ScreenShot
| Created | 2022.03.15 07:43 | Machine | s1_win7_x6401 |
| Filename | CgaqeucmpVT2NEK | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 3 detected (Emotet, ASCommon, YzY0OtXzuj+YLOXT) | ||
| md5 | 32c4ed423934e6bbca0a76499636a8e5 | ||
| sha256 | bfd240c837c88172fcd7c4bab321afef63abf938e742ccec1eec4e1d9ae9db11 | ||
| ssdeep | 12288:x5Vo9Kjtm2aVFyuI7/URXPDMS57jcjdk11WGJUThK6zJiwdkCuKeTO7FPWEF:xkZVFyRs/DVtg6PWeUNKukwruKGGPWE | ||
| imphash | 2a986943d8440d2f00f13ad10b553808 | ||
| impfuzzy | 96:JEI5GnLro142teSauZbw4SE4yAGbpJDEucTcRcL/rVbQP1:tuuZ04SE4ynbEucTcRcrxQP1 | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Expresses interest in specific running processes |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (9cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 12
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 12
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1008e108 HeapSize
0x1008e10c VirtualFree
0x1008e110 VirtualAlloc
0x1008e114 HeapCreate
0x1008e118 HeapDestroy
0x1008e11c GetStdHandle
0x1008e120 GetModuleFileNameA
0x1008e124 GetCPInfo
0x1008e128 GetACP
0x1008e12c GetOEMCP
0x1008e130 IsValidCodePage
0x1008e134 LCMapStringW
0x1008e138 GetConsoleCP
0x1008e13c GetConsoleMode
0x1008e140 SetHandleCount
0x1008e144 GetFileType
0x1008e148 GetStartupInfoA
0x1008e14c FreeEnvironmentStringsA
0x1008e150 GetEnvironmentStrings
0x1008e154 Sleep
0x1008e158 GetEnvironmentStringsW
0x1008e15c QueryPerformanceCounter
0x1008e160 GetSystemTimeAsFileTime
0x1008e164 InitializeCriticalSectionAndSpinCount
0x1008e168 LCMapStringA
0x1008e16c GetStringTypeA
0x1008e170 GetStringTypeW
0x1008e174 GetLocaleInfoA
0x1008e178 WriteConsoleA
0x1008e17c GetConsoleOutputCP
0x1008e180 WriteConsoleW
0x1008e184 SetStdHandle
0x1008e188 GetProcessHeap
0x1008e18c CreateFileA
0x1008e190 HeapReAlloc
0x1008e194 RaiseException
0x1008e198 RtlUnwind
0x1008e19c GetCommandLineA
0x1008e1a0 IsDebuggerPresent
0x1008e1a4 SetUnhandledExceptionFilter
0x1008e1a8 UnhandledExceptionFilter
0x1008e1ac TerminateProcess
0x1008e1b0 HeapFree
0x1008e1b4 HeapAlloc
0x1008e1b8 GetCurrentProcess
0x1008e1bc SetEndOfFile
0x1008e1c0 FlushFileBuffers
0x1008e1c4 SetFilePointer
0x1008e1c8 WritePrivateProfileStringW
0x1008e1cc GlobalFlags
0x1008e1d0 TlsFree
0x1008e1d4 DeleteCriticalSection
0x1008e1d8 LocalReAlloc
0x1008e1dc TlsSetValue
0x1008e1e0 TlsAlloc
0x1008e1e4 InitializeCriticalSection
0x1008e1e8 GlobalHandle
0x1008e1ec GlobalReAlloc
0x1008e1f0 EnterCriticalSection
0x1008e1f4 TlsGetValue
0x1008e1f8 LeaveCriticalSection
0x1008e1fc InterlockedIncrement
0x1008e200 GetCurrentThread
0x1008e204 ConvertDefaultLocale
0x1008e208 EnumResourceLanguagesW
0x1008e20c GetLocaleInfoW
0x1008e210 InterlockedExchange
0x1008e214 lstrlenA
0x1008e218 lstrcmpA
0x1008e21c InterlockedDecrement
0x1008e220 GetCurrentProcessId
0x1008e224 GetModuleHandleA
0x1008e228 GetCurrentThreadId
0x1008e22c GlobalAddAtomW
0x1008e230 GlobalFindAtomW
0x1008e234 GlobalDeleteAtom
0x1008e238 GetVersionExW
0x1008e23c CompareStringW
0x1008e240 LoadLibraryA
0x1008e244 lstrcmpW
0x1008e248 GetVersionExA
0x1008e24c FreeResource
0x1008e250 GlobalFree
0x1008e254 FormatMessageW
0x1008e258 LocalUnlock
0x1008e25c LocalFree
0x1008e260 LocalLock
0x1008e264 LocalAlloc
0x1008e268 GetModuleFileNameW
0x1008e26c ReadFile
0x1008e270 GetTickCount
0x1008e274 lstrcmpiW
0x1008e278 GetWindowsDirectoryW
0x1008e27c lstrcpyW
0x1008e280 WideCharToMultiByte
0x1008e284 WinExec
0x1008e288 lstrlenW
0x1008e28c lstrcatW
0x1008e290 FreeLibrary
0x1008e294 LoadLibraryExW
0x1008e298 ExitProcess
0x1008e29c MulDiv
0x1008e2a0 GetProcAddress
0x1008e2a4 GetModuleHandleW
0x1008e2a8 LoadLibraryW
0x1008e2ac GetLastError
0x1008e2b0 SetLastError
0x1008e2b4 GlobalAlloc
0x1008e2b8 GlobalUnlock
0x1008e2bc MultiByteToWideChar
0x1008e2c0 GlobalLock
0x1008e2c4 CloseHandle
0x1008e2c8 WriteFile
0x1008e2cc CreateFileW
0x1008e2d0 FindResourceW
0x1008e2d4 LoadResource
0x1008e2d8 LockResource
0x1008e2dc FreeEnvironmentStringsW
0x1008e2e0 SizeofResource
USER32.dll
0x1008e308 DestroyMenu
0x1008e30c GetSysColorBrush
0x1008e310 SetMenuItemBitmaps
0x1008e314 GetMenuCheckMarkDimensions
0x1008e318 LoadBitmapW
0x1008e31c ModifyMenuW
0x1008e320 CheckMenuItem
0x1008e324 SendDlgItemMessageW
0x1008e328 SendDlgItemMessageA
0x1008e32c GetCapture
0x1008e330 SetWindowsHookExW
0x1008e334 CallNextHookEx
0x1008e338 GetClassLongW
0x1008e33c SetPropW
0x1008e340 GetPropW
0x1008e344 RemovePropW
0x1008e348 GetFocus
0x1008e34c GetForegroundWindow
0x1008e350 GetTopWindow
0x1008e354 UnhookWindowsHookEx
0x1008e358 GetMessageTime
0x1008e35c PeekMessageW
0x1008e360 MapWindowPoints
0x1008e364 TrackPopupMenu
0x1008e368 SetMenu
0x1008e36c GetClassInfoExW
0x1008e370 RegisterClassW
0x1008e374 AdjustWindowRectEx
0x1008e378 GetDlgCtrlID
0x1008e37c CallWindowProcW
0x1008e380 GetMenu
0x1008e384 SystemParametersInfoA
0x1008e388 GetWindowPlacement
0x1008e38c GetWindowTextLengthW
0x1008e390 GetScrollPos
0x1008e394 SetScrollPos
0x1008e398 GetWindow
0x1008e39c GetDesktopWindow
0x1008e3a0 CreateDialogIndirectParamW
0x1008e3a4 DestroyWindow
0x1008e3a8 GetNextDlgTabItem
0x1008e3ac DialogBoxIndirectParamW
0x1008e3b0 EndDialog
0x1008e3b4 SetWindowTextW
0x1008e3b8 MoveWindow
0x1008e3bc SetForegroundWindow
0x1008e3c0 SetWindowPos
0x1008e3c4 SetFocus
0x1008e3c8 CheckDlgButton
0x1008e3cc EnableMenuItem
0x1008e3d0 GetDlgItem
0x1008e3d4 GetDialogBaseUnits
0x1008e3d8 EndPaint
0x1008e3dc BeginPaint
0x1008e3e0 MessageBoxW
0x1008e3e4 GetLastActivePopup
0x1008e3e8 GetActiveWindow
0x1008e3ec GetSubMenu
0x1008e3f0 LoadMenuW
0x1008e3f4 MessageBeep
0x1008e3f8 SetWindowLongW
0x1008e3fc TranslateAcceleratorW
0x1008e400 CreatePopupMenu
0x1008e404 IsIconic
0x1008e408 AppendMenuW
0x1008e40c GetSystemMenu
0x1008e410 LoadAcceleratorsW
0x1008e414 LoadIconW
0x1008e418 UpdateWindow
0x1008e41c DispatchMessageW
0x1008e420 TranslateMessage
0x1008e424 GetKeyState
0x1008e428 DrawTextW
0x1008e42c WindowFromDC
0x1008e430 IsWindowVisible
0x1008e434 InvalidateRect
0x1008e438 ReleaseCapture
0x1008e43c GetMessagePos
0x1008e440 SetCapture
0x1008e444 FrameRect
0x1008e448 DrawEdge
0x1008e44c InflateRect
0x1008e450 DrawFocusRect
0x1008e454 RedrawWindow
0x1008e458 DrawIcon
0x1008e45c GetClientRect
0x1008e460 GetAsyncKeyState
0x1008e464 GetMenuState
0x1008e468 GetMenuItemID
0x1008e46c GetMenuItemCount
0x1008e470 CopyRect
0x1008e474 PtInRect
0x1008e478 GetWindowTextW
0x1008e47c GetWindowLongW
0x1008e480 IsWindowEnabled
0x1008e484 ChildWindowFromPoint
0x1008e488 GetParent
0x1008e48c ClientToScreen
0x1008e490 WindowFromPoint
0x1008e494 GetMessageW
0x1008e498 ValidateRect
0x1008e49c PostQuitMessage
0x1008e4a0 GetWindowThreadProcessId
0x1008e4a4 GetWindowDC
0x1008e4a8 GrayStringW
0x1008e4ac SetWindowRgn
0x1008e4b0 OffsetRect
0x1008e4b4 SetRect
0x1008e4b8 SetTimer
0x1008e4bc EqualRect
0x1008e4c0 KillTimer
0x1008e4c4 DrawTextExW
0x1008e4c8 TabbedTextOutW
0x1008e4cc SetActiveWindow
0x1008e4d0 IsDialogMessageW
0x1008e4d4 ScreenToClient
0x1008e4d8 GetCursorPos
0x1008e4dc IsWindow
0x1008e4e0 DefWindowProcW
0x1008e4e4 GetClassInfoW
0x1008e4e8 SetRectEmpty
0x1008e4ec GetClassNameW
0x1008e4f0 LoadCursorW
0x1008e4f4 GetSystemMetrics
0x1008e4f8 SetCursor
0x1008e4fc SystemParametersInfoW
0x1008e500 LoadStringW
0x1008e504 LoadImageW
0x1008e508 DestroyCursor
0x1008e50c DestroyIcon
0x1008e510 CopyIcon
0x1008e514 FillRect
0x1008e518 CreateIconIndirect
0x1008e51c ReleaseDC
0x1008e520 GetDC
0x1008e524 GetIconInfo
0x1008e528 CreateWindowExW
0x1008e52c ShowWindow
0x1008e530 IsRectEmpty
0x1008e534 DrawFrameControl
0x1008e538 GetSysColor
0x1008e53c SetClipboardData
0x1008e540 EmptyClipboard
0x1008e544 CloseClipboard
0x1008e548 OpenClipboard
0x1008e54c PostMessageW
0x1008e550 GetWindowRect
0x1008e554 SendMessageW
0x1008e558 RegisterWindowMessageW
0x1008e55c EnableWindow
0x1008e560 WinHelpW
GDI32.dll
0x1008e038 PtVisible
0x1008e03c RectVisible
0x1008e040 ExtTextOutW
0x1008e044 Escape
0x1008e048 SetViewportOrgEx
0x1008e04c OffsetViewportOrgEx
0x1008e050 SetViewportExtEx
0x1008e054 ScaleViewportExtEx
0x1008e058 SetWindowExtEx
0x1008e05c ScaleWindowExtEx
0x1008e060 DPtoLP
0x1008e064 SaveDC
0x1008e068 SetMapMode
0x1008e06c DeleteDC
0x1008e070 GetCharWidthW
0x1008e074 GetCurrentObject
0x1008e078 GetClipBox
0x1008e07c Rectangle
0x1008e080 GetStockObject
0x1008e084 CreatePolygonRgn
0x1008e088 CreateRoundRectRgn
0x1008e08c OffsetRgn
0x1008e090 CombineRgn
0x1008e094 CreateRectRgn
0x1008e098 SelectClipRgn
0x1008e09c FillRgn
0x1008e0a0 FrameRgn
0x1008e0a4 TextOutW
0x1008e0a8 GetTextExtentPoint32W
0x1008e0ac SetTextJustification
0x1008e0b0 GetTextMetricsW
0x1008e0b4 SetBkColor
0x1008e0b8 SetBkMode
0x1008e0bc CreateFontIndirectW
0x1008e0c0 LineTo
0x1008e0c4 MoveToEx
0x1008e0c8 CreatePen
0x1008e0cc SetTextColor
0x1008e0d0 CreateSolidBrush
0x1008e0d4 StretchBlt
0x1008e0d8 CreateBitmap
0x1008e0dc GetObjectW
0x1008e0e0 GetDeviceCaps
0x1008e0e4 CreateDCW
0x1008e0e8 CreateCompatibleBitmap
0x1008e0ec BitBlt
0x1008e0f0 SelectObject
0x1008e0f4 CreateCompatibleDC
0x1008e0f8 CreateDIBSection
0x1008e0fc DeleteObject
0x1008e100 RestoreDC
WINSPOOL.DRV
0x1008e570 ClosePrinter
0x1008e574 OpenPrinterW
0x1008e578 DocumentPropertiesW
ADVAPI32.dll
0x1008e000 RegOpenKeyW
0x1008e004 RegQueryValueW
0x1008e008 RegCloseKey
0x1008e00c RegQueryValueExW
0x1008e010 RegCreateKeyExW
0x1008e014 RegOpenKeyExW
0x1008e018 RegEnumKeyW
0x1008e01c RegDeleteKeyW
0x1008e020 RegSetValueExW
SHELL32.dll
0x1008e2f8 ShellExecuteW
COMCTL32.dll
0x1008e028 ImageList_GetImageCount
0x1008e02c ImageList_GetIcon
0x1008e030 None
SHLWAPI.dll
0x1008e300 PathFindExtensionW
OLEAUT32.dll
0x1008e2e8 VariantClear
0x1008e2ec VariantChangeType
0x1008e2f0 VariantInit
WINMM.dll
0x1008e568 PlaySoundW
EAT(Export Address Table) Library
0x1007a660 DllRegisterServer
0x1006bef0 DllUnregisterServer
KERNEL32.dll
0x1008e108 HeapSize
0x1008e10c VirtualFree
0x1008e110 VirtualAlloc
0x1008e114 HeapCreate
0x1008e118 HeapDestroy
0x1008e11c GetStdHandle
0x1008e120 GetModuleFileNameA
0x1008e124 GetCPInfo
0x1008e128 GetACP
0x1008e12c GetOEMCP
0x1008e130 IsValidCodePage
0x1008e134 LCMapStringW
0x1008e138 GetConsoleCP
0x1008e13c GetConsoleMode
0x1008e140 SetHandleCount
0x1008e144 GetFileType
0x1008e148 GetStartupInfoA
0x1008e14c FreeEnvironmentStringsA
0x1008e150 GetEnvironmentStrings
0x1008e154 Sleep
0x1008e158 GetEnvironmentStringsW
0x1008e15c QueryPerformanceCounter
0x1008e160 GetSystemTimeAsFileTime
0x1008e164 InitializeCriticalSectionAndSpinCount
0x1008e168 LCMapStringA
0x1008e16c GetStringTypeA
0x1008e170 GetStringTypeW
0x1008e174 GetLocaleInfoA
0x1008e178 WriteConsoleA
0x1008e17c GetConsoleOutputCP
0x1008e180 WriteConsoleW
0x1008e184 SetStdHandle
0x1008e188 GetProcessHeap
0x1008e18c CreateFileA
0x1008e190 HeapReAlloc
0x1008e194 RaiseException
0x1008e198 RtlUnwind
0x1008e19c GetCommandLineA
0x1008e1a0 IsDebuggerPresent
0x1008e1a4 SetUnhandledExceptionFilter
0x1008e1a8 UnhandledExceptionFilter
0x1008e1ac TerminateProcess
0x1008e1b0 HeapFree
0x1008e1b4 HeapAlloc
0x1008e1b8 GetCurrentProcess
0x1008e1bc SetEndOfFile
0x1008e1c0 FlushFileBuffers
0x1008e1c4 SetFilePointer
0x1008e1c8 WritePrivateProfileStringW
0x1008e1cc GlobalFlags
0x1008e1d0 TlsFree
0x1008e1d4 DeleteCriticalSection
0x1008e1d8 LocalReAlloc
0x1008e1dc TlsSetValue
0x1008e1e0 TlsAlloc
0x1008e1e4 InitializeCriticalSection
0x1008e1e8 GlobalHandle
0x1008e1ec GlobalReAlloc
0x1008e1f0 EnterCriticalSection
0x1008e1f4 TlsGetValue
0x1008e1f8 LeaveCriticalSection
0x1008e1fc InterlockedIncrement
0x1008e200 GetCurrentThread
0x1008e204 ConvertDefaultLocale
0x1008e208 EnumResourceLanguagesW
0x1008e20c GetLocaleInfoW
0x1008e210 InterlockedExchange
0x1008e214 lstrlenA
0x1008e218 lstrcmpA
0x1008e21c InterlockedDecrement
0x1008e220 GetCurrentProcessId
0x1008e224 GetModuleHandleA
0x1008e228 GetCurrentThreadId
0x1008e22c GlobalAddAtomW
0x1008e230 GlobalFindAtomW
0x1008e234 GlobalDeleteAtom
0x1008e238 GetVersionExW
0x1008e23c CompareStringW
0x1008e240 LoadLibraryA
0x1008e244 lstrcmpW
0x1008e248 GetVersionExA
0x1008e24c FreeResource
0x1008e250 GlobalFree
0x1008e254 FormatMessageW
0x1008e258 LocalUnlock
0x1008e25c LocalFree
0x1008e260 LocalLock
0x1008e264 LocalAlloc
0x1008e268 GetModuleFileNameW
0x1008e26c ReadFile
0x1008e270 GetTickCount
0x1008e274 lstrcmpiW
0x1008e278 GetWindowsDirectoryW
0x1008e27c lstrcpyW
0x1008e280 WideCharToMultiByte
0x1008e284 WinExec
0x1008e288 lstrlenW
0x1008e28c lstrcatW
0x1008e290 FreeLibrary
0x1008e294 LoadLibraryExW
0x1008e298 ExitProcess
0x1008e29c MulDiv
0x1008e2a0 GetProcAddress
0x1008e2a4 GetModuleHandleW
0x1008e2a8 LoadLibraryW
0x1008e2ac GetLastError
0x1008e2b0 SetLastError
0x1008e2b4 GlobalAlloc
0x1008e2b8 GlobalUnlock
0x1008e2bc MultiByteToWideChar
0x1008e2c0 GlobalLock
0x1008e2c4 CloseHandle
0x1008e2c8 WriteFile
0x1008e2cc CreateFileW
0x1008e2d0 FindResourceW
0x1008e2d4 LoadResource
0x1008e2d8 LockResource
0x1008e2dc FreeEnvironmentStringsW
0x1008e2e0 SizeofResource
USER32.dll
0x1008e308 DestroyMenu
0x1008e30c GetSysColorBrush
0x1008e310 SetMenuItemBitmaps
0x1008e314 GetMenuCheckMarkDimensions
0x1008e318 LoadBitmapW
0x1008e31c ModifyMenuW
0x1008e320 CheckMenuItem
0x1008e324 SendDlgItemMessageW
0x1008e328 SendDlgItemMessageA
0x1008e32c GetCapture
0x1008e330 SetWindowsHookExW
0x1008e334 CallNextHookEx
0x1008e338 GetClassLongW
0x1008e33c SetPropW
0x1008e340 GetPropW
0x1008e344 RemovePropW
0x1008e348 GetFocus
0x1008e34c GetForegroundWindow
0x1008e350 GetTopWindow
0x1008e354 UnhookWindowsHookEx
0x1008e358 GetMessageTime
0x1008e35c PeekMessageW
0x1008e360 MapWindowPoints
0x1008e364 TrackPopupMenu
0x1008e368 SetMenu
0x1008e36c GetClassInfoExW
0x1008e370 RegisterClassW
0x1008e374 AdjustWindowRectEx
0x1008e378 GetDlgCtrlID
0x1008e37c CallWindowProcW
0x1008e380 GetMenu
0x1008e384 SystemParametersInfoA
0x1008e388 GetWindowPlacement
0x1008e38c GetWindowTextLengthW
0x1008e390 GetScrollPos
0x1008e394 SetScrollPos
0x1008e398 GetWindow
0x1008e39c GetDesktopWindow
0x1008e3a0 CreateDialogIndirectParamW
0x1008e3a4 DestroyWindow
0x1008e3a8 GetNextDlgTabItem
0x1008e3ac DialogBoxIndirectParamW
0x1008e3b0 EndDialog
0x1008e3b4 SetWindowTextW
0x1008e3b8 MoveWindow
0x1008e3bc SetForegroundWindow
0x1008e3c0 SetWindowPos
0x1008e3c4 SetFocus
0x1008e3c8 CheckDlgButton
0x1008e3cc EnableMenuItem
0x1008e3d0 GetDlgItem
0x1008e3d4 GetDialogBaseUnits
0x1008e3d8 EndPaint
0x1008e3dc BeginPaint
0x1008e3e0 MessageBoxW
0x1008e3e4 GetLastActivePopup
0x1008e3e8 GetActiveWindow
0x1008e3ec GetSubMenu
0x1008e3f0 LoadMenuW
0x1008e3f4 MessageBeep
0x1008e3f8 SetWindowLongW
0x1008e3fc TranslateAcceleratorW
0x1008e400 CreatePopupMenu
0x1008e404 IsIconic
0x1008e408 AppendMenuW
0x1008e40c GetSystemMenu
0x1008e410 LoadAcceleratorsW
0x1008e414 LoadIconW
0x1008e418 UpdateWindow
0x1008e41c DispatchMessageW
0x1008e420 TranslateMessage
0x1008e424 GetKeyState
0x1008e428 DrawTextW
0x1008e42c WindowFromDC
0x1008e430 IsWindowVisible
0x1008e434 InvalidateRect
0x1008e438 ReleaseCapture
0x1008e43c GetMessagePos
0x1008e440 SetCapture
0x1008e444 FrameRect
0x1008e448 DrawEdge
0x1008e44c InflateRect
0x1008e450 DrawFocusRect
0x1008e454 RedrawWindow
0x1008e458 DrawIcon
0x1008e45c GetClientRect
0x1008e460 GetAsyncKeyState
0x1008e464 GetMenuState
0x1008e468 GetMenuItemID
0x1008e46c GetMenuItemCount
0x1008e470 CopyRect
0x1008e474 PtInRect
0x1008e478 GetWindowTextW
0x1008e47c GetWindowLongW
0x1008e480 IsWindowEnabled
0x1008e484 ChildWindowFromPoint
0x1008e488 GetParent
0x1008e48c ClientToScreen
0x1008e490 WindowFromPoint
0x1008e494 GetMessageW
0x1008e498 ValidateRect
0x1008e49c PostQuitMessage
0x1008e4a0 GetWindowThreadProcessId
0x1008e4a4 GetWindowDC
0x1008e4a8 GrayStringW
0x1008e4ac SetWindowRgn
0x1008e4b0 OffsetRect
0x1008e4b4 SetRect
0x1008e4b8 SetTimer
0x1008e4bc EqualRect
0x1008e4c0 KillTimer
0x1008e4c4 DrawTextExW
0x1008e4c8 TabbedTextOutW
0x1008e4cc SetActiveWindow
0x1008e4d0 IsDialogMessageW
0x1008e4d4 ScreenToClient
0x1008e4d8 GetCursorPos
0x1008e4dc IsWindow
0x1008e4e0 DefWindowProcW
0x1008e4e4 GetClassInfoW
0x1008e4e8 SetRectEmpty
0x1008e4ec GetClassNameW
0x1008e4f0 LoadCursorW
0x1008e4f4 GetSystemMetrics
0x1008e4f8 SetCursor
0x1008e4fc SystemParametersInfoW
0x1008e500 LoadStringW
0x1008e504 LoadImageW
0x1008e508 DestroyCursor
0x1008e50c DestroyIcon
0x1008e510 CopyIcon
0x1008e514 FillRect
0x1008e518 CreateIconIndirect
0x1008e51c ReleaseDC
0x1008e520 GetDC
0x1008e524 GetIconInfo
0x1008e528 CreateWindowExW
0x1008e52c ShowWindow
0x1008e530 IsRectEmpty
0x1008e534 DrawFrameControl
0x1008e538 GetSysColor
0x1008e53c SetClipboardData
0x1008e540 EmptyClipboard
0x1008e544 CloseClipboard
0x1008e548 OpenClipboard
0x1008e54c PostMessageW
0x1008e550 GetWindowRect
0x1008e554 SendMessageW
0x1008e558 RegisterWindowMessageW
0x1008e55c EnableWindow
0x1008e560 WinHelpW
GDI32.dll
0x1008e038 PtVisible
0x1008e03c RectVisible
0x1008e040 ExtTextOutW
0x1008e044 Escape
0x1008e048 SetViewportOrgEx
0x1008e04c OffsetViewportOrgEx
0x1008e050 SetViewportExtEx
0x1008e054 ScaleViewportExtEx
0x1008e058 SetWindowExtEx
0x1008e05c ScaleWindowExtEx
0x1008e060 DPtoLP
0x1008e064 SaveDC
0x1008e068 SetMapMode
0x1008e06c DeleteDC
0x1008e070 GetCharWidthW
0x1008e074 GetCurrentObject
0x1008e078 GetClipBox
0x1008e07c Rectangle
0x1008e080 GetStockObject
0x1008e084 CreatePolygonRgn
0x1008e088 CreateRoundRectRgn
0x1008e08c OffsetRgn
0x1008e090 CombineRgn
0x1008e094 CreateRectRgn
0x1008e098 SelectClipRgn
0x1008e09c FillRgn
0x1008e0a0 FrameRgn
0x1008e0a4 TextOutW
0x1008e0a8 GetTextExtentPoint32W
0x1008e0ac SetTextJustification
0x1008e0b0 GetTextMetricsW
0x1008e0b4 SetBkColor
0x1008e0b8 SetBkMode
0x1008e0bc CreateFontIndirectW
0x1008e0c0 LineTo
0x1008e0c4 MoveToEx
0x1008e0c8 CreatePen
0x1008e0cc SetTextColor
0x1008e0d0 CreateSolidBrush
0x1008e0d4 StretchBlt
0x1008e0d8 CreateBitmap
0x1008e0dc GetObjectW
0x1008e0e0 GetDeviceCaps
0x1008e0e4 CreateDCW
0x1008e0e8 CreateCompatibleBitmap
0x1008e0ec BitBlt
0x1008e0f0 SelectObject
0x1008e0f4 CreateCompatibleDC
0x1008e0f8 CreateDIBSection
0x1008e0fc DeleteObject
0x1008e100 RestoreDC
WINSPOOL.DRV
0x1008e570 ClosePrinter
0x1008e574 OpenPrinterW
0x1008e578 DocumentPropertiesW
ADVAPI32.dll
0x1008e000 RegOpenKeyW
0x1008e004 RegQueryValueW
0x1008e008 RegCloseKey
0x1008e00c RegQueryValueExW
0x1008e010 RegCreateKeyExW
0x1008e014 RegOpenKeyExW
0x1008e018 RegEnumKeyW
0x1008e01c RegDeleteKeyW
0x1008e020 RegSetValueExW
SHELL32.dll
0x1008e2f8 ShellExecuteW
COMCTL32.dll
0x1008e028 ImageList_GetImageCount
0x1008e02c ImageList_GetIcon
0x1008e030 None
SHLWAPI.dll
0x1008e300 PathFindExtensionW
OLEAUT32.dll
0x1008e2e8 VariantClear
0x1008e2ec VariantChangeType
0x1008e2f0 VariantInit
WINMM.dll
0x1008e568 PlaySoundW
EAT(Export Address Table) Library
0x1007a660 DllRegisterServer
0x1006bef0 DllUnregisterServer