ScreenShot
Created | 2021.10.07 17:38 | Machine | s1_win7_x6402 |
Filename | octane.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 31 detected (Androm, malicious, high confidence, GenericKD, Save, ZelphiF, 6KW@a4TTdIii, Rescoms, Eldorado, GenKryptik, EVCG, Remcos, Formbook, Siggen9, Outbreak, kcloud, score, BScope, Noon, ai score=86, R002H0CJ621, EQAC) | ||
md5 | d8667b25ba6dda415c8aae718dd4acbe | ||
sha256 | 49cb5b15b21ecd89b7462da8008c6c49d32310858912344f11fa04dab67f1f3a | ||
ssdeep | 24576:nWv+QwSKgQ0qgQDKqOTLDE4bpJlzNgojDGBav:WmWKgNxLQ4DRNRG0 | ||
imphash | a75c37244e3bdfe1f2052f7c93d03b4e | ||
impfuzzy | 192:ot3MDbuuCDSUvK9EPo1XEAo77wb1G1uTAYPbOQHf:E3mCI9no1usYPbOQ/ |
Network IP location
Signature (24cnts)
Level | Description |
---|---|
danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
watch | Allocates execute permission to another process indicative of possible code injection |
watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
watch | Installs itself for autorun at Windows startup |
watch | Manipulates memory of a non-child process indicative of process injection |
watch | Network activity contains more than one unique useragent |
watch | One or more of the buffers contains an embedded PE file |
watch | Potential code injection by writing to the memory of another process |
watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | One or more potentially interesting buffers were extracted |
notice | Performs some HTTP requests |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | Uses Windows utilities for basic Windows functionality |
notice | Yara rule detected in process memory |
info | Command line console output was observed |
info | One or more processes crashed |
info | Queries for the computername |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The executable uses a known packer |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (38cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Network_Downloader | File Downloader | memory |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
notice | Create_Service | Create a windows service | memory |
notice | Escalate_priviledges | Escalate priviledges | memory |
notice | KeyLogger | Run a KeyLogger | memory |
notice | local_credential_Steal | Steal credential | memory |
notice | Network_DGA | Communication using DGA | memory |
notice | Network_DNS | Communications use DNS | memory |
notice | Network_FTP | Communications over FTP | memory |
notice | Network_HTTP | Communications over HTTP | memory |
notice | Network_P2P_Win | Communications over P2P network | memory |
notice | Network_TCP_Socket | Communications over RAW Socket | memory |
notice | ScreenShot | Take ScreenShot | memory |
notice | Sniff_Audio | Record Audio | memory |
notice | Str_Win32_Http_API | Match Windows Http API call | memory |
notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
info | anti_dbg | Checks if being debugged | memory |
info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
info | Check_Dlls | (no description) | memory |
info | DebuggerCheck__GlobalFlags | (no description) | memory |
info | DebuggerCheck__QueryInfo | (no description) | memory |
info | DebuggerCheck__RemoteAPI | (no description) | memory |
info | DebuggerException__ConsoleCtrl | (no description) | memory |
info | DebuggerException__SetConsoleCtrl | (no description) | memory |
info | DebuggerHiding__Active | (no description) | memory |
info | DebuggerHiding__Thread | (no description) | memory |
info | disable_dep | Bypass DEP | memory |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | SEH__vectored | (no description) | memory |
info | ThreadControl__Context | (no description) | memory |
info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x48381c SysFreeString
0x483820 SysReAllocStringLen
0x483824 SysAllocStringLen
advapi32.dll
0x48382c RegQueryValueExA
0x483830 RegOpenKeyExA
0x483834 RegCloseKey
user32.dll
0x48383c GetKeyboardType
0x483840 DestroyWindow
0x483844 LoadStringA
0x483848 MessageBoxA
0x48384c CharNextA
kernel32.dll
0x483854 GetACP
0x483858 Sleep
0x48385c VirtualFree
0x483860 VirtualAlloc
0x483864 GetTickCount
0x483868 QueryPerformanceCounter
0x48386c GetCurrentThreadId
0x483870 InterlockedDecrement
0x483874 InterlockedIncrement
0x483878 VirtualQuery
0x48387c WideCharToMultiByte
0x483880 MultiByteToWideChar
0x483884 lstrlenA
0x483888 lstrcpynA
0x48388c LoadLibraryExA
0x483890 GetThreadLocale
0x483894 GetStartupInfoA
0x483898 GetProcAddress
0x48389c GetModuleHandleA
0x4838a0 GetModuleFileNameA
0x4838a4 GetLocaleInfoA
0x4838a8 GetCommandLineA
0x4838ac FreeLibrary
0x4838b0 FindFirstFileA
0x4838b4 FindClose
0x4838b8 ExitProcess
0x4838bc CompareStringA
0x4838c0 WriteFile
0x4838c4 UnhandledExceptionFilter
0x4838c8 RtlUnwind
0x4838cc RaiseException
0x4838d0 GetStdHandle
kernel32.dll
0x4838d8 TlsSetValue
0x4838dc TlsGetValue
0x4838e0 LocalAlloc
0x4838e4 GetModuleHandleA
user32.dll
0x4838ec CreateWindowExA
0x4838f0 WindowFromPoint
0x4838f4 WaitMessage
0x4838f8 UpdateWindow
0x4838fc UnregisterClassA
0x483900 UnhookWindowsHookEx
0x483904 TranslateMessage
0x483908 TranslateMDISysAccel
0x48390c TrackPopupMenu
0x483910 SystemParametersInfoA
0x483914 ShowWindow
0x483918 ShowScrollBar
0x48391c ShowOwnedPopups
0x483920 ShowCaret
0x483924 SetWindowsHookExA
0x483928 SetWindowTextA
0x48392c SetWindowPos
0x483930 SetWindowPlacement
0x483934 SetWindowLongW
0x483938 SetWindowLongA
0x48393c SetTimer
0x483940 SetScrollRange
0x483944 SetScrollPos
0x483948 SetScrollInfo
0x48394c SetRect
0x483950 SetPropA
0x483954 SetParent
0x483958 SetMenuItemInfoA
0x48395c SetMenu
0x483960 SetForegroundWindow
0x483964 SetFocus
0x483968 SetCursor
0x48396c SetClipboardData
0x483970 SetClassLongA
0x483974 SetCapture
0x483978 SetActiveWindow
0x48397c SendMessageW
0x483980 SendMessageA
0x483984 ScrollWindow
0x483988 ScreenToClient
0x48398c RemovePropA
0x483990 RemoveMenu
0x483994 ReleaseDC
0x483998 ReleaseCapture
0x48399c RegisterWindowMessageA
0x4839a0 RegisterClipboardFormatA
0x4839a4 RegisterClassA
0x4839a8 RedrawWindow
0x4839ac PtInRect
0x4839b0 PostQuitMessage
0x4839b4 PostMessageA
0x4839b8 PeekMessageW
0x4839bc PeekMessageA
0x4839c0 OpenClipboard
0x4839c4 OffsetRect
0x4839c8 OemToCharA
0x4839cc NotifyWinEvent
0x4839d0 MessageBoxA
0x4839d4 MessageBeep
0x4839d8 MapWindowPoints
0x4839dc MapVirtualKeyA
0x4839e0 LoadStringA
0x4839e4 LoadKeyboardLayoutA
0x4839e8 LoadIconA
0x4839ec LoadCursorA
0x4839f0 LoadBitmapA
0x4839f4 KillTimer
0x4839f8 IsZoomed
0x4839fc IsWindowVisible
0x483a00 IsWindowUnicode
0x483a04 IsWindowEnabled
0x483a08 IsWindow
0x483a0c IsRectEmpty
0x483a10 IsIconic
0x483a14 IsDialogMessageW
0x483a18 IsDialogMessageA
0x483a1c IsChild
0x483a20 InvalidateRect
0x483a24 IntersectRect
0x483a28 InsertMenuItemA
0x483a2c InsertMenuA
0x483a30 InflateRect
0x483a34 HideCaret
0x483a38 GetWindowThreadProcessId
0x483a3c GetWindowTextA
0x483a40 GetWindowRect
0x483a44 GetWindowPlacement
0x483a48 GetWindowLongW
0x483a4c GetWindowLongA
0x483a50 GetWindowDC
0x483a54 GetTopWindow
0x483a58 GetSystemMetrics
0x483a5c GetSystemMenu
0x483a60 GetSysColorBrush
0x483a64 GetSysColor
0x483a68 GetSubMenu
0x483a6c GetScrollRange
0x483a70 GetScrollPos
0x483a74 GetScrollInfo
0x483a78 GetPropA
0x483a7c GetParent
0x483a80 GetWindow
0x483a84 GetMessagePos
0x483a88 GetMenuStringA
0x483a8c GetMenuState
0x483a90 GetMenuItemInfoA
0x483a94 GetMenuItemID
0x483a98 GetMenuItemCount
0x483a9c GetMenu
0x483aa0 GetLastActivePopup
0x483aa4 GetKeyboardState
0x483aa8 GetKeyboardLayoutNameA
0x483aac GetKeyboardLayoutList
0x483ab0 GetKeyboardLayout
0x483ab4 GetKeyState
0x483ab8 GetKeyNameTextA
0x483abc GetIconInfo
0x483ac0 GetForegroundWindow
0x483ac4 GetFocus
0x483ac8 GetDesktopWindow
0x483acc GetDCEx
0x483ad0 GetDC
0x483ad4 GetCursorPos
0x483ad8 GetCursor
0x483adc GetClipboardData
0x483ae0 GetClientRect
0x483ae4 GetClassLongA
0x483ae8 GetClassInfoA
0x483aec GetCapture
0x483af0 GetActiveWindow
0x483af4 FrameRect
0x483af8 FindWindowA
0x483afc FillRect
0x483b00 EqualRect
0x483b04 EnumWindows
0x483b08 EnumThreadWindows
0x483b0c EnumChildWindows
0x483b10 EndPaint
0x483b14 EnableWindow
0x483b18 EnableScrollBar
0x483b1c EnableMenuItem
0x483b20 EmptyClipboard
0x483b24 DrawTextA
0x483b28 DrawStateA
0x483b2c DrawMenuBar
0x483b30 DrawIconEx
0x483b34 DrawIcon
0x483b38 DrawFrameControl
0x483b3c DrawEdge
0x483b40 DispatchMessageW
0x483b44 DispatchMessageA
0x483b48 DestroyWindow
0x483b4c DestroyMenu
0x483b50 DestroyIcon
0x483b54 DestroyCursor
0x483b58 DeleteMenu
0x483b5c DefWindowProcA
0x483b60 DefMDIChildProcA
0x483b64 DefFrameProcA
0x483b68 CreatePopupMenu
0x483b6c CreateMenu
0x483b70 CreateIcon
0x483b74 CloseClipboard
0x483b78 ClientToScreen
0x483b7c CheckMenuItem
0x483b80 CallWindowProcA
0x483b84 CallNextHookEx
0x483b88 BeginPaint
0x483b8c CharNextA
0x483b90 CharLowerBuffA
0x483b94 CharLowerA
0x483b98 CharUpperBuffA
0x483b9c CharToOemA
0x483ba0 AdjustWindowRectEx
0x483ba4 ActivateKeyboardLayout
gdi32.dll
0x483bac UnrealizeObject
0x483bb0 StretchBlt
0x483bb4 SetWindowOrgEx
0x483bb8 SetWinMetaFileBits
0x483bbc SetViewportOrgEx
0x483bc0 SetTextColor
0x483bc4 SetStretchBltMode
0x483bc8 SetROP2
0x483bcc SetPixel
0x483bd0 SetEnhMetaFileBits
0x483bd4 SetDIBColorTable
0x483bd8 SetBrushOrgEx
0x483bdc SetBkMode
0x483be0 SetBkColor
0x483be4 SelectPalette
0x483be8 SelectObject
0x483bec SaveDC
0x483bf0 RestoreDC
0x483bf4 Rectangle
0x483bf8 RectVisible
0x483bfc RealizePalette
0x483c00 Polyline
0x483c04 Polygon
0x483c08 PlayEnhMetaFile
0x483c0c PatBlt
0x483c10 MoveToEx
0x483c14 MaskBlt
0x483c18 LineTo
0x483c1c IntersectClipRect
0x483c20 GetWindowOrgEx
0x483c24 GetWinMetaFileBits
0x483c28 GetTextMetricsA
0x483c2c GetTextExtentPointA
0x483c30 GetTextExtentPoint32A
0x483c34 GetTextAlign
0x483c38 GetSystemPaletteEntries
0x483c3c GetStockObject
0x483c40 GetRgnBox
0x483c44 GetROP2
0x483c48 GetPolyFillMode
0x483c4c GetPixelFormat
0x483c50 GetPixel
0x483c54 GetPaletteEntries
0x483c58 GetObjectA
0x483c5c GetMapMode
0x483c60 GetEnhMetaFilePaletteEntries
0x483c64 GetEnhMetaFileHeader
0x483c68 GetEnhMetaFileBits
0x483c6c GetDeviceCaps
0x483c70 GetDIBits
0x483c74 GetDIBColorTable
0x483c78 GetDCOrgEx
0x483c7c GetDCPenColor
0x483c80 GetDCBrushColor
0x483c84 GetCurrentPositionEx
0x483c88 GetClipBox
0x483c8c GetBrushOrgEx
0x483c90 GetBkColor
0x483c94 GetBitmapBits
0x483c98 GdiFlush
0x483c9c ExcludeClipRect
0x483ca0 DeleteObject
0x483ca4 DeleteEnhMetaFile
0x483ca8 DeleteDC
0x483cac CreateSolidBrush
0x483cb0 CreatePenIndirect
0x483cb4 CreatePalette
0x483cb8 CreateHalftonePalette
0x483cbc CreateFontIndirectA
0x483cc0 CreateDIBitmap
0x483cc4 CreateDIBSection
0x483cc8 CreateCompatibleDC
0x483ccc CreateCompatibleBitmap
0x483cd0 CreateBrushIndirect
0x483cd4 CreateBitmap
0x483cd8 CopyEnhMetaFileA
0x483cdc BitBlt
version.dll
0x483ce4 VerQueryValueA
0x483ce8 GetFileVersionInfoSizeA
0x483cec GetFileVersionInfoA
kernel32.dll
0x483cf4 lstrcpyA
0x483cf8 WriteFile
0x483cfc WaitForSingleObject
0x483d00 VirtualQuery
0x483d04 VirtualProtect
0x483d08 VirtualAlloc
0x483d0c SizeofResource
0x483d10 SetThreadLocale
0x483d14 SetFilePointer
0x483d18 SetEvent
0x483d1c SetErrorMode
0x483d20 SetEndOfFile
0x483d24 ResetEvent
0x483d28 ReadFile
0x483d2c MultiByteToWideChar
0x483d30 MulDiv
0x483d34 LockResource
0x483d38 LoadResource
0x483d3c LoadLibraryA
0x483d40 LeaveCriticalSection
0x483d44 InitializeCriticalSection
0x483d48 GlobalUnlock
0x483d4c GlobalLock
0x483d50 GlobalFree
0x483d54 GlobalFindAtomA
0x483d58 GlobalDeleteAtom
0x483d5c GlobalAlloc
0x483d60 GlobalAddAtomA
0x483d64 GetVersionExA
0x483d68 GetVersion
0x483d6c GetTickCount
0x483d70 GetThreadLocale
0x483d74 GetStdHandle
0x483d78 GetProcAddress
0x483d7c GetModuleHandleA
0x483d80 GetModuleFileNameA
0x483d84 GetLocaleInfoA
0x483d88 GetLocalTime
0x483d8c GetLastError
0x483d90 GetFullPathNameA
0x483d94 GetFileAttributesA
0x483d98 GetDiskFreeSpaceA
0x483d9c GetDateFormatA
0x483da0 GetCurrentThreadId
0x483da4 GetCurrentProcessId
0x483da8 GetCPInfo
0x483dac FreeResource
0x483db0 InterlockedExchange
0x483db4 FreeLibrary
0x483db8 FormatMessageA
0x483dbc FindResourceA
0x483dc0 EnumCalendarInfoA
0x483dc4 EnterCriticalSection
0x483dc8 DeleteFileA
0x483dcc DeleteCriticalSection
0x483dd0 CreateThread
0x483dd4 CreateFileA
0x483dd8 CreateEventA
0x483ddc CompareStringA
0x483de0 CloseHandle
advapi32.dll
0x483de8 RegQueryValueExA
0x483dec RegOpenKeyExA
0x483df0 RegFlushKey
0x483df4 RegCloseKey
oleaut32.dll
0x483dfc GetErrorInfo
0x483e00 VariantInit
0x483e04 SysFreeString
ole32.dll
0x483e0c CoUninitialize
0x483e10 CoInitialize
kernel32.dll
0x483e18 Sleep
oleaut32.dll
0x483e20 SafeArrayPtrOfIndex
0x483e24 SafeArrayGetUBound
0x483e28 SafeArrayGetLBound
0x483e2c SafeArrayCreate
0x483e30 VariantChangeType
0x483e34 VariantCopyInd
0x483e38 VariantCopy
0x483e3c VariantClear
0x483e40 VariantInit
comctl32.dll
0x483e48 _TrackMouseEvent
0x483e4c ImageList_SetIconSize
0x483e50 ImageList_GetIconSize
0x483e54 ImageList_Write
0x483e58 ImageList_Read
0x483e5c ImageList_GetDragImage
0x483e60 ImageList_DragShowNolock
0x483e64 ImageList_DragMove
0x483e68 ImageList_DragLeave
0x483e6c ImageList_DragEnter
0x483e70 ImageList_EndDrag
0x483e74 ImageList_BeginDrag
0x483e78 ImageList_Remove
0x483e7c ImageList_DrawEx
0x483e80 ImageList_Replace
0x483e84 ImageList_Draw
0x483e88 ImageList_GetBkColor
0x483e8c ImageList_SetBkColor
0x483e90 ImageList_Add
0x483e94 ImageList_GetImageCount
0x483e98 ImageList_Destroy
0x483e9c ImageList_Create
oleacc.dll
0x483ea4 LresultFromObject
winmm.dll
0x483eac sndPlaySoundA
URL
0x483eb4 InetIsOffline
EAT(Export Address Table) is none
oleaut32.dll
0x48381c SysFreeString
0x483820 SysReAllocStringLen
0x483824 SysAllocStringLen
advapi32.dll
0x48382c RegQueryValueExA
0x483830 RegOpenKeyExA
0x483834 RegCloseKey
user32.dll
0x48383c GetKeyboardType
0x483840 DestroyWindow
0x483844 LoadStringA
0x483848 MessageBoxA
0x48384c CharNextA
kernel32.dll
0x483854 GetACP
0x483858 Sleep
0x48385c VirtualFree
0x483860 VirtualAlloc
0x483864 GetTickCount
0x483868 QueryPerformanceCounter
0x48386c GetCurrentThreadId
0x483870 InterlockedDecrement
0x483874 InterlockedIncrement
0x483878 VirtualQuery
0x48387c WideCharToMultiByte
0x483880 MultiByteToWideChar
0x483884 lstrlenA
0x483888 lstrcpynA
0x48388c LoadLibraryExA
0x483890 GetThreadLocale
0x483894 GetStartupInfoA
0x483898 GetProcAddress
0x48389c GetModuleHandleA
0x4838a0 GetModuleFileNameA
0x4838a4 GetLocaleInfoA
0x4838a8 GetCommandLineA
0x4838ac FreeLibrary
0x4838b0 FindFirstFileA
0x4838b4 FindClose
0x4838b8 ExitProcess
0x4838bc CompareStringA
0x4838c0 WriteFile
0x4838c4 UnhandledExceptionFilter
0x4838c8 RtlUnwind
0x4838cc RaiseException
0x4838d0 GetStdHandle
kernel32.dll
0x4838d8 TlsSetValue
0x4838dc TlsGetValue
0x4838e0 LocalAlloc
0x4838e4 GetModuleHandleA
user32.dll
0x4838ec CreateWindowExA
0x4838f0 WindowFromPoint
0x4838f4 WaitMessage
0x4838f8 UpdateWindow
0x4838fc UnregisterClassA
0x483900 UnhookWindowsHookEx
0x483904 TranslateMessage
0x483908 TranslateMDISysAccel
0x48390c TrackPopupMenu
0x483910 SystemParametersInfoA
0x483914 ShowWindow
0x483918 ShowScrollBar
0x48391c ShowOwnedPopups
0x483920 ShowCaret
0x483924 SetWindowsHookExA
0x483928 SetWindowTextA
0x48392c SetWindowPos
0x483930 SetWindowPlacement
0x483934 SetWindowLongW
0x483938 SetWindowLongA
0x48393c SetTimer
0x483940 SetScrollRange
0x483944 SetScrollPos
0x483948 SetScrollInfo
0x48394c SetRect
0x483950 SetPropA
0x483954 SetParent
0x483958 SetMenuItemInfoA
0x48395c SetMenu
0x483960 SetForegroundWindow
0x483964 SetFocus
0x483968 SetCursor
0x48396c SetClipboardData
0x483970 SetClassLongA
0x483974 SetCapture
0x483978 SetActiveWindow
0x48397c SendMessageW
0x483980 SendMessageA
0x483984 ScrollWindow
0x483988 ScreenToClient
0x48398c RemovePropA
0x483990 RemoveMenu
0x483994 ReleaseDC
0x483998 ReleaseCapture
0x48399c RegisterWindowMessageA
0x4839a0 RegisterClipboardFormatA
0x4839a4 RegisterClassA
0x4839a8 RedrawWindow
0x4839ac PtInRect
0x4839b0 PostQuitMessage
0x4839b4 PostMessageA
0x4839b8 PeekMessageW
0x4839bc PeekMessageA
0x4839c0 OpenClipboard
0x4839c4 OffsetRect
0x4839c8 OemToCharA
0x4839cc NotifyWinEvent
0x4839d0 MessageBoxA
0x4839d4 MessageBeep
0x4839d8 MapWindowPoints
0x4839dc MapVirtualKeyA
0x4839e0 LoadStringA
0x4839e4 LoadKeyboardLayoutA
0x4839e8 LoadIconA
0x4839ec LoadCursorA
0x4839f0 LoadBitmapA
0x4839f4 KillTimer
0x4839f8 IsZoomed
0x4839fc IsWindowVisible
0x483a00 IsWindowUnicode
0x483a04 IsWindowEnabled
0x483a08 IsWindow
0x483a0c IsRectEmpty
0x483a10 IsIconic
0x483a14 IsDialogMessageW
0x483a18 IsDialogMessageA
0x483a1c IsChild
0x483a20 InvalidateRect
0x483a24 IntersectRect
0x483a28 InsertMenuItemA
0x483a2c InsertMenuA
0x483a30 InflateRect
0x483a34 HideCaret
0x483a38 GetWindowThreadProcessId
0x483a3c GetWindowTextA
0x483a40 GetWindowRect
0x483a44 GetWindowPlacement
0x483a48 GetWindowLongW
0x483a4c GetWindowLongA
0x483a50 GetWindowDC
0x483a54 GetTopWindow
0x483a58 GetSystemMetrics
0x483a5c GetSystemMenu
0x483a60 GetSysColorBrush
0x483a64 GetSysColor
0x483a68 GetSubMenu
0x483a6c GetScrollRange
0x483a70 GetScrollPos
0x483a74 GetScrollInfo
0x483a78 GetPropA
0x483a7c GetParent
0x483a80 GetWindow
0x483a84 GetMessagePos
0x483a88 GetMenuStringA
0x483a8c GetMenuState
0x483a90 GetMenuItemInfoA
0x483a94 GetMenuItemID
0x483a98 GetMenuItemCount
0x483a9c GetMenu
0x483aa0 GetLastActivePopup
0x483aa4 GetKeyboardState
0x483aa8 GetKeyboardLayoutNameA
0x483aac GetKeyboardLayoutList
0x483ab0 GetKeyboardLayout
0x483ab4 GetKeyState
0x483ab8 GetKeyNameTextA
0x483abc GetIconInfo
0x483ac0 GetForegroundWindow
0x483ac4 GetFocus
0x483ac8 GetDesktopWindow
0x483acc GetDCEx
0x483ad0 GetDC
0x483ad4 GetCursorPos
0x483ad8 GetCursor
0x483adc GetClipboardData
0x483ae0 GetClientRect
0x483ae4 GetClassLongA
0x483ae8 GetClassInfoA
0x483aec GetCapture
0x483af0 GetActiveWindow
0x483af4 FrameRect
0x483af8 FindWindowA
0x483afc FillRect
0x483b00 EqualRect
0x483b04 EnumWindows
0x483b08 EnumThreadWindows
0x483b0c EnumChildWindows
0x483b10 EndPaint
0x483b14 EnableWindow
0x483b18 EnableScrollBar
0x483b1c EnableMenuItem
0x483b20 EmptyClipboard
0x483b24 DrawTextA
0x483b28 DrawStateA
0x483b2c DrawMenuBar
0x483b30 DrawIconEx
0x483b34 DrawIcon
0x483b38 DrawFrameControl
0x483b3c DrawEdge
0x483b40 DispatchMessageW
0x483b44 DispatchMessageA
0x483b48 DestroyWindow
0x483b4c DestroyMenu
0x483b50 DestroyIcon
0x483b54 DestroyCursor
0x483b58 DeleteMenu
0x483b5c DefWindowProcA
0x483b60 DefMDIChildProcA
0x483b64 DefFrameProcA
0x483b68 CreatePopupMenu
0x483b6c CreateMenu
0x483b70 CreateIcon
0x483b74 CloseClipboard
0x483b78 ClientToScreen
0x483b7c CheckMenuItem
0x483b80 CallWindowProcA
0x483b84 CallNextHookEx
0x483b88 BeginPaint
0x483b8c CharNextA
0x483b90 CharLowerBuffA
0x483b94 CharLowerA
0x483b98 CharUpperBuffA
0x483b9c CharToOemA
0x483ba0 AdjustWindowRectEx
0x483ba4 ActivateKeyboardLayout
gdi32.dll
0x483bac UnrealizeObject
0x483bb0 StretchBlt
0x483bb4 SetWindowOrgEx
0x483bb8 SetWinMetaFileBits
0x483bbc SetViewportOrgEx
0x483bc0 SetTextColor
0x483bc4 SetStretchBltMode
0x483bc8 SetROP2
0x483bcc SetPixel
0x483bd0 SetEnhMetaFileBits
0x483bd4 SetDIBColorTable
0x483bd8 SetBrushOrgEx
0x483bdc SetBkMode
0x483be0 SetBkColor
0x483be4 SelectPalette
0x483be8 SelectObject
0x483bec SaveDC
0x483bf0 RestoreDC
0x483bf4 Rectangle
0x483bf8 RectVisible
0x483bfc RealizePalette
0x483c00 Polyline
0x483c04 Polygon
0x483c08 PlayEnhMetaFile
0x483c0c PatBlt
0x483c10 MoveToEx
0x483c14 MaskBlt
0x483c18 LineTo
0x483c1c IntersectClipRect
0x483c20 GetWindowOrgEx
0x483c24 GetWinMetaFileBits
0x483c28 GetTextMetricsA
0x483c2c GetTextExtentPointA
0x483c30 GetTextExtentPoint32A
0x483c34 GetTextAlign
0x483c38 GetSystemPaletteEntries
0x483c3c GetStockObject
0x483c40 GetRgnBox
0x483c44 GetROP2
0x483c48 GetPolyFillMode
0x483c4c GetPixelFormat
0x483c50 GetPixel
0x483c54 GetPaletteEntries
0x483c58 GetObjectA
0x483c5c GetMapMode
0x483c60 GetEnhMetaFilePaletteEntries
0x483c64 GetEnhMetaFileHeader
0x483c68 GetEnhMetaFileBits
0x483c6c GetDeviceCaps
0x483c70 GetDIBits
0x483c74 GetDIBColorTable
0x483c78 GetDCOrgEx
0x483c7c GetDCPenColor
0x483c80 GetDCBrushColor
0x483c84 GetCurrentPositionEx
0x483c88 GetClipBox
0x483c8c GetBrushOrgEx
0x483c90 GetBkColor
0x483c94 GetBitmapBits
0x483c98 GdiFlush
0x483c9c ExcludeClipRect
0x483ca0 DeleteObject
0x483ca4 DeleteEnhMetaFile
0x483ca8 DeleteDC
0x483cac CreateSolidBrush
0x483cb0 CreatePenIndirect
0x483cb4 CreatePalette
0x483cb8 CreateHalftonePalette
0x483cbc CreateFontIndirectA
0x483cc0 CreateDIBitmap
0x483cc4 CreateDIBSection
0x483cc8 CreateCompatibleDC
0x483ccc CreateCompatibleBitmap
0x483cd0 CreateBrushIndirect
0x483cd4 CreateBitmap
0x483cd8 CopyEnhMetaFileA
0x483cdc BitBlt
version.dll
0x483ce4 VerQueryValueA
0x483ce8 GetFileVersionInfoSizeA
0x483cec GetFileVersionInfoA
kernel32.dll
0x483cf4 lstrcpyA
0x483cf8 WriteFile
0x483cfc WaitForSingleObject
0x483d00 VirtualQuery
0x483d04 VirtualProtect
0x483d08 VirtualAlloc
0x483d0c SizeofResource
0x483d10 SetThreadLocale
0x483d14 SetFilePointer
0x483d18 SetEvent
0x483d1c SetErrorMode
0x483d20 SetEndOfFile
0x483d24 ResetEvent
0x483d28 ReadFile
0x483d2c MultiByteToWideChar
0x483d30 MulDiv
0x483d34 LockResource
0x483d38 LoadResource
0x483d3c LoadLibraryA
0x483d40 LeaveCriticalSection
0x483d44 InitializeCriticalSection
0x483d48 GlobalUnlock
0x483d4c GlobalLock
0x483d50 GlobalFree
0x483d54 GlobalFindAtomA
0x483d58 GlobalDeleteAtom
0x483d5c GlobalAlloc
0x483d60 GlobalAddAtomA
0x483d64 GetVersionExA
0x483d68 GetVersion
0x483d6c GetTickCount
0x483d70 GetThreadLocale
0x483d74 GetStdHandle
0x483d78 GetProcAddress
0x483d7c GetModuleHandleA
0x483d80 GetModuleFileNameA
0x483d84 GetLocaleInfoA
0x483d88 GetLocalTime
0x483d8c GetLastError
0x483d90 GetFullPathNameA
0x483d94 GetFileAttributesA
0x483d98 GetDiskFreeSpaceA
0x483d9c GetDateFormatA
0x483da0 GetCurrentThreadId
0x483da4 GetCurrentProcessId
0x483da8 GetCPInfo
0x483dac FreeResource
0x483db0 InterlockedExchange
0x483db4 FreeLibrary
0x483db8 FormatMessageA
0x483dbc FindResourceA
0x483dc0 EnumCalendarInfoA
0x483dc4 EnterCriticalSection
0x483dc8 DeleteFileA
0x483dcc DeleteCriticalSection
0x483dd0 CreateThread
0x483dd4 CreateFileA
0x483dd8 CreateEventA
0x483ddc CompareStringA
0x483de0 CloseHandle
advapi32.dll
0x483de8 RegQueryValueExA
0x483dec RegOpenKeyExA
0x483df0 RegFlushKey
0x483df4 RegCloseKey
oleaut32.dll
0x483dfc GetErrorInfo
0x483e00 VariantInit
0x483e04 SysFreeString
ole32.dll
0x483e0c CoUninitialize
0x483e10 CoInitialize
kernel32.dll
0x483e18 Sleep
oleaut32.dll
0x483e20 SafeArrayPtrOfIndex
0x483e24 SafeArrayGetUBound
0x483e28 SafeArrayGetLBound
0x483e2c SafeArrayCreate
0x483e30 VariantChangeType
0x483e34 VariantCopyInd
0x483e38 VariantCopy
0x483e3c VariantClear
0x483e40 VariantInit
comctl32.dll
0x483e48 _TrackMouseEvent
0x483e4c ImageList_SetIconSize
0x483e50 ImageList_GetIconSize
0x483e54 ImageList_Write
0x483e58 ImageList_Read
0x483e5c ImageList_GetDragImage
0x483e60 ImageList_DragShowNolock
0x483e64 ImageList_DragMove
0x483e68 ImageList_DragLeave
0x483e6c ImageList_DragEnter
0x483e70 ImageList_EndDrag
0x483e74 ImageList_BeginDrag
0x483e78 ImageList_Remove
0x483e7c ImageList_DrawEx
0x483e80 ImageList_Replace
0x483e84 ImageList_Draw
0x483e88 ImageList_GetBkColor
0x483e8c ImageList_SetBkColor
0x483e90 ImageList_Add
0x483e94 ImageList_GetImageCount
0x483e98 ImageList_Destroy
0x483e9c ImageList_Create
oleacc.dll
0x483ea4 LresultFromObject
winmm.dll
0x483eac sndPlaySoundA
URL
0x483eb4 InetIsOffline
EAT(Export Address Table) is none