ScreenShot
| Created | 2024.09.02 10:44 | Machine | s1_win7_x6401 |
| Filename | c64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 58 detected (VrerTmpolT, lpDo, malicious, high confidence, score, Graftor, Unsafe, FlyStudio, Vovj, Attribute, HighConfidence, Artemis, Temr, Miancha, jsmbnw, EquationDrug, qhhxk, Real Protect, moderate, Static AI, Malicious PE, Detected, ai score=71, RA@1qraug, DoublePulsar, 17CZDTL, Eldorado, Eqtonex, ZexaF, @t0@aqMGwNcb, Miner, RnkBend, R002H0CHT24, Gencirc, susgen, confidence, 100%) | ||
| md5 | d94524a8793610d5291f4748981e9916 | ||
| sha256 | d57565ed07ac50cba505f6399b9c08da796047bb5943a39da3f66d4cb6f32ee5 | ||
| ssdeep | 98304:LnniMrxazp+78Wftj4puoeuaKhlrH9L7TRZ+ZHJtj/IcikcskwvOC+Ld:Oa0zp+wWftLoeghlpzX+ZHTgZwvkJ | ||
| imphash | a415cd9204004579390c0d036f65718c | ||
| impfuzzy | 192:KJMnu092UqT0myTz4zStsiKcWcncJAHh0QA1:BuisT+aHai1 | ||
Network IP location
Signature (27cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| warning | Generates some ICMP traffic |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Attempts to stop active services |
| watch | Deletes a large number of files from the system indicative of ransomware |
| watch | Installs itself for autorun at Windows startup |
| watch | The process wscript.exe wrote an executable file to disk |
| watch | Uses suspicious command line tools or Windows utilities |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (32cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_RL_Gen_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | Suspicious_Obfuscation_Script | Suspicious obfuscation script | binaries (download) |
| warning | Suspicious_Obfuscation_Script_2 | Suspicious obfuscation script (e.g. executable files) | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (download) |
| info | bmp_file_format | bmp file format | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | ftp_command | ftp command | binaries (download) |
| info | icon_file_format | icon file format | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x494170 GetACP
0x494174 HeapSize
0x494178 TerminateProcess
0x49417c RaiseException
0x494180 GetLocalTime
0x494184 GetSystemTime
0x494188 GetTimeZoneInformation
0x49418c RtlUnwind
0x494190 GetStartupInfoA
0x494194 GetOEMCP
0x494198 GetCPInfo
0x49419c GetProcessVersion
0x4941a0 SetErrorMode
0x4941a4 GlobalFlags
0x4941a8 GetCurrentThread
0x4941ac UnhandledExceptionFilter
0x4941b0 GetFileTime
0x4941b4 GetFileSize
0x4941b8 TlsGetValue
0x4941bc LocalReAlloc
0x4941c0 TlsSetValue
0x4941c4 TlsFree
0x4941c8 GlobalHandle
0x4941cc TlsAlloc
0x4941d0 LocalAlloc
0x4941d4 lstrcmpA
0x4941d8 GetVersion
0x4941dc GlobalGetAtomNameA
0x4941e0 GlobalAddAtomA
0x4941e4 GlobalFindAtomA
0x4941e8 GlobalDeleteAtom
0x4941ec lstrcmpiA
0x4941f0 SetEndOfFile
0x4941f4 UnlockFile
0x4941f8 LockFile
0x4941fc FlushFileBuffers
0x494200 SetFilePointer
0x494204 GetCurrentProcess
0x494208 DuplicateHandle
0x49420c lstrcpynA
0x494210 SetLastError
0x494214 FileTimeToLocalFileTime
0x494218 FileTimeToSystemTime
0x49421c LocalFree
0x494220 MultiByteToWideChar
0x494224 WideCharToMultiByte
0x494228 InterlockedDecrement
0x49422c InterlockedIncrement
0x494230 FreeEnvironmentStringsA
0x494234 FreeEnvironmentStringsW
0x494238 GetEnvironmentStrings
0x49423c GetEnvironmentStringsW
0x494240 SetHandleCount
0x494244 GetStdHandle
0x494248 GetFileType
0x49424c GetEnvironmentVariableA
0x494250 HeapDestroy
0x494254 HeapCreate
0x494258 VirtualFree
0x49425c SetEnvironmentVariableA
0x494260 LCMapStringA
0x494264 LCMapStringW
0x494268 VirtualAlloc
0x49426c IsBadWritePtr
0x494270 GetStringTypeA
0x494274 GetStringTypeW
0x494278 SetUnhandledExceptionFilter
0x49427c CompareStringA
0x494280 CompareStringW
0x494284 IsBadReadPtr
0x494288 IsBadCodePtr
0x49428c SetStdHandle
0x494290 SuspendThread
0x494294 TerminateThread
0x494298 ReleaseMutex
0x49429c CreateMutexA
0x4942a0 CreateSemaphoreA
0x4942a4 ResumeThread
0x4942a8 ReleaseSemaphore
0x4942ac EnterCriticalSection
0x4942b0 LeaveCriticalSection
0x4942b4 GetProfileStringA
0x4942b8 WriteFile
0x4942bc WaitForMultipleObjects
0x4942c0 CreateFileA
0x4942c4 SetEvent
0x4942c8 FindResourceA
0x4942cc LoadResource
0x4942d0 LockResource
0x4942d4 ReadFile
0x4942d8 GetModuleFileNameA
0x4942dc GetCurrentThreadId
0x4942e0 ExitProcess
0x4942e4 GlobalSize
0x4942e8 GlobalFree
0x4942ec DeleteCriticalSection
0x4942f0 InitializeCriticalSection
0x4942f4 lstrcatA
0x4942f8 lstrlenA
0x4942fc WinExec
0x494300 lstrcpyA
0x494304 CloseHandle
0x494308 FindNextFileA
0x49430c GlobalReAlloc
0x494310 HeapFree
0x494314 HeapReAlloc
0x494318 GetProcessHeap
0x49431c HeapAlloc
0x494320 GetFullPathNameA
0x494324 FreeLibrary
0x494328 LoadLibraryA
0x49432c GetLastError
0x494330 GetVersionExA
0x494334 WritePrivateProfileStringA
0x494338 CreateThread
0x49433c CreateEventA
0x494340 Sleep
0x494344 GlobalAlloc
0x494348 GlobalLock
0x49434c GlobalUnlock
0x494350 FindFirstFileA
0x494354 FindClose
0x494358 SetFileAttributesA
0x49435c GetFileAttributesA
0x494360 DeleteFileA
0x494364 CreateDirectoryA
0x494368 SetCurrentDirectoryA
0x49436c GetVolumeInformationA
0x494370 GetModuleHandleA
0x494374 GetProcAddress
0x494378 MulDiv
0x49437c GetCommandLineA
0x494380 GetTickCount
0x494384 CreateProcessA
0x494388 WaitForSingleObject
USER32.dll
0x4943ac LoadIconA
0x4943b0 TranslateMessage
0x4943b4 DrawFrameControl
0x4943b8 DrawEdge
0x4943bc DrawFocusRect
0x4943c0 WindowFromPoint
0x4943c4 GetMessageA
0x4943c8 DispatchMessageA
0x4943cc SetRectEmpty
0x4943d0 RegisterClipboardFormatA
0x4943d4 CreateIconFromResourceEx
0x4943d8 CreateIconFromResource
0x4943dc DrawIconEx
0x4943e0 CreatePopupMenu
0x4943e4 AppendMenuA
0x4943e8 ModifyMenuA
0x4943ec CreateMenu
0x4943f0 CreateAcceleratorTableA
0x4943f4 GetDlgCtrlID
0x4943f8 GetSubMenu
0x4943fc EnableMenuItem
0x494400 ClientToScreen
0x494404 EnumDisplaySettingsA
0x494408 LoadImageA
0x49440c SystemParametersInfoA
0x494410 ShowWindow
0x494414 IsWindowEnabled
0x494418 TranslateAcceleratorA
0x49441c GetKeyState
0x494420 CopyAcceleratorTableA
0x494424 PostQuitMessage
0x494428 IsZoomed
0x49442c GetClassInfoA
0x494430 DefWindowProcA
0x494434 GetSystemMenu
0x494438 DeleteMenu
0x49443c GetMenu
0x494440 SetMenu
0x494444 PeekMessageA
0x494448 IsIconic
0x49444c SetFocus
0x494450 GetActiveWindow
0x494454 GetWindow
0x494458 DestroyAcceleratorTable
0x49445c SetWindowRgn
0x494460 GetMessagePos
0x494464 ScreenToClient
0x494468 ChildWindowFromPointEx
0x49446c CopyRect
0x494470 LoadBitmapA
0x494474 WinHelpA
0x494478 KillTimer
0x49447c SetTimer
0x494480 ReleaseCapture
0x494484 GetCapture
0x494488 SetCapture
0x49448c GetScrollRange
0x494490 SetScrollRange
0x494494 SetScrollPos
0x494498 SetRect
0x49449c InflateRect
0x4944a0 IntersectRect
0x4944a4 DestroyIcon
0x4944a8 PtInRect
0x4944ac OffsetRect
0x4944b0 IsWindowVisible
0x4944b4 EnableWindow
0x4944b8 UnregisterClassA
0x4944bc GetWindowLongA
0x4944c0 SetWindowLongA
0x4944c4 GetSysColor
0x4944c8 SetActiveWindow
0x4944cc SetCursorPos
0x4944d0 LoadCursorA
0x4944d4 SetCursor
0x4944d8 GetDC
0x4944dc FillRect
0x4944e0 IsRectEmpty
0x4944e4 ReleaseDC
0x4944e8 IsChild
0x4944ec DestroyMenu
0x4944f0 SetForegroundWindow
0x4944f4 GetWindowRect
0x4944f8 EqualRect
0x4944fc UpdateWindow
0x494500 ValidateRect
0x494504 InvalidateRect
0x494508 GetClientRect
0x49450c GetFocus
0x494510 GetParent
0x494514 GetTopWindow
0x494518 PostMessageA
0x49451c IsWindow
0x494520 SetParent
0x494524 DestroyCursor
0x494528 SendMessageA
0x49452c GetWindowTextA
0x494530 GetWindowTextLengthA
0x494534 CharUpperA
0x494538 GetWindowDC
0x49453c BeginPaint
0x494540 EndPaint
0x494544 TabbedTextOutA
0x494548 DrawTextA
0x49454c GrayStringA
0x494550 GetDlgItem
0x494554 DestroyWindow
0x494558 CreateDialogIndirectParamA
0x49455c EndDialog
0x494560 GetNextDlgTabItem
0x494564 GetWindowPlacement
0x494568 RegisterWindowMessageA
0x49456c GetForegroundWindow
0x494570 GetLastActivePopup
0x494574 GetMessageTime
0x494578 RemovePropA
0x49457c CallWindowProcA
0x494580 GetPropA
0x494584 UnhookWindowsHookEx
0x494588 SetPropA
0x49458c GetClassLongA
0x494590 CallNextHookEx
0x494594 SetWindowsHookExA
0x494598 CreateWindowExA
0x49459c GetMenuItemID
0x4945a0 GetMenuItemCount
0x4945a4 RegisterClassA
0x4945a8 GetScrollPos
0x4945ac AdjustWindowRectEx
0x4945b0 MapWindowPoints
0x4945b4 SendDlgItemMessageA
0x4945b8 ScrollWindowEx
0x4945bc IsDialogMessageA
0x4945c0 SetWindowTextA
0x4945c4 MoveWindow
0x4945c8 CheckMenuItem
0x4945cc SetMenuItemBitmaps
0x4945d0 GetMenuState
0x4945d4 GetMenuCheckMarkDimensions
0x4945d8 GetClassNameA
0x4945dc GetDesktopWindow
0x4945e0 LoadStringA
0x4945e4 GetSysColorBrush
0x4945e8 SetWindowPos
0x4945ec MessageBoxA
0x4945f0 GetCursorPos
0x4945f4 GetSystemMetrics
0x4945f8 EmptyClipboard
0x4945fc SetClipboardData
0x494600 OpenClipboard
0x494604 GetClipboardData
0x494608 CloseClipboard
0x49460c wsprintfA
0x494610 WaitForInputIdle
0x494614 RedrawWindow
GDI32.dll
0x494024 ExtTextOutA
0x494028 TextOutA
0x49402c GetTextMetricsA
0x494030 RectVisible
0x494034 PtVisible
0x494038 Escape
0x49403c GetViewportExtEx
0x494040 ExtSelectClipRgn
0x494044 LineTo
0x494048 SetBkColor
0x49404c CreateRectRgnIndirect
0x494050 SetStretchBltMode
0x494054 GetClipRgn
0x494058 CreatePolygonRgn
0x49405c SelectClipRgn
0x494060 DeleteObject
0x494064 CreateDIBitmap
0x494068 GetSystemPaletteEntries
0x49406c CreatePalette
0x494070 StretchBlt
0x494074 SelectPalette
0x494078 RealizePalette
0x49407c GetDIBits
0x494080 GetWindowExtEx
0x494084 GetViewportOrgEx
0x494088 GetWindowOrgEx
0x49408c BeginPath
0x494090 EndPath
0x494094 PathToRegion
0x494098 CreateEllipticRgn
0x49409c CreateRoundRectRgn
0x4940a0 GetTextColor
0x4940a4 GetBkMode
0x4940a8 GetBkColor
0x4940ac GetROP2
0x4940b0 GetStretchBltMode
0x4940b4 GetPolyFillMode
0x4940b8 CreateCompatibleBitmap
0x4940bc CreateDCA
0x4940c0 CreateBitmap
0x4940c4 SelectObject
0x4940c8 GetObjectA
0x4940cc CreatePen
0x4940d0 PatBlt
0x4940d4 SetWindowOrgEx
0x4940d8 ScaleViewportExtEx
0x4940dc SetViewportExtEx
0x4940e0 OffsetViewportOrgEx
0x4940e4 SetViewportOrgEx
0x4940e8 SetMapMode
0x4940ec SetTextColor
0x4940f0 SetROP2
0x4940f4 SetPolyFillMode
0x4940f8 SetBkMode
0x4940fc RestoreDC
0x494100 SaveDC
0x494104 CombineRgn
0x494108 CreateRectRgn
0x49410c FillRgn
0x494110 CreateSolidBrush
0x494114 GetStockObject
0x494118 CreateFontIndirectA
0x49411c EndPage
0x494120 EndDoc
0x494124 DeleteDC
0x494128 StartDocA
0x49412c StartPage
0x494130 BitBlt
0x494134 CreateCompatibleDC
0x494138 Ellipse
0x49413c Rectangle
0x494140 LPtoDP
0x494144 DPtoLP
0x494148 GetCurrentObject
0x49414c RoundRect
0x494150 GetTextExtentPoint32A
0x494154 GetDeviceCaps
0x494158 MoveToEx
0x49415c ExcludeClipRect
0x494160 GetClipBox
0x494164 ScaleWindowExtEx
0x494168 SetWindowExtEx
WINMM.dll
0x49461c waveOutRestart
0x494620 waveOutUnprepareHeader
0x494624 waveOutPrepareHeader
0x494628 waveOutWrite
0x49462c waveOutPause
0x494630 waveOutReset
0x494634 waveOutClose
0x494638 waveOutGetNumDevs
0x49463c waveOutOpen
0x494640 midiOutUnprepareHeader
0x494644 midiStreamOpen
0x494648 midiStreamProperty
0x49464c midiOutPrepareHeader
0x494650 midiStreamOut
0x494654 midiStreamStop
0x494658 midiOutReset
0x49465c midiStreamClose
0x494660 midiStreamRestart
WINSPOOL.DRV
0x494668 OpenPrinterA
0x49466c DocumentPropertiesA
0x494670 ClosePrinter
ADVAPI32.dll
0x494000 RegQueryValueA
0x494004 RegOpenKeyExA
0x494008 RegCloseKey
0x49400c RegCreateKeyExA
0x494010 RegSetValueExA
SHELL32.dll
0x4943a0 ShellExecuteA
0x4943a4 Shell_NotifyIconA
ole32.dll
0x4946b8 CLSIDFromString
0x4946bc OleUninitialize
0x4946c0 OleInitialize
OLEAUT32.dll
0x494390 UnRegisterTypeLib
0x494394 RegisterTypeLib
0x494398 LoadTypeLib
COMCTL32.dll
0x494018 None
0x49401c ImageList_Destroy
WS2_32.dll
0x494678 inet_ntoa
0x49467c WSACleanup
0x494680 ntohl
0x494684 accept
0x494688 getpeername
0x49468c recv
0x494690 ioctlsocket
0x494694 recvfrom
0x494698 closesocket
0x49469c WSAAsyncSelect
comdlg32.dll
0x4946a4 ChooseColorA
0x4946a8 GetOpenFileNameA
0x4946ac GetSaveFileNameA
0x4946b0 GetFileTitleA
EAT(Export Address Table) is none
KERNEL32.dll
0x494170 GetACP
0x494174 HeapSize
0x494178 TerminateProcess
0x49417c RaiseException
0x494180 GetLocalTime
0x494184 GetSystemTime
0x494188 GetTimeZoneInformation
0x49418c RtlUnwind
0x494190 GetStartupInfoA
0x494194 GetOEMCP
0x494198 GetCPInfo
0x49419c GetProcessVersion
0x4941a0 SetErrorMode
0x4941a4 GlobalFlags
0x4941a8 GetCurrentThread
0x4941ac UnhandledExceptionFilter
0x4941b0 GetFileTime
0x4941b4 GetFileSize
0x4941b8 TlsGetValue
0x4941bc LocalReAlloc
0x4941c0 TlsSetValue
0x4941c4 TlsFree
0x4941c8 GlobalHandle
0x4941cc TlsAlloc
0x4941d0 LocalAlloc
0x4941d4 lstrcmpA
0x4941d8 GetVersion
0x4941dc GlobalGetAtomNameA
0x4941e0 GlobalAddAtomA
0x4941e4 GlobalFindAtomA
0x4941e8 GlobalDeleteAtom
0x4941ec lstrcmpiA
0x4941f0 SetEndOfFile
0x4941f4 UnlockFile
0x4941f8 LockFile
0x4941fc FlushFileBuffers
0x494200 SetFilePointer
0x494204 GetCurrentProcess
0x494208 DuplicateHandle
0x49420c lstrcpynA
0x494210 SetLastError
0x494214 FileTimeToLocalFileTime
0x494218 FileTimeToSystemTime
0x49421c LocalFree
0x494220 MultiByteToWideChar
0x494224 WideCharToMultiByte
0x494228 InterlockedDecrement
0x49422c InterlockedIncrement
0x494230 FreeEnvironmentStringsA
0x494234 FreeEnvironmentStringsW
0x494238 GetEnvironmentStrings
0x49423c GetEnvironmentStringsW
0x494240 SetHandleCount
0x494244 GetStdHandle
0x494248 GetFileType
0x49424c GetEnvironmentVariableA
0x494250 HeapDestroy
0x494254 HeapCreate
0x494258 VirtualFree
0x49425c SetEnvironmentVariableA
0x494260 LCMapStringA
0x494264 LCMapStringW
0x494268 VirtualAlloc
0x49426c IsBadWritePtr
0x494270 GetStringTypeA
0x494274 GetStringTypeW
0x494278 SetUnhandledExceptionFilter
0x49427c CompareStringA
0x494280 CompareStringW
0x494284 IsBadReadPtr
0x494288 IsBadCodePtr
0x49428c SetStdHandle
0x494290 SuspendThread
0x494294 TerminateThread
0x494298 ReleaseMutex
0x49429c CreateMutexA
0x4942a0 CreateSemaphoreA
0x4942a4 ResumeThread
0x4942a8 ReleaseSemaphore
0x4942ac EnterCriticalSection
0x4942b0 LeaveCriticalSection
0x4942b4 GetProfileStringA
0x4942b8 WriteFile
0x4942bc WaitForMultipleObjects
0x4942c0 CreateFileA
0x4942c4 SetEvent
0x4942c8 FindResourceA
0x4942cc LoadResource
0x4942d0 LockResource
0x4942d4 ReadFile
0x4942d8 GetModuleFileNameA
0x4942dc GetCurrentThreadId
0x4942e0 ExitProcess
0x4942e4 GlobalSize
0x4942e8 GlobalFree
0x4942ec DeleteCriticalSection
0x4942f0 InitializeCriticalSection
0x4942f4 lstrcatA
0x4942f8 lstrlenA
0x4942fc WinExec
0x494300 lstrcpyA
0x494304 CloseHandle
0x494308 FindNextFileA
0x49430c GlobalReAlloc
0x494310 HeapFree
0x494314 HeapReAlloc
0x494318 GetProcessHeap
0x49431c HeapAlloc
0x494320 GetFullPathNameA
0x494324 FreeLibrary
0x494328 LoadLibraryA
0x49432c GetLastError
0x494330 GetVersionExA
0x494334 WritePrivateProfileStringA
0x494338 CreateThread
0x49433c CreateEventA
0x494340 Sleep
0x494344 GlobalAlloc
0x494348 GlobalLock
0x49434c GlobalUnlock
0x494350 FindFirstFileA
0x494354 FindClose
0x494358 SetFileAttributesA
0x49435c GetFileAttributesA
0x494360 DeleteFileA
0x494364 CreateDirectoryA
0x494368 SetCurrentDirectoryA
0x49436c GetVolumeInformationA
0x494370 GetModuleHandleA
0x494374 GetProcAddress
0x494378 MulDiv
0x49437c GetCommandLineA
0x494380 GetTickCount
0x494384 CreateProcessA
0x494388 WaitForSingleObject
USER32.dll
0x4943ac LoadIconA
0x4943b0 TranslateMessage
0x4943b4 DrawFrameControl
0x4943b8 DrawEdge
0x4943bc DrawFocusRect
0x4943c0 WindowFromPoint
0x4943c4 GetMessageA
0x4943c8 DispatchMessageA
0x4943cc SetRectEmpty
0x4943d0 RegisterClipboardFormatA
0x4943d4 CreateIconFromResourceEx
0x4943d8 CreateIconFromResource
0x4943dc DrawIconEx
0x4943e0 CreatePopupMenu
0x4943e4 AppendMenuA
0x4943e8 ModifyMenuA
0x4943ec CreateMenu
0x4943f0 CreateAcceleratorTableA
0x4943f4 GetDlgCtrlID
0x4943f8 GetSubMenu
0x4943fc EnableMenuItem
0x494400 ClientToScreen
0x494404 EnumDisplaySettingsA
0x494408 LoadImageA
0x49440c SystemParametersInfoA
0x494410 ShowWindow
0x494414 IsWindowEnabled
0x494418 TranslateAcceleratorA
0x49441c GetKeyState
0x494420 CopyAcceleratorTableA
0x494424 PostQuitMessage
0x494428 IsZoomed
0x49442c GetClassInfoA
0x494430 DefWindowProcA
0x494434 GetSystemMenu
0x494438 DeleteMenu
0x49443c GetMenu
0x494440 SetMenu
0x494444 PeekMessageA
0x494448 IsIconic
0x49444c SetFocus
0x494450 GetActiveWindow
0x494454 GetWindow
0x494458 DestroyAcceleratorTable
0x49445c SetWindowRgn
0x494460 GetMessagePos
0x494464 ScreenToClient
0x494468 ChildWindowFromPointEx
0x49446c CopyRect
0x494470 LoadBitmapA
0x494474 WinHelpA
0x494478 KillTimer
0x49447c SetTimer
0x494480 ReleaseCapture
0x494484 GetCapture
0x494488 SetCapture
0x49448c GetScrollRange
0x494490 SetScrollRange
0x494494 SetScrollPos
0x494498 SetRect
0x49449c InflateRect
0x4944a0 IntersectRect
0x4944a4 DestroyIcon
0x4944a8 PtInRect
0x4944ac OffsetRect
0x4944b0 IsWindowVisible
0x4944b4 EnableWindow
0x4944b8 UnregisterClassA
0x4944bc GetWindowLongA
0x4944c0 SetWindowLongA
0x4944c4 GetSysColor
0x4944c8 SetActiveWindow
0x4944cc SetCursorPos
0x4944d0 LoadCursorA
0x4944d4 SetCursor
0x4944d8 GetDC
0x4944dc FillRect
0x4944e0 IsRectEmpty
0x4944e4 ReleaseDC
0x4944e8 IsChild
0x4944ec DestroyMenu
0x4944f0 SetForegroundWindow
0x4944f4 GetWindowRect
0x4944f8 EqualRect
0x4944fc UpdateWindow
0x494500 ValidateRect
0x494504 InvalidateRect
0x494508 GetClientRect
0x49450c GetFocus
0x494510 GetParent
0x494514 GetTopWindow
0x494518 PostMessageA
0x49451c IsWindow
0x494520 SetParent
0x494524 DestroyCursor
0x494528 SendMessageA
0x49452c GetWindowTextA
0x494530 GetWindowTextLengthA
0x494534 CharUpperA
0x494538 GetWindowDC
0x49453c BeginPaint
0x494540 EndPaint
0x494544 TabbedTextOutA
0x494548 DrawTextA
0x49454c GrayStringA
0x494550 GetDlgItem
0x494554 DestroyWindow
0x494558 CreateDialogIndirectParamA
0x49455c EndDialog
0x494560 GetNextDlgTabItem
0x494564 GetWindowPlacement
0x494568 RegisterWindowMessageA
0x49456c GetForegroundWindow
0x494570 GetLastActivePopup
0x494574 GetMessageTime
0x494578 RemovePropA
0x49457c CallWindowProcA
0x494580 GetPropA
0x494584 UnhookWindowsHookEx
0x494588 SetPropA
0x49458c GetClassLongA
0x494590 CallNextHookEx
0x494594 SetWindowsHookExA
0x494598 CreateWindowExA
0x49459c GetMenuItemID
0x4945a0 GetMenuItemCount
0x4945a4 RegisterClassA
0x4945a8 GetScrollPos
0x4945ac AdjustWindowRectEx
0x4945b0 MapWindowPoints
0x4945b4 SendDlgItemMessageA
0x4945b8 ScrollWindowEx
0x4945bc IsDialogMessageA
0x4945c0 SetWindowTextA
0x4945c4 MoveWindow
0x4945c8 CheckMenuItem
0x4945cc SetMenuItemBitmaps
0x4945d0 GetMenuState
0x4945d4 GetMenuCheckMarkDimensions
0x4945d8 GetClassNameA
0x4945dc GetDesktopWindow
0x4945e0 LoadStringA
0x4945e4 GetSysColorBrush
0x4945e8 SetWindowPos
0x4945ec MessageBoxA
0x4945f0 GetCursorPos
0x4945f4 GetSystemMetrics
0x4945f8 EmptyClipboard
0x4945fc SetClipboardData
0x494600 OpenClipboard
0x494604 GetClipboardData
0x494608 CloseClipboard
0x49460c wsprintfA
0x494610 WaitForInputIdle
0x494614 RedrawWindow
GDI32.dll
0x494024 ExtTextOutA
0x494028 TextOutA
0x49402c GetTextMetricsA
0x494030 RectVisible
0x494034 PtVisible
0x494038 Escape
0x49403c GetViewportExtEx
0x494040 ExtSelectClipRgn
0x494044 LineTo
0x494048 SetBkColor
0x49404c CreateRectRgnIndirect
0x494050 SetStretchBltMode
0x494054 GetClipRgn
0x494058 CreatePolygonRgn
0x49405c SelectClipRgn
0x494060 DeleteObject
0x494064 CreateDIBitmap
0x494068 GetSystemPaletteEntries
0x49406c CreatePalette
0x494070 StretchBlt
0x494074 SelectPalette
0x494078 RealizePalette
0x49407c GetDIBits
0x494080 GetWindowExtEx
0x494084 GetViewportOrgEx
0x494088 GetWindowOrgEx
0x49408c BeginPath
0x494090 EndPath
0x494094 PathToRegion
0x494098 CreateEllipticRgn
0x49409c CreateRoundRectRgn
0x4940a0 GetTextColor
0x4940a4 GetBkMode
0x4940a8 GetBkColor
0x4940ac GetROP2
0x4940b0 GetStretchBltMode
0x4940b4 GetPolyFillMode
0x4940b8 CreateCompatibleBitmap
0x4940bc CreateDCA
0x4940c0 CreateBitmap
0x4940c4 SelectObject
0x4940c8 GetObjectA
0x4940cc CreatePen
0x4940d0 PatBlt
0x4940d4 SetWindowOrgEx
0x4940d8 ScaleViewportExtEx
0x4940dc SetViewportExtEx
0x4940e0 OffsetViewportOrgEx
0x4940e4 SetViewportOrgEx
0x4940e8 SetMapMode
0x4940ec SetTextColor
0x4940f0 SetROP2
0x4940f4 SetPolyFillMode
0x4940f8 SetBkMode
0x4940fc RestoreDC
0x494100 SaveDC
0x494104 CombineRgn
0x494108 CreateRectRgn
0x49410c FillRgn
0x494110 CreateSolidBrush
0x494114 GetStockObject
0x494118 CreateFontIndirectA
0x49411c EndPage
0x494120 EndDoc
0x494124 DeleteDC
0x494128 StartDocA
0x49412c StartPage
0x494130 BitBlt
0x494134 CreateCompatibleDC
0x494138 Ellipse
0x49413c Rectangle
0x494140 LPtoDP
0x494144 DPtoLP
0x494148 GetCurrentObject
0x49414c RoundRect
0x494150 GetTextExtentPoint32A
0x494154 GetDeviceCaps
0x494158 MoveToEx
0x49415c ExcludeClipRect
0x494160 GetClipBox
0x494164 ScaleWindowExtEx
0x494168 SetWindowExtEx
WINMM.dll
0x49461c waveOutRestart
0x494620 waveOutUnprepareHeader
0x494624 waveOutPrepareHeader
0x494628 waveOutWrite
0x49462c waveOutPause
0x494630 waveOutReset
0x494634 waveOutClose
0x494638 waveOutGetNumDevs
0x49463c waveOutOpen
0x494640 midiOutUnprepareHeader
0x494644 midiStreamOpen
0x494648 midiStreamProperty
0x49464c midiOutPrepareHeader
0x494650 midiStreamOut
0x494654 midiStreamStop
0x494658 midiOutReset
0x49465c midiStreamClose
0x494660 midiStreamRestart
WINSPOOL.DRV
0x494668 OpenPrinterA
0x49466c DocumentPropertiesA
0x494670 ClosePrinter
ADVAPI32.dll
0x494000 RegQueryValueA
0x494004 RegOpenKeyExA
0x494008 RegCloseKey
0x49400c RegCreateKeyExA
0x494010 RegSetValueExA
SHELL32.dll
0x4943a0 ShellExecuteA
0x4943a4 Shell_NotifyIconA
ole32.dll
0x4946b8 CLSIDFromString
0x4946bc OleUninitialize
0x4946c0 OleInitialize
OLEAUT32.dll
0x494390 UnRegisterTypeLib
0x494394 RegisterTypeLib
0x494398 LoadTypeLib
COMCTL32.dll
0x494018 None
0x49401c ImageList_Destroy
WS2_32.dll
0x494678 inet_ntoa
0x49467c WSACleanup
0x494680 ntohl
0x494684 accept
0x494688 getpeername
0x49468c recv
0x494690 ioctlsocket
0x494694 recvfrom
0x494698 closesocket
0x49469c WSAAsyncSelect
comdlg32.dll
0x4946a4 ChooseColorA
0x4946a8 GetOpenFileNameA
0x4946ac GetSaveFileNameA
0x4946b0 GetFileTitleA
EAT(Export Address Table) is none