ScreenShot
| Created | 2021.09.22 10:03 | Machine | s1_win7_x6402 |
| Filename | remit.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, score, confidence, AIYB, Attribute, HighConfidence, Infected, kcloud, Woreflint, Artemis, Unsafe, GenKryptik, EKLE, ZelphiF, fLW@ay5cswai, FileRepMalware, susgen) | ||
| md5 | cf98d2d4d4555323842c8371db09347e | ||
| sha256 | 8fa72e87addead9671e573d7cb843ca784a10cfbf6acf5b6bc4830df66fe0bf0 | ||
| ssdeep | 12288:lIspEfnP8N/seflQTshT8aqeTW39KqyeoAdrL7SUbDz5Zp:320N/seflZhTmiW3AirPzz5Z | ||
| imphash | bc8cc1eea5c25ce2056d7da92bd98134 | ||
| impfuzzy | 192:oN3sSbuuaxSUvK9tsoHXEJeWvvF9vM1QwPOQk:O3haq9xG+11POQk | ||
Network IP location
Signature (23cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (38cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4fe7d4 SysFreeString
0x4fe7d8 SysReAllocStringLen
0x4fe7dc SysAllocStringLen
advapi32.dll
0x4fe7e4 RegQueryValueExA
0x4fe7e8 RegOpenKeyExA
0x4fe7ec RegCloseKey
user32.dll
0x4fe7f4 GetKeyboardType
0x4fe7f8 DestroyWindow
0x4fe7fc LoadStringA
0x4fe800 MessageBoxA
0x4fe804 CharNextA
kernel32.dll
0x4fe80c GetACP
0x4fe810 Sleep
0x4fe814 VirtualFree
0x4fe818 VirtualAlloc
0x4fe81c GetCurrentThreadId
0x4fe820 InterlockedDecrement
0x4fe824 InterlockedIncrement
0x4fe828 VirtualQuery
0x4fe82c WideCharToMultiByte
0x4fe830 MultiByteToWideChar
0x4fe834 lstrlenA
0x4fe838 lstrcpynA
0x4fe83c LoadLibraryExA
0x4fe840 GetThreadLocale
0x4fe844 GetStartupInfoA
0x4fe848 GetProcAddress
0x4fe84c GetModuleHandleA
0x4fe850 GetModuleFileNameA
0x4fe854 GetLocaleInfoA
0x4fe858 GetLastError
0x4fe85c GetCommandLineA
0x4fe860 FreeLibrary
0x4fe864 FindFirstFileA
0x4fe868 FindClose
0x4fe86c ExitProcess
0x4fe870 ExitThread
0x4fe874 CreateThread
0x4fe878 CompareStringA
0x4fe87c WriteFile
0x4fe880 UnhandledExceptionFilter
0x4fe884 SetFilePointer
0x4fe888 SetEndOfFile
0x4fe88c RtlUnwind
0x4fe890 ReadFile
0x4fe894 RaiseException
0x4fe898 GetStdHandle
0x4fe89c GetFileSize
0x4fe8a0 GetFileType
0x4fe8a4 CreateFileA
0x4fe8a8 CloseHandle
kernel32.dll
0x4fe8b0 TlsSetValue
0x4fe8b4 TlsGetValue
0x4fe8b8 LocalAlloc
0x4fe8bc GetModuleHandleA
user32.dll
0x4fe8c4 CreateWindowExA
0x4fe8c8 WindowFromPoint
0x4fe8cc WaitMessage
0x4fe8d0 UpdateWindow
0x4fe8d4 UnregisterClassA
0x4fe8d8 UnhookWindowsHookEx
0x4fe8dc TranslateMessage
0x4fe8e0 TranslateMDISysAccel
0x4fe8e4 TrackPopupMenu
0x4fe8e8 SystemParametersInfoA
0x4fe8ec ShowWindow
0x4fe8f0 ShowScrollBar
0x4fe8f4 ShowOwnedPopups
0x4fe8f8 SetWindowsHookExA
0x4fe8fc SetWindowTextA
0x4fe900 SetWindowPos
0x4fe904 SetWindowPlacement
0x4fe908 SetWindowLongW
0x4fe90c SetWindowLongA
0x4fe910 SetTimer
0x4fe914 SetScrollRange
0x4fe918 SetScrollPos
0x4fe91c SetScrollInfo
0x4fe920 SetRect
0x4fe924 SetPropA
0x4fe928 SetParent
0x4fe92c SetMenuItemInfoA
0x4fe930 SetMenu
0x4fe934 SetForegroundWindow
0x4fe938 SetFocus
0x4fe93c SetCursor
0x4fe940 SetClassLongA
0x4fe944 SetCapture
0x4fe948 SetActiveWindow
0x4fe94c SendMessageW
0x4fe950 SendMessageA
0x4fe954 ScrollWindow
0x4fe958 ScreenToClient
0x4fe95c RemovePropA
0x4fe960 RemoveMenu
0x4fe964 ReleaseDC
0x4fe968 ReleaseCapture
0x4fe96c RegisterWindowMessageA
0x4fe970 RegisterClipboardFormatA
0x4fe974 RegisterClassA
0x4fe978 RedrawWindow
0x4fe97c PtInRect
0x4fe980 PostQuitMessage
0x4fe984 PostMessageA
0x4fe988 PeekMessageW
0x4fe98c PeekMessageA
0x4fe990 OffsetRect
0x4fe994 OemToCharA
0x4fe998 MsgWaitForMultipleObjects
0x4fe99c MessageBoxA
0x4fe9a0 MapWindowPoints
0x4fe9a4 MapVirtualKeyA
0x4fe9a8 LoadStringA
0x4fe9ac LoadKeyboardLayoutA
0x4fe9b0 LoadIconA
0x4fe9b4 LoadCursorA
0x4fe9b8 LoadBitmapA
0x4fe9bc KillTimer
0x4fe9c0 IsZoomed
0x4fe9c4 IsWindowVisible
0x4fe9c8 IsWindowUnicode
0x4fe9cc IsWindowEnabled
0x4fe9d0 IsWindow
0x4fe9d4 IsRectEmpty
0x4fe9d8 IsIconic
0x4fe9dc IsDialogMessageW
0x4fe9e0 IsDialogMessageA
0x4fe9e4 IsChild
0x4fe9e8 InvalidateRect
0x4fe9ec IntersectRect
0x4fe9f0 InsertMenuItemA
0x4fe9f4 InsertMenuA
0x4fe9f8 InflateRect
0x4fe9fc GetWindowThreadProcessId
0x4fea00 GetWindowTextA
0x4fea04 GetWindowRect
0x4fea08 GetWindowPlacement
0x4fea0c GetWindowLongW
0x4fea10 GetWindowLongA
0x4fea14 GetWindowDC
0x4fea18 GetTopWindow
0x4fea1c GetSystemMetrics
0x4fea20 GetSystemMenu
0x4fea24 GetSysColorBrush
0x4fea28 GetSysColor
0x4fea2c GetSubMenu
0x4fea30 GetScrollRange
0x4fea34 GetScrollPos
0x4fea38 GetScrollInfo
0x4fea3c GetPropA
0x4fea40 GetParent
0x4fea44 GetWindow
0x4fea48 GetMessageTime
0x4fea4c GetMessagePos
0x4fea50 GetMenuStringA
0x4fea54 GetMenuState
0x4fea58 GetMenuItemInfoA
0x4fea5c GetMenuItemID
0x4fea60 GetMenuItemCount
0x4fea64 GetMenu
0x4fea68 GetLastActivePopup
0x4fea6c GetKeyboardState
0x4fea70 GetKeyboardLayoutNameA
0x4fea74 GetKeyboardLayoutList
0x4fea78 GetKeyboardLayout
0x4fea7c GetKeyState
0x4fea80 GetKeyNameTextA
0x4fea84 GetIconInfo
0x4fea88 GetForegroundWindow
0x4fea8c GetFocus
0x4fea90 GetDesktopWindow
0x4fea94 GetDCEx
0x4fea98 GetDC
0x4fea9c GetCursorPos
0x4feaa0 GetCursor
0x4feaa4 GetClipboardData
0x4feaa8 GetClientRect
0x4feaac GetClassLongA
0x4feab0 GetClassInfoA
0x4feab4 GetCapture
0x4feab8 GetActiveWindow
0x4feabc FrameRect
0x4feac0 FindWindowA
0x4feac4 FillRect
0x4feac8 EqualRect
0x4feacc EnumWindows
0x4fead0 EnumThreadWindows
0x4fead4 EnumChildWindows
0x4fead8 EndPaint
0x4feadc EnableWindow
0x4feae0 EnableScrollBar
0x4feae4 EnableMenuItem
0x4feae8 DrawTextA
0x4feaec DrawMenuBar
0x4feaf0 DrawIconEx
0x4feaf4 DrawIcon
0x4feaf8 DrawFrameControl
0x4feafc DrawFocusRect
0x4feb00 DrawEdge
0x4feb04 DispatchMessageW
0x4feb08 DispatchMessageA
0x4feb0c DestroyWindow
0x4feb10 DestroyMenu
0x4feb14 DestroyIcon
0x4feb18 DestroyCursor
0x4feb1c DeleteMenu
0x4feb20 DefWindowProcA
0x4feb24 DefMDIChildProcA
0x4feb28 DefFrameProcA
0x4feb2c CreatePopupMenu
0x4feb30 CreateMenu
0x4feb34 CreateIcon
0x4feb38 ClientToScreen
0x4feb3c CheckMenuItem
0x4feb40 CallWindowProcA
0x4feb44 CallNextHookEx
0x4feb48 BeginPaint
0x4feb4c CharNextA
0x4feb50 CharLowerBuffA
0x4feb54 CharLowerA
0x4feb58 CharToOemA
0x4feb5c AdjustWindowRectEx
0x4feb60 ActivateKeyboardLayout
gdi32.dll
0x4feb68 UnrealizeObject
0x4feb6c StretchBlt
0x4feb70 SetWindowOrgEx
0x4feb74 SetWinMetaFileBits
0x4feb78 SetViewportOrgEx
0x4feb7c SetTextColor
0x4feb80 SetStretchBltMode
0x4feb84 SetROP2
0x4feb88 SetPixel
0x4feb8c SetMapMode
0x4feb90 SetEnhMetaFileBits
0x4feb94 SetDIBColorTable
0x4feb98 SetBrushOrgEx
0x4feb9c SetBkMode
0x4feba0 SetBkColor
0x4feba4 SelectPalette
0x4feba8 SelectObject
0x4febac SaveDC
0x4febb0 RestoreDC
0x4febb4 RectVisible
0x4febb8 RealizePalette
0x4febbc Polyline
0x4febc0 PlayEnhMetaFile
0x4febc4 PatBlt
0x4febc8 MoveToEx
0x4febcc MaskBlt
0x4febd0 LineTo
0x4febd4 LPtoDP
0x4febd8 IntersectClipRect
0x4febdc GetWindowOrgEx
0x4febe0 GetWinMetaFileBits
0x4febe4 GetTextMetricsA
0x4febe8 GetTextExtentPoint32A
0x4febec GetSystemPaletteEntries
0x4febf0 GetStockObject
0x4febf4 GetRgnBox
0x4febf8 GetPixel
0x4febfc GetPaletteEntries
0x4fec00 GetObjectA
0x4fec04 GetEnhMetaFilePaletteEntries
0x4fec08 GetEnhMetaFileHeader
0x4fec0c GetEnhMetaFileDescriptionA
0x4fec10 GetEnhMetaFileBits
0x4fec14 GetDeviceCaps
0x4fec18 GetDIBits
0x4fec1c GetDIBColorTable
0x4fec20 GetDCOrgEx
0x4fec24 GetCurrentPositionEx
0x4fec28 GetClipBox
0x4fec2c GetBrushOrgEx
0x4fec30 GetBitmapBits
0x4fec34 ExtTextOutA
0x4fec38 ExcludeClipRect
0x4fec3c DeleteObject
0x4fec40 DeleteEnhMetaFile
0x4fec44 DeleteDC
0x4fec48 CreateSolidBrush
0x4fec4c CreatePenIndirect
0x4fec50 CreatePalette
0x4fec54 CreateHalftonePalette
0x4fec58 CreateFontIndirectA
0x4fec5c CreateEnhMetaFileA
0x4fec60 CreateDIBitmap
0x4fec64 CreateDIBSection
0x4fec68 CreateCompatibleDC
0x4fec6c CreateCompatibleBitmap
0x4fec70 CreateBrushIndirect
0x4fec74 CreateBitmap
0x4fec78 CopyEnhMetaFileA
0x4fec7c CloseEnhMetaFile
0x4fec80 BitBlt
version.dll
0x4fec88 VerQueryValueA
0x4fec8c GetFileVersionInfoSizeA
0x4fec90 GetFileVersionInfoA
kernel32.dll
0x4fec98 lstrcpyA
0x4fec9c WriteFile
0x4feca0 WaitForSingleObject
0x4feca4 VirtualQuery
0x4feca8 VirtualProtect
0x4fecac VirtualAlloc
0x4fecb0 SizeofResource
0x4fecb4 SetThreadPriority
0x4fecb8 SetThreadLocale
0x4fecbc SetFilePointer
0x4fecc0 SetEvent
0x4fecc4 SetErrorMode
0x4fecc8 SetEndOfFile
0x4feccc ResumeThread
0x4fecd0 ResetEvent
0x4fecd4 ReadFile
0x4fecd8 MultiByteToWideChar
0x4fecdc MulDiv
0x4fece0 LockResource
0x4fece4 LoadResource
0x4fece8 LoadLibraryA
0x4fecec LeaveCriticalSection
0x4fecf0 InitializeCriticalSection
0x4fecf4 GlobalUnlock
0x4fecf8 GlobalSize
0x4fecfc GlobalLock
0x4fed00 GlobalFree
0x4fed04 GlobalFindAtomA
0x4fed08 GlobalDeleteAtom
0x4fed0c GlobalAlloc
0x4fed10 GlobalAddAtomA
0x4fed14 GetVersionExA
0x4fed18 GetVersion
0x4fed1c GetUserDefaultLCID
0x4fed20 GetTickCount
0x4fed24 GetThreadLocale
0x4fed28 GetStdHandle
0x4fed2c GetProcAddress
0x4fed30 GetModuleHandleA
0x4fed34 GetModuleFileNameA
0x4fed38 GetLocaleInfoA
0x4fed3c GetLocalTime
0x4fed40 GetLastError
0x4fed44 GetFullPathNameA
0x4fed48 GetExitCodeThread
0x4fed4c GetDiskFreeSpaceA
0x4fed50 GetDateFormatA
0x4fed54 GetCurrentThreadId
0x4fed58 GetCurrentProcessId
0x4fed5c GetCPInfo
0x4fed60 FreeResource
0x4fed64 InterlockedIncrement
0x4fed68 InterlockedExchange
0x4fed6c InterlockedDecrement
0x4fed70 FreeLibrary
0x4fed74 FormatMessageA
0x4fed78 FindResourceA
0x4fed7c EnumCalendarInfoA
0x4fed80 EnterCriticalSection
0x4fed84 DeleteCriticalSection
0x4fed88 CreateThread
0x4fed8c CreateFileA
0x4fed90 CreateEventA
0x4fed94 CompareStringA
0x4fed98 CloseHandle
advapi32.dll
0x4feda0 RegQueryValueExA
0x4feda4 RegOpenKeyExA
0x4feda8 RegFlushKey
0x4fedac RegCloseKey
oleaut32.dll
0x4fedb4 GetErrorInfo
0x4fedb8 SysFreeString
ole32.dll
0x4fedc0 CreateStreamOnHGlobal
0x4fedc4 IsAccelerator
0x4fedc8 OleDraw
0x4fedcc OleSetMenuDescriptor
0x4fedd0 CoCreateInstance
0x4fedd4 CoGetClassObject
0x4fedd8 CoUninitialize
0x4feddc CoInitialize
0x4fede0 IsEqualGUID
kernel32.dll
0x4fede8 Sleep
oleaut32.dll
0x4fedf0 SafeArrayPtrOfIndex
0x4fedf4 SafeArrayGetUBound
0x4fedf8 SafeArrayGetLBound
0x4fedfc SafeArrayCreate
0x4fee00 VariantChangeType
0x4fee04 VariantCopy
0x4fee08 VariantClear
0x4fee0c VariantInit
comctl32.dll
0x4fee14 _TrackMouseEvent
0x4fee18 ImageList_SetIconSize
0x4fee1c ImageList_GetIconSize
0x4fee20 ImageList_Write
0x4fee24 ImageList_Read
0x4fee28 ImageList_DragShowNolock
0x4fee2c ImageList_DragMove
0x4fee30 ImageList_DragLeave
0x4fee34 ImageList_DragEnter
0x4fee38 ImageList_EndDrag
0x4fee3c ImageList_BeginDrag
0x4fee40 ImageList_Remove
0x4fee44 ImageList_DrawEx
0x4fee48 ImageList_Draw
0x4fee4c ImageList_GetBkColor
0x4fee50 ImageList_SetBkColor
0x4fee54 ImageList_Add
0x4fee58 ImageList_GetImageCount
0x4fee5c ImageList_Destroy
0x4fee60 ImageList_Create
EAT(Export Address Table) is none
oleaut32.dll
0x4fe7d4 SysFreeString
0x4fe7d8 SysReAllocStringLen
0x4fe7dc SysAllocStringLen
advapi32.dll
0x4fe7e4 RegQueryValueExA
0x4fe7e8 RegOpenKeyExA
0x4fe7ec RegCloseKey
user32.dll
0x4fe7f4 GetKeyboardType
0x4fe7f8 DestroyWindow
0x4fe7fc LoadStringA
0x4fe800 MessageBoxA
0x4fe804 CharNextA
kernel32.dll
0x4fe80c GetACP
0x4fe810 Sleep
0x4fe814 VirtualFree
0x4fe818 VirtualAlloc
0x4fe81c GetCurrentThreadId
0x4fe820 InterlockedDecrement
0x4fe824 InterlockedIncrement
0x4fe828 VirtualQuery
0x4fe82c WideCharToMultiByte
0x4fe830 MultiByteToWideChar
0x4fe834 lstrlenA
0x4fe838 lstrcpynA
0x4fe83c LoadLibraryExA
0x4fe840 GetThreadLocale
0x4fe844 GetStartupInfoA
0x4fe848 GetProcAddress
0x4fe84c GetModuleHandleA
0x4fe850 GetModuleFileNameA
0x4fe854 GetLocaleInfoA
0x4fe858 GetLastError
0x4fe85c GetCommandLineA
0x4fe860 FreeLibrary
0x4fe864 FindFirstFileA
0x4fe868 FindClose
0x4fe86c ExitProcess
0x4fe870 ExitThread
0x4fe874 CreateThread
0x4fe878 CompareStringA
0x4fe87c WriteFile
0x4fe880 UnhandledExceptionFilter
0x4fe884 SetFilePointer
0x4fe888 SetEndOfFile
0x4fe88c RtlUnwind
0x4fe890 ReadFile
0x4fe894 RaiseException
0x4fe898 GetStdHandle
0x4fe89c GetFileSize
0x4fe8a0 GetFileType
0x4fe8a4 CreateFileA
0x4fe8a8 CloseHandle
kernel32.dll
0x4fe8b0 TlsSetValue
0x4fe8b4 TlsGetValue
0x4fe8b8 LocalAlloc
0x4fe8bc GetModuleHandleA
user32.dll
0x4fe8c4 CreateWindowExA
0x4fe8c8 WindowFromPoint
0x4fe8cc WaitMessage
0x4fe8d0 UpdateWindow
0x4fe8d4 UnregisterClassA
0x4fe8d8 UnhookWindowsHookEx
0x4fe8dc TranslateMessage
0x4fe8e0 TranslateMDISysAccel
0x4fe8e4 TrackPopupMenu
0x4fe8e8 SystemParametersInfoA
0x4fe8ec ShowWindow
0x4fe8f0 ShowScrollBar
0x4fe8f4 ShowOwnedPopups
0x4fe8f8 SetWindowsHookExA
0x4fe8fc SetWindowTextA
0x4fe900 SetWindowPos
0x4fe904 SetWindowPlacement
0x4fe908 SetWindowLongW
0x4fe90c SetWindowLongA
0x4fe910 SetTimer
0x4fe914 SetScrollRange
0x4fe918 SetScrollPos
0x4fe91c SetScrollInfo
0x4fe920 SetRect
0x4fe924 SetPropA
0x4fe928 SetParent
0x4fe92c SetMenuItemInfoA
0x4fe930 SetMenu
0x4fe934 SetForegroundWindow
0x4fe938 SetFocus
0x4fe93c SetCursor
0x4fe940 SetClassLongA
0x4fe944 SetCapture
0x4fe948 SetActiveWindow
0x4fe94c SendMessageW
0x4fe950 SendMessageA
0x4fe954 ScrollWindow
0x4fe958 ScreenToClient
0x4fe95c RemovePropA
0x4fe960 RemoveMenu
0x4fe964 ReleaseDC
0x4fe968 ReleaseCapture
0x4fe96c RegisterWindowMessageA
0x4fe970 RegisterClipboardFormatA
0x4fe974 RegisterClassA
0x4fe978 RedrawWindow
0x4fe97c PtInRect
0x4fe980 PostQuitMessage
0x4fe984 PostMessageA
0x4fe988 PeekMessageW
0x4fe98c PeekMessageA
0x4fe990 OffsetRect
0x4fe994 OemToCharA
0x4fe998 MsgWaitForMultipleObjects
0x4fe99c MessageBoxA
0x4fe9a0 MapWindowPoints
0x4fe9a4 MapVirtualKeyA
0x4fe9a8 LoadStringA
0x4fe9ac LoadKeyboardLayoutA
0x4fe9b0 LoadIconA
0x4fe9b4 LoadCursorA
0x4fe9b8 LoadBitmapA
0x4fe9bc KillTimer
0x4fe9c0 IsZoomed
0x4fe9c4 IsWindowVisible
0x4fe9c8 IsWindowUnicode
0x4fe9cc IsWindowEnabled
0x4fe9d0 IsWindow
0x4fe9d4 IsRectEmpty
0x4fe9d8 IsIconic
0x4fe9dc IsDialogMessageW
0x4fe9e0 IsDialogMessageA
0x4fe9e4 IsChild
0x4fe9e8 InvalidateRect
0x4fe9ec IntersectRect
0x4fe9f0 InsertMenuItemA
0x4fe9f4 InsertMenuA
0x4fe9f8 InflateRect
0x4fe9fc GetWindowThreadProcessId
0x4fea00 GetWindowTextA
0x4fea04 GetWindowRect
0x4fea08 GetWindowPlacement
0x4fea0c GetWindowLongW
0x4fea10 GetWindowLongA
0x4fea14 GetWindowDC
0x4fea18 GetTopWindow
0x4fea1c GetSystemMetrics
0x4fea20 GetSystemMenu
0x4fea24 GetSysColorBrush
0x4fea28 GetSysColor
0x4fea2c GetSubMenu
0x4fea30 GetScrollRange
0x4fea34 GetScrollPos
0x4fea38 GetScrollInfo
0x4fea3c GetPropA
0x4fea40 GetParent
0x4fea44 GetWindow
0x4fea48 GetMessageTime
0x4fea4c GetMessagePos
0x4fea50 GetMenuStringA
0x4fea54 GetMenuState
0x4fea58 GetMenuItemInfoA
0x4fea5c GetMenuItemID
0x4fea60 GetMenuItemCount
0x4fea64 GetMenu
0x4fea68 GetLastActivePopup
0x4fea6c GetKeyboardState
0x4fea70 GetKeyboardLayoutNameA
0x4fea74 GetKeyboardLayoutList
0x4fea78 GetKeyboardLayout
0x4fea7c GetKeyState
0x4fea80 GetKeyNameTextA
0x4fea84 GetIconInfo
0x4fea88 GetForegroundWindow
0x4fea8c GetFocus
0x4fea90 GetDesktopWindow
0x4fea94 GetDCEx
0x4fea98 GetDC
0x4fea9c GetCursorPos
0x4feaa0 GetCursor
0x4feaa4 GetClipboardData
0x4feaa8 GetClientRect
0x4feaac GetClassLongA
0x4feab0 GetClassInfoA
0x4feab4 GetCapture
0x4feab8 GetActiveWindow
0x4feabc FrameRect
0x4feac0 FindWindowA
0x4feac4 FillRect
0x4feac8 EqualRect
0x4feacc EnumWindows
0x4fead0 EnumThreadWindows
0x4fead4 EnumChildWindows
0x4fead8 EndPaint
0x4feadc EnableWindow
0x4feae0 EnableScrollBar
0x4feae4 EnableMenuItem
0x4feae8 DrawTextA
0x4feaec DrawMenuBar
0x4feaf0 DrawIconEx
0x4feaf4 DrawIcon
0x4feaf8 DrawFrameControl
0x4feafc DrawFocusRect
0x4feb00 DrawEdge
0x4feb04 DispatchMessageW
0x4feb08 DispatchMessageA
0x4feb0c DestroyWindow
0x4feb10 DestroyMenu
0x4feb14 DestroyIcon
0x4feb18 DestroyCursor
0x4feb1c DeleteMenu
0x4feb20 DefWindowProcA
0x4feb24 DefMDIChildProcA
0x4feb28 DefFrameProcA
0x4feb2c CreatePopupMenu
0x4feb30 CreateMenu
0x4feb34 CreateIcon
0x4feb38 ClientToScreen
0x4feb3c CheckMenuItem
0x4feb40 CallWindowProcA
0x4feb44 CallNextHookEx
0x4feb48 BeginPaint
0x4feb4c CharNextA
0x4feb50 CharLowerBuffA
0x4feb54 CharLowerA
0x4feb58 CharToOemA
0x4feb5c AdjustWindowRectEx
0x4feb60 ActivateKeyboardLayout
gdi32.dll
0x4feb68 UnrealizeObject
0x4feb6c StretchBlt
0x4feb70 SetWindowOrgEx
0x4feb74 SetWinMetaFileBits
0x4feb78 SetViewportOrgEx
0x4feb7c SetTextColor
0x4feb80 SetStretchBltMode
0x4feb84 SetROP2
0x4feb88 SetPixel
0x4feb8c SetMapMode
0x4feb90 SetEnhMetaFileBits
0x4feb94 SetDIBColorTable
0x4feb98 SetBrushOrgEx
0x4feb9c SetBkMode
0x4feba0 SetBkColor
0x4feba4 SelectPalette
0x4feba8 SelectObject
0x4febac SaveDC
0x4febb0 RestoreDC
0x4febb4 RectVisible
0x4febb8 RealizePalette
0x4febbc Polyline
0x4febc0 PlayEnhMetaFile
0x4febc4 PatBlt
0x4febc8 MoveToEx
0x4febcc MaskBlt
0x4febd0 LineTo
0x4febd4 LPtoDP
0x4febd8 IntersectClipRect
0x4febdc GetWindowOrgEx
0x4febe0 GetWinMetaFileBits
0x4febe4 GetTextMetricsA
0x4febe8 GetTextExtentPoint32A
0x4febec GetSystemPaletteEntries
0x4febf0 GetStockObject
0x4febf4 GetRgnBox
0x4febf8 GetPixel
0x4febfc GetPaletteEntries
0x4fec00 GetObjectA
0x4fec04 GetEnhMetaFilePaletteEntries
0x4fec08 GetEnhMetaFileHeader
0x4fec0c GetEnhMetaFileDescriptionA
0x4fec10 GetEnhMetaFileBits
0x4fec14 GetDeviceCaps
0x4fec18 GetDIBits
0x4fec1c GetDIBColorTable
0x4fec20 GetDCOrgEx
0x4fec24 GetCurrentPositionEx
0x4fec28 GetClipBox
0x4fec2c GetBrushOrgEx
0x4fec30 GetBitmapBits
0x4fec34 ExtTextOutA
0x4fec38 ExcludeClipRect
0x4fec3c DeleteObject
0x4fec40 DeleteEnhMetaFile
0x4fec44 DeleteDC
0x4fec48 CreateSolidBrush
0x4fec4c CreatePenIndirect
0x4fec50 CreatePalette
0x4fec54 CreateHalftonePalette
0x4fec58 CreateFontIndirectA
0x4fec5c CreateEnhMetaFileA
0x4fec60 CreateDIBitmap
0x4fec64 CreateDIBSection
0x4fec68 CreateCompatibleDC
0x4fec6c CreateCompatibleBitmap
0x4fec70 CreateBrushIndirect
0x4fec74 CreateBitmap
0x4fec78 CopyEnhMetaFileA
0x4fec7c CloseEnhMetaFile
0x4fec80 BitBlt
version.dll
0x4fec88 VerQueryValueA
0x4fec8c GetFileVersionInfoSizeA
0x4fec90 GetFileVersionInfoA
kernel32.dll
0x4fec98 lstrcpyA
0x4fec9c WriteFile
0x4feca0 WaitForSingleObject
0x4feca4 VirtualQuery
0x4feca8 VirtualProtect
0x4fecac VirtualAlloc
0x4fecb0 SizeofResource
0x4fecb4 SetThreadPriority
0x4fecb8 SetThreadLocale
0x4fecbc SetFilePointer
0x4fecc0 SetEvent
0x4fecc4 SetErrorMode
0x4fecc8 SetEndOfFile
0x4feccc ResumeThread
0x4fecd0 ResetEvent
0x4fecd4 ReadFile
0x4fecd8 MultiByteToWideChar
0x4fecdc MulDiv
0x4fece0 LockResource
0x4fece4 LoadResource
0x4fece8 LoadLibraryA
0x4fecec LeaveCriticalSection
0x4fecf0 InitializeCriticalSection
0x4fecf4 GlobalUnlock
0x4fecf8 GlobalSize
0x4fecfc GlobalLock
0x4fed00 GlobalFree
0x4fed04 GlobalFindAtomA
0x4fed08 GlobalDeleteAtom
0x4fed0c GlobalAlloc
0x4fed10 GlobalAddAtomA
0x4fed14 GetVersionExA
0x4fed18 GetVersion
0x4fed1c GetUserDefaultLCID
0x4fed20 GetTickCount
0x4fed24 GetThreadLocale
0x4fed28 GetStdHandle
0x4fed2c GetProcAddress
0x4fed30 GetModuleHandleA
0x4fed34 GetModuleFileNameA
0x4fed38 GetLocaleInfoA
0x4fed3c GetLocalTime
0x4fed40 GetLastError
0x4fed44 GetFullPathNameA
0x4fed48 GetExitCodeThread
0x4fed4c GetDiskFreeSpaceA
0x4fed50 GetDateFormatA
0x4fed54 GetCurrentThreadId
0x4fed58 GetCurrentProcessId
0x4fed5c GetCPInfo
0x4fed60 FreeResource
0x4fed64 InterlockedIncrement
0x4fed68 InterlockedExchange
0x4fed6c InterlockedDecrement
0x4fed70 FreeLibrary
0x4fed74 FormatMessageA
0x4fed78 FindResourceA
0x4fed7c EnumCalendarInfoA
0x4fed80 EnterCriticalSection
0x4fed84 DeleteCriticalSection
0x4fed88 CreateThread
0x4fed8c CreateFileA
0x4fed90 CreateEventA
0x4fed94 CompareStringA
0x4fed98 CloseHandle
advapi32.dll
0x4feda0 RegQueryValueExA
0x4feda4 RegOpenKeyExA
0x4feda8 RegFlushKey
0x4fedac RegCloseKey
oleaut32.dll
0x4fedb4 GetErrorInfo
0x4fedb8 SysFreeString
ole32.dll
0x4fedc0 CreateStreamOnHGlobal
0x4fedc4 IsAccelerator
0x4fedc8 OleDraw
0x4fedcc OleSetMenuDescriptor
0x4fedd0 CoCreateInstance
0x4fedd4 CoGetClassObject
0x4fedd8 CoUninitialize
0x4feddc CoInitialize
0x4fede0 IsEqualGUID
kernel32.dll
0x4fede8 Sleep
oleaut32.dll
0x4fedf0 SafeArrayPtrOfIndex
0x4fedf4 SafeArrayGetUBound
0x4fedf8 SafeArrayGetLBound
0x4fedfc SafeArrayCreate
0x4fee00 VariantChangeType
0x4fee04 VariantCopy
0x4fee08 VariantClear
0x4fee0c VariantInit
comctl32.dll
0x4fee14 _TrackMouseEvent
0x4fee18 ImageList_SetIconSize
0x4fee1c ImageList_GetIconSize
0x4fee20 ImageList_Write
0x4fee24 ImageList_Read
0x4fee28 ImageList_DragShowNolock
0x4fee2c ImageList_DragMove
0x4fee30 ImageList_DragLeave
0x4fee34 ImageList_DragEnter
0x4fee38 ImageList_EndDrag
0x4fee3c ImageList_BeginDrag
0x4fee40 ImageList_Remove
0x4fee44 ImageList_DrawEx
0x4fee48 ImageList_Draw
0x4fee4c ImageList_GetBkColor
0x4fee50 ImageList_SetBkColor
0x4fee54 ImageList_Add
0x4fee58 ImageList_GetImageCount
0x4fee5c ImageList_Destroy
0x4fee60 ImageList_Create
EAT(Export Address Table) is none