ScreenShot
| Created | 2021.11.02 22:14 | Machine | s1_win7_x6401 |
| Filename | Chiamando.exe.com | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (Wacatac) | ||
| md5 | 78ba0653a340bac5ff152b21a83626cc | ||
| sha256 | 05d8cf394190f3a707abfb25fb44d7da9d5f533d7d2063b23c00cc11253c8be7 | ||
| ssdeep | 24576:FJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:FC7hGOSPT/PxebaiO | ||
| imphash | a49496828f13e090c96f68ca73bcc08e | ||
| impfuzzy | 192:SQtZJ57YYMI3O11AKz1Ai8EIh6urw6BUUhjvNDJB:SGZJ5YYMIsPhn8rwmjvNDJB | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a shortcut to an executable file |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x49d7d8 gethostbyname
0x49d7dc recv
0x49d7e0 send
0x49d7e4 socket
0x49d7e8 inet_ntoa
0x49d7ec setsockopt
0x49d7f0 ntohs
0x49d7f4 WSACleanup
0x49d7f8 WSAStartup
0x49d7fc sendto
0x49d800 htons
0x49d804 __WSAFDIsSet
0x49d808 select
0x49d80c accept
0x49d810 listen
0x49d814 ind
0x49d818 inet_addr
0x49d81c ioctlsocket
0x49d820 recvfrom
0x49d824 WSAGetLastError
0x49d828 closesocket
0x49d82c gethostname
0x49d830 connect
VERSION.dll
0x49d77c GetFileVersionInfoW
0x49d780 VerQueryValueW
0x49d784 GetFileVersionInfoSizeW
WINMM.dll
0x49d7c8 timeGetTime
0x49d7cc waveOutSetVolume
0x49d7d0 mciSendStringW
COMCTL32.dll
0x49d088 ImageList_ReplaceIcon
0x49d08c ImageList_Destroy
0x49d090 ImageList_Remove
0x49d094 ImageList_SetDragCursorImage
0x49d098 ImageList_BeginDrag
0x49d09c ImageList_DragEnter
0x49d0a0 ImageList_DragLeave
0x49d0a4 ImageList_EndDrag
0x49d0a8 ImageList_DragMove
0x49d0ac InitCommonControlsEx
0x49d0b0 ImageList_Create
MPR.dll
0x49d408 WNetGetConnectionW
0x49d40c WNetCancelConnection2W
0x49d410 WNetUseConnectionW
0x49d414 WNetAddConnection2W
WININET.dll
0x49d78c HttpOpenRequestW
0x49d790 InternetCloseHandle
0x49d794 InternetOpenW
0x49d798 InternetSetOptionW
0x49d79c InternetCrackUrlW
0x49d7a0 HttpQueryInfoW
0x49d7a4 InternetQueryOptionW
0x49d7a8 InternetConnectW
0x49d7ac HttpSendRequestW
0x49d7b0 FtpOpenFileW
0x49d7b4 FtpGetFileSize
0x49d7b8 InternetOpenUrlW
0x49d7bc InternetReadFile
0x49d7c0 InternetQueryDataAvailable
PSAPI.DLL
0x49d494 GetProcessMemoryInfo
IPHLPAPI.DLL
0x49d154 IcmpSendEcho
0x49d158 IcmpCloseHandle
0x49d15c IcmpCreateFile
USERENV.dll
0x49d760 DestroyEnvironmentBlock
0x49d764 LoadUserProfileW
0x49d768 CreateEnvironmentBlock
0x49d76c UnloadUserProfile
UxTheme.dll
0x49d774 IsThemeActive
KERNEL32.dll
0x49d164 DuplicateHandle
0x49d168 CreateThread
0x49d16c WaitForSingleObject
0x49d170 HeapAlloc
0x49d174 GetProcessHeap
0x49d178 HeapFree
0x49d17c Sleep
0x49d180 GetCurrentThreadId
0x49d184 MultiByteToWideChar
0x49d188 MulDiv
0x49d18c GetVersionExW
0x49d190 IsWow64Process
0x49d194 GetSystemInfo
0x49d198 FreeLibrary
0x49d19c LoadLibraryA
0x49d1a0 GetProcAddress
0x49d1a4 SetErrorMode
0x49d1a8 GetModuleFileNameW
0x49d1ac WideCharToMultiByte
0x49d1b0 lstrcpyW
0x49d1b4 lstrlenW
0x49d1b8 GetModuleHandleW
0x49d1bc QueryPerformanceCounter
0x49d1c0 VirtualFreeEx
0x49d1c4 OpenProcess
0x49d1c8 VirtualAllocEx
0x49d1cc WriteProcessMemory
0x49d1d0 ReadProcessMemory
0x49d1d4 CreateFileW
0x49d1d8 SetFilePointerEx
0x49d1dc SetEndOfFile
0x49d1e0 ReadFile
0x49d1e4 WriteFile
0x49d1e8 FlushFileBuffers
0x49d1ec TerminateProcess
0x49d1f0 CreateToolhelp32Snapshot
0x49d1f4 Process32FirstW
0x49d1f8 Process32NextW
0x49d1fc SetFileTime
0x49d200 GetFileAttributesW
0x49d204 FindFirstFileW
0x49d208 FindClose
0x49d20c GetLongPathNameW
0x49d210 GetShortPathNameW
0x49d214 DeleteFileW
0x49d218 IsDebuggerPresent
0x49d21c CopyFileExW
0x49d220 MoveFileW
0x49d224 CreateDirectoryW
0x49d228 RemoveDirectoryW
0x49d22c SetSystemPowerState
0x49d230 QueryPerformanceFrequency
0x49d234 LoadResource
0x49d238 LockResource
0x49d23c SizeofResource
0x49d240 OutputDebugStringW
0x49d244 GetTempPathW
0x49d248 GetTempFileNameW
0x49d24c DeviceIoControl
0x49d250 GetLocalTime
0x49d254 CompareStringW
0x49d258 GetCurrentThread
0x49d25c LeaveCriticalSection
0x49d260 GetStdHandle
0x49d264 CreatePipe
0x49d268 InterlockedExchange
0x49d26c TerminateThread
0x49d270 LoadLibraryExW
0x49d274 FindResourceExW
0x49d278 CopyFileW
0x49d27c VirtualFree
0x49d280 FormatMessageW
0x49d284 GetExitCodeProcess
0x49d288 GetPrivateProfileStringW
0x49d28c WritePrivateProfileStringW
0x49d290 GetPrivateProfileSectionW
0x49d294 WritePrivateProfileSectionW
0x49d298 GetPrivateProfileSectionNamesW
0x49d29c FileTimeToLocalFileTime
0x49d2a0 FileTimeToSystemTime
0x49d2a4 SystemTimeToFileTime
0x49d2a8 LocalFileTimeToFileTime
0x49d2ac GetDriveTypeW
0x49d2b0 GetDiskFreeSpaceExW
0x49d2b4 GetDiskFreeSpaceW
0x49d2b8 GetVolumeInformationW
0x49d2bc SetVolumeLabelW
0x49d2c0 CreateHardLinkW
0x49d2c4 SetFileAttributesW
0x49d2c8 CreateEventW
0x49d2cc SetEvent
0x49d2d0 GetEnvironmentVariableW
0x49d2d4 SetEnvironmentVariableW
0x49d2d8 GlobalLock
0x49d2dc GlobalUnlock
0x49d2e0 GlobalAlloc
0x49d2e4 GetFileSize
0x49d2e8 GlobalFree
0x49d2ec GlobalMemoryStatusEx
0x49d2f0 Beep
0x49d2f4 GetSystemDirectoryW
0x49d2f8 HeapReAlloc
0x49d2fc HeapSize
0x49d300 GetComputerNameW
0x49d304 GetWindowsDirectoryW
0x49d308 GetCurrentProcessId
0x49d30c GetProcessIoCounters
0x49d310 CreateProcessW
0x49d314 GetProcessId
0x49d318 SetPriorityClass
0x49d31c LoadLibraryW
0x49d320 VirtualAlloc
0x49d324 GetCurrentDirectoryW
0x49d328 lstrcmpiW
0x49d32c DecodePointer
0x49d330 GetLastError
0x49d334 RaiseException
0x49d338 InitializeCriticalSectionAndSpinCount
0x49d33c DeleteCriticalSection
0x49d340 InterlockedDecrement
0x49d344 InterlockedIncrement
0x49d348 ResetEvent
0x49d34c WaitForSingleObjectEx
0x49d350 IsProcessorFeaturePresent
0x49d354 UnhandledExceptionFilter
0x49d358 SetUnhandledExceptionFilter
0x49d35c GetCurrentProcess
0x49d360 CloseHandle
0x49d364 GetFullPathNameW
0x49d368 EnterCriticalSection
0x49d36c GetStartupInfoW
0x49d370 GetSystemTimeAsFileTime
0x49d374 InitializeSListHead
0x49d378 RtlUnwind
0x49d37c SetLastError
0x49d380 TlsAlloc
0x49d384 TlsGetValue
0x49d388 TlsSetValue
0x49d38c TlsFree
0x49d390 EncodePointer
0x49d394 ExitProcess
0x49d398 GetModuleHandleExW
0x49d39c ExitThread
0x49d3a0 ResumeThread
0x49d3a4 FreeLibraryAndExitThread
0x49d3a8 GetACP
0x49d3ac GetDateFormatW
0x49d3b0 GetTimeFormatW
0x49d3b4 LCMapStringW
0x49d3b8 GetStringTypeW
0x49d3bc GetFileType
0x49d3c0 SetStdHandle
0x49d3c4 GetConsoleCP
0x49d3c8 GetConsoleMode
0x49d3cc ReadConsoleW
0x49d3d0 GetTimeZoneInformation
0x49d3d4 FindFirstFileExW
0x49d3d8 IsValidCodePage
0x49d3dc GetOEMCP
0x49d3e0 GetCPInfo
0x49d3e4 GetCommandLineA
0x49d3e8 GetCommandLineW
0x49d3ec GetEnvironmentStringsW
0x49d3f0 FreeEnvironmentStringsW
0x49d3f4 SetEnvironmentVariableA
0x49d3f8 SetCurrentDirectoryW
0x49d3fc FindNextFileW
0x49d400 WriteConsoleW
USER32.dll
0x49d4dc GetKeyboardLayoutNameW
0x49d4e0 IsCharAlphaW
0x49d4e4 IsCharAlphaNumericW
0x49d4e8 IsCharLowerW
0x49d4ec IsCharUpperW
0x49d4f0 GetMenuStringW
0x49d4f4 GetSubMenu
0x49d4f8 GetCaretPos
0x49d4fc IsZoomed
0x49d500 MonitorFromPoint
0x49d504 GetMonitorInfoW
0x49d508 SetLayeredWindowAttributes
0x49d50c FlashWindow
0x49d510 GetClassLongW
0x49d514 TranslateAcceleratorW
0x49d518 IsDialogMessageW
0x49d51c GetSysColor
0x49d520 InflateRect
0x49d524 DrawFocusRect
0x49d528 DrawTextW
0x49d52c FrameRect
0x49d530 DrawFrameControl
0x49d534 FillRect
0x49d538 PtInRect
0x49d53c DestroyAcceleratorTable
0x49d540 CreateAcceleratorTableW
0x49d544 SetCursor
0x49d548 GetWindowDC
0x49d54c GetSystemMetrics
0x49d550 GetActiveWindow
0x49d554 CharNextW
0x49d558 wsprintfW
0x49d55c RedrawWindow
0x49d560 DrawMenuBar
0x49d564 DestroyMenu
0x49d568 SetMenu
0x49d56c GetWindowTextLengthW
0x49d570 CreateMenu
0x49d574 IsDlgButtonChecked
0x49d578 DefDlgProcW
0x49d57c CallWindowProcW
0x49d580 ReleaseCapture
0x49d584 SetCapture
0x49d588 PeekMessageW
0x49d58c GetInputState
0x49d590 UnregisterHotKey
0x49d594 CharLowerBuffW
0x49d598 MonitorFromRect
0x49d59c LoadImageW
0x49d5a0 mouse_event
0x49d5a4 ExitWindowsEx
0x49d5a8 SetActiveWindow
0x49d5ac FindWindowExW
0x49d5b0 EnumThreadWindows
0x49d5b4 SetMenuDefaultItem
0x49d5b8 InsertMenuItemW
0x49d5bc IsMenu
0x49d5c0 TrackPopupMenuEx
0x49d5c4 ClientToScreen
0x49d5c8 DeleteMenu
0x49d5cc CheckMenuRadioItem
0x49d5d0 GetMenuItemID
0x49d5d4 GetMenuItemCount
0x49d5d8 SetMenuItemInfoW
0x49d5dc GetMenuItemInfoW
0x49d5e0 SetForegroundWindow
0x49d5e4 IsIconic
0x49d5e8 FindWindowW
0x49d5ec SystemParametersInfoW
0x49d5f0 keybd_event
0x49d5f4 LockWindowUpdate
0x49d5f8 GetAsyncKeyState
0x49d5fc SetKeyboardState
0x49d600 GetKeyboardState
0x49d604 GetKeyState
0x49d608 VkKeyScanW
0x49d60c LoadStringW
0x49d610 DialogBoxParamW
0x49d614 MessageBeep
0x49d618 EndDialog
0x49d61c SendDlgItemMessageW
0x49d620 GetDlgItem
0x49d624 SetWindowTextW
0x49d628 CopyRect
0x49d62c ReleaseDC
0x49d630 GetDC
0x49d634 EndPaint
0x49d638 BeginPaint
0x49d63c GetClientRect
0x49d640 GetMenu
0x49d644 DestroyWindow
0x49d648 EnumWindows
0x49d64c GetDesktopWindow
0x49d650 IsWindow
0x49d654 IsWindowEnabled
0x49d658 IsWindowVisible
0x49d65c EnableWindow
0x49d660 InvalidateRect
0x49d664 GetWindowLongW
0x49d668 GetWindowThreadProcessId
0x49d66c AttachThreadInput
0x49d670 GetFocus
0x49d674 GetWindowTextW
0x49d678 ScreenToClient
0x49d67c EnumChildWindows
0x49d680 CharUpperBuffW
0x49d684 GetClassNameW
0x49d688 GetParent
0x49d68c GetDlgCtrlID
0x49d690 MapVirtualKeyW
0x49d694 PostMessageW
0x49d698 GetWindowRect
0x49d69c SetUserObjectSecurity
0x49d6a0 CloseDesktop
0x49d6a4 CloseWindowStation
0x49d6a8 OpenDesktopW
0x49d6ac SetProcessWindowStation
0x49d6b0 GetProcessWindowStation
0x49d6b4 RegisterHotKey
0x49d6b8 GetCursorInfo
0x49d6bc SetWindowPos
0x49d6c0 CopyImage
0x49d6c4 AdjustWindowRectEx
0x49d6c8 SetRect
0x49d6cc SetClipboardData
0x49d6d0 EmptyClipboard
0x49d6d4 CountClipboardFormats
0x49d6d8 CloseClipboard
0x49d6dc GetClipboardData
0x49d6e0 IsClipboardFormatAvailable
0x49d6e4 OpenClipboard
0x49d6e8 BlockInput
0x49d6ec GetCursorPos
0x49d6f0 GetMessageW
0x49d6f4 OpenWindowStationW
0x49d6f8 GetUserObjectSecurity
0x49d6fc MessageBoxW
0x49d700 DefWindowProcW
0x49d704 MoveWindow
0x49d708 SetFocus
0x49d70c PostQuitMessage
0x49d710 KillTimer
0x49d714 CreatePopupMenu
0x49d718 RegisterWindowMessageW
0x49d71c SetTimer
0x49d720 ShowWindow
0x49d724 RegisterClassExW
0x49d728 LoadIconW
0x49d72c LoadCursorW
0x49d730 GetSysColorBrush
0x49d734 GetForegroundWindow
0x49d738 MessageBoxA
0x49d73c DestroyIcon
0x49d740 SetWindowLongW
0x49d744 CreateWindowExW
0x49d748 SendMessageW
0x49d74c DispatchMessageW
0x49d750 SendInput
0x49d754 TranslateMessage
0x49d758 SendMessageTimeoutW
GDI32.dll
0x49d0c4 EndPath
0x49d0c8 DeleteObject
0x49d0cc GetTextExtentPoint32W
0x49d0d0 ExtCreatePen
0x49d0d4 StrokeAndFillPath
0x49d0d8 GetDeviceCaps
0x49d0dc SetPixel
0x49d0e0 CloseFigure
0x49d0e4 LineTo
0x49d0e8 AngleArc
0x49d0ec MoveToEx
0x49d0f0 Ellipse
0x49d0f4 CreateCompatibleBitmap
0x49d0f8 CreateCompatibleDC
0x49d0fc PolyDraw
0x49d100 BeginPath
0x49d104 Rectangle
0x49d108 SetViewportOrgEx
0x49d10c GetObjectW
0x49d110 SetBkMode
0x49d114 RoundRect
0x49d118 SetBkColor
0x49d11c CreatePen
0x49d120 SelectObject
0x49d124 StretchBlt
0x49d128 CreateSolidBrush
0x49d12c SetTextColor
0x49d130 CreateFontW
0x49d134 GetTextFaceW
0x49d138 GetStockObject
0x49d13c CreateDCW
0x49d140 GetPixel
0x49d144 DeleteDC
0x49d148 GetDIBits
0x49d14c StrokePath
COMDLG32.dll
0x49d0b8 GetSaveFileNameW
0x49d0bc GetOpenFileNameW
ADVAPI32.dll
0x49d000 GetAce
0x49d004 RegEnumValueW
0x49d008 RegDeleteValueW
0x49d00c RegDeleteKeyW
0x49d010 RegEnumKeyExW
0x49d014 RegSetValueExW
0x49d018 RegOpenKeyExW
0x49d01c RegCloseKey
0x49d020 RegQueryValueExW
0x49d024 RegConnectRegistryW
0x49d028 InitializeSecurityDescriptor
0x49d02c InitializeAcl
0x49d030 AdjustTokenPrivileges
0x49d034 OpenThreadToken
0x49d038 OpenProcessToken
0x49d03c LookupPrivilegeValueW
0x49d040 DuplicateTokenEx
0x49d044 CreateProcessAsUserW
0x49d048 CreateProcessWithLogonW
0x49d04c GetLengthSid
0x49d050 CopySid
0x49d054 LogonUserW
0x49d058 AllocateAndInitializeSid
0x49d05c CheckTokenMembership
0x49d060 FreeSid
0x49d064 GetTokenInformation
0x49d068 RegCreateKeyExW
0x49d06c GetSecurityDescriptorDacl
0x49d070 GetAclInformation
0x49d074 GetUserNameW
0x49d078 AddAce
0x49d07c SetSecurityDescriptorDacl
0x49d080 InitiateSystemShutdownExW
SHELL32.dll
0x49d49c DragFinish
0x49d4a0 DragQueryPoint
0x49d4a4 ShellExecuteExW
0x49d4a8 DragQueryFileW
0x49d4ac SHEmptyRecycleBinW
0x49d4b0 SHGetPathFromIDListW
0x49d4b4 SHBrowseForFolderW
0x49d4b8 SHCreateShellItem
0x49d4bc SHGetDesktopFolder
0x49d4c0 SHGetSpecialFolderLocation
0x49d4c4 SHGetFolderPathW
0x49d4c8 SHFileOperationW
0x49d4cc ExtractIconExW
0x49d4d0 Shell_NotifyIconW
0x49d4d4 ShellExecuteW
ole32.dll
0x49d838 CoTaskMemAlloc
0x49d83c CoTaskMemFree
0x49d840 CLSIDFromString
0x49d844 ProgIDFromCLSID
0x49d848 CLSIDFromProgID
0x49d84c OleSetMenuDescriptor
0x49d850 MkParseDisplayName
0x49d854 OleSetContainedObject
0x49d858 CoCreateInstance
0x49d85c IIDFromString
0x49d860 StringFromGUID2
0x49d864 CreateStreamOnHGlobal
0x49d868 OleInitialize
0x49d86c OleUninitialize
0x49d870 CoInitialize
0x49d874 CoUninitialize
0x49d878 GetRunningObjectTable
0x49d87c CoGetInstanceFromFile
0x49d880 CoGetObject
0x49d884 CoInitializeSecurity
0x49d888 CoCreateInstanceEx
0x49d88c CoSetProxyBlanket
OLEAUT32.dll
0x49d41c CreateStdDispatch
0x49d420 CreateDispTypeInfo
0x49d424 UnRegisterTypeLib
0x49d428 UnRegisterTypeLibForUser
0x49d42c RegisterTypeLibForUser
0x49d430 RegisterTypeLib
0x49d434 LoadTypeLibEx
0x49d438 VariantCopyInd
0x49d43c SysReAllocString
0x49d440 SysFreeString
0x49d444 VariantChangeType
0x49d448 SafeArrayDestroyData
0x49d44c SafeArrayUnaccessData
0x49d450 SafeArrayAccessData
0x49d454 SafeArrayAllocData
0x49d458 SafeArrayAllocDescriptorEx
0x49d45c SafeArrayCreateVector
0x49d460 SysStringLen
0x49d464 QueryPathOfRegTypeLib
0x49d468 SysAllocString
0x49d46c VariantInit
0x49d470 VariantClear
0x49d474 DispCallFunc
0x49d478 VariantTimeToSystemTime
0x49d47c VarR8FromDec
0x49d480 SafeArrayGetVartype
0x49d484 SafeArrayDestroyDescriptor
0x49d488 VariantCopy
0x49d48c OleLoadPicture
EAT(Export Address Table) is none
WSOCK32.dll
0x49d7d8 gethostbyname
0x49d7dc recv
0x49d7e0 send
0x49d7e4 socket
0x49d7e8 inet_ntoa
0x49d7ec setsockopt
0x49d7f0 ntohs
0x49d7f4 WSACleanup
0x49d7f8 WSAStartup
0x49d7fc sendto
0x49d800 htons
0x49d804 __WSAFDIsSet
0x49d808 select
0x49d80c accept
0x49d810 listen
0x49d814 ind
0x49d818 inet_addr
0x49d81c ioctlsocket
0x49d820 recvfrom
0x49d824 WSAGetLastError
0x49d828 closesocket
0x49d82c gethostname
0x49d830 connect
VERSION.dll
0x49d77c GetFileVersionInfoW
0x49d780 VerQueryValueW
0x49d784 GetFileVersionInfoSizeW
WINMM.dll
0x49d7c8 timeGetTime
0x49d7cc waveOutSetVolume
0x49d7d0 mciSendStringW
COMCTL32.dll
0x49d088 ImageList_ReplaceIcon
0x49d08c ImageList_Destroy
0x49d090 ImageList_Remove
0x49d094 ImageList_SetDragCursorImage
0x49d098 ImageList_BeginDrag
0x49d09c ImageList_DragEnter
0x49d0a0 ImageList_DragLeave
0x49d0a4 ImageList_EndDrag
0x49d0a8 ImageList_DragMove
0x49d0ac InitCommonControlsEx
0x49d0b0 ImageList_Create
MPR.dll
0x49d408 WNetGetConnectionW
0x49d40c WNetCancelConnection2W
0x49d410 WNetUseConnectionW
0x49d414 WNetAddConnection2W
WININET.dll
0x49d78c HttpOpenRequestW
0x49d790 InternetCloseHandle
0x49d794 InternetOpenW
0x49d798 InternetSetOptionW
0x49d79c InternetCrackUrlW
0x49d7a0 HttpQueryInfoW
0x49d7a4 InternetQueryOptionW
0x49d7a8 InternetConnectW
0x49d7ac HttpSendRequestW
0x49d7b0 FtpOpenFileW
0x49d7b4 FtpGetFileSize
0x49d7b8 InternetOpenUrlW
0x49d7bc InternetReadFile
0x49d7c0 InternetQueryDataAvailable
PSAPI.DLL
0x49d494 GetProcessMemoryInfo
IPHLPAPI.DLL
0x49d154 IcmpSendEcho
0x49d158 IcmpCloseHandle
0x49d15c IcmpCreateFile
USERENV.dll
0x49d760 DestroyEnvironmentBlock
0x49d764 LoadUserProfileW
0x49d768 CreateEnvironmentBlock
0x49d76c UnloadUserProfile
UxTheme.dll
0x49d774 IsThemeActive
KERNEL32.dll
0x49d164 DuplicateHandle
0x49d168 CreateThread
0x49d16c WaitForSingleObject
0x49d170 HeapAlloc
0x49d174 GetProcessHeap
0x49d178 HeapFree
0x49d17c Sleep
0x49d180 GetCurrentThreadId
0x49d184 MultiByteToWideChar
0x49d188 MulDiv
0x49d18c GetVersionExW
0x49d190 IsWow64Process
0x49d194 GetSystemInfo
0x49d198 FreeLibrary
0x49d19c LoadLibraryA
0x49d1a0 GetProcAddress
0x49d1a4 SetErrorMode
0x49d1a8 GetModuleFileNameW
0x49d1ac WideCharToMultiByte
0x49d1b0 lstrcpyW
0x49d1b4 lstrlenW
0x49d1b8 GetModuleHandleW
0x49d1bc QueryPerformanceCounter
0x49d1c0 VirtualFreeEx
0x49d1c4 OpenProcess
0x49d1c8 VirtualAllocEx
0x49d1cc WriteProcessMemory
0x49d1d0 ReadProcessMemory
0x49d1d4 CreateFileW
0x49d1d8 SetFilePointerEx
0x49d1dc SetEndOfFile
0x49d1e0 ReadFile
0x49d1e4 WriteFile
0x49d1e8 FlushFileBuffers
0x49d1ec TerminateProcess
0x49d1f0 CreateToolhelp32Snapshot
0x49d1f4 Process32FirstW
0x49d1f8 Process32NextW
0x49d1fc SetFileTime
0x49d200 GetFileAttributesW
0x49d204 FindFirstFileW
0x49d208 FindClose
0x49d20c GetLongPathNameW
0x49d210 GetShortPathNameW
0x49d214 DeleteFileW
0x49d218 IsDebuggerPresent
0x49d21c CopyFileExW
0x49d220 MoveFileW
0x49d224 CreateDirectoryW
0x49d228 RemoveDirectoryW
0x49d22c SetSystemPowerState
0x49d230 QueryPerformanceFrequency
0x49d234 LoadResource
0x49d238 LockResource
0x49d23c SizeofResource
0x49d240 OutputDebugStringW
0x49d244 GetTempPathW
0x49d248 GetTempFileNameW
0x49d24c DeviceIoControl
0x49d250 GetLocalTime
0x49d254 CompareStringW
0x49d258 GetCurrentThread
0x49d25c LeaveCriticalSection
0x49d260 GetStdHandle
0x49d264 CreatePipe
0x49d268 InterlockedExchange
0x49d26c TerminateThread
0x49d270 LoadLibraryExW
0x49d274 FindResourceExW
0x49d278 CopyFileW
0x49d27c VirtualFree
0x49d280 FormatMessageW
0x49d284 GetExitCodeProcess
0x49d288 GetPrivateProfileStringW
0x49d28c WritePrivateProfileStringW
0x49d290 GetPrivateProfileSectionW
0x49d294 WritePrivateProfileSectionW
0x49d298 GetPrivateProfileSectionNamesW
0x49d29c FileTimeToLocalFileTime
0x49d2a0 FileTimeToSystemTime
0x49d2a4 SystemTimeToFileTime
0x49d2a8 LocalFileTimeToFileTime
0x49d2ac GetDriveTypeW
0x49d2b0 GetDiskFreeSpaceExW
0x49d2b4 GetDiskFreeSpaceW
0x49d2b8 GetVolumeInformationW
0x49d2bc SetVolumeLabelW
0x49d2c0 CreateHardLinkW
0x49d2c4 SetFileAttributesW
0x49d2c8 CreateEventW
0x49d2cc SetEvent
0x49d2d0 GetEnvironmentVariableW
0x49d2d4 SetEnvironmentVariableW
0x49d2d8 GlobalLock
0x49d2dc GlobalUnlock
0x49d2e0 GlobalAlloc
0x49d2e4 GetFileSize
0x49d2e8 GlobalFree
0x49d2ec GlobalMemoryStatusEx
0x49d2f0 Beep
0x49d2f4 GetSystemDirectoryW
0x49d2f8 HeapReAlloc
0x49d2fc HeapSize
0x49d300 GetComputerNameW
0x49d304 GetWindowsDirectoryW
0x49d308 GetCurrentProcessId
0x49d30c GetProcessIoCounters
0x49d310 CreateProcessW
0x49d314 GetProcessId
0x49d318 SetPriorityClass
0x49d31c LoadLibraryW
0x49d320 VirtualAlloc
0x49d324 GetCurrentDirectoryW
0x49d328 lstrcmpiW
0x49d32c DecodePointer
0x49d330 GetLastError
0x49d334 RaiseException
0x49d338 InitializeCriticalSectionAndSpinCount
0x49d33c DeleteCriticalSection
0x49d340 InterlockedDecrement
0x49d344 InterlockedIncrement
0x49d348 ResetEvent
0x49d34c WaitForSingleObjectEx
0x49d350 IsProcessorFeaturePresent
0x49d354 UnhandledExceptionFilter
0x49d358 SetUnhandledExceptionFilter
0x49d35c GetCurrentProcess
0x49d360 CloseHandle
0x49d364 GetFullPathNameW
0x49d368 EnterCriticalSection
0x49d36c GetStartupInfoW
0x49d370 GetSystemTimeAsFileTime
0x49d374 InitializeSListHead
0x49d378 RtlUnwind
0x49d37c SetLastError
0x49d380 TlsAlloc
0x49d384 TlsGetValue
0x49d388 TlsSetValue
0x49d38c TlsFree
0x49d390 EncodePointer
0x49d394 ExitProcess
0x49d398 GetModuleHandleExW
0x49d39c ExitThread
0x49d3a0 ResumeThread
0x49d3a4 FreeLibraryAndExitThread
0x49d3a8 GetACP
0x49d3ac GetDateFormatW
0x49d3b0 GetTimeFormatW
0x49d3b4 LCMapStringW
0x49d3b8 GetStringTypeW
0x49d3bc GetFileType
0x49d3c0 SetStdHandle
0x49d3c4 GetConsoleCP
0x49d3c8 GetConsoleMode
0x49d3cc ReadConsoleW
0x49d3d0 GetTimeZoneInformation
0x49d3d4 FindFirstFileExW
0x49d3d8 IsValidCodePage
0x49d3dc GetOEMCP
0x49d3e0 GetCPInfo
0x49d3e4 GetCommandLineA
0x49d3e8 GetCommandLineW
0x49d3ec GetEnvironmentStringsW
0x49d3f0 FreeEnvironmentStringsW
0x49d3f4 SetEnvironmentVariableA
0x49d3f8 SetCurrentDirectoryW
0x49d3fc FindNextFileW
0x49d400 WriteConsoleW
USER32.dll
0x49d4dc GetKeyboardLayoutNameW
0x49d4e0 IsCharAlphaW
0x49d4e4 IsCharAlphaNumericW
0x49d4e8 IsCharLowerW
0x49d4ec IsCharUpperW
0x49d4f0 GetMenuStringW
0x49d4f4 GetSubMenu
0x49d4f8 GetCaretPos
0x49d4fc IsZoomed
0x49d500 MonitorFromPoint
0x49d504 GetMonitorInfoW
0x49d508 SetLayeredWindowAttributes
0x49d50c FlashWindow
0x49d510 GetClassLongW
0x49d514 TranslateAcceleratorW
0x49d518 IsDialogMessageW
0x49d51c GetSysColor
0x49d520 InflateRect
0x49d524 DrawFocusRect
0x49d528 DrawTextW
0x49d52c FrameRect
0x49d530 DrawFrameControl
0x49d534 FillRect
0x49d538 PtInRect
0x49d53c DestroyAcceleratorTable
0x49d540 CreateAcceleratorTableW
0x49d544 SetCursor
0x49d548 GetWindowDC
0x49d54c GetSystemMetrics
0x49d550 GetActiveWindow
0x49d554 CharNextW
0x49d558 wsprintfW
0x49d55c RedrawWindow
0x49d560 DrawMenuBar
0x49d564 DestroyMenu
0x49d568 SetMenu
0x49d56c GetWindowTextLengthW
0x49d570 CreateMenu
0x49d574 IsDlgButtonChecked
0x49d578 DefDlgProcW
0x49d57c CallWindowProcW
0x49d580 ReleaseCapture
0x49d584 SetCapture
0x49d588 PeekMessageW
0x49d58c GetInputState
0x49d590 UnregisterHotKey
0x49d594 CharLowerBuffW
0x49d598 MonitorFromRect
0x49d59c LoadImageW
0x49d5a0 mouse_event
0x49d5a4 ExitWindowsEx
0x49d5a8 SetActiveWindow
0x49d5ac FindWindowExW
0x49d5b0 EnumThreadWindows
0x49d5b4 SetMenuDefaultItem
0x49d5b8 InsertMenuItemW
0x49d5bc IsMenu
0x49d5c0 TrackPopupMenuEx
0x49d5c4 ClientToScreen
0x49d5c8 DeleteMenu
0x49d5cc CheckMenuRadioItem
0x49d5d0 GetMenuItemID
0x49d5d4 GetMenuItemCount
0x49d5d8 SetMenuItemInfoW
0x49d5dc GetMenuItemInfoW
0x49d5e0 SetForegroundWindow
0x49d5e4 IsIconic
0x49d5e8 FindWindowW
0x49d5ec SystemParametersInfoW
0x49d5f0 keybd_event
0x49d5f4 LockWindowUpdate
0x49d5f8 GetAsyncKeyState
0x49d5fc SetKeyboardState
0x49d600 GetKeyboardState
0x49d604 GetKeyState
0x49d608 VkKeyScanW
0x49d60c LoadStringW
0x49d610 DialogBoxParamW
0x49d614 MessageBeep
0x49d618 EndDialog
0x49d61c SendDlgItemMessageW
0x49d620 GetDlgItem
0x49d624 SetWindowTextW
0x49d628 CopyRect
0x49d62c ReleaseDC
0x49d630 GetDC
0x49d634 EndPaint
0x49d638 BeginPaint
0x49d63c GetClientRect
0x49d640 GetMenu
0x49d644 DestroyWindow
0x49d648 EnumWindows
0x49d64c GetDesktopWindow
0x49d650 IsWindow
0x49d654 IsWindowEnabled
0x49d658 IsWindowVisible
0x49d65c EnableWindow
0x49d660 InvalidateRect
0x49d664 GetWindowLongW
0x49d668 GetWindowThreadProcessId
0x49d66c AttachThreadInput
0x49d670 GetFocus
0x49d674 GetWindowTextW
0x49d678 ScreenToClient
0x49d67c EnumChildWindows
0x49d680 CharUpperBuffW
0x49d684 GetClassNameW
0x49d688 GetParent
0x49d68c GetDlgCtrlID
0x49d690 MapVirtualKeyW
0x49d694 PostMessageW
0x49d698 GetWindowRect
0x49d69c SetUserObjectSecurity
0x49d6a0 CloseDesktop
0x49d6a4 CloseWindowStation
0x49d6a8 OpenDesktopW
0x49d6ac SetProcessWindowStation
0x49d6b0 GetProcessWindowStation
0x49d6b4 RegisterHotKey
0x49d6b8 GetCursorInfo
0x49d6bc SetWindowPos
0x49d6c0 CopyImage
0x49d6c4 AdjustWindowRectEx
0x49d6c8 SetRect
0x49d6cc SetClipboardData
0x49d6d0 EmptyClipboard
0x49d6d4 CountClipboardFormats
0x49d6d8 CloseClipboard
0x49d6dc GetClipboardData
0x49d6e0 IsClipboardFormatAvailable
0x49d6e4 OpenClipboard
0x49d6e8 BlockInput
0x49d6ec GetCursorPos
0x49d6f0 GetMessageW
0x49d6f4 OpenWindowStationW
0x49d6f8 GetUserObjectSecurity
0x49d6fc MessageBoxW
0x49d700 DefWindowProcW
0x49d704 MoveWindow
0x49d708 SetFocus
0x49d70c PostQuitMessage
0x49d710 KillTimer
0x49d714 CreatePopupMenu
0x49d718 RegisterWindowMessageW
0x49d71c SetTimer
0x49d720 ShowWindow
0x49d724 RegisterClassExW
0x49d728 LoadIconW
0x49d72c LoadCursorW
0x49d730 GetSysColorBrush
0x49d734 GetForegroundWindow
0x49d738 MessageBoxA
0x49d73c DestroyIcon
0x49d740 SetWindowLongW
0x49d744 CreateWindowExW
0x49d748 SendMessageW
0x49d74c DispatchMessageW
0x49d750 SendInput
0x49d754 TranslateMessage
0x49d758 SendMessageTimeoutW
GDI32.dll
0x49d0c4 EndPath
0x49d0c8 DeleteObject
0x49d0cc GetTextExtentPoint32W
0x49d0d0 ExtCreatePen
0x49d0d4 StrokeAndFillPath
0x49d0d8 GetDeviceCaps
0x49d0dc SetPixel
0x49d0e0 CloseFigure
0x49d0e4 LineTo
0x49d0e8 AngleArc
0x49d0ec MoveToEx
0x49d0f0 Ellipse
0x49d0f4 CreateCompatibleBitmap
0x49d0f8 CreateCompatibleDC
0x49d0fc PolyDraw
0x49d100 BeginPath
0x49d104 Rectangle
0x49d108 SetViewportOrgEx
0x49d10c GetObjectW
0x49d110 SetBkMode
0x49d114 RoundRect
0x49d118 SetBkColor
0x49d11c CreatePen
0x49d120 SelectObject
0x49d124 StretchBlt
0x49d128 CreateSolidBrush
0x49d12c SetTextColor
0x49d130 CreateFontW
0x49d134 GetTextFaceW
0x49d138 GetStockObject
0x49d13c CreateDCW
0x49d140 GetPixel
0x49d144 DeleteDC
0x49d148 GetDIBits
0x49d14c StrokePath
COMDLG32.dll
0x49d0b8 GetSaveFileNameW
0x49d0bc GetOpenFileNameW
ADVAPI32.dll
0x49d000 GetAce
0x49d004 RegEnumValueW
0x49d008 RegDeleteValueW
0x49d00c RegDeleteKeyW
0x49d010 RegEnumKeyExW
0x49d014 RegSetValueExW
0x49d018 RegOpenKeyExW
0x49d01c RegCloseKey
0x49d020 RegQueryValueExW
0x49d024 RegConnectRegistryW
0x49d028 InitializeSecurityDescriptor
0x49d02c InitializeAcl
0x49d030 AdjustTokenPrivileges
0x49d034 OpenThreadToken
0x49d038 OpenProcessToken
0x49d03c LookupPrivilegeValueW
0x49d040 DuplicateTokenEx
0x49d044 CreateProcessAsUserW
0x49d048 CreateProcessWithLogonW
0x49d04c GetLengthSid
0x49d050 CopySid
0x49d054 LogonUserW
0x49d058 AllocateAndInitializeSid
0x49d05c CheckTokenMembership
0x49d060 FreeSid
0x49d064 GetTokenInformation
0x49d068 RegCreateKeyExW
0x49d06c GetSecurityDescriptorDacl
0x49d070 GetAclInformation
0x49d074 GetUserNameW
0x49d078 AddAce
0x49d07c SetSecurityDescriptorDacl
0x49d080 InitiateSystemShutdownExW
SHELL32.dll
0x49d49c DragFinish
0x49d4a0 DragQueryPoint
0x49d4a4 ShellExecuteExW
0x49d4a8 DragQueryFileW
0x49d4ac SHEmptyRecycleBinW
0x49d4b0 SHGetPathFromIDListW
0x49d4b4 SHBrowseForFolderW
0x49d4b8 SHCreateShellItem
0x49d4bc SHGetDesktopFolder
0x49d4c0 SHGetSpecialFolderLocation
0x49d4c4 SHGetFolderPathW
0x49d4c8 SHFileOperationW
0x49d4cc ExtractIconExW
0x49d4d0 Shell_NotifyIconW
0x49d4d4 ShellExecuteW
ole32.dll
0x49d838 CoTaskMemAlloc
0x49d83c CoTaskMemFree
0x49d840 CLSIDFromString
0x49d844 ProgIDFromCLSID
0x49d848 CLSIDFromProgID
0x49d84c OleSetMenuDescriptor
0x49d850 MkParseDisplayName
0x49d854 OleSetContainedObject
0x49d858 CoCreateInstance
0x49d85c IIDFromString
0x49d860 StringFromGUID2
0x49d864 CreateStreamOnHGlobal
0x49d868 OleInitialize
0x49d86c OleUninitialize
0x49d870 CoInitialize
0x49d874 CoUninitialize
0x49d878 GetRunningObjectTable
0x49d87c CoGetInstanceFromFile
0x49d880 CoGetObject
0x49d884 CoInitializeSecurity
0x49d888 CoCreateInstanceEx
0x49d88c CoSetProxyBlanket
OLEAUT32.dll
0x49d41c CreateStdDispatch
0x49d420 CreateDispTypeInfo
0x49d424 UnRegisterTypeLib
0x49d428 UnRegisterTypeLibForUser
0x49d42c RegisterTypeLibForUser
0x49d430 RegisterTypeLib
0x49d434 LoadTypeLibEx
0x49d438 VariantCopyInd
0x49d43c SysReAllocString
0x49d440 SysFreeString
0x49d444 VariantChangeType
0x49d448 SafeArrayDestroyData
0x49d44c SafeArrayUnaccessData
0x49d450 SafeArrayAccessData
0x49d454 SafeArrayAllocData
0x49d458 SafeArrayAllocDescriptorEx
0x49d45c SafeArrayCreateVector
0x49d460 SysStringLen
0x49d464 QueryPathOfRegTypeLib
0x49d468 SysAllocString
0x49d46c VariantInit
0x49d470 VariantClear
0x49d474 DispCallFunc
0x49d478 VariantTimeToSystemTime
0x49d47c VarR8FromDec
0x49d480 SafeArrayGetVartype
0x49d484 SafeArrayDestroyDescriptor
0x49d488 VariantCopy
0x49d48c OleLoadPicture
EAT(Export Address Table) is none