ScreenShot
| Created | 2021.09.29 10:16 | Machine | s1_win7_x6402 |
| Filename | sb.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | e310cb3185d95e3dda42f0230b569d84 | ||
| sha256 | 82867648313483db4a6115e0cc2b34c06719ffdb6667e50e625e2dc130adfbca | ||
| ssdeep | 12288:EjTG/NEiKx8FAuRg7Q7X/CRLL6/mkIHTydNNAF4B0laLpfqFR:EiAuRg7SFWIyFR | ||
| imphash | 9d3536f958f133fe568939841471fa60 | ||
| impfuzzy | 192:LUrQMFriBDpVqwWmw2aYJu9TTzA15Q7gkNs:LUD+DpVqwCvaQk4s | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44e11c GetProcessHeaps
0x44e120 GetProcessId
0x44e124 GetProcessTimes
0x44e128 GetQueuedCompletionStatus
0x44e12c GetStartupInfoW
0x44e130 GetStdHandle
0x44e134 GetStringTypeW
0x44e138 GetSystemDefaultLCID
0x44e13c GetSystemDirectoryW
0x44e140 GetSystemInfo
0x44e144 GetSystemTimeAsFileTime
0x44e148 GetTempPathW
0x44e14c GetThreadContext
0x44e150 GetThreadId
0x44e154 GetThreadLocale
0x44e158 GetThreadPriority
0x44e15c GetTickCount
0x44e160 GetTimeFormatW
0x44e164 GetTimeZoneInformation
0x44e168 GetUserDefaultLCID
0x44e16c GetUserDefaultLangID
0x44e170 GetUserDefaultLocaleName
0x44e174 GetVersion
0x44e178 GetVersionExW
0x44e17c GetWindowsDirectoryW
0x44e180 HeapAlloc
0x44e184 HeapCreate
0x44e188 HeapDestroy
0x44e18c HeapFree
0x44e190 HeapReAlloc
0x44e194 HeapSetInformation
0x44e198 HeapSize
0x44e19c InitOnceExecuteOnce
0x44e1a0 InitializeCriticalSection
0x44e1a4 InitializeCriticalSectionAndSpinCount
0x44e1a8 InitializeSListHead
0x44e1ac IsDebuggerPresent
0x44e1b0 IsProcessorFeaturePresent
0x44e1b4 IsValidCodePage
0x44e1b8 IsValidLocale
0x44e1bc IsWow64Process
0x44e1c0 K32GetPerformanceInfo
0x44e1c4 K32GetProcessMemoryInfo
0x44e1c8 K32QueryWorkingSetEx
0x44e1cc LCMapStringW
0x44e1d0 LeaveCriticalSection
0x44e1d4 LoadLibraryExA
0x44e1d8 LoadLibraryExW
0x44e1dc LoadLibraryW
0x44e1e0 LocalFree
0x44e1e4 LockFileEx
0x44e1e8 MapViewOfFile
0x44e1ec MoveFileW
0x44e1f0 MultiByteToWideChar
0x44e1f4 OpenProcess
0x44e1f8 OutputDebugStringA
0x44e1fc OutputDebugStringW
0x44e200 PeekNamedPipe
0x44e204 PostQueuedCompletionStatus
0x44e208 ProcessIdToSessionId
0x44e20c QueryDosDeviceW
0x44e210 QueryPerformanceCounter
0x44e214 QueryPerformanceFrequency
0x44e218 QueryThreadCycleTime
0x44e21c RaiseException
0x44e220 ReadConsoleW
0x44e224 ReadFile
0x44e228 ReadProcessMemory
0x44e22c RegisterWaitForSingleObject
0x44e230 ReleaseSRWLockExclusive
0x44e234 ReleaseSemaphore
0x44e238 RemoveDirectoryW
0x44e23c ReplaceFileW
0x44e240 ResetEvent
0x44e244 ResumeThread
0x44e248 GetEnvironmentStringsW
0x44e24c RtlCaptureStackBackTrace
0x44e250 RtlUnwind
0x44e254 SearchPathW
0x44e258 SetConsoleCtrlHandler
0x44e25c SetCurrentDirectoryW
0x44e260 SetEndOfFile
0x44e264 SetEnvironmentVariableW
0x44e268 SetEvent
0x44e26c SetFileAttributesW
0x44e270 SetFilePointerEx
0x44e274 SetHandleInformation
0x44e278 SetInformationJobObject
0x44e27c SetLastError
0x44e280 SetNamedPipeHandleState
0x44e284 SetProcessShutdownParameters
0x44e288 SetStdHandle
0x44e28c SetThreadPriority
0x44e290 SetUnhandledExceptionFilter
0x44e294 SignalObjectAndWait
0x44e298 Sleep
0x44e29c SleepConditionVariableSRW
0x44e2a0 SleepEx
0x44e2a4 SuspendThread
0x44e2a8 SwitchToThread
0x44e2ac GetProcessHandleCount
0x44e2b0 TerminateJobObject
0x44e2b4 TerminateProcess
0x44e2b8 TlsAlloc
0x44e2bc TlsFree
0x44e2c0 TlsGetValue
0x44e2c4 TlsSetValue
0x44e2c8 TransactNamedPipe
0x44e2cc TryAcquireSRWLockExclusive
0x44e2d0 UnhandledExceptionFilter
0x44e2d4 UnlockFileEx
0x44e2d8 UnmapViewOfFile
0x44e2dc UnregisterWaitEx
0x44e2e0 VirtualAlloc
0x44e2e4 VirtualAllocEx
0x44e2e8 VirtualFree
0x44e2ec VirtualFreeEx
0x44e2f0 VirtualProtect
0x44e2f4 VirtualProtectEx
0x44e2f8 VirtualQuery
0x44e2fc VirtualQueryEx
0x44e300 WaitForSingleObject
0x44e304 WaitForSingleObjectEx
0x44e308 WaitNamedPipeW
0x44e30c WakeAllConditionVariable
0x44e310 WideCharToMultiByte
0x44e314 Wow64GetThreadContext
0x44e318 WriteConsoleW
0x44e31c WriteFile
0x44e320 WriteProcessMemory
0x44e324 lstrlenW
0x44e328 GetModuleFileNameA
0x44e32c SizeofResource
0x44e330 SetThreadLocale
0x44e334 InitializeCriticalSectionEx
0x44e338 FindResourceA
0x44e33c lstrlenA
0x44e340 GlobalAlloc
0x44e344 FreeConsole
0x44e348 IsDBCSLeadByte
0x44e34c LoadResource
0x44e350 DecodePointer
0x44e354 GlobalLock
0x44e358 lstrcmpiA
0x44e35c GlobalUnlock
0x44e360 MulDiv
0x44e364 InterlockedFlushSList
0x44e368 FlushInstructionCache
0x44e36c InterlockedPushEntrySList
0x44e370 InterlockedPopEntrySList
0x44e374 GetProcessHeap
0x44e378 GetProcAddress
0x44e37c GetDriveTypeW
0x44e380 GetDateFormatW
0x44e384 GetCurrentThreadId
0x44e388 GetCurrentThread
0x44e38c GetCurrentProcessId
0x44e390 GetCurrentProcess
0x44e394 GetCurrentDirectoryW
0x44e398 GetConsoleMode
0x44e39c GetConsoleCP
0x44e3a0 GetComputerNameExW
0x44e3a4 GetCommandLineW
0x44e3a8 GetCommandLineA
0x44e3ac GetCPInfo
0x44e3b0 GetACP
0x44e3b4 FreeLibrary
0x44e3b8 FreeEnvironmentStringsW
0x44e3bc FormatMessageA
0x44e3c0 FlushViewOfFile
0x44e3c4 FlushFileBuffers
0x44e3c8 FindNextFileW
0x44e3cc FindFirstFileExW
0x44e3d0 FindClose
0x44e3d4 FileTimeToSystemTime
0x44e3d8 ExpandEnvironmentStringsW
0x44e3dc ExitProcess
0x44e3e0 EnumSystemLocalesW
0x44e3e4 EnumSystemLocalesEx
0x44e3e8 EnterCriticalSection
0x44e3ec EncodePointer
0x44e3f0 DuplicateHandle
0x44e3f4 DisconnectNamedPipe
0x44e3f8 DeleteFileW
0x44e3fc DeleteCriticalSection
0x44e400 DebugBreak
0x44e404 CreateThread
0x44e408 CreateSemaphoreW
0x44e40c CreateRemoteThread
0x44e410 CreateProcessW
0x44e414 CreateNamedPipeW
0x44e418 CreateMutexW
0x44e41c CreateJobObjectW
0x44e420 CreateIoCompletionPort
0x44e424 CreateFileW
0x44e428 CreateFileMappingW
0x44e42c CreateEventW
0x44e430 CreateDirectoryW
0x44e434 ConnectNamedPipe
0x44e438 CompareStringW
0x44e43c CloseHandle
0x44e440 AssignProcessToJobObject
0x44e444 GetOEMCP
0x44e448 GetNativeSystemInfo
0x44e44c GetModuleHandleW
0x44e450 GetModuleHandleExW
0x44e454 GetModuleHandleA
0x44e458 GetModuleFileNameW
0x44e45c GetLongPathNameW
0x44e460 GetLocaleInfoW
0x44e464 GetLocalTime
0x44e468 GetLastError
0x44e46c GetFullPathNameW
0x44e470 GetFileType
0x44e474 GetFileSizeEx
0x44e478 GetFileInformationByHandleEx
0x44e47c GetFileInformationByHandle
0x44e480 GetFileAttributesW
0x44e484 SystemTimeToTzSpecificLocalTime
0x44e488 GetExitCodeProcess
0x44e48c RtlCaptureContext
0x44e490 AcquireSRWLockExclusive
USER32.dll
0x44e500 RegisterClassExA
0x44e504 InvalidateRect
0x44e508 ReleaseDC
0x44e50c BeginPaint
0x44e510 EndPaint
0x44e514 UnregisterClassW
0x44e518 TranslateMessage
0x44e51c SetProcessWindowStation
0x44e520 SetProcessDPIAware
0x44e524 SendMessageTimeoutW
0x44e528 RegisterClassW
0x44e52c PostMessageW
0x44e530 IsWindow
0x44e534 GetWindowThreadProcessId
0x44e538 GetUserObjectInformationW
0x44e53c GetThreadDesktop
0x44e540 PtInRect
0x44e544 GetMessageW
0x44e548 FindWindowExW
0x44e54c DispatchMessageW
0x44e550 DestroyWindow
0x44e554 DefWindowProcW
0x44e558 CreateWindowStationW
0x44e55c CreateWindowExW
0x44e560 GetClientRect
0x44e564 CharNextW
0x44e568 SetFocus
0x44e56c GetParent
0x44e570 CharNextA
0x44e574 GetKeyState
0x44e578 GetFocus
0x44e57c AllowSetForegroundWindow
0x44e580 CloseDesktop
0x44e584 CloseWindowStation
0x44e588 CreateDesktopW
0x44e58c GetProcessWindowStation
0x44e590 UnregisterClassA
0x44e594 UnionRect
0x44e598 LoadCursorA
0x44e59c GetDC
0x44e5a0 SetWindowPos
0x44e5a4 EqualRect
0x44e5a8 IntersectRect
0x44e5ac CreateWindowExA
0x44e5b0 DefWindowProcA
0x44e5b4 MessageBoxA
0x44e5b8 GetWindowLongA
0x44e5bc IsChild
0x44e5c0 CallWindowProcA
0x44e5c4 SetWindowLongA
0x44e5c8 OffsetRect
0x44e5cc GetClassInfoExA
0x44e5d0 ShowWindow
0x44e5d4 SetWindowRgn
GDI32.dll
0x44e0d4 CloseMetaFile
0x44e0d8 SetWindowOrgEx
0x44e0dc CreateRectRgnIndirect
0x44e0e0 SetWindowExtEx
0x44e0e4 GetDeviceCaps
0x44e0e8 DeleteDC
0x44e0ec CreateMetaFileA
0x44e0f0 TextOutA
0x44e0f4 Rectangle
0x44e0f8 SetViewportOrgEx
0x44e0fc RestoreDC
0x44e100 LPtoDP
0x44e104 CreateDCA
0x44e108 SetMapMode
0x44e10c SetTextAlign
0x44e110 DeleteMetaFile
0x44e114 SaveDC
ADVAPI32.dll
0x44e000 ConvertSidToStringSidW
0x44e004 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44e008 ConvertStringSidToSidW
0x44e00c CopySid
0x44e010 CreateProcessAsUserW
0x44e014 CreateRestrictedToken
0x44e018 CreateWellKnownSid
0x44e01c DuplicateToken
0x44e020 DuplicateTokenEx
0x44e024 EqualSid
0x44e028 EventRegister
0x44e02c EventUnregister
0x44e030 EventWrite
0x44e034 FreeSid
0x44e038 GetAce
0x44e03c GetKernelObjectSecurity
0x44e040 GetLengthSid
0x44e044 GetNamedSecurityInfoW
0x44e048 GetSecurityDescriptorSacl
0x44e04c GetSecurityInfo
0x44e050 GetSidSubAuthority
0x44e054 GetTokenInformation
0x44e058 ImpersonateLoggedOnUser
0x44e05c ImpersonateNamedPipeClient
0x44e060 InitializeSid
0x44e064 IsValidSid
0x44e068 LookupPrivilegeValueW
0x44e06c MapGenericMask
0x44e070 OpenProcessToken
0x44e074 RegCloseKey
0x44e078 RegCreateKeyExW
0x44e07c RegDeleteValueW
0x44e080 RegDisablePredefinedCache
0x44e084 RegOpenKeyExW
0x44e088 RegQueryValueExW
0x44e08c RegSetValueExW
0x44e090 RevertToSelf
0x44e094 SetEntriesInAclW
0x44e098 SetKernelObjectSecurity
0x44e09c SetSecurityInfo
0x44e0a0 SetThreadToken
0x44e0a4 SetTokenInformation
0x44e0a8 SystemFunction036
0x44e0ac RegEnumKeyExA
0x44e0b0 RegDeleteValueA
0x44e0b4 RegOpenKeyExA
0x44e0b8 RegQueryInfoKeyA
0x44e0bc RegSetValueExA
0x44e0c0 RegCreateKeyExA
0x44e0c4 RegDeleteKeyA
0x44e0c8 RegQueryInfoKeyW
0x44e0cc AccessCheck
SHELL32.dll
0x44e4e8 SHGetKnownFolderPath
0x44e4ec SHGetFolderPathW
0x44e4f0 CommandLineToArgvW
ole32.dll
0x44e600 OleRegGetUserType
0x44e604 OleRegGetMiscStatus
0x44e608 CoTaskMemRealloc
0x44e60c OleRegEnumVerbs
0x44e610 CreateDataAdviseHolder
0x44e614 WriteClassStm
0x44e618 CoTaskMemFree
0x44e61c CreateOleAdviseHolder
0x44e620 CoCreateInstance
0x44e624 StringFromGUID2
0x44e628 CoTaskMemAlloc
0x44e62c ReadClassStm
0x44e630 OleSaveToStream
OLEAUT32.dll
0x44e498 GetErrorInfo
0x44e49c SetErrorInfo
0x44e4a0 CreateErrorInfo
0x44e4a4 VariantClear
0x44e4a8 VariantCopy
0x44e4ac UnRegisterTypeLib
0x44e4b0 LoadRegTypeLib
0x44e4b4 VariantInit
0x44e4b8 LoadTypeLib
0x44e4bc SysFreeString
0x44e4c0 RegisterTypeLib
0x44e4c4 SysStringByteLen
0x44e4c8 SysAllocStringByteLen
0x44e4cc SysAllocString
0x44e4d0 OleCreatePropertyFrame
0x44e4d4 DispCallFunc
0x44e4d8 SysStringLen
0x44e4dc VariantChangeType
0x44e4e0 VarUI4FromStr
SHLWAPI.dll
0x44e4f8 PathMatchSpecW
USERENV.dll
0x44e5dc CreateEnvironmentBlock
0x44e5e0 DestroyEnvironmentBlock
VERSION.dll
0x44e5e8 VerQueryValueW
0x44e5ec GetFileVersionInfoSizeW
0x44e5f0 GetFileVersionInfoW
WINMM.dll
0x44e5f8 timeGetTime
EAT(Export Address Table) is none
KERNEL32.dll
0x44e11c GetProcessHeaps
0x44e120 GetProcessId
0x44e124 GetProcessTimes
0x44e128 GetQueuedCompletionStatus
0x44e12c GetStartupInfoW
0x44e130 GetStdHandle
0x44e134 GetStringTypeW
0x44e138 GetSystemDefaultLCID
0x44e13c GetSystemDirectoryW
0x44e140 GetSystemInfo
0x44e144 GetSystemTimeAsFileTime
0x44e148 GetTempPathW
0x44e14c GetThreadContext
0x44e150 GetThreadId
0x44e154 GetThreadLocale
0x44e158 GetThreadPriority
0x44e15c GetTickCount
0x44e160 GetTimeFormatW
0x44e164 GetTimeZoneInformation
0x44e168 GetUserDefaultLCID
0x44e16c GetUserDefaultLangID
0x44e170 GetUserDefaultLocaleName
0x44e174 GetVersion
0x44e178 GetVersionExW
0x44e17c GetWindowsDirectoryW
0x44e180 HeapAlloc
0x44e184 HeapCreate
0x44e188 HeapDestroy
0x44e18c HeapFree
0x44e190 HeapReAlloc
0x44e194 HeapSetInformation
0x44e198 HeapSize
0x44e19c InitOnceExecuteOnce
0x44e1a0 InitializeCriticalSection
0x44e1a4 InitializeCriticalSectionAndSpinCount
0x44e1a8 InitializeSListHead
0x44e1ac IsDebuggerPresent
0x44e1b0 IsProcessorFeaturePresent
0x44e1b4 IsValidCodePage
0x44e1b8 IsValidLocale
0x44e1bc IsWow64Process
0x44e1c0 K32GetPerformanceInfo
0x44e1c4 K32GetProcessMemoryInfo
0x44e1c8 K32QueryWorkingSetEx
0x44e1cc LCMapStringW
0x44e1d0 LeaveCriticalSection
0x44e1d4 LoadLibraryExA
0x44e1d8 LoadLibraryExW
0x44e1dc LoadLibraryW
0x44e1e0 LocalFree
0x44e1e4 LockFileEx
0x44e1e8 MapViewOfFile
0x44e1ec MoveFileW
0x44e1f0 MultiByteToWideChar
0x44e1f4 OpenProcess
0x44e1f8 OutputDebugStringA
0x44e1fc OutputDebugStringW
0x44e200 PeekNamedPipe
0x44e204 PostQueuedCompletionStatus
0x44e208 ProcessIdToSessionId
0x44e20c QueryDosDeviceW
0x44e210 QueryPerformanceCounter
0x44e214 QueryPerformanceFrequency
0x44e218 QueryThreadCycleTime
0x44e21c RaiseException
0x44e220 ReadConsoleW
0x44e224 ReadFile
0x44e228 ReadProcessMemory
0x44e22c RegisterWaitForSingleObject
0x44e230 ReleaseSRWLockExclusive
0x44e234 ReleaseSemaphore
0x44e238 RemoveDirectoryW
0x44e23c ReplaceFileW
0x44e240 ResetEvent
0x44e244 ResumeThread
0x44e248 GetEnvironmentStringsW
0x44e24c RtlCaptureStackBackTrace
0x44e250 RtlUnwind
0x44e254 SearchPathW
0x44e258 SetConsoleCtrlHandler
0x44e25c SetCurrentDirectoryW
0x44e260 SetEndOfFile
0x44e264 SetEnvironmentVariableW
0x44e268 SetEvent
0x44e26c SetFileAttributesW
0x44e270 SetFilePointerEx
0x44e274 SetHandleInformation
0x44e278 SetInformationJobObject
0x44e27c SetLastError
0x44e280 SetNamedPipeHandleState
0x44e284 SetProcessShutdownParameters
0x44e288 SetStdHandle
0x44e28c SetThreadPriority
0x44e290 SetUnhandledExceptionFilter
0x44e294 SignalObjectAndWait
0x44e298 Sleep
0x44e29c SleepConditionVariableSRW
0x44e2a0 SleepEx
0x44e2a4 SuspendThread
0x44e2a8 SwitchToThread
0x44e2ac GetProcessHandleCount
0x44e2b0 TerminateJobObject
0x44e2b4 TerminateProcess
0x44e2b8 TlsAlloc
0x44e2bc TlsFree
0x44e2c0 TlsGetValue
0x44e2c4 TlsSetValue
0x44e2c8 TransactNamedPipe
0x44e2cc TryAcquireSRWLockExclusive
0x44e2d0 UnhandledExceptionFilter
0x44e2d4 UnlockFileEx
0x44e2d8 UnmapViewOfFile
0x44e2dc UnregisterWaitEx
0x44e2e0 VirtualAlloc
0x44e2e4 VirtualAllocEx
0x44e2e8 VirtualFree
0x44e2ec VirtualFreeEx
0x44e2f0 VirtualProtect
0x44e2f4 VirtualProtectEx
0x44e2f8 VirtualQuery
0x44e2fc VirtualQueryEx
0x44e300 WaitForSingleObject
0x44e304 WaitForSingleObjectEx
0x44e308 WaitNamedPipeW
0x44e30c WakeAllConditionVariable
0x44e310 WideCharToMultiByte
0x44e314 Wow64GetThreadContext
0x44e318 WriteConsoleW
0x44e31c WriteFile
0x44e320 WriteProcessMemory
0x44e324 lstrlenW
0x44e328 GetModuleFileNameA
0x44e32c SizeofResource
0x44e330 SetThreadLocale
0x44e334 InitializeCriticalSectionEx
0x44e338 FindResourceA
0x44e33c lstrlenA
0x44e340 GlobalAlloc
0x44e344 FreeConsole
0x44e348 IsDBCSLeadByte
0x44e34c LoadResource
0x44e350 DecodePointer
0x44e354 GlobalLock
0x44e358 lstrcmpiA
0x44e35c GlobalUnlock
0x44e360 MulDiv
0x44e364 InterlockedFlushSList
0x44e368 FlushInstructionCache
0x44e36c InterlockedPushEntrySList
0x44e370 InterlockedPopEntrySList
0x44e374 GetProcessHeap
0x44e378 GetProcAddress
0x44e37c GetDriveTypeW
0x44e380 GetDateFormatW
0x44e384 GetCurrentThreadId
0x44e388 GetCurrentThread
0x44e38c GetCurrentProcessId
0x44e390 GetCurrentProcess
0x44e394 GetCurrentDirectoryW
0x44e398 GetConsoleMode
0x44e39c GetConsoleCP
0x44e3a0 GetComputerNameExW
0x44e3a4 GetCommandLineW
0x44e3a8 GetCommandLineA
0x44e3ac GetCPInfo
0x44e3b0 GetACP
0x44e3b4 FreeLibrary
0x44e3b8 FreeEnvironmentStringsW
0x44e3bc FormatMessageA
0x44e3c0 FlushViewOfFile
0x44e3c4 FlushFileBuffers
0x44e3c8 FindNextFileW
0x44e3cc FindFirstFileExW
0x44e3d0 FindClose
0x44e3d4 FileTimeToSystemTime
0x44e3d8 ExpandEnvironmentStringsW
0x44e3dc ExitProcess
0x44e3e0 EnumSystemLocalesW
0x44e3e4 EnumSystemLocalesEx
0x44e3e8 EnterCriticalSection
0x44e3ec EncodePointer
0x44e3f0 DuplicateHandle
0x44e3f4 DisconnectNamedPipe
0x44e3f8 DeleteFileW
0x44e3fc DeleteCriticalSection
0x44e400 DebugBreak
0x44e404 CreateThread
0x44e408 CreateSemaphoreW
0x44e40c CreateRemoteThread
0x44e410 CreateProcessW
0x44e414 CreateNamedPipeW
0x44e418 CreateMutexW
0x44e41c CreateJobObjectW
0x44e420 CreateIoCompletionPort
0x44e424 CreateFileW
0x44e428 CreateFileMappingW
0x44e42c CreateEventW
0x44e430 CreateDirectoryW
0x44e434 ConnectNamedPipe
0x44e438 CompareStringW
0x44e43c CloseHandle
0x44e440 AssignProcessToJobObject
0x44e444 GetOEMCP
0x44e448 GetNativeSystemInfo
0x44e44c GetModuleHandleW
0x44e450 GetModuleHandleExW
0x44e454 GetModuleHandleA
0x44e458 GetModuleFileNameW
0x44e45c GetLongPathNameW
0x44e460 GetLocaleInfoW
0x44e464 GetLocalTime
0x44e468 GetLastError
0x44e46c GetFullPathNameW
0x44e470 GetFileType
0x44e474 GetFileSizeEx
0x44e478 GetFileInformationByHandleEx
0x44e47c GetFileInformationByHandle
0x44e480 GetFileAttributesW
0x44e484 SystemTimeToTzSpecificLocalTime
0x44e488 GetExitCodeProcess
0x44e48c RtlCaptureContext
0x44e490 AcquireSRWLockExclusive
USER32.dll
0x44e500 RegisterClassExA
0x44e504 InvalidateRect
0x44e508 ReleaseDC
0x44e50c BeginPaint
0x44e510 EndPaint
0x44e514 UnregisterClassW
0x44e518 TranslateMessage
0x44e51c SetProcessWindowStation
0x44e520 SetProcessDPIAware
0x44e524 SendMessageTimeoutW
0x44e528 RegisterClassW
0x44e52c PostMessageW
0x44e530 IsWindow
0x44e534 GetWindowThreadProcessId
0x44e538 GetUserObjectInformationW
0x44e53c GetThreadDesktop
0x44e540 PtInRect
0x44e544 GetMessageW
0x44e548 FindWindowExW
0x44e54c DispatchMessageW
0x44e550 DestroyWindow
0x44e554 DefWindowProcW
0x44e558 CreateWindowStationW
0x44e55c CreateWindowExW
0x44e560 GetClientRect
0x44e564 CharNextW
0x44e568 SetFocus
0x44e56c GetParent
0x44e570 CharNextA
0x44e574 GetKeyState
0x44e578 GetFocus
0x44e57c AllowSetForegroundWindow
0x44e580 CloseDesktop
0x44e584 CloseWindowStation
0x44e588 CreateDesktopW
0x44e58c GetProcessWindowStation
0x44e590 UnregisterClassA
0x44e594 UnionRect
0x44e598 LoadCursorA
0x44e59c GetDC
0x44e5a0 SetWindowPos
0x44e5a4 EqualRect
0x44e5a8 IntersectRect
0x44e5ac CreateWindowExA
0x44e5b0 DefWindowProcA
0x44e5b4 MessageBoxA
0x44e5b8 GetWindowLongA
0x44e5bc IsChild
0x44e5c0 CallWindowProcA
0x44e5c4 SetWindowLongA
0x44e5c8 OffsetRect
0x44e5cc GetClassInfoExA
0x44e5d0 ShowWindow
0x44e5d4 SetWindowRgn
GDI32.dll
0x44e0d4 CloseMetaFile
0x44e0d8 SetWindowOrgEx
0x44e0dc CreateRectRgnIndirect
0x44e0e0 SetWindowExtEx
0x44e0e4 GetDeviceCaps
0x44e0e8 DeleteDC
0x44e0ec CreateMetaFileA
0x44e0f0 TextOutA
0x44e0f4 Rectangle
0x44e0f8 SetViewportOrgEx
0x44e0fc RestoreDC
0x44e100 LPtoDP
0x44e104 CreateDCA
0x44e108 SetMapMode
0x44e10c SetTextAlign
0x44e110 DeleteMetaFile
0x44e114 SaveDC
ADVAPI32.dll
0x44e000 ConvertSidToStringSidW
0x44e004 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44e008 ConvertStringSidToSidW
0x44e00c CopySid
0x44e010 CreateProcessAsUserW
0x44e014 CreateRestrictedToken
0x44e018 CreateWellKnownSid
0x44e01c DuplicateToken
0x44e020 DuplicateTokenEx
0x44e024 EqualSid
0x44e028 EventRegister
0x44e02c EventUnregister
0x44e030 EventWrite
0x44e034 FreeSid
0x44e038 GetAce
0x44e03c GetKernelObjectSecurity
0x44e040 GetLengthSid
0x44e044 GetNamedSecurityInfoW
0x44e048 GetSecurityDescriptorSacl
0x44e04c GetSecurityInfo
0x44e050 GetSidSubAuthority
0x44e054 GetTokenInformation
0x44e058 ImpersonateLoggedOnUser
0x44e05c ImpersonateNamedPipeClient
0x44e060 InitializeSid
0x44e064 IsValidSid
0x44e068 LookupPrivilegeValueW
0x44e06c MapGenericMask
0x44e070 OpenProcessToken
0x44e074 RegCloseKey
0x44e078 RegCreateKeyExW
0x44e07c RegDeleteValueW
0x44e080 RegDisablePredefinedCache
0x44e084 RegOpenKeyExW
0x44e088 RegQueryValueExW
0x44e08c RegSetValueExW
0x44e090 RevertToSelf
0x44e094 SetEntriesInAclW
0x44e098 SetKernelObjectSecurity
0x44e09c SetSecurityInfo
0x44e0a0 SetThreadToken
0x44e0a4 SetTokenInformation
0x44e0a8 SystemFunction036
0x44e0ac RegEnumKeyExA
0x44e0b0 RegDeleteValueA
0x44e0b4 RegOpenKeyExA
0x44e0b8 RegQueryInfoKeyA
0x44e0bc RegSetValueExA
0x44e0c0 RegCreateKeyExA
0x44e0c4 RegDeleteKeyA
0x44e0c8 RegQueryInfoKeyW
0x44e0cc AccessCheck
SHELL32.dll
0x44e4e8 SHGetKnownFolderPath
0x44e4ec SHGetFolderPathW
0x44e4f0 CommandLineToArgvW
ole32.dll
0x44e600 OleRegGetUserType
0x44e604 OleRegGetMiscStatus
0x44e608 CoTaskMemRealloc
0x44e60c OleRegEnumVerbs
0x44e610 CreateDataAdviseHolder
0x44e614 WriteClassStm
0x44e618 CoTaskMemFree
0x44e61c CreateOleAdviseHolder
0x44e620 CoCreateInstance
0x44e624 StringFromGUID2
0x44e628 CoTaskMemAlloc
0x44e62c ReadClassStm
0x44e630 OleSaveToStream
OLEAUT32.dll
0x44e498 GetErrorInfo
0x44e49c SetErrorInfo
0x44e4a0 CreateErrorInfo
0x44e4a4 VariantClear
0x44e4a8 VariantCopy
0x44e4ac UnRegisterTypeLib
0x44e4b0 LoadRegTypeLib
0x44e4b4 VariantInit
0x44e4b8 LoadTypeLib
0x44e4bc SysFreeString
0x44e4c0 RegisterTypeLib
0x44e4c4 SysStringByteLen
0x44e4c8 SysAllocStringByteLen
0x44e4cc SysAllocString
0x44e4d0 OleCreatePropertyFrame
0x44e4d4 DispCallFunc
0x44e4d8 SysStringLen
0x44e4dc VariantChangeType
0x44e4e0 VarUI4FromStr
SHLWAPI.dll
0x44e4f8 PathMatchSpecW
USERENV.dll
0x44e5dc CreateEnvironmentBlock
0x44e5e0 DestroyEnvironmentBlock
VERSION.dll
0x44e5e8 VerQueryValueW
0x44e5ec GetFileVersionInfoSizeW
0x44e5f0 GetFileVersionInfoW
WINMM.dll
0x44e5f8 timeGetTime
EAT(Export Address Table) is none