ScreenShot
| Created | 2023.11.22 22:33 | Machine | s1_win7_x6403 |
| Filename | remcos_agent.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 75f62d50ae96fe8ff94fc9a933b4fc77 | ||
| sha256 | 2b53c63310b8961fb12a67edbd083013f52e0f86e9fb053a1cbfc266595665e0 | ||
| ssdeep | 1536:6pNEsaeiQl8TIqytzRJl+uiNuI7FFCPBsZcOzq1T35T/cLeILtVo8V:6pNEaiQl2qouiNdFFCiZcOz+TJ/aeAt | ||
| imphash | f79bdf7005a27b505da0a17f8329bd86 | ||
| impfuzzy | 96:zrd7DU6qjraq5grK3KjK6UjSW+RG1XDu5U4apjVSqcCypMO7kElAy9kE6CO24Ir+:/1DU6EGu2g5L91XSS4U3NW4Irq8UBL | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d0a8 FindResourceA
0x40d0ac GetLocaleInfoA
0x40d0b0 Process32NextW
0x40d0b4 Process32FirstW
0x40d0b8 CreateToolhelp32Snapshot
0x40d0bc GetTickCount
0x40d0c0 GlobalUnlock
0x40d0c4 GlobalLock
0x40d0c8 GlobalAlloc
0x40d0cc GetCurrentProcessId
0x40d0d0 GetCurrentProcess
0x40d0d4 DeleteFileA
0x40d0d8 LoadResource
0x40d0dc LocalAlloc
0x40d0e0 OpenProcess
0x40d0e4 DuplicateHandle
0x40d0e8 GetCurrentThread
0x40d0ec RemoveDirectoryW
0x40d0f0 lstrcpynA
0x40d0f4 GetModuleFileNameA
0x40d0f8 ExitProcess
0x40d0fc AllocConsole
0x40d100 GetStartupInfoA
0x40d104 LockResource
0x40d108 SizeofResource
0x40d10c GetModuleHandleA
0x40d110 CreateMutexA
0x40d114 GetLastError
0x40d118 GetLongPathNameW
0x40d11c GetModuleFileNameW
0x40d120 SetFileAttributesW
0x40d124 LoadLibraryA
0x40d128 GetProcAddress
0x40d12c CreateFileMappingA
0x40d130 MapViewOfFileEx
0x40d134 TerminateThread
0x40d138 FindClose
0x40d13c ExitThread
0x40d140 GetLogicalDriveStringsA
0x40d144 GetFileAttributesW
0x40d148 DeleteFileW
0x40d14c CreateDirectoryW
0x40d150 CreateFileW
0x40d154 GetFileSize
0x40d158 CreateThread
0x40d15c SetFilePointer
0x40d160 GetDriveTypeA
0x40d164 lstrlenA
0x40d168 FindFirstFileW
0x40d16c FindNextFileW
0x40d170 CreatePipe
0x40d174 CreateProcessA
0x40d178 PeekNamedPipe
0x40d17c ReadFile
0x40d180 WriteFile
0x40d184 TerminateProcess
0x40d188 SetEvent
0x40d18c HeapCreate
0x40d190 HeapFree
0x40d194 Sleep
0x40d198 GetLocalTime
0x40d19c CreateEventA
0x40d1a0 WaitForSingleObject
0x40d1a4 CloseHandle
0x40d1a8 GlobalFree
USER32.dll
0x40d3ac SetForegroundWindow
0x40d3b0 TrackPopupMenu
0x40d3b4 CreatePopupMenu
0x40d3b8 AppendMenuA
0x40d3bc RegisterClassExA
0x40d3c0 CreateWindowExA
0x40d3c4 SystemParametersInfoW
0x40d3c8 GetForegroundWindow
0x40d3cc SendInput
0x40d3d0 GetIconInfo
0x40d3d4 DrawIcon
0x40d3d8 EnumWindows
0x40d3dc GetCursorPos
0x40d3e0 IsWindowVisible
0x40d3e4 CloseWindow
0x40d3e8 ShowWindow
0x40d3ec GetWindowThreadProcessId
0x40d3f0 MessageBoxW
0x40d3f4 ExitWindowsEx
0x40d3f8 OpenClipboard
0x40d3fc EmptyClipboard
0x40d400 SetClipboardData
0x40d404 CloseClipboard
0x40d408 GetClipboardData
0x40d40c SetWindowTextW
0x40d410 TranslateMessage
0x40d414 GetWindowTextW
0x40d418 DefWindowProcA
0x40d41c DispatchMessageA
0x40d420 GetMessageA
GDI32.dll
0x40d07c GetDIBits
0x40d080 GetObjectA
0x40d084 StretchBlt
0x40d088 SelectObject
0x40d08c DeleteObject
0x40d090 DeleteDC
0x40d094 CreateCompatibleBitmap
0x40d098 GetDeviceCaps
0x40d09c CreateCompatibleDC
0x40d0a0 CreateDCA
ADVAPI32.dll
0x40d000 RegCreateKeyW
0x40d004 RegEnumKeyExA
0x40d008 GetUserNameW
0x40d00c ChangeServiceConfigW
0x40d010 QueryServiceStatus
0x40d014 ControlService
0x40d018 OpenSCManagerW
0x40d01c StartServiceW
0x40d020 OpenSCManagerA
0x40d024 EnumServicesStatusW
0x40d028 OpenServiceW
0x40d02c RegDeleteKeyA
0x40d030 RegOpenKeyExA
0x40d034 RegCloseKey
0x40d038 RegQueryValueExA
0x40d03c RegQueryValueExW
0x40d040 RegOpenKeyExW
0x40d044 RegSetValueExA
0x40d048 RegCreateKeyA
0x40d04c RegSetValueExW
0x40d050 RegDeleteValueW
0x40d054 RegEnumValueW
0x40d058 RegEnumKeyExW
0x40d05c RegQueryInfoKeyW
0x40d060 RegCreateKeyExW
0x40d064 AdjustTokenPrivileges
0x40d068 LookupPrivilegeValueA
0x40d06c OpenProcessToken
0x40d070 CloseServiceHandle
0x40d074 QueryServiceConfigW
SHELL32.dll
0x40d390 ExtractIconA
0x40d394 Shell_NotifyIconA
0x40d398 ShellExecuteExA
0x40d39c ShellExecuteW
MSVCRT.dll
0x40d2ec _controlfp
0x40d2f0 _except_handler3
0x40d2f4 __set_app_type
0x40d2f8 __p__fmode
0x40d2fc __p__commode
0x40d300 _adjust_fdiv
0x40d304 __setusermatherr
0x40d308 _initterm
0x40d30c __getmainargs
0x40d310 _acmdln
0x40d314 _XcptFilter
0x40d318 _exit
0x40d31c ??1type_info@@UAE@XZ
0x40d320 _onexit
0x40d324 __dllonexit
0x40d328 freopen
0x40d32c wcscat
0x40d330 _itow
0x40d334 _wsystem
0x40d338 sprintf
0x40d33c wcscpy
0x40d340 wcslen
0x40d344 _wgetenv
0x40d348 exit
0x40d34c __CxxFrameHandler
0x40d350 tolower
0x40d354 wcscmp
0x40d358 atoi
0x40d35c _wrename
0x40d360 ??2@YAPAXI@Z
0x40d364 getenv
0x40d368 ??3@YAXPAX@Z
0x40d36c _CxxThrowException
0x40d370 ??0exception@@QAE@ABV0@@Z
0x40d374 printf
0x40d378 strncmp
0x40d37c malloc
0x40d380 free
0x40d384 _iob
0x40d388 _itoa
MSVCP60.dll
0x40d1b0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
0x40d1b4 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
0x40d1b8 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x40d1bc ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x40d1c0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
0x40d1c4 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
0x40d1c8 ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
0x40d1cc ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
0x40d1d0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
0x40d1d4 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
0x40d1d8 ??0Init@ios_base@std@@QAE@XZ
0x40d1dc ??1Init@ios_base@std@@QAE@XZ
0x40d1e0 ??0_Winit@std@@QAE@XZ
0x40d1e4 ??1_Winit@std@@QAE@XZ
0x40d1e8 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40d1ec ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
0x40d1f0 ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d1f4 ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d1f8 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
0x40d1fc ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d200 ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d204 ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
0x40d208 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
0x40d20c ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
0x40d210 ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
0x40d214 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
0x40d218 ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
0x40d21c ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
0x40d220 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
0x40d224 ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
0x40d228 ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
0x40d22c ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
0x40d230 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
0x40d234 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
0x40d238 ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
0x40d23c ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
0x40d240 ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
0x40d244 ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
0x40d248 ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
0x40d24c ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
0x40d250 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
0x40d254 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
0x40d258 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
0x40d25c ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
0x40d260 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
0x40d264 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
0x40d268 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40d26c ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
0x40d270 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
0x40d274 ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
0x40d278 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
0x40d27c ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
0x40d280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
0x40d284 ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
0x40d288 ??1out_of_range@std@@UAE@XZ
0x40d28c ??0out_of_range@std@@QAE@ABV01@@Z
0x40d290 ??0logic_error@std@@QAE@ABV01@@Z
0x40d294 ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
0x40d298 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d29c ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
0x40d2a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
0x40d2a4 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
0x40d2a8 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
0x40d2ac ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
0x40d2b0 ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
0x40d2b4 ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
0x40d2b8 ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
0x40d2bc ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d2c0 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d2c4 ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
0x40d2c8 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0x40d2cc ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
0x40d2d0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
0x40d2d4 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
0x40d2d8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x40d2dc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
0x40d2e0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
0x40d2e4 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
SHLWAPI.dll
0x40d3a4 StrToIntA
WS2_32.dll
0x40d43c htons
0x40d440 socket
0x40d444 send
0x40d448 recv
0x40d44c closesocket
0x40d450 connect
0x40d454 gethostbyname
0x40d458 WSAStartup
urlmon.dll
0x40d48c URLDownloadToFileW
gdiplus.dll
0x40d460 GdipLoadImageFromStream
0x40d464 GdipFree
0x40d468 GdipDisposeImage
0x40d46c GdipCloneImage
0x40d470 GdipAlloc
0x40d474 GdipSaveImageToStream
0x40d478 GdiplusStartup
0x40d47c GdipGetImageEncoders
0x40d480 GdipGetImageEncodersSize
0x40d484 GdipLoadImageFromStreamICM
WININET.dll
0x40d428 InternetReadFile
0x40d42c InternetOpenUrlA
0x40d430 InternetOpenA
0x40d434 InternetCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x40d0a8 FindResourceA
0x40d0ac GetLocaleInfoA
0x40d0b0 Process32NextW
0x40d0b4 Process32FirstW
0x40d0b8 CreateToolhelp32Snapshot
0x40d0bc GetTickCount
0x40d0c0 GlobalUnlock
0x40d0c4 GlobalLock
0x40d0c8 GlobalAlloc
0x40d0cc GetCurrentProcessId
0x40d0d0 GetCurrentProcess
0x40d0d4 DeleteFileA
0x40d0d8 LoadResource
0x40d0dc LocalAlloc
0x40d0e0 OpenProcess
0x40d0e4 DuplicateHandle
0x40d0e8 GetCurrentThread
0x40d0ec RemoveDirectoryW
0x40d0f0 lstrcpynA
0x40d0f4 GetModuleFileNameA
0x40d0f8 ExitProcess
0x40d0fc AllocConsole
0x40d100 GetStartupInfoA
0x40d104 LockResource
0x40d108 SizeofResource
0x40d10c GetModuleHandleA
0x40d110 CreateMutexA
0x40d114 GetLastError
0x40d118 GetLongPathNameW
0x40d11c GetModuleFileNameW
0x40d120 SetFileAttributesW
0x40d124 LoadLibraryA
0x40d128 GetProcAddress
0x40d12c CreateFileMappingA
0x40d130 MapViewOfFileEx
0x40d134 TerminateThread
0x40d138 FindClose
0x40d13c ExitThread
0x40d140 GetLogicalDriveStringsA
0x40d144 GetFileAttributesW
0x40d148 DeleteFileW
0x40d14c CreateDirectoryW
0x40d150 CreateFileW
0x40d154 GetFileSize
0x40d158 CreateThread
0x40d15c SetFilePointer
0x40d160 GetDriveTypeA
0x40d164 lstrlenA
0x40d168 FindFirstFileW
0x40d16c FindNextFileW
0x40d170 CreatePipe
0x40d174 CreateProcessA
0x40d178 PeekNamedPipe
0x40d17c ReadFile
0x40d180 WriteFile
0x40d184 TerminateProcess
0x40d188 SetEvent
0x40d18c HeapCreate
0x40d190 HeapFree
0x40d194 Sleep
0x40d198 GetLocalTime
0x40d19c CreateEventA
0x40d1a0 WaitForSingleObject
0x40d1a4 CloseHandle
0x40d1a8 GlobalFree
USER32.dll
0x40d3ac SetForegroundWindow
0x40d3b0 TrackPopupMenu
0x40d3b4 CreatePopupMenu
0x40d3b8 AppendMenuA
0x40d3bc RegisterClassExA
0x40d3c0 CreateWindowExA
0x40d3c4 SystemParametersInfoW
0x40d3c8 GetForegroundWindow
0x40d3cc SendInput
0x40d3d0 GetIconInfo
0x40d3d4 DrawIcon
0x40d3d8 EnumWindows
0x40d3dc GetCursorPos
0x40d3e0 IsWindowVisible
0x40d3e4 CloseWindow
0x40d3e8 ShowWindow
0x40d3ec GetWindowThreadProcessId
0x40d3f0 MessageBoxW
0x40d3f4 ExitWindowsEx
0x40d3f8 OpenClipboard
0x40d3fc EmptyClipboard
0x40d400 SetClipboardData
0x40d404 CloseClipboard
0x40d408 GetClipboardData
0x40d40c SetWindowTextW
0x40d410 TranslateMessage
0x40d414 GetWindowTextW
0x40d418 DefWindowProcA
0x40d41c DispatchMessageA
0x40d420 GetMessageA
GDI32.dll
0x40d07c GetDIBits
0x40d080 GetObjectA
0x40d084 StretchBlt
0x40d088 SelectObject
0x40d08c DeleteObject
0x40d090 DeleteDC
0x40d094 CreateCompatibleBitmap
0x40d098 GetDeviceCaps
0x40d09c CreateCompatibleDC
0x40d0a0 CreateDCA
ADVAPI32.dll
0x40d000 RegCreateKeyW
0x40d004 RegEnumKeyExA
0x40d008 GetUserNameW
0x40d00c ChangeServiceConfigW
0x40d010 QueryServiceStatus
0x40d014 ControlService
0x40d018 OpenSCManagerW
0x40d01c StartServiceW
0x40d020 OpenSCManagerA
0x40d024 EnumServicesStatusW
0x40d028 OpenServiceW
0x40d02c RegDeleteKeyA
0x40d030 RegOpenKeyExA
0x40d034 RegCloseKey
0x40d038 RegQueryValueExA
0x40d03c RegQueryValueExW
0x40d040 RegOpenKeyExW
0x40d044 RegSetValueExA
0x40d048 RegCreateKeyA
0x40d04c RegSetValueExW
0x40d050 RegDeleteValueW
0x40d054 RegEnumValueW
0x40d058 RegEnumKeyExW
0x40d05c RegQueryInfoKeyW
0x40d060 RegCreateKeyExW
0x40d064 AdjustTokenPrivileges
0x40d068 LookupPrivilegeValueA
0x40d06c OpenProcessToken
0x40d070 CloseServiceHandle
0x40d074 QueryServiceConfigW
SHELL32.dll
0x40d390 ExtractIconA
0x40d394 Shell_NotifyIconA
0x40d398 ShellExecuteExA
0x40d39c ShellExecuteW
MSVCRT.dll
0x40d2ec _controlfp
0x40d2f0 _except_handler3
0x40d2f4 __set_app_type
0x40d2f8 __p__fmode
0x40d2fc __p__commode
0x40d300 _adjust_fdiv
0x40d304 __setusermatherr
0x40d308 _initterm
0x40d30c __getmainargs
0x40d310 _acmdln
0x40d314 _XcptFilter
0x40d318 _exit
0x40d31c ??1type_info@@UAE@XZ
0x40d320 _onexit
0x40d324 __dllonexit
0x40d328 freopen
0x40d32c wcscat
0x40d330 _itow
0x40d334 _wsystem
0x40d338 sprintf
0x40d33c wcscpy
0x40d340 wcslen
0x40d344 _wgetenv
0x40d348 exit
0x40d34c __CxxFrameHandler
0x40d350 tolower
0x40d354 wcscmp
0x40d358 atoi
0x40d35c _wrename
0x40d360 ??2@YAPAXI@Z
0x40d364 getenv
0x40d368 ??3@YAXPAX@Z
0x40d36c _CxxThrowException
0x40d370 ??0exception@@QAE@ABV0@@Z
0x40d374 printf
0x40d378 strncmp
0x40d37c malloc
0x40d380 free
0x40d384 _iob
0x40d388 _itoa
MSVCP60.dll
0x40d1b0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
0x40d1b4 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
0x40d1b8 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x40d1bc ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x40d1c0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
0x40d1c4 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
0x40d1c8 ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
0x40d1cc ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
0x40d1d0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
0x40d1d4 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
0x40d1d8 ??0Init@ios_base@std@@QAE@XZ
0x40d1dc ??1Init@ios_base@std@@QAE@XZ
0x40d1e0 ??0_Winit@std@@QAE@XZ
0x40d1e4 ??1_Winit@std@@QAE@XZ
0x40d1e8 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40d1ec ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
0x40d1f0 ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d1f4 ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d1f8 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
0x40d1fc ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d200 ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d204 ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
0x40d208 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
0x40d20c ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
0x40d210 ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
0x40d214 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
0x40d218 ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
0x40d21c ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
0x40d220 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
0x40d224 ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
0x40d228 ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
0x40d22c ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
0x40d230 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
0x40d234 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
0x40d238 ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
0x40d23c ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
0x40d240 ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
0x40d244 ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
0x40d248 ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
0x40d24c ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
0x40d250 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
0x40d254 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
0x40d258 ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
0x40d25c ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
0x40d260 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
0x40d264 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
0x40d268 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0x40d26c ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
0x40d270 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
0x40d274 ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
0x40d278 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
0x40d27c ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
0x40d280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
0x40d284 ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
0x40d288 ??1out_of_range@std@@UAE@XZ
0x40d28c ??0out_of_range@std@@QAE@ABV01@@Z
0x40d290 ??0logic_error@std@@QAE@ABV01@@Z
0x40d294 ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
0x40d298 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
0x40d29c ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
0x40d2a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
0x40d2a4 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
0x40d2a8 ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
0x40d2ac ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
0x40d2b0 ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
0x40d2b4 ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
0x40d2b8 ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
0x40d2bc ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d2c0 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
0x40d2c4 ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
0x40d2c8 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0x40d2cc ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
0x40d2d0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
0x40d2d4 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
0x40d2d8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0x40d2dc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
0x40d2e0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
0x40d2e4 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
SHLWAPI.dll
0x40d3a4 StrToIntA
WS2_32.dll
0x40d43c htons
0x40d440 socket
0x40d444 send
0x40d448 recv
0x40d44c closesocket
0x40d450 connect
0x40d454 gethostbyname
0x40d458 WSAStartup
urlmon.dll
0x40d48c URLDownloadToFileW
gdiplus.dll
0x40d460 GdipLoadImageFromStream
0x40d464 GdipFree
0x40d468 GdipDisposeImage
0x40d46c GdipCloneImage
0x40d470 GdipAlloc
0x40d474 GdipSaveImageToStream
0x40d478 GdiplusStartup
0x40d47c GdipGetImageEncoders
0x40d480 GdipGetImageEncodersSize
0x40d484 GdipLoadImageFromStreamICM
WININET.dll
0x40d428 InternetReadFile
0x40d42c InternetOpenUrlA
0x40d430 InternetOpenA
0x40d434 InternetCloseHandle
EAT(Export Address Table) is none