ScreenShot
| Created | 2024.08.21 13:47 | Machine | s1_win7_x6403 |
| Filename | klds.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 5 detected (malicious, high confidence, FileRepMalware, Misc, Detected, Krypt) | ||
| md5 | 06f3cde26cf65abbf65884e0ea52a40c | ||
| sha256 | 1da6cf11dc5952f53b697380e0aa27e25b6d5d99f0552f8f78266ffb79165fd8 | ||
| ssdeep | 49152:mLAYjlqi+D79RIgTsFRlY2k8Y/3eQpusGpBd4H2LK6ZBOtTSoiIPwz2N2LFiE/Q7:qAYjci+f9RIo8o5 | ||
| imphash | 0f08412a5b4dc131ee2e0bde633c65e0 | ||
| impfuzzy | 192:NH5+oSvoJf24NNLZM93/I27eCUONhz4UK:NIoSvoJJ1M93iON0 | ||
Network IP location
Signature (29cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Creates a suspicious Powershell process |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Executes one or more WMI queries |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_XWorm_3_M_Zero | Win XWorm V3.1 | memory |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | RAT_WebCam | Remote Administration toolkit using webcam | memory |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | KeyLogger | Run a KeyLogger | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
Suricata ids
ET HUNTING Telegram API Domain in DNS Lookup
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x502174 CreateDirectoryW
0x502178 GetCurrentProcessId
0x50217c GetExitCodeThread
0x502180 SetEvent
0x502184 CreateEventW
0x502188 SetLastError
0x50218c LoadLibraryW
0x502190 FreeLibrary
0x502194 lstrlenW
0x502198 GetVersionExW
0x50219c CreateFileA
0x5021a0 SetStdHandle
0x5021a4 WriteConsoleW
0x5021a8 WriteConsoleA
0x5021ac GetModuleHandleA
0x5021b0 InitializeCriticalSectionAndSpinCount
0x5021b4 GetStringTypeA
0x5021b8 IsValidLocale
0x5021bc EnumSystemLocalesA
0x5021c0 GetUserDefaultLCID
0x5021c4 GetConsoleMode
0x5021c8 GetConsoleCP
0x5021cc GetTickCount
0x5021d0 QueryPerformanceCounter
0x5021d4 GetStartupInfoA
0x5021d8 GetFileType
0x5021dc SetHandleCount
0x5021e0 GetEnvironmentStringsW
0x5021e4 FreeEnvironmentStringsW
0x5021e8 GetDiskFreeSpaceExW
0x5021ec IsValidCodePage
0x5021f0 GetOEMCP
0x5021f4 GetACP
0x5021f8 HeapCreate
0x5021fc LCMapStringW
0x502200 LCMapStringA
0x502204 GetCPInfo
0x502208 RtlUnwind
0x50220c ExitProcess
0x502210 lstrcmpiW
0x502214 TlsSetValue
0x502218 TlsAlloc
0x50221c TlsGetValue
0x502220 GetShortPathNameW
0x502224 GetSystemTimeAsFileTime
0x502228 IsDebuggerPresent
0x50222c UnhandledExceptionFilter
0x502230 TerminateProcess
0x502234 HeapSize
0x502238 HeapReAlloc
0x50223c HeapDestroy
0x502240 VirtualAlloc
0x502244 VirtualFree
0x502248 IsProcessorFeaturePresent
0x50224c HeapAlloc
0x502250 GetProcessHeap
0x502254 HeapFree
0x502258 InterlockedCompareExchange
0x50225c PeekNamedPipe
0x502260 OpenEventW
0x502264 SearchPathW
0x502268 GetLocaleInfoA
0x50226c GetStringTypeW
0x502270 ConnectNamedPipe
0x502274 CreateNamedPipeW
0x502278 ResetEvent
0x50227c MoveFileW
0x502280 TerminateThread
0x502284 GetSystemDirectoryW
0x502288 GetLocalTime
0x50228c OutputDebugStringW
0x502290 GetVersion
0x502294 Process32NextW
0x502298 Process32FirstW
0x50229c CreateToolhelp32Snapshot
0x5022a0 GetWindowsDirectoryW
0x5022a4 GetUserDefaultLangID
0x5022a8 GetSystemDefaultLangID
0x5022ac GetDriveTypeW
0x5022b0 CompareStringW
0x5022b4 InterlockedDecrement
0x5022b8 InterlockedIncrement
0x5022bc GetModuleFileNameW
0x5022c0 GlobalUnlock
0x5022c4 GlobalLock
0x5022c8 GlobalAlloc
0x5022cc lstrcmpW
0x5022d0 GetFileSize
0x5022d4 ReadFile
0x5022d8 GlobalFree
0x5022dc GetTempPathW
0x5022e0 GetSystemTime
0x5022e4 GetTempFileNameW
0x5022e8 DeleteFileW
0x5022ec FindFirstFileW
0x5022f0 RemoveDirectoryW
0x5022f4 FindNextFileW
0x5022f8 GetLogicalDriveStringsW
0x5022fc GetFileAttributesW
0x502300 SetFileAttributesW
0x502304 CopyFileW
0x502308 FindClose
0x50230c MultiByteToWideChar
0x502310 LoadLibraryExW
0x502314 WideCharToMultiByte
0x502318 InterlockedExchange
0x50231c GetSystemInfo
0x502320 TlsFree
0x502324 WaitForMultipleObjects
0x502328 Sleep
0x50232c GetLastError
0x502330 GetCurrentThreadId
0x502334 WaitForSingleObject
0x502338 MulDiv
0x50233c lstrcpynW
0x502340 FindResourceExW
0x502344 FindResourceW
0x502348 LoadResource
0x50234c LockResource
0x502350 SizeofResource
0x502354 GetLocaleInfoW
0x502358 EnumResourceLanguagesW
0x50235c SetEndOfFile
0x502360 SetCurrentDirectoryW
0x502364 GetCommandLineW
0x502368 UnlockFile
0x50236c LockFile
0x502370 GetExitCodeProcess
0x502374 CreateProcessW
0x502378 DuplicateHandle
0x50237c GetModuleFileNameA
0x502380 FlushFileBuffers
0x502384 SetFilePointer
0x502388 GetConsoleOutputCP
0x50238c LeaveCriticalSection
0x502390 GetConsoleScreenBufferInfo
0x502394 GetStdHandle
0x502398 SetConsoleTextAttribute
0x50239c GetFullPathNameW
0x5023a0 GetCurrentThread
0x5023a4 InitializeCriticalSection
0x5023a8 EnterCriticalSection
0x5023ac DeleteCriticalSection
0x5023b0 GetModuleHandleW
0x5023b4 GetProcAddress
0x5023b8 RaiseException
0x5023bc FlushInstructionCache
0x5023c0 GetCurrentProcess
0x5023c4 CloseHandle
0x5023c8 WriteFile
0x5023cc CreateFileW
0x5023d0 LoadLibraryA
0x5023d4 GetStartupInfoW
0x5023d8 LocalAlloc
0x5023dc GetEnvironmentVariableW
0x5023e0 FormatMessageW
0x5023e4 CreateThread
0x5023e8 SetUnhandledExceptionFilter
0x5023ec LocalFree
USER32.dll
0x502490 MapWindowPoints
0x502494 GetParent
0x502498 DefWindowProcW
0x50249c SendMessageW
0x5024a0 GetWindowTextW
0x5024a4 GetWindowTextLengthW
0x5024a8 FillRect
0x5024ac IsWindow
0x5024b0 ShowWindow
0x5024b4 GetClientRect
0x5024b8 UnionRect
0x5024bc IsWindowVisible
0x5024c0 BeginPaint
0x5024c4 EndPaint
0x5024c8 ScreenToClient
0x5024cc SetWindowPos
0x5024d0 GetWindowDC
0x5024d4 LookupIconIdFromDirectoryEx
0x5024d8 GetWindowLongW
0x5024dc GetWindowRect
0x5024e0 CallWindowProcW
0x5024e4 SetWindowLongW
0x5024e8 GetWindow
0x5024ec DrawFrameControl
0x5024f0 RegisterWindowMessageW
0x5024f4 InvalidateRgn
0x5024f8 GetDesktopWindow
0x5024fc GetKeyState
0x502500 DrawStateW
0x502504 DrawTextExW
0x502508 DrawFocusRect
0x50250c ValidateRect
0x502510 DestroyMenu
0x502514 AppendMenuW
0x502518 CreatePopupMenu
0x50251c TrackPopupMenu
0x502520 InflateRect
0x502524 LoadBitmapW
0x502528 MessageBeep
0x50252c LoadImageW
0x502530 CharNextW
0x502534 GetClassNameW
0x502538 ReleaseCapture
0x50253c SetCapture
0x502540 UpdateWindow
0x502544 DestroyIcon
0x502548 GetDlgCtrlID
0x50254c GetCapture
0x502550 SetScrollInfo
0x502554 GetScrollPos
0x502558 GetClassInfoExW
0x50255c RegisterClassExW
0x502560 DrawEdge
0x502564 SetScrollPos
0x502568 SetRect
0x50256c MoveWindow
0x502570 GetScrollInfo
0x502574 GetMessagePos
0x502578 SystemParametersInfoW
0x50257c GetActiveWindow
0x502580 TrackMouseEvent
0x502584 GetAsyncKeyState
0x502588 DestroyCursor
0x50258c GetWindowRgn
0x502590 IsZoomed
0x502594 SetWindowRgn
0x502598 GetComboBoxInfo
0x50259c DestroyAcceleratorTable
0x5025a0 CreateAcceleratorTableW
0x5025a4 TranslateAcceleratorW
0x5025a8 CreateDialogParamW
0x5025ac EndDialog
0x5025b0 DialogBoxParamW
0x5025b4 InvalidateRect
0x5025b8 GetNextDlgTabItem
0x5025bc SetCursor
0x5025c0 MonitorFromWindow
0x5025c4 GetMonitorInfoW
0x5025c8 IsDialogMessageW
0x5025cc IsChild
0x5025d0 PostQuitMessage
0x5025d4 PostMessageW
0x5025d8 SetForegroundWindow
0x5025dc SetCursorPos
0x5025e0 GetCursorPos
0x5025e4 PeekMessageW
0x5025e8 GetMessageW
0x5025ec TranslateMessage
0x5025f0 DispatchMessageW
0x5025f4 LoadCursorW
0x5025f8 LoadStringW
0x5025fc MessageBoxW
0x502600 GetFocus
0x502604 EnableWindow
0x502608 DestroyWindow
0x50260c GetForegroundWindow
0x502610 EnumWindows
0x502614 GetWindowThreadProcessId
0x502618 DialogBoxIndirectParamW
0x50261c MsgWaitForMultipleObjects
0x502620 GetPropW
0x502624 GetSystemMenu
0x502628 EnableMenuItem
0x50262c ModifyMenuW
0x502630 FindWindowW
0x502634 ExitWindowsEx
0x502638 GetScrollRange
0x50263c SetPropW
0x502640 RemovePropW
0x502644 LoadMenuW
0x502648 GetSubMenu
0x50264c OpenClipboard
0x502650 CloseClipboard
0x502654 EmptyClipboard
0x502658 SetClipboardData
0x50265c GetIconInfo
0x502660 SendMessageTimeoutW
0x502664 UnregisterClassA
0x502668 DrawTextW
0x50266c DrawIconEx
0x502670 GetSystemMetrics
0x502674 ClientToScreen
0x502678 OffsetRect
0x50267c SetRectEmpty
0x502680 PtInRect
0x502684 GetSysColorBrush
0x502688 IntersectRect
0x50268c IsRectEmpty
0x502690 SendMessageA
0x502694 IsWindowEnabled
0x502698 CopyRect
0x50269c RedrawWindow
0x5026a0 SetFocus
0x5026a4 GetSysColor
0x5026a8 CreateWindowExW
0x5026ac GetDlgItem
0x5026b0 SetWindowTextW
0x5026b4 EqualRect
0x5026b8 SetTimer
0x5026bc KillTimer
0x5026c0 GetDC
0x5026c4 ReleaseDC
0x5026c8 CreateIconFromResourceEx
GDI32.dll
0x5020e4 GetLayout
0x5020e8 GetBrushOrgEx
0x5020ec CreateFontIndirectW
0x5020f0 CreateSolidBrush
0x5020f4 GetRgnBox
0x5020f8 EqualRgn
0x5020fc CreatePolygonRgn
0x502100 CreateRectRgnIndirect
0x502104 GetStockObject
0x502108 CreateFontW
0x50210c SetBkMode
0x502110 SetTextColor
0x502114 SetBrushOrgEx
0x502118 CreatePatternBrush
0x50211c FillRgn
0x502120 SelectClipRgn
0x502124 GetBitmapBits
0x502128 CreateRectRgn
0x50212c GetObjectW
0x502130 GetDeviceCaps
0x502134 Rectangle
0x502138 ExcludeClipRect
0x50213c CreatePen
0x502140 ExtTextOutW
0x502144 SetBkColor
0x502148 BitBlt
0x50214c SetViewportOrgEx
0x502150 CreateCompatibleBitmap
0x502154 CreateCompatibleDC
0x502158 DeleteObject
0x50215c SelectObject
0x502160 DeleteDC
0x502164 CreateDIBSection
0x502168 CreateBitmapIndirect
0x50216c CombineRgn
ADVAPI32.dll
0x502000 RegOpenKeyW
0x502004 LookupPrivilegeValueW
0x502008 LookupAccountSidW
0x50200c SetSecurityDescriptorDacl
0x502010 InitializeSecurityDescriptor
0x502014 SetEntriesInAclW
0x502018 GetSecurityDescriptorDacl
0x50201c StartServiceW
0x502020 QueryServiceStatus
0x502024 OpenServiceW
0x502028 RegDeleteValueA
0x50202c RegQueryValueExA
0x502030 RegOpenKeyA
0x502034 RegDeleteValueW
0x502038 RegCreateKeyExW
0x50203c RegSetValueExW
0x502040 RegEnumKeyExW
0x502044 RegQueryInfoKeyW
0x502048 RegDeleteKeyW
0x50204c RegQueryValueExW
0x502050 RegOpenKeyExW
0x502054 RegCloseKey
0x502058 RegSetValueExA
0x50205c OpenSCManagerW
0x502060 LockServiceDatabase
0x502064 UnlockServiceDatabase
0x502068 CloseServiceHandle
0x50206c RegOpenKeyExA
0x502070 RegEnumValueA
0x502074 AdjustTokenPrivileges
0x502078 RegCreateKeyW
0x50207c OpenProcessToken
0x502080 GetTokenInformation
0x502084 AllocateAndInitializeSid
0x502088 EqualSid
0x50208c FreeSid
0x502090 GetUserNameW
0x502094 RegDeleteKeyA
0x502098 RegCreateKeyA
SHELL32.dll
0x502450 ShellExecuteW
0x502454 SHGetFolderPathW
0x502458 SHBrowseForFolderW
0x50245c SHGetPathFromIDListW
0x502460 SHGetMalloc
0x502464 SHGetFileInfoW
0x502468 SHGetSpecialFolderLocation
0x50246c ShellExecuteExW
ole32.dll
0x502704 CoTaskMemRealloc
0x502708 CoTaskMemFree
0x50270c CoInitialize
0x502710 OleInitialize
0x502714 CLSIDFromProgID
0x502718 CoGetClassObject
0x50271c CoCreateInstance
0x502720 CreateStreamOnHGlobal
0x502724 OleLockRunning
0x502728 StringFromGUID2
0x50272c CoTaskMemAlloc
0x502730 OleUninitialize
0x502734 CoUninitialize
0x502738 CoCreateGuid
0x50273c CreateILockBytesOnHGlobal
0x502740 StgCreateDocfileOnILockBytes
0x502744 CoInitializeEx
0x502748 CLSIDFromString
OLEAUT32.dll
0x502410 VarUI4FromStr
0x502414 VarDateFromStr
0x502418 OleLoadPicture
0x50241c SysStringByteLen
0x502420 SysAllocStringByteLen
0x502424 SysAllocStringLen
0x502428 LoadTypeLib
0x50242c LoadRegTypeLib
0x502430 SysStringLen
0x502434 OleCreateFontIndirect
0x502438 VariantCopy
0x50243c VariantInit
0x502440 VariantClear
0x502444 SysAllocString
0x502448 SysFreeString
dbghelp.dll
0x5026e0 SymGetLineFromAddr
0x5026e4 SymSetSearchPath
0x5026e8 SymCleanup
0x5026ec SymInitialize
0x5026f0 SymSetOptions
0x5026f4 SymFunctionTableAccess
0x5026f8 StackWalk
0x5026fc SymGetModuleBase
SHLWAPI.dll
0x502474 PathIsDirectoryW
0x502478 PathFileExistsW
0x50247c PathIsUNCW
0x502480 PathAddBackslashW
COMCTL32.dll
0x5020a0 ImageList_Create
0x5020a4 CreatePropertySheetPageW
0x5020a8 PropertySheetW
0x5020ac DestroyPropertySheetPage
0x5020b0 InitCommonControlsEx
0x5020b4 ImageList_LoadImageW
0x5020b8 ImageList_GetIcon
0x5020bc ImageList_AddMasked
0x5020c0 ImageList_SetBkColor
0x5020c4 _TrackMouseEvent
0x5020c8 ImageList_Add
0x5020cc ImageList_ReplaceIcon
0x5020d0 ImageList_Destroy
MSIMG32.dll
0x5023f4 TransparentBlt
0x5023f8 AlphaBlend
VERSION.dll
0x5026d0 GetFileVersionInfoW
0x5026d4 VerQueryValueW
0x5026d8 GetFileVersionInfoSizeW
NETAPI32.dll
0x502400 NetUserGetLocalGroups
0x502404 NetApiBufferFree
0x502408 NetLocalGroupGetMembers
Secur32.dll
0x502488 GetUserNameExW
COMDLG32.dll
0x5020d8 GetOpenFileNameW
0x5020dc GetSaveFileNameW
EAT(Export Address Table) is none
KERNEL32.dll
0x502174 CreateDirectoryW
0x502178 GetCurrentProcessId
0x50217c GetExitCodeThread
0x502180 SetEvent
0x502184 CreateEventW
0x502188 SetLastError
0x50218c LoadLibraryW
0x502190 FreeLibrary
0x502194 lstrlenW
0x502198 GetVersionExW
0x50219c CreateFileA
0x5021a0 SetStdHandle
0x5021a4 WriteConsoleW
0x5021a8 WriteConsoleA
0x5021ac GetModuleHandleA
0x5021b0 InitializeCriticalSectionAndSpinCount
0x5021b4 GetStringTypeA
0x5021b8 IsValidLocale
0x5021bc EnumSystemLocalesA
0x5021c0 GetUserDefaultLCID
0x5021c4 GetConsoleMode
0x5021c8 GetConsoleCP
0x5021cc GetTickCount
0x5021d0 QueryPerformanceCounter
0x5021d4 GetStartupInfoA
0x5021d8 GetFileType
0x5021dc SetHandleCount
0x5021e0 GetEnvironmentStringsW
0x5021e4 FreeEnvironmentStringsW
0x5021e8 GetDiskFreeSpaceExW
0x5021ec IsValidCodePage
0x5021f0 GetOEMCP
0x5021f4 GetACP
0x5021f8 HeapCreate
0x5021fc LCMapStringW
0x502200 LCMapStringA
0x502204 GetCPInfo
0x502208 RtlUnwind
0x50220c ExitProcess
0x502210 lstrcmpiW
0x502214 TlsSetValue
0x502218 TlsAlloc
0x50221c TlsGetValue
0x502220 GetShortPathNameW
0x502224 GetSystemTimeAsFileTime
0x502228 IsDebuggerPresent
0x50222c UnhandledExceptionFilter
0x502230 TerminateProcess
0x502234 HeapSize
0x502238 HeapReAlloc
0x50223c HeapDestroy
0x502240 VirtualAlloc
0x502244 VirtualFree
0x502248 IsProcessorFeaturePresent
0x50224c HeapAlloc
0x502250 GetProcessHeap
0x502254 HeapFree
0x502258 InterlockedCompareExchange
0x50225c PeekNamedPipe
0x502260 OpenEventW
0x502264 SearchPathW
0x502268 GetLocaleInfoA
0x50226c GetStringTypeW
0x502270 ConnectNamedPipe
0x502274 CreateNamedPipeW
0x502278 ResetEvent
0x50227c MoveFileW
0x502280 TerminateThread
0x502284 GetSystemDirectoryW
0x502288 GetLocalTime
0x50228c OutputDebugStringW
0x502290 GetVersion
0x502294 Process32NextW
0x502298 Process32FirstW
0x50229c CreateToolhelp32Snapshot
0x5022a0 GetWindowsDirectoryW
0x5022a4 GetUserDefaultLangID
0x5022a8 GetSystemDefaultLangID
0x5022ac GetDriveTypeW
0x5022b0 CompareStringW
0x5022b4 InterlockedDecrement
0x5022b8 InterlockedIncrement
0x5022bc GetModuleFileNameW
0x5022c0 GlobalUnlock
0x5022c4 GlobalLock
0x5022c8 GlobalAlloc
0x5022cc lstrcmpW
0x5022d0 GetFileSize
0x5022d4 ReadFile
0x5022d8 GlobalFree
0x5022dc GetTempPathW
0x5022e0 GetSystemTime
0x5022e4 GetTempFileNameW
0x5022e8 DeleteFileW
0x5022ec FindFirstFileW
0x5022f0 RemoveDirectoryW
0x5022f4 FindNextFileW
0x5022f8 GetLogicalDriveStringsW
0x5022fc GetFileAttributesW
0x502300 SetFileAttributesW
0x502304 CopyFileW
0x502308 FindClose
0x50230c MultiByteToWideChar
0x502310 LoadLibraryExW
0x502314 WideCharToMultiByte
0x502318 InterlockedExchange
0x50231c GetSystemInfo
0x502320 TlsFree
0x502324 WaitForMultipleObjects
0x502328 Sleep
0x50232c GetLastError
0x502330 GetCurrentThreadId
0x502334 WaitForSingleObject
0x502338 MulDiv
0x50233c lstrcpynW
0x502340 FindResourceExW
0x502344 FindResourceW
0x502348 LoadResource
0x50234c LockResource
0x502350 SizeofResource
0x502354 GetLocaleInfoW
0x502358 EnumResourceLanguagesW
0x50235c SetEndOfFile
0x502360 SetCurrentDirectoryW
0x502364 GetCommandLineW
0x502368 UnlockFile
0x50236c LockFile
0x502370 GetExitCodeProcess
0x502374 CreateProcessW
0x502378 DuplicateHandle
0x50237c GetModuleFileNameA
0x502380 FlushFileBuffers
0x502384 SetFilePointer
0x502388 GetConsoleOutputCP
0x50238c LeaveCriticalSection
0x502390 GetConsoleScreenBufferInfo
0x502394 GetStdHandle
0x502398 SetConsoleTextAttribute
0x50239c GetFullPathNameW
0x5023a0 GetCurrentThread
0x5023a4 InitializeCriticalSection
0x5023a8 EnterCriticalSection
0x5023ac DeleteCriticalSection
0x5023b0 GetModuleHandleW
0x5023b4 GetProcAddress
0x5023b8 RaiseException
0x5023bc FlushInstructionCache
0x5023c0 GetCurrentProcess
0x5023c4 CloseHandle
0x5023c8 WriteFile
0x5023cc CreateFileW
0x5023d0 LoadLibraryA
0x5023d4 GetStartupInfoW
0x5023d8 LocalAlloc
0x5023dc GetEnvironmentVariableW
0x5023e0 FormatMessageW
0x5023e4 CreateThread
0x5023e8 SetUnhandledExceptionFilter
0x5023ec LocalFree
USER32.dll
0x502490 MapWindowPoints
0x502494 GetParent
0x502498 DefWindowProcW
0x50249c SendMessageW
0x5024a0 GetWindowTextW
0x5024a4 GetWindowTextLengthW
0x5024a8 FillRect
0x5024ac IsWindow
0x5024b0 ShowWindow
0x5024b4 GetClientRect
0x5024b8 UnionRect
0x5024bc IsWindowVisible
0x5024c0 BeginPaint
0x5024c4 EndPaint
0x5024c8 ScreenToClient
0x5024cc SetWindowPos
0x5024d0 GetWindowDC
0x5024d4 LookupIconIdFromDirectoryEx
0x5024d8 GetWindowLongW
0x5024dc GetWindowRect
0x5024e0 CallWindowProcW
0x5024e4 SetWindowLongW
0x5024e8 GetWindow
0x5024ec DrawFrameControl
0x5024f0 RegisterWindowMessageW
0x5024f4 InvalidateRgn
0x5024f8 GetDesktopWindow
0x5024fc GetKeyState
0x502500 DrawStateW
0x502504 DrawTextExW
0x502508 DrawFocusRect
0x50250c ValidateRect
0x502510 DestroyMenu
0x502514 AppendMenuW
0x502518 CreatePopupMenu
0x50251c TrackPopupMenu
0x502520 InflateRect
0x502524 LoadBitmapW
0x502528 MessageBeep
0x50252c LoadImageW
0x502530 CharNextW
0x502534 GetClassNameW
0x502538 ReleaseCapture
0x50253c SetCapture
0x502540 UpdateWindow
0x502544 DestroyIcon
0x502548 GetDlgCtrlID
0x50254c GetCapture
0x502550 SetScrollInfo
0x502554 GetScrollPos
0x502558 GetClassInfoExW
0x50255c RegisterClassExW
0x502560 DrawEdge
0x502564 SetScrollPos
0x502568 SetRect
0x50256c MoveWindow
0x502570 GetScrollInfo
0x502574 GetMessagePos
0x502578 SystemParametersInfoW
0x50257c GetActiveWindow
0x502580 TrackMouseEvent
0x502584 GetAsyncKeyState
0x502588 DestroyCursor
0x50258c GetWindowRgn
0x502590 IsZoomed
0x502594 SetWindowRgn
0x502598 GetComboBoxInfo
0x50259c DestroyAcceleratorTable
0x5025a0 CreateAcceleratorTableW
0x5025a4 TranslateAcceleratorW
0x5025a8 CreateDialogParamW
0x5025ac EndDialog
0x5025b0 DialogBoxParamW
0x5025b4 InvalidateRect
0x5025b8 GetNextDlgTabItem
0x5025bc SetCursor
0x5025c0 MonitorFromWindow
0x5025c4 GetMonitorInfoW
0x5025c8 IsDialogMessageW
0x5025cc IsChild
0x5025d0 PostQuitMessage
0x5025d4 PostMessageW
0x5025d8 SetForegroundWindow
0x5025dc SetCursorPos
0x5025e0 GetCursorPos
0x5025e4 PeekMessageW
0x5025e8 GetMessageW
0x5025ec TranslateMessage
0x5025f0 DispatchMessageW
0x5025f4 LoadCursorW
0x5025f8 LoadStringW
0x5025fc MessageBoxW
0x502600 GetFocus
0x502604 EnableWindow
0x502608 DestroyWindow
0x50260c GetForegroundWindow
0x502610 EnumWindows
0x502614 GetWindowThreadProcessId
0x502618 DialogBoxIndirectParamW
0x50261c MsgWaitForMultipleObjects
0x502620 GetPropW
0x502624 GetSystemMenu
0x502628 EnableMenuItem
0x50262c ModifyMenuW
0x502630 FindWindowW
0x502634 ExitWindowsEx
0x502638 GetScrollRange
0x50263c SetPropW
0x502640 RemovePropW
0x502644 LoadMenuW
0x502648 GetSubMenu
0x50264c OpenClipboard
0x502650 CloseClipboard
0x502654 EmptyClipboard
0x502658 SetClipboardData
0x50265c GetIconInfo
0x502660 SendMessageTimeoutW
0x502664 UnregisterClassA
0x502668 DrawTextW
0x50266c DrawIconEx
0x502670 GetSystemMetrics
0x502674 ClientToScreen
0x502678 OffsetRect
0x50267c SetRectEmpty
0x502680 PtInRect
0x502684 GetSysColorBrush
0x502688 IntersectRect
0x50268c IsRectEmpty
0x502690 SendMessageA
0x502694 IsWindowEnabled
0x502698 CopyRect
0x50269c RedrawWindow
0x5026a0 SetFocus
0x5026a4 GetSysColor
0x5026a8 CreateWindowExW
0x5026ac GetDlgItem
0x5026b0 SetWindowTextW
0x5026b4 EqualRect
0x5026b8 SetTimer
0x5026bc KillTimer
0x5026c0 GetDC
0x5026c4 ReleaseDC
0x5026c8 CreateIconFromResourceEx
GDI32.dll
0x5020e4 GetLayout
0x5020e8 GetBrushOrgEx
0x5020ec CreateFontIndirectW
0x5020f0 CreateSolidBrush
0x5020f4 GetRgnBox
0x5020f8 EqualRgn
0x5020fc CreatePolygonRgn
0x502100 CreateRectRgnIndirect
0x502104 GetStockObject
0x502108 CreateFontW
0x50210c SetBkMode
0x502110 SetTextColor
0x502114 SetBrushOrgEx
0x502118 CreatePatternBrush
0x50211c FillRgn
0x502120 SelectClipRgn
0x502124 GetBitmapBits
0x502128 CreateRectRgn
0x50212c GetObjectW
0x502130 GetDeviceCaps
0x502134 Rectangle
0x502138 ExcludeClipRect
0x50213c CreatePen
0x502140 ExtTextOutW
0x502144 SetBkColor
0x502148 BitBlt
0x50214c SetViewportOrgEx
0x502150 CreateCompatibleBitmap
0x502154 CreateCompatibleDC
0x502158 DeleteObject
0x50215c SelectObject
0x502160 DeleteDC
0x502164 CreateDIBSection
0x502168 CreateBitmapIndirect
0x50216c CombineRgn
ADVAPI32.dll
0x502000 RegOpenKeyW
0x502004 LookupPrivilegeValueW
0x502008 LookupAccountSidW
0x50200c SetSecurityDescriptorDacl
0x502010 InitializeSecurityDescriptor
0x502014 SetEntriesInAclW
0x502018 GetSecurityDescriptorDacl
0x50201c StartServiceW
0x502020 QueryServiceStatus
0x502024 OpenServiceW
0x502028 RegDeleteValueA
0x50202c RegQueryValueExA
0x502030 RegOpenKeyA
0x502034 RegDeleteValueW
0x502038 RegCreateKeyExW
0x50203c RegSetValueExW
0x502040 RegEnumKeyExW
0x502044 RegQueryInfoKeyW
0x502048 RegDeleteKeyW
0x50204c RegQueryValueExW
0x502050 RegOpenKeyExW
0x502054 RegCloseKey
0x502058 RegSetValueExA
0x50205c OpenSCManagerW
0x502060 LockServiceDatabase
0x502064 UnlockServiceDatabase
0x502068 CloseServiceHandle
0x50206c RegOpenKeyExA
0x502070 RegEnumValueA
0x502074 AdjustTokenPrivileges
0x502078 RegCreateKeyW
0x50207c OpenProcessToken
0x502080 GetTokenInformation
0x502084 AllocateAndInitializeSid
0x502088 EqualSid
0x50208c FreeSid
0x502090 GetUserNameW
0x502094 RegDeleteKeyA
0x502098 RegCreateKeyA
SHELL32.dll
0x502450 ShellExecuteW
0x502454 SHGetFolderPathW
0x502458 SHBrowseForFolderW
0x50245c SHGetPathFromIDListW
0x502460 SHGetMalloc
0x502464 SHGetFileInfoW
0x502468 SHGetSpecialFolderLocation
0x50246c ShellExecuteExW
ole32.dll
0x502704 CoTaskMemRealloc
0x502708 CoTaskMemFree
0x50270c CoInitialize
0x502710 OleInitialize
0x502714 CLSIDFromProgID
0x502718 CoGetClassObject
0x50271c CoCreateInstance
0x502720 CreateStreamOnHGlobal
0x502724 OleLockRunning
0x502728 StringFromGUID2
0x50272c CoTaskMemAlloc
0x502730 OleUninitialize
0x502734 CoUninitialize
0x502738 CoCreateGuid
0x50273c CreateILockBytesOnHGlobal
0x502740 StgCreateDocfileOnILockBytes
0x502744 CoInitializeEx
0x502748 CLSIDFromString
OLEAUT32.dll
0x502410 VarUI4FromStr
0x502414 VarDateFromStr
0x502418 OleLoadPicture
0x50241c SysStringByteLen
0x502420 SysAllocStringByteLen
0x502424 SysAllocStringLen
0x502428 LoadTypeLib
0x50242c LoadRegTypeLib
0x502430 SysStringLen
0x502434 OleCreateFontIndirect
0x502438 VariantCopy
0x50243c VariantInit
0x502440 VariantClear
0x502444 SysAllocString
0x502448 SysFreeString
dbghelp.dll
0x5026e0 SymGetLineFromAddr
0x5026e4 SymSetSearchPath
0x5026e8 SymCleanup
0x5026ec SymInitialize
0x5026f0 SymSetOptions
0x5026f4 SymFunctionTableAccess
0x5026f8 StackWalk
0x5026fc SymGetModuleBase
SHLWAPI.dll
0x502474 PathIsDirectoryW
0x502478 PathFileExistsW
0x50247c PathIsUNCW
0x502480 PathAddBackslashW
COMCTL32.dll
0x5020a0 ImageList_Create
0x5020a4 CreatePropertySheetPageW
0x5020a8 PropertySheetW
0x5020ac DestroyPropertySheetPage
0x5020b0 InitCommonControlsEx
0x5020b4 ImageList_LoadImageW
0x5020b8 ImageList_GetIcon
0x5020bc ImageList_AddMasked
0x5020c0 ImageList_SetBkColor
0x5020c4 _TrackMouseEvent
0x5020c8 ImageList_Add
0x5020cc ImageList_ReplaceIcon
0x5020d0 ImageList_Destroy
MSIMG32.dll
0x5023f4 TransparentBlt
0x5023f8 AlphaBlend
VERSION.dll
0x5026d0 GetFileVersionInfoW
0x5026d4 VerQueryValueW
0x5026d8 GetFileVersionInfoSizeW
NETAPI32.dll
0x502400 NetUserGetLocalGroups
0x502404 NetApiBufferFree
0x502408 NetLocalGroupGetMembers
Secur32.dll
0x502488 GetUserNameExW
COMDLG32.dll
0x5020d8 GetOpenFileNameW
0x5020dc GetSaveFileNameW
EAT(Export Address Table) is none