ScreenShot
| Created | 2021.09.11 15:04 | Machine | s1_win7_x6401 |
| Filename | Nfe03092021.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware2, Snojan, malicious, high confidence, GenericKD, confidence, 100%, Attribute, HighConfidence, GenKryptik, FKAJ, jaixxr, Sshb, Siggen15, Artemis, Banload, XPACK, ASMalwS, KVM007, kcloud, Emotet, N5DEDD, score, MalwareX, ai score=81, Unsafe, Genetic, VBInjectEx, CLASSIC, Static AI, Suspicious PE, Nimnul, PossibleThreat, PALLASNET, ZexaF, s70@aC9C5zii) | ||
| md5 | 513f5b2b6d1a1ccd5d43d83ee1304a8a | ||
| sha256 | 909224e3ab9525b7ec86a4f85a62fc9a928c791884865d8484a35ee6b086e6e8 | ||
| ssdeep | 98304:YSGwVLvbGjUuxtYwWIUJSZbEb54H3ilzu/hgyrC:vGgg4wAM7HRY | ||
| imphash | 389b894eef03c765829f9c2b2a749a9c | ||
| impfuzzy | 192:occFc+RuuNwEUh99e0coIN5TCPXtEgNF9qL3H1zzh2POQHxxPn:ScSN+9dpfIL31zsPOQHxBn | ||
Network IP location
Signature (20cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Checks for the presence of known devices from debuggers and forensic tools |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Communicates with host for which no DNS query was performed |
| watch | Disables Windows' Task Manager |
| watch | Installs itself for autorun at Windows startup |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (10cnts) ?
Suricata ids
ET POLICY External IP Lookup ip-api.com
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
PE API
IAT(Import Address Table) Library
oleaut32.dll
0xe6905f SysFreeString
0xe69063 SysReAllocStringLen
0xe69067 SysAllocStringLen
advapi32.dll
0xe6906f RegQueryValueExW
0xe69073 RegOpenKeyExW
0xe69077 RegCloseKey
user32.dll
0xe6907f CharNextW
0xe69083 LoadStringW
kernel32.dll
0xe6908b Sleep
0xe6908f VirtualFree
0xe69093 VirtualAlloc
0xe69097 lstrlenW
0xe6909b VirtualQuery
0xe6909f QueryPerformanceCounter
0xe690a3 GetTickCount
0xe690a7 GetSystemInfo
0xe690ab GetVersion
0xe690af CompareStringW
0xe690b3 IsValidLocale
0xe690b7 SetThreadLocale
0xe690bb GetSystemDefaultUILanguage
0xe690bf GetUserDefaultUILanguage
0xe690c3 GetLocaleInfoW
0xe690c7 WideCharToMultiByte
0xe690cb MultiByteToWideChar
0xe690cf GetACP
0xe690d3 LoadLibraryExW
0xe690d7 GetStartupInfoW
0xe690db GetProcAddress
0xe690df GetModuleHandleW
0xe690e3 GetModuleFileNameW
0xe690e7 GetCommandLineW
0xe690eb FreeLibrary
0xe690ef GetLastError
0xe690f3 UnhandledExceptionFilter
0xe690f7 RtlUnwind
0xe690fb RaiseException
0xe690ff ExitProcess
0xe69103 ExitThread
0xe69107 SwitchToThread
0xe6910b GetCurrentThreadId
0xe6910f CreateThread
0xe69113 DeleteCriticalSection
0xe69117 LeaveCriticalSection
0xe6911b EnterCriticalSection
0xe6911f InitializeCriticalSection
0xe69123 FindFirstFileW
0xe69127 FindClose
0xe6912b SetCurrentDirectoryW
0xe6912f GetCurrentDirectoryW
0xe69133 WriteFile
0xe69137 GetStdHandle
0xe6913b CloseHandle
kernel32.dll
0xe69143 GetProcAddress
0xe69147 RaiseException
0xe6914b LoadLibraryA
0xe6914f GetLastError
0xe69153 TlsSetValue
0xe69157 TlsGetValue
0xe6915b LocalFree
0xe6915f LocalAlloc
0xe69163 GetModuleHandleW
0xe69167 FreeLibrary
user32.dll
0xe6916f SetClassLongW
0xe69173 GetClassLongW
0xe69177 SetWindowLongW
0xe6917b GetWindowLongW
0xe6917f CreateWindowExW
0xe69183 WindowFromPoint
0xe69187 WaitMessage
0xe6918b UpdateWindow
0xe6918f UnregisterClassW
0xe69193 UnhookWindowsHookEx
0xe69197 TranslateMessage
0xe6919b TranslateMDISysAccel
0xe6919f TrackPopupMenu
0xe691a3 SystemParametersInfoW
0xe691a7 ShowWindow
0xe691ab ShowScrollBar
0xe691af ShowOwnedPopups
0xe691b3 ShowCaret
0xe691b7 SetWindowRgn
0xe691bb SetWindowsHookExW
0xe691bf SetWindowTextW
0xe691c3 SetWindowPos
0xe691c7 SetWindowPlacement
0xe691cb SetTimer
0xe691cf SetScrollRange
0xe691d3 SetScrollPos
0xe691d7 SetScrollInfo
0xe691db SetRect
0xe691df SetPropW
0xe691e3 SetParent
0xe691e7 SetMenuItemInfoW
0xe691eb SetMenu
0xe691ef SetForegroundWindow
0xe691f3 SetFocus
0xe691f7 SetCursorPos
0xe691fb SetCursor
0xe691ff SetClipboardData
0xe69203 SetCapture
0xe69207 SetActiveWindow
0xe6920b SendMessageA
0xe6920f SendMessageW
0xe69213 ScrollWindow
0xe69217 ScreenToClient
0xe6921b RemovePropW
0xe6921f RemoveMenu
0xe69223 ReleaseDC
0xe69227 ReleaseCapture
0xe6922b RegisterWindowMessageW
0xe6922f RegisterClipboardFormatW
0xe69233 RegisterClassW
0xe69237 RedrawWindow
0xe6923b PostQuitMessage
0xe6923f PostMessageW
0xe69243 PeekMessageA
0xe69247 PeekMessageW
0xe6924b OpenClipboard
0xe6924f OemToCharBuffA
0xe69253 OemToCharA
0xe69257 MsgWaitForMultipleObjectsEx
0xe6925b MsgWaitForMultipleObjects
0xe6925f MessageBoxW
0xe69263 MessageBeep
0xe69267 MapWindowPoints
0xe6926b MapVirtualKeyW
0xe6926f LoadStringW
0xe69273 LoadKeyboardLayoutW
0xe69277 LoadImageW
0xe6927b LoadIconW
0xe6927f LoadCursorW
0xe69283 LoadBitmapW
0xe69287 KillTimer
0xe6928b IsZoomed
0xe6928f IsWindowVisible
0xe69293 IsWindowUnicode
0xe69297 IsWindowEnabled
0xe6929b IsWindow
0xe6929f IsIconic
0xe692a3 IsDialogMessageA
0xe692a7 IsDialogMessageW
0xe692ab IsChild
0xe692af InvalidateRect
0xe692b3 InsertMenuItemW
0xe692b7 InsertMenuW
0xe692bb HideCaret
0xe692bf GetWindowThreadProcessId
0xe692c3 GetWindowTextW
0xe692c7 GetWindowRect
0xe692cb GetWindowPlacement
0xe692cf GetWindowDC
0xe692d3 GetTopWindow
0xe692d7 GetSystemMetrics
0xe692db GetSystemMenu
0xe692df GetSysColorBrush
0xe692e3 GetSysColor
0xe692e7 GetSubMenu
0xe692eb GetScrollRange
0xe692ef GetScrollPos
0xe692f3 GetScrollInfo
0xe692f7 GetPropW
0xe692fb GetParent
0xe692ff GetWindow
0xe69303 GetMessagePos
0xe69307 GetMessageExtraInfo
0xe6930b GetMenuStringW
0xe6930f GetMenuState
0xe69313 GetMenuItemInfoW
0xe69317 GetMenuItemID
0xe6931b GetMenuItemCount
0xe6931f GetMenu
0xe69323 GetLastActivePopup
0xe69327 GetKeyboardState
0xe6932b GetKeyboardLayoutNameW
0xe6932f GetKeyboardLayoutList
0xe69333 GetKeyboardLayout
0xe69337 GetKeyState
0xe6933b GetKeyNameTextW
0xe6933f GetIconInfo
0xe69343 GetForegroundWindow
0xe69347 GetFocus
0xe6934b GetDlgCtrlID
0xe6934f GetDesktopWindow
0xe69353 GetDCEx
0xe69357 GetDC
0xe6935b GetCursorPos
0xe6935f GetCursor
0xe69363 GetClipboardData
0xe69367 GetClientRect
0xe6936b GetClassNameW
0xe6936f GetClassInfoExW
0xe69373 GetClassInfoW
0xe69377 GetCapture
0xe6937b GetActiveWindow
0xe6937f FrameRect
0xe69383 FindWindowExW
0xe69387 FindWindowW
0xe6938b FillRect
0xe6938f EnumWindows
0xe69393 EnumThreadWindows
0xe69397 EnumChildWindows
0xe6939b EndPaint
0xe6939f EndMenu
0xe693a3 EnableWindow
0xe693a7 EnableScrollBar
0xe693ab EnableMenuItem
0xe693af EmptyClipboard
0xe693b3 DrawTextExW
0xe693b7 DrawTextW
0xe693bb DrawMenuBar
0xe693bf DrawIconEx
0xe693c3 DrawIcon
0xe693c7 DrawFrameControl
0xe693cb DrawFocusRect
0xe693cf DrawEdge
0xe693d3 DispatchMessageA
0xe693d7 DispatchMessageW
0xe693db DestroyWindow
0xe693df DestroyMenu
0xe693e3 DestroyIcon
0xe693e7 DestroyCursor
0xe693eb DeleteMenu
0xe693ef DefWindowProcW
0xe693f3 DefMDIChildProcW
0xe693f7 DefFrameProcW
0xe693fb CreatePopupMenu
0xe693ff CreateMenu
0xe69403 CreateIcon
0xe69407 CreateAcceleratorTableW
0xe6940b CopyImage
0xe6940f CopyIcon
0xe69413 CloseClipboard
0xe69417 ClientToScreen
0xe6941b CheckMenuItem
0xe6941f CharUpperBuffW
0xe69423 CharUpperW
0xe69427 CharNextW
0xe6942b CharLowerBuffW
0xe6942f CharLowerW
0xe69433 CallWindowProcW
0xe69437 CallNextHookEx
0xe6943b BeginPaint
0xe6943f CharLowerBuffA
0xe69443 CharUpperBuffA
0xe69447 CharToOemBuffA
0xe6944b CharToOemA
0xe6944f AdjustWindowRectEx
0xe69453 ActivateKeyboardLayout
gdi32.dll
0xe6945b UnrealizeObject
0xe6945f StretchDIBits
0xe69463 StretchBlt
0xe69467 StartPage
0xe6946b StartDocW
0xe6946f SetWindowOrgEx
0xe69473 SetWinMetaFileBits
0xe69477 SetViewportOrgEx
0xe6947b SetTextColor
0xe6947f SetStretchBltMode
0xe69483 SetRectRgn
0xe69487 SetROP2
0xe6948b SetPixel
0xe6948f SetEnhMetaFileBits
0xe69493 SetDIBits
0xe69497 SetDIBColorTable
0xe6949b SetBrushOrgEx
0xe6949f SetBkMode
0xe694a3 SetBkColor
0xe694a7 SetAbortProc
0xe694ab SelectPalette
0xe694af SelectObject
0xe694b3 SaveDC
0xe694b7 RoundRect
0xe694bb RestoreDC
0xe694bf Rectangle
0xe694c3 RectVisible
0xe694c7 RealizePalette
0xe694cb Polyline
0xe694cf Polygon
0xe694d3 PolyBezierTo
0xe694d7 PolyBezier
0xe694db PlayEnhMetaFile
0xe694df Pie
0xe694e3 PatBlt
0xe694e7 MoveToEx
0xe694eb MaskBlt
0xe694ef LineTo
0xe694f3 IntersectClipRect
0xe694f7 GetWindowOrgEx
0xe694fb GetWinMetaFileBits
0xe694ff GetTextMetricsW
0xe69503 GetTextExtentPointW
0xe69507 GetTextExtentPoint32W
0xe6950b GetSystemPaletteEntries
0xe6950f GetStretchBltMode
0xe69513 GetStockObject
0xe69517 GetRgnBox
0xe6951b GetPixel
0xe6951f GetPaletteEntries
0xe69523 GetObjectW
0xe69527 GetEnhMetaFilePaletteEntries
0xe6952b GetEnhMetaFileHeader
0xe6952f GetEnhMetaFileDescriptionW
0xe69533 GetEnhMetaFileBits
0xe69537 GetDeviceCaps
0xe6953b GetDIBits
0xe6953f GetDIBColorTable
0xe69543 GetCurrentPositionEx
0xe69547 GetClipBox
0xe6954b GetBrushOrgEx
0xe6954f GetBitmapBits
0xe69553 GdiFlush
0xe69557 FrameRgn
0xe6955b ExtTextOutW
0xe6955f ExtFloodFill
0xe69563 ExcludeClipRect
0xe69567 EnumFontsW
0xe6956b EnumFontFamiliesExW
0xe6956f EndPage
0xe69573 EndDoc
0xe69577 Ellipse
0xe6957b DeleteObject
0xe6957f DeleteEnhMetaFile
0xe69583 DeleteDC
0xe69587 CreateSolidBrush
0xe6958b CreateRectRgn
0xe6958f CreatePenIndirect
0xe69593 CreatePalette
0xe69597 CreateICW
0xe6959b CreateHalftonePalette
0xe6959f CreateFontIndirectW
0xe695a3 CreateDIBitmap
0xe695a7 CreateDIBSection
0xe695ab CreateDCW
0xe695af CreateCompatibleDC
0xe695b3 CreateCompatibleBitmap
0xe695b7 CreateBrushIndirect
0xe695bb CreateBitmap
0xe695bf CopyEnhMetaFileW
0xe695c3 Chord
0xe695c7 BitBlt
0xe695cb ArcTo
0xe695cf Arc
0xe695d3 AngleArc
0xe695d7 AbortDoc
version.dll
0xe695df VerQueryValueW
0xe695e3 GetFileVersionInfoSizeW
0xe695e7 GetFileVersionInfoW
kernel32.dll
0xe695ef WriteFile
0xe695f3 WideCharToMultiByte
0xe695f7 WaitForSingleObject
0xe695fb WaitForMultipleObjectsEx
0xe695ff VirtualQueryEx
0xe69603 VirtualQuery
0xe69607 VirtualProtect
0xe6960b VirtualFree
0xe6960f VirtualAlloc
0xe69613 VerSetConditionMask
0xe69617 VerifyVersionInfoW
0xe6961b UnmapViewOfFile
0xe6961f TryEnterCriticalSection
0xe69623 SwitchToThread
0xe69627 SuspendThread
0xe6962b Sleep
0xe6962f SizeofResource
0xe69633 SetVolumeLabelW
0xe69637 SetThreadPriority
0xe6963b SetThreadLocale
0xe6963f SetLastError
0xe69643 SetFileTime
0xe69647 SetFilePointer
0xe6964b SetFileAttributesW
0xe6964f SetEvent
0xe69653 SetErrorMode
0xe69657 SetEndOfFile
0xe6965b ResumeThread
0xe6965f ResetEvent
0xe69663 RemoveDirectoryW
0xe69667 ReadFile
0xe6966b RaiseException
0xe6966f QueryPerformanceFrequency
0xe69673 QueryPerformanceCounter
0xe69677 QueryDosDeviceW
0xe6967b IsDebuggerPresent
0xe6967f MulDiv
0xe69683 MoveFileW
0xe69687 MapViewOfFile
0xe6968b LockResource
0xe6968f LocalFree
0xe69693 LocalFileTimeToFileTime
0xe69697 LoadResource
0xe6969b LoadLibraryW
0xe6969f LeaveCriticalSection
0xe696a3 IsValidLocale
0xe696a7 InitializeCriticalSection
0xe696ab HeapSize
0xe696af HeapFree
0xe696b3 HeapDestroy
0xe696b7 HeapCreate
0xe696bb HeapAlloc
0xe696bf GlobalUnlock
0xe696c3 GlobalMemoryStatus
0xe696c7 GlobalLock
0xe696cb GlobalFree
0xe696cf GlobalFindAtomW
0xe696d3 GlobalDeleteAtom
0xe696d7 GlobalAlloc
0xe696db GlobalAddAtomW
0xe696df GetVolumeInformationW
0xe696e3 GetVersionExW
0xe696e7 GetVersion
0xe696eb GetUserDefaultLCID
0xe696ef GetTickCount
0xe696f3 GetThreadPriority
0xe696f7 GetThreadLocale
0xe696fb GetTempPathW
0xe696ff GetTempFileNameW
0xe69703 GetStdHandle
0xe69707 GetProcAddress
0xe6970b GetModuleHandleW
0xe6970f GetModuleFileNameW
0xe69713 GetLogicalDriveStringsW
0xe69717 GetLocaleInfoW
0xe6971b GetLocalTime
0xe6971f GetLastError
0xe69723 GetFullPathNameW
0xe69727 GetFileSize
0xe6972b GetFileAttributesExW
0xe6972f GetFileAttributesW
0xe69733 GetExitCodeThread
0xe69737 GetDriveTypeW
0xe6973b GetDiskFreeSpaceW
0xe6973f GetDateFormatW
0xe69743 GetCurrentThreadId
0xe69747 GetCurrentThread
0xe6974b GetCurrentProcessId
0xe6974f GetCurrentProcess
0xe69753 GetCPInfoExW
0xe69757 GetCPInfo
0xe6975b GetACP
0xe6975f FreeResource
0xe69763 FreeLibrary
0xe69767 FormatMessageW
0xe6976b FlushFileBuffers
0xe6976f FindResourceW
0xe69773 FindNextFileW
0xe69777 FindFirstFileW
0xe6977b FindClose
0xe6977f FileTimeToLocalFileTime
0xe69783 FileTimeToDosDateTime
0xe69787 EnumSystemLocalesW
0xe6978b EnumResourceNamesW
0xe6978f EnumCalendarInfoW
0xe69793 EnterCriticalSection
0xe69797 DosDateTimeToFileTime
0xe6979b DeleteFileW
0xe6979f DeleteCriticalSection
0xe697a3 CreateThread
0xe697a7 CreateMutexW
0xe697ab CreateFileMappingW
0xe697af CreateFileW
0xe697b3 CreateEventW
0xe697b7 CreateDirectoryW
0xe697bb CopyFileW
0xe697bf CompareStringW
0xe697c3 CloseHandle
advapi32.dll
0xe697cb RegUnLoadKeyW
0xe697cf RegSetValueExW
0xe697d3 RegSaveKeyW
0xe697d7 RegRestoreKeyW
0xe697db RegReplaceKeyW
0xe697df RegQueryValueExW
0xe697e3 RegQueryInfoKeyW
0xe697e7 RegOpenKeyExW
0xe697eb RegLoadKeyW
0xe697ef RegFlushKey
0xe697f3 RegEnumValueW
0xe697f7 RegEnumKeyExW
0xe697fb RegDeleteValueW
0xe697ff RegDeleteKeyW
0xe69803 RegCreateKeyExW
0xe69807 RegConnectRegistryW
0xe6980b RegCloseKey
kernel32.dll
0xe69813 Sleep
netapi32.dll
0xe6981b NetApiBufferFree
0xe6981f NetWkstaGetInfo
oleaut32.dll
0xe69827 SafeArrayPtrOfIndex
0xe6982b SafeArrayGetUBound
0xe6982f SafeArrayGetLBound
0xe69833 SafeArrayCreate
0xe69837 VariantChangeType
0xe6983b VariantCopy
0xe6983f VariantClear
0xe69843 VariantInit
oleaut32.dll
0xe6984b GetErrorInfo
0xe6984f SysFreeString
ole32.dll
0xe69857 OleUninitialize
0xe6985b OleInitialize
0xe6985f CoTaskMemFree
0xe69863 CoTaskMemAlloc
0xe69867 CoCreateInstance
0xe6986b CoUninitialize
0xe6986f CoInitialize
0xe69873 IsEqualGUID
comctl32.dll
0xe6987b InitializeFlatSB
0xe6987f FlatSB_SetScrollProp
0xe69883 FlatSB_SetScrollPos
0xe69887 FlatSB_SetScrollInfo
0xe6988b FlatSB_GetScrollPos
0xe6988f FlatSB_GetScrollInfo
0xe69893 _TrackMouseEvent
0xe69897 ImageList_GetImageInfo
0xe6989b ImageList_SetIconSize
0xe6989f ImageList_GetIconSize
0xe698a3 ImageList_Write
0xe698a7 ImageList_Read
0xe698ab ImageList_GetDragImage
0xe698af ImageList_DragShowNolock
0xe698b3 ImageList_DragMove
0xe698b7 ImageList_DragLeave
0xe698bb ImageList_DragEnter
0xe698bf ImageList_EndDrag
0xe698c3 ImageList_BeginDrag
0xe698c7 ImageList_Copy
0xe698cb ImageList_LoadImageW
0xe698cf ImageList_GetIcon
0xe698d3 ImageList_Remove
0xe698d7 ImageList_DrawEx
0xe698db ImageList_Replace
0xe698df ImageList_Draw
0xe698e3 ImageList_SetOverlayImage
0xe698e7 ImageList_GetBkColor
0xe698eb ImageList_SetBkColor
0xe698ef ImageList_ReplaceIcon
0xe698f3 ImageList_Add
0xe698f7 ImageList_SetImageCount
0xe698fb ImageList_GetImageCount
0xe698ff ImageList_Destroy
0xe69903 ImageList_Create
user32.dll
0xe6990b EnumDisplayMonitors
0xe6990f GetMonitorInfoW
0xe69913 MonitorFromPoint
0xe69917 MonitorFromRect
0xe6991b MonitorFromWindow
shell32.dll
0xe69923 ShellExecuteW
0xe69927 Shell_NotifyIconW
wininet.dll
0xe6992f InternetReadFile
0xe69933 InternetOpenUrlW
0xe69937 InternetOpenW
0xe6993b InternetCloseHandle
winspool.drv
0xe69943 OpenPrinterW
0xe69947 EnumPrintersW
0xe6994b DocumentPropertiesW
0xe6994f ClosePrinter
winspool.drv
0xe69957 GetDefaultPrinterW
EAT(Export Address Table) Library
0x4645d4 TMethodImplementationIntercept
0x410750 __dbk_fcall_wrapper
0x620630 dbkFCallWrapperAddr
oleaut32.dll
0xe6905f SysFreeString
0xe69063 SysReAllocStringLen
0xe69067 SysAllocStringLen
advapi32.dll
0xe6906f RegQueryValueExW
0xe69073 RegOpenKeyExW
0xe69077 RegCloseKey
user32.dll
0xe6907f CharNextW
0xe69083 LoadStringW
kernel32.dll
0xe6908b Sleep
0xe6908f VirtualFree
0xe69093 VirtualAlloc
0xe69097 lstrlenW
0xe6909b VirtualQuery
0xe6909f QueryPerformanceCounter
0xe690a3 GetTickCount
0xe690a7 GetSystemInfo
0xe690ab GetVersion
0xe690af CompareStringW
0xe690b3 IsValidLocale
0xe690b7 SetThreadLocale
0xe690bb GetSystemDefaultUILanguage
0xe690bf GetUserDefaultUILanguage
0xe690c3 GetLocaleInfoW
0xe690c7 WideCharToMultiByte
0xe690cb MultiByteToWideChar
0xe690cf GetACP
0xe690d3 LoadLibraryExW
0xe690d7 GetStartupInfoW
0xe690db GetProcAddress
0xe690df GetModuleHandleW
0xe690e3 GetModuleFileNameW
0xe690e7 GetCommandLineW
0xe690eb FreeLibrary
0xe690ef GetLastError
0xe690f3 UnhandledExceptionFilter
0xe690f7 RtlUnwind
0xe690fb RaiseException
0xe690ff ExitProcess
0xe69103 ExitThread
0xe69107 SwitchToThread
0xe6910b GetCurrentThreadId
0xe6910f CreateThread
0xe69113 DeleteCriticalSection
0xe69117 LeaveCriticalSection
0xe6911b EnterCriticalSection
0xe6911f InitializeCriticalSection
0xe69123 FindFirstFileW
0xe69127 FindClose
0xe6912b SetCurrentDirectoryW
0xe6912f GetCurrentDirectoryW
0xe69133 WriteFile
0xe69137 GetStdHandle
0xe6913b CloseHandle
kernel32.dll
0xe69143 GetProcAddress
0xe69147 RaiseException
0xe6914b LoadLibraryA
0xe6914f GetLastError
0xe69153 TlsSetValue
0xe69157 TlsGetValue
0xe6915b LocalFree
0xe6915f LocalAlloc
0xe69163 GetModuleHandleW
0xe69167 FreeLibrary
user32.dll
0xe6916f SetClassLongW
0xe69173 GetClassLongW
0xe69177 SetWindowLongW
0xe6917b GetWindowLongW
0xe6917f CreateWindowExW
0xe69183 WindowFromPoint
0xe69187 WaitMessage
0xe6918b UpdateWindow
0xe6918f UnregisterClassW
0xe69193 UnhookWindowsHookEx
0xe69197 TranslateMessage
0xe6919b TranslateMDISysAccel
0xe6919f TrackPopupMenu
0xe691a3 SystemParametersInfoW
0xe691a7 ShowWindow
0xe691ab ShowScrollBar
0xe691af ShowOwnedPopups
0xe691b3 ShowCaret
0xe691b7 SetWindowRgn
0xe691bb SetWindowsHookExW
0xe691bf SetWindowTextW
0xe691c3 SetWindowPos
0xe691c7 SetWindowPlacement
0xe691cb SetTimer
0xe691cf SetScrollRange
0xe691d3 SetScrollPos
0xe691d7 SetScrollInfo
0xe691db SetRect
0xe691df SetPropW
0xe691e3 SetParent
0xe691e7 SetMenuItemInfoW
0xe691eb SetMenu
0xe691ef SetForegroundWindow
0xe691f3 SetFocus
0xe691f7 SetCursorPos
0xe691fb SetCursor
0xe691ff SetClipboardData
0xe69203 SetCapture
0xe69207 SetActiveWindow
0xe6920b SendMessageA
0xe6920f SendMessageW
0xe69213 ScrollWindow
0xe69217 ScreenToClient
0xe6921b RemovePropW
0xe6921f RemoveMenu
0xe69223 ReleaseDC
0xe69227 ReleaseCapture
0xe6922b RegisterWindowMessageW
0xe6922f RegisterClipboardFormatW
0xe69233 RegisterClassW
0xe69237 RedrawWindow
0xe6923b PostQuitMessage
0xe6923f PostMessageW
0xe69243 PeekMessageA
0xe69247 PeekMessageW
0xe6924b OpenClipboard
0xe6924f OemToCharBuffA
0xe69253 OemToCharA
0xe69257 MsgWaitForMultipleObjectsEx
0xe6925b MsgWaitForMultipleObjects
0xe6925f MessageBoxW
0xe69263 MessageBeep
0xe69267 MapWindowPoints
0xe6926b MapVirtualKeyW
0xe6926f LoadStringW
0xe69273 LoadKeyboardLayoutW
0xe69277 LoadImageW
0xe6927b LoadIconW
0xe6927f LoadCursorW
0xe69283 LoadBitmapW
0xe69287 KillTimer
0xe6928b IsZoomed
0xe6928f IsWindowVisible
0xe69293 IsWindowUnicode
0xe69297 IsWindowEnabled
0xe6929b IsWindow
0xe6929f IsIconic
0xe692a3 IsDialogMessageA
0xe692a7 IsDialogMessageW
0xe692ab IsChild
0xe692af InvalidateRect
0xe692b3 InsertMenuItemW
0xe692b7 InsertMenuW
0xe692bb HideCaret
0xe692bf GetWindowThreadProcessId
0xe692c3 GetWindowTextW
0xe692c7 GetWindowRect
0xe692cb GetWindowPlacement
0xe692cf GetWindowDC
0xe692d3 GetTopWindow
0xe692d7 GetSystemMetrics
0xe692db GetSystemMenu
0xe692df GetSysColorBrush
0xe692e3 GetSysColor
0xe692e7 GetSubMenu
0xe692eb GetScrollRange
0xe692ef GetScrollPos
0xe692f3 GetScrollInfo
0xe692f7 GetPropW
0xe692fb GetParent
0xe692ff GetWindow
0xe69303 GetMessagePos
0xe69307 GetMessageExtraInfo
0xe6930b GetMenuStringW
0xe6930f GetMenuState
0xe69313 GetMenuItemInfoW
0xe69317 GetMenuItemID
0xe6931b GetMenuItemCount
0xe6931f GetMenu
0xe69323 GetLastActivePopup
0xe69327 GetKeyboardState
0xe6932b GetKeyboardLayoutNameW
0xe6932f GetKeyboardLayoutList
0xe69333 GetKeyboardLayout
0xe69337 GetKeyState
0xe6933b GetKeyNameTextW
0xe6933f GetIconInfo
0xe69343 GetForegroundWindow
0xe69347 GetFocus
0xe6934b GetDlgCtrlID
0xe6934f GetDesktopWindow
0xe69353 GetDCEx
0xe69357 GetDC
0xe6935b GetCursorPos
0xe6935f GetCursor
0xe69363 GetClipboardData
0xe69367 GetClientRect
0xe6936b GetClassNameW
0xe6936f GetClassInfoExW
0xe69373 GetClassInfoW
0xe69377 GetCapture
0xe6937b GetActiveWindow
0xe6937f FrameRect
0xe69383 FindWindowExW
0xe69387 FindWindowW
0xe6938b FillRect
0xe6938f EnumWindows
0xe69393 EnumThreadWindows
0xe69397 EnumChildWindows
0xe6939b EndPaint
0xe6939f EndMenu
0xe693a3 EnableWindow
0xe693a7 EnableScrollBar
0xe693ab EnableMenuItem
0xe693af EmptyClipboard
0xe693b3 DrawTextExW
0xe693b7 DrawTextW
0xe693bb DrawMenuBar
0xe693bf DrawIconEx
0xe693c3 DrawIcon
0xe693c7 DrawFrameControl
0xe693cb DrawFocusRect
0xe693cf DrawEdge
0xe693d3 DispatchMessageA
0xe693d7 DispatchMessageW
0xe693db DestroyWindow
0xe693df DestroyMenu
0xe693e3 DestroyIcon
0xe693e7 DestroyCursor
0xe693eb DeleteMenu
0xe693ef DefWindowProcW
0xe693f3 DefMDIChildProcW
0xe693f7 DefFrameProcW
0xe693fb CreatePopupMenu
0xe693ff CreateMenu
0xe69403 CreateIcon
0xe69407 CreateAcceleratorTableW
0xe6940b CopyImage
0xe6940f CopyIcon
0xe69413 CloseClipboard
0xe69417 ClientToScreen
0xe6941b CheckMenuItem
0xe6941f CharUpperBuffW
0xe69423 CharUpperW
0xe69427 CharNextW
0xe6942b CharLowerBuffW
0xe6942f CharLowerW
0xe69433 CallWindowProcW
0xe69437 CallNextHookEx
0xe6943b BeginPaint
0xe6943f CharLowerBuffA
0xe69443 CharUpperBuffA
0xe69447 CharToOemBuffA
0xe6944b CharToOemA
0xe6944f AdjustWindowRectEx
0xe69453 ActivateKeyboardLayout
gdi32.dll
0xe6945b UnrealizeObject
0xe6945f StretchDIBits
0xe69463 StretchBlt
0xe69467 StartPage
0xe6946b StartDocW
0xe6946f SetWindowOrgEx
0xe69473 SetWinMetaFileBits
0xe69477 SetViewportOrgEx
0xe6947b SetTextColor
0xe6947f SetStretchBltMode
0xe69483 SetRectRgn
0xe69487 SetROP2
0xe6948b SetPixel
0xe6948f SetEnhMetaFileBits
0xe69493 SetDIBits
0xe69497 SetDIBColorTable
0xe6949b SetBrushOrgEx
0xe6949f SetBkMode
0xe694a3 SetBkColor
0xe694a7 SetAbortProc
0xe694ab SelectPalette
0xe694af SelectObject
0xe694b3 SaveDC
0xe694b7 RoundRect
0xe694bb RestoreDC
0xe694bf Rectangle
0xe694c3 RectVisible
0xe694c7 RealizePalette
0xe694cb Polyline
0xe694cf Polygon
0xe694d3 PolyBezierTo
0xe694d7 PolyBezier
0xe694db PlayEnhMetaFile
0xe694df Pie
0xe694e3 PatBlt
0xe694e7 MoveToEx
0xe694eb MaskBlt
0xe694ef LineTo
0xe694f3 IntersectClipRect
0xe694f7 GetWindowOrgEx
0xe694fb GetWinMetaFileBits
0xe694ff GetTextMetricsW
0xe69503 GetTextExtentPointW
0xe69507 GetTextExtentPoint32W
0xe6950b GetSystemPaletteEntries
0xe6950f GetStretchBltMode
0xe69513 GetStockObject
0xe69517 GetRgnBox
0xe6951b GetPixel
0xe6951f GetPaletteEntries
0xe69523 GetObjectW
0xe69527 GetEnhMetaFilePaletteEntries
0xe6952b GetEnhMetaFileHeader
0xe6952f GetEnhMetaFileDescriptionW
0xe69533 GetEnhMetaFileBits
0xe69537 GetDeviceCaps
0xe6953b GetDIBits
0xe6953f GetDIBColorTable
0xe69543 GetCurrentPositionEx
0xe69547 GetClipBox
0xe6954b GetBrushOrgEx
0xe6954f GetBitmapBits
0xe69553 GdiFlush
0xe69557 FrameRgn
0xe6955b ExtTextOutW
0xe6955f ExtFloodFill
0xe69563 ExcludeClipRect
0xe69567 EnumFontsW
0xe6956b EnumFontFamiliesExW
0xe6956f EndPage
0xe69573 EndDoc
0xe69577 Ellipse
0xe6957b DeleteObject
0xe6957f DeleteEnhMetaFile
0xe69583 DeleteDC
0xe69587 CreateSolidBrush
0xe6958b CreateRectRgn
0xe6958f CreatePenIndirect
0xe69593 CreatePalette
0xe69597 CreateICW
0xe6959b CreateHalftonePalette
0xe6959f CreateFontIndirectW
0xe695a3 CreateDIBitmap
0xe695a7 CreateDIBSection
0xe695ab CreateDCW
0xe695af CreateCompatibleDC
0xe695b3 CreateCompatibleBitmap
0xe695b7 CreateBrushIndirect
0xe695bb CreateBitmap
0xe695bf CopyEnhMetaFileW
0xe695c3 Chord
0xe695c7 BitBlt
0xe695cb ArcTo
0xe695cf Arc
0xe695d3 AngleArc
0xe695d7 AbortDoc
version.dll
0xe695df VerQueryValueW
0xe695e3 GetFileVersionInfoSizeW
0xe695e7 GetFileVersionInfoW
kernel32.dll
0xe695ef WriteFile
0xe695f3 WideCharToMultiByte
0xe695f7 WaitForSingleObject
0xe695fb WaitForMultipleObjectsEx
0xe695ff VirtualQueryEx
0xe69603 VirtualQuery
0xe69607 VirtualProtect
0xe6960b VirtualFree
0xe6960f VirtualAlloc
0xe69613 VerSetConditionMask
0xe69617 VerifyVersionInfoW
0xe6961b UnmapViewOfFile
0xe6961f TryEnterCriticalSection
0xe69623 SwitchToThread
0xe69627 SuspendThread
0xe6962b Sleep
0xe6962f SizeofResource
0xe69633 SetVolumeLabelW
0xe69637 SetThreadPriority
0xe6963b SetThreadLocale
0xe6963f SetLastError
0xe69643 SetFileTime
0xe69647 SetFilePointer
0xe6964b SetFileAttributesW
0xe6964f SetEvent
0xe69653 SetErrorMode
0xe69657 SetEndOfFile
0xe6965b ResumeThread
0xe6965f ResetEvent
0xe69663 RemoveDirectoryW
0xe69667 ReadFile
0xe6966b RaiseException
0xe6966f QueryPerformanceFrequency
0xe69673 QueryPerformanceCounter
0xe69677 QueryDosDeviceW
0xe6967b IsDebuggerPresent
0xe6967f MulDiv
0xe69683 MoveFileW
0xe69687 MapViewOfFile
0xe6968b LockResource
0xe6968f LocalFree
0xe69693 LocalFileTimeToFileTime
0xe69697 LoadResource
0xe6969b LoadLibraryW
0xe6969f LeaveCriticalSection
0xe696a3 IsValidLocale
0xe696a7 InitializeCriticalSection
0xe696ab HeapSize
0xe696af HeapFree
0xe696b3 HeapDestroy
0xe696b7 HeapCreate
0xe696bb HeapAlloc
0xe696bf GlobalUnlock
0xe696c3 GlobalMemoryStatus
0xe696c7 GlobalLock
0xe696cb GlobalFree
0xe696cf GlobalFindAtomW
0xe696d3 GlobalDeleteAtom
0xe696d7 GlobalAlloc
0xe696db GlobalAddAtomW
0xe696df GetVolumeInformationW
0xe696e3 GetVersionExW
0xe696e7 GetVersion
0xe696eb GetUserDefaultLCID
0xe696ef GetTickCount
0xe696f3 GetThreadPriority
0xe696f7 GetThreadLocale
0xe696fb GetTempPathW
0xe696ff GetTempFileNameW
0xe69703 GetStdHandle
0xe69707 GetProcAddress
0xe6970b GetModuleHandleW
0xe6970f GetModuleFileNameW
0xe69713 GetLogicalDriveStringsW
0xe69717 GetLocaleInfoW
0xe6971b GetLocalTime
0xe6971f GetLastError
0xe69723 GetFullPathNameW
0xe69727 GetFileSize
0xe6972b GetFileAttributesExW
0xe6972f GetFileAttributesW
0xe69733 GetExitCodeThread
0xe69737 GetDriveTypeW
0xe6973b GetDiskFreeSpaceW
0xe6973f GetDateFormatW
0xe69743 GetCurrentThreadId
0xe69747 GetCurrentThread
0xe6974b GetCurrentProcessId
0xe6974f GetCurrentProcess
0xe69753 GetCPInfoExW
0xe69757 GetCPInfo
0xe6975b GetACP
0xe6975f FreeResource
0xe69763 FreeLibrary
0xe69767 FormatMessageW
0xe6976b FlushFileBuffers
0xe6976f FindResourceW
0xe69773 FindNextFileW
0xe69777 FindFirstFileW
0xe6977b FindClose
0xe6977f FileTimeToLocalFileTime
0xe69783 FileTimeToDosDateTime
0xe69787 EnumSystemLocalesW
0xe6978b EnumResourceNamesW
0xe6978f EnumCalendarInfoW
0xe69793 EnterCriticalSection
0xe69797 DosDateTimeToFileTime
0xe6979b DeleteFileW
0xe6979f DeleteCriticalSection
0xe697a3 CreateThread
0xe697a7 CreateMutexW
0xe697ab CreateFileMappingW
0xe697af CreateFileW
0xe697b3 CreateEventW
0xe697b7 CreateDirectoryW
0xe697bb CopyFileW
0xe697bf CompareStringW
0xe697c3 CloseHandle
advapi32.dll
0xe697cb RegUnLoadKeyW
0xe697cf RegSetValueExW
0xe697d3 RegSaveKeyW
0xe697d7 RegRestoreKeyW
0xe697db RegReplaceKeyW
0xe697df RegQueryValueExW
0xe697e3 RegQueryInfoKeyW
0xe697e7 RegOpenKeyExW
0xe697eb RegLoadKeyW
0xe697ef RegFlushKey
0xe697f3 RegEnumValueW
0xe697f7 RegEnumKeyExW
0xe697fb RegDeleteValueW
0xe697ff RegDeleteKeyW
0xe69803 RegCreateKeyExW
0xe69807 RegConnectRegistryW
0xe6980b RegCloseKey
kernel32.dll
0xe69813 Sleep
netapi32.dll
0xe6981b NetApiBufferFree
0xe6981f NetWkstaGetInfo
oleaut32.dll
0xe69827 SafeArrayPtrOfIndex
0xe6982b SafeArrayGetUBound
0xe6982f SafeArrayGetLBound
0xe69833 SafeArrayCreate
0xe69837 VariantChangeType
0xe6983b VariantCopy
0xe6983f VariantClear
0xe69843 VariantInit
oleaut32.dll
0xe6984b GetErrorInfo
0xe6984f SysFreeString
ole32.dll
0xe69857 OleUninitialize
0xe6985b OleInitialize
0xe6985f CoTaskMemFree
0xe69863 CoTaskMemAlloc
0xe69867 CoCreateInstance
0xe6986b CoUninitialize
0xe6986f CoInitialize
0xe69873 IsEqualGUID
comctl32.dll
0xe6987b InitializeFlatSB
0xe6987f FlatSB_SetScrollProp
0xe69883 FlatSB_SetScrollPos
0xe69887 FlatSB_SetScrollInfo
0xe6988b FlatSB_GetScrollPos
0xe6988f FlatSB_GetScrollInfo
0xe69893 _TrackMouseEvent
0xe69897 ImageList_GetImageInfo
0xe6989b ImageList_SetIconSize
0xe6989f ImageList_GetIconSize
0xe698a3 ImageList_Write
0xe698a7 ImageList_Read
0xe698ab ImageList_GetDragImage
0xe698af ImageList_DragShowNolock
0xe698b3 ImageList_DragMove
0xe698b7 ImageList_DragLeave
0xe698bb ImageList_DragEnter
0xe698bf ImageList_EndDrag
0xe698c3 ImageList_BeginDrag
0xe698c7 ImageList_Copy
0xe698cb ImageList_LoadImageW
0xe698cf ImageList_GetIcon
0xe698d3 ImageList_Remove
0xe698d7 ImageList_DrawEx
0xe698db ImageList_Replace
0xe698df ImageList_Draw
0xe698e3 ImageList_SetOverlayImage
0xe698e7 ImageList_GetBkColor
0xe698eb ImageList_SetBkColor
0xe698ef ImageList_ReplaceIcon
0xe698f3 ImageList_Add
0xe698f7 ImageList_SetImageCount
0xe698fb ImageList_GetImageCount
0xe698ff ImageList_Destroy
0xe69903 ImageList_Create
user32.dll
0xe6990b EnumDisplayMonitors
0xe6990f GetMonitorInfoW
0xe69913 MonitorFromPoint
0xe69917 MonitorFromRect
0xe6991b MonitorFromWindow
shell32.dll
0xe69923 ShellExecuteW
0xe69927 Shell_NotifyIconW
wininet.dll
0xe6992f InternetReadFile
0xe69933 InternetOpenUrlW
0xe69937 InternetOpenW
0xe6993b InternetCloseHandle
winspool.drv
0xe69943 OpenPrinterW
0xe69947 EnumPrintersW
0xe6994b DocumentPropertiesW
0xe6994f ClosePrinter
winspool.drv
0xe69957 GetDefaultPrinterW
EAT(Export Address Table) Library
0x4645d4 TMethodImplementationIntercept
0x410750 __dbk_fcall_wrapper
0x620630 dbkFCallWrapperAddr