ScreenShot
| Created | 2024.06.18 18:21 | Machine | s1_win7_x6401 |
| Filename | 127pos.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (malicious, high confidence, score, GenericKD, Unsafe, Vy75, Artemis, Autoit, xbibxg, sdpxi, GenericTKA, Pasta, Detected, ai score=89, Malware@#1292zhclokdxu, Phonzy, ABRisk, FFEN, Bladabindi, Chgt, MxResIcn, PossibleThreat, confidence, 100%) | ||
| md5 | 3445e5cbc4f883d4c8db25e193ad30d2 | ||
| sha256 | 9a388d2527a40b8c46df38ab7e9d756862c6b502ed45b4008838ad5b192878b5 | ||
| ssdeep | 24576:12rT5JibBsR1YAcUSWcPsPQcVnJtCaR+Eo:spJ22R1rcUWPsPFVrCaR+Eo | ||
| imphash | 5405ad0c6ec36ec4edf07d66fcb3fc73 | ||
| impfuzzy | 192:YatIitaXdmkI3OOaHbK1WA8UcS6cnw4DvhlONVVfD:YgIiUXdmkIT+6Djnw4jhlOJD | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x48e7c8 send
0x48e7cc socket
0x48e7d0 inet_ntoa
0x48e7d4 ntohs
0x48e7d8 recvfrom
0x48e7dc sendto
0x48e7e0 recv
0x48e7e4 __WSAFDIsSet
0x48e7e8 WSAStartup
0x48e7ec select
0x48e7f0 accept
0x48e7f4 listen
0x48e7f8 ind
0x48e7fc closesocket
0x48e800 WSACleanup
0x48e804 ioctlsocket
0x48e808 htons
0x48e80c WSAGetLastError
0x48e810 inet_addr
0x48e814 gethostbyname
0x48e818 gethostname
0x48e81c connect
0x48e820 setsockopt
VERSION.dll
0x48e76c GetFileVersionInfoW
0x48e770 VerQueryValueW
0x48e774 GetFileVersionInfoSizeW
WINMM.dll
0x48e7b8 timeGetTime
0x48e7bc waveOutSetVolume
0x48e7c0 mciSendStringW
COMCTL32.dll
0x48e088 ImageList_ReplaceIcon
0x48e08c ImageList_Destroy
0x48e090 ImageList_Remove
0x48e094 ImageList_SetDragCursorImage
0x48e098 ImageList_BeginDrag
0x48e09c ImageList_DragEnter
0x48e0a0 ImageList_DragLeave
0x48e0a4 ImageList_EndDrag
0x48e0a8 ImageList_DragMove
0x48e0ac InitCommonControlsEx
0x48e0b0 ImageList_Create
MPR.dll
0x48e3f8 WNetUseConnectionW
0x48e3fc WNetCancelConnection2W
0x48e400 WNetGetConnectionW
0x48e404 WNetAddConnection2W
WININET.dll
0x48e77c InternetReadFile
0x48e780 InternetCloseHandle
0x48e784 InternetOpenW
0x48e788 InternetSetOptionW
0x48e78c InternetCrackUrlW
0x48e790 HttpQueryInfoW
0x48e794 InternetConnectW
0x48e798 HttpOpenRequestW
0x48e79c HttpSendRequestW
0x48e7a0 FtpOpenFileW
0x48e7a4 FtpGetFileSize
0x48e7a8 InternetOpenUrlW
0x48e7ac InternetQueryOptionW
0x48e7b0 InternetQueryDataAvailable
PSAPI.DLL
0x48e484 GetProcessMemoryInfo
IPHLPAPI.DLL
0x48e154 IcmpCreateFile
0x48e158 IcmpCloseHandle
0x48e15c IcmpSendEcho
USERENV.dll
0x48e750 UnloadUserProfile
0x48e754 DestroyEnvironmentBlock
0x48e758 CreateEnvironmentBlock
0x48e75c LoadUserProfileW
UxTheme.dll
0x48e764 IsThemeActive
KERNEL32.dll
0x48e164 DuplicateHandle
0x48e168 CreateThread
0x48e16c WaitForSingleObject
0x48e170 HeapAlloc
0x48e174 GetProcessHeap
0x48e178 HeapFree
0x48e17c Sleep
0x48e180 GetCurrentThreadId
0x48e184 MultiByteToWideChar
0x48e188 MulDiv
0x48e18c GetVersionExW
0x48e190 IsWow64Process
0x48e194 GetSystemInfo
0x48e198 FreeLibrary
0x48e19c LoadLibraryA
0x48e1a0 GetProcAddress
0x48e1a4 SetErrorMode
0x48e1a8 GetModuleFileNameW
0x48e1ac WideCharToMultiByte
0x48e1b0 lstrcpyW
0x48e1b4 lstrlenW
0x48e1b8 GetModuleHandleW
0x48e1bc QueryPerformanceCounter
0x48e1c0 VirtualFreeEx
0x48e1c4 OpenProcess
0x48e1c8 VirtualAllocEx
0x48e1cc WriteProcessMemory
0x48e1d0 ReadProcessMemory
0x48e1d4 CreateFileW
0x48e1d8 SetFilePointerEx
0x48e1dc SetEndOfFile
0x48e1e0 ReadFile
0x48e1e4 WriteFile
0x48e1e8 FlushFileBuffers
0x48e1ec TerminateProcess
0x48e1f0 CreateToolhelp32Snapshot
0x48e1f4 Process32FirstW
0x48e1f8 Process32NextW
0x48e1fc SetFileTime
0x48e200 GetFileAttributesW
0x48e204 FindFirstFileW
0x48e208 SetCurrentDirectoryW
0x48e20c GetLongPathNameW
0x48e210 GetShortPathNameW
0x48e214 DeleteFileW
0x48e218 FindNextFileW
0x48e21c CopyFileExW
0x48e220 MoveFileW
0x48e224 CreateDirectoryW
0x48e228 RemoveDirectoryW
0x48e22c SetSystemPowerState
0x48e230 QueryPerformanceFrequency
0x48e234 FindResourceW
0x48e238 LoadResource
0x48e23c LockResource
0x48e240 SizeofResource
0x48e244 EnumResourceNamesW
0x48e248 OutputDebugStringW
0x48e24c GetTempPathW
0x48e250 GetTempFileNameW
0x48e254 DeviceIoControl
0x48e258 GetLocalTime
0x48e25c CompareStringW
0x48e260 GetCurrentProcess
0x48e264 EnterCriticalSection
0x48e268 LeaveCriticalSection
0x48e26c GetStdHandle
0x48e270 CreatePipe
0x48e274 InterlockedExchange
0x48e278 TerminateThread
0x48e27c LoadLibraryExW
0x48e280 FindResourceExW
0x48e284 CopyFileW
0x48e288 VirtualFree
0x48e28c FormatMessageW
0x48e290 GetExitCodeProcess
0x48e294 GetPrivateProfileStringW
0x48e298 WritePrivateProfileStringW
0x48e29c GetPrivateProfileSectionW
0x48e2a0 WritePrivateProfileSectionW
0x48e2a4 GetPrivateProfileSectionNamesW
0x48e2a8 FileTimeToLocalFileTime
0x48e2ac FileTimeToSystemTime
0x48e2b0 SystemTimeToFileTime
0x48e2b4 LocalFileTimeToFileTime
0x48e2b8 GetDriveTypeW
0x48e2bc GetDiskFreeSpaceExW
0x48e2c0 GetDiskFreeSpaceW
0x48e2c4 GetVolumeInformationW
0x48e2c8 SetVolumeLabelW
0x48e2cc CreateHardLinkW
0x48e2d0 SetFileAttributesW
0x48e2d4 CreateEventW
0x48e2d8 SetEvent
0x48e2dc GetEnvironmentVariableW
0x48e2e0 SetEnvironmentVariableW
0x48e2e4 GlobalLock
0x48e2e8 GlobalUnlock
0x48e2ec GlobalAlloc
0x48e2f0 GetFileSize
0x48e2f4 GlobalFree
0x48e2f8 GlobalMemoryStatusEx
0x48e2fc Beep
0x48e300 GetSystemDirectoryW
0x48e304 HeapReAlloc
0x48e308 HeapSize
0x48e30c GetComputerNameW
0x48e310 GetWindowsDirectoryW
0x48e314 GetCurrentProcessId
0x48e318 GetProcessIoCounters
0x48e31c CreateProcessW
0x48e320 GetProcessId
0x48e324 SetPriorityClass
0x48e328 LoadLibraryW
0x48e32c VirtualAlloc
0x48e330 IsDebuggerPresent
0x48e334 GetCurrentDirectoryW
0x48e338 lstrcmpiW
0x48e33c DecodePointer
0x48e340 GetLastError
0x48e344 RaiseException
0x48e348 InitializeCriticalSectionAndSpinCount
0x48e34c DeleteCriticalSection
0x48e350 InterlockedDecrement
0x48e354 InterlockedIncrement
0x48e358 GetCurrentThread
0x48e35c CloseHandle
0x48e360 GetFullPathNameW
0x48e364 EncodePointer
0x48e368 ExitProcess
0x48e36c GetModuleHandleExW
0x48e370 ExitThread
0x48e374 GetSystemTimeAsFileTime
0x48e378 ResumeThread
0x48e37c GetCommandLineW
0x48e380 IsProcessorFeaturePresent
0x48e384 IsValidCodePage
0x48e388 GetACP
0x48e38c GetOEMCP
0x48e390 GetCPInfo
0x48e394 SetLastError
0x48e398 UnhandledExceptionFilter
0x48e39c SetUnhandledExceptionFilter
0x48e3a0 TlsAlloc
0x48e3a4 TlsGetValue
0x48e3a8 TlsSetValue
0x48e3ac TlsFree
0x48e3b0 GetStartupInfoW
0x48e3b4 GetStringTypeW
0x48e3b8 SetStdHandle
0x48e3bc GetFileType
0x48e3c0 GetConsoleCP
0x48e3c4 GetConsoleMode
0x48e3c8 RtlUnwind
0x48e3cc ReadConsoleW
0x48e3d0 GetTimeZoneInformation
0x48e3d4 GetDateFormatW
0x48e3d8 GetTimeFormatW
0x48e3dc LCMapStringW
0x48e3e0 GetEnvironmentStringsW
0x48e3e4 FreeEnvironmentStringsW
0x48e3e8 WriteConsoleW
0x48e3ec FindClose
0x48e3f0 SetEnvironmentVariableA
USER32.dll
0x48e4cc AdjustWindowRectEx
0x48e4d0 CopyImage
0x48e4d4 SetWindowPos
0x48e4d8 GetCursorInfo
0x48e4dc RegisterHotKey
0x48e4e0 ClientToScreen
0x48e4e4 GetKeyboardLayoutNameW
0x48e4e8 IsCharAlphaW
0x48e4ec IsCharAlphaNumericW
0x48e4f0 IsCharLowerW
0x48e4f4 IsCharUpperW
0x48e4f8 GetMenuStringW
0x48e4fc GetSubMenu
0x48e500 GetCaretPos
0x48e504 IsZoomed
0x48e508 MonitorFromPoint
0x48e50c GetMonitorInfoW
0x48e510 SetWindowLongW
0x48e514 SetLayeredWindowAttributes
0x48e518 FlashWindow
0x48e51c GetClassLongW
0x48e520 TranslateAcceleratorW
0x48e524 IsDialogMessageW
0x48e528 GetSysColor
0x48e52c InflateRect
0x48e530 DrawFocusRect
0x48e534 DrawTextW
0x48e538 FrameRect
0x48e53c DrawFrameControl
0x48e540 FillRect
0x48e544 PtInRect
0x48e548 DestroyAcceleratorTable
0x48e54c CreateAcceleratorTableW
0x48e550 SetCursor
0x48e554 GetWindowDC
0x48e558 GetSystemMetrics
0x48e55c GetActiveWindow
0x48e560 CharNextW
0x48e564 wsprintfW
0x48e568 RedrawWindow
0x48e56c DrawMenuBar
0x48e570 DestroyMenu
0x48e574 SetMenu
0x48e578 GetWindowTextLengthW
0x48e57c CreateMenu
0x48e580 IsDlgButtonChecked
0x48e584 DefDlgProcW
0x48e588 CallWindowProcW
0x48e58c ReleaseCapture
0x48e590 SetCapture
0x48e594 CreateIconFromResourceEx
0x48e598 mouse_event
0x48e59c ExitWindowsEx
0x48e5a0 SetActiveWindow
0x48e5a4 FindWindowExW
0x48e5a8 EnumThreadWindows
0x48e5ac SetMenuDefaultItem
0x48e5b0 InsertMenuItemW
0x48e5b4 IsMenu
0x48e5b8 TrackPopupMenuEx
0x48e5bc GetCursorPos
0x48e5c0 DeleteMenu
0x48e5c4 SetRect
0x48e5c8 GetMenuItemID
0x48e5cc GetMenuItemCount
0x48e5d0 SetMenuItemInfoW
0x48e5d4 GetMenuItemInfoW
0x48e5d8 SetForegroundWindow
0x48e5dc IsIconic
0x48e5e0 FindWindowW
0x48e5e4 MonitorFromRect
0x48e5e8 keybd_event
0x48e5ec SendInput
0x48e5f0 GetAsyncKeyState
0x48e5f4 SetKeyboardState
0x48e5f8 GetKeyboardState
0x48e5fc GetKeyState
0x48e600 VkKeyScanW
0x48e604 LoadStringW
0x48e608 DialogBoxParamW
0x48e60c MessageBeep
0x48e610 EndDialog
0x48e614 SendDlgItemMessageW
0x48e618 GetDlgItem
0x48e61c SetWindowTextW
0x48e620 CopyRect
0x48e624 ReleaseDC
0x48e628 GetDC
0x48e62c EndPaint
0x48e630 BeginPaint
0x48e634 GetClientRect
0x48e638 GetMenu
0x48e63c DestroyWindow
0x48e640 EnumWindows
0x48e644 GetDesktopWindow
0x48e648 IsWindow
0x48e64c IsWindowEnabled
0x48e650 IsWindowVisible
0x48e654 EnableWindow
0x48e658 InvalidateRect
0x48e65c GetWindowLongW
0x48e660 GetWindowThreadProcessId
0x48e664 AttachThreadInput
0x48e668 GetFocus
0x48e66c GetWindowTextW
0x48e670 ScreenToClient
0x48e674 SendMessageTimeoutW
0x48e678 EnumChildWindows
0x48e67c CharUpperBuffW
0x48e680 GetParent
0x48e684 GetDlgCtrlID
0x48e688 SendMessageW
0x48e68c MapVirtualKeyW
0x48e690 PostMessageW
0x48e694 GetWindowRect
0x48e698 SetUserObjectSecurity
0x48e69c CloseDesktop
0x48e6a0 CloseWindowStation
0x48e6a4 OpenDesktopW
0x48e6a8 SetProcessWindowStation
0x48e6ac GetProcessWindowStation
0x48e6b0 OpenWindowStationW
0x48e6b4 GetUserObjectSecurity
0x48e6b8 MessageBoxW
0x48e6bc DefWindowProcW
0x48e6c0 SetClipboardData
0x48e6c4 EmptyClipboard
0x48e6c8 CountClipboardFormats
0x48e6cc CloseClipboard
0x48e6d0 GetClipboardData
0x48e6d4 IsClipboardFormatAvailable
0x48e6d8 OpenClipboard
0x48e6dc BlockInput
0x48e6e0 GetMessageW
0x48e6e4 LockWindowUpdate
0x48e6e8 DispatchMessageW
0x48e6ec TranslateMessage
0x48e6f0 PeekMessageW
0x48e6f4 UnregisterHotKey
0x48e6f8 CheckMenuRadioItem
0x48e6fc CharLowerBuffW
0x48e700 MoveWindow
0x48e704 SetFocus
0x48e708 PostQuitMessage
0x48e70c KillTimer
0x48e710 CreatePopupMenu
0x48e714 RegisterWindowMessageW
0x48e718 SetTimer
0x48e71c ShowWindow
0x48e720 CreateWindowExW
0x48e724 RegisterClassExW
0x48e728 LoadIconW
0x48e72c LoadCursorW
0x48e730 GetSysColorBrush
0x48e734 GetForegroundWindow
0x48e738 MessageBoxA
0x48e73c DestroyIcon
0x48e740 SystemParametersInfoW
0x48e744 LoadImageW
0x48e748 GetClassNameW
GDI32.dll
0x48e0c4 StrokePath
0x48e0c8 DeleteObject
0x48e0cc GetTextExtentPoint32W
0x48e0d0 ExtCreatePen
0x48e0d4 GetDeviceCaps
0x48e0d8 EndPath
0x48e0dc SetPixel
0x48e0e0 CloseFigure
0x48e0e4 CreateCompatibleBitmap
0x48e0e8 CreateCompatibleDC
0x48e0ec SelectObject
0x48e0f0 StretchBlt
0x48e0f4 GetDIBits
0x48e0f8 LineTo
0x48e0fc AngleArc
0x48e100 MoveToEx
0x48e104 Ellipse
0x48e108 DeleteDC
0x48e10c GetPixel
0x48e110 CreateDCW
0x48e114 GetStockObject
0x48e118 GetTextFaceW
0x48e11c CreateFontW
0x48e120 SetTextColor
0x48e124 PolyDraw
0x48e128 BeginPath
0x48e12c Rectangle
0x48e130 SetViewportOrgEx
0x48e134 GetObjectW
0x48e138 SetBkMode
0x48e13c RoundRect
0x48e140 SetBkColor
0x48e144 CreatePen
0x48e148 CreateSolidBrush
0x48e14c StrokeAndFillPath
COMDLG32.dll
0x48e0b8 GetOpenFileNameW
0x48e0bc GetSaveFileNameW
ADVAPI32.dll
0x48e000 GetAce
0x48e004 RegEnumValueW
0x48e008 RegDeleteValueW
0x48e00c RegDeleteKeyW
0x48e010 RegEnumKeyExW
0x48e014 RegSetValueExW
0x48e018 RegOpenKeyExW
0x48e01c RegCloseKey
0x48e020 RegQueryValueExW
0x48e024 RegConnectRegistryW
0x48e028 InitializeSecurityDescriptor
0x48e02c InitializeAcl
0x48e030 AdjustTokenPrivileges
0x48e034 OpenThreadToken
0x48e038 OpenProcessToken
0x48e03c LookupPrivilegeValueW
0x48e040 DuplicateTokenEx
0x48e044 CreateProcessAsUserW
0x48e048 CreateProcessWithLogonW
0x48e04c GetLengthSid
0x48e050 CopySid
0x48e054 LogonUserW
0x48e058 AllocateAndInitializeSid
0x48e05c CheckTokenMembership
0x48e060 RegCreateKeyExW
0x48e064 FreeSid
0x48e068 GetTokenInformation
0x48e06c GetSecurityDescriptorDacl
0x48e070 GetAclInformation
0x48e074 AddAce
0x48e078 SetSecurityDescriptorDacl
0x48e07c GetUserNameW
0x48e080 InitiateSystemShutdownExW
SHELL32.dll
0x48e48c DragQueryPoint
0x48e490 ShellExecuteExW
0x48e494 DragQueryFileW
0x48e498 SHEmptyRecycleBinW
0x48e49c SHGetPathFromIDListW
0x48e4a0 SHBrowseForFolderW
0x48e4a4 SHCreateShellItem
0x48e4a8 SHGetDesktopFolder
0x48e4ac SHGetSpecialFolderLocation
0x48e4b0 SHGetFolderPathW
0x48e4b4 SHFileOperationW
0x48e4b8 ExtractIconExW
0x48e4bc Shell_NotifyIconW
0x48e4c0 ShellExecuteW
0x48e4c4 DragFinish
ole32.dll
0x48e828 CoTaskMemAlloc
0x48e82c CoTaskMemFree
0x48e830 CLSIDFromString
0x48e834 ProgIDFromCLSID
0x48e838 CLSIDFromProgID
0x48e83c OleSetMenuDescriptor
0x48e840 MkParseDisplayName
0x48e844 OleSetContainedObject
0x48e848 CoCreateInstance
0x48e84c IIDFromString
0x48e850 StringFromGUID2
0x48e854 CreateStreamOnHGlobal
0x48e858 CoInitialize
0x48e85c CoUninitialize
0x48e860 GetRunningObjectTable
0x48e864 CoGetInstanceFromFile
0x48e868 CoGetObject
0x48e86c CoInitializeSecurity
0x48e870 CoCreateInstanceEx
0x48e874 CoSetProxyBlanket
OLEAUT32.dll
0x48e40c LoadTypeLibEx
0x48e410 VariantCopyInd
0x48e414 SysReAllocString
0x48e418 SysFreeString
0x48e41c SafeArrayDestroyDescriptor
0x48e420 SafeArrayDestroyData
0x48e424 SafeArrayUnaccessData
0x48e428 SafeArrayAccessData
0x48e42c SafeArrayAllocData
0x48e430 SafeArrayAllocDescriptorEx
0x48e434 SafeArrayCreateVector
0x48e438 RegisterTypeLib
0x48e43c CreateStdDispatch
0x48e440 DispCallFunc
0x48e444 VariantChangeType
0x48e448 SysStringLen
0x48e44c VariantTimeToSystemTime
0x48e450 VarR8FromDec
0x48e454 SafeArrayGetVartype
0x48e458 VariantCopy
0x48e45c VariantClear
0x48e460 OleLoadPicture
0x48e464 QueryPathOfRegTypeLib
0x48e468 RegisterTypeLibForUser
0x48e46c UnRegisterTypeLibForUser
0x48e470 UnRegisterTypeLib
0x48e474 CreateDispTypeInfo
0x48e478 SysAllocString
0x48e47c VariantInit
EAT(Export Address Table) is none
WSOCK32.dll
0x48e7c8 send
0x48e7cc socket
0x48e7d0 inet_ntoa
0x48e7d4 ntohs
0x48e7d8 recvfrom
0x48e7dc sendto
0x48e7e0 recv
0x48e7e4 __WSAFDIsSet
0x48e7e8 WSAStartup
0x48e7ec select
0x48e7f0 accept
0x48e7f4 listen
0x48e7f8 ind
0x48e7fc closesocket
0x48e800 WSACleanup
0x48e804 ioctlsocket
0x48e808 htons
0x48e80c WSAGetLastError
0x48e810 inet_addr
0x48e814 gethostbyname
0x48e818 gethostname
0x48e81c connect
0x48e820 setsockopt
VERSION.dll
0x48e76c GetFileVersionInfoW
0x48e770 VerQueryValueW
0x48e774 GetFileVersionInfoSizeW
WINMM.dll
0x48e7b8 timeGetTime
0x48e7bc waveOutSetVolume
0x48e7c0 mciSendStringW
COMCTL32.dll
0x48e088 ImageList_ReplaceIcon
0x48e08c ImageList_Destroy
0x48e090 ImageList_Remove
0x48e094 ImageList_SetDragCursorImage
0x48e098 ImageList_BeginDrag
0x48e09c ImageList_DragEnter
0x48e0a0 ImageList_DragLeave
0x48e0a4 ImageList_EndDrag
0x48e0a8 ImageList_DragMove
0x48e0ac InitCommonControlsEx
0x48e0b0 ImageList_Create
MPR.dll
0x48e3f8 WNetUseConnectionW
0x48e3fc WNetCancelConnection2W
0x48e400 WNetGetConnectionW
0x48e404 WNetAddConnection2W
WININET.dll
0x48e77c InternetReadFile
0x48e780 InternetCloseHandle
0x48e784 InternetOpenW
0x48e788 InternetSetOptionW
0x48e78c InternetCrackUrlW
0x48e790 HttpQueryInfoW
0x48e794 InternetConnectW
0x48e798 HttpOpenRequestW
0x48e79c HttpSendRequestW
0x48e7a0 FtpOpenFileW
0x48e7a4 FtpGetFileSize
0x48e7a8 InternetOpenUrlW
0x48e7ac InternetQueryOptionW
0x48e7b0 InternetQueryDataAvailable
PSAPI.DLL
0x48e484 GetProcessMemoryInfo
IPHLPAPI.DLL
0x48e154 IcmpCreateFile
0x48e158 IcmpCloseHandle
0x48e15c IcmpSendEcho
USERENV.dll
0x48e750 UnloadUserProfile
0x48e754 DestroyEnvironmentBlock
0x48e758 CreateEnvironmentBlock
0x48e75c LoadUserProfileW
UxTheme.dll
0x48e764 IsThemeActive
KERNEL32.dll
0x48e164 DuplicateHandle
0x48e168 CreateThread
0x48e16c WaitForSingleObject
0x48e170 HeapAlloc
0x48e174 GetProcessHeap
0x48e178 HeapFree
0x48e17c Sleep
0x48e180 GetCurrentThreadId
0x48e184 MultiByteToWideChar
0x48e188 MulDiv
0x48e18c GetVersionExW
0x48e190 IsWow64Process
0x48e194 GetSystemInfo
0x48e198 FreeLibrary
0x48e19c LoadLibraryA
0x48e1a0 GetProcAddress
0x48e1a4 SetErrorMode
0x48e1a8 GetModuleFileNameW
0x48e1ac WideCharToMultiByte
0x48e1b0 lstrcpyW
0x48e1b4 lstrlenW
0x48e1b8 GetModuleHandleW
0x48e1bc QueryPerformanceCounter
0x48e1c0 VirtualFreeEx
0x48e1c4 OpenProcess
0x48e1c8 VirtualAllocEx
0x48e1cc WriteProcessMemory
0x48e1d0 ReadProcessMemory
0x48e1d4 CreateFileW
0x48e1d8 SetFilePointerEx
0x48e1dc SetEndOfFile
0x48e1e0 ReadFile
0x48e1e4 WriteFile
0x48e1e8 FlushFileBuffers
0x48e1ec TerminateProcess
0x48e1f0 CreateToolhelp32Snapshot
0x48e1f4 Process32FirstW
0x48e1f8 Process32NextW
0x48e1fc SetFileTime
0x48e200 GetFileAttributesW
0x48e204 FindFirstFileW
0x48e208 SetCurrentDirectoryW
0x48e20c GetLongPathNameW
0x48e210 GetShortPathNameW
0x48e214 DeleteFileW
0x48e218 FindNextFileW
0x48e21c CopyFileExW
0x48e220 MoveFileW
0x48e224 CreateDirectoryW
0x48e228 RemoveDirectoryW
0x48e22c SetSystemPowerState
0x48e230 QueryPerformanceFrequency
0x48e234 FindResourceW
0x48e238 LoadResource
0x48e23c LockResource
0x48e240 SizeofResource
0x48e244 EnumResourceNamesW
0x48e248 OutputDebugStringW
0x48e24c GetTempPathW
0x48e250 GetTempFileNameW
0x48e254 DeviceIoControl
0x48e258 GetLocalTime
0x48e25c CompareStringW
0x48e260 GetCurrentProcess
0x48e264 EnterCriticalSection
0x48e268 LeaveCriticalSection
0x48e26c GetStdHandle
0x48e270 CreatePipe
0x48e274 InterlockedExchange
0x48e278 TerminateThread
0x48e27c LoadLibraryExW
0x48e280 FindResourceExW
0x48e284 CopyFileW
0x48e288 VirtualFree
0x48e28c FormatMessageW
0x48e290 GetExitCodeProcess
0x48e294 GetPrivateProfileStringW
0x48e298 WritePrivateProfileStringW
0x48e29c GetPrivateProfileSectionW
0x48e2a0 WritePrivateProfileSectionW
0x48e2a4 GetPrivateProfileSectionNamesW
0x48e2a8 FileTimeToLocalFileTime
0x48e2ac FileTimeToSystemTime
0x48e2b0 SystemTimeToFileTime
0x48e2b4 LocalFileTimeToFileTime
0x48e2b8 GetDriveTypeW
0x48e2bc GetDiskFreeSpaceExW
0x48e2c0 GetDiskFreeSpaceW
0x48e2c4 GetVolumeInformationW
0x48e2c8 SetVolumeLabelW
0x48e2cc CreateHardLinkW
0x48e2d0 SetFileAttributesW
0x48e2d4 CreateEventW
0x48e2d8 SetEvent
0x48e2dc GetEnvironmentVariableW
0x48e2e0 SetEnvironmentVariableW
0x48e2e4 GlobalLock
0x48e2e8 GlobalUnlock
0x48e2ec GlobalAlloc
0x48e2f0 GetFileSize
0x48e2f4 GlobalFree
0x48e2f8 GlobalMemoryStatusEx
0x48e2fc Beep
0x48e300 GetSystemDirectoryW
0x48e304 HeapReAlloc
0x48e308 HeapSize
0x48e30c GetComputerNameW
0x48e310 GetWindowsDirectoryW
0x48e314 GetCurrentProcessId
0x48e318 GetProcessIoCounters
0x48e31c CreateProcessW
0x48e320 GetProcessId
0x48e324 SetPriorityClass
0x48e328 LoadLibraryW
0x48e32c VirtualAlloc
0x48e330 IsDebuggerPresent
0x48e334 GetCurrentDirectoryW
0x48e338 lstrcmpiW
0x48e33c DecodePointer
0x48e340 GetLastError
0x48e344 RaiseException
0x48e348 InitializeCriticalSectionAndSpinCount
0x48e34c DeleteCriticalSection
0x48e350 InterlockedDecrement
0x48e354 InterlockedIncrement
0x48e358 GetCurrentThread
0x48e35c CloseHandle
0x48e360 GetFullPathNameW
0x48e364 EncodePointer
0x48e368 ExitProcess
0x48e36c GetModuleHandleExW
0x48e370 ExitThread
0x48e374 GetSystemTimeAsFileTime
0x48e378 ResumeThread
0x48e37c GetCommandLineW
0x48e380 IsProcessorFeaturePresent
0x48e384 IsValidCodePage
0x48e388 GetACP
0x48e38c GetOEMCP
0x48e390 GetCPInfo
0x48e394 SetLastError
0x48e398 UnhandledExceptionFilter
0x48e39c SetUnhandledExceptionFilter
0x48e3a0 TlsAlloc
0x48e3a4 TlsGetValue
0x48e3a8 TlsSetValue
0x48e3ac TlsFree
0x48e3b0 GetStartupInfoW
0x48e3b4 GetStringTypeW
0x48e3b8 SetStdHandle
0x48e3bc GetFileType
0x48e3c0 GetConsoleCP
0x48e3c4 GetConsoleMode
0x48e3c8 RtlUnwind
0x48e3cc ReadConsoleW
0x48e3d0 GetTimeZoneInformation
0x48e3d4 GetDateFormatW
0x48e3d8 GetTimeFormatW
0x48e3dc LCMapStringW
0x48e3e0 GetEnvironmentStringsW
0x48e3e4 FreeEnvironmentStringsW
0x48e3e8 WriteConsoleW
0x48e3ec FindClose
0x48e3f0 SetEnvironmentVariableA
USER32.dll
0x48e4cc AdjustWindowRectEx
0x48e4d0 CopyImage
0x48e4d4 SetWindowPos
0x48e4d8 GetCursorInfo
0x48e4dc RegisterHotKey
0x48e4e0 ClientToScreen
0x48e4e4 GetKeyboardLayoutNameW
0x48e4e8 IsCharAlphaW
0x48e4ec IsCharAlphaNumericW
0x48e4f0 IsCharLowerW
0x48e4f4 IsCharUpperW
0x48e4f8 GetMenuStringW
0x48e4fc GetSubMenu
0x48e500 GetCaretPos
0x48e504 IsZoomed
0x48e508 MonitorFromPoint
0x48e50c GetMonitorInfoW
0x48e510 SetWindowLongW
0x48e514 SetLayeredWindowAttributes
0x48e518 FlashWindow
0x48e51c GetClassLongW
0x48e520 TranslateAcceleratorW
0x48e524 IsDialogMessageW
0x48e528 GetSysColor
0x48e52c InflateRect
0x48e530 DrawFocusRect
0x48e534 DrawTextW
0x48e538 FrameRect
0x48e53c DrawFrameControl
0x48e540 FillRect
0x48e544 PtInRect
0x48e548 DestroyAcceleratorTable
0x48e54c CreateAcceleratorTableW
0x48e550 SetCursor
0x48e554 GetWindowDC
0x48e558 GetSystemMetrics
0x48e55c GetActiveWindow
0x48e560 CharNextW
0x48e564 wsprintfW
0x48e568 RedrawWindow
0x48e56c DrawMenuBar
0x48e570 DestroyMenu
0x48e574 SetMenu
0x48e578 GetWindowTextLengthW
0x48e57c CreateMenu
0x48e580 IsDlgButtonChecked
0x48e584 DefDlgProcW
0x48e588 CallWindowProcW
0x48e58c ReleaseCapture
0x48e590 SetCapture
0x48e594 CreateIconFromResourceEx
0x48e598 mouse_event
0x48e59c ExitWindowsEx
0x48e5a0 SetActiveWindow
0x48e5a4 FindWindowExW
0x48e5a8 EnumThreadWindows
0x48e5ac SetMenuDefaultItem
0x48e5b0 InsertMenuItemW
0x48e5b4 IsMenu
0x48e5b8 TrackPopupMenuEx
0x48e5bc GetCursorPos
0x48e5c0 DeleteMenu
0x48e5c4 SetRect
0x48e5c8 GetMenuItemID
0x48e5cc GetMenuItemCount
0x48e5d0 SetMenuItemInfoW
0x48e5d4 GetMenuItemInfoW
0x48e5d8 SetForegroundWindow
0x48e5dc IsIconic
0x48e5e0 FindWindowW
0x48e5e4 MonitorFromRect
0x48e5e8 keybd_event
0x48e5ec SendInput
0x48e5f0 GetAsyncKeyState
0x48e5f4 SetKeyboardState
0x48e5f8 GetKeyboardState
0x48e5fc GetKeyState
0x48e600 VkKeyScanW
0x48e604 LoadStringW
0x48e608 DialogBoxParamW
0x48e60c MessageBeep
0x48e610 EndDialog
0x48e614 SendDlgItemMessageW
0x48e618 GetDlgItem
0x48e61c SetWindowTextW
0x48e620 CopyRect
0x48e624 ReleaseDC
0x48e628 GetDC
0x48e62c EndPaint
0x48e630 BeginPaint
0x48e634 GetClientRect
0x48e638 GetMenu
0x48e63c DestroyWindow
0x48e640 EnumWindows
0x48e644 GetDesktopWindow
0x48e648 IsWindow
0x48e64c IsWindowEnabled
0x48e650 IsWindowVisible
0x48e654 EnableWindow
0x48e658 InvalidateRect
0x48e65c GetWindowLongW
0x48e660 GetWindowThreadProcessId
0x48e664 AttachThreadInput
0x48e668 GetFocus
0x48e66c GetWindowTextW
0x48e670 ScreenToClient
0x48e674 SendMessageTimeoutW
0x48e678 EnumChildWindows
0x48e67c CharUpperBuffW
0x48e680 GetParent
0x48e684 GetDlgCtrlID
0x48e688 SendMessageW
0x48e68c MapVirtualKeyW
0x48e690 PostMessageW
0x48e694 GetWindowRect
0x48e698 SetUserObjectSecurity
0x48e69c CloseDesktop
0x48e6a0 CloseWindowStation
0x48e6a4 OpenDesktopW
0x48e6a8 SetProcessWindowStation
0x48e6ac GetProcessWindowStation
0x48e6b0 OpenWindowStationW
0x48e6b4 GetUserObjectSecurity
0x48e6b8 MessageBoxW
0x48e6bc DefWindowProcW
0x48e6c0 SetClipboardData
0x48e6c4 EmptyClipboard
0x48e6c8 CountClipboardFormats
0x48e6cc CloseClipboard
0x48e6d0 GetClipboardData
0x48e6d4 IsClipboardFormatAvailable
0x48e6d8 OpenClipboard
0x48e6dc BlockInput
0x48e6e0 GetMessageW
0x48e6e4 LockWindowUpdate
0x48e6e8 DispatchMessageW
0x48e6ec TranslateMessage
0x48e6f0 PeekMessageW
0x48e6f4 UnregisterHotKey
0x48e6f8 CheckMenuRadioItem
0x48e6fc CharLowerBuffW
0x48e700 MoveWindow
0x48e704 SetFocus
0x48e708 PostQuitMessage
0x48e70c KillTimer
0x48e710 CreatePopupMenu
0x48e714 RegisterWindowMessageW
0x48e718 SetTimer
0x48e71c ShowWindow
0x48e720 CreateWindowExW
0x48e724 RegisterClassExW
0x48e728 LoadIconW
0x48e72c LoadCursorW
0x48e730 GetSysColorBrush
0x48e734 GetForegroundWindow
0x48e738 MessageBoxA
0x48e73c DestroyIcon
0x48e740 SystemParametersInfoW
0x48e744 LoadImageW
0x48e748 GetClassNameW
GDI32.dll
0x48e0c4 StrokePath
0x48e0c8 DeleteObject
0x48e0cc GetTextExtentPoint32W
0x48e0d0 ExtCreatePen
0x48e0d4 GetDeviceCaps
0x48e0d8 EndPath
0x48e0dc SetPixel
0x48e0e0 CloseFigure
0x48e0e4 CreateCompatibleBitmap
0x48e0e8 CreateCompatibleDC
0x48e0ec SelectObject
0x48e0f0 StretchBlt
0x48e0f4 GetDIBits
0x48e0f8 LineTo
0x48e0fc AngleArc
0x48e100 MoveToEx
0x48e104 Ellipse
0x48e108 DeleteDC
0x48e10c GetPixel
0x48e110 CreateDCW
0x48e114 GetStockObject
0x48e118 GetTextFaceW
0x48e11c CreateFontW
0x48e120 SetTextColor
0x48e124 PolyDraw
0x48e128 BeginPath
0x48e12c Rectangle
0x48e130 SetViewportOrgEx
0x48e134 GetObjectW
0x48e138 SetBkMode
0x48e13c RoundRect
0x48e140 SetBkColor
0x48e144 CreatePen
0x48e148 CreateSolidBrush
0x48e14c StrokeAndFillPath
COMDLG32.dll
0x48e0b8 GetOpenFileNameW
0x48e0bc GetSaveFileNameW
ADVAPI32.dll
0x48e000 GetAce
0x48e004 RegEnumValueW
0x48e008 RegDeleteValueW
0x48e00c RegDeleteKeyW
0x48e010 RegEnumKeyExW
0x48e014 RegSetValueExW
0x48e018 RegOpenKeyExW
0x48e01c RegCloseKey
0x48e020 RegQueryValueExW
0x48e024 RegConnectRegistryW
0x48e028 InitializeSecurityDescriptor
0x48e02c InitializeAcl
0x48e030 AdjustTokenPrivileges
0x48e034 OpenThreadToken
0x48e038 OpenProcessToken
0x48e03c LookupPrivilegeValueW
0x48e040 DuplicateTokenEx
0x48e044 CreateProcessAsUserW
0x48e048 CreateProcessWithLogonW
0x48e04c GetLengthSid
0x48e050 CopySid
0x48e054 LogonUserW
0x48e058 AllocateAndInitializeSid
0x48e05c CheckTokenMembership
0x48e060 RegCreateKeyExW
0x48e064 FreeSid
0x48e068 GetTokenInformation
0x48e06c GetSecurityDescriptorDacl
0x48e070 GetAclInformation
0x48e074 AddAce
0x48e078 SetSecurityDescriptorDacl
0x48e07c GetUserNameW
0x48e080 InitiateSystemShutdownExW
SHELL32.dll
0x48e48c DragQueryPoint
0x48e490 ShellExecuteExW
0x48e494 DragQueryFileW
0x48e498 SHEmptyRecycleBinW
0x48e49c SHGetPathFromIDListW
0x48e4a0 SHBrowseForFolderW
0x48e4a4 SHCreateShellItem
0x48e4a8 SHGetDesktopFolder
0x48e4ac SHGetSpecialFolderLocation
0x48e4b0 SHGetFolderPathW
0x48e4b4 SHFileOperationW
0x48e4b8 ExtractIconExW
0x48e4bc Shell_NotifyIconW
0x48e4c0 ShellExecuteW
0x48e4c4 DragFinish
ole32.dll
0x48e828 CoTaskMemAlloc
0x48e82c CoTaskMemFree
0x48e830 CLSIDFromString
0x48e834 ProgIDFromCLSID
0x48e838 CLSIDFromProgID
0x48e83c OleSetMenuDescriptor
0x48e840 MkParseDisplayName
0x48e844 OleSetContainedObject
0x48e848 CoCreateInstance
0x48e84c IIDFromString
0x48e850 StringFromGUID2
0x48e854 CreateStreamOnHGlobal
0x48e858 CoInitialize
0x48e85c CoUninitialize
0x48e860 GetRunningObjectTable
0x48e864 CoGetInstanceFromFile
0x48e868 CoGetObject
0x48e86c CoInitializeSecurity
0x48e870 CoCreateInstanceEx
0x48e874 CoSetProxyBlanket
OLEAUT32.dll
0x48e40c LoadTypeLibEx
0x48e410 VariantCopyInd
0x48e414 SysReAllocString
0x48e418 SysFreeString
0x48e41c SafeArrayDestroyDescriptor
0x48e420 SafeArrayDestroyData
0x48e424 SafeArrayUnaccessData
0x48e428 SafeArrayAccessData
0x48e42c SafeArrayAllocData
0x48e430 SafeArrayAllocDescriptorEx
0x48e434 SafeArrayCreateVector
0x48e438 RegisterTypeLib
0x48e43c CreateStdDispatch
0x48e440 DispCallFunc
0x48e444 VariantChangeType
0x48e448 SysStringLen
0x48e44c VariantTimeToSystemTime
0x48e450 VarR8FromDec
0x48e454 SafeArrayGetVartype
0x48e458 VariantCopy
0x48e45c VariantClear
0x48e460 OleLoadPicture
0x48e464 QueryPathOfRegTypeLib
0x48e468 RegisterTypeLibForUser
0x48e46c UnRegisterTypeLibForUser
0x48e470 UnRegisterTypeLib
0x48e474 CreateDispTypeInfo
0x48e478 SysAllocString
0x48e47c VariantInit
EAT(Export Address Table) is none