ScreenShot
| Created | 2023.12.18 07:50 | Machine | s1_win7_x6401 |
| Filename | TierDiagnosis.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 48 detected (AIDetectMalware, Malicious, score, GenericKD, Infected, AsyncRAT, Vyxj, Delf, DropperX, Generic@AI, RDML, iHeXxLKlS01cvpkjzzcMoA, Nekark, eajia, Siggen22, YXDLMZ, GenKD, ABRisk, XLHO, Malware@#vefedprwo46l, ScarletFlash, Detected, Artemis, ai score=87, TScope, unsafe, Chgt, Wylw, susgen, PossibleThreat, confidence, 100%) | ||
| md5 | 2e600b1ff7cd82c6402bb280720ced61 | ||
| sha256 | c2ae169495738288c01df97f582da3db67e4f4d4514be563a7e2cbc069b76448 | ||
| ssdeep | 24576:w+7dsbKHIny1loKiqxsbOMVolrhuXvc9Ft2rmeOaNRRL:Non782UTt2rm1KDL | ||
| imphash | 2991d2c176248f75cc944dd85863c8ff | ||
| impfuzzy | 192:ocbNSRuujrEUh99IFobNkJxmFHjqz1k5POQMxpYd:5NejT9FkMk12POQMxGd | ||
Network IP location
Signature (25cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Expresses interest in specific running processes |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | One or more potentially interesting buffers were extracted |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (48cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | schtasks_Zero | task schedule | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | Hijack_Network | Hijack network configuration | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | local_credential_Steal | Steal credential | memory |
| notice | Network_DGA | Communication using DGA | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_FTP | Communications over FTP | memory |
| notice | Network_HTTP | Communications over HTTP | memory |
| notice | Network_P2P_Win | Communications over P2P network | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | Persistence | Install itself for autorun at Windows startup | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Http_API | Match Windows Http API call | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | antisb_threatExpert | Anti-Sandbox checks for ThreatExpert | memory |
| info | Check_Dlls | (no description) | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerCheck__RemoteAPI | (no description) | memory |
| info | DebuggerException__ConsoleCtrl | (no description) | memory |
| info | DebuggerException__SetConsoleCtrl | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x482858 SysFreeString
0x48285c SysReAllocStringLen
0x482860 SysAllocStringLen
advapi32.dll
0x482868 RegQueryValueExW
0x48286c RegOpenKeyExW
0x482870 RegCloseKey
user32.dll
0x482878 GetKeyboardType
0x48287c LoadStringW
0x482880 MessageBoxA
0x482884 CharNextW
kernel32.dll
0x48288c GetACP
0x482890 Sleep
0x482894 VirtualFree
0x482898 VirtualAlloc
0x48289c GetSystemInfo
0x4828a0 GetVersion
0x4828a4 GetCurrentThreadId
0x4828a8 VirtualQuery
0x4828ac WideCharToMultiByte
0x4828b0 MultiByteToWideChar
0x4828b4 lstrlenW
0x4828b8 lstrcpynW
0x4828bc LoadLibraryExW
0x4828c0 GetThreadLocale
0x4828c4 GetStartupInfoA
0x4828c8 GetProcAddress
0x4828cc GetModuleHandleW
0x4828d0 GetModuleFileNameW
0x4828d4 GetLocaleInfoW
0x4828d8 GetCommandLineW
0x4828dc FreeLibrary
0x4828e0 FindFirstFileW
0x4828e4 FindClose
0x4828e8 ExitProcess
0x4828ec ExitThread
0x4828f0 CreateThread
0x4828f4 CompareStringW
0x4828f8 WriteFile
0x4828fc UnhandledExceptionFilter
0x482900 RtlUnwind
0x482904 RaiseException
0x482908 GetStdHandle
0x48290c CloseHandle
kernel32.dll
0x482914 TlsSetValue
0x482918 TlsGetValue
0x48291c LocalAlloc
0x482920 GetModuleHandleW
user32.dll
0x482928 CreateWindowExW
0x48292c WindowFromPoint
0x482930 WaitMessage
0x482934 UpdateWindow
0x482938 UnregisterClassW
0x48293c UnhookWindowsHookEx
0x482940 TranslateMessage
0x482944 TranslateMDISysAccel
0x482948 TrackPopupMenu
0x48294c SystemParametersInfoW
0x482950 ShowWindow
0x482954 ShowScrollBar
0x482958 ShowOwnedPopups
0x48295c SetWindowsHookExW
0x482960 SetWindowTextW
0x482964 SetWindowPos
0x482968 SetWindowPlacement
0x48296c SetWindowLongW
0x482970 SetTimer
0x482974 SetScrollRange
0x482978 SetScrollPos
0x48297c SetScrollInfo
0x482980 SetRect
0x482984 SetPropW
0x482988 SetParent
0x48298c SetMenuItemInfoW
0x482990 SetMenu
0x482994 SetForegroundWindow
0x482998 SetFocus
0x48299c SetCursor
0x4829a0 SetClassLongW
0x4829a4 SetCapture
0x4829a8 SetActiveWindow
0x4829ac SendMessageA
0x4829b0 SendMessageW
0x4829b4 SendDlgItemMessageW
0x4829b8 ScrollWindow
0x4829bc ScreenToClient
0x4829c0 RemovePropW
0x4829c4 RemoveMenu
0x4829c8 ReleaseDC
0x4829cc ReleaseCapture
0x4829d0 RegisterWindowMessageW
0x4829d4 RegisterClipboardFormatW
0x4829d8 RegisterClassW
0x4829dc RedrawWindow
0x4829e0 PostQuitMessage
0x4829e4 PostMessageW
0x4829e8 PeekMessageA
0x4829ec PeekMessageW
0x4829f0 OffsetRect
0x4829f4 MsgWaitForMultipleObjectsEx
0x4829f8 MsgWaitForMultipleObjects
0x4829fc MessageBoxW
0x482a00 MapWindowPoints
0x482a04 MapVirtualKeyW
0x482a08 LoadStringW
0x482a0c LoadKeyboardLayoutW
0x482a10 LoadIconW
0x482a14 LoadCursorW
0x482a18 LoadBitmapW
0x482a1c KillTimer
0x482a20 IsZoomed
0x482a24 IsWindowVisible
0x482a28 IsWindowUnicode
0x482a2c IsWindowEnabled
0x482a30 IsWindow
0x482a34 IsIconic
0x482a38 IsDialogMessageA
0x482a3c IsDialogMessageW
0x482a40 IsChild
0x482a44 InvalidateRect
0x482a48 IntersectRect
0x482a4c InsertMenuItemW
0x482a50 InsertMenuW
0x482a54 InflateRect
0x482a58 GetWindowThreadProcessId
0x482a5c GetWindowTextW
0x482a60 GetWindowRect
0x482a64 GetWindowPlacement
0x482a68 GetWindowLongW
0x482a6c GetWindowDC
0x482a70 GetWindowContextHelpId
0x482a74 GetTopWindow
0x482a78 GetSystemMetrics
0x482a7c GetSystemMenu
0x482a80 GetSysColorBrush
0x482a84 GetSysColor
0x482a88 GetSubMenu
0x482a8c GetScrollRange
0x482a90 GetScrollPos
0x482a94 GetScrollInfo
0x482a98 GetPropW
0x482a9c GetParent
0x482aa0 GetWindow
0x482aa4 GetMessagePos
0x482aa8 GetMenuStringW
0x482aac GetMenuState
0x482ab0 GetMenuItemInfoW
0x482ab4 GetMenuItemID
0x482ab8 GetMenuItemCount
0x482abc GetMenu
0x482ac0 GetLastActivePopup
0x482ac4 GetKeyboardState
0x482ac8 GetKeyboardLayoutNameW
0x482acc GetKeyboardLayoutList
0x482ad0 GetKeyboardLayout
0x482ad4 GetKeyState
0x482ad8 GetKeyNameTextW
0x482adc GetKBCodePage
0x482ae0 GetIconInfo
0x482ae4 GetForegroundWindow
0x482ae8 GetFocus
0x482aec GetDlgCtrlID
0x482af0 GetDesktopWindow
0x482af4 GetDCEx
0x482af8 GetDC
0x482afc GetCursorPos
0x482b00 GetCursor
0x482b04 GetClipboardData
0x482b08 GetClientRect
0x482b0c GetClassLongW
0x482b10 GetClassInfoW
0x482b14 GetCapture
0x482b18 GetActiveWindow
0x482b1c FrameRect
0x482b20 FindWindowExW
0x482b24 FindWindowW
0x482b28 FillRect
0x482b2c EnumWindows
0x482b30 EnumThreadWindows
0x482b34 EnumClipboardFormats
0x482b38 EnumChildWindows
0x482b3c EndPaint
0x482b40 EnableWindow
0x482b44 EnableScrollBar
0x482b48 EnableMenuItem
0x482b4c DrawTextExW
0x482b50 DrawTextW
0x482b54 DrawMenuBar
0x482b58 DrawIconEx
0x482b5c DrawIcon
0x482b60 DrawFrameControl
0x482b64 DrawFocusRect
0x482b68 DrawEdge
0x482b6c DispatchMessageA
0x482b70 DispatchMessageW
0x482b74 DestroyWindow
0x482b78 DestroyMenu
0x482b7c DestroyIcon
0x482b80 DestroyCursor
0x482b84 DestroyCaret
0x482b88 DeleteMenu
0x482b8c DefWindowProcW
0x482b90 DefMDIChildProcW
0x482b94 DefFrameProcW
0x482b98 CreatePopupMenu
0x482b9c CreateMenu
0x482ba0 CreateIcon
0x482ba4 ClientToScreen
0x482ba8 CheckMenuItem
0x482bac CharUpperBuffW
0x482bb0 CharToOemW
0x482bb4 CharNextW
0x482bb8 CharLowerBuffW
0x482bbc CharLowerW
0x482bc0 CallWindowProcW
0x482bc4 CallNextHookEx
0x482bc8 BeginPaint
0x482bcc AdjustWindowRectEx
0x482bd0 ActivateKeyboardLayout
msimg32.dll
0x482bd8 AlphaBlend
gdi32.dll
0x482be0 UnrealizeObject
0x482be4 StretchBlt
0x482be8 SetWindowOrgEx
0x482bec SetWinMetaFileBits
0x482bf0 SetViewportOrgEx
0x482bf4 SetTextColor
0x482bf8 SetStretchBltMode
0x482bfc SetROP2
0x482c00 SetPixel
0x482c04 SetEnhMetaFileBits
0x482c08 SetDIBColorTable
0x482c0c SetBrushOrgEx
0x482c10 SetBkMode
0x482c14 SetBkColor
0x482c18 SelectPalette
0x482c1c SelectObject
0x482c20 SelectClipPath
0x482c24 SaveDC
0x482c28 RestoreDC
0x482c2c Rectangle
0x482c30 RectVisible
0x482c34 RealizePalette
0x482c38 Polyline
0x482c3c PlayEnhMetaFile
0x482c40 PatBlt
0x482c44 MoveToEx
0x482c48 MaskBlt
0x482c4c LineTo
0x482c50 IntersectClipRect
0x482c54 GetWindowOrgEx
0x482c58 GetWinMetaFileBits
0x482c5c GetTextMetricsW
0x482c60 GetTextExtentPoint32W
0x482c64 GetSystemPaletteEntries
0x482c68 GetStockObject
0x482c6c GetRgnBox
0x482c70 GetPixel
0x482c74 GetPaletteEntries
0x482c78 GetObjectW
0x482c7c GetEnhMetaFilePaletteEntries
0x482c80 GetEnhMetaFileHeader
0x482c84 GetEnhMetaFileBits
0x482c88 GetDeviceCaps
0x482c8c GetDIBits
0x482c90 GetDIBColorTable
0x482c94 GetDCOrgEx
0x482c98 GetCurrentPositionEx
0x482c9c GetClipBox
0x482ca0 GetBrushOrgEx
0x482ca4 GetBitmapBits
0x482ca8 FrameRgn
0x482cac ExcludeClipRect
0x482cb0 EndPath
0x482cb4 EndPage
0x482cb8 EndDoc
0x482cbc DeleteObject
0x482cc0 DeleteEnhMetaFile
0x482cc4 DeleteDC
0x482cc8 CreateSolidBrush
0x482ccc CreateRectRgn
0x482cd0 CreatePenIndirect
0x482cd4 CreatePalette
0x482cd8 CreateICW
0x482cdc CreateHalftonePalette
0x482ce0 CreateFontIndirectW
0x482ce4 CreateDIBitmap
0x482ce8 CreateDIBSection
0x482cec CreateDCW
0x482cf0 CreateCompatibleDC
0x482cf4 CreateCompatibleBitmap
0x482cf8 CreateBrushIndirect
0x482cfc CreateBitmap
0x482d00 CopyEnhMetaFileW
0x482d04 BitBlt
0x482d08 BeginPath
version.dll
0x482d10 VerQueryValueW
0x482d14 GetFileVersionInfoSizeW
0x482d18 GetFileVersionInfoW
kernel32.dll
0x482d20 lstrcpyW
0x482d24 WriteFile
0x482d28 WideCharToMultiByte
0x482d2c WaitForSingleObject
0x482d30 WaitForMultipleObjectsEx
0x482d34 VirtualQueryEx
0x482d38 VirtualQuery
0x482d3c VirtualAlloc
0x482d40 SwitchToThread
0x482d44 SizeofResource
0x482d48 SignalObjectAndWait
0x482d4c SetThreadLocale
0x482d50 SetLastError
0x482d54 SetFilePointer
0x482d58 SetEvent
0x482d5c SetErrorMode
0x482d60 SetEndOfFile
0x482d64 ResumeThread
0x482d68 ResetEvent
0x482d6c ReadFile
0x482d70 MultiByteToWideChar
0x482d74 MulDiv
0x482d78 LockResource
0x482d7c LoadResource
0x482d80 LoadLibraryW
0x482d84 LeaveCriticalSection
0x482d88 InitializeCriticalSection
0x482d8c GlobalUnlock
0x482d90 GlobalLock
0x482d94 GlobalFree
0x482d98 GlobalFindAtomW
0x482d9c GlobalDeleteAtom
0x482da0 GlobalAlloc
0x482da4 GlobalAddAtomW
0x482da8 GetVersionExW
0x482dac GetVersion
0x482db0 GetTickCount
0x482db4 GetThreadLocale
0x482db8 GetStdHandle
0x482dbc GetProfileStringW
0x482dc0 GetProcAddress
0x482dc4 GetModuleHandleW
0x482dc8 GetModuleFileNameW
0x482dcc GetLocaleInfoW
0x482dd0 GetLocalTime
0x482dd4 GetLastError
0x482dd8 GetFullPathNameW
0x482ddc GetExitCodeThread
0x482de0 GetDiskFreeSpaceW
0x482de4 GetDateFormatW
0x482de8 GetCurrentThreadId
0x482dec GetCurrentThread
0x482df0 GetCurrentProcessId
0x482df4 GetCurrentProcess
0x482df8 GetCPInfo
0x482dfc FreeResource
0x482e00 InterlockedIncrement
0x482e04 InterlockedExchangeAdd
0x482e08 InterlockedExchange
0x482e0c InterlockedDecrement
0x482e10 InterlockedCompareExchange
0x482e14 FreeLibrary
0x482e18 FormatMessageW
0x482e1c FindResourceW
0x482e20 EnumCalendarInfoA
0x482e24 EnterCriticalSection
0x482e28 DeleteCriticalSection
0x482e2c DeleteAtom
0x482e30 CreateThread
0x482e34 CreateFileW
0x482e38 CreateEventW
0x482e3c CreateDirectoryW
0x482e40 CompareStringW
0x482e44 CloseHandle
advapi32.dll
0x482e4c RegQueryValueExW
0x482e50 RegOpenKeyExW
0x482e54 RegFlushKey
0x482e58 RegCloseKey
ole32.dll
0x482e60 OleUninitialize
0x482e64 OleInitialize
kernel32.dll
0x482e6c Sleep
oleaut32.dll
0x482e74 SafeArrayPtrOfIndex
0x482e78 SafeArrayGetUBound
0x482e7c SafeArrayGetLBound
0x482e80 SafeArrayCreate
0x482e84 VariantChangeType
0x482e88 VariantCopy
0x482e8c VariantClear
0x482e90 VariantInit
comctl32.dll
0x482e98 InitializeFlatSB
0x482e9c FlatSB_SetScrollProp
0x482ea0 FlatSB_SetScrollPos
0x482ea4 FlatSB_SetScrollInfo
0x482ea8 FlatSB_GetScrollPos
0x482eac FlatSB_GetScrollInfo
0x482eb0 _TrackMouseEvent
0x482eb4 ImageList_SetIconSize
0x482eb8 ImageList_GetIconSize
0x482ebc ImageList_Write
0x482ec0 ImageList_Read
0x482ec4 ImageList_GetDragImage
0x482ec8 ImageList_DragShowNolock
0x482ecc ImageList_DragMove
0x482ed0 ImageList_DragLeave
0x482ed4 ImageList_DragEnter
0x482ed8 ImageList_EndDrag
0x482edc ImageList_BeginDrag
0x482ee0 ImageList_Remove
0x482ee4 ImageList_DrawEx
0x482ee8 ImageList_Replace
0x482eec ImageList_Draw
0x482ef0 ImageList_GetBkColor
0x482ef4 ImageList_SetBkColor
0x482ef8 ImageList_Add
0x482efc ImageList_SetImageCount
0x482f00 ImageList_GetImageCount
0x482f04 ImageList_Destroy
0x482f08 ImageList_Create
comdlg32.dll
0x482f10 ChooseFontW
winspool.drv
0x482f18 OpenPrinterW
0x482f1c EnumPrintersW
0x482f20 DocumentPropertiesW
0x482f24 ClosePrinter
kernel32.dll
0x482f2c FreeConsole
EAT(Export Address Table) is none
oleaut32.dll
0x482858 SysFreeString
0x48285c SysReAllocStringLen
0x482860 SysAllocStringLen
advapi32.dll
0x482868 RegQueryValueExW
0x48286c RegOpenKeyExW
0x482870 RegCloseKey
user32.dll
0x482878 GetKeyboardType
0x48287c LoadStringW
0x482880 MessageBoxA
0x482884 CharNextW
kernel32.dll
0x48288c GetACP
0x482890 Sleep
0x482894 VirtualFree
0x482898 VirtualAlloc
0x48289c GetSystemInfo
0x4828a0 GetVersion
0x4828a4 GetCurrentThreadId
0x4828a8 VirtualQuery
0x4828ac WideCharToMultiByte
0x4828b0 MultiByteToWideChar
0x4828b4 lstrlenW
0x4828b8 lstrcpynW
0x4828bc LoadLibraryExW
0x4828c0 GetThreadLocale
0x4828c4 GetStartupInfoA
0x4828c8 GetProcAddress
0x4828cc GetModuleHandleW
0x4828d0 GetModuleFileNameW
0x4828d4 GetLocaleInfoW
0x4828d8 GetCommandLineW
0x4828dc FreeLibrary
0x4828e0 FindFirstFileW
0x4828e4 FindClose
0x4828e8 ExitProcess
0x4828ec ExitThread
0x4828f0 CreateThread
0x4828f4 CompareStringW
0x4828f8 WriteFile
0x4828fc UnhandledExceptionFilter
0x482900 RtlUnwind
0x482904 RaiseException
0x482908 GetStdHandle
0x48290c CloseHandle
kernel32.dll
0x482914 TlsSetValue
0x482918 TlsGetValue
0x48291c LocalAlloc
0x482920 GetModuleHandleW
user32.dll
0x482928 CreateWindowExW
0x48292c WindowFromPoint
0x482930 WaitMessage
0x482934 UpdateWindow
0x482938 UnregisterClassW
0x48293c UnhookWindowsHookEx
0x482940 TranslateMessage
0x482944 TranslateMDISysAccel
0x482948 TrackPopupMenu
0x48294c SystemParametersInfoW
0x482950 ShowWindow
0x482954 ShowScrollBar
0x482958 ShowOwnedPopups
0x48295c SetWindowsHookExW
0x482960 SetWindowTextW
0x482964 SetWindowPos
0x482968 SetWindowPlacement
0x48296c SetWindowLongW
0x482970 SetTimer
0x482974 SetScrollRange
0x482978 SetScrollPos
0x48297c SetScrollInfo
0x482980 SetRect
0x482984 SetPropW
0x482988 SetParent
0x48298c SetMenuItemInfoW
0x482990 SetMenu
0x482994 SetForegroundWindow
0x482998 SetFocus
0x48299c SetCursor
0x4829a0 SetClassLongW
0x4829a4 SetCapture
0x4829a8 SetActiveWindow
0x4829ac SendMessageA
0x4829b0 SendMessageW
0x4829b4 SendDlgItemMessageW
0x4829b8 ScrollWindow
0x4829bc ScreenToClient
0x4829c0 RemovePropW
0x4829c4 RemoveMenu
0x4829c8 ReleaseDC
0x4829cc ReleaseCapture
0x4829d0 RegisterWindowMessageW
0x4829d4 RegisterClipboardFormatW
0x4829d8 RegisterClassW
0x4829dc RedrawWindow
0x4829e0 PostQuitMessage
0x4829e4 PostMessageW
0x4829e8 PeekMessageA
0x4829ec PeekMessageW
0x4829f0 OffsetRect
0x4829f4 MsgWaitForMultipleObjectsEx
0x4829f8 MsgWaitForMultipleObjects
0x4829fc MessageBoxW
0x482a00 MapWindowPoints
0x482a04 MapVirtualKeyW
0x482a08 LoadStringW
0x482a0c LoadKeyboardLayoutW
0x482a10 LoadIconW
0x482a14 LoadCursorW
0x482a18 LoadBitmapW
0x482a1c KillTimer
0x482a20 IsZoomed
0x482a24 IsWindowVisible
0x482a28 IsWindowUnicode
0x482a2c IsWindowEnabled
0x482a30 IsWindow
0x482a34 IsIconic
0x482a38 IsDialogMessageA
0x482a3c IsDialogMessageW
0x482a40 IsChild
0x482a44 InvalidateRect
0x482a48 IntersectRect
0x482a4c InsertMenuItemW
0x482a50 InsertMenuW
0x482a54 InflateRect
0x482a58 GetWindowThreadProcessId
0x482a5c GetWindowTextW
0x482a60 GetWindowRect
0x482a64 GetWindowPlacement
0x482a68 GetWindowLongW
0x482a6c GetWindowDC
0x482a70 GetWindowContextHelpId
0x482a74 GetTopWindow
0x482a78 GetSystemMetrics
0x482a7c GetSystemMenu
0x482a80 GetSysColorBrush
0x482a84 GetSysColor
0x482a88 GetSubMenu
0x482a8c GetScrollRange
0x482a90 GetScrollPos
0x482a94 GetScrollInfo
0x482a98 GetPropW
0x482a9c GetParent
0x482aa0 GetWindow
0x482aa4 GetMessagePos
0x482aa8 GetMenuStringW
0x482aac GetMenuState
0x482ab0 GetMenuItemInfoW
0x482ab4 GetMenuItemID
0x482ab8 GetMenuItemCount
0x482abc GetMenu
0x482ac0 GetLastActivePopup
0x482ac4 GetKeyboardState
0x482ac8 GetKeyboardLayoutNameW
0x482acc GetKeyboardLayoutList
0x482ad0 GetKeyboardLayout
0x482ad4 GetKeyState
0x482ad8 GetKeyNameTextW
0x482adc GetKBCodePage
0x482ae0 GetIconInfo
0x482ae4 GetForegroundWindow
0x482ae8 GetFocus
0x482aec GetDlgCtrlID
0x482af0 GetDesktopWindow
0x482af4 GetDCEx
0x482af8 GetDC
0x482afc GetCursorPos
0x482b00 GetCursor
0x482b04 GetClipboardData
0x482b08 GetClientRect
0x482b0c GetClassLongW
0x482b10 GetClassInfoW
0x482b14 GetCapture
0x482b18 GetActiveWindow
0x482b1c FrameRect
0x482b20 FindWindowExW
0x482b24 FindWindowW
0x482b28 FillRect
0x482b2c EnumWindows
0x482b30 EnumThreadWindows
0x482b34 EnumClipboardFormats
0x482b38 EnumChildWindows
0x482b3c EndPaint
0x482b40 EnableWindow
0x482b44 EnableScrollBar
0x482b48 EnableMenuItem
0x482b4c DrawTextExW
0x482b50 DrawTextW
0x482b54 DrawMenuBar
0x482b58 DrawIconEx
0x482b5c DrawIcon
0x482b60 DrawFrameControl
0x482b64 DrawFocusRect
0x482b68 DrawEdge
0x482b6c DispatchMessageA
0x482b70 DispatchMessageW
0x482b74 DestroyWindow
0x482b78 DestroyMenu
0x482b7c DestroyIcon
0x482b80 DestroyCursor
0x482b84 DestroyCaret
0x482b88 DeleteMenu
0x482b8c DefWindowProcW
0x482b90 DefMDIChildProcW
0x482b94 DefFrameProcW
0x482b98 CreatePopupMenu
0x482b9c CreateMenu
0x482ba0 CreateIcon
0x482ba4 ClientToScreen
0x482ba8 CheckMenuItem
0x482bac CharUpperBuffW
0x482bb0 CharToOemW
0x482bb4 CharNextW
0x482bb8 CharLowerBuffW
0x482bbc CharLowerW
0x482bc0 CallWindowProcW
0x482bc4 CallNextHookEx
0x482bc8 BeginPaint
0x482bcc AdjustWindowRectEx
0x482bd0 ActivateKeyboardLayout
msimg32.dll
0x482bd8 AlphaBlend
gdi32.dll
0x482be0 UnrealizeObject
0x482be4 StretchBlt
0x482be8 SetWindowOrgEx
0x482bec SetWinMetaFileBits
0x482bf0 SetViewportOrgEx
0x482bf4 SetTextColor
0x482bf8 SetStretchBltMode
0x482bfc SetROP2
0x482c00 SetPixel
0x482c04 SetEnhMetaFileBits
0x482c08 SetDIBColorTable
0x482c0c SetBrushOrgEx
0x482c10 SetBkMode
0x482c14 SetBkColor
0x482c18 SelectPalette
0x482c1c SelectObject
0x482c20 SelectClipPath
0x482c24 SaveDC
0x482c28 RestoreDC
0x482c2c Rectangle
0x482c30 RectVisible
0x482c34 RealizePalette
0x482c38 Polyline
0x482c3c PlayEnhMetaFile
0x482c40 PatBlt
0x482c44 MoveToEx
0x482c48 MaskBlt
0x482c4c LineTo
0x482c50 IntersectClipRect
0x482c54 GetWindowOrgEx
0x482c58 GetWinMetaFileBits
0x482c5c GetTextMetricsW
0x482c60 GetTextExtentPoint32W
0x482c64 GetSystemPaletteEntries
0x482c68 GetStockObject
0x482c6c GetRgnBox
0x482c70 GetPixel
0x482c74 GetPaletteEntries
0x482c78 GetObjectW
0x482c7c GetEnhMetaFilePaletteEntries
0x482c80 GetEnhMetaFileHeader
0x482c84 GetEnhMetaFileBits
0x482c88 GetDeviceCaps
0x482c8c GetDIBits
0x482c90 GetDIBColorTable
0x482c94 GetDCOrgEx
0x482c98 GetCurrentPositionEx
0x482c9c GetClipBox
0x482ca0 GetBrushOrgEx
0x482ca4 GetBitmapBits
0x482ca8 FrameRgn
0x482cac ExcludeClipRect
0x482cb0 EndPath
0x482cb4 EndPage
0x482cb8 EndDoc
0x482cbc DeleteObject
0x482cc0 DeleteEnhMetaFile
0x482cc4 DeleteDC
0x482cc8 CreateSolidBrush
0x482ccc CreateRectRgn
0x482cd0 CreatePenIndirect
0x482cd4 CreatePalette
0x482cd8 CreateICW
0x482cdc CreateHalftonePalette
0x482ce0 CreateFontIndirectW
0x482ce4 CreateDIBitmap
0x482ce8 CreateDIBSection
0x482cec CreateDCW
0x482cf0 CreateCompatibleDC
0x482cf4 CreateCompatibleBitmap
0x482cf8 CreateBrushIndirect
0x482cfc CreateBitmap
0x482d00 CopyEnhMetaFileW
0x482d04 BitBlt
0x482d08 BeginPath
version.dll
0x482d10 VerQueryValueW
0x482d14 GetFileVersionInfoSizeW
0x482d18 GetFileVersionInfoW
kernel32.dll
0x482d20 lstrcpyW
0x482d24 WriteFile
0x482d28 WideCharToMultiByte
0x482d2c WaitForSingleObject
0x482d30 WaitForMultipleObjectsEx
0x482d34 VirtualQueryEx
0x482d38 VirtualQuery
0x482d3c VirtualAlloc
0x482d40 SwitchToThread
0x482d44 SizeofResource
0x482d48 SignalObjectAndWait
0x482d4c SetThreadLocale
0x482d50 SetLastError
0x482d54 SetFilePointer
0x482d58 SetEvent
0x482d5c SetErrorMode
0x482d60 SetEndOfFile
0x482d64 ResumeThread
0x482d68 ResetEvent
0x482d6c ReadFile
0x482d70 MultiByteToWideChar
0x482d74 MulDiv
0x482d78 LockResource
0x482d7c LoadResource
0x482d80 LoadLibraryW
0x482d84 LeaveCriticalSection
0x482d88 InitializeCriticalSection
0x482d8c GlobalUnlock
0x482d90 GlobalLock
0x482d94 GlobalFree
0x482d98 GlobalFindAtomW
0x482d9c GlobalDeleteAtom
0x482da0 GlobalAlloc
0x482da4 GlobalAddAtomW
0x482da8 GetVersionExW
0x482dac GetVersion
0x482db0 GetTickCount
0x482db4 GetThreadLocale
0x482db8 GetStdHandle
0x482dbc GetProfileStringW
0x482dc0 GetProcAddress
0x482dc4 GetModuleHandleW
0x482dc8 GetModuleFileNameW
0x482dcc GetLocaleInfoW
0x482dd0 GetLocalTime
0x482dd4 GetLastError
0x482dd8 GetFullPathNameW
0x482ddc GetExitCodeThread
0x482de0 GetDiskFreeSpaceW
0x482de4 GetDateFormatW
0x482de8 GetCurrentThreadId
0x482dec GetCurrentThread
0x482df0 GetCurrentProcessId
0x482df4 GetCurrentProcess
0x482df8 GetCPInfo
0x482dfc FreeResource
0x482e00 InterlockedIncrement
0x482e04 InterlockedExchangeAdd
0x482e08 InterlockedExchange
0x482e0c InterlockedDecrement
0x482e10 InterlockedCompareExchange
0x482e14 FreeLibrary
0x482e18 FormatMessageW
0x482e1c FindResourceW
0x482e20 EnumCalendarInfoA
0x482e24 EnterCriticalSection
0x482e28 DeleteCriticalSection
0x482e2c DeleteAtom
0x482e30 CreateThread
0x482e34 CreateFileW
0x482e38 CreateEventW
0x482e3c CreateDirectoryW
0x482e40 CompareStringW
0x482e44 CloseHandle
advapi32.dll
0x482e4c RegQueryValueExW
0x482e50 RegOpenKeyExW
0x482e54 RegFlushKey
0x482e58 RegCloseKey
ole32.dll
0x482e60 OleUninitialize
0x482e64 OleInitialize
kernel32.dll
0x482e6c Sleep
oleaut32.dll
0x482e74 SafeArrayPtrOfIndex
0x482e78 SafeArrayGetUBound
0x482e7c SafeArrayGetLBound
0x482e80 SafeArrayCreate
0x482e84 VariantChangeType
0x482e88 VariantCopy
0x482e8c VariantClear
0x482e90 VariantInit
comctl32.dll
0x482e98 InitializeFlatSB
0x482e9c FlatSB_SetScrollProp
0x482ea0 FlatSB_SetScrollPos
0x482ea4 FlatSB_SetScrollInfo
0x482ea8 FlatSB_GetScrollPos
0x482eac FlatSB_GetScrollInfo
0x482eb0 _TrackMouseEvent
0x482eb4 ImageList_SetIconSize
0x482eb8 ImageList_GetIconSize
0x482ebc ImageList_Write
0x482ec0 ImageList_Read
0x482ec4 ImageList_GetDragImage
0x482ec8 ImageList_DragShowNolock
0x482ecc ImageList_DragMove
0x482ed0 ImageList_DragLeave
0x482ed4 ImageList_DragEnter
0x482ed8 ImageList_EndDrag
0x482edc ImageList_BeginDrag
0x482ee0 ImageList_Remove
0x482ee4 ImageList_DrawEx
0x482ee8 ImageList_Replace
0x482eec ImageList_Draw
0x482ef0 ImageList_GetBkColor
0x482ef4 ImageList_SetBkColor
0x482ef8 ImageList_Add
0x482efc ImageList_SetImageCount
0x482f00 ImageList_GetImageCount
0x482f04 ImageList_Destroy
0x482f08 ImageList_Create
comdlg32.dll
0x482f10 ChooseFontW
winspool.drv
0x482f18 OpenPrinterW
0x482f1c EnumPrintersW
0x482f20 DocumentPropertiesW
0x482f24 ClosePrinter
kernel32.dll
0x482f2c FreeConsole
EAT(Export Address Table) is none