ScreenShot
| Created | 2024.08.04 14:03 | Machine | s1_win7_x6401 |
| Filename | Update.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 49 detected (AIDetectMalware, FlyStudio, Windows, Threat, Malicious, score, Risktool, Artemis, Unsafe, Jaik, Save, Attribute, HighConfidence, TrojanX, Real Protect, high, Detected, ai score=85, OSCF@5rs7jr, Wacatac, 16KAD3H, Eldorado, R651361, ZexaF, Ys0@a0Owlcjj, BScope, R002H0CEV24, Static AI, Malicious PE, Dinwod, frindll, CoinMiner, confidence) | ||
| md5 | 74ab75d72b7032670f1dc2ef43da440a | ||
| sha256 | 4086c7d83c805c3eb49c785b927d587ee501dd70d41db4bd20efabbbee49f6f1 | ||
| ssdeep | 49152:H6BWGwSYAkGqJm6zh0fzxQyye88d3iOnpCcyH69ReTNAxoXBRrt:yFqJ9hOea8PXa8YoXBRrt | ||
| imphash | 0825bffdacc747d8299752b1e706a250 | ||
| impfuzzy | 192:3Js5wu0rlUqT0oATsTzStsO6pc2cncmAHdF6PIOQbb1ALLX1:+mu8FT0t4NafIOQbbyHX1 | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Disables proxy possibly for traffic interception |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4bf174 UnhandledExceptionFilter
0x4bf178 GetACP
0x4bf17c HeapSize
0x4bf180 RaiseException
0x4bf184 GetLocalTime
0x4bf188 GetSystemTime
0x4bf18c GetTimeZoneInformation
0x4bf190 TerminateProcess
0x4bf194 RtlUnwind
0x4bf198 GetStartupInfoA
0x4bf19c GetOEMCP
0x4bf1a0 GetCPInfo
0x4bf1a4 GetProcessVersion
0x4bf1a8 SetErrorMode
0x4bf1ac GlobalFlags
0x4bf1b0 GetCurrentThread
0x4bf1b4 FreeEnvironmentStringsA
0x4bf1b8 GetFileTime
0x4bf1bc GetFileSize
0x4bf1c0 TlsGetValue
0x4bf1c4 LocalReAlloc
0x4bf1c8 TlsSetValue
0x4bf1cc TlsFree
0x4bf1d0 GlobalHandle
0x4bf1d4 TlsAlloc
0x4bf1d8 LocalAlloc
0x4bf1dc lstrcmpA
0x4bf1e0 GetVersion
0x4bf1e4 GlobalGetAtomNameA
0x4bf1e8 GlobalAddAtomA
0x4bf1ec GlobalFindAtomA
0x4bf1f0 GlobalDeleteAtom
0x4bf1f4 lstrcmpiA
0x4bf1f8 GetThreadLocale
0x4bf1fc SetEndOfFile
0x4bf200 UnlockFile
0x4bf204 LockFile
0x4bf208 FlushFileBuffers
0x4bf20c SetFilePointer
0x4bf210 DuplicateHandle
0x4bf214 lstrcpynA
0x4bf218 SetLastError
0x4bf21c FileTimeToLocalFileTime
0x4bf220 FileTimeToSystemTime
0x4bf224 InterlockedDecrement
0x4bf228 InterlockedIncrement
0x4bf22c FreeEnvironmentStringsW
0x4bf230 GetEnvironmentStrings
0x4bf234 GetEnvironmentStringsW
0x4bf238 SetHandleCount
0x4bf23c GetStdHandle
0x4bf240 GetFileType
0x4bf244 GetEnvironmentVariableA
0x4bf248 HeapDestroy
0x4bf24c HeapCreate
0x4bf250 VirtualFree
0x4bf254 SetEnvironmentVariableA
0x4bf258 LCMapStringA
0x4bf25c LCMapStringW
0x4bf260 VirtualAlloc
0x4bf264 IsBadWritePtr
0x4bf268 GetStringTypeA
0x4bf26c GetStringTypeW
0x4bf270 SetUnhandledExceptionFilter
0x4bf274 CompareStringA
0x4bf278 CompareStringW
0x4bf27c IsBadReadPtr
0x4bf280 IsBadCodePtr
0x4bf284 SetStdHandle
0x4bf288 SuspendThread
0x4bf28c ReleaseMutex
0x4bf290 CreateMutexA
0x4bf294 FormatMessageA
0x4bf298 TerminateThread
0x4bf29c LocalFree
0x4bf2a0 GetCurrentProcess
0x4bf2a4 GetTempFileNameA
0x4bf2a8 CreateSemaphoreA
0x4bf2ac ResumeThread
0x4bf2b0 ReleaseSemaphore
0x4bf2b4 EnterCriticalSection
0x4bf2b8 LeaveCriticalSection
0x4bf2bc GetProfileStringA
0x4bf2c0 WriteFile
0x4bf2c4 WaitForMultipleObjects
0x4bf2c8 CreateFileA
0x4bf2cc SetEvent
0x4bf2d0 FindResourceA
0x4bf2d4 LoadResource
0x4bf2d8 LockResource
0x4bf2dc ReadFile
0x4bf2e0 lstrlenW
0x4bf2e4 GetModuleFileNameA
0x4bf2e8 WideCharToMultiByte
0x4bf2ec MultiByteToWideChar
0x4bf2f0 GetCurrentThreadId
0x4bf2f4 ExitProcess
0x4bf2f8 GlobalSize
0x4bf2fc GlobalFree
0x4bf300 DeleteCriticalSection
0x4bf304 InitializeCriticalSection
0x4bf308 lstrcatA
0x4bf30c lstrlenA
0x4bf310 WinExec
0x4bf314 lstrcpyA
0x4bf318 FindNextFileA
0x4bf31c CloseHandle
0x4bf320 GlobalReAlloc
0x4bf324 HeapFree
0x4bf328 HeapReAlloc
0x4bf32c GetProcessHeap
0x4bf330 HeapAlloc
0x4bf334 GetUserDefaultLCID
0x4bf338 GetFullPathNameA
0x4bf33c FreeLibrary
0x4bf340 LoadLibraryA
0x4bf344 GetLastError
0x4bf348 GetVersionExA
0x4bf34c WritePrivateProfileStringA
0x4bf350 CreateThread
0x4bf354 CreateEventA
0x4bf358 Sleep
0x4bf35c GlobalAlloc
0x4bf360 GlobalLock
0x4bf364 GlobalUnlock
0x4bf368 GetTempPathA
0x4bf36c FindFirstFileA
0x4bf370 FindClose
0x4bf374 GetFileAttributesA
0x4bf378 DeleteFileA
0x4bf37c SetCurrentDirectoryA
0x4bf380 GetVolumeInformationA
0x4bf384 GetModuleHandleA
0x4bf388 GetProcAddress
0x4bf38c MulDiv
0x4bf390 SetLocalTime
0x4bf394 GetCommandLineA
0x4bf398 GetTickCount
0x4bf39c CreateProcessA
0x4bf3a0 WaitForSingleObject
USER32.dll
0x4bf420 GetForegroundWindow
0x4bf424 LoadIconA
0x4bf428 TranslateMessage
0x4bf42c DrawFrameControl
0x4bf430 DrawEdge
0x4bf434 DrawFocusRect
0x4bf438 WindowFromPoint
0x4bf43c GetMessageA
0x4bf440 DispatchMessageA
0x4bf444 SetRectEmpty
0x4bf448 RegisterClipboardFormatA
0x4bf44c CreateIconFromResourceEx
0x4bf450 CreateIconFromResource
0x4bf454 DrawIconEx
0x4bf458 CreatePopupMenu
0x4bf45c AppendMenuA
0x4bf460 ModifyMenuA
0x4bf464 CreateMenu
0x4bf468 CreateAcceleratorTableA
0x4bf46c GetDlgCtrlID
0x4bf470 GetSubMenu
0x4bf474 EnableMenuItem
0x4bf478 ClientToScreen
0x4bf47c EnumDisplaySettingsA
0x4bf480 LoadImageA
0x4bf484 SystemParametersInfoA
0x4bf488 ShowWindow
0x4bf48c IsWindowEnabled
0x4bf490 TranslateAcceleratorA
0x4bf494 GetKeyState
0x4bf498 CopyAcceleratorTableA
0x4bf49c PostQuitMessage
0x4bf4a0 IsZoomed
0x4bf4a4 GetClassInfoA
0x4bf4a8 DefWindowProcA
0x4bf4ac GetSystemMenu
0x4bf4b0 DeleteMenu
0x4bf4b4 GetMenu
0x4bf4b8 SetMenu
0x4bf4bc PeekMessageA
0x4bf4c0 IsIconic
0x4bf4c4 SetFocus
0x4bf4c8 GetActiveWindow
0x4bf4cc GetWindow
0x4bf4d0 DestroyAcceleratorTable
0x4bf4d4 SetWindowRgn
0x4bf4d8 GetMessagePos
0x4bf4dc ScreenToClient
0x4bf4e0 ChildWindowFromPointEx
0x4bf4e4 CopyRect
0x4bf4e8 LoadBitmapA
0x4bf4ec WinHelpA
0x4bf4f0 KillTimer
0x4bf4f4 SetTimer
0x4bf4f8 ReleaseCapture
0x4bf4fc GetCapture
0x4bf500 SetCapture
0x4bf504 GetScrollRange
0x4bf508 SetScrollRange
0x4bf50c SetScrollPos
0x4bf510 SetRect
0x4bf514 InflateRect
0x4bf518 IntersectRect
0x4bf51c DestroyIcon
0x4bf520 PtInRect
0x4bf524 UnregisterClassA
0x4bf528 IsWindowVisible
0x4bf52c EnableWindow
0x4bf530 RedrawWindow
0x4bf534 GetWindowLongA
0x4bf538 SetWindowLongA
0x4bf53c GetSysColor
0x4bf540 SetActiveWindow
0x4bf544 SetCursorPos
0x4bf548 LoadCursorA
0x4bf54c SetCursor
0x4bf550 GetDC
0x4bf554 FillRect
0x4bf558 IsRectEmpty
0x4bf55c ReleaseDC
0x4bf560 IsChild
0x4bf564 DestroyMenu
0x4bf568 SetForegroundWindow
0x4bf56c GetWindowRect
0x4bf570 EqualRect
0x4bf574 UpdateWindow
0x4bf578 ValidateRect
0x4bf57c InvalidateRect
0x4bf580 GetClientRect
0x4bf584 GetFocus
0x4bf588 GetParent
0x4bf58c GetTopWindow
0x4bf590 PostMessageA
0x4bf594 IsWindow
0x4bf598 SetParent
0x4bf59c DestroyCursor
0x4bf5a0 SendMessageA
0x4bf5a4 SetWindowPos
0x4bf5a8 MessageBeep
0x4bf5ac MessageBoxA
0x4bf5b0 GetCursorPos
0x4bf5b4 GetSystemMetrics
0x4bf5b8 EmptyClipboard
0x4bf5bc SetClipboardData
0x4bf5c0 GetWindowTextA
0x4bf5c4 GetWindowTextLengthA
0x4bf5c8 CharUpperA
0x4bf5cc GetWindowDC
0x4bf5d0 BeginPaint
0x4bf5d4 EndPaint
0x4bf5d8 TabbedTextOutA
0x4bf5dc DrawTextA
0x4bf5e0 GrayStringA
0x4bf5e4 GetDlgItem
0x4bf5e8 DestroyWindow
0x4bf5ec CreateDialogIndirectParamA
0x4bf5f0 EndDialog
0x4bf5f4 GetNextDlgTabItem
0x4bf5f8 GetWindowPlacement
0x4bf5fc RegisterWindowMessageA
0x4bf600 GetLastActivePopup
0x4bf604 GetMessageTime
0x4bf608 RemovePropA
0x4bf60c CallWindowProcA
0x4bf610 GetPropA
0x4bf614 UnhookWindowsHookEx
0x4bf618 SetPropA
0x4bf61c GetClassLongA
0x4bf620 CallNextHookEx
0x4bf624 SetWindowsHookExA
0x4bf628 CreateWindowExA
0x4bf62c GetMenuItemID
0x4bf630 GetMenuItemCount
0x4bf634 RegisterClassA
0x4bf638 GetScrollPos
0x4bf63c AdjustWindowRectEx
0x4bf640 MapWindowPoints
0x4bf644 SendDlgItemMessageA
0x4bf648 ScrollWindowEx
0x4bf64c IsDialogMessageA
0x4bf650 SetWindowTextA
0x4bf654 MoveWindow
0x4bf658 CheckMenuItem
0x4bf65c SetMenuItemBitmaps
0x4bf660 GetMenuState
0x4bf664 GetMenuCheckMarkDimensions
0x4bf668 GetClassNameA
0x4bf66c GetDesktopWindow
0x4bf670 CharNextA
0x4bf674 SetWindowContextHelpId
0x4bf678 MapDialogRect
0x4bf67c LoadStringA
0x4bf680 GetSysColorBrush
0x4bf684 GetNextDlgGroupItem
0x4bf688 PostThreadMessageA
0x4bf68c OpenClipboard
0x4bf690 GetClipboardData
0x4bf694 CloseClipboard
0x4bf698 wsprintfA
0x4bf69c WaitForInputIdle
0x4bf6a0 OffsetRect
GDI32.dll
0x4bf024 GetMapMode
0x4bf028 GetTextMetricsA
0x4bf02c Escape
0x4bf030 PtVisible
0x4bf034 RectVisible
0x4bf038 TextOutA
0x4bf03c SetTextColor
0x4bf040 GetViewportExtEx
0x4bf044 ExtSelectClipRgn
0x4bf048 SetBkColor
0x4bf04c CreateRectRgnIndirect
0x4bf050 SetStretchBltMode
0x4bf054 GetClipRgn
0x4bf058 CreatePolygonRgn
0x4bf05c SelectClipRgn
0x4bf060 DeleteObject
0x4bf064 CreateDIBitmap
0x4bf068 GetSystemPaletteEntries
0x4bf06c CreatePalette
0x4bf070 StretchBlt
0x4bf074 SelectPalette
0x4bf078 RealizePalette
0x4bf07c GetDIBits
0x4bf080 GetWindowExtEx
0x4bf084 GetViewportOrgEx
0x4bf088 GetWindowOrgEx
0x4bf08c BeginPath
0x4bf090 EndPath
0x4bf094 PathToRegion
0x4bf098 CreateEllipticRgn
0x4bf09c CreateRoundRectRgn
0x4bf0a0 GetTextColor
0x4bf0a4 GetBkMode
0x4bf0a8 GetBkColor
0x4bf0ac GetROP2
0x4bf0b0 GetStretchBltMode
0x4bf0b4 GetPolyFillMode
0x4bf0b8 CreateCompatibleBitmap
0x4bf0bc CreateDCA
0x4bf0c0 CreateBitmap
0x4bf0c4 SelectObject
0x4bf0c8 CreatePen
0x4bf0cc PatBlt
0x4bf0d0 CombineRgn
0x4bf0d4 CreateRectRgn
0x4bf0d8 FillRgn
0x4bf0dc CreateSolidBrush
0x4bf0e0 CreateFontIndirectA
0x4bf0e4 GetStockObject
0x4bf0e8 GetObjectA
0x4bf0ec EndPage
0x4bf0f0 EndDoc
0x4bf0f4 DeleteDC
0x4bf0f8 StartDocA
0x4bf0fc StartPage
0x4bf100 BitBlt
0x4bf104 CreateCompatibleDC
0x4bf108 SetROP2
0x4bf10c SetPolyFillMode
0x4bf110 SetBkMode
0x4bf114 RestoreDC
0x4bf118 SaveDC
0x4bf11c Ellipse
0x4bf120 Rectangle
0x4bf124 LPtoDP
0x4bf128 DPtoLP
0x4bf12c GetCurrentObject
0x4bf130 RoundRect
0x4bf134 GetTextExtentPoint32A
0x4bf138 GetDeviceCaps
0x4bf13c LineTo
0x4bf140 MoveToEx
0x4bf144 ExcludeClipRect
0x4bf148 GetClipBox
0x4bf14c ScaleWindowExtEx
0x4bf150 SetWindowExtEx
0x4bf154 SetWindowOrgEx
0x4bf158 ScaleViewportExtEx
0x4bf15c SetViewportExtEx
0x4bf160 OffsetViewportOrgEx
0x4bf164 SetViewportOrgEx
0x4bf168 SetMapMode
0x4bf16c ExtTextOutA
WINMM.dll
0x4bf6a8 waveOutUnprepareHeader
0x4bf6ac waveOutPrepareHeader
0x4bf6b0 waveOutWrite
0x4bf6b4 waveOutPause
0x4bf6b8 waveOutReset
0x4bf6bc waveOutClose
0x4bf6c0 waveOutGetNumDevs
0x4bf6c4 waveOutOpen
0x4bf6c8 midiOutUnprepareHeader
0x4bf6cc midiStreamOpen
0x4bf6d0 midiStreamProperty
0x4bf6d4 waveOutRestart
0x4bf6d8 midiOutPrepareHeader
0x4bf6dc midiStreamOut
0x4bf6e0 midiStreamStop
0x4bf6e4 midiOutReset
0x4bf6e8 midiStreamClose
0x4bf6ec midiStreamRestart
WINSPOOL.DRV
0x4bf6f4 DocumentPropertiesA
0x4bf6f8 OpenPrinterA
0x4bf6fc ClosePrinter
ADVAPI32.dll
0x4bf000 RegCloseKey
0x4bf004 RegCreateKeyExA
0x4bf008 RegOpenKeyExA
0x4bf00c RegSetValueExA
0x4bf010 RegQueryValueA
SHELL32.dll
0x4bf414 ShellExecuteA
0x4bf418 Shell_NotifyIconA
ole32.dll
0x4bf744 CoGetClassObject
0x4bf748 StgOpenStorageOnILockBytes
0x4bf74c StgCreateDocfileOnILockBytes
0x4bf750 CreateILockBytesOnHGlobal
0x4bf754 CoFreeUnusedLibraries
0x4bf758 CoRegisterMessageFilter
0x4bf75c CoRevokeClassObject
0x4bf760 OleFlushClipboard
0x4bf764 OleIsCurrentClipboard
0x4bf768 CoTaskMemFree
0x4bf76c CoTaskMemAlloc
0x4bf770 CLSIDFromProgID
0x4bf774 OleRun
0x4bf778 CoCreateInstance
0x4bf77c OleUninitialize
0x4bf780 OleInitialize
0x4bf784 CLSIDFromString
OLEAUT32.dll
0x4bf3a8 SysStringLen
0x4bf3ac SysAllocStringLen
0x4bf3b0 VariantCopy
0x4bf3b4 VariantClear
0x4bf3b8 VariantChangeType
0x4bf3bc SafeArrayGetUBound
0x4bf3c0 SafeArrayGetLBound
0x4bf3c4 SafeArrayGetDim
0x4bf3c8 SafeArrayUnaccessData
0x4bf3cc SafeArrayAccessData
0x4bf3d0 SafeArrayGetElement
0x4bf3d4 VariantCopyInd
0x4bf3d8 VariantInit
0x4bf3dc SysAllocString
0x4bf3e0 SafeArrayDestroy
0x4bf3e4 SafeArrayCreate
0x4bf3e8 SafeArrayPutElement
0x4bf3ec RegisterTypeLib
0x4bf3f0 LHashValOfNameSys
0x4bf3f4 LoadTypeLib
0x4bf3f8 OleCreateFontIndirect
0x4bf3fc UnRegisterTypeLib
0x4bf400 SysFreeString
0x4bf404 SafeArrayGetElemsize
0x4bf408 SysAllocStringByteLen
0x4bf40c VariantTimeToSystemTime
COMCTL32.dll
0x4bf018 None
0x4bf01c ImageList_Destroy
oledlg.dll
0x4bf78c None
WS2_32.dll
0x4bf704 closesocket
0x4bf708 WSAAsyncSelect
0x4bf70c inet_ntoa
0x4bf710 ntohl
0x4bf714 accept
0x4bf718 getpeername
0x4bf71c WSACleanup
0x4bf720 recvfrom
0x4bf724 ioctlsocket
0x4bf728 recv
comdlg32.dll
0x4bf730 ChooseColorA
0x4bf734 GetOpenFileNameA
0x4bf738 GetSaveFileNameA
0x4bf73c GetFileTitleA
EAT(Export Address Table) is none
KERNEL32.dll
0x4bf174 UnhandledExceptionFilter
0x4bf178 GetACP
0x4bf17c HeapSize
0x4bf180 RaiseException
0x4bf184 GetLocalTime
0x4bf188 GetSystemTime
0x4bf18c GetTimeZoneInformation
0x4bf190 TerminateProcess
0x4bf194 RtlUnwind
0x4bf198 GetStartupInfoA
0x4bf19c GetOEMCP
0x4bf1a0 GetCPInfo
0x4bf1a4 GetProcessVersion
0x4bf1a8 SetErrorMode
0x4bf1ac GlobalFlags
0x4bf1b0 GetCurrentThread
0x4bf1b4 FreeEnvironmentStringsA
0x4bf1b8 GetFileTime
0x4bf1bc GetFileSize
0x4bf1c0 TlsGetValue
0x4bf1c4 LocalReAlloc
0x4bf1c8 TlsSetValue
0x4bf1cc TlsFree
0x4bf1d0 GlobalHandle
0x4bf1d4 TlsAlloc
0x4bf1d8 LocalAlloc
0x4bf1dc lstrcmpA
0x4bf1e0 GetVersion
0x4bf1e4 GlobalGetAtomNameA
0x4bf1e8 GlobalAddAtomA
0x4bf1ec GlobalFindAtomA
0x4bf1f0 GlobalDeleteAtom
0x4bf1f4 lstrcmpiA
0x4bf1f8 GetThreadLocale
0x4bf1fc SetEndOfFile
0x4bf200 UnlockFile
0x4bf204 LockFile
0x4bf208 FlushFileBuffers
0x4bf20c SetFilePointer
0x4bf210 DuplicateHandle
0x4bf214 lstrcpynA
0x4bf218 SetLastError
0x4bf21c FileTimeToLocalFileTime
0x4bf220 FileTimeToSystemTime
0x4bf224 InterlockedDecrement
0x4bf228 InterlockedIncrement
0x4bf22c FreeEnvironmentStringsW
0x4bf230 GetEnvironmentStrings
0x4bf234 GetEnvironmentStringsW
0x4bf238 SetHandleCount
0x4bf23c GetStdHandle
0x4bf240 GetFileType
0x4bf244 GetEnvironmentVariableA
0x4bf248 HeapDestroy
0x4bf24c HeapCreate
0x4bf250 VirtualFree
0x4bf254 SetEnvironmentVariableA
0x4bf258 LCMapStringA
0x4bf25c LCMapStringW
0x4bf260 VirtualAlloc
0x4bf264 IsBadWritePtr
0x4bf268 GetStringTypeA
0x4bf26c GetStringTypeW
0x4bf270 SetUnhandledExceptionFilter
0x4bf274 CompareStringA
0x4bf278 CompareStringW
0x4bf27c IsBadReadPtr
0x4bf280 IsBadCodePtr
0x4bf284 SetStdHandle
0x4bf288 SuspendThread
0x4bf28c ReleaseMutex
0x4bf290 CreateMutexA
0x4bf294 FormatMessageA
0x4bf298 TerminateThread
0x4bf29c LocalFree
0x4bf2a0 GetCurrentProcess
0x4bf2a4 GetTempFileNameA
0x4bf2a8 CreateSemaphoreA
0x4bf2ac ResumeThread
0x4bf2b0 ReleaseSemaphore
0x4bf2b4 EnterCriticalSection
0x4bf2b8 LeaveCriticalSection
0x4bf2bc GetProfileStringA
0x4bf2c0 WriteFile
0x4bf2c4 WaitForMultipleObjects
0x4bf2c8 CreateFileA
0x4bf2cc SetEvent
0x4bf2d0 FindResourceA
0x4bf2d4 LoadResource
0x4bf2d8 LockResource
0x4bf2dc ReadFile
0x4bf2e0 lstrlenW
0x4bf2e4 GetModuleFileNameA
0x4bf2e8 WideCharToMultiByte
0x4bf2ec MultiByteToWideChar
0x4bf2f0 GetCurrentThreadId
0x4bf2f4 ExitProcess
0x4bf2f8 GlobalSize
0x4bf2fc GlobalFree
0x4bf300 DeleteCriticalSection
0x4bf304 InitializeCriticalSection
0x4bf308 lstrcatA
0x4bf30c lstrlenA
0x4bf310 WinExec
0x4bf314 lstrcpyA
0x4bf318 FindNextFileA
0x4bf31c CloseHandle
0x4bf320 GlobalReAlloc
0x4bf324 HeapFree
0x4bf328 HeapReAlloc
0x4bf32c GetProcessHeap
0x4bf330 HeapAlloc
0x4bf334 GetUserDefaultLCID
0x4bf338 GetFullPathNameA
0x4bf33c FreeLibrary
0x4bf340 LoadLibraryA
0x4bf344 GetLastError
0x4bf348 GetVersionExA
0x4bf34c WritePrivateProfileStringA
0x4bf350 CreateThread
0x4bf354 CreateEventA
0x4bf358 Sleep
0x4bf35c GlobalAlloc
0x4bf360 GlobalLock
0x4bf364 GlobalUnlock
0x4bf368 GetTempPathA
0x4bf36c FindFirstFileA
0x4bf370 FindClose
0x4bf374 GetFileAttributesA
0x4bf378 DeleteFileA
0x4bf37c SetCurrentDirectoryA
0x4bf380 GetVolumeInformationA
0x4bf384 GetModuleHandleA
0x4bf388 GetProcAddress
0x4bf38c MulDiv
0x4bf390 SetLocalTime
0x4bf394 GetCommandLineA
0x4bf398 GetTickCount
0x4bf39c CreateProcessA
0x4bf3a0 WaitForSingleObject
USER32.dll
0x4bf420 GetForegroundWindow
0x4bf424 LoadIconA
0x4bf428 TranslateMessage
0x4bf42c DrawFrameControl
0x4bf430 DrawEdge
0x4bf434 DrawFocusRect
0x4bf438 WindowFromPoint
0x4bf43c GetMessageA
0x4bf440 DispatchMessageA
0x4bf444 SetRectEmpty
0x4bf448 RegisterClipboardFormatA
0x4bf44c CreateIconFromResourceEx
0x4bf450 CreateIconFromResource
0x4bf454 DrawIconEx
0x4bf458 CreatePopupMenu
0x4bf45c AppendMenuA
0x4bf460 ModifyMenuA
0x4bf464 CreateMenu
0x4bf468 CreateAcceleratorTableA
0x4bf46c GetDlgCtrlID
0x4bf470 GetSubMenu
0x4bf474 EnableMenuItem
0x4bf478 ClientToScreen
0x4bf47c EnumDisplaySettingsA
0x4bf480 LoadImageA
0x4bf484 SystemParametersInfoA
0x4bf488 ShowWindow
0x4bf48c IsWindowEnabled
0x4bf490 TranslateAcceleratorA
0x4bf494 GetKeyState
0x4bf498 CopyAcceleratorTableA
0x4bf49c PostQuitMessage
0x4bf4a0 IsZoomed
0x4bf4a4 GetClassInfoA
0x4bf4a8 DefWindowProcA
0x4bf4ac GetSystemMenu
0x4bf4b0 DeleteMenu
0x4bf4b4 GetMenu
0x4bf4b8 SetMenu
0x4bf4bc PeekMessageA
0x4bf4c0 IsIconic
0x4bf4c4 SetFocus
0x4bf4c8 GetActiveWindow
0x4bf4cc GetWindow
0x4bf4d0 DestroyAcceleratorTable
0x4bf4d4 SetWindowRgn
0x4bf4d8 GetMessagePos
0x4bf4dc ScreenToClient
0x4bf4e0 ChildWindowFromPointEx
0x4bf4e4 CopyRect
0x4bf4e8 LoadBitmapA
0x4bf4ec WinHelpA
0x4bf4f0 KillTimer
0x4bf4f4 SetTimer
0x4bf4f8 ReleaseCapture
0x4bf4fc GetCapture
0x4bf500 SetCapture
0x4bf504 GetScrollRange
0x4bf508 SetScrollRange
0x4bf50c SetScrollPos
0x4bf510 SetRect
0x4bf514 InflateRect
0x4bf518 IntersectRect
0x4bf51c DestroyIcon
0x4bf520 PtInRect
0x4bf524 UnregisterClassA
0x4bf528 IsWindowVisible
0x4bf52c EnableWindow
0x4bf530 RedrawWindow
0x4bf534 GetWindowLongA
0x4bf538 SetWindowLongA
0x4bf53c GetSysColor
0x4bf540 SetActiveWindow
0x4bf544 SetCursorPos
0x4bf548 LoadCursorA
0x4bf54c SetCursor
0x4bf550 GetDC
0x4bf554 FillRect
0x4bf558 IsRectEmpty
0x4bf55c ReleaseDC
0x4bf560 IsChild
0x4bf564 DestroyMenu
0x4bf568 SetForegroundWindow
0x4bf56c GetWindowRect
0x4bf570 EqualRect
0x4bf574 UpdateWindow
0x4bf578 ValidateRect
0x4bf57c InvalidateRect
0x4bf580 GetClientRect
0x4bf584 GetFocus
0x4bf588 GetParent
0x4bf58c GetTopWindow
0x4bf590 PostMessageA
0x4bf594 IsWindow
0x4bf598 SetParent
0x4bf59c DestroyCursor
0x4bf5a0 SendMessageA
0x4bf5a4 SetWindowPos
0x4bf5a8 MessageBeep
0x4bf5ac MessageBoxA
0x4bf5b0 GetCursorPos
0x4bf5b4 GetSystemMetrics
0x4bf5b8 EmptyClipboard
0x4bf5bc SetClipboardData
0x4bf5c0 GetWindowTextA
0x4bf5c4 GetWindowTextLengthA
0x4bf5c8 CharUpperA
0x4bf5cc GetWindowDC
0x4bf5d0 BeginPaint
0x4bf5d4 EndPaint
0x4bf5d8 TabbedTextOutA
0x4bf5dc DrawTextA
0x4bf5e0 GrayStringA
0x4bf5e4 GetDlgItem
0x4bf5e8 DestroyWindow
0x4bf5ec CreateDialogIndirectParamA
0x4bf5f0 EndDialog
0x4bf5f4 GetNextDlgTabItem
0x4bf5f8 GetWindowPlacement
0x4bf5fc RegisterWindowMessageA
0x4bf600 GetLastActivePopup
0x4bf604 GetMessageTime
0x4bf608 RemovePropA
0x4bf60c CallWindowProcA
0x4bf610 GetPropA
0x4bf614 UnhookWindowsHookEx
0x4bf618 SetPropA
0x4bf61c GetClassLongA
0x4bf620 CallNextHookEx
0x4bf624 SetWindowsHookExA
0x4bf628 CreateWindowExA
0x4bf62c GetMenuItemID
0x4bf630 GetMenuItemCount
0x4bf634 RegisterClassA
0x4bf638 GetScrollPos
0x4bf63c AdjustWindowRectEx
0x4bf640 MapWindowPoints
0x4bf644 SendDlgItemMessageA
0x4bf648 ScrollWindowEx
0x4bf64c IsDialogMessageA
0x4bf650 SetWindowTextA
0x4bf654 MoveWindow
0x4bf658 CheckMenuItem
0x4bf65c SetMenuItemBitmaps
0x4bf660 GetMenuState
0x4bf664 GetMenuCheckMarkDimensions
0x4bf668 GetClassNameA
0x4bf66c GetDesktopWindow
0x4bf670 CharNextA
0x4bf674 SetWindowContextHelpId
0x4bf678 MapDialogRect
0x4bf67c LoadStringA
0x4bf680 GetSysColorBrush
0x4bf684 GetNextDlgGroupItem
0x4bf688 PostThreadMessageA
0x4bf68c OpenClipboard
0x4bf690 GetClipboardData
0x4bf694 CloseClipboard
0x4bf698 wsprintfA
0x4bf69c WaitForInputIdle
0x4bf6a0 OffsetRect
GDI32.dll
0x4bf024 GetMapMode
0x4bf028 GetTextMetricsA
0x4bf02c Escape
0x4bf030 PtVisible
0x4bf034 RectVisible
0x4bf038 TextOutA
0x4bf03c SetTextColor
0x4bf040 GetViewportExtEx
0x4bf044 ExtSelectClipRgn
0x4bf048 SetBkColor
0x4bf04c CreateRectRgnIndirect
0x4bf050 SetStretchBltMode
0x4bf054 GetClipRgn
0x4bf058 CreatePolygonRgn
0x4bf05c SelectClipRgn
0x4bf060 DeleteObject
0x4bf064 CreateDIBitmap
0x4bf068 GetSystemPaletteEntries
0x4bf06c CreatePalette
0x4bf070 StretchBlt
0x4bf074 SelectPalette
0x4bf078 RealizePalette
0x4bf07c GetDIBits
0x4bf080 GetWindowExtEx
0x4bf084 GetViewportOrgEx
0x4bf088 GetWindowOrgEx
0x4bf08c BeginPath
0x4bf090 EndPath
0x4bf094 PathToRegion
0x4bf098 CreateEllipticRgn
0x4bf09c CreateRoundRectRgn
0x4bf0a0 GetTextColor
0x4bf0a4 GetBkMode
0x4bf0a8 GetBkColor
0x4bf0ac GetROP2
0x4bf0b0 GetStretchBltMode
0x4bf0b4 GetPolyFillMode
0x4bf0b8 CreateCompatibleBitmap
0x4bf0bc CreateDCA
0x4bf0c0 CreateBitmap
0x4bf0c4 SelectObject
0x4bf0c8 CreatePen
0x4bf0cc PatBlt
0x4bf0d0 CombineRgn
0x4bf0d4 CreateRectRgn
0x4bf0d8 FillRgn
0x4bf0dc CreateSolidBrush
0x4bf0e0 CreateFontIndirectA
0x4bf0e4 GetStockObject
0x4bf0e8 GetObjectA
0x4bf0ec EndPage
0x4bf0f0 EndDoc
0x4bf0f4 DeleteDC
0x4bf0f8 StartDocA
0x4bf0fc StartPage
0x4bf100 BitBlt
0x4bf104 CreateCompatibleDC
0x4bf108 SetROP2
0x4bf10c SetPolyFillMode
0x4bf110 SetBkMode
0x4bf114 RestoreDC
0x4bf118 SaveDC
0x4bf11c Ellipse
0x4bf120 Rectangle
0x4bf124 LPtoDP
0x4bf128 DPtoLP
0x4bf12c GetCurrentObject
0x4bf130 RoundRect
0x4bf134 GetTextExtentPoint32A
0x4bf138 GetDeviceCaps
0x4bf13c LineTo
0x4bf140 MoveToEx
0x4bf144 ExcludeClipRect
0x4bf148 GetClipBox
0x4bf14c ScaleWindowExtEx
0x4bf150 SetWindowExtEx
0x4bf154 SetWindowOrgEx
0x4bf158 ScaleViewportExtEx
0x4bf15c SetViewportExtEx
0x4bf160 OffsetViewportOrgEx
0x4bf164 SetViewportOrgEx
0x4bf168 SetMapMode
0x4bf16c ExtTextOutA
WINMM.dll
0x4bf6a8 waveOutUnprepareHeader
0x4bf6ac waveOutPrepareHeader
0x4bf6b0 waveOutWrite
0x4bf6b4 waveOutPause
0x4bf6b8 waveOutReset
0x4bf6bc waveOutClose
0x4bf6c0 waveOutGetNumDevs
0x4bf6c4 waveOutOpen
0x4bf6c8 midiOutUnprepareHeader
0x4bf6cc midiStreamOpen
0x4bf6d0 midiStreamProperty
0x4bf6d4 waveOutRestart
0x4bf6d8 midiOutPrepareHeader
0x4bf6dc midiStreamOut
0x4bf6e0 midiStreamStop
0x4bf6e4 midiOutReset
0x4bf6e8 midiStreamClose
0x4bf6ec midiStreamRestart
WINSPOOL.DRV
0x4bf6f4 DocumentPropertiesA
0x4bf6f8 OpenPrinterA
0x4bf6fc ClosePrinter
ADVAPI32.dll
0x4bf000 RegCloseKey
0x4bf004 RegCreateKeyExA
0x4bf008 RegOpenKeyExA
0x4bf00c RegSetValueExA
0x4bf010 RegQueryValueA
SHELL32.dll
0x4bf414 ShellExecuteA
0x4bf418 Shell_NotifyIconA
ole32.dll
0x4bf744 CoGetClassObject
0x4bf748 StgOpenStorageOnILockBytes
0x4bf74c StgCreateDocfileOnILockBytes
0x4bf750 CreateILockBytesOnHGlobal
0x4bf754 CoFreeUnusedLibraries
0x4bf758 CoRegisterMessageFilter
0x4bf75c CoRevokeClassObject
0x4bf760 OleFlushClipboard
0x4bf764 OleIsCurrentClipboard
0x4bf768 CoTaskMemFree
0x4bf76c CoTaskMemAlloc
0x4bf770 CLSIDFromProgID
0x4bf774 OleRun
0x4bf778 CoCreateInstance
0x4bf77c OleUninitialize
0x4bf780 OleInitialize
0x4bf784 CLSIDFromString
OLEAUT32.dll
0x4bf3a8 SysStringLen
0x4bf3ac SysAllocStringLen
0x4bf3b0 VariantCopy
0x4bf3b4 VariantClear
0x4bf3b8 VariantChangeType
0x4bf3bc SafeArrayGetUBound
0x4bf3c0 SafeArrayGetLBound
0x4bf3c4 SafeArrayGetDim
0x4bf3c8 SafeArrayUnaccessData
0x4bf3cc SafeArrayAccessData
0x4bf3d0 SafeArrayGetElement
0x4bf3d4 VariantCopyInd
0x4bf3d8 VariantInit
0x4bf3dc SysAllocString
0x4bf3e0 SafeArrayDestroy
0x4bf3e4 SafeArrayCreate
0x4bf3e8 SafeArrayPutElement
0x4bf3ec RegisterTypeLib
0x4bf3f0 LHashValOfNameSys
0x4bf3f4 LoadTypeLib
0x4bf3f8 OleCreateFontIndirect
0x4bf3fc UnRegisterTypeLib
0x4bf400 SysFreeString
0x4bf404 SafeArrayGetElemsize
0x4bf408 SysAllocStringByteLen
0x4bf40c VariantTimeToSystemTime
COMCTL32.dll
0x4bf018 None
0x4bf01c ImageList_Destroy
oledlg.dll
0x4bf78c None
WS2_32.dll
0x4bf704 closesocket
0x4bf708 WSAAsyncSelect
0x4bf70c inet_ntoa
0x4bf710 ntohl
0x4bf714 accept
0x4bf718 getpeername
0x4bf71c WSACleanup
0x4bf720 recvfrom
0x4bf724 ioctlsocket
0x4bf728 recv
comdlg32.dll
0x4bf730 ChooseColorA
0x4bf734 GetOpenFileNameA
0x4bf738 GetSaveFileNameA
0x4bf73c GetFileTitleA
EAT(Export Address Table) is none