ScreenShot
| Created | 2024.08.02 17:25 | Machine | s1_win7_x6403 |
| Filename | guardservice.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (AIDetectMalware, malicious, high confidence, score, Fragtor, Unsafe, Save, BlackMoon, Attribute, HighConfidence, CoinMiner, Tiggre, high, Generic ML PUA, Static AI, Malicious PE, Genome, bmrr, Detected, ai score=80, Blamon, Wacatac, Tiny, Eldorado, ZexaF, qq0@aWX2otjb, BScope, Runshell, Dinwod, frindll, ESFJ, confidence) | ||
| md5 | d0e4beee4073fbe4ffeaf89c052eab2b | ||
| sha256 | fce63851c1d0a4bf68fb415fac1dae78bcadd13b8fd0e8acb2d4bd84c843b2d3 | ||
| ssdeep | 3072:3TQ+RgPx3Bl6wY6PGrmemXLaQwZz4Iux6Yk2UrMKN4uryMXgVI4bHCm7AmyRctPO:3h6Mmr21v4KSEyVyRSxo | ||
| imphash | dee0ccc4196dd26c7b7a184f6b492ac9 | ||
| impfuzzy | 192:RTkftDeIUsbqkIrRwkl3OfcncBMfPusuA4cq7z:RTyDRi3eacMHVF4cq7z | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Installs itself for autorun at Windows startup |
| notice | An executable file was downloaded by the process guardservice.exe |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (20cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
| info | Lnk_Format_Zero | LNK Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x435384 PathFileExistsA
KERNEL32.dll
0x4350d0 GetCurrentProcess
0x4350d4 OpenProcess
0x4350d8 LocalAlloc
0x4350dc LocalFree
0x4350e0 CloseHandle
0x4350e4 CreateToolhelp32Snapshot
0x4350e8 Process32First
0x4350ec Process32Next
0x4350f0 GetTickCount
0x4350f4 lstrlenW
0x4350f8 WideCharToMultiByte
0x4350fc MultiByteToWideChar
0x435100 WaitForSingleObject
0x435104 TerminateProcess
0x435108 GetCurrentDirectoryW
0x43510c GlobalAlloc
0x435110 GlobalFree
0x435114 GetProcessHeap
0x435118 HeapAlloc
0x43511c RtlMoveMemory
0x435120 HeapFree
0x435124 lstrcpyn
0x435128 lstrcatA
0x43512c GetModuleHandleA
0x435130 ExitProcess
0x435134 HeapReAlloc
0x435138 IsBadReadPtr
0x43513c GetModuleFileNameA
0x435140 Sleep
0x435144 GetLocalTime
0x435148 CreateDirectoryA
0x43514c ReadFile
0x435150 GetFileSize
0x435154 CreateFileA
0x435158 WriteFile
0x43515c GetUserDefaultLCID
0x435160 GlobalUnlock
0x435164 GlobalLock
0x435168 SetFilePointer
0x43516c GetCommandLineA
0x435170 FreeLibrary
0x435174 GetProcAddress
0x435178 LoadLibraryA
0x43517c LCMapStringA
0x435180 EnterCriticalSection
0x435184 InitializeCriticalSection
0x435188 LeaveCriticalSection
0x43518c InterlockedExchange
0x435190 SetEnvironmentVariableA
0x435194 CompareStringW
0x435198 CompareStringA
0x43519c SetStdHandle
0x4351a0 IsBadCodePtr
0x4351a4 GetStringTypeW
0x4351a8 GetStringTypeA
0x4351ac SetUnhandledExceptionFilter
0x4351b0 LCMapStringW
0x4351b4 VirtualAlloc
0x4351b8 VirtualFree
0x4351bc HeapCreate
0x4351c0 HeapDestroy
0x4351c4 GetEnvironmentVariableA
0x4351c8 GetFileType
0x4351cc GetStdHandle
0x4351d0 SetHandleCount
0x4351d4 GetEnvironmentStringsW
0x4351d8 GetEnvironmentStrings
0x4351dc FreeEnvironmentStringsW
0x4351e0 FreeEnvironmentStringsA
0x4351e4 UnhandledExceptionFilter
0x4351e8 GetACP
0x4351ec DeleteFileA
0x4351f0 FindClose
0x4351f4 FindNextFileA
0x4351f8 FindFirstFileA
0x4351fc GetLastError
0x435200 GetVersionExA
0x435204 GetDriveTypeA
0x435208 lstrcpyA
0x43520c lstrlenA
0x435210 SetLastError
0x435214 LockResource
0x435218 LoadResource
0x43521c FindResourceA
0x435220 GetTimeZoneInformation
0x435224 GetVersion
0x435228 GetCurrentThreadId
0x43522c GetCurrentThread
0x435230 lstrcmpiA
0x435234 lstrcmpA
0x435238 GlobalDeleteAtom
0x43523c InterlockedIncrement
0x435240 InterlockedDecrement
0x435244 MulDiv
0x435248 IsBadWritePtr
0x43524c FlushFileBuffers
0x435250 lstrcpynA
0x435254 GetFullPathNameA
0x435258 TlsAlloc
0x43525c DeleteCriticalSection
0x435260 GlobalHandle
0x435264 TlsFree
0x435268 GlobalReAlloc
0x43526c TlsSetValue
0x435270 LocalReAlloc
0x435274 TlsGetValue
0x435278 GlobalFlags
0x43527c WritePrivateProfileStringA
0x435280 GetCurrentDirectoryA
0x435284 GlobalFindAtomA
0x435288 GlobalAddAtomA
0x43528c GlobalGetAtomNameA
0x435290 GetProcessVersion
0x435294 SetErrorMode
0x435298 FileTimeToSystemTime
0x43529c FileTimeToLocalFileTime
0x4352a0 GetCPInfo
0x4352a4 GetOEMCP
0x4352a8 GetStartupInfoA
0x4352ac RtlUnwind
0x4352b0 RaiseException
0x4352b4 HeapSize
USER32.dll
0x43538c GetMenuCheckMarkDimensions
0x435390 RegisterClipboardFormatA
0x435394 ClientToScreen
0x435398 TabbedTextOutA
0x43539c DrawTextA
0x4353a0 GrayStringA
0x4353a4 UnhookWindowsHookEx
0x4353a8 DestroyWindow
0x4353ac CreateDialogIndirectParamA
0x4353b0 SetActiveWindow
0x4353b4 EndDialog
0x4353b8 GetDlgCtrlID
0x4353bc SetWindowTextA
0x4353c0 GetMenuItemCount
0x4353c4 SendDlgItemMessageA
0x4353c8 IsDialogMessageA
0x4353cc SetWindowPos
0x4353d0 SetFocus
0x4353d4 GetWindowPlacement
0x4353d8 IsIconic
0x4353dc RegisterWindowMessageA
0x4353e0 SetForegroundWindow
0x4353e4 GetForegroundWindow
0x4353e8 GetMessagePos
0x4353ec GetMessageTime
0x4353f0 DefWindowProcA
0x4353f4 RemovePropA
0x4353f8 GetPropA
0x4353fc SetPropA
0x435400 GetClassLongA
0x435404 CreateWindowExA
0x435408 GetMenuItemID
0x43540c GetSubMenu
0x435410 GetMenu
0x435414 RegisterClassA
0x435418 GetClassInfoA
0x43541c WinHelpA
0x435420 GetCapture
0x435424 GetTopWindow
0x435428 CopyRect
0x43542c GetClientRect
0x435430 AdjustWindowRectEx
0x435434 GetSysColor
0x435438 MapWindowPoints
0x43543c LoadIconA
0x435440 LoadCursorA
0x435444 GetSysColorBrush
0x435448 LoadStringA
0x43544c UnregisterClassA
0x435450 PostThreadMessageA
0x435454 DestroyMenu
0x435458 LoadBitmapA
0x43545c GetMenuState
0x435460 ModifyMenuA
0x435464 SetMenuItemBitmaps
0x435468 CheckMenuItem
0x43546c EnableMenuItem
0x435470 GetFocus
0x435474 GetNextDlgTabItem
0x435478 GetActiveWindow
0x43547c GetKeyState
0x435480 CallNextHookEx
0x435484 ValidateRect
0x435488 SetWindowsHookExA
0x43548c GetLastActivePopup
0x435490 IsWindowEnabled
0x435494 EnableWindow
0x435498 SetCursor
0x43549c PostMessageA
0x4354a0 PostQuitMessage
0x4354a4 GetWindow
0x4354a8 PtInRect
0x4354ac GetWindowLongA
0x4354b0 GetWindowTextA
0x4354b4 GetCursorPos
0x4354b8 SetWindowLongA
0x4354bc GetDlgItem
0x4354c0 ShowWindow
0x4354c4 UpdateWindow
0x4354c8 SystemParametersInfoA
0x4354cc GetDC
0x4354d0 ReleaseDC
0x4354d4 IsWindow
0x4354d8 SendMessageA
0x4354dc GetWindowRect
0x4354e0 GetSystemMetrics
0x4354e4 FindWindowExA
0x4354e8 IsWindowVisible
0x4354ec GetWindowThreadProcessId
0x4354f0 GetParent
0x4354f4 GetClassNameA
0x4354f8 GetWindowTextLengthW
0x4354fc GetWindowTextW
0x435500 GetInputState
0x435504 CallWindowProcA
0x435508 MessageBoxA
0x43550c wsprintfA
0x435510 DispatchMessageA
0x435514 TranslateMessage
0x435518 GetMessageA
0x43551c PeekMessageA
GDI32.dll
0x43506c GetClipBox
0x435070 GetObjectA
0x435074 GetStockObject
0x435078 ScaleWindowExtEx
0x43507c SetWindowExtEx
0x435080 ScaleViewportExtEx
0x435084 SetViewportExtEx
0x435088 OffsetViewportOrgEx
0x43508c SetViewportOrgEx
0x435090 SetMapMode
0x435094 SetTextColor
0x435098 SetBkColor
0x43509c RestoreDC
0x4350a0 SaveDC
0x4350a4 CreateBitmap
0x4350a8 GetDeviceCaps
0x4350ac SelectObject
0x4350b0 DeleteDC
0x4350b4 DeleteObject
0x4350b8 PtVisible
0x4350bc RectVisible
0x4350c0 TextOutA
0x4350c4 ExtTextOutA
0x4350c8 Escape
ADVAPI32.dll
0x435000 RegOpenKeyExA
0x435004 RegCreateKeyExA
0x435008 RegSetValueExA
0x43500c RegOpenKeyA
0x435010 RegQueryValueExA
0x435014 RegCloseKey
0x435018 EnumDependentServicesA
0x43501c EnumServicesStatusExA
0x435020 EnumServicesStatusA
0x435024 ChangeServiceConfigA
0x435028 ControlService
0x43502c StartServiceA
0x435030 DeleteService
0x435034 CreateServiceA
0x435038 GetServiceKeyNameA
0x43503c GetServiceDisplayNameA
0x435040 ChangeServiceConfig2A
0x435044 QueryServiceConfig2A
0x435048 QueryServiceConfigA
0x43504c CloseServiceHandle
0x435050 QueryServiceStatus
0x435054 OpenServiceA
0x435058 OpenSCManagerA
0x43505c RegDeleteValueA
SHELL32.dll
0x435374 SHChangeNotify
0x435378 ShellExecuteExW
0x43537c SHGetSpecialFolderPathA
ole32.dll
0x435560 CLSIDFromProgID
0x435564 OleRun
0x435568 CoUninitialize
0x43556c CoCreateInstance
0x435570 CLSIDFromString
0x435574 OleInitialize
0x435578 OleUninitialize
0x43557c CoFreeUnusedLibraries
0x435580 CoRegisterMessageFilter
0x435584 CoRevokeClassObject
0x435588 OleFlushClipboard
0x43558c OleIsCurrentClipboard
0x435590 CoInitialize
WININET.dll
0x435524 HttpQueryInfoA
0x435528 InternetOpenUrlA
0x43552c InternetOpenA
0x435530 InternetReadFile
0x435534 InternetCloseHandle
0x435538 InternetConnectA
0x43553c FtpFindFirstFileA
0x435540 FtpOpenFileA
0x435544 InternetSetFilePointer
0x435548 InternetGetConnectedState
ODBC32.dll
0x4352bc None
0x4352c0 None
0x4352c4 None
0x4352c8 None
0x4352cc None
0x4352d0 None
0x4352d4 None
0x4352d8 None
0x4352dc None
0x4352e0 None
0x4352e4 None
0x4352e8 None
0x4352ec None
0x4352f0 None
0x4352f4 None
0x4352f8 None
0x4352fc None
0x435300 None
0x435304 None
0x435308 None
oledlg.dll
0x435598 None
OLEAUT32.dll
0x435310 SysAllocString
0x435314 VariantCopy
0x435318 RegisterTypeLib
0x43531c LHashValOfNameSys
0x435320 LoadTypeLib
0x435324 VariantChangeType
0x435328 VarR8FromBool
0x43532c VarR8FromCy
0x435330 SysFreeString
0x435334 VariantClear
0x435338 SafeArrayDestroy
0x43533c SafeArrayCreate
0x435340 SystemTimeToVariantTime
0x435344 VariantTimeToSystemTime
0x435348 SafeArrayDestroyDescriptor
0x43534c VariantInit
0x435350 SafeArrayAllocDescriptor
0x435354 SafeArrayAllocData
0x435358 SafeArrayGetDim
0x43535c SafeArrayGetLBound
0x435360 SafeArrayGetUBound
0x435364 SafeArrayAccessData
0x435368 SafeArrayUnaccessData
0x43536c SafeArrayGetElemsize
WINSPOOL.DRV
0x435550 OpenPrinterA
0x435554 ClosePrinter
0x435558 DocumentPropertiesA
COMCTL32.dll
0x435064 None
EAT(Export Address Table) is none
SHLWAPI.dll
0x435384 PathFileExistsA
KERNEL32.dll
0x4350d0 GetCurrentProcess
0x4350d4 OpenProcess
0x4350d8 LocalAlloc
0x4350dc LocalFree
0x4350e0 CloseHandle
0x4350e4 CreateToolhelp32Snapshot
0x4350e8 Process32First
0x4350ec Process32Next
0x4350f0 GetTickCount
0x4350f4 lstrlenW
0x4350f8 WideCharToMultiByte
0x4350fc MultiByteToWideChar
0x435100 WaitForSingleObject
0x435104 TerminateProcess
0x435108 GetCurrentDirectoryW
0x43510c GlobalAlloc
0x435110 GlobalFree
0x435114 GetProcessHeap
0x435118 HeapAlloc
0x43511c RtlMoveMemory
0x435120 HeapFree
0x435124 lstrcpyn
0x435128 lstrcatA
0x43512c GetModuleHandleA
0x435130 ExitProcess
0x435134 HeapReAlloc
0x435138 IsBadReadPtr
0x43513c GetModuleFileNameA
0x435140 Sleep
0x435144 GetLocalTime
0x435148 CreateDirectoryA
0x43514c ReadFile
0x435150 GetFileSize
0x435154 CreateFileA
0x435158 WriteFile
0x43515c GetUserDefaultLCID
0x435160 GlobalUnlock
0x435164 GlobalLock
0x435168 SetFilePointer
0x43516c GetCommandLineA
0x435170 FreeLibrary
0x435174 GetProcAddress
0x435178 LoadLibraryA
0x43517c LCMapStringA
0x435180 EnterCriticalSection
0x435184 InitializeCriticalSection
0x435188 LeaveCriticalSection
0x43518c InterlockedExchange
0x435190 SetEnvironmentVariableA
0x435194 CompareStringW
0x435198 CompareStringA
0x43519c SetStdHandle
0x4351a0 IsBadCodePtr
0x4351a4 GetStringTypeW
0x4351a8 GetStringTypeA
0x4351ac SetUnhandledExceptionFilter
0x4351b0 LCMapStringW
0x4351b4 VirtualAlloc
0x4351b8 VirtualFree
0x4351bc HeapCreate
0x4351c0 HeapDestroy
0x4351c4 GetEnvironmentVariableA
0x4351c8 GetFileType
0x4351cc GetStdHandle
0x4351d0 SetHandleCount
0x4351d4 GetEnvironmentStringsW
0x4351d8 GetEnvironmentStrings
0x4351dc FreeEnvironmentStringsW
0x4351e0 FreeEnvironmentStringsA
0x4351e4 UnhandledExceptionFilter
0x4351e8 GetACP
0x4351ec DeleteFileA
0x4351f0 FindClose
0x4351f4 FindNextFileA
0x4351f8 FindFirstFileA
0x4351fc GetLastError
0x435200 GetVersionExA
0x435204 GetDriveTypeA
0x435208 lstrcpyA
0x43520c lstrlenA
0x435210 SetLastError
0x435214 LockResource
0x435218 LoadResource
0x43521c FindResourceA
0x435220 GetTimeZoneInformation
0x435224 GetVersion
0x435228 GetCurrentThreadId
0x43522c GetCurrentThread
0x435230 lstrcmpiA
0x435234 lstrcmpA
0x435238 GlobalDeleteAtom
0x43523c InterlockedIncrement
0x435240 InterlockedDecrement
0x435244 MulDiv
0x435248 IsBadWritePtr
0x43524c FlushFileBuffers
0x435250 lstrcpynA
0x435254 GetFullPathNameA
0x435258 TlsAlloc
0x43525c DeleteCriticalSection
0x435260 GlobalHandle
0x435264 TlsFree
0x435268 GlobalReAlloc
0x43526c TlsSetValue
0x435270 LocalReAlloc
0x435274 TlsGetValue
0x435278 GlobalFlags
0x43527c WritePrivateProfileStringA
0x435280 GetCurrentDirectoryA
0x435284 GlobalFindAtomA
0x435288 GlobalAddAtomA
0x43528c GlobalGetAtomNameA
0x435290 GetProcessVersion
0x435294 SetErrorMode
0x435298 FileTimeToSystemTime
0x43529c FileTimeToLocalFileTime
0x4352a0 GetCPInfo
0x4352a4 GetOEMCP
0x4352a8 GetStartupInfoA
0x4352ac RtlUnwind
0x4352b0 RaiseException
0x4352b4 HeapSize
USER32.dll
0x43538c GetMenuCheckMarkDimensions
0x435390 RegisterClipboardFormatA
0x435394 ClientToScreen
0x435398 TabbedTextOutA
0x43539c DrawTextA
0x4353a0 GrayStringA
0x4353a4 UnhookWindowsHookEx
0x4353a8 DestroyWindow
0x4353ac CreateDialogIndirectParamA
0x4353b0 SetActiveWindow
0x4353b4 EndDialog
0x4353b8 GetDlgCtrlID
0x4353bc SetWindowTextA
0x4353c0 GetMenuItemCount
0x4353c4 SendDlgItemMessageA
0x4353c8 IsDialogMessageA
0x4353cc SetWindowPos
0x4353d0 SetFocus
0x4353d4 GetWindowPlacement
0x4353d8 IsIconic
0x4353dc RegisterWindowMessageA
0x4353e0 SetForegroundWindow
0x4353e4 GetForegroundWindow
0x4353e8 GetMessagePos
0x4353ec GetMessageTime
0x4353f0 DefWindowProcA
0x4353f4 RemovePropA
0x4353f8 GetPropA
0x4353fc SetPropA
0x435400 GetClassLongA
0x435404 CreateWindowExA
0x435408 GetMenuItemID
0x43540c GetSubMenu
0x435410 GetMenu
0x435414 RegisterClassA
0x435418 GetClassInfoA
0x43541c WinHelpA
0x435420 GetCapture
0x435424 GetTopWindow
0x435428 CopyRect
0x43542c GetClientRect
0x435430 AdjustWindowRectEx
0x435434 GetSysColor
0x435438 MapWindowPoints
0x43543c LoadIconA
0x435440 LoadCursorA
0x435444 GetSysColorBrush
0x435448 LoadStringA
0x43544c UnregisterClassA
0x435450 PostThreadMessageA
0x435454 DestroyMenu
0x435458 LoadBitmapA
0x43545c GetMenuState
0x435460 ModifyMenuA
0x435464 SetMenuItemBitmaps
0x435468 CheckMenuItem
0x43546c EnableMenuItem
0x435470 GetFocus
0x435474 GetNextDlgTabItem
0x435478 GetActiveWindow
0x43547c GetKeyState
0x435480 CallNextHookEx
0x435484 ValidateRect
0x435488 SetWindowsHookExA
0x43548c GetLastActivePopup
0x435490 IsWindowEnabled
0x435494 EnableWindow
0x435498 SetCursor
0x43549c PostMessageA
0x4354a0 PostQuitMessage
0x4354a4 GetWindow
0x4354a8 PtInRect
0x4354ac GetWindowLongA
0x4354b0 GetWindowTextA
0x4354b4 GetCursorPos
0x4354b8 SetWindowLongA
0x4354bc GetDlgItem
0x4354c0 ShowWindow
0x4354c4 UpdateWindow
0x4354c8 SystemParametersInfoA
0x4354cc GetDC
0x4354d0 ReleaseDC
0x4354d4 IsWindow
0x4354d8 SendMessageA
0x4354dc GetWindowRect
0x4354e0 GetSystemMetrics
0x4354e4 FindWindowExA
0x4354e8 IsWindowVisible
0x4354ec GetWindowThreadProcessId
0x4354f0 GetParent
0x4354f4 GetClassNameA
0x4354f8 GetWindowTextLengthW
0x4354fc GetWindowTextW
0x435500 GetInputState
0x435504 CallWindowProcA
0x435508 MessageBoxA
0x43550c wsprintfA
0x435510 DispatchMessageA
0x435514 TranslateMessage
0x435518 GetMessageA
0x43551c PeekMessageA
GDI32.dll
0x43506c GetClipBox
0x435070 GetObjectA
0x435074 GetStockObject
0x435078 ScaleWindowExtEx
0x43507c SetWindowExtEx
0x435080 ScaleViewportExtEx
0x435084 SetViewportExtEx
0x435088 OffsetViewportOrgEx
0x43508c SetViewportOrgEx
0x435090 SetMapMode
0x435094 SetTextColor
0x435098 SetBkColor
0x43509c RestoreDC
0x4350a0 SaveDC
0x4350a4 CreateBitmap
0x4350a8 GetDeviceCaps
0x4350ac SelectObject
0x4350b0 DeleteDC
0x4350b4 DeleteObject
0x4350b8 PtVisible
0x4350bc RectVisible
0x4350c0 TextOutA
0x4350c4 ExtTextOutA
0x4350c8 Escape
ADVAPI32.dll
0x435000 RegOpenKeyExA
0x435004 RegCreateKeyExA
0x435008 RegSetValueExA
0x43500c RegOpenKeyA
0x435010 RegQueryValueExA
0x435014 RegCloseKey
0x435018 EnumDependentServicesA
0x43501c EnumServicesStatusExA
0x435020 EnumServicesStatusA
0x435024 ChangeServiceConfigA
0x435028 ControlService
0x43502c StartServiceA
0x435030 DeleteService
0x435034 CreateServiceA
0x435038 GetServiceKeyNameA
0x43503c GetServiceDisplayNameA
0x435040 ChangeServiceConfig2A
0x435044 QueryServiceConfig2A
0x435048 QueryServiceConfigA
0x43504c CloseServiceHandle
0x435050 QueryServiceStatus
0x435054 OpenServiceA
0x435058 OpenSCManagerA
0x43505c RegDeleteValueA
SHELL32.dll
0x435374 SHChangeNotify
0x435378 ShellExecuteExW
0x43537c SHGetSpecialFolderPathA
ole32.dll
0x435560 CLSIDFromProgID
0x435564 OleRun
0x435568 CoUninitialize
0x43556c CoCreateInstance
0x435570 CLSIDFromString
0x435574 OleInitialize
0x435578 OleUninitialize
0x43557c CoFreeUnusedLibraries
0x435580 CoRegisterMessageFilter
0x435584 CoRevokeClassObject
0x435588 OleFlushClipboard
0x43558c OleIsCurrentClipboard
0x435590 CoInitialize
WININET.dll
0x435524 HttpQueryInfoA
0x435528 InternetOpenUrlA
0x43552c InternetOpenA
0x435530 InternetReadFile
0x435534 InternetCloseHandle
0x435538 InternetConnectA
0x43553c FtpFindFirstFileA
0x435540 FtpOpenFileA
0x435544 InternetSetFilePointer
0x435548 InternetGetConnectedState
ODBC32.dll
0x4352bc None
0x4352c0 None
0x4352c4 None
0x4352c8 None
0x4352cc None
0x4352d0 None
0x4352d4 None
0x4352d8 None
0x4352dc None
0x4352e0 None
0x4352e4 None
0x4352e8 None
0x4352ec None
0x4352f0 None
0x4352f4 None
0x4352f8 None
0x4352fc None
0x435300 None
0x435304 None
0x435308 None
oledlg.dll
0x435598 None
OLEAUT32.dll
0x435310 SysAllocString
0x435314 VariantCopy
0x435318 RegisterTypeLib
0x43531c LHashValOfNameSys
0x435320 LoadTypeLib
0x435324 VariantChangeType
0x435328 VarR8FromBool
0x43532c VarR8FromCy
0x435330 SysFreeString
0x435334 VariantClear
0x435338 SafeArrayDestroy
0x43533c SafeArrayCreate
0x435340 SystemTimeToVariantTime
0x435344 VariantTimeToSystemTime
0x435348 SafeArrayDestroyDescriptor
0x43534c VariantInit
0x435350 SafeArrayAllocDescriptor
0x435354 SafeArrayAllocData
0x435358 SafeArrayGetDim
0x43535c SafeArrayGetLBound
0x435360 SafeArrayGetUBound
0x435364 SafeArrayAccessData
0x435368 SafeArrayUnaccessData
0x43536c SafeArrayGetElemsize
WINSPOOL.DRV
0x435550 OpenPrinterA
0x435554 ClosePrinter
0x435558 DocumentPropertiesA
COMCTL32.dll
0x435064 None
EAT(Export Address Table) is none