ScreenShot
| Created | 2021.10.16 13:26 | Machine | s1_win7_x6401 |
| Filename | Oxqfxohrjqryauuonybvsdergonzrywtkp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (Zusy, Unsafe, ZelphiCO, QKW@aKdIgUii, Delf, Eldorado, GenKryptik, FMBZ, Malicious, susgen, ai score=83, kcloud, Tnega, score, Artemis, BScope, Noon, R002H0DJF21, EQAC, RnkBend) | ||
| md5 | a8521386eacf0f858077249faa381763 | ||
| sha256 | 2df667c2a61c1cc161df7e8e1d7dcf1407a0bc30eb7eaf881c835fecfde5f086 | ||
| ssdeep | 12288:0SvSsA2JxPaLrNgLGKXhfLeoZ10VicVp7+SnqyUz:0AdLzPCrNgLfXhaoZuVTvpqyA | ||
| imphash | 12666343f95da9cc22c238274d75b6c6 | ||
| impfuzzy | 192:oV3MSbuu9xSUvK9kso1XEpeFJCKg1O+POQ0:43B9q9uO1xPOQ0 | ||
Network IP location
Signature (21cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (38cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x47a77c SysFreeString
0x47a780 SysReAllocStringLen
0x47a784 SysAllocStringLen
advapi32.dll
0x47a78c RegQueryValueExA
0x47a790 RegOpenKeyExA
0x47a794 RegCloseKey
user32.dll
0x47a79c GetKeyboardType
0x47a7a0 DestroyWindow
0x47a7a4 LoadStringA
0x47a7a8 MessageBoxA
0x47a7ac CharNextA
kernel32.dll
0x47a7b4 GetACP
0x47a7b8 Sleep
0x47a7bc VirtualFree
0x47a7c0 VirtualAlloc
0x47a7c4 GetTickCount
0x47a7c8 QueryPerformanceCounter
0x47a7cc GetCurrentThreadId
0x47a7d0 InterlockedDecrement
0x47a7d4 InterlockedIncrement
0x47a7d8 VirtualQuery
0x47a7dc WideCharToMultiByte
0x47a7e0 MultiByteToWideChar
0x47a7e4 lstrlenA
0x47a7e8 lstrcpynA
0x47a7ec LoadLibraryExA
0x47a7f0 GetThreadLocale
0x47a7f4 GetStartupInfoA
0x47a7f8 GetProcAddress
0x47a7fc GetModuleHandleA
0x47a800 GetModuleFileNameA
0x47a804 GetLocaleInfoA
0x47a808 GetLastError
0x47a80c GetCommandLineA
0x47a810 FreeLibrary
0x47a814 FindFirstFileA
0x47a818 FindClose
0x47a81c ExitProcess
0x47a820 CompareStringA
0x47a824 WriteFile
0x47a828 UnhandledExceptionFilter
0x47a82c SetFilePointer
0x47a830 SetEndOfFile
0x47a834 RtlUnwind
0x47a838 ReadFile
0x47a83c RaiseException
0x47a840 GetStdHandle
0x47a844 GetFileSize
0x47a848 GetFileType
0x47a84c CreateFileA
0x47a850 CloseHandle
kernel32.dll
0x47a858 TlsSetValue
0x47a85c TlsGetValue
0x47a860 LocalAlloc
0x47a864 GetModuleHandleA
user32.dll
0x47a86c CreateWindowExA
0x47a870 WindowFromPoint
0x47a874 WaitMessage
0x47a878 UpdateWindow
0x47a87c UnregisterClassA
0x47a880 UnhookWindowsHookEx
0x47a884 TranslateMessage
0x47a888 TranslateMDISysAccel
0x47a88c TrackPopupMenu
0x47a890 SystemParametersInfoA
0x47a894 ShowWindow
0x47a898 ShowScrollBar
0x47a89c ShowOwnedPopups
0x47a8a0 SetWindowRgn
0x47a8a4 SetWindowsHookExA
0x47a8a8 SetWindowTextA
0x47a8ac SetWindowPos
0x47a8b0 SetWindowPlacement
0x47a8b4 SetWindowLongW
0x47a8b8 SetWindowLongA
0x47a8bc SetTimer
0x47a8c0 SetScrollRange
0x47a8c4 SetScrollPos
0x47a8c8 SetScrollInfo
0x47a8cc SetRect
0x47a8d0 SetPropA
0x47a8d4 SetParent
0x47a8d8 SetMenuItemInfoA
0x47a8dc SetMenu
0x47a8e0 SetForegroundWindow
0x47a8e4 SetFocus
0x47a8e8 SetCursor
0x47a8ec SetClassLongA
0x47a8f0 SetCapture
0x47a8f4 SetActiveWindow
0x47a8f8 SendMessageW
0x47a8fc SendMessageA
0x47a900 ScrollWindow
0x47a904 ScreenToClient
0x47a908 RemovePropA
0x47a90c RemoveMenu
0x47a910 ReleaseDC
0x47a914 ReleaseCapture
0x47a918 RegisterWindowMessageA
0x47a91c RegisterClipboardFormatA
0x47a920 RegisterClassA
0x47a924 RedrawWindow
0x47a928 PtInRect
0x47a92c PostQuitMessage
0x47a930 PostMessageA
0x47a934 PeekMessageW
0x47a938 PeekMessageA
0x47a93c OffsetRect
0x47a940 OemToCharA
0x47a944 MessageBoxA
0x47a948 MapWindowPoints
0x47a94c MapVirtualKeyA
0x47a950 LoadStringA
0x47a954 LoadKeyboardLayoutA
0x47a958 LoadIconA
0x47a95c LoadCursorA
0x47a960 LoadBitmapA
0x47a964 KillTimer
0x47a968 IsZoomed
0x47a96c IsWindowVisible
0x47a970 IsWindowUnicode
0x47a974 IsWindowEnabled
0x47a978 IsWindow
0x47a97c IsRectEmpty
0x47a980 IsIconic
0x47a984 IsDialogMessageW
0x47a988 IsDialogMessageA
0x47a98c IsChild
0x47a990 InvalidateRect
0x47a994 IntersectRect
0x47a998 InsertMenuItemA
0x47a99c InsertMenuA
0x47a9a0 InflateRect
0x47a9a4 GetWindowThreadProcessId
0x47a9a8 GetWindowTextA
0x47a9ac GetWindowRect
0x47a9b0 GetWindowPlacement
0x47a9b4 GetWindowLongW
0x47a9b8 GetWindowLongA
0x47a9bc GetWindowDC
0x47a9c0 GetTopWindow
0x47a9c4 GetSystemMetrics
0x47a9c8 GetSystemMenu
0x47a9cc GetSysColorBrush
0x47a9d0 GetSysColor
0x47a9d4 GetSubMenu
0x47a9d8 GetScrollRange
0x47a9dc GetScrollPos
0x47a9e0 GetScrollInfo
0x47a9e4 GetPropA
0x47a9e8 GetParent
0x47a9ec GetWindow
0x47a9f0 GetMessagePos
0x47a9f4 GetMenuStringA
0x47a9f8 GetMenuState
0x47a9fc GetMenuItemInfoA
0x47aa00 GetMenuItemID
0x47aa04 GetMenuItemCount
0x47aa08 GetMenu
0x47aa0c GetLastActivePopup
0x47aa10 GetKeyboardState
0x47aa14 GetKeyboardLayoutNameA
0x47aa18 GetKeyboardLayoutList
0x47aa1c GetKeyboardLayout
0x47aa20 GetKeyState
0x47aa24 GetKeyNameTextA
0x47aa28 GetIconInfo
0x47aa2c GetForegroundWindow
0x47aa30 GetFocus
0x47aa34 GetDesktopWindow
0x47aa38 GetDCEx
0x47aa3c GetDC
0x47aa40 GetCursorPos
0x47aa44 GetCursor
0x47aa48 GetClipboardData
0x47aa4c GetClientRect
0x47aa50 GetClassLongA
0x47aa54 GetClassInfoA
0x47aa58 GetCapture
0x47aa5c GetActiveWindow
0x47aa60 FrameRect
0x47aa64 FindWindowA
0x47aa68 FillRect
0x47aa6c EqualRect
0x47aa70 EnumWindows
0x47aa74 EnumThreadWindows
0x47aa78 EnumChildWindows
0x47aa7c EndPaint
0x47aa80 EnableWindow
0x47aa84 EnableScrollBar
0x47aa88 EnableMenuItem
0x47aa8c DrawTextA
0x47aa90 DrawMenuBar
0x47aa94 DrawIconEx
0x47aa98 DrawIcon
0x47aa9c DrawFrameControl
0x47aaa0 DrawEdge
0x47aaa4 DispatchMessageW
0x47aaa8 DispatchMessageA
0x47aaac DestroyWindow
0x47aab0 DestroyMenu
0x47aab4 DestroyIcon
0x47aab8 DestroyCursor
0x47aabc DeleteMenu
0x47aac0 DefWindowProcA
0x47aac4 DefMDIChildProcA
0x47aac8 DefFrameProcA
0x47aacc CreatePopupMenu
0x47aad0 CreateMenu
0x47aad4 CreateIcon
0x47aad8 ClientToScreen
0x47aadc CheckMenuItem
0x47aae0 CallWindowProcA
0x47aae4 CallNextHookEx
0x47aae8 BeginPaint
0x47aaec CharNextA
0x47aaf0 CharLowerBuffA
0x47aaf4 CharLowerA
0x47aaf8 CharToOemA
0x47aafc AdjustWindowRectEx
0x47ab00 ActivateKeyboardLayout
gdi32.dll
0x47ab08 UnrealizeObject
0x47ab0c StretchBlt
0x47ab10 SetWindowOrgEx
0x47ab14 SetWinMetaFileBits
0x47ab18 SetViewportOrgEx
0x47ab1c SetTextColor
0x47ab20 SetStretchBltMode
0x47ab24 SetROP2
0x47ab28 SetPixel
0x47ab2c SetEnhMetaFileBits
0x47ab30 SetDIBColorTable
0x47ab34 SetBrushOrgEx
0x47ab38 SetBkMode
0x47ab3c SetBkColor
0x47ab40 SelectPalette
0x47ab44 SelectObject
0x47ab48 SaveDC
0x47ab4c RestoreDC
0x47ab50 Rectangle
0x47ab54 RectVisible
0x47ab58 RealizePalette
0x47ab5c PlayEnhMetaFile
0x47ab60 PatBlt
0x47ab64 MoveToEx
0x47ab68 MaskBlt
0x47ab6c LineTo
0x47ab70 IntersectClipRect
0x47ab74 GetWindowOrgEx
0x47ab78 GetWinMetaFileBits
0x47ab7c GetTextMetricsA
0x47ab80 GetTextExtentPoint32A
0x47ab84 GetSystemPaletteEntries
0x47ab88 GetStockObject
0x47ab8c GetRgnBox
0x47ab90 GetPixelFormat
0x47ab94 GetPixel
0x47ab98 GetPaletteEntries
0x47ab9c GetObjectA
0x47aba0 GetEnhMetaFilePaletteEntries
0x47aba4 GetEnhMetaFileHeader
0x47aba8 GetEnhMetaFileBits
0x47abac GetDeviceCaps
0x47abb0 GetDIBits
0x47abb4 GetDIBColorTable
0x47abb8 GetDCOrgEx
0x47abbc GetCurrentPositionEx
0x47abc0 GetClipBox
0x47abc4 GetBrushOrgEx
0x47abc8 GetBitmapBits
0x47abcc GdiFlush
0x47abd0 ExcludeClipRect
0x47abd4 DeleteObject
0x47abd8 DeleteEnhMetaFile
0x47abdc DeleteDC
0x47abe0 CreateSolidBrush
0x47abe4 CreateRectRgn
0x47abe8 CreatePenIndirect
0x47abec CreatePalette
0x47abf0 CreateHalftonePalette
0x47abf4 CreateFontIndirectA
0x47abf8 CreateDIBitmap
0x47abfc CreateDIBSection
0x47ac00 CreateCompatibleDC
0x47ac04 CreateCompatibleBitmap
0x47ac08 CreateBrushIndirect
0x47ac0c CreateBitmap
0x47ac10 CopyEnhMetaFileA
0x47ac14 CombineRgn
0x47ac18 BitBlt
version.dll
0x47ac20 VerQueryValueA
0x47ac24 GetFileVersionInfoSizeA
0x47ac28 GetFileVersionInfoA
kernel32.dll
0x47ac30 lstrcpyA
0x47ac34 WriteFile
0x47ac38 WaitForSingleObject
0x47ac3c VirtualQuery
0x47ac40 VirtualProtect
0x47ac44 VirtualAlloc
0x47ac48 SizeofResource
0x47ac4c SetThreadLocale
0x47ac50 SetFilePointer
0x47ac54 SetEvent
0x47ac58 SetErrorMode
0x47ac5c SetEndOfFile
0x47ac60 ResetEvent
0x47ac64 ReadFile
0x47ac68 MulDiv
0x47ac6c LockResource
0x47ac70 LoadResource
0x47ac74 LoadLibraryA
0x47ac78 LeaveCriticalSection
0x47ac7c InitializeCriticalSection
0x47ac80 GlobalFindAtomA
0x47ac84 GlobalDeleteAtom
0x47ac88 GlobalAddAtomA
0x47ac8c GetVersionExA
0x47ac90 GetVersion
0x47ac94 GetTickCount
0x47ac98 GetThreadLocale
0x47ac9c GetStdHandle
0x47aca0 GetProcAddress
0x47aca4 GetModuleHandleA
0x47aca8 GetModuleFileNameA
0x47acac GetLocaleInfoA
0x47acb0 GetLocalTime
0x47acb4 GetLastError
0x47acb8 GetFullPathNameA
0x47acbc GetFileAttributesA
0x47acc0 GetDiskFreeSpaceA
0x47acc4 GetDateFormatA
0x47acc8 GetCurrentThreadId
0x47accc GetCurrentProcessId
0x47acd0 GetCurrentProcess
0x47acd4 GetCPInfo
0x47acd8 FreeResource
0x47acdc InterlockedExchange
0x47ace0 FreeLibrary
0x47ace4 FormatMessageA
0x47ace8 FlushInstructionCache
0x47acec FindResourceA
0x47acf0 EnumCalendarInfoA
0x47acf4 EnterCriticalSection
0x47acf8 DeleteCriticalSection
0x47acfc CreateThread
0x47ad00 CreateFileA
0x47ad04 CreateEventA
0x47ad08 CompareStringA
0x47ad0c CloseHandle
advapi32.dll
0x47ad14 RegQueryValueExA
0x47ad18 RegOpenKeyExA
0x47ad1c RegFlushKey
0x47ad20 RegCloseKey
kernel32.dll
0x47ad28 Sleep
oleaut32.dll
0x47ad30 SafeArrayPtrOfIndex
0x47ad34 SafeArrayGetUBound
0x47ad38 SafeArrayGetLBound
0x47ad3c SafeArrayCreate
0x47ad40 VariantChangeType
0x47ad44 VariantCopy
0x47ad48 VariantClear
0x47ad4c VariantInit
comctl32.dll
0x47ad54 _TrackMouseEvent
0x47ad58 ImageList_SetIconSize
0x47ad5c ImageList_GetIconSize
0x47ad60 ImageList_Write
0x47ad64 ImageList_Read
0x47ad68 ImageList_DragShowNolock
0x47ad6c ImageList_DragMove
0x47ad70 ImageList_DragLeave
0x47ad74 ImageList_DragEnter
0x47ad78 ImageList_EndDrag
0x47ad7c ImageList_BeginDrag
0x47ad80 ImageList_Remove
0x47ad84 ImageList_DrawEx
0x47ad88 ImageList_Draw
0x47ad8c ImageList_GetBkColor
0x47ad90 ImageList_SetBkColor
0x47ad94 ImageList_Add
0x47ad98 ImageList_GetImageCount
0x47ad9c ImageList_Destroy
0x47ada0 ImageList_Create
shell32.dll
0x47ada8 Shell_NotifyIconA
winhttp
0x47adb0 WinHttpCheckPlatform
EAT(Export Address Table) is none
oleaut32.dll
0x47a77c SysFreeString
0x47a780 SysReAllocStringLen
0x47a784 SysAllocStringLen
advapi32.dll
0x47a78c RegQueryValueExA
0x47a790 RegOpenKeyExA
0x47a794 RegCloseKey
user32.dll
0x47a79c GetKeyboardType
0x47a7a0 DestroyWindow
0x47a7a4 LoadStringA
0x47a7a8 MessageBoxA
0x47a7ac CharNextA
kernel32.dll
0x47a7b4 GetACP
0x47a7b8 Sleep
0x47a7bc VirtualFree
0x47a7c0 VirtualAlloc
0x47a7c4 GetTickCount
0x47a7c8 QueryPerformanceCounter
0x47a7cc GetCurrentThreadId
0x47a7d0 InterlockedDecrement
0x47a7d4 InterlockedIncrement
0x47a7d8 VirtualQuery
0x47a7dc WideCharToMultiByte
0x47a7e0 MultiByteToWideChar
0x47a7e4 lstrlenA
0x47a7e8 lstrcpynA
0x47a7ec LoadLibraryExA
0x47a7f0 GetThreadLocale
0x47a7f4 GetStartupInfoA
0x47a7f8 GetProcAddress
0x47a7fc GetModuleHandleA
0x47a800 GetModuleFileNameA
0x47a804 GetLocaleInfoA
0x47a808 GetLastError
0x47a80c GetCommandLineA
0x47a810 FreeLibrary
0x47a814 FindFirstFileA
0x47a818 FindClose
0x47a81c ExitProcess
0x47a820 CompareStringA
0x47a824 WriteFile
0x47a828 UnhandledExceptionFilter
0x47a82c SetFilePointer
0x47a830 SetEndOfFile
0x47a834 RtlUnwind
0x47a838 ReadFile
0x47a83c RaiseException
0x47a840 GetStdHandle
0x47a844 GetFileSize
0x47a848 GetFileType
0x47a84c CreateFileA
0x47a850 CloseHandle
kernel32.dll
0x47a858 TlsSetValue
0x47a85c TlsGetValue
0x47a860 LocalAlloc
0x47a864 GetModuleHandleA
user32.dll
0x47a86c CreateWindowExA
0x47a870 WindowFromPoint
0x47a874 WaitMessage
0x47a878 UpdateWindow
0x47a87c UnregisterClassA
0x47a880 UnhookWindowsHookEx
0x47a884 TranslateMessage
0x47a888 TranslateMDISysAccel
0x47a88c TrackPopupMenu
0x47a890 SystemParametersInfoA
0x47a894 ShowWindow
0x47a898 ShowScrollBar
0x47a89c ShowOwnedPopups
0x47a8a0 SetWindowRgn
0x47a8a4 SetWindowsHookExA
0x47a8a8 SetWindowTextA
0x47a8ac SetWindowPos
0x47a8b0 SetWindowPlacement
0x47a8b4 SetWindowLongW
0x47a8b8 SetWindowLongA
0x47a8bc SetTimer
0x47a8c0 SetScrollRange
0x47a8c4 SetScrollPos
0x47a8c8 SetScrollInfo
0x47a8cc SetRect
0x47a8d0 SetPropA
0x47a8d4 SetParent
0x47a8d8 SetMenuItemInfoA
0x47a8dc SetMenu
0x47a8e0 SetForegroundWindow
0x47a8e4 SetFocus
0x47a8e8 SetCursor
0x47a8ec SetClassLongA
0x47a8f0 SetCapture
0x47a8f4 SetActiveWindow
0x47a8f8 SendMessageW
0x47a8fc SendMessageA
0x47a900 ScrollWindow
0x47a904 ScreenToClient
0x47a908 RemovePropA
0x47a90c RemoveMenu
0x47a910 ReleaseDC
0x47a914 ReleaseCapture
0x47a918 RegisterWindowMessageA
0x47a91c RegisterClipboardFormatA
0x47a920 RegisterClassA
0x47a924 RedrawWindow
0x47a928 PtInRect
0x47a92c PostQuitMessage
0x47a930 PostMessageA
0x47a934 PeekMessageW
0x47a938 PeekMessageA
0x47a93c OffsetRect
0x47a940 OemToCharA
0x47a944 MessageBoxA
0x47a948 MapWindowPoints
0x47a94c MapVirtualKeyA
0x47a950 LoadStringA
0x47a954 LoadKeyboardLayoutA
0x47a958 LoadIconA
0x47a95c LoadCursorA
0x47a960 LoadBitmapA
0x47a964 KillTimer
0x47a968 IsZoomed
0x47a96c IsWindowVisible
0x47a970 IsWindowUnicode
0x47a974 IsWindowEnabled
0x47a978 IsWindow
0x47a97c IsRectEmpty
0x47a980 IsIconic
0x47a984 IsDialogMessageW
0x47a988 IsDialogMessageA
0x47a98c IsChild
0x47a990 InvalidateRect
0x47a994 IntersectRect
0x47a998 InsertMenuItemA
0x47a99c InsertMenuA
0x47a9a0 InflateRect
0x47a9a4 GetWindowThreadProcessId
0x47a9a8 GetWindowTextA
0x47a9ac GetWindowRect
0x47a9b0 GetWindowPlacement
0x47a9b4 GetWindowLongW
0x47a9b8 GetWindowLongA
0x47a9bc GetWindowDC
0x47a9c0 GetTopWindow
0x47a9c4 GetSystemMetrics
0x47a9c8 GetSystemMenu
0x47a9cc GetSysColorBrush
0x47a9d0 GetSysColor
0x47a9d4 GetSubMenu
0x47a9d8 GetScrollRange
0x47a9dc GetScrollPos
0x47a9e0 GetScrollInfo
0x47a9e4 GetPropA
0x47a9e8 GetParent
0x47a9ec GetWindow
0x47a9f0 GetMessagePos
0x47a9f4 GetMenuStringA
0x47a9f8 GetMenuState
0x47a9fc GetMenuItemInfoA
0x47aa00 GetMenuItemID
0x47aa04 GetMenuItemCount
0x47aa08 GetMenu
0x47aa0c GetLastActivePopup
0x47aa10 GetKeyboardState
0x47aa14 GetKeyboardLayoutNameA
0x47aa18 GetKeyboardLayoutList
0x47aa1c GetKeyboardLayout
0x47aa20 GetKeyState
0x47aa24 GetKeyNameTextA
0x47aa28 GetIconInfo
0x47aa2c GetForegroundWindow
0x47aa30 GetFocus
0x47aa34 GetDesktopWindow
0x47aa38 GetDCEx
0x47aa3c GetDC
0x47aa40 GetCursorPos
0x47aa44 GetCursor
0x47aa48 GetClipboardData
0x47aa4c GetClientRect
0x47aa50 GetClassLongA
0x47aa54 GetClassInfoA
0x47aa58 GetCapture
0x47aa5c GetActiveWindow
0x47aa60 FrameRect
0x47aa64 FindWindowA
0x47aa68 FillRect
0x47aa6c EqualRect
0x47aa70 EnumWindows
0x47aa74 EnumThreadWindows
0x47aa78 EnumChildWindows
0x47aa7c EndPaint
0x47aa80 EnableWindow
0x47aa84 EnableScrollBar
0x47aa88 EnableMenuItem
0x47aa8c DrawTextA
0x47aa90 DrawMenuBar
0x47aa94 DrawIconEx
0x47aa98 DrawIcon
0x47aa9c DrawFrameControl
0x47aaa0 DrawEdge
0x47aaa4 DispatchMessageW
0x47aaa8 DispatchMessageA
0x47aaac DestroyWindow
0x47aab0 DestroyMenu
0x47aab4 DestroyIcon
0x47aab8 DestroyCursor
0x47aabc DeleteMenu
0x47aac0 DefWindowProcA
0x47aac4 DefMDIChildProcA
0x47aac8 DefFrameProcA
0x47aacc CreatePopupMenu
0x47aad0 CreateMenu
0x47aad4 CreateIcon
0x47aad8 ClientToScreen
0x47aadc CheckMenuItem
0x47aae0 CallWindowProcA
0x47aae4 CallNextHookEx
0x47aae8 BeginPaint
0x47aaec CharNextA
0x47aaf0 CharLowerBuffA
0x47aaf4 CharLowerA
0x47aaf8 CharToOemA
0x47aafc AdjustWindowRectEx
0x47ab00 ActivateKeyboardLayout
gdi32.dll
0x47ab08 UnrealizeObject
0x47ab0c StretchBlt
0x47ab10 SetWindowOrgEx
0x47ab14 SetWinMetaFileBits
0x47ab18 SetViewportOrgEx
0x47ab1c SetTextColor
0x47ab20 SetStretchBltMode
0x47ab24 SetROP2
0x47ab28 SetPixel
0x47ab2c SetEnhMetaFileBits
0x47ab30 SetDIBColorTable
0x47ab34 SetBrushOrgEx
0x47ab38 SetBkMode
0x47ab3c SetBkColor
0x47ab40 SelectPalette
0x47ab44 SelectObject
0x47ab48 SaveDC
0x47ab4c RestoreDC
0x47ab50 Rectangle
0x47ab54 RectVisible
0x47ab58 RealizePalette
0x47ab5c PlayEnhMetaFile
0x47ab60 PatBlt
0x47ab64 MoveToEx
0x47ab68 MaskBlt
0x47ab6c LineTo
0x47ab70 IntersectClipRect
0x47ab74 GetWindowOrgEx
0x47ab78 GetWinMetaFileBits
0x47ab7c GetTextMetricsA
0x47ab80 GetTextExtentPoint32A
0x47ab84 GetSystemPaletteEntries
0x47ab88 GetStockObject
0x47ab8c GetRgnBox
0x47ab90 GetPixelFormat
0x47ab94 GetPixel
0x47ab98 GetPaletteEntries
0x47ab9c GetObjectA
0x47aba0 GetEnhMetaFilePaletteEntries
0x47aba4 GetEnhMetaFileHeader
0x47aba8 GetEnhMetaFileBits
0x47abac GetDeviceCaps
0x47abb0 GetDIBits
0x47abb4 GetDIBColorTable
0x47abb8 GetDCOrgEx
0x47abbc GetCurrentPositionEx
0x47abc0 GetClipBox
0x47abc4 GetBrushOrgEx
0x47abc8 GetBitmapBits
0x47abcc GdiFlush
0x47abd0 ExcludeClipRect
0x47abd4 DeleteObject
0x47abd8 DeleteEnhMetaFile
0x47abdc DeleteDC
0x47abe0 CreateSolidBrush
0x47abe4 CreateRectRgn
0x47abe8 CreatePenIndirect
0x47abec CreatePalette
0x47abf0 CreateHalftonePalette
0x47abf4 CreateFontIndirectA
0x47abf8 CreateDIBitmap
0x47abfc CreateDIBSection
0x47ac00 CreateCompatibleDC
0x47ac04 CreateCompatibleBitmap
0x47ac08 CreateBrushIndirect
0x47ac0c CreateBitmap
0x47ac10 CopyEnhMetaFileA
0x47ac14 CombineRgn
0x47ac18 BitBlt
version.dll
0x47ac20 VerQueryValueA
0x47ac24 GetFileVersionInfoSizeA
0x47ac28 GetFileVersionInfoA
kernel32.dll
0x47ac30 lstrcpyA
0x47ac34 WriteFile
0x47ac38 WaitForSingleObject
0x47ac3c VirtualQuery
0x47ac40 VirtualProtect
0x47ac44 VirtualAlloc
0x47ac48 SizeofResource
0x47ac4c SetThreadLocale
0x47ac50 SetFilePointer
0x47ac54 SetEvent
0x47ac58 SetErrorMode
0x47ac5c SetEndOfFile
0x47ac60 ResetEvent
0x47ac64 ReadFile
0x47ac68 MulDiv
0x47ac6c LockResource
0x47ac70 LoadResource
0x47ac74 LoadLibraryA
0x47ac78 LeaveCriticalSection
0x47ac7c InitializeCriticalSection
0x47ac80 GlobalFindAtomA
0x47ac84 GlobalDeleteAtom
0x47ac88 GlobalAddAtomA
0x47ac8c GetVersionExA
0x47ac90 GetVersion
0x47ac94 GetTickCount
0x47ac98 GetThreadLocale
0x47ac9c GetStdHandle
0x47aca0 GetProcAddress
0x47aca4 GetModuleHandleA
0x47aca8 GetModuleFileNameA
0x47acac GetLocaleInfoA
0x47acb0 GetLocalTime
0x47acb4 GetLastError
0x47acb8 GetFullPathNameA
0x47acbc GetFileAttributesA
0x47acc0 GetDiskFreeSpaceA
0x47acc4 GetDateFormatA
0x47acc8 GetCurrentThreadId
0x47accc GetCurrentProcessId
0x47acd0 GetCurrentProcess
0x47acd4 GetCPInfo
0x47acd8 FreeResource
0x47acdc InterlockedExchange
0x47ace0 FreeLibrary
0x47ace4 FormatMessageA
0x47ace8 FlushInstructionCache
0x47acec FindResourceA
0x47acf0 EnumCalendarInfoA
0x47acf4 EnterCriticalSection
0x47acf8 DeleteCriticalSection
0x47acfc CreateThread
0x47ad00 CreateFileA
0x47ad04 CreateEventA
0x47ad08 CompareStringA
0x47ad0c CloseHandle
advapi32.dll
0x47ad14 RegQueryValueExA
0x47ad18 RegOpenKeyExA
0x47ad1c RegFlushKey
0x47ad20 RegCloseKey
kernel32.dll
0x47ad28 Sleep
oleaut32.dll
0x47ad30 SafeArrayPtrOfIndex
0x47ad34 SafeArrayGetUBound
0x47ad38 SafeArrayGetLBound
0x47ad3c SafeArrayCreate
0x47ad40 VariantChangeType
0x47ad44 VariantCopy
0x47ad48 VariantClear
0x47ad4c VariantInit
comctl32.dll
0x47ad54 _TrackMouseEvent
0x47ad58 ImageList_SetIconSize
0x47ad5c ImageList_GetIconSize
0x47ad60 ImageList_Write
0x47ad64 ImageList_Read
0x47ad68 ImageList_DragShowNolock
0x47ad6c ImageList_DragMove
0x47ad70 ImageList_DragLeave
0x47ad74 ImageList_DragEnter
0x47ad78 ImageList_EndDrag
0x47ad7c ImageList_BeginDrag
0x47ad80 ImageList_Remove
0x47ad84 ImageList_DrawEx
0x47ad88 ImageList_Draw
0x47ad8c ImageList_GetBkColor
0x47ad90 ImageList_SetBkColor
0x47ad94 ImageList_Add
0x47ad98 ImageList_GetImageCount
0x47ad9c ImageList_Destroy
0x47ada0 ImageList_Create
shell32.dll
0x47ada8 Shell_NotifyIconA
winhttp
0x47adb0 WinHttpCheckPlatform
EAT(Export Address Table) is none