ScreenShot
| Created | 2021.09.17 09:51 | Machine | s1_win7_x6402 |
| Filename | Anye.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, Fareit, FCVN, confidence, 100%, LTHI, Attribute, HighConfidence, Delf, FileRepMalware, Unsafe, Score, Wacatac, R002H0CIG21, susgen, EPYP) | ||
| md5 | 16e153201be41825d56aaeac47183efd | ||
| sha256 | 930ad6fbbfbac743f4097748a7af399d3fbb61b1ba36bc6230803dcdfb357640 | ||
| ssdeep | 24576:DMvnUyU3fec2QPesTbGIZHrIzvlZwXI7Dyj3SaH+MJF:DqUjes | ||
| imphash | ff0bb68e944131943365efbe4d5b9737 | ||
| impfuzzy | 96:oO4nYo3Me5c2buu27xSUvK9eVsoWGXE7TXhpeU8JS10+YdDwPOQCJ:oN3MSbuuaxSUvK9kso1XE7TyG1Q+POQO | ||
Network IP location
Signature (41cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Checks the CPU name from registry |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local email clients |
| watch | Installs itself for autorun at Windows startup |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An executable file was downloaded by the process anye.exe |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Tries to locate where the browsers are installed |
Rules (45cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (13cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Data POST to an image file (jpg)
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET POLICY Data POST to an image file (jpg)
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x46d6f4 SysFreeString
0x46d6f8 SysReAllocStringLen
0x46d6fc SysAllocStringLen
advapi32.dll
0x46d704 RegQueryValueExA
0x46d708 RegOpenKeyExA
0x46d70c RegCloseKey
user32.dll
0x46d714 GetKeyboardType
0x46d718 DestroyWindow
0x46d71c LoadStringA
0x46d720 MessageBoxA
0x46d724 CharNextA
kernel32.dll
0x46d72c GetACP
0x46d730 Sleep
0x46d734 VirtualFree
0x46d738 VirtualAlloc
0x46d73c GetCurrentThreadId
0x46d740 InterlockedDecrement
0x46d744 InterlockedIncrement
0x46d748 VirtualQuery
0x46d74c WideCharToMultiByte
0x46d750 MultiByteToWideChar
0x46d754 lstrlenA
0x46d758 lstrcpynA
0x46d75c LoadLibraryExA
0x46d760 GetThreadLocale
0x46d764 GetStartupInfoA
0x46d768 GetProcAddress
0x46d76c GetModuleHandleA
0x46d770 GetModuleFileNameA
0x46d774 GetLocaleInfoA
0x46d778 GetLastError
0x46d77c GetCommandLineA
0x46d780 FreeLibrary
0x46d784 FindFirstFileA
0x46d788 FindClose
0x46d78c ExitProcess
0x46d790 CompareStringA
0x46d794 WriteFile
0x46d798 UnhandledExceptionFilter
0x46d79c SetFilePointer
0x46d7a0 SetEndOfFile
0x46d7a4 RtlUnwind
0x46d7a8 ReadFile
0x46d7ac RaiseException
0x46d7b0 GetStdHandle
0x46d7b4 GetFileSize
0x46d7b8 GetFileType
0x46d7bc CreateFileA
0x46d7c0 CloseHandle
kernel32.dll
0x46d7c8 TlsSetValue
0x46d7cc TlsGetValue
0x46d7d0 LocalAlloc
0x46d7d4 GetModuleHandleA
user32.dll
0x46d7dc CreateWindowExA
0x46d7e0 WindowFromPoint
0x46d7e4 WaitMessage
0x46d7e8 UpdateWindow
0x46d7ec UnregisterClassA
0x46d7f0 UnhookWindowsHookEx
0x46d7f4 TranslateMessage
0x46d7f8 TranslateMDISysAccel
0x46d7fc TrackPopupMenu
0x46d800 SystemParametersInfoA
0x46d804 ShowWindow
0x46d808 ShowScrollBar
0x46d80c ShowOwnedPopups
0x46d810 SetWindowsHookExA
0x46d814 SetWindowTextA
0x46d818 SetWindowPos
0x46d81c SetWindowPlacement
0x46d820 SetWindowLongW
0x46d824 SetWindowLongA
0x46d828 SetTimer
0x46d82c SetScrollRange
0x46d830 SetScrollPos
0x46d834 SetScrollInfo
0x46d838 SetRect
0x46d83c SetPropA
0x46d840 SetParent
0x46d844 SetMenuItemInfoA
0x46d848 SetMenu
0x46d84c SetForegroundWindow
0x46d850 SetFocus
0x46d854 SetCursor
0x46d858 SetClassLongA
0x46d85c SetCapture
0x46d860 SetActiveWindow
0x46d864 SendMessageW
0x46d868 SendMessageA
0x46d86c ScrollWindow
0x46d870 ScreenToClient
0x46d874 RemovePropA
0x46d878 RemoveMenu
0x46d87c ReleaseDC
0x46d880 ReleaseCapture
0x46d884 RegisterWindowMessageA
0x46d888 RegisterClipboardFormatA
0x46d88c RegisterClassA
0x46d890 RedrawWindow
0x46d894 PtInRect
0x46d898 PostQuitMessage
0x46d89c PostMessageA
0x46d8a0 PeekMessageW
0x46d8a4 PeekMessageA
0x46d8a8 OffsetRect
0x46d8ac OemToCharA
0x46d8b0 MessageBoxA
0x46d8b4 MapWindowPoints
0x46d8b8 MapVirtualKeyA
0x46d8bc LoadStringA
0x46d8c0 LoadKeyboardLayoutA
0x46d8c4 LoadIconA
0x46d8c8 LoadCursorA
0x46d8cc LoadBitmapA
0x46d8d0 KillTimer
0x46d8d4 IsZoomed
0x46d8d8 IsWindowVisible
0x46d8dc IsWindowUnicode
0x46d8e0 IsWindowEnabled
0x46d8e4 IsWindow
0x46d8e8 IsRectEmpty
0x46d8ec IsIconic
0x46d8f0 IsDialogMessageW
0x46d8f4 IsDialogMessageA
0x46d8f8 IsChild
0x46d8fc InvalidateRect
0x46d900 IntersectRect
0x46d904 InsertMenuItemA
0x46d908 InsertMenuA
0x46d90c InflateRect
0x46d910 GetWindowThreadProcessId
0x46d914 GetWindowTextA
0x46d918 GetWindowRect
0x46d91c GetWindowPlacement
0x46d920 GetWindowLongW
0x46d924 GetWindowLongA
0x46d928 GetWindowDC
0x46d92c GetTopWindow
0x46d930 GetSystemMetrics
0x46d934 GetSystemMenu
0x46d938 GetSysColorBrush
0x46d93c GetSysColor
0x46d940 GetSubMenu
0x46d944 GetScrollRange
0x46d948 GetScrollPos
0x46d94c GetScrollInfo
0x46d950 GetPropA
0x46d954 GetParent
0x46d958 GetWindow
0x46d95c GetMessagePos
0x46d960 GetMenuStringA
0x46d964 GetMenuState
0x46d968 GetMenuItemInfoA
0x46d96c GetMenuItemID
0x46d970 GetMenuItemCount
0x46d974 GetMenu
0x46d978 GetLastActivePopup
0x46d97c GetKeyboardState
0x46d980 GetKeyboardLayoutNameA
0x46d984 GetKeyboardLayoutList
0x46d988 GetKeyboardLayout
0x46d98c GetKeyState
0x46d990 GetKeyNameTextA
0x46d994 GetIconInfo
0x46d998 GetForegroundWindow
0x46d99c GetFocus
0x46d9a0 GetDesktopWindow
0x46d9a4 GetDCEx
0x46d9a8 GetDC
0x46d9ac GetCursorPos
0x46d9b0 GetCursor
0x46d9b4 GetClientRect
0x46d9b8 GetClassLongA
0x46d9bc GetClassInfoA
0x46d9c0 GetCapture
0x46d9c4 GetActiveWindow
0x46d9c8 FrameRect
0x46d9cc FindWindowA
0x46d9d0 FillRect
0x46d9d4 EqualRect
0x46d9d8 EnumWindows
0x46d9dc EnumThreadWindows
0x46d9e0 EnumChildWindows
0x46d9e4 EndPaint
0x46d9e8 EnableWindow
0x46d9ec EnableScrollBar
0x46d9f0 EnableMenuItem
0x46d9f4 DrawTextA
0x46d9f8 DrawMenuBar
0x46d9fc DrawIconEx
0x46da00 DrawIcon
0x46da04 DrawFrameControl
0x46da08 DrawEdge
0x46da0c DispatchMessageW
0x46da10 DispatchMessageA
0x46da14 DestroyWindow
0x46da18 DestroyMenu
0x46da1c DestroyIcon
0x46da20 DestroyCursor
0x46da24 DeleteMenu
0x46da28 DefWindowProcA
0x46da2c DefMDIChildProcA
0x46da30 DefFrameProcA
0x46da34 CreatePopupMenu
0x46da38 CreateMenu
0x46da3c CreateIcon
0x46da40 ClientToScreen
0x46da44 CheckMenuItem
0x46da48 CallWindowProcA
0x46da4c CallNextHookEx
0x46da50 BeginPaint
0x46da54 CharNextA
0x46da58 CharLowerA
0x46da5c CharToOemA
0x46da60 AdjustWindowRectEx
0x46da64 ActivateKeyboardLayout
gdi32.dll
0x46da6c UnrealizeObject
0x46da70 StretchBlt
0x46da74 SetWindowOrgEx
0x46da78 SetViewportOrgEx
0x46da7c SetTextColor
0x46da80 SetStretchBltMode
0x46da84 SetROP2
0x46da88 SetPixel
0x46da8c SetDIBColorTable
0x46da90 SetBrushOrgEx
0x46da94 SetBkMode
0x46da98 SetBkColor
0x46da9c SelectPalette
0x46daa0 SelectObject
0x46daa4 SaveDC
0x46daa8 RestoreDC
0x46daac RectVisible
0x46dab0 RealizePalette
0x46dab4 PatBlt
0x46dab8 MoveToEx
0x46dabc MaskBlt
0x46dac0 LineTo
0x46dac4 IntersectClipRect
0x46dac8 GetWindowOrgEx
0x46dacc GetTextMetricsA
0x46dad0 GetTextExtentPoint32A
0x46dad4 GetSystemPaletteEntries
0x46dad8 GetStockObject
0x46dadc GetRgnBox
0x46dae0 GetPixel
0x46dae4 GetPaletteEntries
0x46dae8 GetObjectA
0x46daec GetDeviceCaps
0x46daf0 GetDIBits
0x46daf4 GetDIBColorTable
0x46daf8 GetDCOrgEx
0x46dafc GetCurrentPositionEx
0x46db00 GetClipBox
0x46db04 GetBrushOrgEx
0x46db08 GetBitmapBits
0x46db0c ExcludeClipRect
0x46db10 DeleteObject
0x46db14 DeleteDC
0x46db18 CreateSolidBrush
0x46db1c CreatePenIndirect
0x46db20 CreatePalette
0x46db24 CreateHalftonePalette
0x46db28 CreateFontIndirectA
0x46db2c CreateDIBitmap
0x46db30 CreateDIBSection
0x46db34 CreateCompatibleDC
0x46db38 CreateCompatibleBitmap
0x46db3c CreateBrushIndirect
0x46db40 CreateBitmap
0x46db44 BitBlt
version.dll
0x46db4c VerQueryValueA
0x46db50 GetFileVersionInfoSizeA
0x46db54 GetFileVersionInfoA
kernel32.dll
0x46db5c lstrcpyA
0x46db60 lstrcmpiA
0x46db64 WriteFile
0x46db68 WaitForSingleObject
0x46db6c VirtualQuery
0x46db70 VirtualProtect
0x46db74 VirtualAlloc
0x46db78 SizeofResource
0x46db7c SetThreadLocale
0x46db80 SetFilePointer
0x46db84 SetEvent
0x46db88 SetErrorMode
0x46db8c SetEndOfFile
0x46db90 ResetEvent
0x46db94 ReadFile
0x46db98 MulDiv
0x46db9c LockResource
0x46dba0 LoadResource
0x46dba4 LoadLibraryA
0x46dba8 LeaveCriticalSection
0x46dbac InitializeCriticalSection
0x46dbb0 GlobalFindAtomA
0x46dbb4 GlobalDeleteAtom
0x46dbb8 GlobalAddAtomA
0x46dbbc GetVersionExA
0x46dbc0 GetVersion
0x46dbc4 GetTickCount
0x46dbc8 GetThreadLocale
0x46dbcc GetStdHandle
0x46dbd0 GetProcAddress
0x46dbd4 GetModuleHandleA
0x46dbd8 GetModuleFileNameA
0x46dbdc GetLocaleInfoA
0x46dbe0 GetLocalTime
0x46dbe4 GetLastError
0x46dbe8 GetFullPathNameA
0x46dbec GetDiskFreeSpaceA
0x46dbf0 GetDateFormatA
0x46dbf4 GetCurrentThreadId
0x46dbf8 GetCurrentProcessId
0x46dbfc GetCPInfo
0x46dc00 FreeResource
0x46dc04 InterlockedExchange
0x46dc08 FreeLibrary
0x46dc0c FormatMessageA
0x46dc10 FindResourceA
0x46dc14 EnumCalendarInfoA
0x46dc18 EnterCriticalSection
0x46dc1c DeleteCriticalSection
0x46dc20 CreateThread
0x46dc24 CreateFileA
0x46dc28 CreateEventA
0x46dc2c CompareStringA
0x46dc30 CloseHandle
advapi32.dll
0x46dc38 RegQueryValueExA
0x46dc3c RegOpenKeyExA
0x46dc40 RegFlushKey
0x46dc44 RegCloseKey
kernel32.dll
0x46dc4c Sleep
oleaut32.dll
0x46dc54 SafeArrayPtrOfIndex
0x46dc58 SafeArrayGetUBound
0x46dc5c SafeArrayGetLBound
0x46dc60 SafeArrayCreate
0x46dc64 VariantChangeType
0x46dc68 VariantCopy
0x46dc6c VariantClear
0x46dc70 VariantInit
comctl32.dll
0x46dc78 _TrackMouseEvent
0x46dc7c ImageList_SetIconSize
0x46dc80 ImageList_GetIconSize
0x46dc84 ImageList_Write
0x46dc88 ImageList_Read
0x46dc8c ImageList_DragShowNolock
0x46dc90 ImageList_DragMove
0x46dc94 ImageList_DragLeave
0x46dc98 ImageList_DragEnter
0x46dc9c ImageList_EndDrag
0x46dca0 ImageList_BeginDrag
0x46dca4 ImageList_Remove
0x46dca8 ImageList_DrawEx
0x46dcac ImageList_Draw
0x46dcb0 ImageList_GetBkColor
0x46dcb4 ImageList_SetBkColor
0x46dcb8 ImageList_Add
0x46dcbc ImageList_GetImageCount
0x46dcc0 ImageList_Destroy
0x46dcc4 ImageList_Create
0x46dcc8 InitCommonControls
EAT(Export Address Table) is none
oleaut32.dll
0x46d6f4 SysFreeString
0x46d6f8 SysReAllocStringLen
0x46d6fc SysAllocStringLen
advapi32.dll
0x46d704 RegQueryValueExA
0x46d708 RegOpenKeyExA
0x46d70c RegCloseKey
user32.dll
0x46d714 GetKeyboardType
0x46d718 DestroyWindow
0x46d71c LoadStringA
0x46d720 MessageBoxA
0x46d724 CharNextA
kernel32.dll
0x46d72c GetACP
0x46d730 Sleep
0x46d734 VirtualFree
0x46d738 VirtualAlloc
0x46d73c GetCurrentThreadId
0x46d740 InterlockedDecrement
0x46d744 InterlockedIncrement
0x46d748 VirtualQuery
0x46d74c WideCharToMultiByte
0x46d750 MultiByteToWideChar
0x46d754 lstrlenA
0x46d758 lstrcpynA
0x46d75c LoadLibraryExA
0x46d760 GetThreadLocale
0x46d764 GetStartupInfoA
0x46d768 GetProcAddress
0x46d76c GetModuleHandleA
0x46d770 GetModuleFileNameA
0x46d774 GetLocaleInfoA
0x46d778 GetLastError
0x46d77c GetCommandLineA
0x46d780 FreeLibrary
0x46d784 FindFirstFileA
0x46d788 FindClose
0x46d78c ExitProcess
0x46d790 CompareStringA
0x46d794 WriteFile
0x46d798 UnhandledExceptionFilter
0x46d79c SetFilePointer
0x46d7a0 SetEndOfFile
0x46d7a4 RtlUnwind
0x46d7a8 ReadFile
0x46d7ac RaiseException
0x46d7b0 GetStdHandle
0x46d7b4 GetFileSize
0x46d7b8 GetFileType
0x46d7bc CreateFileA
0x46d7c0 CloseHandle
kernel32.dll
0x46d7c8 TlsSetValue
0x46d7cc TlsGetValue
0x46d7d0 LocalAlloc
0x46d7d4 GetModuleHandleA
user32.dll
0x46d7dc CreateWindowExA
0x46d7e0 WindowFromPoint
0x46d7e4 WaitMessage
0x46d7e8 UpdateWindow
0x46d7ec UnregisterClassA
0x46d7f0 UnhookWindowsHookEx
0x46d7f4 TranslateMessage
0x46d7f8 TranslateMDISysAccel
0x46d7fc TrackPopupMenu
0x46d800 SystemParametersInfoA
0x46d804 ShowWindow
0x46d808 ShowScrollBar
0x46d80c ShowOwnedPopups
0x46d810 SetWindowsHookExA
0x46d814 SetWindowTextA
0x46d818 SetWindowPos
0x46d81c SetWindowPlacement
0x46d820 SetWindowLongW
0x46d824 SetWindowLongA
0x46d828 SetTimer
0x46d82c SetScrollRange
0x46d830 SetScrollPos
0x46d834 SetScrollInfo
0x46d838 SetRect
0x46d83c SetPropA
0x46d840 SetParent
0x46d844 SetMenuItemInfoA
0x46d848 SetMenu
0x46d84c SetForegroundWindow
0x46d850 SetFocus
0x46d854 SetCursor
0x46d858 SetClassLongA
0x46d85c SetCapture
0x46d860 SetActiveWindow
0x46d864 SendMessageW
0x46d868 SendMessageA
0x46d86c ScrollWindow
0x46d870 ScreenToClient
0x46d874 RemovePropA
0x46d878 RemoveMenu
0x46d87c ReleaseDC
0x46d880 ReleaseCapture
0x46d884 RegisterWindowMessageA
0x46d888 RegisterClipboardFormatA
0x46d88c RegisterClassA
0x46d890 RedrawWindow
0x46d894 PtInRect
0x46d898 PostQuitMessage
0x46d89c PostMessageA
0x46d8a0 PeekMessageW
0x46d8a4 PeekMessageA
0x46d8a8 OffsetRect
0x46d8ac OemToCharA
0x46d8b0 MessageBoxA
0x46d8b4 MapWindowPoints
0x46d8b8 MapVirtualKeyA
0x46d8bc LoadStringA
0x46d8c0 LoadKeyboardLayoutA
0x46d8c4 LoadIconA
0x46d8c8 LoadCursorA
0x46d8cc LoadBitmapA
0x46d8d0 KillTimer
0x46d8d4 IsZoomed
0x46d8d8 IsWindowVisible
0x46d8dc IsWindowUnicode
0x46d8e0 IsWindowEnabled
0x46d8e4 IsWindow
0x46d8e8 IsRectEmpty
0x46d8ec IsIconic
0x46d8f0 IsDialogMessageW
0x46d8f4 IsDialogMessageA
0x46d8f8 IsChild
0x46d8fc InvalidateRect
0x46d900 IntersectRect
0x46d904 InsertMenuItemA
0x46d908 InsertMenuA
0x46d90c InflateRect
0x46d910 GetWindowThreadProcessId
0x46d914 GetWindowTextA
0x46d918 GetWindowRect
0x46d91c GetWindowPlacement
0x46d920 GetWindowLongW
0x46d924 GetWindowLongA
0x46d928 GetWindowDC
0x46d92c GetTopWindow
0x46d930 GetSystemMetrics
0x46d934 GetSystemMenu
0x46d938 GetSysColorBrush
0x46d93c GetSysColor
0x46d940 GetSubMenu
0x46d944 GetScrollRange
0x46d948 GetScrollPos
0x46d94c GetScrollInfo
0x46d950 GetPropA
0x46d954 GetParent
0x46d958 GetWindow
0x46d95c GetMessagePos
0x46d960 GetMenuStringA
0x46d964 GetMenuState
0x46d968 GetMenuItemInfoA
0x46d96c GetMenuItemID
0x46d970 GetMenuItemCount
0x46d974 GetMenu
0x46d978 GetLastActivePopup
0x46d97c GetKeyboardState
0x46d980 GetKeyboardLayoutNameA
0x46d984 GetKeyboardLayoutList
0x46d988 GetKeyboardLayout
0x46d98c GetKeyState
0x46d990 GetKeyNameTextA
0x46d994 GetIconInfo
0x46d998 GetForegroundWindow
0x46d99c GetFocus
0x46d9a0 GetDesktopWindow
0x46d9a4 GetDCEx
0x46d9a8 GetDC
0x46d9ac GetCursorPos
0x46d9b0 GetCursor
0x46d9b4 GetClientRect
0x46d9b8 GetClassLongA
0x46d9bc GetClassInfoA
0x46d9c0 GetCapture
0x46d9c4 GetActiveWindow
0x46d9c8 FrameRect
0x46d9cc FindWindowA
0x46d9d0 FillRect
0x46d9d4 EqualRect
0x46d9d8 EnumWindows
0x46d9dc EnumThreadWindows
0x46d9e0 EnumChildWindows
0x46d9e4 EndPaint
0x46d9e8 EnableWindow
0x46d9ec EnableScrollBar
0x46d9f0 EnableMenuItem
0x46d9f4 DrawTextA
0x46d9f8 DrawMenuBar
0x46d9fc DrawIconEx
0x46da00 DrawIcon
0x46da04 DrawFrameControl
0x46da08 DrawEdge
0x46da0c DispatchMessageW
0x46da10 DispatchMessageA
0x46da14 DestroyWindow
0x46da18 DestroyMenu
0x46da1c DestroyIcon
0x46da20 DestroyCursor
0x46da24 DeleteMenu
0x46da28 DefWindowProcA
0x46da2c DefMDIChildProcA
0x46da30 DefFrameProcA
0x46da34 CreatePopupMenu
0x46da38 CreateMenu
0x46da3c CreateIcon
0x46da40 ClientToScreen
0x46da44 CheckMenuItem
0x46da48 CallWindowProcA
0x46da4c CallNextHookEx
0x46da50 BeginPaint
0x46da54 CharNextA
0x46da58 CharLowerA
0x46da5c CharToOemA
0x46da60 AdjustWindowRectEx
0x46da64 ActivateKeyboardLayout
gdi32.dll
0x46da6c UnrealizeObject
0x46da70 StretchBlt
0x46da74 SetWindowOrgEx
0x46da78 SetViewportOrgEx
0x46da7c SetTextColor
0x46da80 SetStretchBltMode
0x46da84 SetROP2
0x46da88 SetPixel
0x46da8c SetDIBColorTable
0x46da90 SetBrushOrgEx
0x46da94 SetBkMode
0x46da98 SetBkColor
0x46da9c SelectPalette
0x46daa0 SelectObject
0x46daa4 SaveDC
0x46daa8 RestoreDC
0x46daac RectVisible
0x46dab0 RealizePalette
0x46dab4 PatBlt
0x46dab8 MoveToEx
0x46dabc MaskBlt
0x46dac0 LineTo
0x46dac4 IntersectClipRect
0x46dac8 GetWindowOrgEx
0x46dacc GetTextMetricsA
0x46dad0 GetTextExtentPoint32A
0x46dad4 GetSystemPaletteEntries
0x46dad8 GetStockObject
0x46dadc GetRgnBox
0x46dae0 GetPixel
0x46dae4 GetPaletteEntries
0x46dae8 GetObjectA
0x46daec GetDeviceCaps
0x46daf0 GetDIBits
0x46daf4 GetDIBColorTable
0x46daf8 GetDCOrgEx
0x46dafc GetCurrentPositionEx
0x46db00 GetClipBox
0x46db04 GetBrushOrgEx
0x46db08 GetBitmapBits
0x46db0c ExcludeClipRect
0x46db10 DeleteObject
0x46db14 DeleteDC
0x46db18 CreateSolidBrush
0x46db1c CreatePenIndirect
0x46db20 CreatePalette
0x46db24 CreateHalftonePalette
0x46db28 CreateFontIndirectA
0x46db2c CreateDIBitmap
0x46db30 CreateDIBSection
0x46db34 CreateCompatibleDC
0x46db38 CreateCompatibleBitmap
0x46db3c CreateBrushIndirect
0x46db40 CreateBitmap
0x46db44 BitBlt
version.dll
0x46db4c VerQueryValueA
0x46db50 GetFileVersionInfoSizeA
0x46db54 GetFileVersionInfoA
kernel32.dll
0x46db5c lstrcpyA
0x46db60 lstrcmpiA
0x46db64 WriteFile
0x46db68 WaitForSingleObject
0x46db6c VirtualQuery
0x46db70 VirtualProtect
0x46db74 VirtualAlloc
0x46db78 SizeofResource
0x46db7c SetThreadLocale
0x46db80 SetFilePointer
0x46db84 SetEvent
0x46db88 SetErrorMode
0x46db8c SetEndOfFile
0x46db90 ResetEvent
0x46db94 ReadFile
0x46db98 MulDiv
0x46db9c LockResource
0x46dba0 LoadResource
0x46dba4 LoadLibraryA
0x46dba8 LeaveCriticalSection
0x46dbac InitializeCriticalSection
0x46dbb0 GlobalFindAtomA
0x46dbb4 GlobalDeleteAtom
0x46dbb8 GlobalAddAtomA
0x46dbbc GetVersionExA
0x46dbc0 GetVersion
0x46dbc4 GetTickCount
0x46dbc8 GetThreadLocale
0x46dbcc GetStdHandle
0x46dbd0 GetProcAddress
0x46dbd4 GetModuleHandleA
0x46dbd8 GetModuleFileNameA
0x46dbdc GetLocaleInfoA
0x46dbe0 GetLocalTime
0x46dbe4 GetLastError
0x46dbe8 GetFullPathNameA
0x46dbec GetDiskFreeSpaceA
0x46dbf0 GetDateFormatA
0x46dbf4 GetCurrentThreadId
0x46dbf8 GetCurrentProcessId
0x46dbfc GetCPInfo
0x46dc00 FreeResource
0x46dc04 InterlockedExchange
0x46dc08 FreeLibrary
0x46dc0c FormatMessageA
0x46dc10 FindResourceA
0x46dc14 EnumCalendarInfoA
0x46dc18 EnterCriticalSection
0x46dc1c DeleteCriticalSection
0x46dc20 CreateThread
0x46dc24 CreateFileA
0x46dc28 CreateEventA
0x46dc2c CompareStringA
0x46dc30 CloseHandle
advapi32.dll
0x46dc38 RegQueryValueExA
0x46dc3c RegOpenKeyExA
0x46dc40 RegFlushKey
0x46dc44 RegCloseKey
kernel32.dll
0x46dc4c Sleep
oleaut32.dll
0x46dc54 SafeArrayPtrOfIndex
0x46dc58 SafeArrayGetUBound
0x46dc5c SafeArrayGetLBound
0x46dc60 SafeArrayCreate
0x46dc64 VariantChangeType
0x46dc68 VariantCopy
0x46dc6c VariantClear
0x46dc70 VariantInit
comctl32.dll
0x46dc78 _TrackMouseEvent
0x46dc7c ImageList_SetIconSize
0x46dc80 ImageList_GetIconSize
0x46dc84 ImageList_Write
0x46dc88 ImageList_Read
0x46dc8c ImageList_DragShowNolock
0x46dc90 ImageList_DragMove
0x46dc94 ImageList_DragLeave
0x46dc98 ImageList_DragEnter
0x46dc9c ImageList_EndDrag
0x46dca0 ImageList_BeginDrag
0x46dca4 ImageList_Remove
0x46dca8 ImageList_DrawEx
0x46dcac ImageList_Draw
0x46dcb0 ImageList_GetBkColor
0x46dcb4 ImageList_SetBkColor
0x46dcb8 ImageList_Add
0x46dcbc ImageList_GetImageCount
0x46dcc0 ImageList_Destroy
0x46dcc4 ImageList_Create
0x46dcc8 InitCommonControls
EAT(Export Address Table) is none