ScreenShot
| Created | 2021.10.01 09:38 | Machine | s1_win7_x6401 |
| Filename | faba50s4e01t22barcode.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (Burden, GenericKD, Kuaizip, Unsafe, Attribute, HighConfidence, Malicious, CLASSIC, VSNW03I21, Artemis, Generic PUA KN, gwtqi, ai score=82, ASMalwS, score, BScope, ChinAd, QAKJrxPveHo) | ||
| md5 | c5687cde262a0776027b2f73f1266a79 | ||
| sha256 | a6e7917a28583bd02d4bdd47d512efe0f7f9c81ab365548734ce8de4df6b9ce5 | ||
| ssdeep | 49152:caEjcPLmTsMeh4CjfBKT6Pys3SLMBL/vQr75xQGdJNsd3bypQsYYcp:chczmAMeh4CWsv | ||
| imphash | fc5a02925a071b9fabc787cbde5b1f89 | ||
| impfuzzy | 96:k5ylvn7XJ3cfxTY2EpGLtoWRhNJ+SVrpnvX1GsMQEi2FzIG8fTsMpguH9VOanSA+:fmb1nJ5lvFHV2FzIGaThdVO6SAkno2 | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| watch | Queries information on disks |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a service |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (download) |
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
Network (3cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x4f8620 socket
0x4f8624 WSAIoctl
0x4f8628 WSAStartup
0x4f862c WSACleanup
0x4f8630 getaddrinfo
0x4f8634 freeaddrinfo
0x4f8638 recvfrom
0x4f863c sendto
0x4f8640 accept
0x4f8644 listen
0x4f8648 gethostname
0x4f864c htonl
0x4f8650 ntohl
0x4f8654 setsockopt
0x4f8658 ntohs
0x4f865c htons
0x4f8660 getsockopt
0x4f8664 getsockname
0x4f8668 getpeername
0x4f866c connect
0x4f8670 WSAGetLastError
0x4f8674 __WSAFDIsSet
0x4f8678 select
0x4f867c closesocket
0x4f8680 ind
0x4f8684 send
0x4f8688 recv
0x4f868c WSASetLastError
0x4f8690 ioctlsocket
VERSION.dll
0x4f85b4 GetFileVersionInfoSizeW
0x4f85b8 VerQueryValueW
0x4f85bc GetFileVersionInfoW
KERNEL32.dll
0x4f8164 SystemTimeToTzSpecificLocalTime
0x4f8168 GetSystemTimeAsFileTime
0x4f816c QueryPerformanceCounter
0x4f8170 FindFirstFileW
0x4f8174 FindFirstFileExW
0x4f8178 FindNextFileW
0x4f817c FindClose
0x4f8180 RaiseException
0x4f8184 CreateThread
0x4f8188 ExpandEnvironmentStringsW
0x4f818c CreateEventW
0x4f8190 GetModuleHandleExW
0x4f8194 TlsSetValue
0x4f8198 TlsAlloc
0x4f819c TlsGetValue
0x4f81a0 TlsFree
0x4f81a4 GetQueuedCompletionStatus
0x4f81a8 PostQueuedCompletionStatus
0x4f81ac CreateIoCompletionPort
0x4f81b0 LoadLibraryW
0x4f81b4 WaitForMultipleObjects
0x4f81b8 SetEvent
0x4f81bc ResetEvent
0x4f81c0 GetSystemInfo
0x4f81c4 GetSystemDirectoryW
0x4f81c8 GetThreadPriority
0x4f81cc FlushFileBuffers
0x4f81d0 SetFilePointerEx
0x4f81d4 SetEndOfFile
0x4f81d8 GetFileSizeEx
0x4f81dc GetNativeSystemInfo
0x4f81e0 GetVersionExW
0x4f81e4 GetModuleHandleW
0x4f81e8 GetCurrentThreadId
0x4f81ec Process32FirstW
0x4f81f0 Process32NextW
0x4f81f4 CreateToolhelp32Snapshot
0x4f81f8 IsDebuggerPresent
0x4f81fc DeleteCriticalSection
0x4f8200 LeaveCriticalSection
0x4f8204 EnterCriticalSection
0x4f8208 GetTickCount
0x4f820c FormatMessageA
0x4f8210 GetCurrentProcessId
0x4f8214 CreateProcessW
0x4f8218 ResumeThread
0x4f821c FreeLibraryAndExitThread
0x4f8220 ExitThread
0x4f8224 PeekNamedPipe
0x4f8228 ExpandEnvironmentStringsA
0x4f822c VerifyVersionInfoW
0x4f8230 VerSetConditionMask
0x4f8234 SleepEx
0x4f8238 GetCurrentThread
0x4f823c QueryPerformanceFrequency
0x4f8240 FileTimeToSystemTime
0x4f8244 Sleep
0x4f8248 GetWindowsDirectoryW
0x4f824c AssignProcessToJobObject
0x4f8250 GetStdHandle
0x4f8254 CopyFileW
0x4f8258 MoveFileExW
0x4f825c GetCurrentDirectoryW
0x4f8260 DeleteFileW
0x4f8264 GetFileAttributesExW
0x4f8268 SetFileAttributesW
0x4f826c GetFileAttributesW
0x4f8270 CreateFileW
0x4f8274 GetTempPathW
0x4f8278 RemoveDirectoryW
0x4f827c WriteFile
0x4f8280 ReadFile
0x4f8284 CreateDirectoryW
0x4f8288 LoadLibraryExA
0x4f828c EncodePointer
0x4f8290 DecodePointer
0x4f8294 CompareStringW
0x4f8298 LCMapStringW
0x4f829c GetLocaleInfoW
0x4f82a0 GetStringTypeW
0x4f82a4 GetCPInfo
0x4f82a8 UnhandledExceptionFilter
0x4f82ac SetUnhandledExceptionFilter
0x4f82b0 IsProcessorFeaturePresent
0x4f82b4 GetStartupInfoW
0x4f82b8 InitializeSListHead
0x4f82bc HeapCreate
0x4f82c0 HeapDestroy
0x4f82c4 HeapAlloc
0x4f82c8 HeapFree
0x4f82cc InitializeCriticalSection
0x4f82d0 FlushInstructionCache
0x4f82d4 GetFullPathNameW
0x4f82d8 FreeResource
0x4f82dc LoadResource
0x4f82e0 LockResource
0x4f82e4 SizeofResource
0x4f82e8 FindResourceW
0x4f82ec MulDiv
0x4f82f0 GetLocalTime
0x4f82f4 GetVersionExA
0x4f82f8 GlobalAlloc
0x4f82fc GlobalLock
0x4f8300 GlobalUnlock
0x4f8304 SetFilePointer
0x4f8308 DosDateTimeToFileTime
0x4f830c lstrcpyA
0x4f8310 lstrcpyW
0x4f8314 lstrlenA
0x4f8318 GetProcessHeap
0x4f831c GetSystemWow64DirectoryW
0x4f8320 DeviceIoControl
0x4f8324 CreateFileA
0x4f8328 GetSystemDirectoryA
0x4f832c RtlUnwind
0x4f8330 SetStdHandle
0x4f8334 GetFileType
0x4f8338 GetConsoleCP
0x4f833c GetConsoleMode
0x4f8340 ExitProcess
0x4f8344 HeapReAlloc
0x4f8348 GetACP
0x4f834c GetDriveTypeW
0x4f8350 IsValidLocale
0x4f8354 GetUserDefaultLCID
0x4f8358 EnumSystemLocalesW
0x4f835c GetTimeZoneInformation
0x4f8360 WriteConsoleW
0x4f8364 ReadConsoleW
0x4f8368 IsValidCodePage
0x4f836c GetOEMCP
0x4f8370 GetEnvironmentStringsW
0x4f8374 FreeEnvironmentStringsW
0x4f8378 SetEnvironmentVariableA
0x4f837c SetEnvironmentVariableW
0x4f8380 WaitForSingleObjectEx
0x4f8384 HeapSize
0x4f8388 GetEnvironmentVariableW
0x4f838c OpenProcess
0x4f8390 DuplicateHandle
0x4f8394 WaitForSingleObject
0x4f8398 TerminateProcess
0x4f839c GetCurrentProcess
0x4f83a0 GetModuleFileNameW
0x4f83a4 GetUserDefaultLangID
0x4f83a8 LocalFree
0x4f83ac GetCommandLineW
0x4f83b0 WideCharToMultiByte
0x4f83b4 MultiByteToWideChar
0x4f83b8 GetModuleHandleA
0x4f83bc CloseHandle
0x4f83c0 CreateMutexW
0x4f83c4 LoadLibraryExW
0x4f83c8 GetProcAddress
0x4f83cc FreeLibrary
0x4f83d0 InitializeCriticalSectionAndSpinCount
0x4f83d4 SetLastError
0x4f83d8 GetLastError
0x4f83dc SetThreadPriority
0x4f83e0 GetCommandLineA
USER32.dll
0x4f840c LoadImageW
0x4f8410 EnableMenuItem
0x4f8414 ClientToScreen
0x4f8418 GetSysColor
0x4f841c GetMessageW
0x4f8420 GetSystemMetrics
0x4f8424 MessageBoxW
0x4f8428 IsWindowVisible
0x4f842c DrawTextW
0x4f8430 SystemParametersInfoA
0x4f8434 CharLowerBuffW
0x4f8438 IsMenu
0x4f843c IsWindowEnabled
0x4f8440 CreatePopupMenu
0x4f8444 DestroyMenu
0x4f8448 GetMenuItemCount
0x4f844c AppendMenuW
0x4f8450 TrackPopupMenu
0x4f8454 GetMenuInfo
0x4f8458 SetMenuInfo
0x4f845c GetMenuItemInfoW
0x4f8460 SetForegroundWindow
0x4f8464 SetMenuContextHelpId
0x4f8468 FillRect
0x4f846c InvertRect
0x4f8470 DrawIconEx
0x4f8474 OemToCharBuffW
0x4f8478 CreateIconIndirect
0x4f847c wsprintfW
0x4f8480 InvalidateRect
0x4f8484 EndPaint
0x4f8488 BeginPaint
0x4f848c ReleaseDC
0x4f8490 GetDC
0x4f8494 UpdateWindow
0x4f8498 ReleaseCapture
0x4f849c CreateIconFromResource
0x4f84a0 GetCapture
0x4f84a4 IsZoomed
0x4f84a8 IsIconic
0x4f84ac SetLayeredWindowAttributes
0x4f84b0 TrackMouseEvent
0x4f84b4 GetIconInfo
0x4f84b8 DestroyIcon
0x4f84bc CharNextW
0x4f84c0 EqualRect
0x4f84c4 UnionRect
0x4f84c8 SetRect
0x4f84cc SetCursor
0x4f84d0 GetKeyState
0x4f84d4 GetFocus
0x4f84d8 SetFocus
0x4f84dc IsWindow
0x4f84e0 DestroyCursor
0x4f84e4 PtInRect
0x4f84e8 IsRectEmpty
0x4f84ec OffsetRect
0x4f84f0 IntersectRect
0x4f84f4 InflateRect
0x4f84f8 CopyRect
0x4f84fc GetMonitorInfoW
0x4f8500 MonitorFromWindow
0x4f8504 LoadCursorW
0x4f8508 GetWindow
0x4f850c GetParent
0x4f8510 SetWindowLongW
0x4f8514 GetWindowLongW
0x4f8518 MapWindowPoints
0x4f851c GetWindowRect
0x4f8520 GetClientRect
0x4f8524 GetDlgItem
0x4f8528 SetWindowPos
0x4f852c CallWindowProcW
0x4f8530 LoadBitmapW
0x4f8534 GetClassNameW
0x4f8538 DefWindowProcW
0x4f853c CreateWindowExW
0x4f8540 UnregisterClassW
0x4f8544 WaitMessage
0x4f8548 RegisterClassExW
0x4f854c DispatchMessageW
0x4f8550 SetTimer
0x4f8554 PeekMessageW
0x4f8558 MsgWaitForMultipleObjectsEx
0x4f855c ScreenToClient
0x4f8560 SetCaretPos
0x4f8564 HideCaret
0x4f8568 GetCaretBlinkTime
0x4f856c CallMsgFilterW
0x4f8570 GetQueueStatus
0x4f8574 TranslateMessage
0x4f8578 CreateCaret
0x4f857c GetCursorPos
0x4f8580 SetCapture
0x4f8584 SetWindowTextW
0x4f8588 SendMessageW
0x4f858c DestroyWindow
0x4f8590 PostMessageW
0x4f8594 ShowWindow
0x4f8598 GetActiveWindow
0x4f859c PostQuitMessage
0x4f85a0 KillTimer
ADVAPI32.dll
0x4f8000 CryptGenRandom
0x4f8004 CryptEncrypt
0x4f8008 CryptImportKey
0x4f800c CryptDestroyKey
0x4f8010 CryptDestroyHash
0x4f8014 CryptHashData
0x4f8018 CryptCreateHash
0x4f801c CreateProcessAsUserW
0x4f8020 CryptGetHashParam
0x4f8024 CryptReleaseContext
0x4f8028 CryptAcquireContextW
0x4f802c GetUserNameW
ole32.dll
0x4f86fc CoCreateInstance
0x4f8700 CreateStreamOnHGlobal
0x4f8704 CoCreateGuid
0x4f8708 StringFromGUID2
0x4f870c PropVariantClear
0x4f8710 CoUninitialize
0x4f8714 CoInitializeEx
0x4f8718 CoTaskMemFree
SHLWAPI.dll
0x4f83f4 SHStrDupW
0x4f83f8 AssocQueryStringW
0x4f83fc StrIsIntlEqualA
0x4f8400 StrToIntExW
0x4f8404 StrStrIW
USERENV.dll
0x4f85a8 DestroyEnvironmentBlock
0x4f85ac CreateEnvironmentBlock
WINMM.dll
0x4f85c4 timeEndPeriod
0x4f85c8 timeGetTime
0x4f85cc timeBeginPeriod
IMM32.dll
0x4f814c ImmAssociateContext
0x4f8150 ImmReleaseContext
0x4f8154 ImmGetContext
MSIMG32.dll
0x4f83e8 AlphaBlend
0x4f83ec GradientFill
gdiplus.dll
0x4f8698 GdipGetImageEncodersSize
0x4f869c GdipGetImageEncoders
0x4f86a0 GdipAlloc
0x4f86a4 GdipFree
0x4f86a8 GdiplusStartup
0x4f86ac GdiplusShutdown
0x4f86b0 GdipCloneImage
0x4f86b4 GdipDisposeImage
0x4f86b8 GdipSaveImageToFile
0x4f86bc GdipGetImageGraphicsContext
0x4f86c0 GdipGraphicsClear
0x4f86c4 GdipDeleteGraphics
0x4f86c8 GdipBitmapUnlockBits
0x4f86cc GdipBitmapLockBits
0x4f86d0 GdipCreateBitmapFromScan0
0x4f86d4 GdipCreateBitmapFromFile
0x4f86d8 GdipCreateBitmapFromStream
0x4f86dc GdipDrawImageRectI
0x4f86e0 GdipGetImageWidth
0x4f86e4 GdipGetImageHeight
0x4f86e8 GdipImageSelectActiveFrame
0x4f86ec GdipGetPropertyItemSize
0x4f86f0 GdipGetPropertyItem
0x4f86f4 GdipImageGetFrameCount
GDI32.dll
0x4f806c GetWorldTransform
0x4f8070 SetWorldTransform
0x4f8074 CreateDIBSection
0x4f8078 ExtCreatePen
0x4f807c Polyline
0x4f8080 CreateDIBitmap
0x4f8084 CreateDCW
0x4f8088 StretchDIBits
0x4f808c GetTextColor
0x4f8090 GetRgnBox
0x4f8094 GetClipRgn
0x4f8098 ExcludeClipRect
0x4f809c Ellipse
0x4f80a0 CreateRectRgnIndirect
0x4f80a4 CreateRectRgn
0x4f80a8 SetViewportOrgEx
0x4f80ac CreateCompatibleBitmap
0x4f80b0 StretchBlt
0x4f80b4 SetTextColor
0x4f80b8 SetBkMode
0x4f80bc Rectangle
0x4f80c0 GetStockObject
0x4f80c4 GetClipBox
0x4f80c8 CreateSolidBrush
0x4f80cc CreateFontIndirectW
0x4f80d0 CreatePatternBrush
0x4f80d4 CreatePen
0x4f80d8 CreateEllipticRgnIndirect
0x4f80dc CombineRgn
0x4f80e0 Arc
0x4f80e4 SetROP2
0x4f80e8 SetRectRgn
0x4f80ec GetCurrentObject
0x4f80f0 DeleteObject
0x4f80f4 ExtSelectClipRgn
0x4f80f8 SaveDC
0x4f80fc RoundRect
0x4f8100 GetDeviceCaps
0x4f8104 CreateRoundRectRgn
0x4f8108 BitBlt
0x4f810c SelectObject
0x4f8110 DeleteDC
0x4f8114 CreateCompatibleDC
0x4f8118 CreateBitmap
0x4f811c EnumFontsW
0x4f8120 SetGraphicsMode
0x4f8124 RestoreDC
0x4f8128 RectInRegion
0x4f812c PtInRegion
0x4f8130 Pie
0x4f8134 OffsetRgn
0x4f8138 IntersectClipRect
0x4f813c GetObjectW
0x4f8140 GetTextExtentPoint32W
0x4f8144 GetViewportOrgEx
IPHLPAPI.DLL
0x4f815c GetAdaptersInfo
CRYPT32.dll
0x4f8034 CertGetNameStringW
0x4f8038 CryptStringToBinaryW
0x4f803c CertFreeCertificateContext
0x4f8040 CertFindCertificateInStore
0x4f8044 CertEnumCertificatesInStore
0x4f8048 CertCloseStore
0x4f804c CertOpenStore
0x4f8050 CertFreeCertificateChain
0x4f8054 CertGetCertificateChain
0x4f8058 CertFreeCertificateChainEngine
0x4f805c CertCreateCertificateChainEngine
0x4f8060 CryptQueryObject
0x4f8064 CertAddCertificateContextToStore
WLDAP32.dll
0x4f85d4 None
0x4f85d8 None
0x4f85dc None
0x4f85e0 None
0x4f85e4 None
0x4f85e8 None
0x4f85ec None
0x4f85f0 None
0x4f85f4 None
0x4f85f8 None
0x4f85fc None
0x4f8600 None
0x4f8604 None
0x4f8608 None
0x4f860c None
0x4f8610 None
0x4f8614 None
0x4f8618 None
EAT(Export Address Table) Library
0x4202a0 GetHandleVerifier
WS2_32.dll
0x4f8620 socket
0x4f8624 WSAIoctl
0x4f8628 WSAStartup
0x4f862c WSACleanup
0x4f8630 getaddrinfo
0x4f8634 freeaddrinfo
0x4f8638 recvfrom
0x4f863c sendto
0x4f8640 accept
0x4f8644 listen
0x4f8648 gethostname
0x4f864c htonl
0x4f8650 ntohl
0x4f8654 setsockopt
0x4f8658 ntohs
0x4f865c htons
0x4f8660 getsockopt
0x4f8664 getsockname
0x4f8668 getpeername
0x4f866c connect
0x4f8670 WSAGetLastError
0x4f8674 __WSAFDIsSet
0x4f8678 select
0x4f867c closesocket
0x4f8680 ind
0x4f8684 send
0x4f8688 recv
0x4f868c WSASetLastError
0x4f8690 ioctlsocket
VERSION.dll
0x4f85b4 GetFileVersionInfoSizeW
0x4f85b8 VerQueryValueW
0x4f85bc GetFileVersionInfoW
KERNEL32.dll
0x4f8164 SystemTimeToTzSpecificLocalTime
0x4f8168 GetSystemTimeAsFileTime
0x4f816c QueryPerformanceCounter
0x4f8170 FindFirstFileW
0x4f8174 FindFirstFileExW
0x4f8178 FindNextFileW
0x4f817c FindClose
0x4f8180 RaiseException
0x4f8184 CreateThread
0x4f8188 ExpandEnvironmentStringsW
0x4f818c CreateEventW
0x4f8190 GetModuleHandleExW
0x4f8194 TlsSetValue
0x4f8198 TlsAlloc
0x4f819c TlsGetValue
0x4f81a0 TlsFree
0x4f81a4 GetQueuedCompletionStatus
0x4f81a8 PostQueuedCompletionStatus
0x4f81ac CreateIoCompletionPort
0x4f81b0 LoadLibraryW
0x4f81b4 WaitForMultipleObjects
0x4f81b8 SetEvent
0x4f81bc ResetEvent
0x4f81c0 GetSystemInfo
0x4f81c4 GetSystemDirectoryW
0x4f81c8 GetThreadPriority
0x4f81cc FlushFileBuffers
0x4f81d0 SetFilePointerEx
0x4f81d4 SetEndOfFile
0x4f81d8 GetFileSizeEx
0x4f81dc GetNativeSystemInfo
0x4f81e0 GetVersionExW
0x4f81e4 GetModuleHandleW
0x4f81e8 GetCurrentThreadId
0x4f81ec Process32FirstW
0x4f81f0 Process32NextW
0x4f81f4 CreateToolhelp32Snapshot
0x4f81f8 IsDebuggerPresent
0x4f81fc DeleteCriticalSection
0x4f8200 LeaveCriticalSection
0x4f8204 EnterCriticalSection
0x4f8208 GetTickCount
0x4f820c FormatMessageA
0x4f8210 GetCurrentProcessId
0x4f8214 CreateProcessW
0x4f8218 ResumeThread
0x4f821c FreeLibraryAndExitThread
0x4f8220 ExitThread
0x4f8224 PeekNamedPipe
0x4f8228 ExpandEnvironmentStringsA
0x4f822c VerifyVersionInfoW
0x4f8230 VerSetConditionMask
0x4f8234 SleepEx
0x4f8238 GetCurrentThread
0x4f823c QueryPerformanceFrequency
0x4f8240 FileTimeToSystemTime
0x4f8244 Sleep
0x4f8248 GetWindowsDirectoryW
0x4f824c AssignProcessToJobObject
0x4f8250 GetStdHandle
0x4f8254 CopyFileW
0x4f8258 MoveFileExW
0x4f825c GetCurrentDirectoryW
0x4f8260 DeleteFileW
0x4f8264 GetFileAttributesExW
0x4f8268 SetFileAttributesW
0x4f826c GetFileAttributesW
0x4f8270 CreateFileW
0x4f8274 GetTempPathW
0x4f8278 RemoveDirectoryW
0x4f827c WriteFile
0x4f8280 ReadFile
0x4f8284 CreateDirectoryW
0x4f8288 LoadLibraryExA
0x4f828c EncodePointer
0x4f8290 DecodePointer
0x4f8294 CompareStringW
0x4f8298 LCMapStringW
0x4f829c GetLocaleInfoW
0x4f82a0 GetStringTypeW
0x4f82a4 GetCPInfo
0x4f82a8 UnhandledExceptionFilter
0x4f82ac SetUnhandledExceptionFilter
0x4f82b0 IsProcessorFeaturePresent
0x4f82b4 GetStartupInfoW
0x4f82b8 InitializeSListHead
0x4f82bc HeapCreate
0x4f82c0 HeapDestroy
0x4f82c4 HeapAlloc
0x4f82c8 HeapFree
0x4f82cc InitializeCriticalSection
0x4f82d0 FlushInstructionCache
0x4f82d4 GetFullPathNameW
0x4f82d8 FreeResource
0x4f82dc LoadResource
0x4f82e0 LockResource
0x4f82e4 SizeofResource
0x4f82e8 FindResourceW
0x4f82ec MulDiv
0x4f82f0 GetLocalTime
0x4f82f4 GetVersionExA
0x4f82f8 GlobalAlloc
0x4f82fc GlobalLock
0x4f8300 GlobalUnlock
0x4f8304 SetFilePointer
0x4f8308 DosDateTimeToFileTime
0x4f830c lstrcpyA
0x4f8310 lstrcpyW
0x4f8314 lstrlenA
0x4f8318 GetProcessHeap
0x4f831c GetSystemWow64DirectoryW
0x4f8320 DeviceIoControl
0x4f8324 CreateFileA
0x4f8328 GetSystemDirectoryA
0x4f832c RtlUnwind
0x4f8330 SetStdHandle
0x4f8334 GetFileType
0x4f8338 GetConsoleCP
0x4f833c GetConsoleMode
0x4f8340 ExitProcess
0x4f8344 HeapReAlloc
0x4f8348 GetACP
0x4f834c GetDriveTypeW
0x4f8350 IsValidLocale
0x4f8354 GetUserDefaultLCID
0x4f8358 EnumSystemLocalesW
0x4f835c GetTimeZoneInformation
0x4f8360 WriteConsoleW
0x4f8364 ReadConsoleW
0x4f8368 IsValidCodePage
0x4f836c GetOEMCP
0x4f8370 GetEnvironmentStringsW
0x4f8374 FreeEnvironmentStringsW
0x4f8378 SetEnvironmentVariableA
0x4f837c SetEnvironmentVariableW
0x4f8380 WaitForSingleObjectEx
0x4f8384 HeapSize
0x4f8388 GetEnvironmentVariableW
0x4f838c OpenProcess
0x4f8390 DuplicateHandle
0x4f8394 WaitForSingleObject
0x4f8398 TerminateProcess
0x4f839c GetCurrentProcess
0x4f83a0 GetModuleFileNameW
0x4f83a4 GetUserDefaultLangID
0x4f83a8 LocalFree
0x4f83ac GetCommandLineW
0x4f83b0 WideCharToMultiByte
0x4f83b4 MultiByteToWideChar
0x4f83b8 GetModuleHandleA
0x4f83bc CloseHandle
0x4f83c0 CreateMutexW
0x4f83c4 LoadLibraryExW
0x4f83c8 GetProcAddress
0x4f83cc FreeLibrary
0x4f83d0 InitializeCriticalSectionAndSpinCount
0x4f83d4 SetLastError
0x4f83d8 GetLastError
0x4f83dc SetThreadPriority
0x4f83e0 GetCommandLineA
USER32.dll
0x4f840c LoadImageW
0x4f8410 EnableMenuItem
0x4f8414 ClientToScreen
0x4f8418 GetSysColor
0x4f841c GetMessageW
0x4f8420 GetSystemMetrics
0x4f8424 MessageBoxW
0x4f8428 IsWindowVisible
0x4f842c DrawTextW
0x4f8430 SystemParametersInfoA
0x4f8434 CharLowerBuffW
0x4f8438 IsMenu
0x4f843c IsWindowEnabled
0x4f8440 CreatePopupMenu
0x4f8444 DestroyMenu
0x4f8448 GetMenuItemCount
0x4f844c AppendMenuW
0x4f8450 TrackPopupMenu
0x4f8454 GetMenuInfo
0x4f8458 SetMenuInfo
0x4f845c GetMenuItemInfoW
0x4f8460 SetForegroundWindow
0x4f8464 SetMenuContextHelpId
0x4f8468 FillRect
0x4f846c InvertRect
0x4f8470 DrawIconEx
0x4f8474 OemToCharBuffW
0x4f8478 CreateIconIndirect
0x4f847c wsprintfW
0x4f8480 InvalidateRect
0x4f8484 EndPaint
0x4f8488 BeginPaint
0x4f848c ReleaseDC
0x4f8490 GetDC
0x4f8494 UpdateWindow
0x4f8498 ReleaseCapture
0x4f849c CreateIconFromResource
0x4f84a0 GetCapture
0x4f84a4 IsZoomed
0x4f84a8 IsIconic
0x4f84ac SetLayeredWindowAttributes
0x4f84b0 TrackMouseEvent
0x4f84b4 GetIconInfo
0x4f84b8 DestroyIcon
0x4f84bc CharNextW
0x4f84c0 EqualRect
0x4f84c4 UnionRect
0x4f84c8 SetRect
0x4f84cc SetCursor
0x4f84d0 GetKeyState
0x4f84d4 GetFocus
0x4f84d8 SetFocus
0x4f84dc IsWindow
0x4f84e0 DestroyCursor
0x4f84e4 PtInRect
0x4f84e8 IsRectEmpty
0x4f84ec OffsetRect
0x4f84f0 IntersectRect
0x4f84f4 InflateRect
0x4f84f8 CopyRect
0x4f84fc GetMonitorInfoW
0x4f8500 MonitorFromWindow
0x4f8504 LoadCursorW
0x4f8508 GetWindow
0x4f850c GetParent
0x4f8510 SetWindowLongW
0x4f8514 GetWindowLongW
0x4f8518 MapWindowPoints
0x4f851c GetWindowRect
0x4f8520 GetClientRect
0x4f8524 GetDlgItem
0x4f8528 SetWindowPos
0x4f852c CallWindowProcW
0x4f8530 LoadBitmapW
0x4f8534 GetClassNameW
0x4f8538 DefWindowProcW
0x4f853c CreateWindowExW
0x4f8540 UnregisterClassW
0x4f8544 WaitMessage
0x4f8548 RegisterClassExW
0x4f854c DispatchMessageW
0x4f8550 SetTimer
0x4f8554 PeekMessageW
0x4f8558 MsgWaitForMultipleObjectsEx
0x4f855c ScreenToClient
0x4f8560 SetCaretPos
0x4f8564 HideCaret
0x4f8568 GetCaretBlinkTime
0x4f856c CallMsgFilterW
0x4f8570 GetQueueStatus
0x4f8574 TranslateMessage
0x4f8578 CreateCaret
0x4f857c GetCursorPos
0x4f8580 SetCapture
0x4f8584 SetWindowTextW
0x4f8588 SendMessageW
0x4f858c DestroyWindow
0x4f8590 PostMessageW
0x4f8594 ShowWindow
0x4f8598 GetActiveWindow
0x4f859c PostQuitMessage
0x4f85a0 KillTimer
ADVAPI32.dll
0x4f8000 CryptGenRandom
0x4f8004 CryptEncrypt
0x4f8008 CryptImportKey
0x4f800c CryptDestroyKey
0x4f8010 CryptDestroyHash
0x4f8014 CryptHashData
0x4f8018 CryptCreateHash
0x4f801c CreateProcessAsUserW
0x4f8020 CryptGetHashParam
0x4f8024 CryptReleaseContext
0x4f8028 CryptAcquireContextW
0x4f802c GetUserNameW
ole32.dll
0x4f86fc CoCreateInstance
0x4f8700 CreateStreamOnHGlobal
0x4f8704 CoCreateGuid
0x4f8708 StringFromGUID2
0x4f870c PropVariantClear
0x4f8710 CoUninitialize
0x4f8714 CoInitializeEx
0x4f8718 CoTaskMemFree
SHLWAPI.dll
0x4f83f4 SHStrDupW
0x4f83f8 AssocQueryStringW
0x4f83fc StrIsIntlEqualA
0x4f8400 StrToIntExW
0x4f8404 StrStrIW
USERENV.dll
0x4f85a8 DestroyEnvironmentBlock
0x4f85ac CreateEnvironmentBlock
WINMM.dll
0x4f85c4 timeEndPeriod
0x4f85c8 timeGetTime
0x4f85cc timeBeginPeriod
IMM32.dll
0x4f814c ImmAssociateContext
0x4f8150 ImmReleaseContext
0x4f8154 ImmGetContext
MSIMG32.dll
0x4f83e8 AlphaBlend
0x4f83ec GradientFill
gdiplus.dll
0x4f8698 GdipGetImageEncodersSize
0x4f869c GdipGetImageEncoders
0x4f86a0 GdipAlloc
0x4f86a4 GdipFree
0x4f86a8 GdiplusStartup
0x4f86ac GdiplusShutdown
0x4f86b0 GdipCloneImage
0x4f86b4 GdipDisposeImage
0x4f86b8 GdipSaveImageToFile
0x4f86bc GdipGetImageGraphicsContext
0x4f86c0 GdipGraphicsClear
0x4f86c4 GdipDeleteGraphics
0x4f86c8 GdipBitmapUnlockBits
0x4f86cc GdipBitmapLockBits
0x4f86d0 GdipCreateBitmapFromScan0
0x4f86d4 GdipCreateBitmapFromFile
0x4f86d8 GdipCreateBitmapFromStream
0x4f86dc GdipDrawImageRectI
0x4f86e0 GdipGetImageWidth
0x4f86e4 GdipGetImageHeight
0x4f86e8 GdipImageSelectActiveFrame
0x4f86ec GdipGetPropertyItemSize
0x4f86f0 GdipGetPropertyItem
0x4f86f4 GdipImageGetFrameCount
GDI32.dll
0x4f806c GetWorldTransform
0x4f8070 SetWorldTransform
0x4f8074 CreateDIBSection
0x4f8078 ExtCreatePen
0x4f807c Polyline
0x4f8080 CreateDIBitmap
0x4f8084 CreateDCW
0x4f8088 StretchDIBits
0x4f808c GetTextColor
0x4f8090 GetRgnBox
0x4f8094 GetClipRgn
0x4f8098 ExcludeClipRect
0x4f809c Ellipse
0x4f80a0 CreateRectRgnIndirect
0x4f80a4 CreateRectRgn
0x4f80a8 SetViewportOrgEx
0x4f80ac CreateCompatibleBitmap
0x4f80b0 StretchBlt
0x4f80b4 SetTextColor
0x4f80b8 SetBkMode
0x4f80bc Rectangle
0x4f80c0 GetStockObject
0x4f80c4 GetClipBox
0x4f80c8 CreateSolidBrush
0x4f80cc CreateFontIndirectW
0x4f80d0 CreatePatternBrush
0x4f80d4 CreatePen
0x4f80d8 CreateEllipticRgnIndirect
0x4f80dc CombineRgn
0x4f80e0 Arc
0x4f80e4 SetROP2
0x4f80e8 SetRectRgn
0x4f80ec GetCurrentObject
0x4f80f0 DeleteObject
0x4f80f4 ExtSelectClipRgn
0x4f80f8 SaveDC
0x4f80fc RoundRect
0x4f8100 GetDeviceCaps
0x4f8104 CreateRoundRectRgn
0x4f8108 BitBlt
0x4f810c SelectObject
0x4f8110 DeleteDC
0x4f8114 CreateCompatibleDC
0x4f8118 CreateBitmap
0x4f811c EnumFontsW
0x4f8120 SetGraphicsMode
0x4f8124 RestoreDC
0x4f8128 RectInRegion
0x4f812c PtInRegion
0x4f8130 Pie
0x4f8134 OffsetRgn
0x4f8138 IntersectClipRect
0x4f813c GetObjectW
0x4f8140 GetTextExtentPoint32W
0x4f8144 GetViewportOrgEx
IPHLPAPI.DLL
0x4f815c GetAdaptersInfo
CRYPT32.dll
0x4f8034 CertGetNameStringW
0x4f8038 CryptStringToBinaryW
0x4f803c CertFreeCertificateContext
0x4f8040 CertFindCertificateInStore
0x4f8044 CertEnumCertificatesInStore
0x4f8048 CertCloseStore
0x4f804c CertOpenStore
0x4f8050 CertFreeCertificateChain
0x4f8054 CertGetCertificateChain
0x4f8058 CertFreeCertificateChainEngine
0x4f805c CertCreateCertificateChainEngine
0x4f8060 CryptQueryObject
0x4f8064 CertAddCertificateContextToStore
WLDAP32.dll
0x4f85d4 None
0x4f85d8 None
0x4f85dc None
0x4f85e0 None
0x4f85e4 None
0x4f85e8 None
0x4f85ec None
0x4f85f0 None
0x4f85f4 None
0x4f85f8 None
0x4f85fc None
0x4f8600 None
0x4f8604 None
0x4f8608 None
0x4f860c None
0x4f8610 None
0x4f8614 None
0x4f8618 None
EAT(Export Address Table) Library
0x4202a0 GetHandleVerifier