ScreenShot
| Created | 2024.09.08 10:53 | Machine | s1_win7_x6401 |
| Filename | 123.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 40 detected (AIDetectMalware, lx0C, malicious, high confidence, score, Unsafe, Save, BlackMoon, Attribute, HighConfidence, FlyStudio, MalwareX, VZ2wnQv75FF, Real Protect, moderate, Static AI, Malicious PE, Detected, RA@1qraug, Wacatac, 19933CS, Eldorado, CoinMiner, confidence, Sabsik) | ||
| md5 | 36626d47f99914551e3d5a1691b48a50 | ||
| sha256 | 1ce82d76efa3444a752a4a414aa9c8d4d7b05d9ef37667a8e5cdf390c54e0fcb | ||
| ssdeep | 12288:8lnI5qJbzEA+9I3GFXBpQHS8fDWEm54lk4jCXHYd:8lnDbzF+i3GRpYSjEmDmCX | ||
| imphash | 4375bd43eeb8bc76c8f8ac29af6714aa | ||
| impfuzzy | 192:/H2A4tN0ZzF9NUxTYz7/4ETzStdcJcncZBg7:UNAjICMSaZ7 | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a service |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| info | One or more processes crashed |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
WINMM.dll
0x49163c midiStreamOut
0x491640 midiOutPrepareHeader
0x491644 waveOutWrite
0x491648 waveOutPause
0x49164c waveOutReset
0x491650 waveOutClose
0x491654 waveOutGetNumDevs
0x491658 waveOutOpen
0x49165c midiOutUnprepareHeader
0x491660 midiStreamOpen
0x491664 midiStreamProperty
0x491668 midiStreamStop
0x49166c midiOutReset
0x491670 midiStreamClose
0x491674 midiStreamRestart
0x491678 waveOutUnprepareHeader
0x49167c waveOutPrepareHeader
WS2_32.dll
0x491694 WSACleanup
0x491698 closesocket
0x49169c getpeername
0x4916a0 accept
0x4916a4 WSAAsyncSelect
0x4916a8 recvfrom
0x4916ac ioctlsocket
0x4916b0 inet_ntoa
0x4916b4 recv
KERNEL32.dll
0x491170 GetFileSize
0x491174 TerminateProcess
0x491178 OpenProcess
0x49117c SetLastError
0x491180 GetTimeZoneInformation
0x491184 GetVersion
0x491188 UnhandledExceptionFilter
0x49118c GetACP
0x491190 SetFilePointer
0x491194 RaiseException
0x491198 GetLocalTime
0x49119c GetSystemTime
0x4911a0 RtlUnwind
0x4911a4 GetStartupInfoA
0x4911a8 GetOEMCP
0x4911ac GetCPInfo
0x4911b0 GetProcessVersion
0x4911b4 SetErrorMode
0x4911b8 GlobalFlags
0x4911bc GetCurrentThread
0x4911c0 GetFileTime
0x4911c4 TlsGetValue
0x4911c8 LocalReAlloc
0x4911cc TlsSetValue
0x4911d0 TlsFree
0x4911d4 GlobalHandle
0x4911d8 TlsAlloc
0x4911dc LocalAlloc
0x4911e0 lstrcmpA
0x4911e4 GlobalGetAtomNameA
0x4911e8 GlobalAddAtomA
0x4911ec GlobalFindAtomA
0x4911f0 GlobalDeleteAtom
0x4911f4 lstrcmpiA
0x4911f8 SetEndOfFile
0x4911fc UnlockFile
0x491200 LockFile
0x491204 FlushFileBuffers
0x491208 DuplicateHandle
0x49120c lstrcpynA
0x491210 FileTimeToLocalFileTime
0x491214 FileTimeToSystemTime
0x491218 LocalFree
0x49121c InterlockedDecrement
0x491220 InterlockedIncrement
0x491224 CreateToolhelp32Snapshot
0x491228 Process32First
0x49122c Process32Next
0x491230 GetCurrentProcess
0x491234 GetWindowsDirectoryA
0x491238 GetSystemDirectoryA
0x49123c CreateSemaphoreA
0x491240 ResumeThread
0x491244 ReleaseSemaphore
0x491248 EnterCriticalSection
0x49124c LeaveCriticalSection
0x491250 GetProfileStringA
0x491254 WriteFile
0x491258 WaitForMultipleObjects
0x49125c CreateFileA
0x491260 SetEvent
0x491264 FindResourceA
0x491268 LoadResource
0x49126c LockResource
0x491270 ReadFile
0x491274 RemoveDirectoryA
0x491278 GetModuleFileNameA
0x49127c WideCharToMultiByte
0x491280 MultiByteToWideChar
0x491284 GetCurrentThreadId
0x491288 ExitProcess
0x49128c GlobalSize
0x491290 GlobalFree
0x491294 DeleteCriticalSection
0x491298 InitializeCriticalSection
0x49129c lstrcatA
0x4912a0 lstrlenA
0x4912a4 WinExec
0x4912a8 InterlockedExchange
0x4912ac lstrcpyA
0x4912b0 FindNextFileA
0x4912b4 GlobalReAlloc
0x4912b8 HeapFree
0x4912bc HeapReAlloc
0x4912c0 GetProcessHeap
0x4912c4 HeapAlloc
0x4912c8 GetFullPathNameA
0x4912cc FreeLibrary
0x4912d0 LoadLibraryA
0x4912d4 GetLastError
0x4912d8 GetVersionExA
0x4912dc WritePrivateProfileStringA
0x4912e0 CreateThread
0x4912e4 CreateEventA
0x4912e8 Sleep
0x4912ec GlobalAlloc
0x4912f0 GlobalLock
0x4912f4 GlobalUnlock
0x4912f8 GetTempPathA
0x4912fc FindFirstFileA
0x491300 FindClose
0x491304 SetFileAttributesA
0x491308 GetFileAttributesA
0x49130c MoveFileA
0x491310 DeleteFileA
0x491314 CopyFileA
0x491318 CreateDirectoryA
0x49131c SetCurrentDirectoryA
0x491320 GetVolumeInformationA
0x491324 GetModuleHandleA
0x491328 GetProcAddress
0x49132c MulDiv
0x491330 GetCommandLineA
0x491334 GetTickCount
0x491338 CreateProcessA
0x49133c WaitForSingleObject
0x491340 CloseHandle
0x491344 FreeEnvironmentStringsA
0x491348 FreeEnvironmentStringsW
0x49134c GetEnvironmentStrings
0x491350 GetEnvironmentStringsW
0x491354 SetHandleCount
0x491358 GetStdHandle
0x49135c GetFileType
0x491360 GetEnvironmentVariableA
0x491364 HeapDestroy
0x491368 HeapCreate
0x49136c VirtualFree
0x491370 SetEnvironmentVariableA
0x491374 LCMapStringA
0x491378 LCMapStringW
0x49137c VirtualAlloc
0x491380 IsBadWritePtr
0x491384 SetUnhandledExceptionFilter
0x491388 GetStringTypeA
0x49138c GetStringTypeW
0x491390 CompareStringA
0x491394 CompareStringW
0x491398 IsBadReadPtr
0x49139c IsBadCodePtr
0x4913a0 SetStdHandle
0x4913a4 HeapSize
USER32.dll
0x4913cc PeekMessageA
0x4913d0 SetMenu
0x4913d4 GetMenu
0x4913d8 IsIconic
0x4913dc SetFocus
0x4913e0 GetActiveWindow
0x4913e4 GetWindow
0x4913e8 DestroyAcceleratorTable
0x4913ec GetSysColorBrush
0x4913f0 CopyAcceleratorTableA
0x4913f4 GetKeyState
0x4913f8 TranslateAcceleratorA
0x4913fc IsWindowEnabled
0x491400 ShowWindow
0x491404 SystemParametersInfoA
0x491408 LoadImageA
0x49140c EnumDisplaySettingsA
0x491410 ClientToScreen
0x491414 EnableMenuItem
0x491418 GetSubMenu
0x49141c GetDlgCtrlID
0x491420 CreateAcceleratorTableA
0x491424 CreateMenu
0x491428 ModifyMenuA
0x49142c AppendMenuA
0x491430 CreatePopupMenu
0x491434 DrawIconEx
0x491438 CreateIconFromResource
0x49143c CreateIconFromResourceEx
0x491440 RegisterClipboardFormatA
0x491444 SetRectEmpty
0x491448 SetWindowRgn
0x49144c GetMessagePos
0x491450 ScreenToClient
0x491454 DispatchMessageA
0x491458 CopyRect
0x49145c LoadBitmapA
0x491460 WinHelpA
0x491464 KillTimer
0x491468 SetTimer
0x49146c ReleaseCapture
0x491470 GetCapture
0x491474 SetCapture
0x491478 LoadStringA
0x49147c GetMenuCheckMarkDimensions
0x491480 GetMenuState
0x491484 GetScrollRange
0x491488 SetScrollRange
0x49148c SetScrollPos
0x491490 SetRect
0x491494 InflateRect
0x491498 IntersectRect
0x49149c DestroyIcon
0x4914a0 OffsetRect
0x4914a4 IsWindowVisible
0x4914a8 EnableWindow
0x4914ac RedrawWindow
0x4914b0 GetWindowLongA
0x4914b4 SetWindowLongA
0x4914b8 GetSysColor
0x4914bc SetActiveWindow
0x4914c0 SetCursorPos
0x4914c4 LoadCursorA
0x4914c8 SetCursor
0x4914cc GetDC
0x4914d0 FillRect
0x4914d4 IsRectEmpty
0x4914d8 ReleaseDC
0x4914dc IsChild
0x4914e0 DestroyMenu
0x4914e4 SetForegroundWindow
0x4914e8 GetWindowRect
0x4914ec EqualRect
0x4914f0 UpdateWindow
0x4914f4 ValidateRect
0x4914f8 InvalidateRect
0x4914fc GetClientRect
0x491500 GetFocus
0x491504 GetParent
0x491508 GetTopWindow
0x49150c PostMessageA
0x491510 IsWindow
0x491514 SetParent
0x491518 DestroyCursor
0x49151c SendMessageA
0x491520 SetWindowPos
0x491524 MessageBoxA
0x491528 GetCursorPos
0x49152c GetSystemMetrics
0x491530 EmptyClipboard
0x491534 SetClipboardData
0x491538 OpenClipboard
0x49153c GetClipboardData
0x491540 CloseClipboard
0x491544 wsprintfA
0x491548 WaitForInputIdle
0x49154c GetMessageA
0x491550 DrawFocusRect
0x491554 DrawEdge
0x491558 DrawFrameControl
0x49155c TranslateMessage
0x491560 LoadIconA
0x491564 GetForegroundWindow
0x491568 GetDesktopWindow
0x49156c GetClassNameA
0x491570 GetWindowThreadProcessId
0x491574 FindWindowA
0x491578 GetDlgItem
0x49157c GetWindowTextA
0x491580 DefWindowProcA
0x491584 GetClassInfoA
0x491588 IsZoomed
0x49158c PtInRect
0x491590 PostQuitMessage
0x491594 ChildWindowFromPointEx
0x491598 UnregisterClassA
0x49159c WindowFromPoint
0x4915a0 GetWindowTextLengthA
0x4915a4 CharUpperA
0x4915a8 GetWindowDC
0x4915ac BeginPaint
0x4915b0 EndPaint
0x4915b4 TabbedTextOutA
0x4915b8 DrawTextA
0x4915bc GrayStringA
0x4915c0 DestroyWindow
0x4915c4 CreateDialogIndirectParamA
0x4915c8 EndDialog
0x4915cc GetNextDlgTabItem
0x4915d0 GetWindowPlacement
0x4915d4 RegisterWindowMessageA
0x4915d8 GetLastActivePopup
0x4915dc GetMessageTime
0x4915e0 RemovePropA
0x4915e4 CallWindowProcA
0x4915e8 GetPropA
0x4915ec UnhookWindowsHookEx
0x4915f0 SetPropA
0x4915f4 GetClassLongA
0x4915f8 CallNextHookEx
0x4915fc SetWindowsHookExA
0x491600 CreateWindowExA
0x491604 GetMenuItemID
0x491608 GetMenuItemCount
0x49160c RegisterClassA
0x491610 GetScrollPos
0x491614 AdjustWindowRectEx
0x491618 MapWindowPoints
0x49161c SendDlgItemMessageA
0x491620 ScrollWindowEx
0x491624 IsDialogMessageA
0x491628 SetWindowTextA
0x49162c MoveWindow
0x491630 CheckMenuItem
0x491634 SetMenuItemBitmaps
GDI32.dll
0x491024 GetViewportExtEx
0x491028 ExtSelectClipRgn
0x49102c LineTo
0x491030 MoveToEx
0x491034 PatBlt
0x491038 CombineRgn
0x49103c CreateRectRgn
0x491040 FillRgn
0x491044 CreateSolidBrush
0x491048 GetStockObject
0x49104c CreateFontIndirectA
0x491050 EndPage
0x491054 EndDoc
0x491058 DeleteDC
0x49105c StartDocA
0x491060 StartPage
0x491064 BitBlt
0x491068 CreateCompatibleDC
0x49106c PtVisible
0x491070 Rectangle
0x491074 LPtoDP
0x491078 DPtoLP
0x49107c GetCurrentObject
0x491080 RoundRect
0x491084 GetTextExtentPoint32A
0x491088 GetDeviceCaps
0x49108c SetStretchBltMode
0x491090 CreateRectRgnIndirect
0x491094 SetBkColor
0x491098 ExcludeClipRect
0x49109c GetClipBox
0x4910a0 ScaleWindowExtEx
0x4910a4 SetWindowExtEx
0x4910a8 SetWindowOrgEx
0x4910ac ScaleViewportExtEx
0x4910b0 SetViewportExtEx
0x4910b4 OffsetViewportOrgEx
0x4910b8 SetViewportOrgEx
0x4910bc SetMapMode
0x4910c0 SetTextColor
0x4910c4 RectVisible
0x4910c8 TextOutA
0x4910cc ExtTextOutA
0x4910d0 Escape
0x4910d4 GetTextMetricsA
0x4910d8 CreatePen
0x4910dc GetObjectA
0x4910e0 SelectObject
0x4910e4 CreateBitmap
0x4910e8 CreateDCA
0x4910ec CreateCompatibleBitmap
0x4910f0 GetPolyFillMode
0x4910f4 GetStretchBltMode
0x4910f8 GetROP2
0x4910fc GetBkColor
0x491100 GetBkMode
0x491104 GetTextColor
0x491108 CreateRoundRectRgn
0x49110c CreateEllipticRgn
0x491110 PathToRegion
0x491114 EndPath
0x491118 BeginPath
0x49111c GetWindowOrgEx
0x491120 GetViewportOrgEx
0x491124 SetROP2
0x491128 SetPolyFillMode
0x49112c SetBkMode
0x491130 RestoreDC
0x491134 SaveDC
0x491138 GetWindowExtEx
0x49113c GetDIBits
0x491140 RealizePalette
0x491144 SelectPalette
0x491148 StretchBlt
0x49114c CreatePalette
0x491150 GetSystemPaletteEntries
0x491154 CreateDIBitmap
0x491158 GetClipRgn
0x49115c SelectClipRgn
0x491160 Ellipse
0x491164 DeleteObject
0x491168 CreatePolygonRgn
WINSPOOL.DRV
0x491684 OpenPrinterA
0x491688 DocumentPropertiesA
0x49168c ClosePrinter
ADVAPI32.dll
0x491000 RegOpenKeyExA
0x491004 RegSetValueExA
0x491008 RegQueryValueA
0x49100c RegCreateKeyExA
0x491010 RegCloseKey
SHELL32.dll
0x4913bc ShellExecuteA
0x4913c0 SHGetSpecialFolderPathA
0x4913c4 Shell_NotifyIconA
ole32.dll
0x4916d0 CLSIDFromString
0x4916d4 OleUninitialize
0x4916d8 OleInitialize
OLEAUT32.dll
0x4913ac LoadTypeLib
0x4913b0 RegisterTypeLib
0x4913b4 UnRegisterTypeLib
COMCTL32.dll
0x491018 None
0x49101c ImageList_Destroy
comdlg32.dll
0x4916bc ChooseColorA
0x4916c0 GetFileTitleA
0x4916c4 GetSaveFileNameA
0x4916c8 GetOpenFileNameA
EAT(Export Address Table) is none
WINMM.dll
0x49163c midiStreamOut
0x491640 midiOutPrepareHeader
0x491644 waveOutWrite
0x491648 waveOutPause
0x49164c waveOutReset
0x491650 waveOutClose
0x491654 waveOutGetNumDevs
0x491658 waveOutOpen
0x49165c midiOutUnprepareHeader
0x491660 midiStreamOpen
0x491664 midiStreamProperty
0x491668 midiStreamStop
0x49166c midiOutReset
0x491670 midiStreamClose
0x491674 midiStreamRestart
0x491678 waveOutUnprepareHeader
0x49167c waveOutPrepareHeader
WS2_32.dll
0x491694 WSACleanup
0x491698 closesocket
0x49169c getpeername
0x4916a0 accept
0x4916a4 WSAAsyncSelect
0x4916a8 recvfrom
0x4916ac ioctlsocket
0x4916b0 inet_ntoa
0x4916b4 recv
KERNEL32.dll
0x491170 GetFileSize
0x491174 TerminateProcess
0x491178 OpenProcess
0x49117c SetLastError
0x491180 GetTimeZoneInformation
0x491184 GetVersion
0x491188 UnhandledExceptionFilter
0x49118c GetACP
0x491190 SetFilePointer
0x491194 RaiseException
0x491198 GetLocalTime
0x49119c GetSystemTime
0x4911a0 RtlUnwind
0x4911a4 GetStartupInfoA
0x4911a8 GetOEMCP
0x4911ac GetCPInfo
0x4911b0 GetProcessVersion
0x4911b4 SetErrorMode
0x4911b8 GlobalFlags
0x4911bc GetCurrentThread
0x4911c0 GetFileTime
0x4911c4 TlsGetValue
0x4911c8 LocalReAlloc
0x4911cc TlsSetValue
0x4911d0 TlsFree
0x4911d4 GlobalHandle
0x4911d8 TlsAlloc
0x4911dc LocalAlloc
0x4911e0 lstrcmpA
0x4911e4 GlobalGetAtomNameA
0x4911e8 GlobalAddAtomA
0x4911ec GlobalFindAtomA
0x4911f0 GlobalDeleteAtom
0x4911f4 lstrcmpiA
0x4911f8 SetEndOfFile
0x4911fc UnlockFile
0x491200 LockFile
0x491204 FlushFileBuffers
0x491208 DuplicateHandle
0x49120c lstrcpynA
0x491210 FileTimeToLocalFileTime
0x491214 FileTimeToSystemTime
0x491218 LocalFree
0x49121c InterlockedDecrement
0x491220 InterlockedIncrement
0x491224 CreateToolhelp32Snapshot
0x491228 Process32First
0x49122c Process32Next
0x491230 GetCurrentProcess
0x491234 GetWindowsDirectoryA
0x491238 GetSystemDirectoryA
0x49123c CreateSemaphoreA
0x491240 ResumeThread
0x491244 ReleaseSemaphore
0x491248 EnterCriticalSection
0x49124c LeaveCriticalSection
0x491250 GetProfileStringA
0x491254 WriteFile
0x491258 WaitForMultipleObjects
0x49125c CreateFileA
0x491260 SetEvent
0x491264 FindResourceA
0x491268 LoadResource
0x49126c LockResource
0x491270 ReadFile
0x491274 RemoveDirectoryA
0x491278 GetModuleFileNameA
0x49127c WideCharToMultiByte
0x491280 MultiByteToWideChar
0x491284 GetCurrentThreadId
0x491288 ExitProcess
0x49128c GlobalSize
0x491290 GlobalFree
0x491294 DeleteCriticalSection
0x491298 InitializeCriticalSection
0x49129c lstrcatA
0x4912a0 lstrlenA
0x4912a4 WinExec
0x4912a8 InterlockedExchange
0x4912ac lstrcpyA
0x4912b0 FindNextFileA
0x4912b4 GlobalReAlloc
0x4912b8 HeapFree
0x4912bc HeapReAlloc
0x4912c0 GetProcessHeap
0x4912c4 HeapAlloc
0x4912c8 GetFullPathNameA
0x4912cc FreeLibrary
0x4912d0 LoadLibraryA
0x4912d4 GetLastError
0x4912d8 GetVersionExA
0x4912dc WritePrivateProfileStringA
0x4912e0 CreateThread
0x4912e4 CreateEventA
0x4912e8 Sleep
0x4912ec GlobalAlloc
0x4912f0 GlobalLock
0x4912f4 GlobalUnlock
0x4912f8 GetTempPathA
0x4912fc FindFirstFileA
0x491300 FindClose
0x491304 SetFileAttributesA
0x491308 GetFileAttributesA
0x49130c MoveFileA
0x491310 DeleteFileA
0x491314 CopyFileA
0x491318 CreateDirectoryA
0x49131c SetCurrentDirectoryA
0x491320 GetVolumeInformationA
0x491324 GetModuleHandleA
0x491328 GetProcAddress
0x49132c MulDiv
0x491330 GetCommandLineA
0x491334 GetTickCount
0x491338 CreateProcessA
0x49133c WaitForSingleObject
0x491340 CloseHandle
0x491344 FreeEnvironmentStringsA
0x491348 FreeEnvironmentStringsW
0x49134c GetEnvironmentStrings
0x491350 GetEnvironmentStringsW
0x491354 SetHandleCount
0x491358 GetStdHandle
0x49135c GetFileType
0x491360 GetEnvironmentVariableA
0x491364 HeapDestroy
0x491368 HeapCreate
0x49136c VirtualFree
0x491370 SetEnvironmentVariableA
0x491374 LCMapStringA
0x491378 LCMapStringW
0x49137c VirtualAlloc
0x491380 IsBadWritePtr
0x491384 SetUnhandledExceptionFilter
0x491388 GetStringTypeA
0x49138c GetStringTypeW
0x491390 CompareStringA
0x491394 CompareStringW
0x491398 IsBadReadPtr
0x49139c IsBadCodePtr
0x4913a0 SetStdHandle
0x4913a4 HeapSize
USER32.dll
0x4913cc PeekMessageA
0x4913d0 SetMenu
0x4913d4 GetMenu
0x4913d8 IsIconic
0x4913dc SetFocus
0x4913e0 GetActiveWindow
0x4913e4 GetWindow
0x4913e8 DestroyAcceleratorTable
0x4913ec GetSysColorBrush
0x4913f0 CopyAcceleratorTableA
0x4913f4 GetKeyState
0x4913f8 TranslateAcceleratorA
0x4913fc IsWindowEnabled
0x491400 ShowWindow
0x491404 SystemParametersInfoA
0x491408 LoadImageA
0x49140c EnumDisplaySettingsA
0x491410 ClientToScreen
0x491414 EnableMenuItem
0x491418 GetSubMenu
0x49141c GetDlgCtrlID
0x491420 CreateAcceleratorTableA
0x491424 CreateMenu
0x491428 ModifyMenuA
0x49142c AppendMenuA
0x491430 CreatePopupMenu
0x491434 DrawIconEx
0x491438 CreateIconFromResource
0x49143c CreateIconFromResourceEx
0x491440 RegisterClipboardFormatA
0x491444 SetRectEmpty
0x491448 SetWindowRgn
0x49144c GetMessagePos
0x491450 ScreenToClient
0x491454 DispatchMessageA
0x491458 CopyRect
0x49145c LoadBitmapA
0x491460 WinHelpA
0x491464 KillTimer
0x491468 SetTimer
0x49146c ReleaseCapture
0x491470 GetCapture
0x491474 SetCapture
0x491478 LoadStringA
0x49147c GetMenuCheckMarkDimensions
0x491480 GetMenuState
0x491484 GetScrollRange
0x491488 SetScrollRange
0x49148c SetScrollPos
0x491490 SetRect
0x491494 InflateRect
0x491498 IntersectRect
0x49149c DestroyIcon
0x4914a0 OffsetRect
0x4914a4 IsWindowVisible
0x4914a8 EnableWindow
0x4914ac RedrawWindow
0x4914b0 GetWindowLongA
0x4914b4 SetWindowLongA
0x4914b8 GetSysColor
0x4914bc SetActiveWindow
0x4914c0 SetCursorPos
0x4914c4 LoadCursorA
0x4914c8 SetCursor
0x4914cc GetDC
0x4914d0 FillRect
0x4914d4 IsRectEmpty
0x4914d8 ReleaseDC
0x4914dc IsChild
0x4914e0 DestroyMenu
0x4914e4 SetForegroundWindow
0x4914e8 GetWindowRect
0x4914ec EqualRect
0x4914f0 UpdateWindow
0x4914f4 ValidateRect
0x4914f8 InvalidateRect
0x4914fc GetClientRect
0x491500 GetFocus
0x491504 GetParent
0x491508 GetTopWindow
0x49150c PostMessageA
0x491510 IsWindow
0x491514 SetParent
0x491518 DestroyCursor
0x49151c SendMessageA
0x491520 SetWindowPos
0x491524 MessageBoxA
0x491528 GetCursorPos
0x49152c GetSystemMetrics
0x491530 EmptyClipboard
0x491534 SetClipboardData
0x491538 OpenClipboard
0x49153c GetClipboardData
0x491540 CloseClipboard
0x491544 wsprintfA
0x491548 WaitForInputIdle
0x49154c GetMessageA
0x491550 DrawFocusRect
0x491554 DrawEdge
0x491558 DrawFrameControl
0x49155c TranslateMessage
0x491560 LoadIconA
0x491564 GetForegroundWindow
0x491568 GetDesktopWindow
0x49156c GetClassNameA
0x491570 GetWindowThreadProcessId
0x491574 FindWindowA
0x491578 GetDlgItem
0x49157c GetWindowTextA
0x491580 DefWindowProcA
0x491584 GetClassInfoA
0x491588 IsZoomed
0x49158c PtInRect
0x491590 PostQuitMessage
0x491594 ChildWindowFromPointEx
0x491598 UnregisterClassA
0x49159c WindowFromPoint
0x4915a0 GetWindowTextLengthA
0x4915a4 CharUpperA
0x4915a8 GetWindowDC
0x4915ac BeginPaint
0x4915b0 EndPaint
0x4915b4 TabbedTextOutA
0x4915b8 DrawTextA
0x4915bc GrayStringA
0x4915c0 DestroyWindow
0x4915c4 CreateDialogIndirectParamA
0x4915c8 EndDialog
0x4915cc GetNextDlgTabItem
0x4915d0 GetWindowPlacement
0x4915d4 RegisterWindowMessageA
0x4915d8 GetLastActivePopup
0x4915dc GetMessageTime
0x4915e0 RemovePropA
0x4915e4 CallWindowProcA
0x4915e8 GetPropA
0x4915ec UnhookWindowsHookEx
0x4915f0 SetPropA
0x4915f4 GetClassLongA
0x4915f8 CallNextHookEx
0x4915fc SetWindowsHookExA
0x491600 CreateWindowExA
0x491604 GetMenuItemID
0x491608 GetMenuItemCount
0x49160c RegisterClassA
0x491610 GetScrollPos
0x491614 AdjustWindowRectEx
0x491618 MapWindowPoints
0x49161c SendDlgItemMessageA
0x491620 ScrollWindowEx
0x491624 IsDialogMessageA
0x491628 SetWindowTextA
0x49162c MoveWindow
0x491630 CheckMenuItem
0x491634 SetMenuItemBitmaps
GDI32.dll
0x491024 GetViewportExtEx
0x491028 ExtSelectClipRgn
0x49102c LineTo
0x491030 MoveToEx
0x491034 PatBlt
0x491038 CombineRgn
0x49103c CreateRectRgn
0x491040 FillRgn
0x491044 CreateSolidBrush
0x491048 GetStockObject
0x49104c CreateFontIndirectA
0x491050 EndPage
0x491054 EndDoc
0x491058 DeleteDC
0x49105c StartDocA
0x491060 StartPage
0x491064 BitBlt
0x491068 CreateCompatibleDC
0x49106c PtVisible
0x491070 Rectangle
0x491074 LPtoDP
0x491078 DPtoLP
0x49107c GetCurrentObject
0x491080 RoundRect
0x491084 GetTextExtentPoint32A
0x491088 GetDeviceCaps
0x49108c SetStretchBltMode
0x491090 CreateRectRgnIndirect
0x491094 SetBkColor
0x491098 ExcludeClipRect
0x49109c GetClipBox
0x4910a0 ScaleWindowExtEx
0x4910a4 SetWindowExtEx
0x4910a8 SetWindowOrgEx
0x4910ac ScaleViewportExtEx
0x4910b0 SetViewportExtEx
0x4910b4 OffsetViewportOrgEx
0x4910b8 SetViewportOrgEx
0x4910bc SetMapMode
0x4910c0 SetTextColor
0x4910c4 RectVisible
0x4910c8 TextOutA
0x4910cc ExtTextOutA
0x4910d0 Escape
0x4910d4 GetTextMetricsA
0x4910d8 CreatePen
0x4910dc GetObjectA
0x4910e0 SelectObject
0x4910e4 CreateBitmap
0x4910e8 CreateDCA
0x4910ec CreateCompatibleBitmap
0x4910f0 GetPolyFillMode
0x4910f4 GetStretchBltMode
0x4910f8 GetROP2
0x4910fc GetBkColor
0x491100 GetBkMode
0x491104 GetTextColor
0x491108 CreateRoundRectRgn
0x49110c CreateEllipticRgn
0x491110 PathToRegion
0x491114 EndPath
0x491118 BeginPath
0x49111c GetWindowOrgEx
0x491120 GetViewportOrgEx
0x491124 SetROP2
0x491128 SetPolyFillMode
0x49112c SetBkMode
0x491130 RestoreDC
0x491134 SaveDC
0x491138 GetWindowExtEx
0x49113c GetDIBits
0x491140 RealizePalette
0x491144 SelectPalette
0x491148 StretchBlt
0x49114c CreatePalette
0x491150 GetSystemPaletteEntries
0x491154 CreateDIBitmap
0x491158 GetClipRgn
0x49115c SelectClipRgn
0x491160 Ellipse
0x491164 DeleteObject
0x491168 CreatePolygonRgn
WINSPOOL.DRV
0x491684 OpenPrinterA
0x491688 DocumentPropertiesA
0x49168c ClosePrinter
ADVAPI32.dll
0x491000 RegOpenKeyExA
0x491004 RegSetValueExA
0x491008 RegQueryValueA
0x49100c RegCreateKeyExA
0x491010 RegCloseKey
SHELL32.dll
0x4913bc ShellExecuteA
0x4913c0 SHGetSpecialFolderPathA
0x4913c4 Shell_NotifyIconA
ole32.dll
0x4916d0 CLSIDFromString
0x4916d4 OleUninitialize
0x4916d8 OleInitialize
OLEAUT32.dll
0x4913ac LoadTypeLib
0x4913b0 RegisterTypeLib
0x4913b4 UnRegisterTypeLib
COMCTL32.dll
0x491018 None
0x49101c ImageList_Destroy
comdlg32.dll
0x4916bc ChooseColorA
0x4916c0 GetFileTitleA
0x4916c4 GetSaveFileNameA
0x4916c8 GetOpenFileNameA
EAT(Export Address Table) is none