ScreenShot
| Created | 2022.03.26 09:11 | Machine | s1_win7_x6403 |
| Filename | rc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (Artemis, malicious, PSWStealer, BestaFera, Eldorado, Attribute, HighConfidence, high confidence, Delf, R002H0CCP22, DownLoader44, Sabsik, score, BScope, Diple, PWSX, CLOUD, susgen, EQPQ, confidence) | ||
| md5 | 1098eea1ee550a0b6100a11be53d27d8 | ||
| sha256 | 8dfee94c273148e304ce65b2174c1bcf211e31b9fb7074bb03069c831a4b119a | ||
| ssdeep | 24576:+TLmKxzGyM4qG2AakO6fjPViDl16PdCLHbW:kl4JbsjIYPdCLb | ||
| imphash | cca1320226e806cf0d983ee82566105c | ||
| impfuzzy | 192:o13MDbuuaDSUvK9DsoHXEoo7RdYDb1OEPbOQHa:C3maI9vr1LPbOQ6 | ||
Network IP location
Signature (33cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| warning | Generates some ICMP traffic |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a suspicious Powershell process |
| watch | Creates a thread using CreateRemoteThread in a non-child process indicative of process injection |
| watch | Deletes executed files from disk |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Network activity contains more than one unique useragent |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (38cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Network (8cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4a6868 SysFreeString
0x4a686c SysReAllocStringLen
0x4a6870 SysAllocStringLen
advapi32.dll
0x4a6878 RegQueryValueExA
0x4a687c RegOpenKeyExA
0x4a6880 RegCloseKey
user32.dll
0x4a6888 GetKeyboardType
0x4a688c DestroyWindow
0x4a6890 LoadStringA
0x4a6894 MessageBoxA
0x4a6898 CharNextA
kernel32.dll
0x4a68a0 GetACP
0x4a68a4 Sleep
0x4a68a8 VirtualFree
0x4a68ac VirtualAlloc
0x4a68b0 GetCurrentThreadId
0x4a68b4 InterlockedDecrement
0x4a68b8 InterlockedIncrement
0x4a68bc VirtualQuery
0x4a68c0 WideCharToMultiByte
0x4a68c4 MultiByteToWideChar
0x4a68c8 lstrlenA
0x4a68cc lstrcpynA
0x4a68d0 LoadLibraryExA
0x4a68d4 GetThreadLocale
0x4a68d8 GetStartupInfoA
0x4a68dc GetProcAddress
0x4a68e0 GetModuleHandleA
0x4a68e4 GetModuleFileNameA
0x4a68e8 GetLocaleInfoA
0x4a68ec GetCommandLineA
0x4a68f0 FreeLibrary
0x4a68f4 FindFirstFileA
0x4a68f8 FindClose
0x4a68fc ExitProcess
0x4a6900 CompareStringA
0x4a6904 WriteFile
0x4a6908 UnhandledExceptionFilter
0x4a690c RtlUnwind
0x4a6910 RaiseException
0x4a6914 GetStdHandle
kernel32.dll
0x4a691c TlsSetValue
0x4a6920 TlsGetValue
0x4a6924 LocalAlloc
0x4a6928 GetModuleHandleA
user32.dll
0x4a6930 CreateWindowExA
0x4a6934 WindowFromPoint
0x4a6938 WaitMessage
0x4a693c UpdateWindow
0x4a6940 UnregisterClassA
0x4a6944 UnhookWindowsHookEx
0x4a6948 TranslateMessage
0x4a694c TranslateMDISysAccel
0x4a6950 TrackPopupMenu
0x4a6954 SystemParametersInfoA
0x4a6958 ShowWindow
0x4a695c ShowScrollBar
0x4a6960 ShowOwnedPopups
0x4a6964 SetWindowsHookExA
0x4a6968 SetWindowTextA
0x4a696c SetWindowPos
0x4a6970 SetWindowPlacement
0x4a6974 SetWindowLongW
0x4a6978 SetWindowLongA
0x4a697c SetTimer
0x4a6980 SetScrollRange
0x4a6984 SetScrollPos
0x4a6988 SetScrollInfo
0x4a698c SetRect
0x4a6990 SetPropA
0x4a6994 SetParent
0x4a6998 SetMenuItemInfoA
0x4a699c SetMenu
0x4a69a0 SetForegroundWindow
0x4a69a4 SetFocus
0x4a69a8 SetCursor
0x4a69ac SetClipboardData
0x4a69b0 SetClassLongA
0x4a69b4 SetCapture
0x4a69b8 SetActiveWindow
0x4a69bc SendMessageW
0x4a69c0 SendMessageA
0x4a69c4 ScrollWindow
0x4a69c8 ScreenToClient
0x4a69cc RemovePropA
0x4a69d0 RemoveMenu
0x4a69d4 ReleaseDC
0x4a69d8 ReleaseCapture
0x4a69dc RegisterWindowMessageA
0x4a69e0 RegisterClipboardFormatA
0x4a69e4 RegisterClassA
0x4a69e8 RedrawWindow
0x4a69ec PtInRect
0x4a69f0 PostQuitMessage
0x4a69f4 PostMessageA
0x4a69f8 PeekMessageW
0x4a69fc PeekMessageA
0x4a6a00 OpenClipboard
0x4a6a04 OffsetRect
0x4a6a08 OemToCharA
0x4a6a0c MessageBoxA
0x4a6a10 MessageBeep
0x4a6a14 MapWindowPoints
0x4a6a18 MapVirtualKeyA
0x4a6a1c LoadStringA
0x4a6a20 LoadKeyboardLayoutA
0x4a6a24 LoadIconA
0x4a6a28 LoadCursorA
0x4a6a2c LoadBitmapA
0x4a6a30 KillTimer
0x4a6a34 IsZoomed
0x4a6a38 IsWindowVisible
0x4a6a3c IsWindowUnicode
0x4a6a40 IsWindowEnabled
0x4a6a44 IsWindow
0x4a6a48 IsRectEmpty
0x4a6a4c IsIconic
0x4a6a50 IsDialogMessageW
0x4a6a54 IsDialogMessageA
0x4a6a58 IsChild
0x4a6a5c InvalidateRect
0x4a6a60 IntersectRect
0x4a6a64 InsertMenuItemA
0x4a6a68 InsertMenuA
0x4a6a6c InflateRect
0x4a6a70 GetWindowThreadProcessId
0x4a6a74 GetWindowTextA
0x4a6a78 GetWindowRect
0x4a6a7c GetWindowPlacement
0x4a6a80 GetWindowLongW
0x4a6a84 GetWindowLongA
0x4a6a88 GetWindowDC
0x4a6a8c GetTopWindow
0x4a6a90 GetSystemMetrics
0x4a6a94 GetSystemMenu
0x4a6a98 GetSysColorBrush
0x4a6a9c GetSysColor
0x4a6aa0 GetSubMenu
0x4a6aa4 GetScrollRange
0x4a6aa8 GetScrollPos
0x4a6aac GetScrollInfo
0x4a6ab0 GetPropA
0x4a6ab4 GetParent
0x4a6ab8 GetWindow
0x4a6abc GetMessageTime
0x4a6ac0 GetMessagePos
0x4a6ac4 GetMenuStringA
0x4a6ac8 GetMenuState
0x4a6acc GetMenuItemInfoA
0x4a6ad0 GetMenuItemID
0x4a6ad4 GetMenuItemCount
0x4a6ad8 GetMenu
0x4a6adc GetLastActivePopup
0x4a6ae0 GetKeyboardState
0x4a6ae4 GetKeyboardLayoutNameA
0x4a6ae8 GetKeyboardLayoutList
0x4a6aec GetKeyboardLayout
0x4a6af0 GetKeyState
0x4a6af4 GetKeyNameTextA
0x4a6af8 GetIconInfo
0x4a6afc GetForegroundWindow
0x4a6b00 GetFocus
0x4a6b04 GetDesktopWindow
0x4a6b08 GetDCEx
0x4a6b0c GetDC
0x4a6b10 GetCursorPos
0x4a6b14 GetCursor
0x4a6b18 GetClipboardData
0x4a6b1c GetClientRect
0x4a6b20 GetClassLongA
0x4a6b24 GetClassInfoA
0x4a6b28 GetCapture
0x4a6b2c GetActiveWindow
0x4a6b30 FrameRect
0x4a6b34 FindWindowA
0x4a6b38 FillRect
0x4a6b3c EqualRect
0x4a6b40 EnumWindows
0x4a6b44 EnumThreadWindows
0x4a6b48 EnumChildWindows
0x4a6b4c EndPaint
0x4a6b50 EnableWindow
0x4a6b54 EnableScrollBar
0x4a6b58 EnableMenuItem
0x4a6b5c EmptyClipboard
0x4a6b60 DrawTextA
0x4a6b64 DrawMenuBar
0x4a6b68 DrawIconEx
0x4a6b6c DrawIcon
0x4a6b70 DrawFrameControl
0x4a6b74 DrawFocusRect
0x4a6b78 DrawEdge
0x4a6b7c DispatchMessageW
0x4a6b80 DispatchMessageA
0x4a6b84 DestroyWindow
0x4a6b88 DestroyMenu
0x4a6b8c DestroyIcon
0x4a6b90 DestroyCursor
0x4a6b94 DeleteMenu
0x4a6b98 DefWindowProcA
0x4a6b9c DefMDIChildProcA
0x4a6ba0 DefFrameProcA
0x4a6ba4 CreatePopupMenu
0x4a6ba8 CreateMenu
0x4a6bac CreateIcon
0x4a6bb0 CloseClipboard
0x4a6bb4 ClientToScreen
0x4a6bb8 CheckMenuItem
0x4a6bbc CharNextW
0x4a6bc0 CallWindowProcA
0x4a6bc4 CallNextHookEx
0x4a6bc8 BeginPaint
0x4a6bcc CharNextA
0x4a6bd0 CharLowerBuffA
0x4a6bd4 CharLowerA
0x4a6bd8 CharUpperBuffA
0x4a6bdc CharToOemA
0x4a6be0 AdjustWindowRectEx
0x4a6be4 ActivateKeyboardLayout
gdi32.dll
0x4a6bec UnrealizeObject
0x4a6bf0 StretchBlt
0x4a6bf4 SetWindowOrgEx
0x4a6bf8 SetWinMetaFileBits
0x4a6bfc SetViewportOrgEx
0x4a6c00 SetTextColor
0x4a6c04 SetStretchBltMode
0x4a6c08 SetROP2
0x4a6c0c SetPixel
0x4a6c10 SetMapMode
0x4a6c14 SetEnhMetaFileBits
0x4a6c18 SetDIBColorTable
0x4a6c1c SetBrushOrgEx
0x4a6c20 SetBkMode
0x4a6c24 SetBkColor
0x4a6c28 SelectPalette
0x4a6c2c SelectObject
0x4a6c30 SelectClipRgn
0x4a6c34 SaveDC
0x4a6c38 RestoreDC
0x4a6c3c Rectangle
0x4a6c40 RectVisible
0x4a6c44 RealizePalette
0x4a6c48 PlayEnhMetaFile
0x4a6c4c PatBlt
0x4a6c50 MoveToEx
0x4a6c54 MaskBlt
0x4a6c58 LineTo
0x4a6c5c LPtoDP
0x4a6c60 IntersectClipRect
0x4a6c64 GetWindowOrgEx
0x4a6c68 GetWinMetaFileBits
0x4a6c6c GetTextMetricsA
0x4a6c70 GetTextExtentPointA
0x4a6c74 GetTextExtentPoint32A
0x4a6c78 GetTextAlign
0x4a6c7c GetSystemPaletteEntries
0x4a6c80 GetStockObject
0x4a6c84 GetRgnBox
0x4a6c88 GetROP2
0x4a6c8c GetPolyFillMode
0x4a6c90 GetPixelFormat
0x4a6c94 GetPixel
0x4a6c98 GetPaletteEntries
0x4a6c9c GetObjectA
0x4a6ca0 GetGraphicsMode
0x4a6ca4 GetEnhMetaFilePaletteEntries
0x4a6ca8 GetEnhMetaFileHeader
0x4a6cac GetEnhMetaFileDescriptionA
0x4a6cb0 GetEnhMetaFileBits
0x4a6cb4 GetDeviceCaps
0x4a6cb8 GetDIBits
0x4a6cbc GetDIBColorTable
0x4a6cc0 GetDCOrgEx
0x4a6cc4 GetDCPenColor
0x4a6cc8 GetDCBrushColor
0x4a6ccc GetCurrentPositionEx
0x4a6cd0 GetClipBox
0x4a6cd4 GetBrushOrgEx
0x4a6cd8 GetBkMode
0x4a6cdc GetBkColor
0x4a6ce0 GetBitmapBits
0x4a6ce4 GdiFlush
0x4a6ce8 ExtTextOutA
0x4a6cec ExcludeClipRect
0x4a6cf0 DeleteObject
0x4a6cf4 DeleteEnhMetaFile
0x4a6cf8 DeleteDC
0x4a6cfc CreateSolidBrush
0x4a6d00 CreatePenIndirect
0x4a6d04 CreatePalette
0x4a6d08 CreateHalftonePalette
0x4a6d0c CreateFontIndirectA
0x4a6d10 CreateEnhMetaFileA
0x4a6d14 CreateDIBitmap
0x4a6d18 CreateDIBSection
0x4a6d1c CreateCompatibleDC
0x4a6d20 CreateCompatibleBitmap
0x4a6d24 CreateBrushIndirect
0x4a6d28 CreateBitmap
0x4a6d2c CopyEnhMetaFileA
0x4a6d30 CloseEnhMetaFile
0x4a6d34 BitBlt
version.dll
0x4a6d3c VerQueryValueA
0x4a6d40 GetFileVersionInfoSizeA
0x4a6d44 GetFileVersionInfoA
kernel32.dll
0x4a6d4c lstrcpyA
0x4a6d50 WriteFile
0x4a6d54 WideCharToMultiByte
0x4a6d58 WaitForSingleObject
0x4a6d5c VirtualQuery
0x4a6d60 VirtualProtect
0x4a6d64 VirtualAlloc
0x4a6d68 SizeofResource
0x4a6d6c SetThreadLocale
0x4a6d70 SetFilePointer
0x4a6d74 SetEvent
0x4a6d78 SetErrorMode
0x4a6d7c SetEndOfFile
0x4a6d80 ResetEvent
0x4a6d84 ReadFile
0x4a6d88 MultiByteToWideChar
0x4a6d8c MulDiv
0x4a6d90 LockResource
0x4a6d94 LoadResource
0x4a6d98 LoadLibraryA
0x4a6d9c LeaveCriticalSection
0x4a6da0 InitializeCriticalSection
0x4a6da4 GlobalUnlock
0x4a6da8 GlobalSize
0x4a6dac GlobalLock
0x4a6db0 GlobalFree
0x4a6db4 GlobalFindAtomA
0x4a6db8 GlobalDeleteAtom
0x4a6dbc GlobalAlloc
0x4a6dc0 GlobalAddAtomA
0x4a6dc4 GetVersionExA
0x4a6dc8 GetVersion
0x4a6dcc GetUserDefaultLCID
0x4a6dd0 GetTickCount
0x4a6dd4 GetThreadLocale
0x4a6dd8 GetStdHandle
0x4a6ddc GetProcAddress
0x4a6de0 GetModuleHandleA
0x4a6de4 GetModuleFileNameA
0x4a6de8 GetLocaleInfoA
0x4a6dec GetLocalTime
0x4a6df0 GetLastError
0x4a6df4 GetFullPathNameA
0x4a6df8 GetDiskFreeSpaceA
0x4a6dfc GetDateFormatA
0x4a6e00 GetCurrentThreadId
0x4a6e04 GetCurrentProcessId
0x4a6e08 GetCurrentProcess
0x4a6e0c GetComputerNameA
0x4a6e10 GetCPInfo
0x4a6e14 FreeResource
0x4a6e18 InterlockedExchange
0x4a6e1c FreeLibrary
0x4a6e20 FormatMessageA
0x4a6e24 FlushInstructionCache
0x4a6e28 FindResourceA
0x4a6e2c EnumCalendarInfoA
0x4a6e30 EnterCriticalSection
0x4a6e34 DeleteCriticalSection
0x4a6e38 CreateThread
0x4a6e3c CreateFileA
0x4a6e40 CreateEventA
0x4a6e44 CompareStringA
0x4a6e48 CloseHandle
0x4a6e4c AddAtomW
advapi32.dll
0x4a6e54 RegQueryValueExA
0x4a6e58 RegOpenKeyExA
0x4a6e5c RegFlushKey
0x4a6e60 RegCloseKey
0x4a6e64 AddAce
oleaut32.dll
0x4a6e6c CreateErrorInfo
0x4a6e70 GetErrorInfo
0x4a6e74 SetErrorInfo
0x4a6e78 GetActiveObject
0x4a6e7c SysFreeString
ole32.dll
0x4a6e84 CreateStreamOnHGlobal
0x4a6e88 IsAccelerator
0x4a6e8c OleDraw
0x4a6e90 OleSetMenuDescriptor
0x4a6e94 CoTaskMemFree
0x4a6e98 ProgIDFromCLSID
0x4a6e9c StringFromCLSID
0x4a6ea0 CoCreateInstance
0x4a6ea4 CoGetClassObject
0x4a6ea8 CoUninitialize
0x4a6eac CoInitialize
0x4a6eb0 IsEqualGUID
kernel32.dll
0x4a6eb8 Sleep
oleaut32.dll
0x4a6ec0 SafeArrayPtrOfIndex
0x4a6ec4 SafeArrayPutElement
0x4a6ec8 SafeArrayGetElement
0x4a6ecc SafeArrayUnaccessData
0x4a6ed0 SafeArrayAccessData
0x4a6ed4 SafeArrayGetUBound
0x4a6ed8 SafeArrayGetLBound
0x4a6edc SafeArrayCreate
0x4a6ee0 VariantChangeType
0x4a6ee4 VariantCopyInd
0x4a6ee8 VariantCopy
0x4a6eec VariantClear
0x4a6ef0 VariantInit
comctl32.dll
0x4a6ef8 _TrackMouseEvent
0x4a6efc ImageList_SetIconSize
0x4a6f00 ImageList_GetIconSize
0x4a6f04 ImageList_Write
0x4a6f08 ImageList_Read
0x4a6f0c ImageList_GetDragImage
0x4a6f10 ImageList_DragShowNolock
0x4a6f14 ImageList_DragMove
0x4a6f18 ImageList_DragLeave
0x4a6f1c ImageList_DragEnter
0x4a6f20 ImageList_EndDrag
0x4a6f24 ImageList_BeginDrag
0x4a6f28 ImageList_Remove
0x4a6f2c ImageList_DrawEx
0x4a6f30 ImageList_Replace
0x4a6f34 ImageList_Draw
0x4a6f38 ImageList_GetBkColor
0x4a6f3c ImageList_SetBkColor
0x4a6f40 ImageList_Add
0x4a6f44 ImageList_GetImageCount
0x4a6f48 ImageList_Destroy
0x4a6f4c ImageList_Create
0x4a6f50 InitCommonControls
adsldpc.dll
0x4a6f58 ADsGetLastError
activeds.dll
0x4a6f60 ADsGetObject
EAT(Export Address Table) is none
oleaut32.dll
0x4a6868 SysFreeString
0x4a686c SysReAllocStringLen
0x4a6870 SysAllocStringLen
advapi32.dll
0x4a6878 RegQueryValueExA
0x4a687c RegOpenKeyExA
0x4a6880 RegCloseKey
user32.dll
0x4a6888 GetKeyboardType
0x4a688c DestroyWindow
0x4a6890 LoadStringA
0x4a6894 MessageBoxA
0x4a6898 CharNextA
kernel32.dll
0x4a68a0 GetACP
0x4a68a4 Sleep
0x4a68a8 VirtualFree
0x4a68ac VirtualAlloc
0x4a68b0 GetCurrentThreadId
0x4a68b4 InterlockedDecrement
0x4a68b8 InterlockedIncrement
0x4a68bc VirtualQuery
0x4a68c0 WideCharToMultiByte
0x4a68c4 MultiByteToWideChar
0x4a68c8 lstrlenA
0x4a68cc lstrcpynA
0x4a68d0 LoadLibraryExA
0x4a68d4 GetThreadLocale
0x4a68d8 GetStartupInfoA
0x4a68dc GetProcAddress
0x4a68e0 GetModuleHandleA
0x4a68e4 GetModuleFileNameA
0x4a68e8 GetLocaleInfoA
0x4a68ec GetCommandLineA
0x4a68f0 FreeLibrary
0x4a68f4 FindFirstFileA
0x4a68f8 FindClose
0x4a68fc ExitProcess
0x4a6900 CompareStringA
0x4a6904 WriteFile
0x4a6908 UnhandledExceptionFilter
0x4a690c RtlUnwind
0x4a6910 RaiseException
0x4a6914 GetStdHandle
kernel32.dll
0x4a691c TlsSetValue
0x4a6920 TlsGetValue
0x4a6924 LocalAlloc
0x4a6928 GetModuleHandleA
user32.dll
0x4a6930 CreateWindowExA
0x4a6934 WindowFromPoint
0x4a6938 WaitMessage
0x4a693c UpdateWindow
0x4a6940 UnregisterClassA
0x4a6944 UnhookWindowsHookEx
0x4a6948 TranslateMessage
0x4a694c TranslateMDISysAccel
0x4a6950 TrackPopupMenu
0x4a6954 SystemParametersInfoA
0x4a6958 ShowWindow
0x4a695c ShowScrollBar
0x4a6960 ShowOwnedPopups
0x4a6964 SetWindowsHookExA
0x4a6968 SetWindowTextA
0x4a696c SetWindowPos
0x4a6970 SetWindowPlacement
0x4a6974 SetWindowLongW
0x4a6978 SetWindowLongA
0x4a697c SetTimer
0x4a6980 SetScrollRange
0x4a6984 SetScrollPos
0x4a6988 SetScrollInfo
0x4a698c SetRect
0x4a6990 SetPropA
0x4a6994 SetParent
0x4a6998 SetMenuItemInfoA
0x4a699c SetMenu
0x4a69a0 SetForegroundWindow
0x4a69a4 SetFocus
0x4a69a8 SetCursor
0x4a69ac SetClipboardData
0x4a69b0 SetClassLongA
0x4a69b4 SetCapture
0x4a69b8 SetActiveWindow
0x4a69bc SendMessageW
0x4a69c0 SendMessageA
0x4a69c4 ScrollWindow
0x4a69c8 ScreenToClient
0x4a69cc RemovePropA
0x4a69d0 RemoveMenu
0x4a69d4 ReleaseDC
0x4a69d8 ReleaseCapture
0x4a69dc RegisterWindowMessageA
0x4a69e0 RegisterClipboardFormatA
0x4a69e4 RegisterClassA
0x4a69e8 RedrawWindow
0x4a69ec PtInRect
0x4a69f0 PostQuitMessage
0x4a69f4 PostMessageA
0x4a69f8 PeekMessageW
0x4a69fc PeekMessageA
0x4a6a00 OpenClipboard
0x4a6a04 OffsetRect
0x4a6a08 OemToCharA
0x4a6a0c MessageBoxA
0x4a6a10 MessageBeep
0x4a6a14 MapWindowPoints
0x4a6a18 MapVirtualKeyA
0x4a6a1c LoadStringA
0x4a6a20 LoadKeyboardLayoutA
0x4a6a24 LoadIconA
0x4a6a28 LoadCursorA
0x4a6a2c LoadBitmapA
0x4a6a30 KillTimer
0x4a6a34 IsZoomed
0x4a6a38 IsWindowVisible
0x4a6a3c IsWindowUnicode
0x4a6a40 IsWindowEnabled
0x4a6a44 IsWindow
0x4a6a48 IsRectEmpty
0x4a6a4c IsIconic
0x4a6a50 IsDialogMessageW
0x4a6a54 IsDialogMessageA
0x4a6a58 IsChild
0x4a6a5c InvalidateRect
0x4a6a60 IntersectRect
0x4a6a64 InsertMenuItemA
0x4a6a68 InsertMenuA
0x4a6a6c InflateRect
0x4a6a70 GetWindowThreadProcessId
0x4a6a74 GetWindowTextA
0x4a6a78 GetWindowRect
0x4a6a7c GetWindowPlacement
0x4a6a80 GetWindowLongW
0x4a6a84 GetWindowLongA
0x4a6a88 GetWindowDC
0x4a6a8c GetTopWindow
0x4a6a90 GetSystemMetrics
0x4a6a94 GetSystemMenu
0x4a6a98 GetSysColorBrush
0x4a6a9c GetSysColor
0x4a6aa0 GetSubMenu
0x4a6aa4 GetScrollRange
0x4a6aa8 GetScrollPos
0x4a6aac GetScrollInfo
0x4a6ab0 GetPropA
0x4a6ab4 GetParent
0x4a6ab8 GetWindow
0x4a6abc GetMessageTime
0x4a6ac0 GetMessagePos
0x4a6ac4 GetMenuStringA
0x4a6ac8 GetMenuState
0x4a6acc GetMenuItemInfoA
0x4a6ad0 GetMenuItemID
0x4a6ad4 GetMenuItemCount
0x4a6ad8 GetMenu
0x4a6adc GetLastActivePopup
0x4a6ae0 GetKeyboardState
0x4a6ae4 GetKeyboardLayoutNameA
0x4a6ae8 GetKeyboardLayoutList
0x4a6aec GetKeyboardLayout
0x4a6af0 GetKeyState
0x4a6af4 GetKeyNameTextA
0x4a6af8 GetIconInfo
0x4a6afc GetForegroundWindow
0x4a6b00 GetFocus
0x4a6b04 GetDesktopWindow
0x4a6b08 GetDCEx
0x4a6b0c GetDC
0x4a6b10 GetCursorPos
0x4a6b14 GetCursor
0x4a6b18 GetClipboardData
0x4a6b1c GetClientRect
0x4a6b20 GetClassLongA
0x4a6b24 GetClassInfoA
0x4a6b28 GetCapture
0x4a6b2c GetActiveWindow
0x4a6b30 FrameRect
0x4a6b34 FindWindowA
0x4a6b38 FillRect
0x4a6b3c EqualRect
0x4a6b40 EnumWindows
0x4a6b44 EnumThreadWindows
0x4a6b48 EnumChildWindows
0x4a6b4c EndPaint
0x4a6b50 EnableWindow
0x4a6b54 EnableScrollBar
0x4a6b58 EnableMenuItem
0x4a6b5c EmptyClipboard
0x4a6b60 DrawTextA
0x4a6b64 DrawMenuBar
0x4a6b68 DrawIconEx
0x4a6b6c DrawIcon
0x4a6b70 DrawFrameControl
0x4a6b74 DrawFocusRect
0x4a6b78 DrawEdge
0x4a6b7c DispatchMessageW
0x4a6b80 DispatchMessageA
0x4a6b84 DestroyWindow
0x4a6b88 DestroyMenu
0x4a6b8c DestroyIcon
0x4a6b90 DestroyCursor
0x4a6b94 DeleteMenu
0x4a6b98 DefWindowProcA
0x4a6b9c DefMDIChildProcA
0x4a6ba0 DefFrameProcA
0x4a6ba4 CreatePopupMenu
0x4a6ba8 CreateMenu
0x4a6bac CreateIcon
0x4a6bb0 CloseClipboard
0x4a6bb4 ClientToScreen
0x4a6bb8 CheckMenuItem
0x4a6bbc CharNextW
0x4a6bc0 CallWindowProcA
0x4a6bc4 CallNextHookEx
0x4a6bc8 BeginPaint
0x4a6bcc CharNextA
0x4a6bd0 CharLowerBuffA
0x4a6bd4 CharLowerA
0x4a6bd8 CharUpperBuffA
0x4a6bdc CharToOemA
0x4a6be0 AdjustWindowRectEx
0x4a6be4 ActivateKeyboardLayout
gdi32.dll
0x4a6bec UnrealizeObject
0x4a6bf0 StretchBlt
0x4a6bf4 SetWindowOrgEx
0x4a6bf8 SetWinMetaFileBits
0x4a6bfc SetViewportOrgEx
0x4a6c00 SetTextColor
0x4a6c04 SetStretchBltMode
0x4a6c08 SetROP2
0x4a6c0c SetPixel
0x4a6c10 SetMapMode
0x4a6c14 SetEnhMetaFileBits
0x4a6c18 SetDIBColorTable
0x4a6c1c SetBrushOrgEx
0x4a6c20 SetBkMode
0x4a6c24 SetBkColor
0x4a6c28 SelectPalette
0x4a6c2c SelectObject
0x4a6c30 SelectClipRgn
0x4a6c34 SaveDC
0x4a6c38 RestoreDC
0x4a6c3c Rectangle
0x4a6c40 RectVisible
0x4a6c44 RealizePalette
0x4a6c48 PlayEnhMetaFile
0x4a6c4c PatBlt
0x4a6c50 MoveToEx
0x4a6c54 MaskBlt
0x4a6c58 LineTo
0x4a6c5c LPtoDP
0x4a6c60 IntersectClipRect
0x4a6c64 GetWindowOrgEx
0x4a6c68 GetWinMetaFileBits
0x4a6c6c GetTextMetricsA
0x4a6c70 GetTextExtentPointA
0x4a6c74 GetTextExtentPoint32A
0x4a6c78 GetTextAlign
0x4a6c7c GetSystemPaletteEntries
0x4a6c80 GetStockObject
0x4a6c84 GetRgnBox
0x4a6c88 GetROP2
0x4a6c8c GetPolyFillMode
0x4a6c90 GetPixelFormat
0x4a6c94 GetPixel
0x4a6c98 GetPaletteEntries
0x4a6c9c GetObjectA
0x4a6ca0 GetGraphicsMode
0x4a6ca4 GetEnhMetaFilePaletteEntries
0x4a6ca8 GetEnhMetaFileHeader
0x4a6cac GetEnhMetaFileDescriptionA
0x4a6cb0 GetEnhMetaFileBits
0x4a6cb4 GetDeviceCaps
0x4a6cb8 GetDIBits
0x4a6cbc GetDIBColorTable
0x4a6cc0 GetDCOrgEx
0x4a6cc4 GetDCPenColor
0x4a6cc8 GetDCBrushColor
0x4a6ccc GetCurrentPositionEx
0x4a6cd0 GetClipBox
0x4a6cd4 GetBrushOrgEx
0x4a6cd8 GetBkMode
0x4a6cdc GetBkColor
0x4a6ce0 GetBitmapBits
0x4a6ce4 GdiFlush
0x4a6ce8 ExtTextOutA
0x4a6cec ExcludeClipRect
0x4a6cf0 DeleteObject
0x4a6cf4 DeleteEnhMetaFile
0x4a6cf8 DeleteDC
0x4a6cfc CreateSolidBrush
0x4a6d00 CreatePenIndirect
0x4a6d04 CreatePalette
0x4a6d08 CreateHalftonePalette
0x4a6d0c CreateFontIndirectA
0x4a6d10 CreateEnhMetaFileA
0x4a6d14 CreateDIBitmap
0x4a6d18 CreateDIBSection
0x4a6d1c CreateCompatibleDC
0x4a6d20 CreateCompatibleBitmap
0x4a6d24 CreateBrushIndirect
0x4a6d28 CreateBitmap
0x4a6d2c CopyEnhMetaFileA
0x4a6d30 CloseEnhMetaFile
0x4a6d34 BitBlt
version.dll
0x4a6d3c VerQueryValueA
0x4a6d40 GetFileVersionInfoSizeA
0x4a6d44 GetFileVersionInfoA
kernel32.dll
0x4a6d4c lstrcpyA
0x4a6d50 WriteFile
0x4a6d54 WideCharToMultiByte
0x4a6d58 WaitForSingleObject
0x4a6d5c VirtualQuery
0x4a6d60 VirtualProtect
0x4a6d64 VirtualAlloc
0x4a6d68 SizeofResource
0x4a6d6c SetThreadLocale
0x4a6d70 SetFilePointer
0x4a6d74 SetEvent
0x4a6d78 SetErrorMode
0x4a6d7c SetEndOfFile
0x4a6d80 ResetEvent
0x4a6d84 ReadFile
0x4a6d88 MultiByteToWideChar
0x4a6d8c MulDiv
0x4a6d90 LockResource
0x4a6d94 LoadResource
0x4a6d98 LoadLibraryA
0x4a6d9c LeaveCriticalSection
0x4a6da0 InitializeCriticalSection
0x4a6da4 GlobalUnlock
0x4a6da8 GlobalSize
0x4a6dac GlobalLock
0x4a6db0 GlobalFree
0x4a6db4 GlobalFindAtomA
0x4a6db8 GlobalDeleteAtom
0x4a6dbc GlobalAlloc
0x4a6dc0 GlobalAddAtomA
0x4a6dc4 GetVersionExA
0x4a6dc8 GetVersion
0x4a6dcc GetUserDefaultLCID
0x4a6dd0 GetTickCount
0x4a6dd4 GetThreadLocale
0x4a6dd8 GetStdHandle
0x4a6ddc GetProcAddress
0x4a6de0 GetModuleHandleA
0x4a6de4 GetModuleFileNameA
0x4a6de8 GetLocaleInfoA
0x4a6dec GetLocalTime
0x4a6df0 GetLastError
0x4a6df4 GetFullPathNameA
0x4a6df8 GetDiskFreeSpaceA
0x4a6dfc GetDateFormatA
0x4a6e00 GetCurrentThreadId
0x4a6e04 GetCurrentProcessId
0x4a6e08 GetCurrentProcess
0x4a6e0c GetComputerNameA
0x4a6e10 GetCPInfo
0x4a6e14 FreeResource
0x4a6e18 InterlockedExchange
0x4a6e1c FreeLibrary
0x4a6e20 FormatMessageA
0x4a6e24 FlushInstructionCache
0x4a6e28 FindResourceA
0x4a6e2c EnumCalendarInfoA
0x4a6e30 EnterCriticalSection
0x4a6e34 DeleteCriticalSection
0x4a6e38 CreateThread
0x4a6e3c CreateFileA
0x4a6e40 CreateEventA
0x4a6e44 CompareStringA
0x4a6e48 CloseHandle
0x4a6e4c AddAtomW
advapi32.dll
0x4a6e54 RegQueryValueExA
0x4a6e58 RegOpenKeyExA
0x4a6e5c RegFlushKey
0x4a6e60 RegCloseKey
0x4a6e64 AddAce
oleaut32.dll
0x4a6e6c CreateErrorInfo
0x4a6e70 GetErrorInfo
0x4a6e74 SetErrorInfo
0x4a6e78 GetActiveObject
0x4a6e7c SysFreeString
ole32.dll
0x4a6e84 CreateStreamOnHGlobal
0x4a6e88 IsAccelerator
0x4a6e8c OleDraw
0x4a6e90 OleSetMenuDescriptor
0x4a6e94 CoTaskMemFree
0x4a6e98 ProgIDFromCLSID
0x4a6e9c StringFromCLSID
0x4a6ea0 CoCreateInstance
0x4a6ea4 CoGetClassObject
0x4a6ea8 CoUninitialize
0x4a6eac CoInitialize
0x4a6eb0 IsEqualGUID
kernel32.dll
0x4a6eb8 Sleep
oleaut32.dll
0x4a6ec0 SafeArrayPtrOfIndex
0x4a6ec4 SafeArrayPutElement
0x4a6ec8 SafeArrayGetElement
0x4a6ecc SafeArrayUnaccessData
0x4a6ed0 SafeArrayAccessData
0x4a6ed4 SafeArrayGetUBound
0x4a6ed8 SafeArrayGetLBound
0x4a6edc SafeArrayCreate
0x4a6ee0 VariantChangeType
0x4a6ee4 VariantCopyInd
0x4a6ee8 VariantCopy
0x4a6eec VariantClear
0x4a6ef0 VariantInit
comctl32.dll
0x4a6ef8 _TrackMouseEvent
0x4a6efc ImageList_SetIconSize
0x4a6f00 ImageList_GetIconSize
0x4a6f04 ImageList_Write
0x4a6f08 ImageList_Read
0x4a6f0c ImageList_GetDragImage
0x4a6f10 ImageList_DragShowNolock
0x4a6f14 ImageList_DragMove
0x4a6f18 ImageList_DragLeave
0x4a6f1c ImageList_DragEnter
0x4a6f20 ImageList_EndDrag
0x4a6f24 ImageList_BeginDrag
0x4a6f28 ImageList_Remove
0x4a6f2c ImageList_DrawEx
0x4a6f30 ImageList_Replace
0x4a6f34 ImageList_Draw
0x4a6f38 ImageList_GetBkColor
0x4a6f3c ImageList_SetBkColor
0x4a6f40 ImageList_Add
0x4a6f44 ImageList_GetImageCount
0x4a6f48 ImageList_Destroy
0x4a6f4c ImageList_Create
0x4a6f50 InitCommonControls
adsldpc.dll
0x4a6f58 ADsGetLastError
activeds.dll
0x4a6f60 ADsGetObject
EAT(Export Address Table) is none