ScreenShot
| Created | 2023.08.22 17:42 | Machine | s1_win7_x6401 |
| Filename | trxV9376 | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, Emotet, Ulise, unsafe, Vjsd, TrojanBanker, malicious, confidence, 100%, Eldorado, high confidence, score, cmvs, jvobvn, BankerX, Gencirc, aogi, YXDCQZ, GenKryptik, Malware@#1f2osespawys, Detected, R564334, ai score=100, Chgt, Kryptik, F5gXdyKd7lN, T5E6Ku8, PossibleThreat) | ||
| md5 | c901c8089c5e017f8e9b4b15c8ef154f | ||
| sha256 | fd79e8fa5e3801101a1305b6aba7a5e7fdc852ed9036d6d9a5210be414a5cc5a | ||
| ssdeep | 12288:chQZR06Fy1F5YqSDZ9ma2aCStos1F3uD2Hescq2mc:jT08y1F5YqSDZ9ma21Str3cTX | ||
| imphash | 8e4ac255f5ef2adac99344450f27e6ce | ||
| impfuzzy | 48:V+hGBStdS1CcjBc+ppnFuFZ+QQ5mS5ECnB+GzOKF/KA/X09jf7OAT+LX:VgHtdS1CwBc+ppnmsHcOz | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18004a038 OutputDebugStringA
0x18004a040 SetFilePointerEx
0x18004a048 GetConsoleMode
0x18004a050 GetConsoleCP
0x18004a058 FlushFileBuffers
0x18004a060 WriteFile
0x18004a068 SetStdHandle
0x18004a070 OutputDebugStringW
0x18004a078 HeapSize
0x18004a080 GetStringTypeW
0x18004a088 SetConsoleCtrlHandler
0x18004a090 GetFileType
0x18004a098 GetStdHandle
0x18004a0a0 GetProcessHeap
0x18004a0a8 SetEnvironmentVariableW
0x18004a0b0 SetEnvironmentVariableA
0x18004a0b8 CloseHandle
0x18004a0c0 WaitForSingleObjectEx
0x18004a0c8 CreateThread
0x18004a0d0 WriteConsoleW
0x18004a0d8 CreateFileW
0x18004a0e0 HeapReAlloc
0x18004a0e8 ExitProcess
0x18004a0f0 FreeEnvironmentStringsW
0x18004a0f8 GetEnvironmentStringsW
0x18004a100 GetCommandLineW
0x18004a108 GetCommandLineA
0x18004a110 GetCPInfo
0x18004a118 GetOEMCP
0x18004a120 GetACP
0x18004a128 IsValidCodePage
0x18004a130 FindNextFileW
0x18004a138 FindNextFileA
0x18004a140 FindFirstFileExW
0x18004a148 FindFirstFileExA
0x18004a150 FindClose
0x18004a158 UnhandledExceptionFilter
0x18004a160 SetUnhandledExceptionFilter
0x18004a168 GetCurrentProcess
0x18004a170 TerminateProcess
0x18004a178 IsProcessorFeaturePresent
0x18004a180 IsDebuggerPresent
0x18004a188 GetStartupInfoW
0x18004a190 GetModuleHandleW
0x18004a198 QueryPerformanceCounter
0x18004a1a0 GetCurrentProcessId
0x18004a1a8 GetCurrentThreadId
0x18004a1b0 GetSystemTimeAsFileTime
0x18004a1b8 InitializeSListHead
0x18004a1c0 RtlUnwindEx
0x18004a1c8 InterlockedPushEntrySList
0x18004a1d0 InterlockedFlushSList
0x18004a1d8 GetLastError
0x18004a1e0 SetLastError
0x18004a1e8 EncodePointer
0x18004a1f0 RaiseException
0x18004a1f8 EnterCriticalSection
0x18004a200 LeaveCriticalSection
0x18004a208 DeleteCriticalSection
0x18004a210 InitializeCriticalSectionAndSpinCount
0x18004a218 TlsAlloc
0x18004a220 TlsGetValue
0x18004a228 TlsSetValue
0x18004a230 TlsFree
0x18004a238 FreeLibrary
0x18004a240 GetProcAddress
0x18004a248 LoadLibraryExW
0x18004a250 RtlPcToFileHeader
0x18004a258 GetModuleHandleExW
0x18004a260 GetModuleFileNameA
0x18004a268 GetModuleFileNameW
0x18004a270 MultiByteToWideChar
0x18004a278 WideCharToMultiByte
0x18004a280 GetCurrentThread
0x18004a288 GetDateFormatW
0x18004a290 GetTimeFormatW
0x18004a298 CompareStringW
0x18004a2a0 LCMapStringW
0x18004a2a8 GetLocaleInfoW
0x18004a2b0 IsValidLocale
0x18004a2b8 GetUserDefaultLCID
0x18004a2c0 EnumSystemLocalesW
0x18004a2c8 HeapAlloc
0x18004a2d0 HeapFree
USER32.dll
0x18004a2e0 GetGestureInfo
0x18004a2e8 InvalidateRect
0x18004a2f0 ScreenToClient
0x18004a2f8 CloseGestureInfoHandle
0x18004a300 EndPaint
0x18004a308 BeginPaint
0x18004a310 UpdateWindow
0x18004a318 PostQuitMessage
0x18004a320 LoadCursorW
0x18004a328 TranslateMessage
0x18004a330 TranslateAcceleratorW
0x18004a338 SetGestureConfig
0x18004a340 ShowWindow
0x18004a348 GetMessageW
0x18004a350 DefWindowProcW
0x18004a358 DestroyWindow
0x18004a360 CreateWindowExW
0x18004a368 RegisterClassExW
0x18004a370 LoadStringW
0x18004a378 DispatchMessageW
GDI32.dll
0x18004a000 Polyline
0x18004a008 LineTo
0x18004a010 CreatePen
0x18004a018 MoveToEx
0x18004a020 DeleteObject
0x18004a028 SelectObject
ntdll.dll
0x18004a388 NtQueueApcThread
0x18004a390 ZwOpenSymbolicLinkObject
0x18004a398 LdrFindResource_U
0x18004a3a0 NtAllocateVirtualMemory
0x18004a3a8 atoi
0x18004a3b0 sin
0x18004a3b8 LdrAccessResource
0x18004a3c0 __C_specific_handler
0x18004a3c8 RtlCaptureContext
0x18004a3d0 RtlLookupFunctionEntry
0x18004a3d8 RtlVirtualUnwind
0x18004a3e0 memset
0x18004a3e8 NtTestAlert
0x18004a3f0 strchr
0x18004a3f8 wcschr
0x18004a400 strrchr
0x18004a408 _local_unwind
0x18004a410 memcmp
0x18004a418 cos
0x18004a420 floor
EAT(Export Address Table) Library
0x180047d00 AFxNCNDhpJUjLGSUBdyJAlirW
0x180047cd0 APgLpQbnGOFg
0x180048270 AaVQghYMoDvlcIkoDhwOzm
0x180048380 AbGiqsZapYXQEJBQNrWj
0x180047d70 AcIMOdUMWKfNaHjlQaJhaKDTvv
0x180047d10 AjmdNJiPaRsRtAqadcjQnlCAvv
0x180047620 AmhroJJBvgsvk
0x180047d40 BdxxRGs
0x1800481b0 BgAFcJi
0x180047710 BlIVCeEMUhTYUniUkHlJscB
0x1800475f0 BleGyOkIaepldUi
0x1800474e0 BoepXZDDjhOrSbcuQncJB
0x180047f00 BpzeaEnGa
0x180047f70 BwCjRp
0x1800478f0 CFIstcx
0x180047e80 CJsqCnAMpj
0x180047f20 CNPpdSVcuSzviIZhvCWSTfhZ
0x180047bc0 COOXnQoQSaTGSpWIAaSzo
0x1800483f0 CSUruSgGDFRVUvVHcTu
0x180047d50 CTCQAClHYzuiPWfwqyQYV
0x180047dd0 CeHgsCxOuoDTDrP
0x180048170 CpbkGyHjPVYKKbevwuabtfos
0x180047e10 DIczDdVVlD
0x180048290 DXtcAMkZFB
0x180048460 DahoeOjCy
0x180048420 DdmfNyLzGBEZdhjuVaLnGLAC
0x180048a60 DllRegisterServer
0x1800475e0 EDirxlezljynQMb
0x1800481a0 EJrkYuGqWKJxcbkEWFxWuj
0x180048210 EOCBExEDvmpuiTSdISaFTJpbnD
0x1800483b0 ERdHSxbrluXBmlg
0x180047c50 EWqRXzEYZJPwDvIiOC
0x180048080 EbquiojgkxAH
0x180047f90 EjCrzK
0x1800476b0 FSJZHjqXtVCcouB
0x180047be0 FmgnZSs
0x180047da0 FwGMzFvmlRhqfdgYj
0x180047e20 GEakZdngEgkQEMUw
0x180048440 GIucseXHMrRrXPFeKw
0x180047680 GNoduqRICMxxYLScjzRR
0x1800481f0 GTdkEFQtZIyifVPtMw
0x180047b40 GUUIOYFVBkCRKKGPM
0x180047690 GabGyY
0x180047790 GlmIPNFEUxGfzccoGbGvt
0x180048090 GqxGeRkjCFW
0x180047600 GrnXAG
0x180047ba0 GsRUyGCvRhXYbBNdoXgMoD
0x1800483a0 GyQSbTrVGUQXgOfZOvlwGGJOZ
0x180047a90 HCaLEQxCPhokiggZc
0x180047c90 HETlXz
0x180047c30 HRQNzHLCNHYjXY
0x1800481d0 HbOXELXYC
0x180047ff0 ISKZiApGwwqfPxyvDE
0x180047840 IcSKMpKalYoTBtNC
0x1800481e0 IprhqRmUjfLjdAvaVSyh
0x180047920 IsZFDjJYWWGraQqQsCIojuoPI
0x180047500 ItCdjvWTgdRQjqKEojXISZB
0x180047800 JEVIhwFBZItxqXVhyUDXDtvW
0x1800475b0 JEhcfsFJLI
0x180047b10 JhsVgkWwuNGjkVJBv
0x180047a50 JiXLWADK
0x180048110 JkvQVFXLk
0x180047df0 JqTVuEmdOv
0x180048310 JuvMSMMEvEF
0x180047aa0 KDwYBJCicCZzRoOZ
0x1800477e0 KLAfQsdsaKGHSrQOYTMpVzgK
0x180047570 KSnZqpvzTNl
0x180048340 KWfbJvRFrOV
0x180047b80 KcugiBMUcgjkCqc
0x180047ac0 KidKIFrYdPHAre
0x180047e70 KlkHRlyspyEbCqaAF
0x1800481c0 KtJgAGRGyADIhGc
0x180047e40 LGWXmeQgMABu
0x180048330 LGyzhOBlGMKKEiSyBNOA
0x180047f50 LUjVXvmpjLkwIEYtcKcCx
0x180047830 LebFCnlzbXtrrLdB
0x180047740 LsyMBhredZBvk
0x180047ca0 LtFyFAsWliacGsTGXqjeeLvK
0x1800476c0 MBYEluvEyDzsC
0x1800478e0 MHJytDnaUPMzueb
0x180047d60 MRAAdjwmnMsgXIeyxsstimL
0x180047b60 MTyYvXrFDEVJRoIKFwFl
0x180048160 MXvGmOYJBUNcUhrUCfuEpj
0x1800478d0 MZrxiTTzjWhcxLrlJk
0x1800477d0 MdAKHWoLiTGZE
0x180048200 MoEtlGhIUoAqzlzsWDD
0x180047730 MxxORRnm
0x180048060 NDUAXvzsdeydywwRNMHWRJGK
0x180047b20 NTSxfMIpNzhwDaIYTg
0x180047a60 NUIiQUpkB
0x180047670 NdojhsEWJXelkYgY
0x180047bf0 NqNktJurxEPsSVvLgoiCKI
0x180047ce0 OBviaeAmDhEKB
0x180047760 OPTztDwnXmUalz
0x180047af0 OarYXdaVMs
0x1800482f0 OuaaSMDdKAHJBSI
0x180047fb0 OxtFZQuvLvXO
0x180047990 PJPUWySrtcFnoU
0x1800479d0 PkrxWwd
0x180047630 QBzgDamuPMHnmBmxqsemB
0x180048130 QIPgSlrJ
0x180047b00 QdXiEwjVRvwsA
0x180047fd0 QkJCVvrpO
0x1800483d0 QlKOChPtGkCgueNfMfmE
0x180047de0 RgpZIjoS
0x180048190 RyWPRDWAZokSpgjdX
0x1800477b0 RzInNvLFbXSrZs
0x180048020 SBVACGqdL
0x180047ea0 SEXaxJE
0x180048320 SRIMcYcgmQzv
0x180047fc0 SVExPilkWeEdOmPKxmE
0x180047590 SshJfgldnoPmDiuzthDwd
0x180047ab0 SvDHpIXg
0x1800477f0 THleRyMKuvcwAptfFoQK
0x180047f10 TTMslvZRPDHsOsrU
0x180047580 TYDISaLzbh
0x180047780 UCcbUfpvn
0x180047860 USnHmXWDgJkTuRXnXRjn
0x180047850 UUHotoQypbMRPBbQhwXJ
0x180047750 UViPeuVtuJLKc
0x180048470 VBkQTrbKGhVfQhRTgXMjbrfiaA
0x180047980 VFhGvlPGsQhxHtTvhSxKcY
0x1800482e0 VMzeZLRonjcnd
0x180047c00 VvcxTjnHmbhTuwSu
0x180048450 WNjGlSlYPJjasDjMnceJuoqnOl
0x180047c10 WOmHhVXU
0x180047820 WWcFKCS
0x180047520 WghExnDSDsHbsIsQUpcOxNq
0x180047b50 WxdatBbzivhjgPXiraHxWOM
0x180047e30 XAcTVarCmGzF
0x180047950 XAqsrMHoZFRaFCiaysvzy
0x180047d20 XIXyiQCQ
0x1800476a0 XQVwoczNAXAPbeZcjruIA
0x180047dc0 XatHkgeISNp
0x180048000 XpoUhKqoThkn
0x180047b90 YDFhjgerDlMLHVuXkSGEv
0x180047f60 YDKNGzOAPZlebFJpomRMxWNWg
0x180048050 YFhZJoLhPOxEKBaBTzdVAs
0x180048040 YMAJlulpbXVSpmjWQoONYi
0x180048070 YQhjFQTZKDC
0x1800482b0 YVgAZYazoRsKAdHqUTqkgZq
0x1800483e0 YkervHFfkUmQ
0x180048220 ZlZscmMrWi
0x180048350 ZmdBIuhvLHIhsHYfrVvyNMOd
0x1800480a0 aWbGhfFeswwmRPshquqsl
0x180047650 aloTparayLO
0x1800479e0 amdrEpsU
0x1800478a0 bQQBvUQww
0x180047db0 bVWsKcmDpbKTsnGSXiKxM
0x1800475d0 beHDhlBgUZsmJPexvSQKWCSKnW
0x1800477a0 brphqpZlLTLruTZptc
0x180047a00 bwgKjSDuHKhDy
0x1800476e0 cEmuUSbtGzsPAWGLdEauFU
0x1800475c0 cZCtvLKOxGXeuQWS
0x180047bd0 ccdfvrWFVeOtkqurRNVLro
0x180047b70 ceebsfNkbprRYc
0x180048010 cjGWSR
0x180047e50 cnuLgsUOwrPiw
0x180047930 dKIpmirT
0x180047540 dWSStgetesFZgKWUlQPKU
0x180048140 dnXDSBiTBWy
0x180047ef0 doAVSHUlJOFKbCQnzEW
0x180048390 dsZUCLcbYUzqmmD
0x180047c80 eGrZsXv
0x180047a10 fFODoRkFUnPhPoFzbafui
0x180048180 fZITkvmvMdUvysq
0x1800479f0 fnQaoYOUVI
0x180048150 fobQqObMbQikgyImDguWIsSqjW
0x1800480d0 fvnKblUjOPABvhy
0x180047940 gHaJYcXzizzOUSXyHhzXij
0x180047c20 gVVLvY
0x180047720 gYsqbdDRcVuEYq
0x180048410 gkKTzQjnWeBVBmdNP
0x180047a30 hYVSsGvvkQKPjqcuHGhHnYbA
0x1800480b0 hdCnmtITRRiwGbqpRVNVj
0x180048030 hgmXlQGHxqVCPqrOlJgdTzKjmy
0x180047a70 hmUYZEkqsD
0x180047cf0 hnPgQMKxfZHj
0x180047c70 hrxRKGrcsUQAxyvDxBdrVDpeiV
0x1800475a0 hyuMoli
0x180047c60 hzuYAENAOWXcCMPPwupdAT
0x180047660 iDKwhD
0x180047910 iLpIoCoOGqSLknWShpOrXAuKw
0x180047d90 iYwAhnXpbSUzlmHnmKQLjmmXK
0x180047900 idYAJoIIJgaqEeHFdg
0x180047870 ifPZCTSHPzCTdOekgUaxrQHYuc
0x180047c40 ixhaskjGAZPmibXdKZvYtk
0x180047fe0 ixlbCgxrYjUWwQkziPixAHKEBS
0x1800478c0 jKcyyPRaYIKARbKLutjxMJNS
0x180048370 jNWPvYbBEhWjWSkVPtU
0x180047770 jfNeLGJbrBNgcJglu
0x180047a80 jlLkWHkPXzdlBWKxH
0x180048260 kOjPaBJwhKOkyyEkfyJDAZvEgX
0x1800478b0 kSACSUJ
0x180047ec0 keQAVKXtmULHuOImJnBpdef
0x180048360 lErkuJeOFVOTsm
0x1800480c0 lhaXGZqTpNIGy
0x180048100 meuEhwBKCbfkejUqzTJjdKD
0x180047e90 mfNRni
0x180048240 mhUamrXpNTQoqAXBAOdni
0x180047cb0 mnIEDKk
0x180047890 mrDsuVk
0x180047510 nEGgbfNwyEuu
0x180047610 nGvRmUygfURBUP
0x180047fa0 oqvDWjwIAJzWpnG
0x180048300 osgOmxsPqdsdPKyVAAI
0x1800479c0 oxavVlwWCBrupyASASSutRHKF
0x1800480f0 pEJxpRWmhWgptnfFGEVk
0x180047970 pUkHWIGVsMnGAg
0x180048250 pfTZxt
0x180047d80 qDYXLQXI
0x180047ae0 qNjfExouMwyiEVRAxF
0x180047a20 qWDwMV
0x180047bb0 qapxTEwK
0x180047ad0 qhNODbIuKwAidWpM
0x180047cc0 qndJteadmvKtwtX
0x180047a40 rBfJGBNajQh
0x1800474f0 rSkbfbenMNaD
0x180048430 rZemjjNLjMchLkQfeDUbbzpm
0x1800477c0 rcIMrQ
0x1800482d0 rlylMbEyTzmhBhMnsDWGjHrGZm
0x180047f40 skxWqECeFacKy
0x180048280 tEUCHIYiCUXq
0x1800479a0 tGglDMKXeMQhJtvQKRDRYth
0x180047530 tiZBMlcH
0x180047560 tuTdavYyrkmrqttj
0x1800482c0 tusJWJatGAjHQ
0x180047960 uAYOOXzsVtedIEB
0x180048400 uITvpyYWxWdxFIyrNcapZqG
0x1800483c0 uNuWYXNzTxyYiYCxISZFREssT
0x180047b30 uYqFfsiZigpJTLvHeRJSzRJ
0x180047810 uisBqJhQtDhrUvJXqoNzC
0x180047e60 ulGorqIa
0x1800482a0 ulLWzRKIaihpUWldzULuQvs
0x180047ed0 uxWnjhMRdalMeIJVVXvepyLQST
0x180047550 uzhPwfneAafRTwZNOMlbtoLv
0x180047640 vzJKCHMTTJNRLftltdRzpgG
0x180047700 wXfbObReo
0x1800476f0 wdgRqjrlxLcZ
0x180047d30 woilPxqxjb
0x1800476d0 xFhlmQwlqWlunaXSAGTJZgm
0x180047e00 xpkNqPyEjlUhxYeMh
0x180047f30 yMJBOjjpGcaArcbwYVksQ
0x180047880 yQMmxxuzvesyFjnQWZeF
0x180047eb0 ySqQLXYBVIeML
0x1800480e0 ybQKUWgVxypfnYzfV
0x180048120 yjlEMfeHtJJufvAhijuftNF
0x180047ee0 ymFmaPktGszCn
0x180048230 yshKYdVQRI
0x180047f80 zJRSMdlcrlWvknxiExxY
0x1800479b0 zOroUYHqtGnEfcUvuhlrsOvr
KERNEL32.dll
0x18004a038 OutputDebugStringA
0x18004a040 SetFilePointerEx
0x18004a048 GetConsoleMode
0x18004a050 GetConsoleCP
0x18004a058 FlushFileBuffers
0x18004a060 WriteFile
0x18004a068 SetStdHandle
0x18004a070 OutputDebugStringW
0x18004a078 HeapSize
0x18004a080 GetStringTypeW
0x18004a088 SetConsoleCtrlHandler
0x18004a090 GetFileType
0x18004a098 GetStdHandle
0x18004a0a0 GetProcessHeap
0x18004a0a8 SetEnvironmentVariableW
0x18004a0b0 SetEnvironmentVariableA
0x18004a0b8 CloseHandle
0x18004a0c0 WaitForSingleObjectEx
0x18004a0c8 CreateThread
0x18004a0d0 WriteConsoleW
0x18004a0d8 CreateFileW
0x18004a0e0 HeapReAlloc
0x18004a0e8 ExitProcess
0x18004a0f0 FreeEnvironmentStringsW
0x18004a0f8 GetEnvironmentStringsW
0x18004a100 GetCommandLineW
0x18004a108 GetCommandLineA
0x18004a110 GetCPInfo
0x18004a118 GetOEMCP
0x18004a120 GetACP
0x18004a128 IsValidCodePage
0x18004a130 FindNextFileW
0x18004a138 FindNextFileA
0x18004a140 FindFirstFileExW
0x18004a148 FindFirstFileExA
0x18004a150 FindClose
0x18004a158 UnhandledExceptionFilter
0x18004a160 SetUnhandledExceptionFilter
0x18004a168 GetCurrentProcess
0x18004a170 TerminateProcess
0x18004a178 IsProcessorFeaturePresent
0x18004a180 IsDebuggerPresent
0x18004a188 GetStartupInfoW
0x18004a190 GetModuleHandleW
0x18004a198 QueryPerformanceCounter
0x18004a1a0 GetCurrentProcessId
0x18004a1a8 GetCurrentThreadId
0x18004a1b0 GetSystemTimeAsFileTime
0x18004a1b8 InitializeSListHead
0x18004a1c0 RtlUnwindEx
0x18004a1c8 InterlockedPushEntrySList
0x18004a1d0 InterlockedFlushSList
0x18004a1d8 GetLastError
0x18004a1e0 SetLastError
0x18004a1e8 EncodePointer
0x18004a1f0 RaiseException
0x18004a1f8 EnterCriticalSection
0x18004a200 LeaveCriticalSection
0x18004a208 DeleteCriticalSection
0x18004a210 InitializeCriticalSectionAndSpinCount
0x18004a218 TlsAlloc
0x18004a220 TlsGetValue
0x18004a228 TlsSetValue
0x18004a230 TlsFree
0x18004a238 FreeLibrary
0x18004a240 GetProcAddress
0x18004a248 LoadLibraryExW
0x18004a250 RtlPcToFileHeader
0x18004a258 GetModuleHandleExW
0x18004a260 GetModuleFileNameA
0x18004a268 GetModuleFileNameW
0x18004a270 MultiByteToWideChar
0x18004a278 WideCharToMultiByte
0x18004a280 GetCurrentThread
0x18004a288 GetDateFormatW
0x18004a290 GetTimeFormatW
0x18004a298 CompareStringW
0x18004a2a0 LCMapStringW
0x18004a2a8 GetLocaleInfoW
0x18004a2b0 IsValidLocale
0x18004a2b8 GetUserDefaultLCID
0x18004a2c0 EnumSystemLocalesW
0x18004a2c8 HeapAlloc
0x18004a2d0 HeapFree
USER32.dll
0x18004a2e0 GetGestureInfo
0x18004a2e8 InvalidateRect
0x18004a2f0 ScreenToClient
0x18004a2f8 CloseGestureInfoHandle
0x18004a300 EndPaint
0x18004a308 BeginPaint
0x18004a310 UpdateWindow
0x18004a318 PostQuitMessage
0x18004a320 LoadCursorW
0x18004a328 TranslateMessage
0x18004a330 TranslateAcceleratorW
0x18004a338 SetGestureConfig
0x18004a340 ShowWindow
0x18004a348 GetMessageW
0x18004a350 DefWindowProcW
0x18004a358 DestroyWindow
0x18004a360 CreateWindowExW
0x18004a368 RegisterClassExW
0x18004a370 LoadStringW
0x18004a378 DispatchMessageW
GDI32.dll
0x18004a000 Polyline
0x18004a008 LineTo
0x18004a010 CreatePen
0x18004a018 MoveToEx
0x18004a020 DeleteObject
0x18004a028 SelectObject
ntdll.dll
0x18004a388 NtQueueApcThread
0x18004a390 ZwOpenSymbolicLinkObject
0x18004a398 LdrFindResource_U
0x18004a3a0 NtAllocateVirtualMemory
0x18004a3a8 atoi
0x18004a3b0 sin
0x18004a3b8 LdrAccessResource
0x18004a3c0 __C_specific_handler
0x18004a3c8 RtlCaptureContext
0x18004a3d0 RtlLookupFunctionEntry
0x18004a3d8 RtlVirtualUnwind
0x18004a3e0 memset
0x18004a3e8 NtTestAlert
0x18004a3f0 strchr
0x18004a3f8 wcschr
0x18004a400 strrchr
0x18004a408 _local_unwind
0x18004a410 memcmp
0x18004a418 cos
0x18004a420 floor
EAT(Export Address Table) Library
0x180047d00 AFxNCNDhpJUjLGSUBdyJAlirW
0x180047cd0 APgLpQbnGOFg
0x180048270 AaVQghYMoDvlcIkoDhwOzm
0x180048380 AbGiqsZapYXQEJBQNrWj
0x180047d70 AcIMOdUMWKfNaHjlQaJhaKDTvv
0x180047d10 AjmdNJiPaRsRtAqadcjQnlCAvv
0x180047620 AmhroJJBvgsvk
0x180047d40 BdxxRGs
0x1800481b0 BgAFcJi
0x180047710 BlIVCeEMUhTYUniUkHlJscB
0x1800475f0 BleGyOkIaepldUi
0x1800474e0 BoepXZDDjhOrSbcuQncJB
0x180047f00 BpzeaEnGa
0x180047f70 BwCjRp
0x1800478f0 CFIstcx
0x180047e80 CJsqCnAMpj
0x180047f20 CNPpdSVcuSzviIZhvCWSTfhZ
0x180047bc0 COOXnQoQSaTGSpWIAaSzo
0x1800483f0 CSUruSgGDFRVUvVHcTu
0x180047d50 CTCQAClHYzuiPWfwqyQYV
0x180047dd0 CeHgsCxOuoDTDrP
0x180048170 CpbkGyHjPVYKKbevwuabtfos
0x180047e10 DIczDdVVlD
0x180048290 DXtcAMkZFB
0x180048460 DahoeOjCy
0x180048420 DdmfNyLzGBEZdhjuVaLnGLAC
0x180048a60 DllRegisterServer
0x1800475e0 EDirxlezljynQMb
0x1800481a0 EJrkYuGqWKJxcbkEWFxWuj
0x180048210 EOCBExEDvmpuiTSdISaFTJpbnD
0x1800483b0 ERdHSxbrluXBmlg
0x180047c50 EWqRXzEYZJPwDvIiOC
0x180048080 EbquiojgkxAH
0x180047f90 EjCrzK
0x1800476b0 FSJZHjqXtVCcouB
0x180047be0 FmgnZSs
0x180047da0 FwGMzFvmlRhqfdgYj
0x180047e20 GEakZdngEgkQEMUw
0x180048440 GIucseXHMrRrXPFeKw
0x180047680 GNoduqRICMxxYLScjzRR
0x1800481f0 GTdkEFQtZIyifVPtMw
0x180047b40 GUUIOYFVBkCRKKGPM
0x180047690 GabGyY
0x180047790 GlmIPNFEUxGfzccoGbGvt
0x180048090 GqxGeRkjCFW
0x180047600 GrnXAG
0x180047ba0 GsRUyGCvRhXYbBNdoXgMoD
0x1800483a0 GyQSbTrVGUQXgOfZOvlwGGJOZ
0x180047a90 HCaLEQxCPhokiggZc
0x180047c90 HETlXz
0x180047c30 HRQNzHLCNHYjXY
0x1800481d0 HbOXELXYC
0x180047ff0 ISKZiApGwwqfPxyvDE
0x180047840 IcSKMpKalYoTBtNC
0x1800481e0 IprhqRmUjfLjdAvaVSyh
0x180047920 IsZFDjJYWWGraQqQsCIojuoPI
0x180047500 ItCdjvWTgdRQjqKEojXISZB
0x180047800 JEVIhwFBZItxqXVhyUDXDtvW
0x1800475b0 JEhcfsFJLI
0x180047b10 JhsVgkWwuNGjkVJBv
0x180047a50 JiXLWADK
0x180048110 JkvQVFXLk
0x180047df0 JqTVuEmdOv
0x180048310 JuvMSMMEvEF
0x180047aa0 KDwYBJCicCZzRoOZ
0x1800477e0 KLAfQsdsaKGHSrQOYTMpVzgK
0x180047570 KSnZqpvzTNl
0x180048340 KWfbJvRFrOV
0x180047b80 KcugiBMUcgjkCqc
0x180047ac0 KidKIFrYdPHAre
0x180047e70 KlkHRlyspyEbCqaAF
0x1800481c0 KtJgAGRGyADIhGc
0x180047e40 LGWXmeQgMABu
0x180048330 LGyzhOBlGMKKEiSyBNOA
0x180047f50 LUjVXvmpjLkwIEYtcKcCx
0x180047830 LebFCnlzbXtrrLdB
0x180047740 LsyMBhredZBvk
0x180047ca0 LtFyFAsWliacGsTGXqjeeLvK
0x1800476c0 MBYEluvEyDzsC
0x1800478e0 MHJytDnaUPMzueb
0x180047d60 MRAAdjwmnMsgXIeyxsstimL
0x180047b60 MTyYvXrFDEVJRoIKFwFl
0x180048160 MXvGmOYJBUNcUhrUCfuEpj
0x1800478d0 MZrxiTTzjWhcxLrlJk
0x1800477d0 MdAKHWoLiTGZE
0x180048200 MoEtlGhIUoAqzlzsWDD
0x180047730 MxxORRnm
0x180048060 NDUAXvzsdeydywwRNMHWRJGK
0x180047b20 NTSxfMIpNzhwDaIYTg
0x180047a60 NUIiQUpkB
0x180047670 NdojhsEWJXelkYgY
0x180047bf0 NqNktJurxEPsSVvLgoiCKI
0x180047ce0 OBviaeAmDhEKB
0x180047760 OPTztDwnXmUalz
0x180047af0 OarYXdaVMs
0x1800482f0 OuaaSMDdKAHJBSI
0x180047fb0 OxtFZQuvLvXO
0x180047990 PJPUWySrtcFnoU
0x1800479d0 PkrxWwd
0x180047630 QBzgDamuPMHnmBmxqsemB
0x180048130 QIPgSlrJ
0x180047b00 QdXiEwjVRvwsA
0x180047fd0 QkJCVvrpO
0x1800483d0 QlKOChPtGkCgueNfMfmE
0x180047de0 RgpZIjoS
0x180048190 RyWPRDWAZokSpgjdX
0x1800477b0 RzInNvLFbXSrZs
0x180048020 SBVACGqdL
0x180047ea0 SEXaxJE
0x180048320 SRIMcYcgmQzv
0x180047fc0 SVExPilkWeEdOmPKxmE
0x180047590 SshJfgldnoPmDiuzthDwd
0x180047ab0 SvDHpIXg
0x1800477f0 THleRyMKuvcwAptfFoQK
0x180047f10 TTMslvZRPDHsOsrU
0x180047580 TYDISaLzbh
0x180047780 UCcbUfpvn
0x180047860 USnHmXWDgJkTuRXnXRjn
0x180047850 UUHotoQypbMRPBbQhwXJ
0x180047750 UViPeuVtuJLKc
0x180048470 VBkQTrbKGhVfQhRTgXMjbrfiaA
0x180047980 VFhGvlPGsQhxHtTvhSxKcY
0x1800482e0 VMzeZLRonjcnd
0x180047c00 VvcxTjnHmbhTuwSu
0x180048450 WNjGlSlYPJjasDjMnceJuoqnOl
0x180047c10 WOmHhVXU
0x180047820 WWcFKCS
0x180047520 WghExnDSDsHbsIsQUpcOxNq
0x180047b50 WxdatBbzivhjgPXiraHxWOM
0x180047e30 XAcTVarCmGzF
0x180047950 XAqsrMHoZFRaFCiaysvzy
0x180047d20 XIXyiQCQ
0x1800476a0 XQVwoczNAXAPbeZcjruIA
0x180047dc0 XatHkgeISNp
0x180048000 XpoUhKqoThkn
0x180047b90 YDFhjgerDlMLHVuXkSGEv
0x180047f60 YDKNGzOAPZlebFJpomRMxWNWg
0x180048050 YFhZJoLhPOxEKBaBTzdVAs
0x180048040 YMAJlulpbXVSpmjWQoONYi
0x180048070 YQhjFQTZKDC
0x1800482b0 YVgAZYazoRsKAdHqUTqkgZq
0x1800483e0 YkervHFfkUmQ
0x180048220 ZlZscmMrWi
0x180048350 ZmdBIuhvLHIhsHYfrVvyNMOd
0x1800480a0 aWbGhfFeswwmRPshquqsl
0x180047650 aloTparayLO
0x1800479e0 amdrEpsU
0x1800478a0 bQQBvUQww
0x180047db0 bVWsKcmDpbKTsnGSXiKxM
0x1800475d0 beHDhlBgUZsmJPexvSQKWCSKnW
0x1800477a0 brphqpZlLTLruTZptc
0x180047a00 bwgKjSDuHKhDy
0x1800476e0 cEmuUSbtGzsPAWGLdEauFU
0x1800475c0 cZCtvLKOxGXeuQWS
0x180047bd0 ccdfvrWFVeOtkqurRNVLro
0x180047b70 ceebsfNkbprRYc
0x180048010 cjGWSR
0x180047e50 cnuLgsUOwrPiw
0x180047930 dKIpmirT
0x180047540 dWSStgetesFZgKWUlQPKU
0x180048140 dnXDSBiTBWy
0x180047ef0 doAVSHUlJOFKbCQnzEW
0x180048390 dsZUCLcbYUzqmmD
0x180047c80 eGrZsXv
0x180047a10 fFODoRkFUnPhPoFzbafui
0x180048180 fZITkvmvMdUvysq
0x1800479f0 fnQaoYOUVI
0x180048150 fobQqObMbQikgyImDguWIsSqjW
0x1800480d0 fvnKblUjOPABvhy
0x180047940 gHaJYcXzizzOUSXyHhzXij
0x180047c20 gVVLvY
0x180047720 gYsqbdDRcVuEYq
0x180048410 gkKTzQjnWeBVBmdNP
0x180047a30 hYVSsGvvkQKPjqcuHGhHnYbA
0x1800480b0 hdCnmtITRRiwGbqpRVNVj
0x180048030 hgmXlQGHxqVCPqrOlJgdTzKjmy
0x180047a70 hmUYZEkqsD
0x180047cf0 hnPgQMKxfZHj
0x180047c70 hrxRKGrcsUQAxyvDxBdrVDpeiV
0x1800475a0 hyuMoli
0x180047c60 hzuYAENAOWXcCMPPwupdAT
0x180047660 iDKwhD
0x180047910 iLpIoCoOGqSLknWShpOrXAuKw
0x180047d90 iYwAhnXpbSUzlmHnmKQLjmmXK
0x180047900 idYAJoIIJgaqEeHFdg
0x180047870 ifPZCTSHPzCTdOekgUaxrQHYuc
0x180047c40 ixhaskjGAZPmibXdKZvYtk
0x180047fe0 ixlbCgxrYjUWwQkziPixAHKEBS
0x1800478c0 jKcyyPRaYIKARbKLutjxMJNS
0x180048370 jNWPvYbBEhWjWSkVPtU
0x180047770 jfNeLGJbrBNgcJglu
0x180047a80 jlLkWHkPXzdlBWKxH
0x180048260 kOjPaBJwhKOkyyEkfyJDAZvEgX
0x1800478b0 kSACSUJ
0x180047ec0 keQAVKXtmULHuOImJnBpdef
0x180048360 lErkuJeOFVOTsm
0x1800480c0 lhaXGZqTpNIGy
0x180048100 meuEhwBKCbfkejUqzTJjdKD
0x180047e90 mfNRni
0x180048240 mhUamrXpNTQoqAXBAOdni
0x180047cb0 mnIEDKk
0x180047890 mrDsuVk
0x180047510 nEGgbfNwyEuu
0x180047610 nGvRmUygfURBUP
0x180047fa0 oqvDWjwIAJzWpnG
0x180048300 osgOmxsPqdsdPKyVAAI
0x1800479c0 oxavVlwWCBrupyASASSutRHKF
0x1800480f0 pEJxpRWmhWgptnfFGEVk
0x180047970 pUkHWIGVsMnGAg
0x180048250 pfTZxt
0x180047d80 qDYXLQXI
0x180047ae0 qNjfExouMwyiEVRAxF
0x180047a20 qWDwMV
0x180047bb0 qapxTEwK
0x180047ad0 qhNODbIuKwAidWpM
0x180047cc0 qndJteadmvKtwtX
0x180047a40 rBfJGBNajQh
0x1800474f0 rSkbfbenMNaD
0x180048430 rZemjjNLjMchLkQfeDUbbzpm
0x1800477c0 rcIMrQ
0x1800482d0 rlylMbEyTzmhBhMnsDWGjHrGZm
0x180047f40 skxWqECeFacKy
0x180048280 tEUCHIYiCUXq
0x1800479a0 tGglDMKXeMQhJtvQKRDRYth
0x180047530 tiZBMlcH
0x180047560 tuTdavYyrkmrqttj
0x1800482c0 tusJWJatGAjHQ
0x180047960 uAYOOXzsVtedIEB
0x180048400 uITvpyYWxWdxFIyrNcapZqG
0x1800483c0 uNuWYXNzTxyYiYCxISZFREssT
0x180047b30 uYqFfsiZigpJTLvHeRJSzRJ
0x180047810 uisBqJhQtDhrUvJXqoNzC
0x180047e60 ulGorqIa
0x1800482a0 ulLWzRKIaihpUWldzULuQvs
0x180047ed0 uxWnjhMRdalMeIJVVXvepyLQST
0x180047550 uzhPwfneAafRTwZNOMlbtoLv
0x180047640 vzJKCHMTTJNRLftltdRzpgG
0x180047700 wXfbObReo
0x1800476f0 wdgRqjrlxLcZ
0x180047d30 woilPxqxjb
0x1800476d0 xFhlmQwlqWlunaXSAGTJZgm
0x180047e00 xpkNqPyEjlUhxYeMh
0x180047f30 yMJBOjjpGcaArcbwYVksQ
0x180047880 yQMmxxuzvesyFjnQWZeF
0x180047eb0 ySqQLXYBVIeML
0x1800480e0 ybQKUWgVxypfnYzfV
0x180048120 yjlEMfeHtJJufvAhijuftNF
0x180047ee0 ymFmaPktGszCn
0x180048230 yshKYdVQRI
0x180047f80 zJRSMdlcrlWvknxiExxY
0x1800479b0 zOroUYHqtGnEfcUvuhlrsOvr