ScreenShot
| Created | 2021.09.24 17:07 | Machine | s1_win7_x6401 |
| Filename | escrow.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetect, malware2, Remcos, malicious, high confidence, Zusy, Fareit, FCVN, Unsafe, FPST, Attribute, HighConfidence, Kryptik, HMPA, Formbook, ai score=85, Phonzy, score, BScope, R002C0PIO21, susgen, Delf, GdSda) | ||
| md5 | 4568267da235d998580cfd9d8b828715 | ||
| sha256 | da3b4c6a3fc81e733843987e557efb53beab50fa9ad528aa1a0d7a0f0e1c6e94 | ||
| ssdeep | 12288:mftAn+lE3hGAJNmUaxoSThjcymQgMM4PW:4uwEwomU1SFABD | ||
| imphash | 9a7ebf1a69de9b324d0d1f73a7d054a0 | ||
| impfuzzy | 96:oO4nYo3Me5c2buu27xSUvK9eVsoWGXE7IXhpeU8JS10+YdDwPOQCD:oN3MSbuuaxSUvK9kso1XE7IyG1Q+POQk | ||
Network IP location
Signature (23cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (40cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4a86ec SysFreeString
0x4a86f0 SysReAllocStringLen
0x4a86f4 SysAllocStringLen
advapi32.dll
0x4a86fc RegQueryValueExA
0x4a8700 RegOpenKeyExA
0x4a8704 RegCloseKey
user32.dll
0x4a870c GetKeyboardType
0x4a8710 DestroyWindow
0x4a8714 LoadStringA
0x4a8718 MessageBoxA
0x4a871c CharNextA
kernel32.dll
0x4a8724 GetACP
0x4a8728 Sleep
0x4a872c VirtualFree
0x4a8730 VirtualAlloc
0x4a8734 GetCurrentThreadId
0x4a8738 InterlockedDecrement
0x4a873c InterlockedIncrement
0x4a8740 VirtualQuery
0x4a8744 WideCharToMultiByte
0x4a8748 MultiByteToWideChar
0x4a874c lstrlenA
0x4a8750 lstrcpynA
0x4a8754 LoadLibraryExA
0x4a8758 GetThreadLocale
0x4a875c GetStartupInfoA
0x4a8760 GetProcAddress
0x4a8764 GetModuleHandleA
0x4a8768 GetModuleFileNameA
0x4a876c GetLocaleInfoA
0x4a8770 GetLastError
0x4a8774 GetCommandLineA
0x4a8778 FreeLibrary
0x4a877c FindFirstFileA
0x4a8780 FindClose
0x4a8784 ExitProcess
0x4a8788 CompareStringA
0x4a878c WriteFile
0x4a8790 UnhandledExceptionFilter
0x4a8794 SetFilePointer
0x4a8798 SetEndOfFile
0x4a879c RtlUnwind
0x4a87a0 ReadFile
0x4a87a4 RaiseException
0x4a87a8 GetStdHandle
0x4a87ac GetFileSize
0x4a87b0 GetFileType
0x4a87b4 CreateFileA
0x4a87b8 CloseHandle
kernel32.dll
0x4a87c0 TlsSetValue
0x4a87c4 TlsGetValue
0x4a87c8 LocalAlloc
0x4a87cc GetModuleHandleA
user32.dll
0x4a87d4 CreateWindowExA
0x4a87d8 WindowFromPoint
0x4a87dc WaitMessage
0x4a87e0 UpdateWindow
0x4a87e4 UnregisterClassA
0x4a87e8 UnhookWindowsHookEx
0x4a87ec TranslateMessage
0x4a87f0 TranslateMDISysAccel
0x4a87f4 TrackPopupMenu
0x4a87f8 SystemParametersInfoA
0x4a87fc ShowWindow
0x4a8800 ShowScrollBar
0x4a8804 ShowOwnedPopups
0x4a8808 SetWindowsHookExA
0x4a880c SetWindowTextA
0x4a8810 SetWindowPos
0x4a8814 SetWindowPlacement
0x4a8818 SetWindowLongW
0x4a881c SetWindowLongA
0x4a8820 SetTimer
0x4a8824 SetScrollRange
0x4a8828 SetScrollPos
0x4a882c SetScrollInfo
0x4a8830 SetRect
0x4a8834 SetPropA
0x4a8838 SetParent
0x4a883c SetMenuItemInfoA
0x4a8840 SetMenu
0x4a8844 SetForegroundWindow
0x4a8848 SetFocus
0x4a884c SetCursor
0x4a8850 SetClassLongA
0x4a8854 SetCapture
0x4a8858 SetActiveWindow
0x4a885c SendMessageW
0x4a8860 SendMessageA
0x4a8864 ScrollWindow
0x4a8868 ScreenToClient
0x4a886c RemovePropA
0x4a8870 RemoveMenu
0x4a8874 ReleaseDC
0x4a8878 ReleaseCapture
0x4a887c RegisterWindowMessageA
0x4a8880 RegisterClipboardFormatA
0x4a8884 RegisterClassA
0x4a8888 RedrawWindow
0x4a888c PtInRect
0x4a8890 PostQuitMessage
0x4a8894 PostMessageA
0x4a8898 PeekMessageW
0x4a889c PeekMessageA
0x4a88a0 OffsetRect
0x4a88a4 OemToCharA
0x4a88a8 MessageBoxA
0x4a88ac MapWindowPoints
0x4a88b0 MapVirtualKeyA
0x4a88b4 LoadStringA
0x4a88b8 LoadKeyboardLayoutA
0x4a88bc LoadIconA
0x4a88c0 LoadCursorA
0x4a88c4 LoadBitmapA
0x4a88c8 KillTimer
0x4a88cc IsZoomed
0x4a88d0 IsWindowVisible
0x4a88d4 IsWindowUnicode
0x4a88d8 IsWindowEnabled
0x4a88dc IsWindow
0x4a88e0 IsRectEmpty
0x4a88e4 IsIconic
0x4a88e8 IsDialogMessageW
0x4a88ec IsDialogMessageA
0x4a88f0 IsChild
0x4a88f4 InvalidateRect
0x4a88f8 IntersectRect
0x4a88fc InsertMenuItemA
0x4a8900 InsertMenuA
0x4a8904 InflateRect
0x4a8908 GetWindowThreadProcessId
0x4a890c GetWindowTextA
0x4a8910 GetWindowRect
0x4a8914 GetWindowPlacement
0x4a8918 GetWindowLongW
0x4a891c GetWindowLongA
0x4a8920 GetWindowDC
0x4a8924 GetTopWindow
0x4a8928 GetSystemMetrics
0x4a892c GetSystemMenu
0x4a8930 GetSysColorBrush
0x4a8934 GetSysColor
0x4a8938 GetSubMenu
0x4a893c GetScrollRange
0x4a8940 GetScrollPos
0x4a8944 GetScrollInfo
0x4a8948 GetPropA
0x4a894c GetParent
0x4a8950 GetWindow
0x4a8954 GetMessagePos
0x4a8958 GetMenuStringA
0x4a895c GetMenuState
0x4a8960 GetMenuItemInfoA
0x4a8964 GetMenuItemID
0x4a8968 GetMenuItemCount
0x4a896c GetMenu
0x4a8970 GetLastActivePopup
0x4a8974 GetKeyboardState
0x4a8978 GetKeyboardLayoutNameA
0x4a897c GetKeyboardLayoutList
0x4a8980 GetKeyboardLayout
0x4a8984 GetKeyState
0x4a8988 GetKeyNameTextA
0x4a898c GetIconInfo
0x4a8990 GetForegroundWindow
0x4a8994 GetFocus
0x4a8998 GetDesktopWindow
0x4a899c GetDCEx
0x4a89a0 GetDC
0x4a89a4 GetCursorPos
0x4a89a8 GetCursor
0x4a89ac GetClientRect
0x4a89b0 GetClassLongA
0x4a89b4 GetClassInfoA
0x4a89b8 GetCapture
0x4a89bc GetActiveWindow
0x4a89c0 FrameRect
0x4a89c4 FindWindowA
0x4a89c8 FillRect
0x4a89cc EqualRect
0x4a89d0 EnumWindows
0x4a89d4 EnumThreadWindows
0x4a89d8 EnumChildWindows
0x4a89dc EndPaint
0x4a89e0 EnableWindow
0x4a89e4 EnableScrollBar
0x4a89e8 EnableMenuItem
0x4a89ec DrawTextA
0x4a89f0 DrawMenuBar
0x4a89f4 DrawIconEx
0x4a89f8 DrawIcon
0x4a89fc DrawFrameControl
0x4a8a00 DrawEdge
0x4a8a04 DispatchMessageW
0x4a8a08 DispatchMessageA
0x4a8a0c DestroyWindow
0x4a8a10 DestroyMenu
0x4a8a14 DestroyIcon
0x4a8a18 DestroyCursor
0x4a8a1c DeleteMenu
0x4a8a20 DefWindowProcA
0x4a8a24 DefMDIChildProcA
0x4a8a28 DefFrameProcA
0x4a8a2c CreatePopupMenu
0x4a8a30 CreateMenu
0x4a8a34 CreateIcon
0x4a8a38 ClientToScreen
0x4a8a3c CheckMenuItem
0x4a8a40 CallWindowProcA
0x4a8a44 CallNextHookEx
0x4a8a48 BeginPaint
0x4a8a4c CharNextA
0x4a8a50 CharLowerA
0x4a8a54 CharToOemA
0x4a8a58 AdjustWindowRectEx
0x4a8a5c ActivateKeyboardLayout
gdi32.dll
0x4a8a64 UnrealizeObject
0x4a8a68 StretchBlt
0x4a8a6c SetWindowOrgEx
0x4a8a70 SetViewportOrgEx
0x4a8a74 SetTextColor
0x4a8a78 SetStretchBltMode
0x4a8a7c SetROP2
0x4a8a80 SetPixel
0x4a8a84 SetDIBColorTable
0x4a8a88 SetBrushOrgEx
0x4a8a8c SetBkMode
0x4a8a90 SetBkColor
0x4a8a94 SelectPalette
0x4a8a98 SelectObject
0x4a8a9c SaveDC
0x4a8aa0 RestoreDC
0x4a8aa4 RectVisible
0x4a8aa8 RealizePalette
0x4a8aac PatBlt
0x4a8ab0 MoveToEx
0x4a8ab4 MaskBlt
0x4a8ab8 LineTo
0x4a8abc IntersectClipRect
0x4a8ac0 GetWindowOrgEx
0x4a8ac4 GetTextMetricsA
0x4a8ac8 GetTextExtentPoint32A
0x4a8acc GetSystemPaletteEntries
0x4a8ad0 GetStockObject
0x4a8ad4 GetRgnBox
0x4a8ad8 GetPixel
0x4a8adc GetPaletteEntries
0x4a8ae0 GetObjectA
0x4a8ae4 GetDeviceCaps
0x4a8ae8 GetDIBits
0x4a8aec GetDIBColorTable
0x4a8af0 GetDCOrgEx
0x4a8af4 GetCurrentPositionEx
0x4a8af8 GetClipBox
0x4a8afc GetBrushOrgEx
0x4a8b00 GetBitmapBits
0x4a8b04 ExcludeClipRect
0x4a8b08 DeleteObject
0x4a8b0c DeleteDC
0x4a8b10 CreateSolidBrush
0x4a8b14 CreatePenIndirect
0x4a8b18 CreatePalette
0x4a8b1c CreateHalftonePalette
0x4a8b20 CreateFontIndirectA
0x4a8b24 CreateDIBitmap
0x4a8b28 CreateDIBSection
0x4a8b2c CreateCompatibleDC
0x4a8b30 CreateCompatibleBitmap
0x4a8b34 CreateBrushIndirect
0x4a8b38 CreateBitmap
0x4a8b3c BitBlt
version.dll
0x4a8b44 VerQueryValueA
0x4a8b48 GetFileVersionInfoSizeA
0x4a8b4c GetFileVersionInfoA
kernel32.dll
0x4a8b54 lstrcpyA
0x4a8b58 WriteFile
0x4a8b5c WaitForSingleObject
0x4a8b60 VirtualQuery
0x4a8b64 VirtualProtect
0x4a8b68 VirtualAlloc
0x4a8b6c SizeofResource
0x4a8b70 SetThreadLocale
0x4a8b74 SetFilePointer
0x4a8b78 SetEvent
0x4a8b7c SetErrorMode
0x4a8b80 SetEndOfFile
0x4a8b84 ResetEvent
0x4a8b88 ReadFile
0x4a8b8c MulDiv
0x4a8b90 LockResource
0x4a8b94 LoadResource
0x4a8b98 LoadLibraryA
0x4a8b9c LeaveCriticalSection
0x4a8ba0 InitializeCriticalSection
0x4a8ba4 GlobalFindAtomA
0x4a8ba8 GlobalDeleteAtom
0x4a8bac GlobalAddAtomA
0x4a8bb0 GetVersionExA
0x4a8bb4 GetVersion
0x4a8bb8 GetTickCount
0x4a8bbc GetThreadLocale
0x4a8bc0 GetStdHandle
0x4a8bc4 GetProcAddress
0x4a8bc8 GetModuleHandleA
0x4a8bcc GetModuleFileNameA
0x4a8bd0 GetLocaleInfoA
0x4a8bd4 GetLocalTime
0x4a8bd8 GetLastError
0x4a8bdc GetFullPathNameA
0x4a8be0 GetDiskFreeSpaceA
0x4a8be4 GetDateFormatA
0x4a8be8 GetCurrentThreadId
0x4a8bec GetCurrentProcessId
0x4a8bf0 GetCPInfo
0x4a8bf4 FreeResource
0x4a8bf8 InterlockedExchange
0x4a8bfc FreeLibrary
0x4a8c00 FormatMessageA
0x4a8c04 FindResourceA
0x4a8c08 EnumCalendarInfoA
0x4a8c0c EnterCriticalSection
0x4a8c10 DeleteCriticalSection
0x4a8c14 CreateThread
0x4a8c18 CreateFileA
0x4a8c1c CreateEventA
0x4a8c20 CompareStringA
0x4a8c24 CloseHandle
advapi32.dll
0x4a8c2c RegQueryValueExA
0x4a8c30 RegOpenKeyExA
0x4a8c34 RegFlushKey
0x4a8c38 RegCloseKey
kernel32.dll
0x4a8c40 Sleep
oleaut32.dll
0x4a8c48 SafeArrayPtrOfIndex
0x4a8c4c SafeArrayGetUBound
0x4a8c50 SafeArrayGetLBound
0x4a8c54 SafeArrayCreate
0x4a8c58 VariantChangeType
0x4a8c5c VariantCopy
0x4a8c60 VariantClear
0x4a8c64 VariantInit
comctl32.dll
0x4a8c6c _TrackMouseEvent
0x4a8c70 ImageList_SetIconSize
0x4a8c74 ImageList_GetIconSize
0x4a8c78 ImageList_Write
0x4a8c7c ImageList_Read
0x4a8c80 ImageList_DragShowNolock
0x4a8c84 ImageList_DragMove
0x4a8c88 ImageList_DragLeave
0x4a8c8c ImageList_DragEnter
0x4a8c90 ImageList_EndDrag
0x4a8c94 ImageList_BeginDrag
0x4a8c98 ImageList_Remove
0x4a8c9c ImageList_DrawEx
0x4a8ca0 ImageList_Draw
0x4a8ca4 ImageList_GetBkColor
0x4a8ca8 ImageList_SetBkColor
0x4a8cac ImageList_Add
0x4a8cb0 ImageList_GetImageCount
0x4a8cb4 ImageList_Destroy
0x4a8cb8 ImageList_Create
EAT(Export Address Table) is none
oleaut32.dll
0x4a86ec SysFreeString
0x4a86f0 SysReAllocStringLen
0x4a86f4 SysAllocStringLen
advapi32.dll
0x4a86fc RegQueryValueExA
0x4a8700 RegOpenKeyExA
0x4a8704 RegCloseKey
user32.dll
0x4a870c GetKeyboardType
0x4a8710 DestroyWindow
0x4a8714 LoadStringA
0x4a8718 MessageBoxA
0x4a871c CharNextA
kernel32.dll
0x4a8724 GetACP
0x4a8728 Sleep
0x4a872c VirtualFree
0x4a8730 VirtualAlloc
0x4a8734 GetCurrentThreadId
0x4a8738 InterlockedDecrement
0x4a873c InterlockedIncrement
0x4a8740 VirtualQuery
0x4a8744 WideCharToMultiByte
0x4a8748 MultiByteToWideChar
0x4a874c lstrlenA
0x4a8750 lstrcpynA
0x4a8754 LoadLibraryExA
0x4a8758 GetThreadLocale
0x4a875c GetStartupInfoA
0x4a8760 GetProcAddress
0x4a8764 GetModuleHandleA
0x4a8768 GetModuleFileNameA
0x4a876c GetLocaleInfoA
0x4a8770 GetLastError
0x4a8774 GetCommandLineA
0x4a8778 FreeLibrary
0x4a877c FindFirstFileA
0x4a8780 FindClose
0x4a8784 ExitProcess
0x4a8788 CompareStringA
0x4a878c WriteFile
0x4a8790 UnhandledExceptionFilter
0x4a8794 SetFilePointer
0x4a8798 SetEndOfFile
0x4a879c RtlUnwind
0x4a87a0 ReadFile
0x4a87a4 RaiseException
0x4a87a8 GetStdHandle
0x4a87ac GetFileSize
0x4a87b0 GetFileType
0x4a87b4 CreateFileA
0x4a87b8 CloseHandle
kernel32.dll
0x4a87c0 TlsSetValue
0x4a87c4 TlsGetValue
0x4a87c8 LocalAlloc
0x4a87cc GetModuleHandleA
user32.dll
0x4a87d4 CreateWindowExA
0x4a87d8 WindowFromPoint
0x4a87dc WaitMessage
0x4a87e0 UpdateWindow
0x4a87e4 UnregisterClassA
0x4a87e8 UnhookWindowsHookEx
0x4a87ec TranslateMessage
0x4a87f0 TranslateMDISysAccel
0x4a87f4 TrackPopupMenu
0x4a87f8 SystemParametersInfoA
0x4a87fc ShowWindow
0x4a8800 ShowScrollBar
0x4a8804 ShowOwnedPopups
0x4a8808 SetWindowsHookExA
0x4a880c SetWindowTextA
0x4a8810 SetWindowPos
0x4a8814 SetWindowPlacement
0x4a8818 SetWindowLongW
0x4a881c SetWindowLongA
0x4a8820 SetTimer
0x4a8824 SetScrollRange
0x4a8828 SetScrollPos
0x4a882c SetScrollInfo
0x4a8830 SetRect
0x4a8834 SetPropA
0x4a8838 SetParent
0x4a883c SetMenuItemInfoA
0x4a8840 SetMenu
0x4a8844 SetForegroundWindow
0x4a8848 SetFocus
0x4a884c SetCursor
0x4a8850 SetClassLongA
0x4a8854 SetCapture
0x4a8858 SetActiveWindow
0x4a885c SendMessageW
0x4a8860 SendMessageA
0x4a8864 ScrollWindow
0x4a8868 ScreenToClient
0x4a886c RemovePropA
0x4a8870 RemoveMenu
0x4a8874 ReleaseDC
0x4a8878 ReleaseCapture
0x4a887c RegisterWindowMessageA
0x4a8880 RegisterClipboardFormatA
0x4a8884 RegisterClassA
0x4a8888 RedrawWindow
0x4a888c PtInRect
0x4a8890 PostQuitMessage
0x4a8894 PostMessageA
0x4a8898 PeekMessageW
0x4a889c PeekMessageA
0x4a88a0 OffsetRect
0x4a88a4 OemToCharA
0x4a88a8 MessageBoxA
0x4a88ac MapWindowPoints
0x4a88b0 MapVirtualKeyA
0x4a88b4 LoadStringA
0x4a88b8 LoadKeyboardLayoutA
0x4a88bc LoadIconA
0x4a88c0 LoadCursorA
0x4a88c4 LoadBitmapA
0x4a88c8 KillTimer
0x4a88cc IsZoomed
0x4a88d0 IsWindowVisible
0x4a88d4 IsWindowUnicode
0x4a88d8 IsWindowEnabled
0x4a88dc IsWindow
0x4a88e0 IsRectEmpty
0x4a88e4 IsIconic
0x4a88e8 IsDialogMessageW
0x4a88ec IsDialogMessageA
0x4a88f0 IsChild
0x4a88f4 InvalidateRect
0x4a88f8 IntersectRect
0x4a88fc InsertMenuItemA
0x4a8900 InsertMenuA
0x4a8904 InflateRect
0x4a8908 GetWindowThreadProcessId
0x4a890c GetWindowTextA
0x4a8910 GetWindowRect
0x4a8914 GetWindowPlacement
0x4a8918 GetWindowLongW
0x4a891c GetWindowLongA
0x4a8920 GetWindowDC
0x4a8924 GetTopWindow
0x4a8928 GetSystemMetrics
0x4a892c GetSystemMenu
0x4a8930 GetSysColorBrush
0x4a8934 GetSysColor
0x4a8938 GetSubMenu
0x4a893c GetScrollRange
0x4a8940 GetScrollPos
0x4a8944 GetScrollInfo
0x4a8948 GetPropA
0x4a894c GetParent
0x4a8950 GetWindow
0x4a8954 GetMessagePos
0x4a8958 GetMenuStringA
0x4a895c GetMenuState
0x4a8960 GetMenuItemInfoA
0x4a8964 GetMenuItemID
0x4a8968 GetMenuItemCount
0x4a896c GetMenu
0x4a8970 GetLastActivePopup
0x4a8974 GetKeyboardState
0x4a8978 GetKeyboardLayoutNameA
0x4a897c GetKeyboardLayoutList
0x4a8980 GetKeyboardLayout
0x4a8984 GetKeyState
0x4a8988 GetKeyNameTextA
0x4a898c GetIconInfo
0x4a8990 GetForegroundWindow
0x4a8994 GetFocus
0x4a8998 GetDesktopWindow
0x4a899c GetDCEx
0x4a89a0 GetDC
0x4a89a4 GetCursorPos
0x4a89a8 GetCursor
0x4a89ac GetClientRect
0x4a89b0 GetClassLongA
0x4a89b4 GetClassInfoA
0x4a89b8 GetCapture
0x4a89bc GetActiveWindow
0x4a89c0 FrameRect
0x4a89c4 FindWindowA
0x4a89c8 FillRect
0x4a89cc EqualRect
0x4a89d0 EnumWindows
0x4a89d4 EnumThreadWindows
0x4a89d8 EnumChildWindows
0x4a89dc EndPaint
0x4a89e0 EnableWindow
0x4a89e4 EnableScrollBar
0x4a89e8 EnableMenuItem
0x4a89ec DrawTextA
0x4a89f0 DrawMenuBar
0x4a89f4 DrawIconEx
0x4a89f8 DrawIcon
0x4a89fc DrawFrameControl
0x4a8a00 DrawEdge
0x4a8a04 DispatchMessageW
0x4a8a08 DispatchMessageA
0x4a8a0c DestroyWindow
0x4a8a10 DestroyMenu
0x4a8a14 DestroyIcon
0x4a8a18 DestroyCursor
0x4a8a1c DeleteMenu
0x4a8a20 DefWindowProcA
0x4a8a24 DefMDIChildProcA
0x4a8a28 DefFrameProcA
0x4a8a2c CreatePopupMenu
0x4a8a30 CreateMenu
0x4a8a34 CreateIcon
0x4a8a38 ClientToScreen
0x4a8a3c CheckMenuItem
0x4a8a40 CallWindowProcA
0x4a8a44 CallNextHookEx
0x4a8a48 BeginPaint
0x4a8a4c CharNextA
0x4a8a50 CharLowerA
0x4a8a54 CharToOemA
0x4a8a58 AdjustWindowRectEx
0x4a8a5c ActivateKeyboardLayout
gdi32.dll
0x4a8a64 UnrealizeObject
0x4a8a68 StretchBlt
0x4a8a6c SetWindowOrgEx
0x4a8a70 SetViewportOrgEx
0x4a8a74 SetTextColor
0x4a8a78 SetStretchBltMode
0x4a8a7c SetROP2
0x4a8a80 SetPixel
0x4a8a84 SetDIBColorTable
0x4a8a88 SetBrushOrgEx
0x4a8a8c SetBkMode
0x4a8a90 SetBkColor
0x4a8a94 SelectPalette
0x4a8a98 SelectObject
0x4a8a9c SaveDC
0x4a8aa0 RestoreDC
0x4a8aa4 RectVisible
0x4a8aa8 RealizePalette
0x4a8aac PatBlt
0x4a8ab0 MoveToEx
0x4a8ab4 MaskBlt
0x4a8ab8 LineTo
0x4a8abc IntersectClipRect
0x4a8ac0 GetWindowOrgEx
0x4a8ac4 GetTextMetricsA
0x4a8ac8 GetTextExtentPoint32A
0x4a8acc GetSystemPaletteEntries
0x4a8ad0 GetStockObject
0x4a8ad4 GetRgnBox
0x4a8ad8 GetPixel
0x4a8adc GetPaletteEntries
0x4a8ae0 GetObjectA
0x4a8ae4 GetDeviceCaps
0x4a8ae8 GetDIBits
0x4a8aec GetDIBColorTable
0x4a8af0 GetDCOrgEx
0x4a8af4 GetCurrentPositionEx
0x4a8af8 GetClipBox
0x4a8afc GetBrushOrgEx
0x4a8b00 GetBitmapBits
0x4a8b04 ExcludeClipRect
0x4a8b08 DeleteObject
0x4a8b0c DeleteDC
0x4a8b10 CreateSolidBrush
0x4a8b14 CreatePenIndirect
0x4a8b18 CreatePalette
0x4a8b1c CreateHalftonePalette
0x4a8b20 CreateFontIndirectA
0x4a8b24 CreateDIBitmap
0x4a8b28 CreateDIBSection
0x4a8b2c CreateCompatibleDC
0x4a8b30 CreateCompatibleBitmap
0x4a8b34 CreateBrushIndirect
0x4a8b38 CreateBitmap
0x4a8b3c BitBlt
version.dll
0x4a8b44 VerQueryValueA
0x4a8b48 GetFileVersionInfoSizeA
0x4a8b4c GetFileVersionInfoA
kernel32.dll
0x4a8b54 lstrcpyA
0x4a8b58 WriteFile
0x4a8b5c WaitForSingleObject
0x4a8b60 VirtualQuery
0x4a8b64 VirtualProtect
0x4a8b68 VirtualAlloc
0x4a8b6c SizeofResource
0x4a8b70 SetThreadLocale
0x4a8b74 SetFilePointer
0x4a8b78 SetEvent
0x4a8b7c SetErrorMode
0x4a8b80 SetEndOfFile
0x4a8b84 ResetEvent
0x4a8b88 ReadFile
0x4a8b8c MulDiv
0x4a8b90 LockResource
0x4a8b94 LoadResource
0x4a8b98 LoadLibraryA
0x4a8b9c LeaveCriticalSection
0x4a8ba0 InitializeCriticalSection
0x4a8ba4 GlobalFindAtomA
0x4a8ba8 GlobalDeleteAtom
0x4a8bac GlobalAddAtomA
0x4a8bb0 GetVersionExA
0x4a8bb4 GetVersion
0x4a8bb8 GetTickCount
0x4a8bbc GetThreadLocale
0x4a8bc0 GetStdHandle
0x4a8bc4 GetProcAddress
0x4a8bc8 GetModuleHandleA
0x4a8bcc GetModuleFileNameA
0x4a8bd0 GetLocaleInfoA
0x4a8bd4 GetLocalTime
0x4a8bd8 GetLastError
0x4a8bdc GetFullPathNameA
0x4a8be0 GetDiskFreeSpaceA
0x4a8be4 GetDateFormatA
0x4a8be8 GetCurrentThreadId
0x4a8bec GetCurrentProcessId
0x4a8bf0 GetCPInfo
0x4a8bf4 FreeResource
0x4a8bf8 InterlockedExchange
0x4a8bfc FreeLibrary
0x4a8c00 FormatMessageA
0x4a8c04 FindResourceA
0x4a8c08 EnumCalendarInfoA
0x4a8c0c EnterCriticalSection
0x4a8c10 DeleteCriticalSection
0x4a8c14 CreateThread
0x4a8c18 CreateFileA
0x4a8c1c CreateEventA
0x4a8c20 CompareStringA
0x4a8c24 CloseHandle
advapi32.dll
0x4a8c2c RegQueryValueExA
0x4a8c30 RegOpenKeyExA
0x4a8c34 RegFlushKey
0x4a8c38 RegCloseKey
kernel32.dll
0x4a8c40 Sleep
oleaut32.dll
0x4a8c48 SafeArrayPtrOfIndex
0x4a8c4c SafeArrayGetUBound
0x4a8c50 SafeArrayGetLBound
0x4a8c54 SafeArrayCreate
0x4a8c58 VariantChangeType
0x4a8c5c VariantCopy
0x4a8c60 VariantClear
0x4a8c64 VariantInit
comctl32.dll
0x4a8c6c _TrackMouseEvent
0x4a8c70 ImageList_SetIconSize
0x4a8c74 ImageList_GetIconSize
0x4a8c78 ImageList_Write
0x4a8c7c ImageList_Read
0x4a8c80 ImageList_DragShowNolock
0x4a8c84 ImageList_DragMove
0x4a8c88 ImageList_DragLeave
0x4a8c8c ImageList_DragEnter
0x4a8c90 ImageList_EndDrag
0x4a8c94 ImageList_BeginDrag
0x4a8c98 ImageList_Remove
0x4a8c9c ImageList_DrawEx
0x4a8ca0 ImageList_Draw
0x4a8ca4 ImageList_GetBkColor
0x4a8ca8 ImageList_SetBkColor
0x4a8cac ImageList_Add
0x4a8cb0 ImageList_GetImageCount
0x4a8cb4 ImageList_Destroy
0x4a8cb8 ImageList_Create
EAT(Export Address Table) is none