ScreenShot
| Created | 2022.02.15 10:15 | Machine | s1_win7_x6402 |
| Filename | PI_nr_784_(REV).exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, GenericRXAA, Unsafe, MalPbs, gen1, ERCS, Injuke, CLOUD, DownLoader44, AGEN, DelfInject, score, Limpopo, MalwareX, EQPQ, grayware, confidence) | ||
| md5 | 4076ff3f80a82af9759475e07a94a808 | ||
| sha256 | e007459a91b9644c7e08d6a9ada1bcbaa3e096eaf358456f38c98603e0526dca | ||
| ssdeep | 12288:FlZjc75hO32cpuG7NVM1/vcDy50eVmZyqGz2PASl0i1K2KtJr:3iz2puG7NVM1/kcVNqGzqFX1KtZ | ||
| imphash | 50e822ed4b7a82a71d116b8c7e2396d5 | ||
| impfuzzy | 192:o13MDbuu0xSUvK9ksoHXEpu7lEksxF1Q8PbOQk:C3m0q9uM31jPbOQk | ||
Network IP location
Signature (38cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a suspicious Powershell process |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more non-whitelisted processes were created |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Connects to a Dynamic DNS Domain |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (36cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (9cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4737c8 SysFreeString
0x4737cc SysReAllocStringLen
0x4737d0 SysAllocStringLen
advapi32.dll
0x4737d8 RegQueryValueExA
0x4737dc RegOpenKeyExA
0x4737e0 RegCloseKey
user32.dll
0x4737e8 GetKeyboardType
0x4737ec DestroyWindow
0x4737f0 LoadStringA
0x4737f4 MessageBoxA
0x4737f8 CharNextA
kernel32.dll
0x473800 GetACP
0x473804 Sleep
0x473808 VirtualFree
0x47380c VirtualAlloc
0x473810 GetCurrentThreadId
0x473814 InterlockedDecrement
0x473818 InterlockedIncrement
0x47381c VirtualQuery
0x473820 WideCharToMultiByte
0x473824 MultiByteToWideChar
0x473828 lstrlenA
0x47382c lstrcpynA
0x473830 LoadLibraryExA
0x473834 GetThreadLocale
0x473838 GetStartupInfoA
0x47383c GetProcAddress
0x473840 GetModuleHandleA
0x473844 GetModuleFileNameA
0x473848 GetLocaleInfoA
0x47384c GetCommandLineA
0x473850 FreeLibrary
0x473854 FindFirstFileA
0x473858 FindClose
0x47385c ExitProcess
0x473860 CompareStringA
0x473864 WriteFile
0x473868 UnhandledExceptionFilter
0x47386c RtlUnwind
0x473870 RaiseException
0x473874 GetStdHandle
kernel32.dll
0x47387c TlsSetValue
0x473880 TlsGetValue
0x473884 LocalAlloc
0x473888 GetModuleHandleA
user32.dll
0x473890 CreateWindowExA
0x473894 WindowFromPoint
0x473898 WaitMessage
0x47389c UpdateWindow
0x4738a0 UnregisterClassA
0x4738a4 UnhookWindowsHookEx
0x4738a8 TranslateMessage
0x4738ac TranslateMDISysAccel
0x4738b0 TrackPopupMenu
0x4738b4 SystemParametersInfoA
0x4738b8 ShowWindow
0x4738bc ShowScrollBar
0x4738c0 ShowOwnedPopups
0x4738c4 SetWindowsHookExA
0x4738c8 SetWindowPos
0x4738cc SetWindowPlacement
0x4738d0 SetWindowLongW
0x4738d4 SetWindowLongA
0x4738d8 SetTimer
0x4738dc SetScrollRange
0x4738e0 SetScrollPos
0x4738e4 SetScrollInfo
0x4738e8 SetRect
0x4738ec SetPropA
0x4738f0 SetParent
0x4738f4 SetMenuItemInfoA
0x4738f8 SetMenu
0x4738fc SetForegroundWindow
0x473900 SetFocus
0x473904 SetCursor
0x473908 SetClassLongA
0x47390c SetCapture
0x473910 SetActiveWindow
0x473914 SendMessageW
0x473918 SendMessageA
0x47391c ScrollWindow
0x473920 ScreenToClient
0x473924 RemovePropA
0x473928 RemoveMenu
0x47392c ReleaseDC
0x473930 ReleaseCapture
0x473934 RegisterWindowMessageA
0x473938 RegisterClipboardFormatA
0x47393c RegisterClassA
0x473940 RedrawWindow
0x473944 PtInRect
0x473948 PostQuitMessage
0x47394c PostMessageA
0x473950 PeekMessageW
0x473954 PeekMessageA
0x473958 OffsetRect
0x47395c OemToCharA
0x473960 MessageBoxA
0x473964 MapWindowPoints
0x473968 MapVirtualKeyA
0x47396c LoadStringA
0x473970 LoadKeyboardLayoutA
0x473974 LoadIconA
0x473978 LoadCursorA
0x47397c LoadBitmapA
0x473980 KillTimer
0x473984 IsZoomed
0x473988 IsWindowVisible
0x47398c IsWindowUnicode
0x473990 IsWindowEnabled
0x473994 IsWindow
0x473998 IsRectEmpty
0x47399c IsIconic
0x4739a0 IsDialogMessageW
0x4739a4 IsDialogMessageA
0x4739a8 IsChild
0x4739ac InvalidateRect
0x4739b0 IntersectRect
0x4739b4 InsertMenuItemA
0x4739b8 InsertMenuA
0x4739bc InflateRect
0x4739c0 GetWindowThreadProcessId
0x4739c4 GetWindowTextA
0x4739c8 GetWindowRect
0x4739cc GetWindowPlacement
0x4739d0 GetWindowLongW
0x4739d4 GetWindowLongA
0x4739d8 GetWindowDC
0x4739dc GetTopWindow
0x4739e0 GetSystemMetrics
0x4739e4 GetSystemMenu
0x4739e8 GetSysColorBrush
0x4739ec GetSysColor
0x4739f0 GetSubMenu
0x4739f4 GetScrollRange
0x4739f8 GetScrollPos
0x4739fc GetScrollInfo
0x473a00 GetPropA
0x473a04 GetParent
0x473a08 GetWindow
0x473a0c GetMessageTime
0x473a10 GetMessagePos
0x473a14 GetMenuStringA
0x473a18 GetMenuState
0x473a1c GetMenuItemInfoA
0x473a20 GetMenuItemID
0x473a24 GetMenuItemCount
0x473a28 GetMenu
0x473a2c GetLastActivePopup
0x473a30 GetKeyboardState
0x473a34 GetKeyboardLayoutNameA
0x473a38 GetKeyboardLayoutList
0x473a3c GetKeyboardLayout
0x473a40 GetKeyState
0x473a44 GetKeyNameTextA
0x473a48 GetIconInfo
0x473a4c GetForegroundWindow
0x473a50 GetFocus
0x473a54 GetDesktopWindow
0x473a58 GetDCEx
0x473a5c GetDC
0x473a60 GetCursorPos
0x473a64 GetCursor
0x473a68 GetClipboardData
0x473a6c GetClientRect
0x473a70 GetClassLongA
0x473a74 GetClassInfoA
0x473a78 GetCapture
0x473a7c GetActiveWindow
0x473a80 FrameRect
0x473a84 FindWindowA
0x473a88 FillRect
0x473a8c EqualRect
0x473a90 EnumWindows
0x473a94 EnumThreadWindows
0x473a98 EnumChildWindows
0x473a9c EndPaint
0x473aa0 EnableWindow
0x473aa4 EnableScrollBar
0x473aa8 EnableMenuItem
0x473aac DrawTextA
0x473ab0 DrawMenuBar
0x473ab4 DrawIconEx
0x473ab8 DrawIcon
0x473abc DrawFrameControl
0x473ac0 DrawEdge
0x473ac4 DispatchMessageW
0x473ac8 DispatchMessageA
0x473acc DestroyWindow
0x473ad0 DestroyMenu
0x473ad4 DestroyIcon
0x473ad8 DestroyCursor
0x473adc DeleteMenu
0x473ae0 DefWindowProcA
0x473ae4 DefMDIChildProcA
0x473ae8 DefFrameProcA
0x473aec CreatePopupMenu
0x473af0 CreateMenu
0x473af4 CreateIcon
0x473af8 ClientToScreen
0x473afc CheckMenuItem
0x473b00 CharNextW
0x473b04 CallWindowProcA
0x473b08 CallNextHookEx
0x473b0c BeginPaint
0x473b10 CharNextA
0x473b14 CharLowerBuffA
0x473b18 CharLowerA
0x473b1c CharUpperBuffA
0x473b20 CharToOemA
0x473b24 AdjustWindowRectEx
0x473b28 ActivateKeyboardLayout
gdi32.dll
0x473b30 UnrealizeObject
0x473b34 StretchBlt
0x473b38 SetWindowOrgEx
0x473b3c SetWinMetaFileBits
0x473b40 SetViewportOrgEx
0x473b44 SetTextColor
0x473b48 SetStretchBltMode
0x473b4c SetROP2
0x473b50 SetPixel
0x473b54 SetMapMode
0x473b58 SetEnhMetaFileBits
0x473b5c SetDIBColorTable
0x473b60 SetBrushOrgEx
0x473b64 SetBkMode
0x473b68 SetBkColor
0x473b6c SelectPalette
0x473b70 SelectObject
0x473b74 SaveDC
0x473b78 RestoreDC
0x473b7c RectVisible
0x473b80 RealizePalette
0x473b84 PlayEnhMetaFile
0x473b88 PatBlt
0x473b8c MoveToEx
0x473b90 MaskBlt
0x473b94 LineTo
0x473b98 LPtoDP
0x473b9c IntersectClipRect
0x473ba0 GetWindowOrgEx
0x473ba4 GetWinMetaFileBits
0x473ba8 GetTextMetricsA
0x473bac GetTextExtentPoint32A
0x473bb0 GetTextAlign
0x473bb4 GetSystemPaletteEntries
0x473bb8 GetStockObject
0x473bbc GetRgnBox
0x473bc0 GetPixel
0x473bc4 GetPaletteEntries
0x473bc8 GetObjectA
0x473bcc GetEnhMetaFilePaletteEntries
0x473bd0 GetEnhMetaFileHeader
0x473bd4 GetEnhMetaFileDescriptionA
0x473bd8 GetEnhMetaFileBits
0x473bdc GetDeviceCaps
0x473be0 GetDIBits
0x473be4 GetDIBColorTable
0x473be8 GetDCOrgEx
0x473bec GetDCPenColor
0x473bf0 GetCurrentPositionEx
0x473bf4 GetClipBox
0x473bf8 GetBrushOrgEx
0x473bfc GetBkMode
0x473c00 GetBitmapBits
0x473c04 ExcludeClipRect
0x473c08 DeleteObject
0x473c0c DeleteEnhMetaFile
0x473c10 DeleteDC
0x473c14 CreateSolidBrush
0x473c18 CreatePenIndirect
0x473c1c CreatePalette
0x473c20 CreateHalftonePalette
0x473c24 CreateFontIndirectA
0x473c28 CreateEnhMetaFileA
0x473c2c CreateDIBitmap
0x473c30 CreateDIBSection
0x473c34 CreateCompatibleDC
0x473c38 CreateCompatibleBitmap
0x473c3c CreateBrushIndirect
0x473c40 CreateBitmap
0x473c44 CopyEnhMetaFileA
0x473c48 CloseEnhMetaFile
0x473c4c BitBlt
version.dll
0x473c54 VerQueryValueA
0x473c58 GetFileVersionInfoSizeA
0x473c5c GetFileVersionInfoA
kernel32.dll
0x473c64 lstrcpyA
0x473c68 WriteFile
0x473c6c WaitForSingleObject
0x473c70 VirtualQuery
0x473c74 VirtualProtect
0x473c78 VirtualAlloc
0x473c7c SizeofResource
0x473c80 SetThreadLocale
0x473c84 SetFilePointer
0x473c88 SetEvent
0x473c8c SetErrorMode
0x473c90 SetEndOfFile
0x473c94 ResetEvent
0x473c98 ReadFile
0x473c9c MultiByteToWideChar
0x473ca0 MulDiv
0x473ca4 LockResource
0x473ca8 LoadResource
0x473cac LoadLibraryA
0x473cb0 LeaveCriticalSection
0x473cb4 InitializeCriticalSection
0x473cb8 GlobalUnlock
0x473cbc GlobalSize
0x473cc0 GlobalLock
0x473cc4 GlobalFree
0x473cc8 GlobalFindAtomA
0x473ccc GlobalDeleteAtom
0x473cd0 GlobalAlloc
0x473cd4 GlobalAddAtomA
0x473cd8 GetVersionExA
0x473cdc GetVersion
0x473ce0 GetUserDefaultLCID
0x473ce4 GetTickCount
0x473ce8 GetThreadLocale
0x473cec GetStdHandle
0x473cf0 GetProcAddress
0x473cf4 GetModuleHandleA
0x473cf8 GetModuleFileNameA
0x473cfc GetLocaleInfoA
0x473d00 GetLocalTime
0x473d04 GetLastError
0x473d08 GetFullPathNameA
0x473d0c GetDriveTypeA
0x473d10 GetDiskFreeSpaceA
0x473d14 GetDateFormatA
0x473d18 GetCurrentThreadId
0x473d1c GetCurrentProcessId
0x473d20 GetComputerNameA
0x473d24 GetCPInfo
0x473d28 FreeResource
0x473d2c InterlockedExchange
0x473d30 FreeLibrary
0x473d34 FormatMessageA
0x473d38 FindResourceA
0x473d3c EnumCalendarInfoA
0x473d40 EnterCriticalSection
0x473d44 DeleteCriticalSection
0x473d48 CreateThread
0x473d4c CreateFileA
0x473d50 CreateEventA
0x473d54 CompareStringA
0x473d58 CloseHandle
0x473d5c AddAtomW
advapi32.dll
0x473d64 RegQueryValueExA
0x473d68 RegOpenKeyExA
0x473d6c RegFlushKey
0x473d70 RegCloseKey
oleaut32.dll
0x473d78 GetErrorInfo
0x473d7c GetActiveObject
0x473d80 SysFreeString
ole32.dll
0x473d88 CreateStreamOnHGlobal
0x473d8c IsAccelerator
0x473d90 OleDraw
0x473d94 OleSetMenuDescriptor
0x473d98 CoTaskMemFree
0x473d9c ProgIDFromCLSID
0x473da0 StringFromCLSID
0x473da4 CoCreateInstance
0x473da8 CoGetClassObject
0x473dac CoUninitialize
0x473db0 CoInitialize
0x473db4 IsEqualGUID
kernel32.dll
0x473dbc Sleep
oleaut32.dll
0x473dc4 SafeArrayPtrOfIndex
0x473dc8 SafeArrayPutElement
0x473dcc SafeArrayGetElement
0x473dd0 SafeArrayUnaccessData
0x473dd4 SafeArrayAccessData
0x473dd8 SafeArrayGetUBound
0x473ddc SafeArrayGetLBound
0x473de0 SafeArrayCreate
0x473de4 VariantChangeType
0x473de8 VariantCopyInd
0x473dec VariantCopy
0x473df0 VariantClear
0x473df4 VariantInit
comctl32.dll
0x473dfc _TrackMouseEvent
0x473e00 ImageList_SetIconSize
0x473e04 ImageList_GetIconSize
0x473e08 ImageList_Write
0x473e0c ImageList_Read
0x473e10 ImageList_DragShowNolock
0x473e14 ImageList_DragMove
0x473e18 ImageList_DragLeave
0x473e1c ImageList_DragEnter
0x473e20 ImageList_EndDrag
0x473e24 ImageList_BeginDrag
0x473e28 ImageList_Remove
0x473e2c ImageList_DrawEx
0x473e30 ImageList_Draw
0x473e34 ImageList_GetBkColor
0x473e38 ImageList_SetBkColor
0x473e3c ImageList_Add
0x473e40 ImageList_GetImageCount
0x473e44 ImageList_Destroy
0x473e48 ImageList_Create
EAT(Export Address Table) is none
oleaut32.dll
0x4737c8 SysFreeString
0x4737cc SysReAllocStringLen
0x4737d0 SysAllocStringLen
advapi32.dll
0x4737d8 RegQueryValueExA
0x4737dc RegOpenKeyExA
0x4737e0 RegCloseKey
user32.dll
0x4737e8 GetKeyboardType
0x4737ec DestroyWindow
0x4737f0 LoadStringA
0x4737f4 MessageBoxA
0x4737f8 CharNextA
kernel32.dll
0x473800 GetACP
0x473804 Sleep
0x473808 VirtualFree
0x47380c VirtualAlloc
0x473810 GetCurrentThreadId
0x473814 InterlockedDecrement
0x473818 InterlockedIncrement
0x47381c VirtualQuery
0x473820 WideCharToMultiByte
0x473824 MultiByteToWideChar
0x473828 lstrlenA
0x47382c lstrcpynA
0x473830 LoadLibraryExA
0x473834 GetThreadLocale
0x473838 GetStartupInfoA
0x47383c GetProcAddress
0x473840 GetModuleHandleA
0x473844 GetModuleFileNameA
0x473848 GetLocaleInfoA
0x47384c GetCommandLineA
0x473850 FreeLibrary
0x473854 FindFirstFileA
0x473858 FindClose
0x47385c ExitProcess
0x473860 CompareStringA
0x473864 WriteFile
0x473868 UnhandledExceptionFilter
0x47386c RtlUnwind
0x473870 RaiseException
0x473874 GetStdHandle
kernel32.dll
0x47387c TlsSetValue
0x473880 TlsGetValue
0x473884 LocalAlloc
0x473888 GetModuleHandleA
user32.dll
0x473890 CreateWindowExA
0x473894 WindowFromPoint
0x473898 WaitMessage
0x47389c UpdateWindow
0x4738a0 UnregisterClassA
0x4738a4 UnhookWindowsHookEx
0x4738a8 TranslateMessage
0x4738ac TranslateMDISysAccel
0x4738b0 TrackPopupMenu
0x4738b4 SystemParametersInfoA
0x4738b8 ShowWindow
0x4738bc ShowScrollBar
0x4738c0 ShowOwnedPopups
0x4738c4 SetWindowsHookExA
0x4738c8 SetWindowPos
0x4738cc SetWindowPlacement
0x4738d0 SetWindowLongW
0x4738d4 SetWindowLongA
0x4738d8 SetTimer
0x4738dc SetScrollRange
0x4738e0 SetScrollPos
0x4738e4 SetScrollInfo
0x4738e8 SetRect
0x4738ec SetPropA
0x4738f0 SetParent
0x4738f4 SetMenuItemInfoA
0x4738f8 SetMenu
0x4738fc SetForegroundWindow
0x473900 SetFocus
0x473904 SetCursor
0x473908 SetClassLongA
0x47390c SetCapture
0x473910 SetActiveWindow
0x473914 SendMessageW
0x473918 SendMessageA
0x47391c ScrollWindow
0x473920 ScreenToClient
0x473924 RemovePropA
0x473928 RemoveMenu
0x47392c ReleaseDC
0x473930 ReleaseCapture
0x473934 RegisterWindowMessageA
0x473938 RegisterClipboardFormatA
0x47393c RegisterClassA
0x473940 RedrawWindow
0x473944 PtInRect
0x473948 PostQuitMessage
0x47394c PostMessageA
0x473950 PeekMessageW
0x473954 PeekMessageA
0x473958 OffsetRect
0x47395c OemToCharA
0x473960 MessageBoxA
0x473964 MapWindowPoints
0x473968 MapVirtualKeyA
0x47396c LoadStringA
0x473970 LoadKeyboardLayoutA
0x473974 LoadIconA
0x473978 LoadCursorA
0x47397c LoadBitmapA
0x473980 KillTimer
0x473984 IsZoomed
0x473988 IsWindowVisible
0x47398c IsWindowUnicode
0x473990 IsWindowEnabled
0x473994 IsWindow
0x473998 IsRectEmpty
0x47399c IsIconic
0x4739a0 IsDialogMessageW
0x4739a4 IsDialogMessageA
0x4739a8 IsChild
0x4739ac InvalidateRect
0x4739b0 IntersectRect
0x4739b4 InsertMenuItemA
0x4739b8 InsertMenuA
0x4739bc InflateRect
0x4739c0 GetWindowThreadProcessId
0x4739c4 GetWindowTextA
0x4739c8 GetWindowRect
0x4739cc GetWindowPlacement
0x4739d0 GetWindowLongW
0x4739d4 GetWindowLongA
0x4739d8 GetWindowDC
0x4739dc GetTopWindow
0x4739e0 GetSystemMetrics
0x4739e4 GetSystemMenu
0x4739e8 GetSysColorBrush
0x4739ec GetSysColor
0x4739f0 GetSubMenu
0x4739f4 GetScrollRange
0x4739f8 GetScrollPos
0x4739fc GetScrollInfo
0x473a00 GetPropA
0x473a04 GetParent
0x473a08 GetWindow
0x473a0c GetMessageTime
0x473a10 GetMessagePos
0x473a14 GetMenuStringA
0x473a18 GetMenuState
0x473a1c GetMenuItemInfoA
0x473a20 GetMenuItemID
0x473a24 GetMenuItemCount
0x473a28 GetMenu
0x473a2c GetLastActivePopup
0x473a30 GetKeyboardState
0x473a34 GetKeyboardLayoutNameA
0x473a38 GetKeyboardLayoutList
0x473a3c GetKeyboardLayout
0x473a40 GetKeyState
0x473a44 GetKeyNameTextA
0x473a48 GetIconInfo
0x473a4c GetForegroundWindow
0x473a50 GetFocus
0x473a54 GetDesktopWindow
0x473a58 GetDCEx
0x473a5c GetDC
0x473a60 GetCursorPos
0x473a64 GetCursor
0x473a68 GetClipboardData
0x473a6c GetClientRect
0x473a70 GetClassLongA
0x473a74 GetClassInfoA
0x473a78 GetCapture
0x473a7c GetActiveWindow
0x473a80 FrameRect
0x473a84 FindWindowA
0x473a88 FillRect
0x473a8c EqualRect
0x473a90 EnumWindows
0x473a94 EnumThreadWindows
0x473a98 EnumChildWindows
0x473a9c EndPaint
0x473aa0 EnableWindow
0x473aa4 EnableScrollBar
0x473aa8 EnableMenuItem
0x473aac DrawTextA
0x473ab0 DrawMenuBar
0x473ab4 DrawIconEx
0x473ab8 DrawIcon
0x473abc DrawFrameControl
0x473ac0 DrawEdge
0x473ac4 DispatchMessageW
0x473ac8 DispatchMessageA
0x473acc DestroyWindow
0x473ad0 DestroyMenu
0x473ad4 DestroyIcon
0x473ad8 DestroyCursor
0x473adc DeleteMenu
0x473ae0 DefWindowProcA
0x473ae4 DefMDIChildProcA
0x473ae8 DefFrameProcA
0x473aec CreatePopupMenu
0x473af0 CreateMenu
0x473af4 CreateIcon
0x473af8 ClientToScreen
0x473afc CheckMenuItem
0x473b00 CharNextW
0x473b04 CallWindowProcA
0x473b08 CallNextHookEx
0x473b0c BeginPaint
0x473b10 CharNextA
0x473b14 CharLowerBuffA
0x473b18 CharLowerA
0x473b1c CharUpperBuffA
0x473b20 CharToOemA
0x473b24 AdjustWindowRectEx
0x473b28 ActivateKeyboardLayout
gdi32.dll
0x473b30 UnrealizeObject
0x473b34 StretchBlt
0x473b38 SetWindowOrgEx
0x473b3c SetWinMetaFileBits
0x473b40 SetViewportOrgEx
0x473b44 SetTextColor
0x473b48 SetStretchBltMode
0x473b4c SetROP2
0x473b50 SetPixel
0x473b54 SetMapMode
0x473b58 SetEnhMetaFileBits
0x473b5c SetDIBColorTable
0x473b60 SetBrushOrgEx
0x473b64 SetBkMode
0x473b68 SetBkColor
0x473b6c SelectPalette
0x473b70 SelectObject
0x473b74 SaveDC
0x473b78 RestoreDC
0x473b7c RectVisible
0x473b80 RealizePalette
0x473b84 PlayEnhMetaFile
0x473b88 PatBlt
0x473b8c MoveToEx
0x473b90 MaskBlt
0x473b94 LineTo
0x473b98 LPtoDP
0x473b9c IntersectClipRect
0x473ba0 GetWindowOrgEx
0x473ba4 GetWinMetaFileBits
0x473ba8 GetTextMetricsA
0x473bac GetTextExtentPoint32A
0x473bb0 GetTextAlign
0x473bb4 GetSystemPaletteEntries
0x473bb8 GetStockObject
0x473bbc GetRgnBox
0x473bc0 GetPixel
0x473bc4 GetPaletteEntries
0x473bc8 GetObjectA
0x473bcc GetEnhMetaFilePaletteEntries
0x473bd0 GetEnhMetaFileHeader
0x473bd4 GetEnhMetaFileDescriptionA
0x473bd8 GetEnhMetaFileBits
0x473bdc GetDeviceCaps
0x473be0 GetDIBits
0x473be4 GetDIBColorTable
0x473be8 GetDCOrgEx
0x473bec GetDCPenColor
0x473bf0 GetCurrentPositionEx
0x473bf4 GetClipBox
0x473bf8 GetBrushOrgEx
0x473bfc GetBkMode
0x473c00 GetBitmapBits
0x473c04 ExcludeClipRect
0x473c08 DeleteObject
0x473c0c DeleteEnhMetaFile
0x473c10 DeleteDC
0x473c14 CreateSolidBrush
0x473c18 CreatePenIndirect
0x473c1c CreatePalette
0x473c20 CreateHalftonePalette
0x473c24 CreateFontIndirectA
0x473c28 CreateEnhMetaFileA
0x473c2c CreateDIBitmap
0x473c30 CreateDIBSection
0x473c34 CreateCompatibleDC
0x473c38 CreateCompatibleBitmap
0x473c3c CreateBrushIndirect
0x473c40 CreateBitmap
0x473c44 CopyEnhMetaFileA
0x473c48 CloseEnhMetaFile
0x473c4c BitBlt
version.dll
0x473c54 VerQueryValueA
0x473c58 GetFileVersionInfoSizeA
0x473c5c GetFileVersionInfoA
kernel32.dll
0x473c64 lstrcpyA
0x473c68 WriteFile
0x473c6c WaitForSingleObject
0x473c70 VirtualQuery
0x473c74 VirtualProtect
0x473c78 VirtualAlloc
0x473c7c SizeofResource
0x473c80 SetThreadLocale
0x473c84 SetFilePointer
0x473c88 SetEvent
0x473c8c SetErrorMode
0x473c90 SetEndOfFile
0x473c94 ResetEvent
0x473c98 ReadFile
0x473c9c MultiByteToWideChar
0x473ca0 MulDiv
0x473ca4 LockResource
0x473ca8 LoadResource
0x473cac LoadLibraryA
0x473cb0 LeaveCriticalSection
0x473cb4 InitializeCriticalSection
0x473cb8 GlobalUnlock
0x473cbc GlobalSize
0x473cc0 GlobalLock
0x473cc4 GlobalFree
0x473cc8 GlobalFindAtomA
0x473ccc GlobalDeleteAtom
0x473cd0 GlobalAlloc
0x473cd4 GlobalAddAtomA
0x473cd8 GetVersionExA
0x473cdc GetVersion
0x473ce0 GetUserDefaultLCID
0x473ce4 GetTickCount
0x473ce8 GetThreadLocale
0x473cec GetStdHandle
0x473cf0 GetProcAddress
0x473cf4 GetModuleHandleA
0x473cf8 GetModuleFileNameA
0x473cfc GetLocaleInfoA
0x473d00 GetLocalTime
0x473d04 GetLastError
0x473d08 GetFullPathNameA
0x473d0c GetDriveTypeA
0x473d10 GetDiskFreeSpaceA
0x473d14 GetDateFormatA
0x473d18 GetCurrentThreadId
0x473d1c GetCurrentProcessId
0x473d20 GetComputerNameA
0x473d24 GetCPInfo
0x473d28 FreeResource
0x473d2c InterlockedExchange
0x473d30 FreeLibrary
0x473d34 FormatMessageA
0x473d38 FindResourceA
0x473d3c EnumCalendarInfoA
0x473d40 EnterCriticalSection
0x473d44 DeleteCriticalSection
0x473d48 CreateThread
0x473d4c CreateFileA
0x473d50 CreateEventA
0x473d54 CompareStringA
0x473d58 CloseHandle
0x473d5c AddAtomW
advapi32.dll
0x473d64 RegQueryValueExA
0x473d68 RegOpenKeyExA
0x473d6c RegFlushKey
0x473d70 RegCloseKey
oleaut32.dll
0x473d78 GetErrorInfo
0x473d7c GetActiveObject
0x473d80 SysFreeString
ole32.dll
0x473d88 CreateStreamOnHGlobal
0x473d8c IsAccelerator
0x473d90 OleDraw
0x473d94 OleSetMenuDescriptor
0x473d98 CoTaskMemFree
0x473d9c ProgIDFromCLSID
0x473da0 StringFromCLSID
0x473da4 CoCreateInstance
0x473da8 CoGetClassObject
0x473dac CoUninitialize
0x473db0 CoInitialize
0x473db4 IsEqualGUID
kernel32.dll
0x473dbc Sleep
oleaut32.dll
0x473dc4 SafeArrayPtrOfIndex
0x473dc8 SafeArrayPutElement
0x473dcc SafeArrayGetElement
0x473dd0 SafeArrayUnaccessData
0x473dd4 SafeArrayAccessData
0x473dd8 SafeArrayGetUBound
0x473ddc SafeArrayGetLBound
0x473de0 SafeArrayCreate
0x473de4 VariantChangeType
0x473de8 VariantCopyInd
0x473dec VariantCopy
0x473df0 VariantClear
0x473df4 VariantInit
comctl32.dll
0x473dfc _TrackMouseEvent
0x473e00 ImageList_SetIconSize
0x473e04 ImageList_GetIconSize
0x473e08 ImageList_Write
0x473e0c ImageList_Read
0x473e10 ImageList_DragShowNolock
0x473e14 ImageList_DragMove
0x473e18 ImageList_DragLeave
0x473e1c ImageList_DragEnter
0x473e20 ImageList_EndDrag
0x473e24 ImageList_BeginDrag
0x473e28 ImageList_Remove
0x473e2c ImageList_DrawEx
0x473e30 ImageList_Draw
0x473e34 ImageList_GetBkColor
0x473e38 ImageList_SetBkColor
0x473e3c ImageList_Add
0x473e40 ImageList_GetImageCount
0x473e44 ImageList_Destroy
0x473e48 ImageList_Create
EAT(Export Address Table) is none