ScreenShot
| Created | 2023.12.07 06:54 | Machine | s1_win7_x6401 |
| Filename | GameCenter.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 054c92c15c2574860d1fe07b9fad1b23 | ||
| sha256 | b4e7c449825bd8f9725ddf61b30a9d7d4238228306e0c2deb40a51ef349afad2 | ||
| ssdeep | 196608:/yEhU6i3fzQKpLePzTIgjhrrhELSEjfvS8de:/Z4LQKpLePPIwJEeUv9E | ||
| imphash | 9d4e94bd914c213cc9397b440bb8d045 | ||
| impfuzzy | 192:6z5rilhVxIMYHQUOGjDoKbXmUwMF9hGHrw/MMvpeC:m9JHQUOG9mULWrwPheC | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| watch | Creates an Alternate Data Stream (ADS) |
| watch | Detects the presence of Wine emulator |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | HermeticWiper_Zero | HermeticWiper | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
d3d9.dll
0xb83944 Direct3DCreate9
shlwapi.dll
0xb8394c PathCreateFromUrlW
0xb83950 PathCombineW
0xb83954 UrlCreateFromPathW
wininet.dll
0xb8395c InternetCloseHandle
0xb83960 InternetCrackUrlW
0xb83964 HttpOpenRequestW
0xb83968 HttpSendRequestW
0xb8396c InternetConnectW
0xb83970 InternetOpenA
0xb83974 InternetSetOptionW
0xb83978 HttpQueryInfoW
authz.dll
0xb83980 AuthzAccessCheck
0xb83984 AuthzFreeResourceManager
0xb83988 AuthzInitializeResourceManager
0xb8398c AuthzFreeContext
0xb83990 AuthzInitializeContextFromSid
comdlg32.dll
0xb83998 GetSaveFileNameW
0xb8399c GetOpenFileNameW
msimg32.dll
0xb839a4 AlphaBlend
shell32.dll
0xb839ac DragFinish
0xb839b0 SHGetFolderPathW
0xb839b4 SHGetFileInfoW
0xb839b8 SHChangeNotify
0xb839bc DragQueryFileW
0xb839c0 Shell_NotifyIconW
0xb839c4 DragAcceptFiles
0xb839c8 SHCreateStdEnumFmtEtc
0xb839cc SHAppBarMessage
0xb839d0 ShellExecuteW
0xb839d4 ShellExecuteExW
ws2_32.dll
0xb839dc select
0xb839e0 setsockopt
0xb839e4 WSAAddressToStringW
0xb839e8 WSACleanup
0xb839ec gethostbyname
0xb839f0 ind
0xb839f4 closesocket
0xb839f8 WSAGetLastError
0xb839fc connect
0xb83a00 inet_addr
0xb83a04 getnameinfo
0xb83a08 send
0xb83a0c WSCEnumProtocols
0xb83a10 htons
0xb83a14 htonl
0xb83a18 accept
0xb83a1c freeaddrinfo
0xb83a20 WSAStartup
0xb83a24 __WSAFDIsSet
0xb83a28 WSCGetProviderPath
0xb83a2c getsockname
0xb83a30 listen
0xb83a34 getaddrinfo
0xb83a38 recv
0xb83a3c socket
0xb83a40 inet_ntoa
0xb83a44 ioctlsocket
0xb83a48 shutdown
psapi.dll
0xb83a50 GetModuleInformation
0xb83a54 GetProcessImageFileNameW
0xb83a58 GetProcessMemoryInfo
0xb83a5c EnumProcessModules
0xb83a60 GetModuleFileNameExW
user32.dll
0xb83a68 MoveWindow
0xb83a6c CreateWindowExW
0xb83a70 PeekMessageW
0xb83a74 MonitorFromWindow
0xb83a78 SetTimer
0xb83a7c AllowSetForegroundWindow
0xb83a80 WindowFromPoint
0xb83a84 BeginPaint
0xb83a88 FrameRect
0xb83a8c RegisterWindowMessageW
0xb83a90 FillRect
0xb83a94 DispatchMessageW
0xb83a98 EnumWindows
0xb83a9c GetClassInfoW
0xb83aa0 SetActiveWindow
0xb83aa4 GetActiveWindow
0xb83aa8 GetKeyboardLayoutList
0xb83aac EnumChildWindows
0xb83ab0 ReleaseCapture
0xb83ab4 LoadCursorW
0xb83ab8 SetCapture
0xb83abc GetCapture
0xb83ac0 GetCursorInfo
0xb83ac4 CharLowerBuffW
0xb83ac8 GetSystemMetrics
0xb83acc PostMessageW
0xb83ad0 SetWindowLongW
0xb83ad4 CharUpperBuffW
0xb83ad8 GetClientRect
0xb83adc ShowCursor
0xb83ae0 SetClipboardData
0xb83ae4 GetClipboardData
0xb83ae8 ClientToScreen
0xb83aec IsIconic
0xb83af0 GetMonitorInfoW
0xb83af4 ShowWindow
0xb83af8 CharUpperW
0xb83afc DefWindowProcW
0xb83b00 SetForegroundWindow
0xb83b04 GetForegroundWindow
0xb83b08 GetAsyncKeyState
0xb83b0c MapVirtualKeyExW
0xb83b10 EnableWindow
0xb83b14 GetShellWindow
0xb83b18 DestroyWindow
0xb83b1c RegisterClassW
0xb83b20 CharNextW
0xb83b24 GetWindowThreadProcessId
0xb83b28 RedrawWindow
0xb83b2c GetFocus
0xb83b30 GetDC
0xb83b34 SetFocus
0xb83b38 ReleaseDC
0xb83b3c EndPaint
0xb83b40 TrackMouseEvent
0xb83b44 GetParent
0xb83b48 MessageBeep
0xb83b4c MessageBoxW
0xb83b50 SetClassLongW
0xb83b54 RegisterHotKey
0xb83b58 UpdateWindow
0xb83b5c AttachThreadInput
0xb83b60 MsgWaitForMultipleObjects
0xb83b64 DestroyIcon
0xb83b68 IsWindowVisible
0xb83b6c EmptyClipboard
0xb83b70 GetAncestor
0xb83b74 FlashWindowEx
0xb83b78 PtInRect
0xb83b7c UnregisterClassW
0xb83b80 SendMessageW
0xb83b84 GetLastInputInfo
0xb83b88 IsWindow
0xb83b8c EnumThreadWindows
0xb83b90 InvalidateRect
0xb83b94 ScreenToClient
0xb83b98 GetWindowInfo
0xb83b9c SendMessageTimeoutW
0xb83ba0 BringWindowToTop
0xb83ba4 SetCursor
0xb83ba8 LoadStringW
0xb83bac SetWindowPos
0xb83bb0 OpenClipboard
0xb83bb4 TranslateMessage
0xb83bb8 EnumDisplayMonitors
0xb83bbc CallWindowProcW
0xb83bc0 CloseClipboard
0xb83bc4 UpdateLayeredWindow
0xb83bc8 DrawIconEx
0xb83bcc GetClassNameW
0xb83bd0 LoadImageW
0xb83bd4 GetIconInfo
0xb83bd8 GetKeyNameTextW
0xb83bdc GetDesktopWindow
0xb83be0 GetCursorPos
0xb83be4 DeferWindowPos
0xb83be8 EndDeferWindowPos
0xb83bec UnregisterHotKey
0xb83bf0 GetKeyState
0xb83bf4 MonitorFromPoint
0xb83bf8 SystemParametersInfoW
0xb83bfc CreateIconFromResourceEx
0xb83c00 GetWindow
0xb83c04 GetWindowLongW
0xb83c08 GetWindowRect
0xb83c0c KillTimer
0xb83c10 BeginDeferWindowPos
0xb83c14 PostThreadMessageW
0xb83c18 IsWindowEnabled
0xb83c1c CreateIconIndirect
0xb83c20 FindWindowW
0xb83c24 GetKeyboardLayout
oleaut32.dll
0xb83c2c SafeArrayPutElement
0xb83c30 SysFreeString
0xb83c34 VariantClear
0xb83c38 VariantInit
0xb83c3c SysReAllocStringLen
0xb83c40 SysAllocString
0xb83c44 SafeArrayCreate
0xb83c48 SysAllocStringLen
0xb83c4c SafeArrayPtrOfIndex
0xb83c50 SafeArrayCreateVector
0xb83c54 SafeArrayGetUBound
0xb83c58 SafeArrayGetLBound
0xb83c5c VariantCopy
0xb83c60 VariantChangeType
advapi32.dll
0xb83c68 ConvertStringSecurityDescriptorToSecurityDescriptorA
0xb83c6c CloseServiceHandle
0xb83c70 RegSetValueExW
0xb83c74 AddAccessDeniedObjectAce
0xb83c78 AddAccessAllowedObjectAce
0xb83c7c AddAuditAccessAceEx
0xb83c80 AddAce
0xb83c84 OpenThreadToken
0xb83c88 CloseEventLog
0xb83c8c RegQueryInfoKeyW
0xb83c90 IsValidSid
0xb83c94 CreateWellKnownSid
0xb83c98 GetLengthSid
0xb83c9c AddAccessAllowedAceEx
0xb83ca0 OpenEventLogW
0xb83ca4 GetTokenInformation
0xb83ca8 ReadEventLogW
0xb83cac RegCreateKeyExW
0xb83cb0 SetSecurityDescriptorDacl
0xb83cb4 OpenServiceW
0xb83cb8 InitializeAcl
0xb83cbc RegEnumKeyExW
0xb83cc0 AdjustTokenPrivileges
0xb83cc4 QueryServiceConfigW
0xb83cc8 CopySid
0xb83ccc SetSecurityInfo
0xb83cd0 AddAuditAccessObjectAce
0xb83cd4 RegDeleteKeyW
0xb83cd8 LookupPrivilegeValueW
0xb83cdc OpenSCManagerW
0xb83ce0 RegOpenKeyExW
0xb83ce4 OpenProcessToken
0xb83ce8 RegDeleteValueW
0xb83cec RegNotifyChangeKeyValue
0xb83cf0 AddAccessDeniedAceEx
0xb83cf4 GetNamedSecurityInfoW
0xb83cf8 SetNamedSecurityInfoW
0xb83cfc RegFlushKey
0xb83d00 RegEnumValueW
0xb83d04 RegQueryValueExW
0xb83d08 ConvertSidToStringSidW
0xb83d0c RegCloseKey
0xb83d10 InitializeSecurityDescriptor
0xb83d14 EnumServicesStatusW
kernel32.dll
0xb83d1c ReadFileEx
0xb83d20 SetFileTime
0xb83d24 GetFileTime
0xb83d28 Process32FirstW
0xb83d2c GetACP
0xb83d30 GetExitCodeProcess
0xb83d34 CloseHandle
0xb83d38 LocalFree
0xb83d3c SizeofResource
0xb83d40 GetCurrentProcessId
0xb83d44 TerminateThread
0xb83d48 SetHandleInformation
0xb83d4c GetHandleInformation
0xb83d50 GetFullPathNameW
0xb83d54 FindNextFileW
0xb83d58 WriteProcessMemory
0xb83d5c CreateHardLinkW
0xb83d60 SetUnhandledExceptionFilter
0xb83d64 GetTimeZoneInformation
0xb83d68 SystemTimeToTzSpecificLocalTime
0xb83d6c FreeLibrary
0xb83d70 SetDllDirectoryW
0xb83d74 GetUserDefaultLCID
0xb83d78 SetLastError
0xb83d7c GetModuleFileNameW
0xb83d80 GetLastError
0xb83d84 GlobalAlloc
0xb83d88 GlobalUnlock
0xb83d8c OpenMutexW
0xb83d90 CreateThread
0xb83d94 CompareStringW
0xb83d98 GetGeoInfoW
0xb83d9c LoadLibraryA
0xb83da0 CreateMutexW
0xb83da4 ResetEvent
0xb83da8 GetVolumeInformationW
0xb83dac RaiseException
0xb83db0 FormatMessageW
0xb83db4 OpenJobObjectW
0xb83db8 GetCurrentThread
0xb83dbc GetLogicalDrives
0xb83dc0 HeapReAlloc
0xb83dc4 IsBadReadPtr
0xb83dc8 ExpandEnvironmentStringsW
0xb83dcc LoadLibraryExW
0xb83dd0 MoveFileWithProgressW
0xb83dd4 FileTimeToSystemTime
0xb83dd8 VirtualQuery
0xb83ddc VirtualQueryEx
0xb83de0 Sleep
0xb83de4 SetFilePointer
0xb83de8 FlushFileBuffers
0xb83dec LoadResource
0xb83df0 SuspendThread
0xb83df4 GetTickCount
0xb83df8 WritePrivateProfileStringW
0xb83dfc GetFileSize
0xb83e00 GetStartupInfoW
0xb83e04 GetFileAttributesW
0xb83e08 SetThreadPriority
0xb83e0c VirtualAlloc
0xb83e10 GetSystemInfo
0xb83e14 GetTempPathW
0xb83e18 LeaveCriticalSection
0xb83e1c GetLogicalDriveStringsW
0xb83e20 GetModuleHandleA
0xb83e24 HeapCreate
0xb83e28 VerSetConditionMask
0xb83e2c GetDiskFreeSpaceW
0xb83e30 GetUserDefaultUILanguage
0xb83e34 WriteFileEx
0xb83e38 GetModuleFileNameA
0xb83e3c CompareStringA
0xb83e40 WaitForSingleObjectEx
0xb83e44 GetCompressedFileSizeW
0xb83e48 HeapFree
0xb83e4c WideCharToMultiByte
0xb83e50 MultiByteToWideChar
0xb83e54 FindClose
0xb83e58 LoadLibraryW
0xb83e5c SetEvent
0xb83e60 FreeEnvironmentStringsW
0xb83e64 GetLocaleInfoW
0xb83e68 ConnectNamedPipe
0xb83e6c GetLocalTime
0xb83e70 WaitForSingleObject
0xb83e74 GetSystemPowerStatus
0xb83e78 DeleteCriticalSection
0xb83e7c HeapLock
0xb83e80 OpenThread
0xb83e84 SetErrorMode
0xb83e88 GetLogicalProcessorInformation
0xb83e8c TzSpecificLocalTimeToSystemTime
0xb83e90 SleepEx
0xb83e94 IsValidLocale
0xb83e98 LocalAlloc
0xb83e9c WaitForMultipleObjectsEx
0xb83ea0 GetVolumePathNameW
0xb83ea4 SetFileAttributesW
0xb83ea8 QueryDosDeviceW
0xb83eac VirtualProtect
0xb83eb0 SetEnvironmentVariableW
0xb83eb4 ReadProcessMemory
0xb83eb8 QueryPerformanceFrequency
0xb83ebc SetThreadContext
0xb83ec0 VirtualFree
0xb83ec4 GetThreadContext
0xb83ec8 FlushInstructionCache
0xb83ecc ExitProcess
0xb83ed0 HeapAlloc
0xb83ed4 GetLongPathNameW
0xb83ed8 RtlUnwind
0xb83edc GetCPInfo
0xb83ee0 GetStdHandle
0xb83ee4 DisconnectNamedPipe
0xb83ee8 GetModuleHandleW
0xb83eec SetInformationJobObject
0xb83ef0 ReadFile
0xb83ef4 CompareFileTime
0xb83ef8 CreateProcessW
0xb83efc CreateRemoteThread
0xb83f00 GetNativeSystemInfo
0xb83f04 FindResourceW
0xb83f08 GetUserGeoID
0xb83f0c CheckRemoteDebuggerPresent
0xb83f10 MapViewOfFile
0xb83f14 MulDiv
0xb83f18 GetVersion
0xb83f1c GetDriveTypeW
0xb83f20 FreeResource
0xb83f24 Module32NextW
0xb83f28 MoveFileW
0xb83f2c SetThreadExecutionState
0xb83f30 GlobalAddAtomW
0xb83f34 GetSystemTimeAsFileTime
0xb83f38 OpenProcess
0xb83f3c SwitchToThread
0xb83f40 GetExitCodeThread
0xb83f44 OutputDebugStringW
0xb83f48 GetFileAttributesExW
0xb83f4c GlobalMemoryStatusEx
0xb83f50 SetNamedPipeHandleState
0xb83f54 IsProcessorFeaturePresent
0xb83f58 LockResource
0xb83f5c TerminateProcess
0xb83f60 QueryInformationJobObject
0xb83f64 GetCurrentThreadId
0xb83f68 MoveFileExW
0xb83f6c UnhandledExceptionFilter
0xb83f70 PeekNamedPipe
0xb83f74 GlobalFree
0xb83f78 HeapWalk
0xb83f7c EnterCriticalSection
0xb83f80 GetDiskFreeSpaceExW
0xb83f84 ReleaseMutex
0xb83f88 EnumResourceLanguagesW
0xb83f8c GlobalDeleteAtom
0xb83f90 SetCurrentDirectoryW
0xb83f94 GetCurrentDirectoryW
0xb83f98 InitializeCriticalSection
0xb83f9c GlobalLock
0xb83fa0 GetCurrentProcess
0xb83fa4 GetCommandLineW
0xb83fa8 HeapSetInformation
0xb83fac ResumeThread
0xb83fb0 GetProcAddress
0xb83fb4 VirtualAllocEx
0xb83fb8 BaseFlushAppcompatCache
0xb83fbc FindResourceExW
0xb83fc0 GetVersionExW
0xb83fc4 VerifyVersionInfoW
0xb83fc8 GetEnvironmentStringsW
0xb83fcc LCMapStringW
0xb83fd0 DeviceIoControl
0xb83fd4 FindFirstFileW
0xb83fd8 UnmapViewOfFile
0xb83fdc Process32NextW
0xb83fe0 lstrlenW
0xb83fe4 GetVolumeNameForVolumeMountPointW
0xb83fe8 SetEndOfFile
0xb83fec QueryPerformanceCounter
0xb83ff0 CreateToolhelp32Snapshot
0xb83ff4 SystemTimeToFileTime
0xb83ff8 CreateFileW
0xb83ffc EnumResourceNamesW
0xb84000 GetSystemDirectoryW
0xb84004 DeleteFileW
0xb84008 GetEnvironmentVariableW
0xb8400c Module32FirstW
0xb84010 WriteFile
0xb84014 GetFileInformationByHandle
0xb84018 FindFirstFileExW
0xb8401c ExitThread
0xb84020 CreateNamedPipeW
0xb84024 CreateFileMappingW
0xb84028 CreatePipe
0xb8402c TlsGetValue
0xb84030 HeapUnlock
0xb84034 GetDateFormatW
0xb84038 TlsSetValue
0xb8403c GetSystemDefaultUILanguage
0xb84040 GetOverlappedResult
0xb84044 CreateDirectoryW
0xb84048 EnumCalendarInfoW
0xb8404c IsWow64Process
0xb84050 GetProcessId
0xb84054 RemoveDirectoryW
0xb84058 CreateEventW
0xb8405c SetThreadLocale
0xb84060 GetThreadLocale
dnsapi.dll
0xb84068 DnsQuery_W
0xb8406c DnsRecordListFree
ole32.dll
0xb84074 CoCreateGuid
0xb84078 CoCreateInstance
0xb8407c CoUninitialize
0xb84080 OleInitialize
0xb84084 CoSetProxyBlanket
0xb84088 PropVariantClear
0xb8408c OleUninitialize
0xb84090 CoInitializeEx
0xb84094 CoInitialize
0xb84098 CoInitializeSecurity
0xb8409c CoTaskMemFree
0xb840a0 CoTaskMemAlloc
0xb840a4 DoDragDrop
iphlpapi.dll
0xb840ac GetAdaptersAddresses
0xb840b0 IcmpCloseHandle
0xb840b4 IcmpSendEcho
0xb840b8 IcmpCreateFile
0xb840bc GetBestInterface
gdi32.dll
0xb840c4 GetBitmapBits
0xb840c8 SetBkMode
0xb840cc GetObjectW
0xb840d0 CreateCompatibleBitmap
0xb840d4 CreateDIBSection
0xb840d8 SetMapMode
0xb840dc GetStockObject
0xb840e0 CreateSolidBrush
0xb840e4 SelectObject
0xb840e8 DeleteObject
0xb840ec DeleteDC
0xb840f0 BitBlt
0xb840f4 GetDeviceCaps
0xb840f8 CreateCompatibleDC
ntdll.dll
0xb84100 NtQueryInformationProcess
0xb84104 NtQueryInformationThread
EAT(Export Address Table) Library
0xa93670 NoGCLayPipe
0x40dbb0 __dbk_fcall_wrapper
0xb5e63c dbkFCallWrapperAddr
d3d9.dll
0xb83944 Direct3DCreate9
shlwapi.dll
0xb8394c PathCreateFromUrlW
0xb83950 PathCombineW
0xb83954 UrlCreateFromPathW
wininet.dll
0xb8395c InternetCloseHandle
0xb83960 InternetCrackUrlW
0xb83964 HttpOpenRequestW
0xb83968 HttpSendRequestW
0xb8396c InternetConnectW
0xb83970 InternetOpenA
0xb83974 InternetSetOptionW
0xb83978 HttpQueryInfoW
authz.dll
0xb83980 AuthzAccessCheck
0xb83984 AuthzFreeResourceManager
0xb83988 AuthzInitializeResourceManager
0xb8398c AuthzFreeContext
0xb83990 AuthzInitializeContextFromSid
comdlg32.dll
0xb83998 GetSaveFileNameW
0xb8399c GetOpenFileNameW
msimg32.dll
0xb839a4 AlphaBlend
shell32.dll
0xb839ac DragFinish
0xb839b0 SHGetFolderPathW
0xb839b4 SHGetFileInfoW
0xb839b8 SHChangeNotify
0xb839bc DragQueryFileW
0xb839c0 Shell_NotifyIconW
0xb839c4 DragAcceptFiles
0xb839c8 SHCreateStdEnumFmtEtc
0xb839cc SHAppBarMessage
0xb839d0 ShellExecuteW
0xb839d4 ShellExecuteExW
ws2_32.dll
0xb839dc select
0xb839e0 setsockopt
0xb839e4 WSAAddressToStringW
0xb839e8 WSACleanup
0xb839ec gethostbyname
0xb839f0 ind
0xb839f4 closesocket
0xb839f8 WSAGetLastError
0xb839fc connect
0xb83a00 inet_addr
0xb83a04 getnameinfo
0xb83a08 send
0xb83a0c WSCEnumProtocols
0xb83a10 htons
0xb83a14 htonl
0xb83a18 accept
0xb83a1c freeaddrinfo
0xb83a20 WSAStartup
0xb83a24 __WSAFDIsSet
0xb83a28 WSCGetProviderPath
0xb83a2c getsockname
0xb83a30 listen
0xb83a34 getaddrinfo
0xb83a38 recv
0xb83a3c socket
0xb83a40 inet_ntoa
0xb83a44 ioctlsocket
0xb83a48 shutdown
psapi.dll
0xb83a50 GetModuleInformation
0xb83a54 GetProcessImageFileNameW
0xb83a58 GetProcessMemoryInfo
0xb83a5c EnumProcessModules
0xb83a60 GetModuleFileNameExW
user32.dll
0xb83a68 MoveWindow
0xb83a6c CreateWindowExW
0xb83a70 PeekMessageW
0xb83a74 MonitorFromWindow
0xb83a78 SetTimer
0xb83a7c AllowSetForegroundWindow
0xb83a80 WindowFromPoint
0xb83a84 BeginPaint
0xb83a88 FrameRect
0xb83a8c RegisterWindowMessageW
0xb83a90 FillRect
0xb83a94 DispatchMessageW
0xb83a98 EnumWindows
0xb83a9c GetClassInfoW
0xb83aa0 SetActiveWindow
0xb83aa4 GetActiveWindow
0xb83aa8 GetKeyboardLayoutList
0xb83aac EnumChildWindows
0xb83ab0 ReleaseCapture
0xb83ab4 LoadCursorW
0xb83ab8 SetCapture
0xb83abc GetCapture
0xb83ac0 GetCursorInfo
0xb83ac4 CharLowerBuffW
0xb83ac8 GetSystemMetrics
0xb83acc PostMessageW
0xb83ad0 SetWindowLongW
0xb83ad4 CharUpperBuffW
0xb83ad8 GetClientRect
0xb83adc ShowCursor
0xb83ae0 SetClipboardData
0xb83ae4 GetClipboardData
0xb83ae8 ClientToScreen
0xb83aec IsIconic
0xb83af0 GetMonitorInfoW
0xb83af4 ShowWindow
0xb83af8 CharUpperW
0xb83afc DefWindowProcW
0xb83b00 SetForegroundWindow
0xb83b04 GetForegroundWindow
0xb83b08 GetAsyncKeyState
0xb83b0c MapVirtualKeyExW
0xb83b10 EnableWindow
0xb83b14 GetShellWindow
0xb83b18 DestroyWindow
0xb83b1c RegisterClassW
0xb83b20 CharNextW
0xb83b24 GetWindowThreadProcessId
0xb83b28 RedrawWindow
0xb83b2c GetFocus
0xb83b30 GetDC
0xb83b34 SetFocus
0xb83b38 ReleaseDC
0xb83b3c EndPaint
0xb83b40 TrackMouseEvent
0xb83b44 GetParent
0xb83b48 MessageBeep
0xb83b4c MessageBoxW
0xb83b50 SetClassLongW
0xb83b54 RegisterHotKey
0xb83b58 UpdateWindow
0xb83b5c AttachThreadInput
0xb83b60 MsgWaitForMultipleObjects
0xb83b64 DestroyIcon
0xb83b68 IsWindowVisible
0xb83b6c EmptyClipboard
0xb83b70 GetAncestor
0xb83b74 FlashWindowEx
0xb83b78 PtInRect
0xb83b7c UnregisterClassW
0xb83b80 SendMessageW
0xb83b84 GetLastInputInfo
0xb83b88 IsWindow
0xb83b8c EnumThreadWindows
0xb83b90 InvalidateRect
0xb83b94 ScreenToClient
0xb83b98 GetWindowInfo
0xb83b9c SendMessageTimeoutW
0xb83ba0 BringWindowToTop
0xb83ba4 SetCursor
0xb83ba8 LoadStringW
0xb83bac SetWindowPos
0xb83bb0 OpenClipboard
0xb83bb4 TranslateMessage
0xb83bb8 EnumDisplayMonitors
0xb83bbc CallWindowProcW
0xb83bc0 CloseClipboard
0xb83bc4 UpdateLayeredWindow
0xb83bc8 DrawIconEx
0xb83bcc GetClassNameW
0xb83bd0 LoadImageW
0xb83bd4 GetIconInfo
0xb83bd8 GetKeyNameTextW
0xb83bdc GetDesktopWindow
0xb83be0 GetCursorPos
0xb83be4 DeferWindowPos
0xb83be8 EndDeferWindowPos
0xb83bec UnregisterHotKey
0xb83bf0 GetKeyState
0xb83bf4 MonitorFromPoint
0xb83bf8 SystemParametersInfoW
0xb83bfc CreateIconFromResourceEx
0xb83c00 GetWindow
0xb83c04 GetWindowLongW
0xb83c08 GetWindowRect
0xb83c0c KillTimer
0xb83c10 BeginDeferWindowPos
0xb83c14 PostThreadMessageW
0xb83c18 IsWindowEnabled
0xb83c1c CreateIconIndirect
0xb83c20 FindWindowW
0xb83c24 GetKeyboardLayout
oleaut32.dll
0xb83c2c SafeArrayPutElement
0xb83c30 SysFreeString
0xb83c34 VariantClear
0xb83c38 VariantInit
0xb83c3c SysReAllocStringLen
0xb83c40 SysAllocString
0xb83c44 SafeArrayCreate
0xb83c48 SysAllocStringLen
0xb83c4c SafeArrayPtrOfIndex
0xb83c50 SafeArrayCreateVector
0xb83c54 SafeArrayGetUBound
0xb83c58 SafeArrayGetLBound
0xb83c5c VariantCopy
0xb83c60 VariantChangeType
advapi32.dll
0xb83c68 ConvertStringSecurityDescriptorToSecurityDescriptorA
0xb83c6c CloseServiceHandle
0xb83c70 RegSetValueExW
0xb83c74 AddAccessDeniedObjectAce
0xb83c78 AddAccessAllowedObjectAce
0xb83c7c AddAuditAccessAceEx
0xb83c80 AddAce
0xb83c84 OpenThreadToken
0xb83c88 CloseEventLog
0xb83c8c RegQueryInfoKeyW
0xb83c90 IsValidSid
0xb83c94 CreateWellKnownSid
0xb83c98 GetLengthSid
0xb83c9c AddAccessAllowedAceEx
0xb83ca0 OpenEventLogW
0xb83ca4 GetTokenInformation
0xb83ca8 ReadEventLogW
0xb83cac RegCreateKeyExW
0xb83cb0 SetSecurityDescriptorDacl
0xb83cb4 OpenServiceW
0xb83cb8 InitializeAcl
0xb83cbc RegEnumKeyExW
0xb83cc0 AdjustTokenPrivileges
0xb83cc4 QueryServiceConfigW
0xb83cc8 CopySid
0xb83ccc SetSecurityInfo
0xb83cd0 AddAuditAccessObjectAce
0xb83cd4 RegDeleteKeyW
0xb83cd8 LookupPrivilegeValueW
0xb83cdc OpenSCManagerW
0xb83ce0 RegOpenKeyExW
0xb83ce4 OpenProcessToken
0xb83ce8 RegDeleteValueW
0xb83cec RegNotifyChangeKeyValue
0xb83cf0 AddAccessDeniedAceEx
0xb83cf4 GetNamedSecurityInfoW
0xb83cf8 SetNamedSecurityInfoW
0xb83cfc RegFlushKey
0xb83d00 RegEnumValueW
0xb83d04 RegQueryValueExW
0xb83d08 ConvertSidToStringSidW
0xb83d0c RegCloseKey
0xb83d10 InitializeSecurityDescriptor
0xb83d14 EnumServicesStatusW
kernel32.dll
0xb83d1c ReadFileEx
0xb83d20 SetFileTime
0xb83d24 GetFileTime
0xb83d28 Process32FirstW
0xb83d2c GetACP
0xb83d30 GetExitCodeProcess
0xb83d34 CloseHandle
0xb83d38 LocalFree
0xb83d3c SizeofResource
0xb83d40 GetCurrentProcessId
0xb83d44 TerminateThread
0xb83d48 SetHandleInformation
0xb83d4c GetHandleInformation
0xb83d50 GetFullPathNameW
0xb83d54 FindNextFileW
0xb83d58 WriteProcessMemory
0xb83d5c CreateHardLinkW
0xb83d60 SetUnhandledExceptionFilter
0xb83d64 GetTimeZoneInformation
0xb83d68 SystemTimeToTzSpecificLocalTime
0xb83d6c FreeLibrary
0xb83d70 SetDllDirectoryW
0xb83d74 GetUserDefaultLCID
0xb83d78 SetLastError
0xb83d7c GetModuleFileNameW
0xb83d80 GetLastError
0xb83d84 GlobalAlloc
0xb83d88 GlobalUnlock
0xb83d8c OpenMutexW
0xb83d90 CreateThread
0xb83d94 CompareStringW
0xb83d98 GetGeoInfoW
0xb83d9c LoadLibraryA
0xb83da0 CreateMutexW
0xb83da4 ResetEvent
0xb83da8 GetVolumeInformationW
0xb83dac RaiseException
0xb83db0 FormatMessageW
0xb83db4 OpenJobObjectW
0xb83db8 GetCurrentThread
0xb83dbc GetLogicalDrives
0xb83dc0 HeapReAlloc
0xb83dc4 IsBadReadPtr
0xb83dc8 ExpandEnvironmentStringsW
0xb83dcc LoadLibraryExW
0xb83dd0 MoveFileWithProgressW
0xb83dd4 FileTimeToSystemTime
0xb83dd8 VirtualQuery
0xb83ddc VirtualQueryEx
0xb83de0 Sleep
0xb83de4 SetFilePointer
0xb83de8 FlushFileBuffers
0xb83dec LoadResource
0xb83df0 SuspendThread
0xb83df4 GetTickCount
0xb83df8 WritePrivateProfileStringW
0xb83dfc GetFileSize
0xb83e00 GetStartupInfoW
0xb83e04 GetFileAttributesW
0xb83e08 SetThreadPriority
0xb83e0c VirtualAlloc
0xb83e10 GetSystemInfo
0xb83e14 GetTempPathW
0xb83e18 LeaveCriticalSection
0xb83e1c GetLogicalDriveStringsW
0xb83e20 GetModuleHandleA
0xb83e24 HeapCreate
0xb83e28 VerSetConditionMask
0xb83e2c GetDiskFreeSpaceW
0xb83e30 GetUserDefaultUILanguage
0xb83e34 WriteFileEx
0xb83e38 GetModuleFileNameA
0xb83e3c CompareStringA
0xb83e40 WaitForSingleObjectEx
0xb83e44 GetCompressedFileSizeW
0xb83e48 HeapFree
0xb83e4c WideCharToMultiByte
0xb83e50 MultiByteToWideChar
0xb83e54 FindClose
0xb83e58 LoadLibraryW
0xb83e5c SetEvent
0xb83e60 FreeEnvironmentStringsW
0xb83e64 GetLocaleInfoW
0xb83e68 ConnectNamedPipe
0xb83e6c GetLocalTime
0xb83e70 WaitForSingleObject
0xb83e74 GetSystemPowerStatus
0xb83e78 DeleteCriticalSection
0xb83e7c HeapLock
0xb83e80 OpenThread
0xb83e84 SetErrorMode
0xb83e88 GetLogicalProcessorInformation
0xb83e8c TzSpecificLocalTimeToSystemTime
0xb83e90 SleepEx
0xb83e94 IsValidLocale
0xb83e98 LocalAlloc
0xb83e9c WaitForMultipleObjectsEx
0xb83ea0 GetVolumePathNameW
0xb83ea4 SetFileAttributesW
0xb83ea8 QueryDosDeviceW
0xb83eac VirtualProtect
0xb83eb0 SetEnvironmentVariableW
0xb83eb4 ReadProcessMemory
0xb83eb8 QueryPerformanceFrequency
0xb83ebc SetThreadContext
0xb83ec0 VirtualFree
0xb83ec4 GetThreadContext
0xb83ec8 FlushInstructionCache
0xb83ecc ExitProcess
0xb83ed0 HeapAlloc
0xb83ed4 GetLongPathNameW
0xb83ed8 RtlUnwind
0xb83edc GetCPInfo
0xb83ee0 GetStdHandle
0xb83ee4 DisconnectNamedPipe
0xb83ee8 GetModuleHandleW
0xb83eec SetInformationJobObject
0xb83ef0 ReadFile
0xb83ef4 CompareFileTime
0xb83ef8 CreateProcessW
0xb83efc CreateRemoteThread
0xb83f00 GetNativeSystemInfo
0xb83f04 FindResourceW
0xb83f08 GetUserGeoID
0xb83f0c CheckRemoteDebuggerPresent
0xb83f10 MapViewOfFile
0xb83f14 MulDiv
0xb83f18 GetVersion
0xb83f1c GetDriveTypeW
0xb83f20 FreeResource
0xb83f24 Module32NextW
0xb83f28 MoveFileW
0xb83f2c SetThreadExecutionState
0xb83f30 GlobalAddAtomW
0xb83f34 GetSystemTimeAsFileTime
0xb83f38 OpenProcess
0xb83f3c SwitchToThread
0xb83f40 GetExitCodeThread
0xb83f44 OutputDebugStringW
0xb83f48 GetFileAttributesExW
0xb83f4c GlobalMemoryStatusEx
0xb83f50 SetNamedPipeHandleState
0xb83f54 IsProcessorFeaturePresent
0xb83f58 LockResource
0xb83f5c TerminateProcess
0xb83f60 QueryInformationJobObject
0xb83f64 GetCurrentThreadId
0xb83f68 MoveFileExW
0xb83f6c UnhandledExceptionFilter
0xb83f70 PeekNamedPipe
0xb83f74 GlobalFree
0xb83f78 HeapWalk
0xb83f7c EnterCriticalSection
0xb83f80 GetDiskFreeSpaceExW
0xb83f84 ReleaseMutex
0xb83f88 EnumResourceLanguagesW
0xb83f8c GlobalDeleteAtom
0xb83f90 SetCurrentDirectoryW
0xb83f94 GetCurrentDirectoryW
0xb83f98 InitializeCriticalSection
0xb83f9c GlobalLock
0xb83fa0 GetCurrentProcess
0xb83fa4 GetCommandLineW
0xb83fa8 HeapSetInformation
0xb83fac ResumeThread
0xb83fb0 GetProcAddress
0xb83fb4 VirtualAllocEx
0xb83fb8 BaseFlushAppcompatCache
0xb83fbc FindResourceExW
0xb83fc0 GetVersionExW
0xb83fc4 VerifyVersionInfoW
0xb83fc8 GetEnvironmentStringsW
0xb83fcc LCMapStringW
0xb83fd0 DeviceIoControl
0xb83fd4 FindFirstFileW
0xb83fd8 UnmapViewOfFile
0xb83fdc Process32NextW
0xb83fe0 lstrlenW
0xb83fe4 GetVolumeNameForVolumeMountPointW
0xb83fe8 SetEndOfFile
0xb83fec QueryPerformanceCounter
0xb83ff0 CreateToolhelp32Snapshot
0xb83ff4 SystemTimeToFileTime
0xb83ff8 CreateFileW
0xb83ffc EnumResourceNamesW
0xb84000 GetSystemDirectoryW
0xb84004 DeleteFileW
0xb84008 GetEnvironmentVariableW
0xb8400c Module32FirstW
0xb84010 WriteFile
0xb84014 GetFileInformationByHandle
0xb84018 FindFirstFileExW
0xb8401c ExitThread
0xb84020 CreateNamedPipeW
0xb84024 CreateFileMappingW
0xb84028 CreatePipe
0xb8402c TlsGetValue
0xb84030 HeapUnlock
0xb84034 GetDateFormatW
0xb84038 TlsSetValue
0xb8403c GetSystemDefaultUILanguage
0xb84040 GetOverlappedResult
0xb84044 CreateDirectoryW
0xb84048 EnumCalendarInfoW
0xb8404c IsWow64Process
0xb84050 GetProcessId
0xb84054 RemoveDirectoryW
0xb84058 CreateEventW
0xb8405c SetThreadLocale
0xb84060 GetThreadLocale
dnsapi.dll
0xb84068 DnsQuery_W
0xb8406c DnsRecordListFree
ole32.dll
0xb84074 CoCreateGuid
0xb84078 CoCreateInstance
0xb8407c CoUninitialize
0xb84080 OleInitialize
0xb84084 CoSetProxyBlanket
0xb84088 PropVariantClear
0xb8408c OleUninitialize
0xb84090 CoInitializeEx
0xb84094 CoInitialize
0xb84098 CoInitializeSecurity
0xb8409c CoTaskMemFree
0xb840a0 CoTaskMemAlloc
0xb840a4 DoDragDrop
iphlpapi.dll
0xb840ac GetAdaptersAddresses
0xb840b0 IcmpCloseHandle
0xb840b4 IcmpSendEcho
0xb840b8 IcmpCreateFile
0xb840bc GetBestInterface
gdi32.dll
0xb840c4 GetBitmapBits
0xb840c8 SetBkMode
0xb840cc GetObjectW
0xb840d0 CreateCompatibleBitmap
0xb840d4 CreateDIBSection
0xb840d8 SetMapMode
0xb840dc GetStockObject
0xb840e0 CreateSolidBrush
0xb840e4 SelectObject
0xb840e8 DeleteObject
0xb840ec DeleteDC
0xb840f0 BitBlt
0xb840f4 GetDeviceCaps
0xb840f8 CreateCompatibleDC
ntdll.dll
0xb84100 NtQueryInformationProcess
0xb84104 NtQueryInformationThread
EAT(Export Address Table) Library
0xa93670 NoGCLayPipe
0x40dbb0 __dbk_fcall_wrapper
0xb5e63c dbkFCallWrapperAddr