ScreenShot
| Created | 2024.03.27 07:35 | Machine | s1_win7_x6401 |
| Filename | Point.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (Attribute, HighConfidence, Malicious, ccmw, Znyonm, BScope, Static AI, Suspicious PE, confidence) | ||
| md5 | 3e56975127f436aa5e8a9b9c7af5eb23 | ||
| sha256 | 7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e | ||
| ssdeep | 12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx | ||
| imphash | 44c9a0d6caae769769c87976fb6f71d4 | ||
| impfuzzy | 192:4pMVaFur+pdP18zLyakcncVIJT8CmaNXFoJBKPNwE:40aFo5kaAw8ChNXFoJBK/ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4b80dc ExitThread
0x4b80e0 CreateThread
0x4b80e4 ExitProcess
0x4b80e8 GetStartupInfoW
0x4b80ec RtlUnwind
0x4b80f0 HeapReAlloc
0x4b80f4 HeapSize
0x4b80f8 GetCPInfo
0x4b80fc GetACP
0x4b8100 GetOEMCP
0x4b8104 IsValidCodePage
0x4b8108 LCMapStringW
0x4b810c GetStdHandle
0x4b8110 GetModuleFileNameA
0x4b8114 GetTimeFormatA
0x4b8118 GetDateFormatA
0x4b811c HeapCreate
0x4b8120 HeapDestroy
0x4b8124 VirtualFree
0x4b8128 VirtualAlloc
0x4b812c GetConsoleCP
0x4b8130 GetConsoleMode
0x4b8134 LCMapStringA
0x4b8138 SetHandleCount
0x4b813c GetFileType
0x4b8140 GetStartupInfoA
0x4b8144 InitializeCriticalSectionAndSpinCount
0x4b8148 FreeEnvironmentStringsW
0x4b814c GetEnvironmentStringsW
0x4b8150 GetStringTypeA
0x4b8154 GetStringTypeW
0x4b8158 IsDebuggerPresent
0x4b815c GetLocaleInfoA
0x4b8160 EnumSystemLocalesA
0x4b8164 IsValidLocale
0x4b8168 WriteConsoleA
0x4b816c GetConsoleOutputCP
0x4b8170 WriteConsoleW
0x4b8174 SetStdHandle
0x4b8178 GetProcessHeap
0x4b817c CreateFileA
0x4b8180 SetEnvironmentVariableA
0x4b8184 SetUnhandledExceptionFilter
0x4b8188 HeapAlloc
0x4b818c TerminateProcess
0x4b8190 GetFileSizeEx
0x4b8194 LocalFileTimeToFileTime
0x4b8198 GetLocaleInfoW
0x4b819c CompareStringA
0x4b81a0 GetShortPathNameW
0x4b81a4 SetEndOfFile
0x4b81a8 FlushFileBuffers
0x4b81ac GlobalFlags
0x4b81b0 GlobalAddAtomW
0x4b81b4 GlobalFindAtomW
0x4b81b8 lstrcmpiA
0x4b81bc GetTempFileNameW
0x4b81c0 OpenMutexW
0x4b81c4 ReleaseMutex
0x4b81c8 HeapWalk
0x4b81cc HeapLock
0x4b81d0 OpenThread
0x4b81d4 HeapUnlock
0x4b81d8 OutputDebugStringW
0x4b81dc SetFilePointerEx
0x4b81e0 IsProcessorFeaturePresent
0x4b81e4 GlobalDeleteAtom
0x4b81e8 LoadLibraryA
0x4b81ec GetVersionExA
0x4b81f0 UnhandledExceptionFilter
0x4b81f4 HeapFree
0x4b81f8 lstrlenA
0x4b81fc lstrcmpA
0x4b8200 CompareStringW
0x4b8204 TlsFree
0x4b8208 LocalReAlloc
0x4b820c TlsSetValue
0x4b8210 TlsAlloc
0x4b8214 GlobalHandle
0x4b8218 GlobalReAlloc
0x4b821c TlsGetValue
0x4b8220 GetFullPathNameW
0x4b8224 GetLogicalDriveStringsW
0x4b8228 DeviceIoControl
0x4b822c InterlockedExchange
0x4b8230 MoveFileW
0x4b8234 GetFileAttributesW
0x4b8238 RemoveDirectoryW
0x4b823c FindClose
0x4b8240 FindNextFileW
0x4b8244 FindFirstFileW
0x4b8248 QueryPerformanceCounter
0x4b824c SetFileAttributesW
0x4b8250 lstrcmpW
0x4b8254 GlobalAlloc
0x4b8258 GlobalLock
0x4b825c GlobalUnlock
0x4b8260 SetErrorMode
0x4b8264 SetEnvironmentVariableW
0x4b8268 GetCommandLineW
0x4b826c ExpandEnvironmentStringsW
0x4b8270 lstrcmpiW
0x4b8274 lstrlenW
0x4b8278 SetFilePointer
0x4b827c InterlockedIncrement
0x4b8280 ProcessIdToSessionId
0x4b8284 FreeResource
0x4b8288 GetSystemWindowsDirectoryW
0x4b828c LocalAlloc
0x4b8290 SystemTimeToFileTime
0x4b8294 GetModuleHandleA
0x4b8298 GetTimeZoneInformation
0x4b829c LocalFree
0x4b82a0 GlobalFree
0x4b82a4 CreateMutexW
0x4b82a8 FreeConsole
0x4b82ac GetCurrentProcessId
0x4b82b0 LoadLibraryExW
0x4b82b4 GetTempPathW
0x4b82b8 GetDriveTypeW
0x4b82bc GetWindowsDirectoryW
0x4b82c0 GetUserDefaultUILanguage
0x4b82c4 SetCurrentDirectoryW
0x4b82c8 GetPrivateProfileStringW
0x4b82cc GetPrivateProfileSectionW
0x4b82d0 GetPrivateProfileSectionNamesW
0x4b82d4 Sleep
0x4b82d8 InterlockedCompareExchange
0x4b82dc GetVersionExW
0x4b82e0 GetModuleFileNameW
0x4b82e4 MultiByteToWideChar
0x4b82e8 WriteFile
0x4b82ec ReadFile
0x4b82f0 GetFileSize
0x4b82f4 CreateFileW
0x4b82f8 CopyFileW
0x4b82fc FreeLibrary
0x4b8300 LoadLibraryW
0x4b8304 GetModuleHandleW
0x4b8308 GetProcAddress
0x4b830c InterlockedDecrement
0x4b8310 MulDiv
0x4b8314 GetCurrentProcess
0x4b8318 SetEvent
0x4b831c CreateEventW
0x4b8320 ResetEvent
0x4b8324 GetTickCount
0x4b8328 WaitForSingleObject
0x4b832c WideCharToMultiByte
0x4b8330 GetSystemTimeAsFileTime
0x4b8334 DeleteFileW
0x4b8338 GetVersion
0x4b833c GetSystemDirectoryW
0x4b8340 SetLastError
0x4b8344 RaiseException
0x4b8348 DeleteCriticalSection
0x4b834c InitializeCriticalSection
0x4b8350 CreateProcessW
0x4b8354 GetLastError
0x4b8358 OpenProcess
0x4b835c FindResourceExW
0x4b8360 FindResourceW
0x4b8364 LoadResource
0x4b8368 LockResource
0x4b836c SizeofResource
0x4b8370 CloseHandle
0x4b8374 LeaveCriticalSection
0x4b8378 EnterCriticalSection
0x4b837c GetCurrentThreadId
0x4b8380 FlushInstructionCache
0x4b8384 GetUserDefaultLCID
USER32.dll
0x4b84ac GetWindowTextW
0x4b84b0 GetWindowTextLengthW
0x4b84b4 RedrawWindow
0x4b84b8 DrawTextW
0x4b84bc DispatchMessageW
0x4b84c0 TranslateMessage
0x4b84c4 GetMessageW
0x4b84c8 SetWindowTextW
0x4b84cc GetWindow
0x4b84d0 MonitorFromWindow
0x4b84d4 MapWindowPoints
0x4b84d8 IsRectEmpty
0x4b84dc IsDialogMessageW
0x4b84e0 GetClientRect
0x4b84e4 DrawIconEx
0x4b84e8 DestroyIcon
0x4b84ec GetActiveWindow
0x4b84f0 MessageBoxW
0x4b84f4 InvalidateRect
0x4b84f8 MonitorFromRect
0x4b84fc PostQuitMessage
0x4b8500 UnhookWindowsHookEx
0x4b8504 GetLastActivePopup
0x4b8508 GetSubMenu
0x4b850c GetMenuItemCount
0x4b8510 GetMenuItemID
0x4b8514 GetMenuState
0x4b8518 ValidateRect
0x4b851c CallNextHookEx
0x4b8520 SetWindowsHookExW
0x4b8524 GetSysColorBrush
0x4b8528 CheckMenuItem
0x4b852c EnableMenuItem
0x4b8530 ModifyMenuW
0x4b8534 SetCursor
0x4b8538 GetDlgCtrlID
0x4b853c GetKeyState
0x4b8540 GetWindowDC
0x4b8544 BeginPaint
0x4b8548 LoadBitmapW
0x4b854c SetWindowLongW
0x4b8550 GetWindowLongW
0x4b8554 DefWindowProcW
0x4b8558 CallWindowProcW
0x4b855c GetWindowThreadProcessId
0x4b8560 FindWindowW
0x4b8564 SendMessageTimeoutW
0x4b8568 IsWindow
0x4b856c KillTimer
0x4b8570 GetMenuCheckMarkDimensions
0x4b8574 DestroyWindow
0x4b8578 GetWindowPlacement
0x4b857c ShowWindow
0x4b8580 SetTimer
0x4b8584 IsWindowVisible
0x4b8588 RegisterClassExW
0x4b858c GetClassInfoExW
0x4b8590 SetMenu
0x4b8594 GetMessageTime
0x4b8598 GetTopWindow
0x4b859c RemovePropW
0x4b85a0 GetPropW
0x4b85a4 SetPropW
0x4b85a8 GetCapture
0x4b85ac WinHelpW
0x4b85b0 DestroyMenu
0x4b85b4 TabbedTextOutW
0x4b85b8 DrawTextExW
0x4b85bc GrayStringW
0x4b85c0 EndPaint
0x4b85c4 SetCapture
0x4b85c8 ReleaseCapture
0x4b85cc GetClassLongW
0x4b85d0 SetClassLongW
0x4b85d4 BringWindowToTop
0x4b85d8 SwitchToThisWindow
0x4b85dc GetSystemMetrics
0x4b85e0 CharNextW
0x4b85e4 PeekMessageW
0x4b85e8 DestroyAcceleratorTable
0x4b85ec InvalidateRgn
0x4b85f0 FillRect
0x4b85f4 CreateAcceleratorTableW
0x4b85f8 GetSysColor
0x4b85fc GetClassNameW
0x4b8600 GetDlgItem
0x4b8604 IsChild
0x4b8608 LoadImageW
0x4b860c LoadIconW
0x4b8610 GetDesktopWindow
0x4b8614 LoadCursorW
0x4b8618 CreateWindowExW
0x4b861c EnableWindow
0x4b8620 GetParent
0x4b8624 SendMessageW
0x4b8628 SetWindowPos
0x4b862c LoadStringW
0x4b8630 UnregisterClassA
0x4b8634 SetFocus
0x4b8638 IsWindowEnabled
0x4b863c SetRectEmpty
0x4b8640 RegisterWindowMessageW
0x4b8644 GetDC
0x4b8648 ReleaseDC
0x4b864c GetFocus
0x4b8650 CopyRect
0x4b8654 OffsetRect
0x4b8658 ClientToScreen
0x4b865c GetMessagePos
0x4b8660 PtInRect
0x4b8664 ScreenToClient
0x4b8668 MoveWindow
0x4b866c GetWindowRect
0x4b8670 GetMonitorInfoW
0x4b8674 AllowSetForegroundWindow
0x4b8678 GetForegroundWindow
0x4b867c AttachThreadInput
0x4b8680 SetForegroundWindow
0x4b8684 SetActiveWindow
0x4b8688 SetMenuItemBitmaps
0x4b868c IsIconic
0x4b8690 SystemParametersInfoA
0x4b8694 GetMenu
0x4b8698 AdjustWindowRectEx
0x4b869c RegisterClassW
0x4b86a0 PostMessageW
0x4b86a4 GetKeyboardState
0x4b86a8 keybd_event
0x4b86ac GetClassInfoW
GDI32.dll
0x4b804c ScaleWindowExtEx
0x4b8050 PtVisible
0x4b8054 SetWindowExtEx
0x4b8058 SetMapMode
0x4b805c RestoreDC
0x4b8060 SaveDC
0x4b8064 ExtTextOutW
0x4b8068 GetClipBox
0x4b806c CreateBitmap
0x4b8070 ScaleViewportExtEx
0x4b8074 SetViewportExtEx
0x4b8078 OffsetViewportOrgEx
0x4b807c Escape
0x4b8080 TextOutW
0x4b8084 RectVisible
0x4b8088 GetStockObject
0x4b808c BitBlt
0x4b8090 SetViewportOrgEx
0x4b8094 GetPixel
0x4b8098 CreateCompatibleBitmap
0x4b809c CreateFontW
0x4b80a0 SetTextColor
0x4b80a4 SetBkColor
0x4b80a8 CreateSolidBrush
0x4b80ac GetTextExtentPoint32W
0x4b80b0 GetTextMetricsW
0x4b80b4 GetObjectA
0x4b80b8 GetObjectW
0x4b80bc SelectObject
0x4b80c0 CreateCompatibleDC
0x4b80c4 DeleteDC
0x4b80c8 DeleteObject
0x4b80cc GetDeviceCaps
WINSPOOL.DRV
0x4b86ec ClosePrinter
0x4b86f0 DocumentPropertiesW
0x4b86f4 OpenPrinterW
ADVAPI32.dll
0x4b8000 RegOpenKeyExA
0x4b8004 ConvertSidToStringSidW
0x4b8008 RegQueryValueExA
0x4b800c RegDeleteValueW
0x4b8010 RegEnumKeyExW
0x4b8014 RegQueryInfoKeyW
0x4b8018 RegDeleteKeyW
0x4b801c GetSidSubAuthority
0x4b8020 GetTokenInformation
0x4b8024 OpenProcessToken
0x4b8028 RegCreateKeyExW
0x4b802c RegSetValueExW
0x4b8030 RegCloseKey
0x4b8034 RegQueryValueExW
0x4b8038 RegOpenKeyExW
0x4b803c RegEnumKeyExA
SHELL32.dll
0x4b841c SHOpenFolderAndSelectItems
0x4b8420 SHGetMalloc
0x4b8424 SHGetSpecialFolderLocation
0x4b8428 None
0x4b842c None
0x4b8430 DragAcceptFiles
0x4b8434 DragFinish
0x4b8438 DragQueryFileW
0x4b843c SHGetFileInfoW
0x4b8440 ShellExecuteExW
0x4b8444 ShellExecuteW
0x4b8448 SHGetPathFromIDListW
0x4b844c None
0x4b8450 SHGetSpecialFolderPathW
0x4b8454 SHGetFolderPathW
0x4b8458 None
ole32.dll
0x4b8870 OleLockRunning
0x4b8874 StringFromGUID2
0x4b8878 OleUninitialize
0x4b887c OleInitialize
0x4b8880 CoCreateInstance
0x4b8884 CoTaskMemAlloc
0x4b8888 CoTaskMemRealloc
0x4b888c CoTaskMemFree
0x4b8890 CoInitialize
0x4b8894 CoUninitialize
0x4b8898 CoGetClassObject
0x4b889c CLSIDFromProgID
0x4b88a0 CLSIDFromString
0x4b88a4 CreateStreamOnHGlobal
OLEAUT32.dll
0x4b8398 VariantChangeType
0x4b839c LoadTypeLib
0x4b83a0 LoadRegTypeLib
0x4b83a4 SysStringLen
0x4b83a8 OleCreateFontIndirect
0x4b83ac VarUI4FromStr
0x4b83b0 SysAllocStringLen
0x4b83b4 VarBstrCmp
0x4b83b8 SafeArrayUnlock
0x4b83bc SafeArrayLock
0x4b83c0 SafeArrayDestroy
0x4b83c4 SafeArrayCreate
0x4b83c8 SafeArrayGetUBound
0x4b83cc SafeArrayGetLBound
0x4b83d0 VariantCopy
0x4b83d4 SafeArrayCopy
0x4b83d8 SafeArrayGetVartype
0x4b83dc DispCallFunc
0x4b83e0 VariantInit
0x4b83e4 VariantClear
0x4b83e8 SysAllocString
0x4b83ec SysFreeString
SHLWAPI.dll
0x4b8460 StrCmpIW
0x4b8464 PathCompactPathW
0x4b8468 PathStripPathW
0x4b846c None
0x4b8470 PathFindFileNameW
0x4b8474 PathIsDirectoryW
0x4b8478 PathAddBackslashW
0x4b847c StrStrIW
0x4b8480 PathRemoveFileSpecW
0x4b8484 PathAppendW
0x4b8488 PathCombineW
0x4b848c SHSetValueA
0x4b8490 SHGetValueA
0x4b8494 PathFileExistsW
0x4b8498 ColorHLSToRGB
0x4b849c ColorRGBToHLS
0x4b84a0 SHGetValueW
0x4b84a4 wnsprintfW
COMCTL32.dll
0x4b8044 InitCommonControlsEx
gdiplus.dll
0x4b8704 GdipDeletePrivateFontCollection
0x4b8708 GdipNewPrivateFontCollection
0x4b870c GdipDrawImageRectRectI
0x4b8710 GdipDrawLine
0x4b8714 GdipAddPathEllipseI
0x4b8718 GdipGetPathGradientPointCount
0x4b871c GdipSetPathGradientSurroundColorsWithCount
0x4b8720 GdipSetPathGradientCenterColor
0x4b8724 GdipCreatePathGradientFromPath
0x4b8728 GdipCreateFromHWND
0x4b872c GdipGetFontHeight
0x4b8730 GdipCreatePen2
0x4b8734 GdipDrawRectangleI
0x4b8738 GdipCreateLineBrushFromRect
0x4b873c GdipAddPathRectangleI
0x4b8740 GdipPrivateAddMemoryFont
0x4b8744 GdipSetPenWidth
0x4b8748 GdipDrawEllipseI
0x4b874c GdipSetPenDashOffset
0x4b8750 GdipAddPathLineI
0x4b8754 GdipSetPixelOffsetMode
0x4b8758 GdipDrawImageRectI
0x4b875c GdipGetImageGraphicsContext
0x4b8760 GdipGetImagePixelFormat
0x4b8764 GdipDrawImagePointRectI
0x4b8768 GdipResetWorldTransform
0x4b876c GdipCreateBitmapFromScan0
0x4b8770 GdipDrawPath
0x4b8774 GdipFillPath
0x4b8778 GdipSetSmoothingMode
0x4b877c GdipGetSmoothingMode
0x4b8780 GdipResetClip
0x4b8784 GdipCreatePath
0x4b8788 GdipFillRectangleI
0x4b878c GdipRotateWorldTransform
0x4b8790 GdipGetPixelOffsetMode
0x4b8794 GdipTranslateWorldTransform
0x4b8798 GdipSetClipRectI
0x4b879c GdipSetTextRenderingHint
0x4b87a0 GdipCreateFont
0x4b87a4 GdipGetFontCollectionFamilyList
0x4b87a8 GdipCreateLineBrushFromRectI
0x4b87ac GdipClosePathFigure
0x4b87b0 GdipAddPathArcI
0x4b87b4 GdipResetPath
0x4b87b8 GdipDrawString
0x4b87bc GdipMeasureString
0x4b87c0 GdipSetStringFormatAlign
0x4b87c4 GdipSetStringFormatLineAlign
0x4b87c8 GdipDeleteStringFormat
0x4b87cc GdipCreateStringFormat
0x4b87d0 GdipDeleteFont
0x4b87d4 GdipCreateFontFromLogfontA
0x4b87d8 GdipCreateFontFromDC
0x4b87dc GdipDrawRectangle
0x4b87e0 GdipDrawLineI
0x4b87e4 GdipSetPenDashStyle
0x4b87e8 GdipDeletePen
0x4b87ec GdipCreatePen1
0x4b87f0 GdipBitmapSetPixel
0x4b87f4 GdipBitmapGetPixel
0x4b87f8 GdipGetImageHeight
0x4b87fc GdipGetImageWidth
0x4b8800 GdipCreateBitmapFromFile
0x4b8804 GdipCloneImage
0x4b8808 GdipDisposeImage
0x4b880c GdipFillRectangle
0x4b8810 GdipCloneBrush
0x4b8814 GdipAlloc
0x4b8818 GdipFree
0x4b881c GdipDeleteBrush
0x4b8820 GdipCreateSolidFill
0x4b8824 GdipDeleteGraphics
0x4b8828 GdipCreateFromHDC
0x4b882c GdipCreateBitmapFromStream
0x4b8830 GdipSetPathGradientGammaCorrection
0x4b8834 GdipSetPathGradientCenterPoint
0x4b8838 GdipAddPathLine2
0x4b883c GdipGetPathWorldBoundsI
0x4b8840 GdipAddPathPie
0x4b8844 GdipAddPathLine
0x4b8848 GdipAddPathArc
0x4b884c GdipSaveImageToFile
0x4b8850 GdipGetImageEncoders
0x4b8854 GdipGetImageEncodersSize
0x4b8858 GdipSetInterpolationMode
0x4b885c GdipCloneFontFamily
0x4b8860 GdipDeleteFontFamily
0x4b8864 GdipDeletePath
0x4b8868 GdipSetLinePresetBlend
VERSION.dll
0x4b86bc VerQueryValueW
0x4b86c0 GetFileVersionInfoW
0x4b86c4 GetFileVersionInfoSizeW
WININET.dll
0x4b86cc InternetCloseHandle
0x4b86d0 HttpQueryInfoW
0x4b86d4 InternetSetOptionW
0x4b86d8 InternetReadFile
0x4b86dc InternetOpenUrlW
0x4b86e0 DeleteUrlCacheEntryW
0x4b86e4 InternetOpenW
PSAPI.DLL
0x4b83f4 GetModuleFileNameExW
IMM32.dll
0x4b80d4 ImmDisableIME
RPCRT4.dll
0x4b83fc NdrAsyncClientCall
0x4b8400 RpcAsyncInitializeHandle
0x4b8404 RpcStringBindingComposeW
0x4b8408 RpcBindingFromStringBindingW
0x4b840c RpcAsyncCompleteCall
0x4b8410 RpcStringFreeW
0x4b8414 RpcBindingFree
OLEACC.dll
0x4b838c LresultFromObject
0x4b8390 CreateStdAccessibleObject
WTSAPI32.dll
0x4b86fc WTSQuerySessionInformationW
USERENV.dll
0x4b86b4 GetUserProfileDirectoryW
EAT(Export Address Table) is none
KERNEL32.dll
0x4b80dc ExitThread
0x4b80e0 CreateThread
0x4b80e4 ExitProcess
0x4b80e8 GetStartupInfoW
0x4b80ec RtlUnwind
0x4b80f0 HeapReAlloc
0x4b80f4 HeapSize
0x4b80f8 GetCPInfo
0x4b80fc GetACP
0x4b8100 GetOEMCP
0x4b8104 IsValidCodePage
0x4b8108 LCMapStringW
0x4b810c GetStdHandle
0x4b8110 GetModuleFileNameA
0x4b8114 GetTimeFormatA
0x4b8118 GetDateFormatA
0x4b811c HeapCreate
0x4b8120 HeapDestroy
0x4b8124 VirtualFree
0x4b8128 VirtualAlloc
0x4b812c GetConsoleCP
0x4b8130 GetConsoleMode
0x4b8134 LCMapStringA
0x4b8138 SetHandleCount
0x4b813c GetFileType
0x4b8140 GetStartupInfoA
0x4b8144 InitializeCriticalSectionAndSpinCount
0x4b8148 FreeEnvironmentStringsW
0x4b814c GetEnvironmentStringsW
0x4b8150 GetStringTypeA
0x4b8154 GetStringTypeW
0x4b8158 IsDebuggerPresent
0x4b815c GetLocaleInfoA
0x4b8160 EnumSystemLocalesA
0x4b8164 IsValidLocale
0x4b8168 WriteConsoleA
0x4b816c GetConsoleOutputCP
0x4b8170 WriteConsoleW
0x4b8174 SetStdHandle
0x4b8178 GetProcessHeap
0x4b817c CreateFileA
0x4b8180 SetEnvironmentVariableA
0x4b8184 SetUnhandledExceptionFilter
0x4b8188 HeapAlloc
0x4b818c TerminateProcess
0x4b8190 GetFileSizeEx
0x4b8194 LocalFileTimeToFileTime
0x4b8198 GetLocaleInfoW
0x4b819c CompareStringA
0x4b81a0 GetShortPathNameW
0x4b81a4 SetEndOfFile
0x4b81a8 FlushFileBuffers
0x4b81ac GlobalFlags
0x4b81b0 GlobalAddAtomW
0x4b81b4 GlobalFindAtomW
0x4b81b8 lstrcmpiA
0x4b81bc GetTempFileNameW
0x4b81c0 OpenMutexW
0x4b81c4 ReleaseMutex
0x4b81c8 HeapWalk
0x4b81cc HeapLock
0x4b81d0 OpenThread
0x4b81d4 HeapUnlock
0x4b81d8 OutputDebugStringW
0x4b81dc SetFilePointerEx
0x4b81e0 IsProcessorFeaturePresent
0x4b81e4 GlobalDeleteAtom
0x4b81e8 LoadLibraryA
0x4b81ec GetVersionExA
0x4b81f0 UnhandledExceptionFilter
0x4b81f4 HeapFree
0x4b81f8 lstrlenA
0x4b81fc lstrcmpA
0x4b8200 CompareStringW
0x4b8204 TlsFree
0x4b8208 LocalReAlloc
0x4b820c TlsSetValue
0x4b8210 TlsAlloc
0x4b8214 GlobalHandle
0x4b8218 GlobalReAlloc
0x4b821c TlsGetValue
0x4b8220 GetFullPathNameW
0x4b8224 GetLogicalDriveStringsW
0x4b8228 DeviceIoControl
0x4b822c InterlockedExchange
0x4b8230 MoveFileW
0x4b8234 GetFileAttributesW
0x4b8238 RemoveDirectoryW
0x4b823c FindClose
0x4b8240 FindNextFileW
0x4b8244 FindFirstFileW
0x4b8248 QueryPerformanceCounter
0x4b824c SetFileAttributesW
0x4b8250 lstrcmpW
0x4b8254 GlobalAlloc
0x4b8258 GlobalLock
0x4b825c GlobalUnlock
0x4b8260 SetErrorMode
0x4b8264 SetEnvironmentVariableW
0x4b8268 GetCommandLineW
0x4b826c ExpandEnvironmentStringsW
0x4b8270 lstrcmpiW
0x4b8274 lstrlenW
0x4b8278 SetFilePointer
0x4b827c InterlockedIncrement
0x4b8280 ProcessIdToSessionId
0x4b8284 FreeResource
0x4b8288 GetSystemWindowsDirectoryW
0x4b828c LocalAlloc
0x4b8290 SystemTimeToFileTime
0x4b8294 GetModuleHandleA
0x4b8298 GetTimeZoneInformation
0x4b829c LocalFree
0x4b82a0 GlobalFree
0x4b82a4 CreateMutexW
0x4b82a8 FreeConsole
0x4b82ac GetCurrentProcessId
0x4b82b0 LoadLibraryExW
0x4b82b4 GetTempPathW
0x4b82b8 GetDriveTypeW
0x4b82bc GetWindowsDirectoryW
0x4b82c0 GetUserDefaultUILanguage
0x4b82c4 SetCurrentDirectoryW
0x4b82c8 GetPrivateProfileStringW
0x4b82cc GetPrivateProfileSectionW
0x4b82d0 GetPrivateProfileSectionNamesW
0x4b82d4 Sleep
0x4b82d8 InterlockedCompareExchange
0x4b82dc GetVersionExW
0x4b82e0 GetModuleFileNameW
0x4b82e4 MultiByteToWideChar
0x4b82e8 WriteFile
0x4b82ec ReadFile
0x4b82f0 GetFileSize
0x4b82f4 CreateFileW
0x4b82f8 CopyFileW
0x4b82fc FreeLibrary
0x4b8300 LoadLibraryW
0x4b8304 GetModuleHandleW
0x4b8308 GetProcAddress
0x4b830c InterlockedDecrement
0x4b8310 MulDiv
0x4b8314 GetCurrentProcess
0x4b8318 SetEvent
0x4b831c CreateEventW
0x4b8320 ResetEvent
0x4b8324 GetTickCount
0x4b8328 WaitForSingleObject
0x4b832c WideCharToMultiByte
0x4b8330 GetSystemTimeAsFileTime
0x4b8334 DeleteFileW
0x4b8338 GetVersion
0x4b833c GetSystemDirectoryW
0x4b8340 SetLastError
0x4b8344 RaiseException
0x4b8348 DeleteCriticalSection
0x4b834c InitializeCriticalSection
0x4b8350 CreateProcessW
0x4b8354 GetLastError
0x4b8358 OpenProcess
0x4b835c FindResourceExW
0x4b8360 FindResourceW
0x4b8364 LoadResource
0x4b8368 LockResource
0x4b836c SizeofResource
0x4b8370 CloseHandle
0x4b8374 LeaveCriticalSection
0x4b8378 EnterCriticalSection
0x4b837c GetCurrentThreadId
0x4b8380 FlushInstructionCache
0x4b8384 GetUserDefaultLCID
USER32.dll
0x4b84ac GetWindowTextW
0x4b84b0 GetWindowTextLengthW
0x4b84b4 RedrawWindow
0x4b84b8 DrawTextW
0x4b84bc DispatchMessageW
0x4b84c0 TranslateMessage
0x4b84c4 GetMessageW
0x4b84c8 SetWindowTextW
0x4b84cc GetWindow
0x4b84d0 MonitorFromWindow
0x4b84d4 MapWindowPoints
0x4b84d8 IsRectEmpty
0x4b84dc IsDialogMessageW
0x4b84e0 GetClientRect
0x4b84e4 DrawIconEx
0x4b84e8 DestroyIcon
0x4b84ec GetActiveWindow
0x4b84f0 MessageBoxW
0x4b84f4 InvalidateRect
0x4b84f8 MonitorFromRect
0x4b84fc PostQuitMessage
0x4b8500 UnhookWindowsHookEx
0x4b8504 GetLastActivePopup
0x4b8508 GetSubMenu
0x4b850c GetMenuItemCount
0x4b8510 GetMenuItemID
0x4b8514 GetMenuState
0x4b8518 ValidateRect
0x4b851c CallNextHookEx
0x4b8520 SetWindowsHookExW
0x4b8524 GetSysColorBrush
0x4b8528 CheckMenuItem
0x4b852c EnableMenuItem
0x4b8530 ModifyMenuW
0x4b8534 SetCursor
0x4b8538 GetDlgCtrlID
0x4b853c GetKeyState
0x4b8540 GetWindowDC
0x4b8544 BeginPaint
0x4b8548 LoadBitmapW
0x4b854c SetWindowLongW
0x4b8550 GetWindowLongW
0x4b8554 DefWindowProcW
0x4b8558 CallWindowProcW
0x4b855c GetWindowThreadProcessId
0x4b8560 FindWindowW
0x4b8564 SendMessageTimeoutW
0x4b8568 IsWindow
0x4b856c KillTimer
0x4b8570 GetMenuCheckMarkDimensions
0x4b8574 DestroyWindow
0x4b8578 GetWindowPlacement
0x4b857c ShowWindow
0x4b8580 SetTimer
0x4b8584 IsWindowVisible
0x4b8588 RegisterClassExW
0x4b858c GetClassInfoExW
0x4b8590 SetMenu
0x4b8594 GetMessageTime
0x4b8598 GetTopWindow
0x4b859c RemovePropW
0x4b85a0 GetPropW
0x4b85a4 SetPropW
0x4b85a8 GetCapture
0x4b85ac WinHelpW
0x4b85b0 DestroyMenu
0x4b85b4 TabbedTextOutW
0x4b85b8 DrawTextExW
0x4b85bc GrayStringW
0x4b85c0 EndPaint
0x4b85c4 SetCapture
0x4b85c8 ReleaseCapture
0x4b85cc GetClassLongW
0x4b85d0 SetClassLongW
0x4b85d4 BringWindowToTop
0x4b85d8 SwitchToThisWindow
0x4b85dc GetSystemMetrics
0x4b85e0 CharNextW
0x4b85e4 PeekMessageW
0x4b85e8 DestroyAcceleratorTable
0x4b85ec InvalidateRgn
0x4b85f0 FillRect
0x4b85f4 CreateAcceleratorTableW
0x4b85f8 GetSysColor
0x4b85fc GetClassNameW
0x4b8600 GetDlgItem
0x4b8604 IsChild
0x4b8608 LoadImageW
0x4b860c LoadIconW
0x4b8610 GetDesktopWindow
0x4b8614 LoadCursorW
0x4b8618 CreateWindowExW
0x4b861c EnableWindow
0x4b8620 GetParent
0x4b8624 SendMessageW
0x4b8628 SetWindowPos
0x4b862c LoadStringW
0x4b8630 UnregisterClassA
0x4b8634 SetFocus
0x4b8638 IsWindowEnabled
0x4b863c SetRectEmpty
0x4b8640 RegisterWindowMessageW
0x4b8644 GetDC
0x4b8648 ReleaseDC
0x4b864c GetFocus
0x4b8650 CopyRect
0x4b8654 OffsetRect
0x4b8658 ClientToScreen
0x4b865c GetMessagePos
0x4b8660 PtInRect
0x4b8664 ScreenToClient
0x4b8668 MoveWindow
0x4b866c GetWindowRect
0x4b8670 GetMonitorInfoW
0x4b8674 AllowSetForegroundWindow
0x4b8678 GetForegroundWindow
0x4b867c AttachThreadInput
0x4b8680 SetForegroundWindow
0x4b8684 SetActiveWindow
0x4b8688 SetMenuItemBitmaps
0x4b868c IsIconic
0x4b8690 SystemParametersInfoA
0x4b8694 GetMenu
0x4b8698 AdjustWindowRectEx
0x4b869c RegisterClassW
0x4b86a0 PostMessageW
0x4b86a4 GetKeyboardState
0x4b86a8 keybd_event
0x4b86ac GetClassInfoW
GDI32.dll
0x4b804c ScaleWindowExtEx
0x4b8050 PtVisible
0x4b8054 SetWindowExtEx
0x4b8058 SetMapMode
0x4b805c RestoreDC
0x4b8060 SaveDC
0x4b8064 ExtTextOutW
0x4b8068 GetClipBox
0x4b806c CreateBitmap
0x4b8070 ScaleViewportExtEx
0x4b8074 SetViewportExtEx
0x4b8078 OffsetViewportOrgEx
0x4b807c Escape
0x4b8080 TextOutW
0x4b8084 RectVisible
0x4b8088 GetStockObject
0x4b808c BitBlt
0x4b8090 SetViewportOrgEx
0x4b8094 GetPixel
0x4b8098 CreateCompatibleBitmap
0x4b809c CreateFontW
0x4b80a0 SetTextColor
0x4b80a4 SetBkColor
0x4b80a8 CreateSolidBrush
0x4b80ac GetTextExtentPoint32W
0x4b80b0 GetTextMetricsW
0x4b80b4 GetObjectA
0x4b80b8 GetObjectW
0x4b80bc SelectObject
0x4b80c0 CreateCompatibleDC
0x4b80c4 DeleteDC
0x4b80c8 DeleteObject
0x4b80cc GetDeviceCaps
WINSPOOL.DRV
0x4b86ec ClosePrinter
0x4b86f0 DocumentPropertiesW
0x4b86f4 OpenPrinterW
ADVAPI32.dll
0x4b8000 RegOpenKeyExA
0x4b8004 ConvertSidToStringSidW
0x4b8008 RegQueryValueExA
0x4b800c RegDeleteValueW
0x4b8010 RegEnumKeyExW
0x4b8014 RegQueryInfoKeyW
0x4b8018 RegDeleteKeyW
0x4b801c GetSidSubAuthority
0x4b8020 GetTokenInformation
0x4b8024 OpenProcessToken
0x4b8028 RegCreateKeyExW
0x4b802c RegSetValueExW
0x4b8030 RegCloseKey
0x4b8034 RegQueryValueExW
0x4b8038 RegOpenKeyExW
0x4b803c RegEnumKeyExA
SHELL32.dll
0x4b841c SHOpenFolderAndSelectItems
0x4b8420 SHGetMalloc
0x4b8424 SHGetSpecialFolderLocation
0x4b8428 None
0x4b842c None
0x4b8430 DragAcceptFiles
0x4b8434 DragFinish
0x4b8438 DragQueryFileW
0x4b843c SHGetFileInfoW
0x4b8440 ShellExecuteExW
0x4b8444 ShellExecuteW
0x4b8448 SHGetPathFromIDListW
0x4b844c None
0x4b8450 SHGetSpecialFolderPathW
0x4b8454 SHGetFolderPathW
0x4b8458 None
ole32.dll
0x4b8870 OleLockRunning
0x4b8874 StringFromGUID2
0x4b8878 OleUninitialize
0x4b887c OleInitialize
0x4b8880 CoCreateInstance
0x4b8884 CoTaskMemAlloc
0x4b8888 CoTaskMemRealloc
0x4b888c CoTaskMemFree
0x4b8890 CoInitialize
0x4b8894 CoUninitialize
0x4b8898 CoGetClassObject
0x4b889c CLSIDFromProgID
0x4b88a0 CLSIDFromString
0x4b88a4 CreateStreamOnHGlobal
OLEAUT32.dll
0x4b8398 VariantChangeType
0x4b839c LoadTypeLib
0x4b83a0 LoadRegTypeLib
0x4b83a4 SysStringLen
0x4b83a8 OleCreateFontIndirect
0x4b83ac VarUI4FromStr
0x4b83b0 SysAllocStringLen
0x4b83b4 VarBstrCmp
0x4b83b8 SafeArrayUnlock
0x4b83bc SafeArrayLock
0x4b83c0 SafeArrayDestroy
0x4b83c4 SafeArrayCreate
0x4b83c8 SafeArrayGetUBound
0x4b83cc SafeArrayGetLBound
0x4b83d0 VariantCopy
0x4b83d4 SafeArrayCopy
0x4b83d8 SafeArrayGetVartype
0x4b83dc DispCallFunc
0x4b83e0 VariantInit
0x4b83e4 VariantClear
0x4b83e8 SysAllocString
0x4b83ec SysFreeString
SHLWAPI.dll
0x4b8460 StrCmpIW
0x4b8464 PathCompactPathW
0x4b8468 PathStripPathW
0x4b846c None
0x4b8470 PathFindFileNameW
0x4b8474 PathIsDirectoryW
0x4b8478 PathAddBackslashW
0x4b847c StrStrIW
0x4b8480 PathRemoveFileSpecW
0x4b8484 PathAppendW
0x4b8488 PathCombineW
0x4b848c SHSetValueA
0x4b8490 SHGetValueA
0x4b8494 PathFileExistsW
0x4b8498 ColorHLSToRGB
0x4b849c ColorRGBToHLS
0x4b84a0 SHGetValueW
0x4b84a4 wnsprintfW
COMCTL32.dll
0x4b8044 InitCommonControlsEx
gdiplus.dll
0x4b8704 GdipDeletePrivateFontCollection
0x4b8708 GdipNewPrivateFontCollection
0x4b870c GdipDrawImageRectRectI
0x4b8710 GdipDrawLine
0x4b8714 GdipAddPathEllipseI
0x4b8718 GdipGetPathGradientPointCount
0x4b871c GdipSetPathGradientSurroundColorsWithCount
0x4b8720 GdipSetPathGradientCenterColor
0x4b8724 GdipCreatePathGradientFromPath
0x4b8728 GdipCreateFromHWND
0x4b872c GdipGetFontHeight
0x4b8730 GdipCreatePen2
0x4b8734 GdipDrawRectangleI
0x4b8738 GdipCreateLineBrushFromRect
0x4b873c GdipAddPathRectangleI
0x4b8740 GdipPrivateAddMemoryFont
0x4b8744 GdipSetPenWidth
0x4b8748 GdipDrawEllipseI
0x4b874c GdipSetPenDashOffset
0x4b8750 GdipAddPathLineI
0x4b8754 GdipSetPixelOffsetMode
0x4b8758 GdipDrawImageRectI
0x4b875c GdipGetImageGraphicsContext
0x4b8760 GdipGetImagePixelFormat
0x4b8764 GdipDrawImagePointRectI
0x4b8768 GdipResetWorldTransform
0x4b876c GdipCreateBitmapFromScan0
0x4b8770 GdipDrawPath
0x4b8774 GdipFillPath
0x4b8778 GdipSetSmoothingMode
0x4b877c GdipGetSmoothingMode
0x4b8780 GdipResetClip
0x4b8784 GdipCreatePath
0x4b8788 GdipFillRectangleI
0x4b878c GdipRotateWorldTransform
0x4b8790 GdipGetPixelOffsetMode
0x4b8794 GdipTranslateWorldTransform
0x4b8798 GdipSetClipRectI
0x4b879c GdipSetTextRenderingHint
0x4b87a0 GdipCreateFont
0x4b87a4 GdipGetFontCollectionFamilyList
0x4b87a8 GdipCreateLineBrushFromRectI
0x4b87ac GdipClosePathFigure
0x4b87b0 GdipAddPathArcI
0x4b87b4 GdipResetPath
0x4b87b8 GdipDrawString
0x4b87bc GdipMeasureString
0x4b87c0 GdipSetStringFormatAlign
0x4b87c4 GdipSetStringFormatLineAlign
0x4b87c8 GdipDeleteStringFormat
0x4b87cc GdipCreateStringFormat
0x4b87d0 GdipDeleteFont
0x4b87d4 GdipCreateFontFromLogfontA
0x4b87d8 GdipCreateFontFromDC
0x4b87dc GdipDrawRectangle
0x4b87e0 GdipDrawLineI
0x4b87e4 GdipSetPenDashStyle
0x4b87e8 GdipDeletePen
0x4b87ec GdipCreatePen1
0x4b87f0 GdipBitmapSetPixel
0x4b87f4 GdipBitmapGetPixel
0x4b87f8 GdipGetImageHeight
0x4b87fc GdipGetImageWidth
0x4b8800 GdipCreateBitmapFromFile
0x4b8804 GdipCloneImage
0x4b8808 GdipDisposeImage
0x4b880c GdipFillRectangle
0x4b8810 GdipCloneBrush
0x4b8814 GdipAlloc
0x4b8818 GdipFree
0x4b881c GdipDeleteBrush
0x4b8820 GdipCreateSolidFill
0x4b8824 GdipDeleteGraphics
0x4b8828 GdipCreateFromHDC
0x4b882c GdipCreateBitmapFromStream
0x4b8830 GdipSetPathGradientGammaCorrection
0x4b8834 GdipSetPathGradientCenterPoint
0x4b8838 GdipAddPathLine2
0x4b883c GdipGetPathWorldBoundsI
0x4b8840 GdipAddPathPie
0x4b8844 GdipAddPathLine
0x4b8848 GdipAddPathArc
0x4b884c GdipSaveImageToFile
0x4b8850 GdipGetImageEncoders
0x4b8854 GdipGetImageEncodersSize
0x4b8858 GdipSetInterpolationMode
0x4b885c GdipCloneFontFamily
0x4b8860 GdipDeleteFontFamily
0x4b8864 GdipDeletePath
0x4b8868 GdipSetLinePresetBlend
VERSION.dll
0x4b86bc VerQueryValueW
0x4b86c0 GetFileVersionInfoW
0x4b86c4 GetFileVersionInfoSizeW
WININET.dll
0x4b86cc InternetCloseHandle
0x4b86d0 HttpQueryInfoW
0x4b86d4 InternetSetOptionW
0x4b86d8 InternetReadFile
0x4b86dc InternetOpenUrlW
0x4b86e0 DeleteUrlCacheEntryW
0x4b86e4 InternetOpenW
PSAPI.DLL
0x4b83f4 GetModuleFileNameExW
IMM32.dll
0x4b80d4 ImmDisableIME
RPCRT4.dll
0x4b83fc NdrAsyncClientCall
0x4b8400 RpcAsyncInitializeHandle
0x4b8404 RpcStringBindingComposeW
0x4b8408 RpcBindingFromStringBindingW
0x4b840c RpcAsyncCompleteCall
0x4b8410 RpcStringFreeW
0x4b8414 RpcBindingFree
OLEACC.dll
0x4b838c LresultFromObject
0x4b8390 CreateStdAccessibleObject
WTSAPI32.dll
0x4b86fc WTSQuerySessionInformationW
USERENV.dll
0x4b86b4 GetUserProfileDirectoryW
EAT(Export Address Table) is none