBound
0x4abcd0 SafeArrayGetLBound
0x4abcd4 SafeArrayCreate
0x4abcd8 VariantChangeType
0x4abcdc VariantCopy
0x4abce0 VariantClear
0x4abce4 VariantInit
comctl32.dll
0x4abcec _TrackMouseEvent
0x4abcf0 ImageList_SetIconSize
0x4abcf4 ImageList_GetIconSize
0x4abcf8 ImageList_Write
0x4abcfc ImageList_Read
0x4abd00 ImageList_DragShowNolock
0x4abd04 ImageList_DragMove
0x4abd08 ImageList_DragLeave
0x4abd0c ImageList_DragEnter
0x4abd10 ImageList_EndDrag
0x4abd14 ImageList_BeginDrag
0x4abd18 ImageList_Remove
0x4abd1c ImageList_DrawEx
0x4abd20 ImageList_Draw
0x4abd24 ImageList_GetBkColor
0x4abd28 ImageList_SetBkColor
0x4abd2c ImageList_Add
0x4abd30 ImageList_GetImageCount
0x4abd34 ImageList_Destroy
0x4abd38 ImageList_Create
EAT(Export Address Table) is none
oleaut32.dll
0x4ab72c SysFreeString
0x4ab730 SysReAllocStringLen
0x4ab734 SysAllocStringLen
advapi32.dll
0x4ab73c RegQueryValueExA
0x4ab740 RegOpenKeyExA
0x4ab744 RegCloseKey
user32.dll
0x4ab74c GetKeyboardType
0x4ab750 DestroyWindow
0x4ab754 LoadStringA
0x4ab758 MessageBoxA
0x4ab75c CharNextA
kernel32.dll
0x4ab764 GetACP
0x4ab768 Sleep
0x4ab76c VirtualFree
0x4ab770 VirtualAlloc
0x4ab774 GetCurrentThreadId
0x4ab778 InterlockedDecrement
0x4ab77c InterlockedIncrement
0x4ab780 VirtualQuery
0x4ab784 WideCharToMultiByte
0x4ab788 MultiByteToWideChar
0x4ab78c lstrlenA
0x4ab790 lstrcpynA
0x4ab794 LoadLibraryExA
0x4ab798 GetThreadLocale
0x4ab79c GetStartupInfoA
0x4ab7a0 GetProcAddress
0x4ab7a4 GetModuleHandleA
0x4ab7a8 GetModuleFileNameA
0x4ab7ac GetLocaleInfoA
0x4ab7b0 GetCommandLineA
0x4ab7b4 FreeLibrary
0x4ab7b8 FindFirstFileA
0x4ab7bc FindClose
0x4ab7c0 ExitProcess
0x4ab7c4 CompareStringA
0x4ab7c8 WriteFile
0x4ab7cc UnhandledExceptionFilter
0x4ab7d0 RtlUnwind
0x4ab7d4 RaiseException
0x4ab7d8 GetStdHandle
kernel32.dll
0x4ab7e0 TlsSetValue
0x4ab7e4 TlsGetValue
0x4ab7e8 LocalAlloc
0x4ab7ec GetModuleHandleA
user32.dll
0x4ab7f4 CreateWindowExA
0x4ab7f8 WindowFromPoint
0x4ab7fc WaitMessage
0x4ab800 UpdateWindow
0x4ab804 UnregisterClassA
0x4ab808 UnhookWindowsHookEx
0x4ab80c TranslateMessage
0x4ab810 TranslateMDISysAccel
0x4ab814 TrackPopupMenu
0x4ab818 SystemParametersInfoA
0x4ab81c ShowWindow
0x4ab820 ShowScrollBar
0x4ab824 ShowOwnedPopups
0x4ab828 SetWindowsHookExA
0x4ab82c SetWindowTextA
0x4ab830 SetWindowPos
0x4ab834 SetWindowPlacement
0x4ab838 SetWindowLongW
0x4ab83c SetWindowLongA
0x4ab840 SetTimer
0x4ab844 SetScrollRange
0x4ab848 SetScrollPos
0x4ab84c SetScrollInfo
0x4ab850 SetRect
0x4ab854 SetPropA
0x4ab858 SetParent
0x4ab85c SetMenuItemInfoA
0x4ab860 SetMenu
0x4ab864 SetForegroundWindow
0x4ab868 SetFocus
0x4ab86c SetCursor
0x4ab870 SetClassLongA
0x4ab874 SetCapture
0x4ab878 SetActiveWindow
0x4ab87c SendMessageW
0x4ab880 SendMessageA
0x4ab884 ScrollWindow
0x4ab888 ScreenToClient
0x4ab88c RemovePropA
0x4ab890 RemoveMenu
0x4ab894 ReleaseDC
0x4ab898 ReleaseCapture
0x4ab89c RegisterWindowMessageA
0x4ab8a0 RegisterClipboardFormatA
0x4ab8a4 RegisterClassA
0x4ab8a8 RedrawWindow
0x4ab8ac PtInRect
0x4ab8b0 PostQuitMessage
0x4ab8b4 PostMessageA
0x4ab8b8 PeekMessageW
0x4ab8bc PeekMessageA
0x4ab8c0 OffsetRect
0x4ab8c4 OemToCharA
0x4ab8c8 MessageBoxA
0x4ab8cc MapWindowPoints
0x4ab8d0 MapVirtualKeyA
0x4ab8d4 LoadStringA
0x4ab8d8 LoadKeyboardLayoutA
0x4ab8dc LoadIconA
0x4ab8e0 LoadCursorA
0x4ab8e4 LoadBitmapA
0x4ab8e8 KillTimer
0x4ab8ec IsZoomed
0x4ab8f0 IsWindowVisible
0x4ab8f4 IsWindowUnicode
0x4ab8f8 IsWindowEnabled
0x4ab8fc IsWindow
0x4ab900 IsRectEmpty
0x4ab904 IsIconic
0x4ab908 IsDialogMessageW
0x4ab90c IsDialogMessageA
0x4ab910 IsChild
0x4ab914 InvalidateRect
0x4ab918 IntersectRect
0x4ab91c InsertMenuItemA
0x4ab920 InsertMenuA
0x4ab924 InflateRect
0x4ab928 GetWindowThreadProcessId
0x4ab92c GetWindowTextA
0x4ab930 GetWindowRect
0x4ab934 GetWindowPlacement
0x4ab938 GetWindowLongW
0x4ab93c GetWindowLongA
0x4ab940 GetWindowDC
0x4ab944 GetTopWindow
0x4ab948 GetSystemMetrics
0x4ab94c GetSystemMenu
0x4ab950 GetSysColorBrush
0x4ab954 GetSysColor
0x4ab958 GetSubMenu
0x4ab95c GetScrollRange
0x4ab960 GetScrollPos
0x4ab964 GetScrollInfo
0x4ab968 GetPropA
0x4ab96c GetParent
0x4ab970 GetWindow
0x4ab974 GetMessagePos
0x4ab978 GetMenuStringA
0x4ab97c GetMenuState
0x4ab980 GetMenuItemInfoA
0x4ab984 GetMenuItemID
0x4ab988 GetMenuItemCount
0x4ab98c GetMenu
0x4ab990 GetLastActivePopup
0x4ab994 GetKeyboardState
0x4ab998 GetKeyboardLayoutNameA
0x4ab99c GetKeyboardLayoutList
0x4ab9a0 GetKeyboardLayout
0x4ab9a4 GetKeyState
0x4ab9a8 GetKeyNameTextA
0x4ab9ac GetIconInfo
0x4ab9b0 GetForegroundWindow
0x4ab9b4 GetFocus
0x4ab9b8 GetDesktopWindow
0x4ab9bc GetDCEx
0x4ab9c0 GetDC
0x4ab9c4 GetCursorPos
0x4ab9c8 GetCursor
0x4ab9cc GetClipboardData
0x4ab9d0 GetClientRect
0x4ab9d4 GetClassLongA
0x4ab9d8 GetClassInfoA
0x4ab9dc GetCapture
0x4ab9e0 GetActiveWindow
0x4ab9e4 FrameRect
0x4ab9e8 FindWindowA
0x4ab9ec FillRect
0x4ab9f0 EqualRect
0x4ab9f4 EnumWindows
0x4ab9f8 EnumThreadWindows
0x4ab9fc EnumChildWindows
0x4aba00 EndPaint
0x4aba04 EnableWindow
0x4aba08 EnableScrollBar
0x4aba0c EnableMenuItem
0x4aba10 DrawTextA
0x4aba14 DrawMenuBar
0x4aba18 DrawIconEx
0x4aba1c DrawIcon
0x4aba20 DrawFrameControl
0x4aba24 DrawEdge
0x4aba28 DispatchMessageW
0x4aba2c DispatchMessageA
0x4aba30 DestroyWindow
0x4aba34 DestroyMenu
0x4aba38 DestroyIcon
0x4aba3c DestroyCursor
0x4aba40 DeleteMenu
0x4aba44 DefWindowProcA
0x4aba48 DefMDIChildProcA
0x4aba4c DefFrameProcA
0x4aba50 CreatePopupMenu
0x4aba54 CreateMenu
0x4aba58 CreateIcon
0x4aba5c ClientToScreen
0x4aba60 CheckMenuItem
0x4aba64 CallWindowProcA
0x4aba68 CallNextHookEx
0x4aba6c BeginPaint
0x4aba70 CharNextA
0x4aba74 CharLowerBuffA
0x4aba78 CharLowerA
0x4aba7c CharToOemA
0x4aba80 AdjustWindowRectEx
0x4aba84 ActivateKeyboardLayout
gdi32.dll
0x4aba8c UnrealizeObject
0x4aba90 StretchBlt
0x4aba94 SetWindowOrgEx
0x4aba98 SetWinMetaFileBits
0x4aba9c SetViewportOrgEx
0x4abaa0 SetTextColor
0x4abaa4 SetStretchBltMode
0x4abaa8 SetROP2
0x4abaac SetPixel
0x4abab0 SetEnhMetaFileBits
0x4abab4 SetDIBColorTable
0x4abab8 SetBrushOrgEx
0x4ababc SetBkMode
0x4abac0 SetBkColor
0x4abac4 SelectPalette
0x4abac8 SelectObject
0x4abacc SaveDC
0x4abad0 RestoreDC
0x4abad4 RectVisible
0x4abad8 RealizePalette
0x4abadc PlayEnhMetaFile
0x4abae0 PatBlt
0x4abae4 MoveToEx
0x4abae8 MaskBlt
0x4abaec LineTo
0x4abaf0 IntersectClipRect
0x4abaf4 GetWindowOrgEx
0x4abaf8 GetWinMetaFileBits
0x4abafc GetTextMetricsA
0x4abb00 GetTextExtentPoint32A
0x4abb04 GetTextAlign
0x4abb08 GetSystemPaletteEntries
0x4abb0c GetStockObject
0x4abb10 GetRgnBox
0x4abb14 GetROP2
0x4abb18 GetPolyFillMode
0x4abb1c GetPixelFormat
0x4abb20 GetPixel
0x4abb24 GetPaletteEntries
0x4abb28 GetObjectA
0x4abb2c GetMapMode
0x4abb30 GetGraphicsMode
0x4abb34 GetEnhMetaFilePaletteEntries
0x4abb38 GetEnhMetaFileHeader
0x4abb3c GetEnhMetaFileBits
0x4abb40 GetDeviceCaps
0x4abb44 GetDIBits
0x4abb48 GetDIBColorTable
0x4abb4c GetDCOrgEx
0x4abb50 GetDCPenColor
0x4abb54 GetDCBrushColor
0x4abb58 GetCurrentPositionEx
0x4abb5c GetClipBox
0x4abb60 GetBrushOrgEx
0x4abb64 GetBkMode
0x4abb68 GetBkColor
0x4abb6c GetBitmapBits
0x4abb70 GdiFlush
0x4abb74 ExcludeClipRect
0x4abb78 DeleteObject
0x4abb7c DeleteEnhMetaFile
0x4abb80 DeleteDC
0x4abb84 CreateSolidBrush
0x4abb88 CreatePenIndirect
0x4abb8c CreatePalette
0x4abb90 CreateHalftonePalette
0x4abb94 CreateFontIndirectA
0x4abb98 CreateDIBitmap
0x4abb9c CreateDIBSection
0x4abba0 CreateCompatibleDC
0x4abba4 CreateCompatibleBitmap
0x4abba8 CreateBrushIndirect
0x4abbac CreateBitmap
0x4abbb0 CopyEnhMetaFileA
0x4abbb4 BitBlt
version.dll
0x4abbbc VerQueryValueA
0x4abbc0 GetFileVersionInfoSizeA
0x4abbc4 GetFileVersionInfoA
kernel32.dll
0x4abbcc lstrcpyA
0x4abbd0 lstrcmpiA
0x4abbd4 WriteFile
0x4abbd8 WaitForSingleObject
0x4abbdc VirtualQuery
0x4abbe0 VirtualProtect
0x4abbe4 VirtualAlloc
0x4abbe8 SizeofResource
0x4abbec SetThreadLocale
0x4abbf0 SetFilePointer
0x4abbf4 SetEvent
0x4abbf8 SetErrorMode
0x4abbfc SetEndOfFile
0x4abc00 ResetEvent
0x4abc04 ReadFile
0x4abc08 MulDiv
0x4abc0c LockResource
0x4abc10 LoadResource
0x4abc14 LoadLibraryA
0x4abc18 LeaveCriticalSection
0x4abc1c InitializeCriticalSection
0x4abc20 GlobalFindAtomA
0x4abc24 GlobalDeleteAtom
0x4abc28 GlobalAddAtomA
0x4abc2c GetVersionExA
0x4abc30 GetVersion
0x4abc34 GetTickCount
0x4abc38 GetThreadLocale
0x4abc3c GetStdHandle
0x4abc40 GetProcAddress
0x4abc44 GetModuleHandleA
0x4abc48 GetModuleFileNameA
0x4abc4c GetLocaleInfoA
0x4abc50 GetLocalTime
0x4abc54 GetLastError
0x4abc58 GetFullPathNameA
0x4abc5c GetDiskFreeSpaceA
0x4abc60 GetDateFormatA
0x4abc64 GetCurrentThreadId
0x4abc68 GetCurrentProcessId
0x4abc6c GetCPInfo
0x4abc70 FreeResource
0x4abc74 InterlockedExchange
0x4abc78 FreeLibrary
0x4abc7c FormatMessageA
0x4abc80 FindResourceA
0x4abc84 ExitProcess
0x4abc88 EnumCalendarInfoA
0x4abc8c EnterCriticalSection
0x4abc90 DeleteCriticalSection
0x4abc94 CreateThread
0x4abc98 CreateFileA
0x4abc9c CreateEventA
0x4abca0 CompareStringA
0x4abca4 CloseHandle
advapi32.dll
0x4abcac RegQueryValueExA
0x4abcb0 RegOpenKeyExA
0x4abcb4 RegFlushKey
0x4abcb8 RegCloseKey
kernel32.dll
0x4abcc0 Sleep
oleaut32.dll
0x4abcc8 SafeArrayPtrOfIndex
0x4abccc SafeArrayGetUBound
0x4abcd0 SafeArrayGetLBound
0x4abcd4 SafeArrayCreate
0x4abcd8 VariantChangeType
0x4abcdc VariantCopy
0x4abce0 VariantClear
0x4abce4 VariantInit
comctl32.dll
0x4abcec _TrackMouseEvent
0x4abcf0 ImageList_SetIconSize
0x4abcf4 ImageList_GetIconSize
0x4abcf8 ImageList_Write
0x4abcfc ImageList_Read
0x4abd00 ImageList_DragShowNolock
0x4abd04 ImageList_DragMove
0x4abd08 ImageList_DragLeave
0x4abd0c ImageList_DragEnter
0x4abd10 ImageList_EndDrag
0x4abd14 ImageList_BeginDrag
0x4abd18 ImageList_Remove
0x4abd1c ImageList_DrawEx
0x4abd20 ImageList_Draw
0x4abd24 ImageList_GetBkColor
0x4abd28 ImageList_SetBkColor
0x4abd2c ImageList_Add
0x4abd30 ImageList_GetImageCount
0x4abd34 ImageList_Destroy
0x4abd38 ImageList_Create
EAT(Export Address Table) is none