ScreenShot
| Created | 2024.09.25 21:15 | Machine | s1_win7_x6401 |
| Filename | MediaCreationTool_Win11_23H2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 25c9285c00ef7d41b28823a053a9a372 | ||
| sha256 | 767e70c43673063a16d76e494ffcdfa0f5a85c53344a0dc505f161cccf2f5b1b | ||
| ssdeep | 196608:x2eDMIIKEW+sisSMo/dlv1DL6D+ZwN5uW/GVTVH9HoxCZWdz2s71:hIKRbib71DJ2NITVFoYZWdhB | ||
| imphash | 6256c15566a4d2cedf6327b84f73b52a | ||
| impfuzzy | 192:lpg1CWE4ZW2XlYXcMFnA0MZwp45z7geYu5XQQuzVy7cgHij:bXwFXWsanA845z79/5XQ7zVy1Hij | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x492000 GetTokenInformation
0x492004 SetSecurityDescriptorGroup
0x492008 MakeSelfRelativeSD
0x49200c RegQueryValueExW
0x492010 OpenThreadToken
0x492014 AddAccessAllowedAce
0x492018 DuplicateTokenEx
0x49201c SetSecurityDescriptorControl
0x492020 GetLengthSid
0x492024 RegDeleteValueW
0x492028 SetSecurityInfo
0x49202c CreateProcessAsUserW
0x492030 RegOpenKeyExW
0x492034 InitializeAcl
0x492038 InitializeSecurityDescriptor
0x49203c CheckTokenMembership
0x492040 FreeSid
0x492044 OpenProcessToken
0x492048 RegSetValueExW
0x49204c CopySid
0x492050 RegCreateKeyExW
0x492054 RegFlushKey
0x492058 AllocateAndInitializeSid
0x49205c RegDeleteKeyW
0x492060 SetTokenInformation
0x492064 GetAce
0x492068 SetSecurityDescriptorOwner
0x49206c RegQueryInfoKeyW
0x492070 RegEnumKeyW
0x492074 RegCloseKey
0x492078 RegNotifyChangeKeyValue
0x49207c SetSecurityDescriptorDacl
0x492080 AdjustTokenPrivileges
0x492084 LookupPrivilegeValueW
0x492088 RegEnumValueW
0x49208c GetTraceEnableFlags
0x492090 GetTraceEnableLevel
0x492094 RegisterTraceGuidsW
0x492098 UnregisterTraceGuids
0x49209c RegUnLoadKeyW
0x4920a0 StopTraceW
0x4920a4 GetTraceLoggerHandle
0x4920a8 QueryAllTracesW
0x4920ac InitiateSystemShutdownExW
0x4920b0 RegDeleteTreeW
KERNEL32.dll
0x492130 AcquireSRWLockExclusive
0x492134 WaitForSingleObjectEx
0x492138 GetVersionExA
0x49213c LockResource
0x492140 DeleteFileW
0x492144 OpenSemaphoreW
0x492148 CloseHandle
0x49214c SetThreadpoolTimer
0x492150 ReleaseSRWLockShared
0x492154 GetNativeSystemInfo
0x492158 CreateThreadpoolTimer
0x49215c LoadLibraryW
0x492160 FindResourceExW
0x492164 ResetEvent
0x492168 LoadResource
0x49216c GetOverlappedResult
0x492170 SetFilePointerEx
0x492174 CreateMutexExW
0x492178 LocalFree
0x49217c MoveFileExW
0x492180 ReplaceFileW
0x492184 LockFileEx
0x492188 AcquireSRWLockShared
0x49218c DeleteCriticalSection
0x492190 GetCurrentProcessId
0x492194 CreateProcessW
0x492198 GetModuleHandleW
0x49219c FreeLibrary
0x4921a0 CopyFileW
0x4921a4 WideCharToMultiByte
0x4921a8 CreateSymbolicLinkW
0x4921ac SystemTimeToTzSpecificLocalTime
0x4921b0 GetTempFileNameW
0x4921b4 GetSystemTime
0x4921b8 CloseThreadpoolTimer
0x4921bc DosDateTimeToFileTime
0x4921c0 GetSystemWindowsDirectoryW
0x4921c4 MoveFileW
0x4921c8 VirtualQuery
0x4921cc IsWow64Process
0x4921d0 GetDriveTypeW
0x4921d4 LoadLibraryExW
0x4921d8 IsDebuggerPresent
0x4921dc FlushFileBuffers
0x4921e0 GetExitCodeProcess
0x4921e4 SetEvent
0x4921e8 CreateFileA
0x4921ec OutputDebugStringW
0x4921f0 ReleaseSRWLockExclusive
0x4921f4 GetCurrentThread
0x4921f8 GetLastError
0x4921fc GetTickCount64
0x492200 DelayLoadFailureHook
0x492204 IsValidLocale
0x492208 IsValidCodePage
0x49220c VerifyVersionInfoW
0x492210 VerSetConditionMask
0x492214 MapViewOfFile
0x492218 CreateFileMappingW
0x49221c LCIDToLocaleName
0x492220 UnmapViewOfFile
0x492224 GetUserDefaultUILanguage
0x492228 GetLocaleInfoEx
0x49222c GetSystemDefaultUILanguage
0x492230 SearchPathW
0x492234 OutputDebugStringA
0x492238 HeapFree
0x49223c GetModuleHandleExW
0x492240 HeapAlloc
0x492244 GetProcAddress
0x492248 GetProcessHeap
0x49224c CreateDirectoryW
0x492250 ReadFile
0x492254 GetModuleFileNameA
0x492258 LocalFileTimeToFileTime
0x49225c GetTimeZoneInformation
0x492260 FormatMessageW
0x492264 GetFileInformationByHandle
0x492268 Sleep
0x49226c MultiByteToWideChar
0x492270 CreateEventW
0x492274 GetLogicalDriveStringsW
0x492278 SetFileAttributesW
0x49227c GetSystemDirectoryW
0x492280 DebugBreak
0x492284 GetVersionExW
0x492288 SetThreadPreferredUILanguages
0x49228c LocaleNameToLCID
0x492290 GetLocaleInfoW
0x492294 GetPrivateProfileIntW
0x492298 InitializeCriticalSection
0x49229c GlobalLock
0x4922a0 GlobalUnlock
0x4922a4 MulDiv
0x4922a8 FindResourceW
0x4922ac QueryDosDeviceW
0x4922b0 RaiseException
0x4922b4 DuplicateHandle
0x4922b8 GetShortPathNameW
0x4922bc HeapSize
0x4922c0 HeapReAlloc
0x4922c4 LoadLibraryExA
0x4922c8 GetPriorityClass
0x4922cc GetThreadPriority
0x4922d0 GetExitCodeThread
0x4922d4 SetThreadPriority
0x4922d8 SetPriorityClass
0x4922dc CreateThread
0x4922e0 GetPrivateProfileStringW
0x4922e4 GetPrivateProfileSectionW
0x4922e8 GetFileTime
0x4922ec FileTimeToSystemTime
0x4922f0 CompareFileTime
0x4922f4 CopyFileExW
0x4922f8 SetFileInformationByHandle
0x4922fc DeviceIoControl
0x492300 GetFileInformationByHandleEx
0x492304 SetCurrentDirectoryW
0x492308 GetCurrentDirectoryW
0x49230c GetFinalPathNameByHandleW
0x492310 GetLongPathNameW
0x492314 GetTickCount
0x492318 GetSystemTimeAsFileTime
0x49231c QueryPerformanceCounter
0x492320 SetUnhandledExceptionFilter
0x492324 UnhandledExceptionFilter
0x492328 SleepConditionVariableSRW
0x49232c WakeAllConditionVariable
0x492330 GetStartupInfoW
0x492334 SizeofResource
0x492338 FindFirstFileW
0x49233c GetFileSizeEx
0x492340 CompareStringW
0x492344 CreateSemaphoreExW
0x492348 SetLastError
0x49234c EnterCriticalSection
0x492350 GetCommandLineW
0x492354 GetFullPathNameW
0x492358 FindNextFileW
0x49235c GetCurrentProcess
0x492360 ReleaseSemaphore
0x492364 WriteFile
0x492368 ExpandEnvironmentStringsW
0x49236c TerminateProcess
0x492370 SetFileTime
0x492374 GetModuleFileNameW
0x492378 WaitForMultipleObjects
0x49237c SetEnvironmentVariableW
0x492380 InitializeCriticalSectionAndSpinCount
0x492384 LeaveCriticalSection
0x492388 CreatePipe
0x49238c SetFilePointer
0x492390 ReleaseMutex
0x492394 SetEndOfFile
0x492398 UnlockFileEx
0x49239c CreateMutexW
0x4923a0 InitializeCriticalSectionEx
0x4923a4 WaitForThreadpoolTimerCallbacks
0x4923a8 CreateHardLinkW
0x4923ac FindClose
0x4923b0 WaitForSingleObject
0x4923b4 CreateFileW
0x4923b8 GetFileAttributesW
0x4923bc GetCurrentThreadId
0x4923c0 OpenEventW
GDI32.dll
0x4920e4 GetStockObject
0x4920e8 GetObjectW
0x4920ec SetBkMode
0x4920f0 SetTextColor
0x4920f4 CreateICW
0x4920f8 CreateSolidBrush
0x4920fc BitBlt
0x492100 CreateCompatibleDC
0x492104 StretchBlt
0x492108 SetBrushOrgEx
0x49210c CreateDCW
0x492110 EnumFontFamiliesExW
0x492114 CreateDIBSection
0x492118 GetDeviceCaps
0x49211c DeleteDC
0x492120 DeleteObject
0x492124 TranslateCharsetInfo
0x492128 CreateFontIndirectW
USER32.dll
0x49266c GetSystemMenu
0x492670 PostMessageW
0x492674 GetKeyState
0x492678 GetFocus
0x49267c IsChild
0x492680 SystemParametersInfoW
0x492684 GetWindowLongW
0x492688 CopyRect
0x49268c DrawFocusRect
0x492690 RedrawWindow
0x492694 DrawTextW
0x492698 EnableMenuItem
0x49269c GetSysColor
0x4926a0 GetClientRect
0x4926a4 InvalidateRect
0x4926a8 LoadStringW
0x4926ac SetWindowLongW
0x4926b0 GetWindowRect
0x4926b4 GetDC
0x4926b8 IsWindowVisible
0x4926bc GetSystemMetrics
0x4926c0 ClientToScreen
0x4926c4 GetSysColorBrush
0x4926c8 FillRect
0x4926cc MessageBoxW
0x4926d0 ScreenToClient
0x4926d4 SendMessageW
0x4926d8 SetTimer
0x4926dc AdjustWindowRectEx
0x4926e0 TrackMouseEvent
0x4926e4 GetNextDlgTabItem
0x4926e8 SetCursor
0x4926ec LoadCursorW
0x4926f0 CharUpperW
0x4926f4 GetParent
0x4926f8 EnableWindow
0x4926fc LoadImageW
0x492700 KillTimer
0x492704 PostThreadMessageW
MFC42u.dll
0x4923c8 None
0x4923cc None
0x4923d0 None
0x4923d4 None
0x4923d8 None
0x4923dc None
0x4923e0 None
0x4923e4 None
0x4923e8 None
0x4923ec None
0x4923f0 None
0x4923f4 None
0x4923f8 None
0x4923fc None
0x492400 None
0x492404 None
0x492408 None
0x49240c None
0x492410 None
0x492414 None
0x492418 None
0x49241c None
0x492420 None
0x492424 None
0x492428 None
0x49242c None
0x492430 None
0x492434 None
0x492438 None
0x49243c None
0x492440 None
0x492444 None
0x492448 None
0x49244c None
0x492450 None
0x492454 None
0x492458 None
0x49245c None
0x492460 None
0x492464 None
0x492468 None
0x49246c None
0x492470 None
0x492474 None
0x492478 None
0x49247c None
0x492480 None
0x492484 None
0x492488 None
0x49248c None
0x492490 None
0x492494 None
0x492498 None
0x49249c None
0x4924a0 None
0x4924a4 None
0x4924a8 None
0x4924ac None
0x4924b0 None
0x4924b4 None
0x4924b8 None
0x4924bc None
0x4924c0 None
0x4924c4 None
0x4924c8 None
0x4924cc None
0x4924d0 None
0x4924d4 None
0x4924d8 None
0x4924dc None
0x4924e0 None
0x4924e4 None
0x4924e8 None
0x4924ec None
0x4924f0 None
0x4924f4 None
0x4924f8 None
0x4924fc None
0x492500 None
0x492504 None
0x492508 None
0x49250c None
0x492510 None
0x492514 None
0x492518 None
0x49251c None
0x492520 None
0x492524 None
0x492528 None
0x49252c None
0x492530 None
0x492534 None
0x492538 None
0x49253c None
0x492540 None
0x492544 None
0x492548 None
0x49254c None
0x492550 None
0x492554 None
0x492558 None
0x49255c None
0x492560 None
0x492564 None
0x492568 None
0x49256c None
0x492570 None
0x492574 None
0x492578 None
0x49257c None
0x492580 None
0x492584 None
0x492588 None
0x49258c None
0x492590 None
0x492594 None
0x492598 None
0x49259c None
0x4925a0 None
0x4925a4 None
0x4925a8 None
0x4925ac None
0x4925b0 None
0x4925b4 None
0x4925b8 None
0x4925bc None
0x4925c0 None
0x4925c4 None
0x4925c8 None
0x4925cc None
0x4925d0 None
0x4925d4 None
0x4925d8 None
0x4925dc None
0x4925e0 None
0x4925e4 None
0x4925e8 None
0x4925ec None
0x4925f0 None
0x4925f4 None
0x4925f8 None
0x4925fc None
0x492600 None
0x492604 None
0x492608 None
0x49260c None
0x492610 None
0x492614 None
0x492618 None
0x49261c None
0x492620 None
0x492624 None
0x492628 None
0x49262c None
0x492630 None
0x492634 None
msvcrt.dll
0x492774 _wtoi
0x492778 _errno
0x49277c realloc
0x492780 ?terminate@@YAXXZ
0x492784 _onexit
0x492788 __dllonexit
0x49278c towlower
0x492790 _lock
0x492794 _wcmdln
0x492798 _vsnprintf_s
0x49279c ??0exception@@QAE@ABV0@@Z
0x4927a0 ??0exception@@QAE@XZ
0x4927a4 _wcstoui64
0x4927a8 wcstoul
0x4927ac towupper
0x4927b0 _vscwprintf
0x4927b4 ??1exception@@UAE@XZ
0x4927b8 _purecall
0x4927bc _wcsicmp
0x4927c0 memcpy_s
0x4927c4 __RTDynamicCast
0x4927c8 __CxxFrameHandler3
0x4927cc _amsg_exit
0x4927d0 _vsnprintf
0x4927d4 _initterm
0x4927d8 __setusermatherr
0x4927dc __p__fmode
0x4927e0 _cexit
0x4927e4 _exit
0x4927e8 exit
0x4927ec wcsncmp
0x4927f0 wcsrchr
0x4927f4 ??1type_info@@UAE@XZ
0x4927f8 _controlfp
0x4927fc _except_handler4_common
0x492800 __p__commode
0x492804 wcschr
0x492808 wcsstr
0x49280c memmove
0x492810 _ftol2
0x492814 _CxxThrowException
0x492818 memset
0x49281c memcpy
0x492820 _vsnwprintf
0x492824 free
0x492828 __set_app_type
0x49282c __wgetmainargs
0x492830 _wcsnicmp
0x492834 memmove_s
0x492838 iswspace
0x49283c _unlock
0x492840 _XcptFilter
0x492844 memcmp
COMCTL32.dll
0x4920b8 InitCommonControlsEx
ole32.dll
0x4928b8 CoInitializeEx
0x4928bc CoCreateInstance
0x4928c0 CoUninitialize
OLEAUT32.dll
0x49263c VariantClear
0x492640 SysFreeString
0x492644 VariantInit
0x492648 SysAllocString
SHELL32.dll
0x492664 CommandLineToArgvW
ntdll.dll
0x49284c NtUnloadKey2
0x492850 NtSetInformationProcess
0x492854 NtShutdownSystem
0x492858 NtSetInformationThread
0x49285c RtlFreeHeap
0x492860 RtlAllocateHeap
0x492864 RtlNtStatusToDosError
0x492868 NtSetInformationFile
0x49286c NtOpenFile
0x492870 RtlDosPathNameToNtPathName_U_WithStatus
0x492874 NtCreateFile
0x492878 RtlGetVersion
0x49287c RtlAdjustPrivilege
0x492880 RtlInitUnicodeString
0x492884 NtDuplicateToken
0x492888 NtClose
0x49288c DbgPrintEx
0x492890 RtlFreeUnicodeString
0x492894 NtWriteFile
0x492898 NtReadFile
0x49289c RtlReAllocateHeap
0x4928a0 RtlExpandEnvironmentStrings
0x4928a4 NtQueryInformationFile
0x4928a8 NtWaitForSingleObject
0x4928ac RtlRaiseStatus
0x4928b0 NtYieldExecution
USERENV.dll
0x49270c CreateEnvironmentBlock
0x492710 DestroyEnvironmentBlock
WTSAPI32.dll
0x492750 WTSQueryUserToken
WDSCORE.dll
0x492728 WdsGenericSetupLogInit
0x49272c CurrentIP
0x492730 ConstructPartialMsgVW
0x492734 WdsSetupLogMessageW
0x492738 WdsSetupLogDestroy
FLTLIB.DLL
0x4920d0 FilterFindFirst
0x4920d4 FilterFindClose
0x4920d8 FilterUnload
0x4920dc FilterFindNext
RPCRT4.dll
0x492650 UuidFromStringW
0x492654 I_RpcMapWin32Status
0x492658 UuidToStringW
0x49265c RpcStringFreeW
Cabinet.dll
0x4920c0 None
0x4920c4 None
0x4920c8 None
VERSION.dll
0x492718 VerQueryValueW
0x49271c GetFileVersionInfoExW
0x492720 GetFileVersionInfoSizeExW
WIMGAPI.DLL
0x492740 WIMUnmountImage
0x492744 WIMSetFileIOCallbackTemporaryPath
0x492748 WIMInitFileIOCallbacks
crypt.dll
0x492758 BCryptHashData
0x49275c BCryptDestroyHash
0x492760 BCryptCloseAlgorithmProvider
0x492764 BCryptFinishHash
0x492768 BCryptOpenAlgorithmProvider
0x49276c BCryptCreateHash
EAT(Export Address Table) is none
ADVAPI32.dll
0x492000 GetTokenInformation
0x492004 SetSecurityDescriptorGroup
0x492008 MakeSelfRelativeSD
0x49200c RegQueryValueExW
0x492010 OpenThreadToken
0x492014 AddAccessAllowedAce
0x492018 DuplicateTokenEx
0x49201c SetSecurityDescriptorControl
0x492020 GetLengthSid
0x492024 RegDeleteValueW
0x492028 SetSecurityInfo
0x49202c CreateProcessAsUserW
0x492030 RegOpenKeyExW
0x492034 InitializeAcl
0x492038 InitializeSecurityDescriptor
0x49203c CheckTokenMembership
0x492040 FreeSid
0x492044 OpenProcessToken
0x492048 RegSetValueExW
0x49204c CopySid
0x492050 RegCreateKeyExW
0x492054 RegFlushKey
0x492058 AllocateAndInitializeSid
0x49205c RegDeleteKeyW
0x492060 SetTokenInformation
0x492064 GetAce
0x492068 SetSecurityDescriptorOwner
0x49206c RegQueryInfoKeyW
0x492070 RegEnumKeyW
0x492074 RegCloseKey
0x492078 RegNotifyChangeKeyValue
0x49207c SetSecurityDescriptorDacl
0x492080 AdjustTokenPrivileges
0x492084 LookupPrivilegeValueW
0x492088 RegEnumValueW
0x49208c GetTraceEnableFlags
0x492090 GetTraceEnableLevel
0x492094 RegisterTraceGuidsW
0x492098 UnregisterTraceGuids
0x49209c RegUnLoadKeyW
0x4920a0 StopTraceW
0x4920a4 GetTraceLoggerHandle
0x4920a8 QueryAllTracesW
0x4920ac InitiateSystemShutdownExW
0x4920b0 RegDeleteTreeW
KERNEL32.dll
0x492130 AcquireSRWLockExclusive
0x492134 WaitForSingleObjectEx
0x492138 GetVersionExA
0x49213c LockResource
0x492140 DeleteFileW
0x492144 OpenSemaphoreW
0x492148 CloseHandle
0x49214c SetThreadpoolTimer
0x492150 ReleaseSRWLockShared
0x492154 GetNativeSystemInfo
0x492158 CreateThreadpoolTimer
0x49215c LoadLibraryW
0x492160 FindResourceExW
0x492164 ResetEvent
0x492168 LoadResource
0x49216c GetOverlappedResult
0x492170 SetFilePointerEx
0x492174 CreateMutexExW
0x492178 LocalFree
0x49217c MoveFileExW
0x492180 ReplaceFileW
0x492184 LockFileEx
0x492188 AcquireSRWLockShared
0x49218c DeleteCriticalSection
0x492190 GetCurrentProcessId
0x492194 CreateProcessW
0x492198 GetModuleHandleW
0x49219c FreeLibrary
0x4921a0 CopyFileW
0x4921a4 WideCharToMultiByte
0x4921a8 CreateSymbolicLinkW
0x4921ac SystemTimeToTzSpecificLocalTime
0x4921b0 GetTempFileNameW
0x4921b4 GetSystemTime
0x4921b8 CloseThreadpoolTimer
0x4921bc DosDateTimeToFileTime
0x4921c0 GetSystemWindowsDirectoryW
0x4921c4 MoveFileW
0x4921c8 VirtualQuery
0x4921cc IsWow64Process
0x4921d0 GetDriveTypeW
0x4921d4 LoadLibraryExW
0x4921d8 IsDebuggerPresent
0x4921dc FlushFileBuffers
0x4921e0 GetExitCodeProcess
0x4921e4 SetEvent
0x4921e8 CreateFileA
0x4921ec OutputDebugStringW
0x4921f0 ReleaseSRWLockExclusive
0x4921f4 GetCurrentThread
0x4921f8 GetLastError
0x4921fc GetTickCount64
0x492200 DelayLoadFailureHook
0x492204 IsValidLocale
0x492208 IsValidCodePage
0x49220c VerifyVersionInfoW
0x492210 VerSetConditionMask
0x492214 MapViewOfFile
0x492218 CreateFileMappingW
0x49221c LCIDToLocaleName
0x492220 UnmapViewOfFile
0x492224 GetUserDefaultUILanguage
0x492228 GetLocaleInfoEx
0x49222c GetSystemDefaultUILanguage
0x492230 SearchPathW
0x492234 OutputDebugStringA
0x492238 HeapFree
0x49223c GetModuleHandleExW
0x492240 HeapAlloc
0x492244 GetProcAddress
0x492248 GetProcessHeap
0x49224c CreateDirectoryW
0x492250 ReadFile
0x492254 GetModuleFileNameA
0x492258 LocalFileTimeToFileTime
0x49225c GetTimeZoneInformation
0x492260 FormatMessageW
0x492264 GetFileInformationByHandle
0x492268 Sleep
0x49226c MultiByteToWideChar
0x492270 CreateEventW
0x492274 GetLogicalDriveStringsW
0x492278 SetFileAttributesW
0x49227c GetSystemDirectoryW
0x492280 DebugBreak
0x492284 GetVersionExW
0x492288 SetThreadPreferredUILanguages
0x49228c LocaleNameToLCID
0x492290 GetLocaleInfoW
0x492294 GetPrivateProfileIntW
0x492298 InitializeCriticalSection
0x49229c GlobalLock
0x4922a0 GlobalUnlock
0x4922a4 MulDiv
0x4922a8 FindResourceW
0x4922ac QueryDosDeviceW
0x4922b0 RaiseException
0x4922b4 DuplicateHandle
0x4922b8 GetShortPathNameW
0x4922bc HeapSize
0x4922c0 HeapReAlloc
0x4922c4 LoadLibraryExA
0x4922c8 GetPriorityClass
0x4922cc GetThreadPriority
0x4922d0 GetExitCodeThread
0x4922d4 SetThreadPriority
0x4922d8 SetPriorityClass
0x4922dc CreateThread
0x4922e0 GetPrivateProfileStringW
0x4922e4 GetPrivateProfileSectionW
0x4922e8 GetFileTime
0x4922ec FileTimeToSystemTime
0x4922f0 CompareFileTime
0x4922f4 CopyFileExW
0x4922f8 SetFileInformationByHandle
0x4922fc DeviceIoControl
0x492300 GetFileInformationByHandleEx
0x492304 SetCurrentDirectoryW
0x492308 GetCurrentDirectoryW
0x49230c GetFinalPathNameByHandleW
0x492310 GetLongPathNameW
0x492314 GetTickCount
0x492318 GetSystemTimeAsFileTime
0x49231c QueryPerformanceCounter
0x492320 SetUnhandledExceptionFilter
0x492324 UnhandledExceptionFilter
0x492328 SleepConditionVariableSRW
0x49232c WakeAllConditionVariable
0x492330 GetStartupInfoW
0x492334 SizeofResource
0x492338 FindFirstFileW
0x49233c GetFileSizeEx
0x492340 CompareStringW
0x492344 CreateSemaphoreExW
0x492348 SetLastError
0x49234c EnterCriticalSection
0x492350 GetCommandLineW
0x492354 GetFullPathNameW
0x492358 FindNextFileW
0x49235c GetCurrentProcess
0x492360 ReleaseSemaphore
0x492364 WriteFile
0x492368 ExpandEnvironmentStringsW
0x49236c TerminateProcess
0x492370 SetFileTime
0x492374 GetModuleFileNameW
0x492378 WaitForMultipleObjects
0x49237c SetEnvironmentVariableW
0x492380 InitializeCriticalSectionAndSpinCount
0x492384 LeaveCriticalSection
0x492388 CreatePipe
0x49238c SetFilePointer
0x492390 ReleaseMutex
0x492394 SetEndOfFile
0x492398 UnlockFileEx
0x49239c CreateMutexW
0x4923a0 InitializeCriticalSectionEx
0x4923a4 WaitForThreadpoolTimerCallbacks
0x4923a8 CreateHardLinkW
0x4923ac FindClose
0x4923b0 WaitForSingleObject
0x4923b4 CreateFileW
0x4923b8 GetFileAttributesW
0x4923bc GetCurrentThreadId
0x4923c0 OpenEventW
GDI32.dll
0x4920e4 GetStockObject
0x4920e8 GetObjectW
0x4920ec SetBkMode
0x4920f0 SetTextColor
0x4920f4 CreateICW
0x4920f8 CreateSolidBrush
0x4920fc BitBlt
0x492100 CreateCompatibleDC
0x492104 StretchBlt
0x492108 SetBrushOrgEx
0x49210c CreateDCW
0x492110 EnumFontFamiliesExW
0x492114 CreateDIBSection
0x492118 GetDeviceCaps
0x49211c DeleteDC
0x492120 DeleteObject
0x492124 TranslateCharsetInfo
0x492128 CreateFontIndirectW
USER32.dll
0x49266c GetSystemMenu
0x492670 PostMessageW
0x492674 GetKeyState
0x492678 GetFocus
0x49267c IsChild
0x492680 SystemParametersInfoW
0x492684 GetWindowLongW
0x492688 CopyRect
0x49268c DrawFocusRect
0x492690 RedrawWindow
0x492694 DrawTextW
0x492698 EnableMenuItem
0x49269c GetSysColor
0x4926a0 GetClientRect
0x4926a4 InvalidateRect
0x4926a8 LoadStringW
0x4926ac SetWindowLongW
0x4926b0 GetWindowRect
0x4926b4 GetDC
0x4926b8 IsWindowVisible
0x4926bc GetSystemMetrics
0x4926c0 ClientToScreen
0x4926c4 GetSysColorBrush
0x4926c8 FillRect
0x4926cc MessageBoxW
0x4926d0 ScreenToClient
0x4926d4 SendMessageW
0x4926d8 SetTimer
0x4926dc AdjustWindowRectEx
0x4926e0 TrackMouseEvent
0x4926e4 GetNextDlgTabItem
0x4926e8 SetCursor
0x4926ec LoadCursorW
0x4926f0 CharUpperW
0x4926f4 GetParent
0x4926f8 EnableWindow
0x4926fc LoadImageW
0x492700 KillTimer
0x492704 PostThreadMessageW
MFC42u.dll
0x4923c8 None
0x4923cc None
0x4923d0 None
0x4923d4 None
0x4923d8 None
0x4923dc None
0x4923e0 None
0x4923e4 None
0x4923e8 None
0x4923ec None
0x4923f0 None
0x4923f4 None
0x4923f8 None
0x4923fc None
0x492400 None
0x492404 None
0x492408 None
0x49240c None
0x492410 None
0x492414 None
0x492418 None
0x49241c None
0x492420 None
0x492424 None
0x492428 None
0x49242c None
0x492430 None
0x492434 None
0x492438 None
0x49243c None
0x492440 None
0x492444 None
0x492448 None
0x49244c None
0x492450 None
0x492454 None
0x492458 None
0x49245c None
0x492460 None
0x492464 None
0x492468 None
0x49246c None
0x492470 None
0x492474 None
0x492478 None
0x49247c None
0x492480 None
0x492484 None
0x492488 None
0x49248c None
0x492490 None
0x492494 None
0x492498 None
0x49249c None
0x4924a0 None
0x4924a4 None
0x4924a8 None
0x4924ac None
0x4924b0 None
0x4924b4 None
0x4924b8 None
0x4924bc None
0x4924c0 None
0x4924c4 None
0x4924c8 None
0x4924cc None
0x4924d0 None
0x4924d4 None
0x4924d8 None
0x4924dc None
0x4924e0 None
0x4924e4 None
0x4924e8 None
0x4924ec None
0x4924f0 None
0x4924f4 None
0x4924f8 None
0x4924fc None
0x492500 None
0x492504 None
0x492508 None
0x49250c None
0x492510 None
0x492514 None
0x492518 None
0x49251c None
0x492520 None
0x492524 None
0x492528 None
0x49252c None
0x492530 None
0x492534 None
0x492538 None
0x49253c None
0x492540 None
0x492544 None
0x492548 None
0x49254c None
0x492550 None
0x492554 None
0x492558 None
0x49255c None
0x492560 None
0x492564 None
0x492568 None
0x49256c None
0x492570 None
0x492574 None
0x492578 None
0x49257c None
0x492580 None
0x492584 None
0x492588 None
0x49258c None
0x492590 None
0x492594 None
0x492598 None
0x49259c None
0x4925a0 None
0x4925a4 None
0x4925a8 None
0x4925ac None
0x4925b0 None
0x4925b4 None
0x4925b8 None
0x4925bc None
0x4925c0 None
0x4925c4 None
0x4925c8 None
0x4925cc None
0x4925d0 None
0x4925d4 None
0x4925d8 None
0x4925dc None
0x4925e0 None
0x4925e4 None
0x4925e8 None
0x4925ec None
0x4925f0 None
0x4925f4 None
0x4925f8 None
0x4925fc None
0x492600 None
0x492604 None
0x492608 None
0x49260c None
0x492610 None
0x492614 None
0x492618 None
0x49261c None
0x492620 None
0x492624 None
0x492628 None
0x49262c None
0x492630 None
0x492634 None
msvcrt.dll
0x492774 _wtoi
0x492778 _errno
0x49277c realloc
0x492780 ?terminate@@YAXXZ
0x492784 _onexit
0x492788 __dllonexit
0x49278c towlower
0x492790 _lock
0x492794 _wcmdln
0x492798 _vsnprintf_s
0x49279c ??0exception@@QAE@ABV0@@Z
0x4927a0 ??0exception@@QAE@XZ
0x4927a4 _wcstoui64
0x4927a8 wcstoul
0x4927ac towupper
0x4927b0 _vscwprintf
0x4927b4 ??1exception@@UAE@XZ
0x4927b8 _purecall
0x4927bc _wcsicmp
0x4927c0 memcpy_s
0x4927c4 __RTDynamicCast
0x4927c8 __CxxFrameHandler3
0x4927cc _amsg_exit
0x4927d0 _vsnprintf
0x4927d4 _initterm
0x4927d8 __setusermatherr
0x4927dc __p__fmode
0x4927e0 _cexit
0x4927e4 _exit
0x4927e8 exit
0x4927ec wcsncmp
0x4927f0 wcsrchr
0x4927f4 ??1type_info@@UAE@XZ
0x4927f8 _controlfp
0x4927fc _except_handler4_common
0x492800 __p__commode
0x492804 wcschr
0x492808 wcsstr
0x49280c memmove
0x492810 _ftol2
0x492814 _CxxThrowException
0x492818 memset
0x49281c memcpy
0x492820 _vsnwprintf
0x492824 free
0x492828 __set_app_type
0x49282c __wgetmainargs
0x492830 _wcsnicmp
0x492834 memmove_s
0x492838 iswspace
0x49283c _unlock
0x492840 _XcptFilter
0x492844 memcmp
COMCTL32.dll
0x4920b8 InitCommonControlsEx
ole32.dll
0x4928b8 CoInitializeEx
0x4928bc CoCreateInstance
0x4928c0 CoUninitialize
OLEAUT32.dll
0x49263c VariantClear
0x492640 SysFreeString
0x492644 VariantInit
0x492648 SysAllocString
SHELL32.dll
0x492664 CommandLineToArgvW
ntdll.dll
0x49284c NtUnloadKey2
0x492850 NtSetInformationProcess
0x492854 NtShutdownSystem
0x492858 NtSetInformationThread
0x49285c RtlFreeHeap
0x492860 RtlAllocateHeap
0x492864 RtlNtStatusToDosError
0x492868 NtSetInformationFile
0x49286c NtOpenFile
0x492870 RtlDosPathNameToNtPathName_U_WithStatus
0x492874 NtCreateFile
0x492878 RtlGetVersion
0x49287c RtlAdjustPrivilege
0x492880 RtlInitUnicodeString
0x492884 NtDuplicateToken
0x492888 NtClose
0x49288c DbgPrintEx
0x492890 RtlFreeUnicodeString
0x492894 NtWriteFile
0x492898 NtReadFile
0x49289c RtlReAllocateHeap
0x4928a0 RtlExpandEnvironmentStrings
0x4928a4 NtQueryInformationFile
0x4928a8 NtWaitForSingleObject
0x4928ac RtlRaiseStatus
0x4928b0 NtYieldExecution
USERENV.dll
0x49270c CreateEnvironmentBlock
0x492710 DestroyEnvironmentBlock
WTSAPI32.dll
0x492750 WTSQueryUserToken
WDSCORE.dll
0x492728 WdsGenericSetupLogInit
0x49272c CurrentIP
0x492730 ConstructPartialMsgVW
0x492734 WdsSetupLogMessageW
0x492738 WdsSetupLogDestroy
FLTLIB.DLL
0x4920d0 FilterFindFirst
0x4920d4 FilterFindClose
0x4920d8 FilterUnload
0x4920dc FilterFindNext
RPCRT4.dll
0x492650 UuidFromStringW
0x492654 I_RpcMapWin32Status
0x492658 UuidToStringW
0x49265c RpcStringFreeW
Cabinet.dll
0x4920c0 None
0x4920c4 None
0x4920c8 None
VERSION.dll
0x492718 VerQueryValueW
0x49271c GetFileVersionInfoExW
0x492720 GetFileVersionInfoSizeExW
WIMGAPI.DLL
0x492740 WIMUnmountImage
0x492744 WIMSetFileIOCallbackTemporaryPath
0x492748 WIMInitFileIOCallbacks
crypt.dll
0x492758 BCryptHashData
0x49275c BCryptDestroyHash
0x492760 BCryptCloseAlgorithmProvider
0x492764 BCryptFinishHash
0x492768 BCryptOpenAlgorithmProvider
0x49276c BCryptCreateHash
EAT(Export Address Table) is none