ScreenShot
Created | 2024.05.16 09:06 | Machine | s1_win7_x6401 |
Filename | rem.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 64 detected (Common, Remcos, Windows, Malicious, score, RemcosIH, S31010159, GenericKD, unsafe, Save, Kryptik, Genus, Rescoms, FDQO, RATX, keikbt, CLASSIC, Siggen22, YXEC3Z, Detected, ai score=83, 1OHYAG0, SMWB, R625673, ZexaF, ECW@amUxy2pi, Genetic, UD1aXITfKmk, Static AI, Malicious PE, susgen) | ||
md5 | 06f5b8dffc6c138828adbc7f29cfc7f0 | ||
sha256 | 03ba551339062106448ff58cbc393338483439513ec8439497bf47153e13f4b7 | ||
ssdeep | 6144:aXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNx5Gv:aX7tPMK8ctGe4Dzl4h2QnuPs/ZDIcv | ||
imphash | 8d5087ff5de35c3fbb9f212b47d63cad | ||
impfuzzy | 96:mKSzrpXI9LHcp+1OMsZiSLQfGLLuZ58KNUz7KgKd3YdP5uPosV:rAYwZzL1y5GPiZw5ubV |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 64 AntiVirus engines on VirusTotal as malicious |
watch | Creates a windows hook that monitors keyboard input (keylogger) |
watch | Installs itself for autorun at Windows startup |
notice | A process attempted to delay the analysis task. |
info | Checks amount of memory in system |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | Network_Downloader | File Downloader | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4590b4 FindNextFileA
0x4590b8 ExpandEnvironmentStringsA
0x4590bc GetLongPathNameW
0x4590c0 CopyFileW
0x4590c4 GetLocaleInfoA
0x4590c8 CreateToolhelp32Snapshot
0x4590cc Process32NextW
0x4590d0 Process32FirstW
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 GetNativeSystemInfo
0x4590e8 HeapAlloc
0x4590ec GetProcessHeap
0x4590f0 FreeLibrary
0x4590f4 IsBadReadPtr
0x4590f8 GetTempPathW
0x4590fc OpenProcess
0x459100 OpenMutexA
0x459104 lstrcatW
0x459108 GetCurrentProcessId
0x45910c GetTempFileNameW
0x459110 UnmapViewOfFile
0x459114 DuplicateHandle
0x459118 CreateFileMappingW
0x45911c MapViewOfFile
0x459120 GetSystemDirectoryA
0x459124 GlobalAlloc
0x459128 GlobalLock
0x45912c GetTickCount
0x459130 GlobalUnlock
0x459134 WriteProcessMemory
0x459138 ResumeThread
0x45913c GetThreadContext
0x459140 ReadProcessMemory
0x459144 CreateProcessW
0x459148 SetThreadContext
0x45914c LocalAlloc
0x459150 GlobalFree
0x459154 MulDiv
0x459158 SizeofResource
0x45915c QueryDosDeviceW
0x459160 FindFirstVolumeW
0x459164 GetConsoleScreenBufferInfo
0x459168 SetConsoleTextAttribute
0x45916c lstrlenW
0x459170 GetStdHandle
0x459174 SetFilePointer
0x459178 FindResourceA
0x45917c LockResource
0x459180 LoadResource
0x459184 LocalFree
0x459188 FindVolumeClose
0x45918c GetVolumePathNamesForVolumeNameW
0x459190 lstrcpyW
0x459194 FindFirstFileA
0x459198 FormatMessageA
0x45919c FindNextVolumeW
0x4591a0 AllocConsole
0x4591a4 lstrcmpW
0x4591a8 GetModuleFileNameA
0x4591ac lstrcpynA
0x4591b0 QueryPerformanceFrequency
0x4591b4 QueryPerformanceCounter
0x4591b8 EnterCriticalSection
0x4591bc LeaveCriticalSection
0x4591c0 InitializeCriticalSection
0x4591c4 DeleteCriticalSection
0x4591c8 HeapSize
0x4591cc WriteConsoleW
0x4591d0 SetStdHandle
0x4591d4 SetEnvironmentVariableW
0x4591d8 SetEnvironmentVariableA
0x4591dc FreeEnvironmentStringsW
0x4591e0 GetEnvironmentStringsW
0x4591e4 GetCommandLineW
0x4591e8 GetCommandLineA
0x4591ec GetOEMCP
0x4591f0 IsValidCodePage
0x4591f4 FindFirstFileExA
0x4591f8 ReadConsoleW
0x4591fc GetConsoleMode
0x459200 GetConsoleCP
0x459204 FlushFileBuffers
0x459208 GetFileType
0x45920c GetTimeZoneInformation
0x459210 EnumSystemLocalesW
0x459214 GetUserDefaultLCID
0x459218 IsValidLocale
0x45921c GetTimeFormatW
0x459220 GetDateFormatW
0x459224 HeapReAlloc
0x459228 GetACP
0x45922c GetModuleHandleExW
0x459230 MoveFileExW
0x459234 RtlUnwind
0x459238 RaiseException
0x45923c LoadLibraryExW
0x459240 GetCPInfo
0x459244 GetStringTypeW
0x459248 GetLocaleInfoW
0x45924c LCMapStringW
0x459250 CompareStringW
0x459254 TlsFree
0x459258 TlsSetValue
0x45925c TlsGetValue
0x459260 GetFileSize
0x459264 TerminateThread
0x459268 GetLastError
0x45926c CreateDirectoryW
0x459270 GetModuleHandleA
0x459274 RemoveDirectoryW
0x459278 MoveFileW
0x45927c SetFilePointerEx
0x459280 GetLogicalDriveStringsA
0x459284 DeleteFileW
0x459288 DeleteFileA
0x45928c SetFileAttributesW
0x459290 GetFileAttributesW
0x459294 FindClose
0x459298 lstrlenA
0x45929c GetDriveTypeA
0x4592a0 FindNextFileW
0x4592a4 GetFileSizeEx
0x4592a8 FindFirstFileW
0x4592ac GetModuleHandleW
0x4592b0 ExitProcess
0x4592b4 CreateMutexA
0x4592b8 GetCurrentProcess
0x4592bc GetProcAddress
0x4592c0 LoadLibraryA
0x4592c4 CreateProcessA
0x4592c8 PeekNamedPipe
0x4592cc CreatePipe
0x4592d0 TerminateProcess
0x4592d4 ReadFile
0x4592d8 HeapFree
0x4592dc HeapCreate
0x4592e0 CreateEventA
0x4592e4 GetLocalTime
0x4592e8 CreateThread
0x4592ec SetEvent
0x4592f0 CreateEventW
0x4592f4 WaitForSingleObject
0x4592f8 Sleep
0x4592fc GetModuleFileNameW
0x459300 CloseHandle
0x459304 ExitThread
0x459308 CreateFileW
0x45930c WriteFile
0x459310 SetConsoleOutputCP
0x459314 TlsAlloc
0x459318 InitializeCriticalSectionAndSpinCount
0x45931c MultiByteToWideChar
0x459320 DecodePointer
0x459324 EncodePointer
0x459328 WideCharToMultiByte
0x45932c InitializeSListHead
0x459330 GetSystemTimeAsFileTime
0x459334 GetCurrentThreadId
0x459338 IsProcessorFeaturePresent
0x45933c GetStartupInfoW
0x459340 SetUnhandledExceptionFilter
0x459344 UnhandledExceptionFilter
0x459348 IsDebuggerPresent
0x45934c WaitForSingleObjectEx
0x459350 ResetEvent
0x459354 SetEndOfFile
USER32.dll
0x459380 GetWindowTextW
0x459384 wsprintfW
0x459388 GetClipboardData
0x45938c UnhookWindowsHookEx
0x459390 GetForegroundWindow
0x459394 ToUnicodeEx
0x459398 GetKeyboardLayout
0x45939c SetWindowsHookExA
0x4593a0 CloseClipboard
0x4593a4 OpenClipboard
0x4593a8 GetKeyboardState
0x4593ac CallNextHookEx
0x4593b0 GetKeyboardLayoutNameA
0x4593b4 GetKeyState
0x4593b8 GetWindowTextLengthW
0x4593bc GetWindowThreadProcessId
0x4593c0 GetMessageA
0x4593c4 SetClipboardData
0x4593c8 EnumWindows
0x4593cc ExitWindowsEx
0x4593d0 EmptyClipboard
0x4593d4 ShowWindow
0x4593d8 SetWindowTextW
0x4593dc MessageBoxW
0x4593e0 IsWindowVisible
0x4593e4 CloseWindow
0x4593e8 SendInput
0x4593ec EnumDisplaySettingsW
0x4593f0 mouse_event
0x4593f4 CreatePopupMenu
0x4593f8 DispatchMessageA
0x4593fc TranslateMessage
0x459400 TrackPopupMenu
0x459404 DefWindowProcA
0x459408 CreateWindowExA
0x45940c GetIconInfo
0x459410 GetSystemMetrics
0x459414 AppendMenuA
0x459418 RegisterClassExA
0x45941c GetCursorPos
0x459420 SetForegroundWindow
0x459424 DrawIcon
0x459428 SystemParametersInfoW
GDI32.dll
0x459088 BitBlt
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteObject
0x4590a4 CreateDCA
0x4590a8 GetObjectA
0x4590ac DeleteDC
ADVAPI32.dll
0x459000 CryptAcquireContextA
0x459004 CryptGenRandom
0x459008 CryptReleaseContext
0x45900c GetUserNameW
0x459010 RegEnumKeyExA
0x459014 QueryServiceStatus
0x459018 CloseServiceHandle
0x45901c OpenSCManagerW
0x459020 OpenSCManagerA
0x459024 ControlService
0x459028 StartServiceW
0x45902c QueryServiceConfigW
0x459030 ChangeServiceConfigW
0x459034 OpenServiceW
0x459038 EnumServicesStatusW
0x45903c AdjustTokenPrivileges
0x459040 LookupPrivilegeValueA
0x459044 OpenProcessToken
0x459048 RegCreateKeyA
0x45904c RegCloseKey
0x459050 RegQueryInfoKeyW
0x459054 RegQueryValueExA
0x459058 RegCreateKeyExW
0x45905c RegEnumKeyExW
0x459060 RegSetValueExW
0x459064 RegSetValueExA
0x459068 RegOpenKeyExA
0x45906c RegOpenKeyExW
0x459070 RegCreateKeyW
0x459074 RegDeleteValueW
0x459078 RegEnumValueW
0x45907c RegQueryValueExW
0x459080 RegDeleteKeyA
SHELL32.dll
0x45935c ShellExecuteExA
0x459360 Shell_NotifyIconA
0x459364 ExtractIconA
0x459368 ShellExecuteW
ole32.dll
0x4594e0 CoInitializeEx
0x4594e4 CoUninitialize
0x4594e8 CoGetObject
SHLWAPI.dll
0x459370 PathFileExistsW
0x459374 PathFileExistsA
0x459378 StrToIntA
WINMM.dll
0x459444 waveInUnprepareHeader
0x459448 waveInOpen
0x45944c waveInStart
0x459450 waveInAddBuffer
0x459454 PlaySoundW
0x459458 mciSendStringA
0x45945c mciSendStringW
0x459460 waveInClose
0x459464 waveInStop
0x459468 waveInPrepareHeader
WS2_32.dll
0x459470 gethostbyname
0x459474 send
0x459478 WSAStartup
0x45947c closesocket
0x459480 inet_ntoa
0x459484 htons
0x459488 htonl
0x45948c getservbyname
0x459490 ntohs
0x459494 getservbyport
0x459498 gethostbyaddr
0x45949c inet_addr
0x4594a0 WSASetLastError
0x4594a4 WSAGetLastError
0x4594a8 recv
0x4594ac connect
0x4594b0 socket
urlmon.dll
0x4594f0 URLOpenBlockingStreamW
0x4594f4 URLDownloadToFileW
gdiplus.dll
0x4594b8 GdipSaveImageToStream
0x4594bc GdipGetImageEncodersSize
0x4594c0 GdipFree
0x4594c4 GdipDisposeImage
0x4594c8 GdipAlloc
0x4594cc GdipCloneImage
0x4594d0 GdipGetImageEncoders
0x4594d4 GdiplusStartup
0x4594d8 GdipLoadImageFromStream
WININET.dll
0x459430 InternetOpenUrlW
0x459434 InternetOpenW
0x459438 InternetCloseHandle
0x45943c InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x4590b4 FindNextFileA
0x4590b8 ExpandEnvironmentStringsA
0x4590bc GetLongPathNameW
0x4590c0 CopyFileW
0x4590c4 GetLocaleInfoA
0x4590c8 CreateToolhelp32Snapshot
0x4590cc Process32NextW
0x4590d0 Process32FirstW
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 GetNativeSystemInfo
0x4590e8 HeapAlloc
0x4590ec GetProcessHeap
0x4590f0 FreeLibrary
0x4590f4 IsBadReadPtr
0x4590f8 GetTempPathW
0x4590fc OpenProcess
0x459100 OpenMutexA
0x459104 lstrcatW
0x459108 GetCurrentProcessId
0x45910c GetTempFileNameW
0x459110 UnmapViewOfFile
0x459114 DuplicateHandle
0x459118 CreateFileMappingW
0x45911c MapViewOfFile
0x459120 GetSystemDirectoryA
0x459124 GlobalAlloc
0x459128 GlobalLock
0x45912c GetTickCount
0x459130 GlobalUnlock
0x459134 WriteProcessMemory
0x459138 ResumeThread
0x45913c GetThreadContext
0x459140 ReadProcessMemory
0x459144 CreateProcessW
0x459148 SetThreadContext
0x45914c LocalAlloc
0x459150 GlobalFree
0x459154 MulDiv
0x459158 SizeofResource
0x45915c QueryDosDeviceW
0x459160 FindFirstVolumeW
0x459164 GetConsoleScreenBufferInfo
0x459168 SetConsoleTextAttribute
0x45916c lstrlenW
0x459170 GetStdHandle
0x459174 SetFilePointer
0x459178 FindResourceA
0x45917c LockResource
0x459180 LoadResource
0x459184 LocalFree
0x459188 FindVolumeClose
0x45918c GetVolumePathNamesForVolumeNameW
0x459190 lstrcpyW
0x459194 FindFirstFileA
0x459198 FormatMessageA
0x45919c FindNextVolumeW
0x4591a0 AllocConsole
0x4591a4 lstrcmpW
0x4591a8 GetModuleFileNameA
0x4591ac lstrcpynA
0x4591b0 QueryPerformanceFrequency
0x4591b4 QueryPerformanceCounter
0x4591b8 EnterCriticalSection
0x4591bc LeaveCriticalSection
0x4591c0 InitializeCriticalSection
0x4591c4 DeleteCriticalSection
0x4591c8 HeapSize
0x4591cc WriteConsoleW
0x4591d0 SetStdHandle
0x4591d4 SetEnvironmentVariableW
0x4591d8 SetEnvironmentVariableA
0x4591dc FreeEnvironmentStringsW
0x4591e0 GetEnvironmentStringsW
0x4591e4 GetCommandLineW
0x4591e8 GetCommandLineA
0x4591ec GetOEMCP
0x4591f0 IsValidCodePage
0x4591f4 FindFirstFileExA
0x4591f8 ReadConsoleW
0x4591fc GetConsoleMode
0x459200 GetConsoleCP
0x459204 FlushFileBuffers
0x459208 GetFileType
0x45920c GetTimeZoneInformation
0x459210 EnumSystemLocalesW
0x459214 GetUserDefaultLCID
0x459218 IsValidLocale
0x45921c GetTimeFormatW
0x459220 GetDateFormatW
0x459224 HeapReAlloc
0x459228 GetACP
0x45922c GetModuleHandleExW
0x459230 MoveFileExW
0x459234 RtlUnwind
0x459238 RaiseException
0x45923c LoadLibraryExW
0x459240 GetCPInfo
0x459244 GetStringTypeW
0x459248 GetLocaleInfoW
0x45924c LCMapStringW
0x459250 CompareStringW
0x459254 TlsFree
0x459258 TlsSetValue
0x45925c TlsGetValue
0x459260 GetFileSize
0x459264 TerminateThread
0x459268 GetLastError
0x45926c CreateDirectoryW
0x459270 GetModuleHandleA
0x459274 RemoveDirectoryW
0x459278 MoveFileW
0x45927c SetFilePointerEx
0x459280 GetLogicalDriveStringsA
0x459284 DeleteFileW
0x459288 DeleteFileA
0x45928c SetFileAttributesW
0x459290 GetFileAttributesW
0x459294 FindClose
0x459298 lstrlenA
0x45929c GetDriveTypeA
0x4592a0 FindNextFileW
0x4592a4 GetFileSizeEx
0x4592a8 FindFirstFileW
0x4592ac GetModuleHandleW
0x4592b0 ExitProcess
0x4592b4 CreateMutexA
0x4592b8 GetCurrentProcess
0x4592bc GetProcAddress
0x4592c0 LoadLibraryA
0x4592c4 CreateProcessA
0x4592c8 PeekNamedPipe
0x4592cc CreatePipe
0x4592d0 TerminateProcess
0x4592d4 ReadFile
0x4592d8 HeapFree
0x4592dc HeapCreate
0x4592e0 CreateEventA
0x4592e4 GetLocalTime
0x4592e8 CreateThread
0x4592ec SetEvent
0x4592f0 CreateEventW
0x4592f4 WaitForSingleObject
0x4592f8 Sleep
0x4592fc GetModuleFileNameW
0x459300 CloseHandle
0x459304 ExitThread
0x459308 CreateFileW
0x45930c WriteFile
0x459310 SetConsoleOutputCP
0x459314 TlsAlloc
0x459318 InitializeCriticalSectionAndSpinCount
0x45931c MultiByteToWideChar
0x459320 DecodePointer
0x459324 EncodePointer
0x459328 WideCharToMultiByte
0x45932c InitializeSListHead
0x459330 GetSystemTimeAsFileTime
0x459334 GetCurrentThreadId
0x459338 IsProcessorFeaturePresent
0x45933c GetStartupInfoW
0x459340 SetUnhandledExceptionFilter
0x459344 UnhandledExceptionFilter
0x459348 IsDebuggerPresent
0x45934c WaitForSingleObjectEx
0x459350 ResetEvent
0x459354 SetEndOfFile
USER32.dll
0x459380 GetWindowTextW
0x459384 wsprintfW
0x459388 GetClipboardData
0x45938c UnhookWindowsHookEx
0x459390 GetForegroundWindow
0x459394 ToUnicodeEx
0x459398 GetKeyboardLayout
0x45939c SetWindowsHookExA
0x4593a0 CloseClipboard
0x4593a4 OpenClipboard
0x4593a8 GetKeyboardState
0x4593ac CallNextHookEx
0x4593b0 GetKeyboardLayoutNameA
0x4593b4 GetKeyState
0x4593b8 GetWindowTextLengthW
0x4593bc GetWindowThreadProcessId
0x4593c0 GetMessageA
0x4593c4 SetClipboardData
0x4593c8 EnumWindows
0x4593cc ExitWindowsEx
0x4593d0 EmptyClipboard
0x4593d4 ShowWindow
0x4593d8 SetWindowTextW
0x4593dc MessageBoxW
0x4593e0 IsWindowVisible
0x4593e4 CloseWindow
0x4593e8 SendInput
0x4593ec EnumDisplaySettingsW
0x4593f0 mouse_event
0x4593f4 CreatePopupMenu
0x4593f8 DispatchMessageA
0x4593fc TranslateMessage
0x459400 TrackPopupMenu
0x459404 DefWindowProcA
0x459408 CreateWindowExA
0x45940c GetIconInfo
0x459410 GetSystemMetrics
0x459414 AppendMenuA
0x459418 RegisterClassExA
0x45941c GetCursorPos
0x459420 SetForegroundWindow
0x459424 DrawIcon
0x459428 SystemParametersInfoW
GDI32.dll
0x459088 BitBlt
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteObject
0x4590a4 CreateDCA
0x4590a8 GetObjectA
0x4590ac DeleteDC
ADVAPI32.dll
0x459000 CryptAcquireContextA
0x459004 CryptGenRandom
0x459008 CryptReleaseContext
0x45900c GetUserNameW
0x459010 RegEnumKeyExA
0x459014 QueryServiceStatus
0x459018 CloseServiceHandle
0x45901c OpenSCManagerW
0x459020 OpenSCManagerA
0x459024 ControlService
0x459028 StartServiceW
0x45902c QueryServiceConfigW
0x459030 ChangeServiceConfigW
0x459034 OpenServiceW
0x459038 EnumServicesStatusW
0x45903c AdjustTokenPrivileges
0x459040 LookupPrivilegeValueA
0x459044 OpenProcessToken
0x459048 RegCreateKeyA
0x45904c RegCloseKey
0x459050 RegQueryInfoKeyW
0x459054 RegQueryValueExA
0x459058 RegCreateKeyExW
0x45905c RegEnumKeyExW
0x459060 RegSetValueExW
0x459064 RegSetValueExA
0x459068 RegOpenKeyExA
0x45906c RegOpenKeyExW
0x459070 RegCreateKeyW
0x459074 RegDeleteValueW
0x459078 RegEnumValueW
0x45907c RegQueryValueExW
0x459080 RegDeleteKeyA
SHELL32.dll
0x45935c ShellExecuteExA
0x459360 Shell_NotifyIconA
0x459364 ExtractIconA
0x459368 ShellExecuteW
ole32.dll
0x4594e0 CoInitializeEx
0x4594e4 CoUninitialize
0x4594e8 CoGetObject
SHLWAPI.dll
0x459370 PathFileExistsW
0x459374 PathFileExistsA
0x459378 StrToIntA
WINMM.dll
0x459444 waveInUnprepareHeader
0x459448 waveInOpen
0x45944c waveInStart
0x459450 waveInAddBuffer
0x459454 PlaySoundW
0x459458 mciSendStringA
0x45945c mciSendStringW
0x459460 waveInClose
0x459464 waveInStop
0x459468 waveInPrepareHeader
WS2_32.dll
0x459470 gethostbyname
0x459474 send
0x459478 WSAStartup
0x45947c closesocket
0x459480 inet_ntoa
0x459484 htons
0x459488 htonl
0x45948c getservbyname
0x459490 ntohs
0x459494 getservbyport
0x459498 gethostbyaddr
0x45949c inet_addr
0x4594a0 WSASetLastError
0x4594a4 WSAGetLastError
0x4594a8 recv
0x4594ac connect
0x4594b0 socket
urlmon.dll
0x4594f0 URLOpenBlockingStreamW
0x4594f4 URLDownloadToFileW
gdiplus.dll
0x4594b8 GdipSaveImageToStream
0x4594bc GdipGetImageEncodersSize
0x4594c0 GdipFree
0x4594c4 GdipDisposeImage
0x4594c8 GdipAlloc
0x4594cc GdipCloneImage
0x4594d0 GdipGetImageEncoders
0x4594d4 GdiplusStartup
0x4594d8 GdipLoadImageFromStream
WININET.dll
0x459430 InternetOpenUrlW
0x459434 InternetOpenW
0x459438 InternetCloseHandle
0x45943c InternetReadFile
EAT(Export Address Table) is none