ScreenShot
| Created | 2023.12.11 19:54 | Machine | s1_win7_x6401 |
| Filename | MedicinesViews.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 45 detected (AIDetectMalware, GenericKD, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, Delf, PWSX, Gencirc, nfmuh, Siggen22, RHADAMANTHYS, YXDLIZ, ai score=89, Detected, Sabsik, Wacapew, Malware@#1tmve2tbz67ir, score, unsafe, Chgt, lSgtrGCtvkE, susgen) | ||
| md5 | d0b882c07526d97ef91eccf153e31a4b | ||
| sha256 | 99792e2eda5c50df332f2ba9bde7dbe158398acd913c16f980ff54bfda274f36 | ||
| ssdeep | 24576:LlmVGLBPhxC3jlp8gxakx09mTPPX58SuB1IyJdJe+32B0v:L0+BDuH8aHi9sfCSuBuq | ||
| imphash | 5443ea3b8ce78e136d783824de6178a9 | ||
| impfuzzy | 192:f30kp1wlcfmfeuuAjSUvK9yCo3qqtmGF72POQRd:f3F1geAo9impPOQv | ||
Network IP location
Signature (21cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Expresses interest in specific running processes |
| notice | One or more potentially interesting buffers were extracted |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (46cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | hide_executable_file | Hide executable file | binaries (download) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | Hijack_Network | Hijack network configuration | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | Persistence | Install itself for autorun at Windows startup | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x466154 DeleteCriticalSection
0x466158 LeaveCriticalSection
0x46615c EnterCriticalSection
0x466160 InitializeCriticalSection
0x466164 VirtualFree
0x466168 VirtualAlloc
0x46616c LocalFree
0x466170 LocalAlloc
0x466174 GetVersion
0x466178 GetCurrentThreadId
0x46617c InterlockedDecrement
0x466180 InterlockedIncrement
0x466184 VirtualQuery
0x466188 WideCharToMultiByte
0x46618c MultiByteToWideChar
0x466190 lstrlenA
0x466194 lstrcpynA
0x466198 LoadLibraryExA
0x46619c GetThreadLocale
0x4661a0 GetStartupInfoA
0x4661a4 GetProcAddress
0x4661a8 GetModuleHandleA
0x4661ac GetModuleFileNameA
0x4661b0 GetLocaleInfoA
0x4661b4 GetCommandLineA
0x4661b8 FreeLibrary
0x4661bc FindFirstFileA
0x4661c0 FindClose
0x4661c4 ExitProcess
0x4661c8 WriteFile
0x4661cc UnhandledExceptionFilter
0x4661d0 RtlUnwind
0x4661d4 RaiseException
0x4661d8 GetStdHandle
user32.dll
0x4661e0 GetKeyboardType
0x4661e4 LoadStringA
0x4661e8 MessageBoxA
0x4661ec CharNextA
advapi32.dll
0x4661f4 RegQueryValueExA
0x4661f8 RegOpenKeyExA
0x4661fc RegCloseKey
oleaut32.dll
0x466204 SysFreeString
0x466208 SysReAllocStringLen
0x46620c SysAllocStringLen
kernel32.dll
0x466214 TlsSetValue
0x466218 TlsGetValue
0x46621c LocalAlloc
0x466220 GetModuleHandleA
advapi32.dll
0x466228 RegQueryValueExA
0x46622c RegOpenKeyExA
0x466230 RegCloseKey
kernel32.dll
0x466238 lstrcpyA
0x46623c WriteFile
0x466240 WaitForSingleObject
0x466244 VirtualQuery
0x466248 VirtualAlloc
0x46624c Sleep
0x466250 SizeofResource
0x466254 SetThreadLocale
0x466258 SetFilePointer
0x46625c SetEvent
0x466260 SetErrorMode
0x466264 SetEndOfFile
0x466268 ResetEvent
0x46626c ReadFile
0x466270 MulDiv
0x466274 LockResource
0x466278 LoadResource
0x46627c LoadLibraryA
0x466280 LeaveCriticalSection
0x466284 InitializeCriticalSection
0x466288 GlobalUnlock
0x46628c GlobalReAlloc
0x466290 GlobalHandle
0x466294 GlobalLock
0x466298 GlobalFree
0x46629c GlobalFindAtomA
0x4662a0 GlobalDeleteAtom
0x4662a4 GlobalAlloc
0x4662a8 GlobalAddAtomA
0x4662ac GetVersionExA
0x4662b0 GetVersion
0x4662b4 GetTickCount
0x4662b8 GetThreadLocale
0x4662bc GetSystemInfo
0x4662c0 GetStringTypeExA
0x4662c4 GetStdHandle
0x4662c8 GetProcAddress
0x4662cc GetModuleHandleA
0x4662d0 GetModuleFileNameA
0x4662d4 GetLocaleInfoA
0x4662d8 GetLocalTime
0x4662dc GetLastError
0x4662e0 GetFullPathNameA
0x4662e4 GetDiskFreeSpaceA
0x4662e8 GetDateFormatA
0x4662ec GetCurrentThreadId
0x4662f0 GetCurrentThread
0x4662f4 GetCurrentProcessId
0x4662f8 GetCPInfo
0x4662fc GetACP
0x466300 FreeResource
0x466304 InterlockedExchange
0x466308 FreeLibrary
0x46630c FormatMessageA
0x466310 FindResourceA
0x466314 EnumCalendarInfoA
0x466318 EnterCriticalSection
0x46631c DeleteCriticalSection
0x466320 DeleteAtom
0x466324 CreateThread
0x466328 CreateFileA
0x46632c CreateEventA
0x466330 CreateDirectoryA
0x466334 CompareStringA
0x466338 CloseHandle
version.dll
0x466340 VerQueryValueA
0x466344 GetFileVersionInfoSizeA
0x466348 GetFileVersionInfoA
gdi32.dll
0x466350 UnrealizeObject
0x466354 StretchBlt
0x466358 SetWindowOrgEx
0x46635c SetWindowExtEx
0x466360 SetWinMetaFileBits
0x466364 SetViewportOrgEx
0x466368 SetViewportExtEx
0x46636c SetTextColor
0x466370 SetStretchBltMode
0x466374 SetROP2
0x466378 SetPixel
0x46637c SetMapMode
0x466380 SetEnhMetaFileBits
0x466384 SetDIBColorTable
0x466388 SetBrushOrgEx
0x46638c SetBkMode
0x466390 SetBkColor
0x466394 SelectPalette
0x466398 SelectObject
0x46639c SelectClipRgn
0x4663a0 SaveDC
0x4663a4 RestoreDC
0x4663a8 RectVisible
0x4663ac RealizePalette
0x4663b0 PolyPolyline
0x4663b4 PlayEnhMetaFile
0x4663b8 PatBlt
0x4663bc MoveToEx
0x4663c0 MaskBlt
0x4663c4 LineTo
0x4663c8 IntersectClipRect
0x4663cc GetWindowOrgEx
0x4663d0 GetWinMetaFileBits
0x4663d4 GetTextMetricsA
0x4663d8 GetTextExtentPoint32A
0x4663dc GetSystemPaletteEntries
0x4663e0 GetStockObject
0x4663e4 GetPixel
0x4663e8 GetPaletteEntries
0x4663ec GetObjectA
0x4663f0 GetEnhMetaFilePaletteEntries
0x4663f4 GetEnhMetaFileHeader
0x4663f8 GetEnhMetaFileBits
0x4663fc GetDeviceCaps
0x466400 GetDIBits
0x466404 GetDIBColorTable
0x466408 GetDCOrgEx
0x46640c GetCurrentPositionEx
0x466410 GetClipBox
0x466414 GetBrushOrgEx
0x466418 GetBitmapBits
0x46641c ExtCreatePen
0x466420 ExcludeClipRect
0x466424 DeleteObject
0x466428 DeleteEnhMetaFile
0x46642c DeleteDC
0x466430 CreateSolidBrush
0x466434 CreatePenIndirect
0x466438 CreatePalette
0x46643c CreateHalftonePalette
0x466440 CreateFontIndirectA
0x466444 CreateDIBitmap
0x466448 CreateDIBSection
0x46644c CreateCompatibleDC
0x466450 CreateCompatibleBitmap
0x466454 CreateBrushIndirect
0x466458 CreateBitmap
0x46645c CopyEnhMetaFileA
0x466460 BitBlt
user32.dll
0x466468 CreateWindowExA
0x46646c WindowFromPoint
0x466470 WinHelpA
0x466474 WaitMessage
0x466478 ValidateRect
0x46647c UpdateWindow
0x466480 UnregisterClassA
0x466484 UnionRect
0x466488 UnhookWindowsHookEx
0x46648c TranslateMessage
0x466490 TranslateMDISysAccel
0x466494 TrackPopupMenu
0x466498 SystemParametersInfoA
0x46649c ShowWindow
0x4664a0 ShowScrollBar
0x4664a4 ShowOwnedPopups
0x4664a8 ShowCursor
0x4664ac SetWindowsHookExA
0x4664b0 SetWindowTextA
0x4664b4 SetWindowPos
0x4664b8 SetWindowPlacement
0x4664bc SetWindowLongA
0x4664c0 SetTimer
0x4664c4 SetScrollRange
0x4664c8 SetScrollPos
0x4664cc SetScrollInfo
0x4664d0 SetRect
0x4664d4 SetPropA
0x4664d8 SetParent
0x4664dc SetMenuItemInfoA
0x4664e0 SetMenu
0x4664e4 SetKeyboardState
0x4664e8 SetForegroundWindow
0x4664ec SetFocus
0x4664f0 SetCursor
0x4664f4 SetClipboardData
0x4664f8 SetClassLongA
0x4664fc SetCapture
0x466500 SetActiveWindow
0x466504 SendMessageA
0x466508 ScrollWindowEx
0x46650c ScrollWindow
0x466510 ScreenToClient
0x466514 RemovePropA
0x466518 RemoveMenu
0x46651c ReleaseDC
0x466520 ReleaseCapture
0x466524 RegisterWindowMessageA
0x466528 RegisterClipboardFormatA
0x46652c RegisterClassA
0x466530 RedrawWindow
0x466534 PtInRect
0x466538 PostQuitMessage
0x46653c PostMessageA
0x466540 PeekMessageA
0x466544 OpenClipboard
0x466548 OffsetRect
0x46654c OemToCharA
0x466550 MessageBoxA
0x466554 MessageBeep
0x466558 MapWindowPoints
0x46655c MapVirtualKeyA
0x466560 LoadStringA
0x466564 LoadKeyboardLayoutA
0x466568 LoadIconA
0x46656c LoadCursorA
0x466570 LoadBitmapA
0x466574 KillTimer
0x466578 IsZoomed
0x46657c IsWindowVisible
0x466580 IsWindowEnabled
0x466584 IsWindow
0x466588 IsRectEmpty
0x46658c IsIconic
0x466590 IsDialogMessageA
0x466594 IsClipboardFormatAvailable
0x466598 IsChild
0x46659c IsCharAlphaNumericA
0x4665a0 IsCharAlphaA
0x4665a4 InvalidateRect
0x4665a8 IntersectRect
0x4665ac InsertMenuItemA
0x4665b0 InsertMenuA
0x4665b4 InflateRect
0x4665b8 GetWindowThreadProcessId
0x4665bc GetWindowTextA
0x4665c0 GetWindowRect
0x4665c4 GetWindowPlacement
0x4665c8 GetWindowLongA
0x4665cc GetWindowDC
0x4665d0 GetWindowContextHelpId
0x4665d4 GetTopWindow
0x4665d8 GetSystemMetrics
0x4665dc GetSystemMenu
0x4665e0 GetSysColorBrush
0x4665e4 GetSysColor
0x4665e8 GetSubMenu
0x4665ec GetScrollRange
0x4665f0 GetScrollPos
0x4665f4 GetScrollInfo
0x4665f8 GetPropA
0x4665fc GetParent
0x466600 GetWindow
0x466604 GetMessageTime
0x466608 GetMenuStringA
0x46660c GetMenuState
0x466610 GetMenuItemInfoA
0x466614 GetMenuItemID
0x466618 GetMenuItemCount
0x46661c GetMenuContextHelpId
0x466620 GetMenu
0x466624 GetLastActivePopup
0x466628 GetKeyboardState
0x46662c GetKeyboardLayoutList
0x466630 GetKeyboardLayout
0x466634 GetKeyState
0x466638 GetKeyNameTextA
0x46663c GetKBCodePage
0x466640 GetIconInfo
0x466644 GetForegroundWindow
0x466648 GetFocus
0x46664c GetDoubleClickTime
0x466650 GetDlgItem
0x466654 GetDesktopWindow
0x466658 GetDCEx
0x46665c GetDC
0x466660 GetCursorPos
0x466664 GetCursor
0x466668 GetClipboardData
0x46666c GetClientRect
0x466670 GetClassNameA
0x466674 GetClassInfoA
0x466678 GetCaretPos
0x46667c GetCapture
0x466680 GetActiveWindow
0x466684 FrameRect
0x466688 FindWindowA
0x46668c FillRect
0x466690 EqualRect
0x466694 EnumWindows
0x466698 EnumThreadWindows
0x46669c EnumClipboardFormats
0x4666a0 EndPaint
0x4666a4 EndDeferWindowPos
0x4666a8 EnableWindow
0x4666ac EnableScrollBar
0x4666b0 EnableMenuItem
0x4666b4 EmptyClipboard
0x4666b8 DrawTextA
0x4666bc DrawMenuBar
0x4666c0 DrawIconEx
0x4666c4 DrawIcon
0x4666c8 DrawFrameControl
0x4666cc DrawFocusRect
0x4666d0 DrawEdge
0x4666d4 DispatchMessageA
0x4666d8 DestroyWindow
0x4666dc DestroyMenu
0x4666e0 DestroyIcon
0x4666e4 DestroyCursor
0x4666e8 DestroyCaret
0x4666ec DeleteMenu
0x4666f0 DeferWindowPos
0x4666f4 DefWindowProcA
0x4666f8 DefMDIChildProcA
0x4666fc DefFrameProcA
0x466700 CreatePopupMenu
0x466704 CreateMenu
0x466708 CreateIcon
0x46670c CloseClipboard
0x466710 ClientToScreen
0x466714 CheckMenuItem
0x466718 CallWindowProcA
0x46671c CallNextHookEx
0x466720 BeginPaint
0x466724 BeginDeferWindowPos
0x466728 CharNextA
0x46672c CharLowerBuffA
0x466730 CharLowerA
0x466734 CharUpperBuffA
0x466738 CharToOemA
0x46673c AdjustWindowRectEx
0x466740 ActivateKeyboardLayout
kernel32.dll
0x466748 Sleep
oleaut32.dll
0x466750 SafeArrayPtrOfIndex
0x466754 SafeArrayGetUBound
0x466758 SafeArrayGetLBound
0x46675c SafeArrayCreate
0x466760 VariantChangeType
0x466764 VariantCopy
0x466768 VariantClear
0x46676c VariantInit
comctl32.dll
0x466774 ImageList_SetIconSize
0x466778 ImageList_GetIconSize
0x46677c ImageList_Write
0x466780 ImageList_Read
0x466784 ImageList_GetDragImage
0x466788 ImageList_DragShowNolock
0x46678c ImageList_SetDragCursorImage
0x466790 ImageList_DragMove
0x466794 ImageList_DragLeave
0x466798 ImageList_DragEnter
0x46679c ImageList_EndDrag
0x4667a0 ImageList_BeginDrag
0x4667a4 ImageList_Remove
0x4667a8 ImageList_DrawEx
0x4667ac ImageList_Draw
0x4667b0 ImageList_GetBkColor
0x4667b4 ImageList_SetBkColor
0x4667b8 ImageList_ReplaceIcon
0x4667bc ImageList_Add
0x4667c0 ImageList_GetImageCount
0x4667c4 ImageList_Destroy
0x4667c8 ImageList_Create
comdlg32.dll
0x4667d0 GetSaveFileNameA
0x4667d4 GetOpenFileNameA
kernel32.dll
0x4667dc MulDiv
kernel32.dll
0x4667e4 FreeConsole
EAT(Export Address Table) is none
kernel32.dll
0x466154 DeleteCriticalSection
0x466158 LeaveCriticalSection
0x46615c EnterCriticalSection
0x466160 InitializeCriticalSection
0x466164 VirtualFree
0x466168 VirtualAlloc
0x46616c LocalFree
0x466170 LocalAlloc
0x466174 GetVersion
0x466178 GetCurrentThreadId
0x46617c InterlockedDecrement
0x466180 InterlockedIncrement
0x466184 VirtualQuery
0x466188 WideCharToMultiByte
0x46618c MultiByteToWideChar
0x466190 lstrlenA
0x466194 lstrcpynA
0x466198 LoadLibraryExA
0x46619c GetThreadLocale
0x4661a0 GetStartupInfoA
0x4661a4 GetProcAddress
0x4661a8 GetModuleHandleA
0x4661ac GetModuleFileNameA
0x4661b0 GetLocaleInfoA
0x4661b4 GetCommandLineA
0x4661b8 FreeLibrary
0x4661bc FindFirstFileA
0x4661c0 FindClose
0x4661c4 ExitProcess
0x4661c8 WriteFile
0x4661cc UnhandledExceptionFilter
0x4661d0 RtlUnwind
0x4661d4 RaiseException
0x4661d8 GetStdHandle
user32.dll
0x4661e0 GetKeyboardType
0x4661e4 LoadStringA
0x4661e8 MessageBoxA
0x4661ec CharNextA
advapi32.dll
0x4661f4 RegQueryValueExA
0x4661f8 RegOpenKeyExA
0x4661fc RegCloseKey
oleaut32.dll
0x466204 SysFreeString
0x466208 SysReAllocStringLen
0x46620c SysAllocStringLen
kernel32.dll
0x466214 TlsSetValue
0x466218 TlsGetValue
0x46621c LocalAlloc
0x466220 GetModuleHandleA
advapi32.dll
0x466228 RegQueryValueExA
0x46622c RegOpenKeyExA
0x466230 RegCloseKey
kernel32.dll
0x466238 lstrcpyA
0x46623c WriteFile
0x466240 WaitForSingleObject
0x466244 VirtualQuery
0x466248 VirtualAlloc
0x46624c Sleep
0x466250 SizeofResource
0x466254 SetThreadLocale
0x466258 SetFilePointer
0x46625c SetEvent
0x466260 SetErrorMode
0x466264 SetEndOfFile
0x466268 ResetEvent
0x46626c ReadFile
0x466270 MulDiv
0x466274 LockResource
0x466278 LoadResource
0x46627c LoadLibraryA
0x466280 LeaveCriticalSection
0x466284 InitializeCriticalSection
0x466288 GlobalUnlock
0x46628c GlobalReAlloc
0x466290 GlobalHandle
0x466294 GlobalLock
0x466298 GlobalFree
0x46629c GlobalFindAtomA
0x4662a0 GlobalDeleteAtom
0x4662a4 GlobalAlloc
0x4662a8 GlobalAddAtomA
0x4662ac GetVersionExA
0x4662b0 GetVersion
0x4662b4 GetTickCount
0x4662b8 GetThreadLocale
0x4662bc GetSystemInfo
0x4662c0 GetStringTypeExA
0x4662c4 GetStdHandle
0x4662c8 GetProcAddress
0x4662cc GetModuleHandleA
0x4662d0 GetModuleFileNameA
0x4662d4 GetLocaleInfoA
0x4662d8 GetLocalTime
0x4662dc GetLastError
0x4662e0 GetFullPathNameA
0x4662e4 GetDiskFreeSpaceA
0x4662e8 GetDateFormatA
0x4662ec GetCurrentThreadId
0x4662f0 GetCurrentThread
0x4662f4 GetCurrentProcessId
0x4662f8 GetCPInfo
0x4662fc GetACP
0x466300 FreeResource
0x466304 InterlockedExchange
0x466308 FreeLibrary
0x46630c FormatMessageA
0x466310 FindResourceA
0x466314 EnumCalendarInfoA
0x466318 EnterCriticalSection
0x46631c DeleteCriticalSection
0x466320 DeleteAtom
0x466324 CreateThread
0x466328 CreateFileA
0x46632c CreateEventA
0x466330 CreateDirectoryA
0x466334 CompareStringA
0x466338 CloseHandle
version.dll
0x466340 VerQueryValueA
0x466344 GetFileVersionInfoSizeA
0x466348 GetFileVersionInfoA
gdi32.dll
0x466350 UnrealizeObject
0x466354 StretchBlt
0x466358 SetWindowOrgEx
0x46635c SetWindowExtEx
0x466360 SetWinMetaFileBits
0x466364 SetViewportOrgEx
0x466368 SetViewportExtEx
0x46636c SetTextColor
0x466370 SetStretchBltMode
0x466374 SetROP2
0x466378 SetPixel
0x46637c SetMapMode
0x466380 SetEnhMetaFileBits
0x466384 SetDIBColorTable
0x466388 SetBrushOrgEx
0x46638c SetBkMode
0x466390 SetBkColor
0x466394 SelectPalette
0x466398 SelectObject
0x46639c SelectClipRgn
0x4663a0 SaveDC
0x4663a4 RestoreDC
0x4663a8 RectVisible
0x4663ac RealizePalette
0x4663b0 PolyPolyline
0x4663b4 PlayEnhMetaFile
0x4663b8 PatBlt
0x4663bc MoveToEx
0x4663c0 MaskBlt
0x4663c4 LineTo
0x4663c8 IntersectClipRect
0x4663cc GetWindowOrgEx
0x4663d0 GetWinMetaFileBits
0x4663d4 GetTextMetricsA
0x4663d8 GetTextExtentPoint32A
0x4663dc GetSystemPaletteEntries
0x4663e0 GetStockObject
0x4663e4 GetPixel
0x4663e8 GetPaletteEntries
0x4663ec GetObjectA
0x4663f0 GetEnhMetaFilePaletteEntries
0x4663f4 GetEnhMetaFileHeader
0x4663f8 GetEnhMetaFileBits
0x4663fc GetDeviceCaps
0x466400 GetDIBits
0x466404 GetDIBColorTable
0x466408 GetDCOrgEx
0x46640c GetCurrentPositionEx
0x466410 GetClipBox
0x466414 GetBrushOrgEx
0x466418 GetBitmapBits
0x46641c ExtCreatePen
0x466420 ExcludeClipRect
0x466424 DeleteObject
0x466428 DeleteEnhMetaFile
0x46642c DeleteDC
0x466430 CreateSolidBrush
0x466434 CreatePenIndirect
0x466438 CreatePalette
0x46643c CreateHalftonePalette
0x466440 CreateFontIndirectA
0x466444 CreateDIBitmap
0x466448 CreateDIBSection
0x46644c CreateCompatibleDC
0x466450 CreateCompatibleBitmap
0x466454 CreateBrushIndirect
0x466458 CreateBitmap
0x46645c CopyEnhMetaFileA
0x466460 BitBlt
user32.dll
0x466468 CreateWindowExA
0x46646c WindowFromPoint
0x466470 WinHelpA
0x466474 WaitMessage
0x466478 ValidateRect
0x46647c UpdateWindow
0x466480 UnregisterClassA
0x466484 UnionRect
0x466488 UnhookWindowsHookEx
0x46648c TranslateMessage
0x466490 TranslateMDISysAccel
0x466494 TrackPopupMenu
0x466498 SystemParametersInfoA
0x46649c ShowWindow
0x4664a0 ShowScrollBar
0x4664a4 ShowOwnedPopups
0x4664a8 ShowCursor
0x4664ac SetWindowsHookExA
0x4664b0 SetWindowTextA
0x4664b4 SetWindowPos
0x4664b8 SetWindowPlacement
0x4664bc SetWindowLongA
0x4664c0 SetTimer
0x4664c4 SetScrollRange
0x4664c8 SetScrollPos
0x4664cc SetScrollInfo
0x4664d0 SetRect
0x4664d4 SetPropA
0x4664d8 SetParent
0x4664dc SetMenuItemInfoA
0x4664e0 SetMenu
0x4664e4 SetKeyboardState
0x4664e8 SetForegroundWindow
0x4664ec SetFocus
0x4664f0 SetCursor
0x4664f4 SetClipboardData
0x4664f8 SetClassLongA
0x4664fc SetCapture
0x466500 SetActiveWindow
0x466504 SendMessageA
0x466508 ScrollWindowEx
0x46650c ScrollWindow
0x466510 ScreenToClient
0x466514 RemovePropA
0x466518 RemoveMenu
0x46651c ReleaseDC
0x466520 ReleaseCapture
0x466524 RegisterWindowMessageA
0x466528 RegisterClipboardFormatA
0x46652c RegisterClassA
0x466530 RedrawWindow
0x466534 PtInRect
0x466538 PostQuitMessage
0x46653c PostMessageA
0x466540 PeekMessageA
0x466544 OpenClipboard
0x466548 OffsetRect
0x46654c OemToCharA
0x466550 MessageBoxA
0x466554 MessageBeep
0x466558 MapWindowPoints
0x46655c MapVirtualKeyA
0x466560 LoadStringA
0x466564 LoadKeyboardLayoutA
0x466568 LoadIconA
0x46656c LoadCursorA
0x466570 LoadBitmapA
0x466574 KillTimer
0x466578 IsZoomed
0x46657c IsWindowVisible
0x466580 IsWindowEnabled
0x466584 IsWindow
0x466588 IsRectEmpty
0x46658c IsIconic
0x466590 IsDialogMessageA
0x466594 IsClipboardFormatAvailable
0x466598 IsChild
0x46659c IsCharAlphaNumericA
0x4665a0 IsCharAlphaA
0x4665a4 InvalidateRect
0x4665a8 IntersectRect
0x4665ac InsertMenuItemA
0x4665b0 InsertMenuA
0x4665b4 InflateRect
0x4665b8 GetWindowThreadProcessId
0x4665bc GetWindowTextA
0x4665c0 GetWindowRect
0x4665c4 GetWindowPlacement
0x4665c8 GetWindowLongA
0x4665cc GetWindowDC
0x4665d0 GetWindowContextHelpId
0x4665d4 GetTopWindow
0x4665d8 GetSystemMetrics
0x4665dc GetSystemMenu
0x4665e0 GetSysColorBrush
0x4665e4 GetSysColor
0x4665e8 GetSubMenu
0x4665ec GetScrollRange
0x4665f0 GetScrollPos
0x4665f4 GetScrollInfo
0x4665f8 GetPropA
0x4665fc GetParent
0x466600 GetWindow
0x466604 GetMessageTime
0x466608 GetMenuStringA
0x46660c GetMenuState
0x466610 GetMenuItemInfoA
0x466614 GetMenuItemID
0x466618 GetMenuItemCount
0x46661c GetMenuContextHelpId
0x466620 GetMenu
0x466624 GetLastActivePopup
0x466628 GetKeyboardState
0x46662c GetKeyboardLayoutList
0x466630 GetKeyboardLayout
0x466634 GetKeyState
0x466638 GetKeyNameTextA
0x46663c GetKBCodePage
0x466640 GetIconInfo
0x466644 GetForegroundWindow
0x466648 GetFocus
0x46664c GetDoubleClickTime
0x466650 GetDlgItem
0x466654 GetDesktopWindow
0x466658 GetDCEx
0x46665c GetDC
0x466660 GetCursorPos
0x466664 GetCursor
0x466668 GetClipboardData
0x46666c GetClientRect
0x466670 GetClassNameA
0x466674 GetClassInfoA
0x466678 GetCaretPos
0x46667c GetCapture
0x466680 GetActiveWindow
0x466684 FrameRect
0x466688 FindWindowA
0x46668c FillRect
0x466690 EqualRect
0x466694 EnumWindows
0x466698 EnumThreadWindows
0x46669c EnumClipboardFormats
0x4666a0 EndPaint
0x4666a4 EndDeferWindowPos
0x4666a8 EnableWindow
0x4666ac EnableScrollBar
0x4666b0 EnableMenuItem
0x4666b4 EmptyClipboard
0x4666b8 DrawTextA
0x4666bc DrawMenuBar
0x4666c0 DrawIconEx
0x4666c4 DrawIcon
0x4666c8 DrawFrameControl
0x4666cc DrawFocusRect
0x4666d0 DrawEdge
0x4666d4 DispatchMessageA
0x4666d8 DestroyWindow
0x4666dc DestroyMenu
0x4666e0 DestroyIcon
0x4666e4 DestroyCursor
0x4666e8 DestroyCaret
0x4666ec DeleteMenu
0x4666f0 DeferWindowPos
0x4666f4 DefWindowProcA
0x4666f8 DefMDIChildProcA
0x4666fc DefFrameProcA
0x466700 CreatePopupMenu
0x466704 CreateMenu
0x466708 CreateIcon
0x46670c CloseClipboard
0x466710 ClientToScreen
0x466714 CheckMenuItem
0x466718 CallWindowProcA
0x46671c CallNextHookEx
0x466720 BeginPaint
0x466724 BeginDeferWindowPos
0x466728 CharNextA
0x46672c CharLowerBuffA
0x466730 CharLowerA
0x466734 CharUpperBuffA
0x466738 CharToOemA
0x46673c AdjustWindowRectEx
0x466740 ActivateKeyboardLayout
kernel32.dll
0x466748 Sleep
oleaut32.dll
0x466750 SafeArrayPtrOfIndex
0x466754 SafeArrayGetUBound
0x466758 SafeArrayGetLBound
0x46675c SafeArrayCreate
0x466760 VariantChangeType
0x466764 VariantCopy
0x466768 VariantClear
0x46676c VariantInit
comctl32.dll
0x466774 ImageList_SetIconSize
0x466778 ImageList_GetIconSize
0x46677c ImageList_Write
0x466780 ImageList_Read
0x466784 ImageList_GetDragImage
0x466788 ImageList_DragShowNolock
0x46678c ImageList_SetDragCursorImage
0x466790 ImageList_DragMove
0x466794 ImageList_DragLeave
0x466798 ImageList_DragEnter
0x46679c ImageList_EndDrag
0x4667a0 ImageList_BeginDrag
0x4667a4 ImageList_Remove
0x4667a8 ImageList_DrawEx
0x4667ac ImageList_Draw
0x4667b0 ImageList_GetBkColor
0x4667b4 ImageList_SetBkColor
0x4667b8 ImageList_ReplaceIcon
0x4667bc ImageList_Add
0x4667c0 ImageList_GetImageCount
0x4667c4 ImageList_Destroy
0x4667c8 ImageList_Create
comdlg32.dll
0x4667d0 GetSaveFileNameA
0x4667d4 GetOpenFileNameA
kernel32.dll
0x4667dc MulDiv
kernel32.dll
0x4667e4 FreeConsole
EAT(Export Address Table) is none