ScreenShot
| Created | 2023.11.01 07:47 | Machine | s1_win7_x6401 |
| Filename | 700.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 450783b6304d896d217b0a816a3f4853 | ||
| sha256 | 39c3cb4761ba5fbb081b564c592a3f01c461b72277fe6baaff24907208eae99f | ||
| ssdeep | 49152:CD96aQpIPAMnqnQIQ0z4DMRu29DMDd22:Cx6aeI4MnVIJtMZ | ||
| imphash | 41250a33d997f95077d374af20f0b887 | ||
| impfuzzy | 192:o13MDbuuaxSUvK9ksosXh71nxG1QEZPOQH5V:C3maq9uw01TZPOQZV | ||
Network IP location
Signature (45cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Appends a known CryptoMix ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Checks the CPU name from registry |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Expresses interest in specific running processes |
| watch | Harvests credentials from local email clients |
| watch | Harvests credentials from local FTP client softwares |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Looks up the external IP address |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Steals private information from local Internet browsers |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
Rules (35cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | hide_executable_file | Hide executable file | binaries (download) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (7cnts) ?
Suricata ids
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x970730 SysFreeString
0x970734 SysReAllocStringLen
0x970738 SysAllocStringLen
advapi32.dll
0x970740 RegQueryValueExA
0x970744 RegOpenKeyExA
0x970748 RegCloseKey
user32.dll
0x970750 GetKeyboardType
0x970754 DestroyWindow
0x970758 LoadStringA
0x97075c MessageBoxA
0x970760 CharNextA
kernel32.dll
0x970768 GetACP
0x97076c Sleep
0x970770 VirtualFree
0x970774 VirtualAlloc
0x970778 GetCurrentThreadId
0x97077c InterlockedDecrement
0x970780 InterlockedIncrement
0x970784 VirtualQuery
0x970788 WideCharToMultiByte
0x97078c MultiByteToWideChar
0x970790 lstrlenA
0x970794 lstrcpynA
0x970798 LoadLibraryExA
0x97079c GetThreadLocale
0x9707a0 GetStartupInfoA
0x9707a4 GetProcAddress
0x9707a8 GetModuleHandleA
0x9707ac GetModuleFileNameA
0x9707b0 GetLocaleInfoA
0x9707b4 GetCommandLineA
0x9707b8 FreeLibrary
0x9707bc FindFirstFileA
0x9707c0 FindClose
0x9707c4 ExitProcess
0x9707c8 CompareStringA
0x9707cc WriteFile
0x9707d0 UnhandledExceptionFilter
0x9707d4 RtlUnwind
0x9707d8 RaiseException
0x9707dc GetStdHandle
kernel32.dll
0x9707e4 TlsSetValue
0x9707e8 TlsGetValue
0x9707ec LocalAlloc
0x9707f0 GetModuleHandleA
user32.dll
0x9707f8 CreateWindowExA
0x9707fc WindowFromPoint
0x970800 WaitMessage
0x970804 UpdateWindow
0x970808 UnregisterClassA
0x97080c UnhookWindowsHookEx
0x970810 TranslateMessage
0x970814 TranslateMDISysAccel
0x970818 TrackPopupMenu
0x97081c SystemParametersInfoA
0x970820 ShowWindow
0x970824 ShowScrollBar
0x970828 ShowOwnedPopups
0x97082c SetWindowsHookExA
0x970830 SetWindowTextA
0x970834 SetWindowPos
0x970838 SetWindowPlacement
0x97083c SetWindowLongW
0x970840 SetWindowLongA
0x970844 SetTimer
0x970848 SetScrollRange
0x97084c SetScrollPos
0x970850 SetScrollInfo
0x970854 SetRect
0x970858 SetPropA
0x97085c SetParent
0x970860 SetMenuItemInfoA
0x970864 SetMenu
0x970868 SetForegroundWindow
0x97086c SetFocus
0x970870 SetCursor
0x970874 SetClassLongA
0x970878 SetCapture
0x97087c SetActiveWindow
0x970880 SendMessageW
0x970884 SendMessageA
0x970888 ScrollWindow
0x97088c ScreenToClient
0x970890 RemovePropA
0x970894 RemoveMenu
0x970898 ReleaseDC
0x97089c ReleaseCapture
0x9708a0 RegisterWindowMessageA
0x9708a4 RegisterClipboardFormatA
0x9708a8 RegisterClassA
0x9708ac RedrawWindow
0x9708b0 PtInRect
0x9708b4 PostQuitMessage
0x9708b8 PostMessageA
0x9708bc PeekMessageW
0x9708c0 PeekMessageA
0x9708c4 OffsetRect
0x9708c8 OemToCharA
0x9708cc MessageBoxA
0x9708d0 MapWindowPoints
0x9708d4 MapVirtualKeyA
0x9708d8 LoadStringA
0x9708dc LoadKeyboardLayoutA
0x9708e0 LoadIconA
0x9708e4 LoadCursorA
0x9708e8 LoadBitmapA
0x9708ec KillTimer
0x9708f0 IsZoomed
0x9708f4 IsWindowVisible
0x9708f8 IsWindowUnicode
0x9708fc IsWindowEnabled
0x970900 IsWindow
0x970904 IsRectEmpty
0x970908 IsIconic
0x97090c IsDialogMessageW
0x970910 IsDialogMessageA
0x970914 IsChild
0x970918 InvalidateRect
0x97091c IntersectRect
0x970920 InsertMenuItemA
0x970924 InsertMenuA
0x970928 InflateRect
0x97092c GetWindowThreadProcessId
0x970930 GetWindowTextA
0x970934 GetWindowRect
0x970938 GetWindowPlacement
0x97093c GetWindowLongW
0x970940 GetWindowLongA
0x970944 GetWindowDC
0x970948 GetTopWindow
0x97094c GetSystemMetrics
0x970950 GetSystemMenu
0x970954 GetSysColorBrush
0x970958 GetSysColor
0x97095c GetSubMenu
0x970960 GetScrollRange
0x970964 GetScrollPos
0x970968 GetScrollInfo
0x97096c GetPropA
0x970970 GetParent
0x970974 GetWindow
0x970978 GetMessagePos
0x97097c GetMenuStringA
0x970980 GetMenuState
0x970984 GetMenuItemInfoA
0x970988 GetMenuItemID
0x97098c GetMenuItemCount
0x970990 GetMenu
0x970994 GetListBoxInfo
0x970998 GetLastActivePopup
0x97099c GetKeyboardState
0x9709a0 GetKeyboardLayoutNameA
0x9709a4 GetKeyboardLayoutList
0x9709a8 GetKeyboardLayout
0x9709ac GetKeyState
0x9709b0 GetKeyNameTextA
0x9709b4 GetKBCodePage
0x9709b8 GetIconInfo
0x9709bc GetForegroundWindow
0x9709c0 GetFocus
0x9709c4 GetDesktopWindow
0x9709c8 GetDCEx
0x9709cc GetDC
0x9709d0 GetCursorPos
0x9709d4 GetCursor
0x9709d8 GetClientRect
0x9709dc GetClassLongA
0x9709e0 GetClassInfoA
0x9709e4 GetCapture
0x9709e8 GetActiveWindow
0x9709ec FrameRect
0x9709f0 FindWindowA
0x9709f4 FillRect
0x9709f8 EqualRect
0x9709fc EnumWindows
0x970a00 EnumThreadWindows
0x970a04 EnumChildWindows
0x970a08 EndPaint
0x970a0c EnableWindow
0x970a10 EnableScrollBar
0x970a14 EnableMenuItem
0x970a18 DrawTextA
0x970a1c DrawMenuBar
0x970a20 DrawIconEx
0x970a24 DrawIcon
0x970a28 DrawFrameControl
0x970a2c DrawFocusRect
0x970a30 DrawEdge
0x970a34 DispatchMessageW
0x970a38 DispatchMessageA
0x970a3c DestroyWindow
0x970a40 DestroyMenu
0x970a44 DestroyIcon
0x970a48 DestroyCursor
0x970a4c DeleteMenu
0x970a50 DefWindowProcA
0x970a54 DefMDIChildProcA
0x970a58 DefFrameProcA
0x970a5c CreatePopupMenu
0x970a60 CreateMenu
0x970a64 CreateIcon
0x970a68 ClientToScreen
0x970a6c CheckMenuItem
0x970a70 CallWindowProcA
0x970a74 CallNextHookEx
0x970a78 BeginPaint
0x970a7c CharNextA
0x970a80 CharLowerA
0x970a84 CharToOemA
0x970a88 AdjustWindowRectEx
0x970a8c ActivateKeyboardLayout
gdi32.dll
0x970a94 UnrealizeObject
0x970a98 StretchBlt
0x970a9c SetWindowOrgEx
0x970aa0 SetViewportOrgEx
0x970aa4 SetTextColor
0x970aa8 SetStretchBltMode
0x970aac SetROP2
0x970ab0 SetPixel
0x970ab4 SetDIBColorTable
0x970ab8 SetBrushOrgEx
0x970abc SetBkMode
0x970ac0 SetBkColor
0x970ac4 SelectPalette
0x970ac8 SelectObject
0x970acc SaveDC
0x970ad0 RoundRect
0x970ad4 RestoreDC
0x970ad8 Rectangle
0x970adc RectVisible
0x970ae0 RealizePalette
0x970ae4 PatBlt
0x970ae8 MoveToEx
0x970aec MaskBlt
0x970af0 LineTo
0x970af4 IntersectClipRect
0x970af8 GetWindowOrgEx
0x970afc GetTextMetricsA
0x970b00 GetTextExtentPoint32A
0x970b04 GetTextCharset
0x970b08 GetSystemPaletteEntries
0x970b0c GetStretchBltMode
0x970b10 GetStockObject
0x970b14 GetRgnBox
0x970b18 GetPixel
0x970b1c GetPaletteEntries
0x970b20 GetObjectA
0x970b24 GetDeviceCaps
0x970b28 GetDIBits
0x970b2c GetDIBColorTable
0x970b30 GetDCOrgEx
0x970b34 GetCurrentPositionEx
0x970b38 GetClipBox
0x970b3c GetBrushOrgEx
0x970b40 GetBitmapBits
0x970b44 ExtTextOutA
0x970b48 ExcludeClipRect
0x970b4c Ellipse
0x970b50 DeleteObject
0x970b54 DeleteDC
0x970b58 CreateSolidBrush
0x970b5c CreatePenIndirect
0x970b60 CreatePalette
0x970b64 CreateHalftonePalette
0x970b68 CreateFontIndirectA
0x970b6c CreateDIBitmap
0x970b70 CreateDIBSection
0x970b74 CreateCompatibleDC
0x970b78 CreateCompatibleBitmap
0x970b7c CreateBrushIndirect
0x970b80 CreateBitmap
0x970b84 BitBlt
version.dll
0x970b8c VerQueryValueA
0x970b90 GetFileVersionInfoSizeA
0x970b94 GetFileVersionInfoA
kernel32.dll
0x970b9c lstrcpyA
0x970ba0 WriteFile
0x970ba4 WaitForSingleObject
0x970ba8 VirtualQuery
0x970bac VirtualAlloc
0x970bb0 SizeofResource
0x970bb4 SetThreadLocale
0x970bb8 SetFilePointer
0x970bbc SetEvent
0x970bc0 SetErrorMode
0x970bc4 SetEndOfFile
0x970bc8 ResetEvent
0x970bcc ReadFile
0x970bd0 MulDiv
0x970bd4 LockResource
0x970bd8 LoadResource
0x970bdc LoadLibraryA
0x970be0 LeaveCriticalSection
0x970be4 InitializeCriticalSection
0x970be8 GlobalFindAtomA
0x970bec GlobalDeleteAtom
0x970bf0 GlobalAddAtomA
0x970bf4 GetVersionExA
0x970bf8 GetVersion
0x970bfc GetTickCount
0x970c00 GetThreadLocale
0x970c04 GetStdHandle
0x970c08 GetProcAddress
0x970c0c GetModuleHandleA
0x970c10 GetModuleFileNameA
0x970c14 GetLocaleInfoA
0x970c18 GetLocalTime
0x970c1c GetLastError
0x970c20 GetFullPathNameA
0x970c24 GetDriveTypeA
0x970c28 GetDiskFreeSpaceA
0x970c2c GetDateFormatA
0x970c30 GetCurrentThreadId
0x970c34 GetCurrentProcessId
0x970c38 GetCPInfo
0x970c3c FreeResource
0x970c40 InterlockedExchange
0x970c44 FreeLibrary
0x970c48 FormatMessageA
0x970c4c FindResourceA
0x970c50 EnumCalendarInfoA
0x970c54 EnterCriticalSection
0x970c58 DeleteCriticalSection
0x970c5c CreateThread
0x970c60 CreateFileA
0x970c64 CreateEventA
0x970c68 CompareStringA
0x970c6c CloseHandle
0x970c70 CancelWaitableTimer
advapi32.dll
0x970c78 RegQueryValueExA
0x970c7c RegOpenKeyExA
0x970c80 RegFlushKey
0x970c84 RegCloseKey
kernel32.dll
0x970c8c Sleep
oleaut32.dll
0x970c94 SafeArrayPtrOfIndex
0x970c98 SafeArrayGetUBound
0x970c9c SafeArrayGetLBound
0x970ca0 SafeArrayCreate
0x970ca4 VariantChangeType
0x970ca8 VariantCopy
0x970cac VariantClear
0x970cb0 VariantInit
comctl32.dll
0x970cb8 _TrackMouseEvent
0x970cbc ImageList_SetIconSize
0x970cc0 ImageList_GetIconSize
0x970cc4 ImageList_Write
0x970cc8 ImageList_Read
0x970ccc ImageList_GetDragImage
0x970cd0 ImageList_DragShowNolock
0x970cd4 ImageList_DragMove
0x970cd8 ImageList_DragLeave
0x970cdc ImageList_DragEnter
0x970ce0 ImageList_EndDrag
0x970ce4 ImageList_BeginDrag
0x970ce8 ImageList_Remove
0x970cec ImageList_DrawEx
0x970cf0 ImageList_Draw
0x970cf4 ImageList_GetBkColor
0x970cf8 ImageList_SetBkColor
0x970cfc ImageList_Add
0x970d00 ImageList_GetImageCount
0x970d04 ImageList_Destroy
0x970d08 ImageList_Create
comdlg32.dll
0x970d10 ChooseColorA
kernel32.dll
0x970d18 GetConsoleWindow
EAT(Export Address Table) is none
oleaut32.dll
0x970730 SysFreeString
0x970734 SysReAllocStringLen
0x970738 SysAllocStringLen
advapi32.dll
0x970740 RegQueryValueExA
0x970744 RegOpenKeyExA
0x970748 RegCloseKey
user32.dll
0x970750 GetKeyboardType
0x970754 DestroyWindow
0x970758 LoadStringA
0x97075c MessageBoxA
0x970760 CharNextA
kernel32.dll
0x970768 GetACP
0x97076c Sleep
0x970770 VirtualFree
0x970774 VirtualAlloc
0x970778 GetCurrentThreadId
0x97077c InterlockedDecrement
0x970780 InterlockedIncrement
0x970784 VirtualQuery
0x970788 WideCharToMultiByte
0x97078c MultiByteToWideChar
0x970790 lstrlenA
0x970794 lstrcpynA
0x970798 LoadLibraryExA
0x97079c GetThreadLocale
0x9707a0 GetStartupInfoA
0x9707a4 GetProcAddress
0x9707a8 GetModuleHandleA
0x9707ac GetModuleFileNameA
0x9707b0 GetLocaleInfoA
0x9707b4 GetCommandLineA
0x9707b8 FreeLibrary
0x9707bc FindFirstFileA
0x9707c0 FindClose
0x9707c4 ExitProcess
0x9707c8 CompareStringA
0x9707cc WriteFile
0x9707d0 UnhandledExceptionFilter
0x9707d4 RtlUnwind
0x9707d8 RaiseException
0x9707dc GetStdHandle
kernel32.dll
0x9707e4 TlsSetValue
0x9707e8 TlsGetValue
0x9707ec LocalAlloc
0x9707f0 GetModuleHandleA
user32.dll
0x9707f8 CreateWindowExA
0x9707fc WindowFromPoint
0x970800 WaitMessage
0x970804 UpdateWindow
0x970808 UnregisterClassA
0x97080c UnhookWindowsHookEx
0x970810 TranslateMessage
0x970814 TranslateMDISysAccel
0x970818 TrackPopupMenu
0x97081c SystemParametersInfoA
0x970820 ShowWindow
0x970824 ShowScrollBar
0x970828 ShowOwnedPopups
0x97082c SetWindowsHookExA
0x970830 SetWindowTextA
0x970834 SetWindowPos
0x970838 SetWindowPlacement
0x97083c SetWindowLongW
0x970840 SetWindowLongA
0x970844 SetTimer
0x970848 SetScrollRange
0x97084c SetScrollPos
0x970850 SetScrollInfo
0x970854 SetRect
0x970858 SetPropA
0x97085c SetParent
0x970860 SetMenuItemInfoA
0x970864 SetMenu
0x970868 SetForegroundWindow
0x97086c SetFocus
0x970870 SetCursor
0x970874 SetClassLongA
0x970878 SetCapture
0x97087c SetActiveWindow
0x970880 SendMessageW
0x970884 SendMessageA
0x970888 ScrollWindow
0x97088c ScreenToClient
0x970890 RemovePropA
0x970894 RemoveMenu
0x970898 ReleaseDC
0x97089c ReleaseCapture
0x9708a0 RegisterWindowMessageA
0x9708a4 RegisterClipboardFormatA
0x9708a8 RegisterClassA
0x9708ac RedrawWindow
0x9708b0 PtInRect
0x9708b4 PostQuitMessage
0x9708b8 PostMessageA
0x9708bc PeekMessageW
0x9708c0 PeekMessageA
0x9708c4 OffsetRect
0x9708c8 OemToCharA
0x9708cc MessageBoxA
0x9708d0 MapWindowPoints
0x9708d4 MapVirtualKeyA
0x9708d8 LoadStringA
0x9708dc LoadKeyboardLayoutA
0x9708e0 LoadIconA
0x9708e4 LoadCursorA
0x9708e8 LoadBitmapA
0x9708ec KillTimer
0x9708f0 IsZoomed
0x9708f4 IsWindowVisible
0x9708f8 IsWindowUnicode
0x9708fc IsWindowEnabled
0x970900 IsWindow
0x970904 IsRectEmpty
0x970908 IsIconic
0x97090c IsDialogMessageW
0x970910 IsDialogMessageA
0x970914 IsChild
0x970918 InvalidateRect
0x97091c IntersectRect
0x970920 InsertMenuItemA
0x970924 InsertMenuA
0x970928 InflateRect
0x97092c GetWindowThreadProcessId
0x970930 GetWindowTextA
0x970934 GetWindowRect
0x970938 GetWindowPlacement
0x97093c GetWindowLongW
0x970940 GetWindowLongA
0x970944 GetWindowDC
0x970948 GetTopWindow
0x97094c GetSystemMetrics
0x970950 GetSystemMenu
0x970954 GetSysColorBrush
0x970958 GetSysColor
0x97095c GetSubMenu
0x970960 GetScrollRange
0x970964 GetScrollPos
0x970968 GetScrollInfo
0x97096c GetPropA
0x970970 GetParent
0x970974 GetWindow
0x970978 GetMessagePos
0x97097c GetMenuStringA
0x970980 GetMenuState
0x970984 GetMenuItemInfoA
0x970988 GetMenuItemID
0x97098c GetMenuItemCount
0x970990 GetMenu
0x970994 GetListBoxInfo
0x970998 GetLastActivePopup
0x97099c GetKeyboardState
0x9709a0 GetKeyboardLayoutNameA
0x9709a4 GetKeyboardLayoutList
0x9709a8 GetKeyboardLayout
0x9709ac GetKeyState
0x9709b0 GetKeyNameTextA
0x9709b4 GetKBCodePage
0x9709b8 GetIconInfo
0x9709bc GetForegroundWindow
0x9709c0 GetFocus
0x9709c4 GetDesktopWindow
0x9709c8 GetDCEx
0x9709cc GetDC
0x9709d0 GetCursorPos
0x9709d4 GetCursor
0x9709d8 GetClientRect
0x9709dc GetClassLongA
0x9709e0 GetClassInfoA
0x9709e4 GetCapture
0x9709e8 GetActiveWindow
0x9709ec FrameRect
0x9709f0 FindWindowA
0x9709f4 FillRect
0x9709f8 EqualRect
0x9709fc EnumWindows
0x970a00 EnumThreadWindows
0x970a04 EnumChildWindows
0x970a08 EndPaint
0x970a0c EnableWindow
0x970a10 EnableScrollBar
0x970a14 EnableMenuItem
0x970a18 DrawTextA
0x970a1c DrawMenuBar
0x970a20 DrawIconEx
0x970a24 DrawIcon
0x970a28 DrawFrameControl
0x970a2c DrawFocusRect
0x970a30 DrawEdge
0x970a34 DispatchMessageW
0x970a38 DispatchMessageA
0x970a3c DestroyWindow
0x970a40 DestroyMenu
0x970a44 DestroyIcon
0x970a48 DestroyCursor
0x970a4c DeleteMenu
0x970a50 DefWindowProcA
0x970a54 DefMDIChildProcA
0x970a58 DefFrameProcA
0x970a5c CreatePopupMenu
0x970a60 CreateMenu
0x970a64 CreateIcon
0x970a68 ClientToScreen
0x970a6c CheckMenuItem
0x970a70 CallWindowProcA
0x970a74 CallNextHookEx
0x970a78 BeginPaint
0x970a7c CharNextA
0x970a80 CharLowerA
0x970a84 CharToOemA
0x970a88 AdjustWindowRectEx
0x970a8c ActivateKeyboardLayout
gdi32.dll
0x970a94 UnrealizeObject
0x970a98 StretchBlt
0x970a9c SetWindowOrgEx
0x970aa0 SetViewportOrgEx
0x970aa4 SetTextColor
0x970aa8 SetStretchBltMode
0x970aac SetROP2
0x970ab0 SetPixel
0x970ab4 SetDIBColorTable
0x970ab8 SetBrushOrgEx
0x970abc SetBkMode
0x970ac0 SetBkColor
0x970ac4 SelectPalette
0x970ac8 SelectObject
0x970acc SaveDC
0x970ad0 RoundRect
0x970ad4 RestoreDC
0x970ad8 Rectangle
0x970adc RectVisible
0x970ae0 RealizePalette
0x970ae4 PatBlt
0x970ae8 MoveToEx
0x970aec MaskBlt
0x970af0 LineTo
0x970af4 IntersectClipRect
0x970af8 GetWindowOrgEx
0x970afc GetTextMetricsA
0x970b00 GetTextExtentPoint32A
0x970b04 GetTextCharset
0x970b08 GetSystemPaletteEntries
0x970b0c GetStretchBltMode
0x970b10 GetStockObject
0x970b14 GetRgnBox
0x970b18 GetPixel
0x970b1c GetPaletteEntries
0x970b20 GetObjectA
0x970b24 GetDeviceCaps
0x970b28 GetDIBits
0x970b2c GetDIBColorTable
0x970b30 GetDCOrgEx
0x970b34 GetCurrentPositionEx
0x970b38 GetClipBox
0x970b3c GetBrushOrgEx
0x970b40 GetBitmapBits
0x970b44 ExtTextOutA
0x970b48 ExcludeClipRect
0x970b4c Ellipse
0x970b50 DeleteObject
0x970b54 DeleteDC
0x970b58 CreateSolidBrush
0x970b5c CreatePenIndirect
0x970b60 CreatePalette
0x970b64 CreateHalftonePalette
0x970b68 CreateFontIndirectA
0x970b6c CreateDIBitmap
0x970b70 CreateDIBSection
0x970b74 CreateCompatibleDC
0x970b78 CreateCompatibleBitmap
0x970b7c CreateBrushIndirect
0x970b80 CreateBitmap
0x970b84 BitBlt
version.dll
0x970b8c VerQueryValueA
0x970b90 GetFileVersionInfoSizeA
0x970b94 GetFileVersionInfoA
kernel32.dll
0x970b9c lstrcpyA
0x970ba0 WriteFile
0x970ba4 WaitForSingleObject
0x970ba8 VirtualQuery
0x970bac VirtualAlloc
0x970bb0 SizeofResource
0x970bb4 SetThreadLocale
0x970bb8 SetFilePointer
0x970bbc SetEvent
0x970bc0 SetErrorMode
0x970bc4 SetEndOfFile
0x970bc8 ResetEvent
0x970bcc ReadFile
0x970bd0 MulDiv
0x970bd4 LockResource
0x970bd8 LoadResource
0x970bdc LoadLibraryA
0x970be0 LeaveCriticalSection
0x970be4 InitializeCriticalSection
0x970be8 GlobalFindAtomA
0x970bec GlobalDeleteAtom
0x970bf0 GlobalAddAtomA
0x970bf4 GetVersionExA
0x970bf8 GetVersion
0x970bfc GetTickCount
0x970c00 GetThreadLocale
0x970c04 GetStdHandle
0x970c08 GetProcAddress
0x970c0c GetModuleHandleA
0x970c10 GetModuleFileNameA
0x970c14 GetLocaleInfoA
0x970c18 GetLocalTime
0x970c1c GetLastError
0x970c20 GetFullPathNameA
0x970c24 GetDriveTypeA
0x970c28 GetDiskFreeSpaceA
0x970c2c GetDateFormatA
0x970c30 GetCurrentThreadId
0x970c34 GetCurrentProcessId
0x970c38 GetCPInfo
0x970c3c FreeResource
0x970c40 InterlockedExchange
0x970c44 FreeLibrary
0x970c48 FormatMessageA
0x970c4c FindResourceA
0x970c50 EnumCalendarInfoA
0x970c54 EnterCriticalSection
0x970c58 DeleteCriticalSection
0x970c5c CreateThread
0x970c60 CreateFileA
0x970c64 CreateEventA
0x970c68 CompareStringA
0x970c6c CloseHandle
0x970c70 CancelWaitableTimer
advapi32.dll
0x970c78 RegQueryValueExA
0x970c7c RegOpenKeyExA
0x970c80 RegFlushKey
0x970c84 RegCloseKey
kernel32.dll
0x970c8c Sleep
oleaut32.dll
0x970c94 SafeArrayPtrOfIndex
0x970c98 SafeArrayGetUBound
0x970c9c SafeArrayGetLBound
0x970ca0 SafeArrayCreate
0x970ca4 VariantChangeType
0x970ca8 VariantCopy
0x970cac VariantClear
0x970cb0 VariantInit
comctl32.dll
0x970cb8 _TrackMouseEvent
0x970cbc ImageList_SetIconSize
0x970cc0 ImageList_GetIconSize
0x970cc4 ImageList_Write
0x970cc8 ImageList_Read
0x970ccc ImageList_GetDragImage
0x970cd0 ImageList_DragShowNolock
0x970cd4 ImageList_DragMove
0x970cd8 ImageList_DragLeave
0x970cdc ImageList_DragEnter
0x970ce0 ImageList_EndDrag
0x970ce4 ImageList_BeginDrag
0x970ce8 ImageList_Remove
0x970cec ImageList_DrawEx
0x970cf0 ImageList_Draw
0x970cf4 ImageList_GetBkColor
0x970cf8 ImageList_SetBkColor
0x970cfc ImageList_Add
0x970d00 ImageList_GetImageCount
0x970d04 ImageList_Destroy
0x970d08 ImageList_Create
comdlg32.dll
0x970d10 ChooseColorA
kernel32.dll
0x970d18 GetConsoleWindow
EAT(Export Address Table) is none