ScreenShot
| Created | 2024.09.30 11:28 | Machine | s1_win7_x6403 |
| Filename | dllhost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 46 detected (AIDetectMalware, AutoIt, Malicious, score, TrojanPWS, Zbot, Ransomware, Unsafe, Vuks, confidence, high confidence, AutoitInject, SnakeStealer, jtxkf, SNAKEKEYLOGGER, YXEI1Z, Detected, SKAL, Snake, MGP5N0, Eldorado, Artemis, Chgt, Eplw, iftj) | ||
| md5 | 249f4ca7f1cc801c87cebd0cdf0b398e | ||
| sha256 | b639e9680b5ac670c7b58863479c1cf9c7bea436aee481fa9729c6a82508e556 | ||
| ssdeep | 24576:uRmJkcoQricOIQxiZY1iaCW7blKPxwwZM:7JZoQrbTFZY1iaCWIC7 | ||
| imphash | d3bf8a7746a8d1ee8f6e5960c3f69378 | ||
| impfuzzy | 192:utI6w42ctF3OsIDLNSZk8Us+WTEwgPzOQ3D:sI6wHctF5INmkzwgPzOQ3D | ||
Network IP location
Signature (20cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Harvests credentials from local email clients |
| watch | Harvests credentials from local FTP client softwares |
| watch | Harvests information related to installed instant messenger clients |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Connects to a Dynamic DNS Domain |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x482794 __WSAFDIsSet
0x482798 setsockopt
0x48279c ntohs
0x4827a0 recvfrom
0x4827a4 sendto
0x4827a8 htons
0x4827ac select
0x4827b0 listen
0x4827b4 WSAStartup
0x4827b8 ind
0x4827bc closesocket
0x4827c0 connect
0x4827c4 socket
0x4827c8 send
0x4827cc WSACleanup
0x4827d0 ioctlsocket
0x4827d4 accept
0x4827d8 WSAGetLastError
0x4827dc inet_addr
0x4827e0 gethostbyname
0x4827e4 gethostname
0x4827e8 recv
VERSION.dll
0x482738 VerQueryValueW
0x48273c GetFileVersionInfoW
0x482740 GetFileVersionInfoSizeW
WINMM.dll
0x482784 timeGetTime
0x482788 waveOutSetVolume
0x48278c mciSendStringW
COMCTL32.dll
0x48208c ImageList_Remove
0x482090 ImageList_SetDragCursorImage
0x482094 ImageList_BeginDrag
0x482098 ImageList_DragEnter
0x48209c ImageList_DragLeave
0x4820a0 ImageList_EndDrag
0x4820a4 ImageList_DragMove
0x4820a8 ImageList_ReplaceIcon
0x4820ac ImageList_Create
0x4820b0 InitCommonControlsEx
0x4820b4 ImageList_Destroy
MPR.dll
0x4823d8 WNetCancelConnection2W
0x4823dc WNetGetConnectionW
0x4823e0 WNetAddConnection2W
0x4823e4 WNetUseConnectionW
WININET.dll
0x482748 InternetReadFile
0x48274c InternetCloseHandle
0x482750 InternetOpenW
0x482754 InternetSetOptionW
0x482758 InternetCrackUrlW
0x48275c HttpQueryInfoW
0x482760 InternetConnectW
0x482764 HttpOpenRequestW
0x482768 HttpSendRequestW
0x48276c FtpOpenFileW
0x482770 FtpGetFileSize
0x482774 InternetOpenUrlW
0x482778 InternetQueryOptionW
0x48277c InternetQueryDataAvailable
PSAPI.DLL
0x482450 EnumProcesses
0x482454 GetModuleBaseNameW
0x482458 GetProcessMemoryInfo
0x48245c EnumProcessModules
USERENV.dll
0x482724 CreateEnvironmentBlock
0x482728 DestroyEnvironmentBlock
0x48272c UnloadUserProfile
0x482730 LoadUserProfileW
KERNEL32.dll
0x482158 HeapAlloc
0x48215c Sleep
0x482160 GetCurrentThreadId
0x482164 RaiseException
0x482168 MulDiv
0x48216c GetVersionExW
0x482170 GetSystemInfo
0x482174 InterlockedIncrement
0x482178 InterlockedDecrement
0x48217c WideCharToMultiByte
0x482180 lstrcpyW
0x482184 MultiByteToWideChar
0x482188 lstrlenW
0x48218c lstrcmpiW
0x482190 GetModuleHandleW
0x482194 QueryPerformanceCounter
0x482198 VirtualFreeEx
0x48219c OpenProcess
0x4821a0 VirtualAllocEx
0x4821a4 WriteProcessMemory
0x4821a8 ReadProcessMemory
0x4821ac CreateFileW
0x4821b0 SetFilePointerEx
0x4821b4 ReadFile
0x4821b8 WriteFile
0x4821bc FlushFileBuffers
0x4821c0 TerminateProcess
0x4821c4 CreateToolhelp32Snapshot
0x4821c8 Process32FirstW
0x4821cc Process32NextW
0x4821d0 SetFileTime
0x4821d4 GetFileAttributesW
0x4821d8 FindFirstFileW
0x4821dc FindClose
0x4821e0 DeleteFileW
0x4821e4 FindNextFileW
0x4821e8 MoveFileW
0x4821ec CopyFileW
0x4821f0 CreateDirectoryW
0x4821f4 RemoveDirectoryW
0x4821f8 GetProcessHeap
0x4821fc QueryPerformanceFrequency
0x482200 FindResourceW
0x482204 LoadResource
0x482208 LockResource
0x48220c SizeofResource
0x482210 EnumResourceNamesW
0x482214 OutputDebugStringW
0x482218 GetLocalTime
0x48221c CompareStringW
0x482220 DeleteCriticalSection
0x482224 EnterCriticalSection
0x482228 LeaveCriticalSection
0x48222c InitializeCriticalSectionAndSpinCount
0x482230 GetStdHandle
0x482234 CreatePipe
0x482238 InterlockedExchange
0x48223c TerminateThread
0x482240 GetTempPathW
0x482244 GetTempFileNameW
0x482248 VirtualFree
0x48224c FormatMessageW
0x482250 GetExitCodeProcess
0x482254 SetErrorMode
0x482258 GetPrivateProfileStringW
0x48225c WritePrivateProfileStringW
0x482260 GetPrivateProfileSectionW
0x482264 WritePrivateProfileSectionW
0x482268 GetPrivateProfileSectionNamesW
0x48226c FileTimeToLocalFileTime
0x482270 FileTimeToSystemTime
0x482274 SystemTimeToFileTime
0x482278 LocalFileTimeToFileTime
0x48227c GetDriveTypeW
0x482280 GetDiskFreeSpaceExW
0x482284 GetDiskFreeSpaceW
0x482288 GetVolumeInformationW
0x48228c SetVolumeLabelW
0x482290 CreateHardLinkW
0x482294 DeviceIoControl
0x482298 SetFileAttributesW
0x48229c GetShortPathNameW
0x4822a0 CreateEventW
0x4822a4 SetEvent
0x4822a8 GetEnvironmentVariableW
0x4822ac SetEnvironmentVariableW
0x4822b0 GlobalLock
0x4822b4 GlobalUnlock
0x4822b8 GlobalAlloc
0x4822bc GetFileSize
0x4822c0 GlobalFree
0x4822c4 GlobalMemoryStatusEx
0x4822c8 Beep
0x4822cc GetSystemDirectoryW
0x4822d0 GetComputerNameW
0x4822d4 GetWindowsDirectoryW
0x4822d8 GetCurrentProcessId
0x4822dc GetCurrentThread
0x4822e0 GetProcessIoCounters
0x4822e4 CreateProcessW
0x4822e8 SetPriorityClass
0x4822ec LoadLibraryW
0x4822f0 VirtualAlloc
0x4822f4 LoadLibraryExW
0x4822f8 HeapFree
0x4822fc WaitForSingleObject
0x482300 CreateThread
0x482304 DuplicateHandle
0x482308 GetLastError
0x48230c CloseHandle
0x482310 GetCurrentProcess
0x482314 GetProcAddress
0x482318 LoadLibraryA
0x48231c FreeLibrary
0x482320 GetModuleFileNameW
0x482324 GetFullPathNameW
0x482328 SetCurrentDirectoryW
0x48232c IsDebuggerPresent
0x482330 GetCurrentDirectoryW
0x482334 ExitProcess
0x482338 ExitThread
0x48233c GetSystemTimeAsFileTime
0x482340 ResumeThread
0x482344 GetTimeFormatW
0x482348 GetDateFormatW
0x48234c GetCommandLineW
0x482350 GetStartupInfoW
0x482354 IsProcessorFeaturePresent
0x482358 HeapSize
0x48235c GetCPInfo
0x482360 GetACP
0x482364 GetOEMCP
0x482368 IsValidCodePage
0x48236c TlsAlloc
0x482370 TlsGetValue
0x482374 TlsSetValue
0x482378 TlsFree
0x48237c SetLastError
0x482380 UnhandledExceptionFilter
0x482384 SetUnhandledExceptionFilter
0x482388 GetStringTypeW
0x48238c HeapCreate
0x482390 SetHandleCount
0x482394 GetFileType
0x482398 SetStdHandle
0x48239c GetConsoleCP
0x4823a0 GetConsoleMode
0x4823a4 LCMapStringW
0x4823a8 RtlUnwind
0x4823ac SetFilePointer
0x4823b0 GetTimeZoneInformation
0x4823b4 FreeEnvironmentStringsW
0x4823b8 GetEnvironmentStringsW
0x4823bc GetTickCount
0x4823c0 HeapReAlloc
0x4823c4 WriteConsoleW
0x4823c8 SetEndOfFile
0x4823cc SetSystemPowerState
0x4823d0 SetEnvironmentVariableA
USER32.dll
0x4824a0 GetCursorInfo
0x4824a4 RegisterHotKey
0x4824a8 ClientToScreen
0x4824ac GetKeyboardLayoutNameW
0x4824b0 IsCharAlphaW
0x4824b4 IsCharAlphaNumericW
0x4824b8 IsCharLowerW
0x4824bc IsCharUpperW
0x4824c0 GetMenuStringW
0x4824c4 GetSubMenu
0x4824c8 GetCaretPos
0x4824cc IsZoomed
0x4824d0 MonitorFromPoint
0x4824d4 GetMonitorInfoW
0x4824d8 SetWindowLongW
0x4824dc SetLayeredWindowAttributes
0x4824e0 FlashWindow
0x4824e4 GetClassLongW
0x4824e8 TranslateAcceleratorW
0x4824ec IsDialogMessageW
0x4824f0 GetSysColor
0x4824f4 InflateRect
0x4824f8 DrawFocusRect
0x4824fc DrawTextW
0x482500 FrameRect
0x482504 DrawFrameControl
0x482508 FillRect
0x48250c PtInRect
0x482510 DestroyAcceleratorTable
0x482514 CreateAcceleratorTableW
0x482518 SetCursor
0x48251c GetWindowDC
0x482520 GetSystemMetrics
0x482524 GetActiveWindow
0x482528 CharNextW
0x48252c wsprintfW
0x482530 RedrawWindow
0x482534 DrawMenuBar
0x482538 DestroyMenu
0x48253c SetMenu
0x482540 GetWindowTextLengthW
0x482544 CreateMenu
0x482548 IsDlgButtonChecked
0x48254c DefDlgProcW
0x482550 ReleaseCapture
0x482554 SetCapture
0x482558 WindowFromPoint
0x48255c LoadImageW
0x482560 CreateIconFromResourceEx
0x482564 mouse_event
0x482568 ExitWindowsEx
0x48256c SetActiveWindow
0x482570 FindWindowExW
0x482574 EnumThreadWindows
0x482578 SetMenuDefaultItem
0x48257c InsertMenuItemW
0x482580 IsMenu
0x482584 TrackPopupMenuEx
0x482588 GetCursorPos
0x48258c DeleteMenu
0x482590 CheckMenuRadioItem
0x482594 SetWindowPos
0x482598 GetMenuItemCount
0x48259c SetMenuItemInfoW
0x4825a0 GetMenuItemInfoW
0x4825a4 SetForegroundWindow
0x4825a8 IsIconic
0x4825ac FindWindowW
0x4825b0 SystemParametersInfoW
0x4825b4 TranslateMessage
0x4825b8 SendInput
0x4825bc GetAsyncKeyState
0x4825c0 SetKeyboardState
0x4825c4 GetKeyboardState
0x4825c8 GetKeyState
0x4825cc VkKeyScanW
0x4825d0 LoadStringW
0x4825d4 DialogBoxParamW
0x4825d8 MessageBeep
0x4825dc EndDialog
0x4825e0 SendDlgItemMessageW
0x4825e4 GetDlgItem
0x4825e8 SetWindowTextW
0x4825ec CopyRect
0x4825f0 ReleaseDC
0x4825f4 GetDC
0x4825f8 EndPaint
0x4825fc BeginPaint
0x482600 GetClientRect
0x482604 GetMenu
0x482608 DestroyWindow
0x48260c EnumWindows
0x482610 GetDesktopWindow
0x482614 IsWindow
0x482618 IsWindowEnabled
0x48261c IsWindowVisible
0x482620 EnableWindow
0x482624 InvalidateRect
0x482628 GetWindowLongW
0x48262c AttachThreadInput
0x482630 GetFocus
0x482634 GetWindowTextW
0x482638 ScreenToClient
0x48263c SendMessageTimeoutW
0x482640 EnumChildWindows
0x482644 CharUpperBuffW
0x482648 GetClassNameW
0x48264c GetParent
0x482650 GetDlgCtrlID
0x482654 SendMessageW
0x482658 MapVirtualKeyW
0x48265c PostMessageW
0x482660 GetWindowRect
0x482664 SetUserObjectSecurity
0x482668 GetUserObjectSecurity
0x48266c CloseDesktop
0x482670 CloseWindowStation
0x482674 OpenDesktopW
0x482678 SetProcessWindowStation
0x48267c GetProcessWindowStation
0x482680 OpenWindowStationW
0x482684 MessageBoxW
0x482688 DefWindowProcW
0x48268c CopyImage
0x482690 AdjustWindowRectEx
0x482694 SetRect
0x482698 SetClipboardData
0x48269c EmptyClipboard
0x4826a0 CountClipboardFormats
0x4826a4 CloseClipboard
0x4826a8 GetClipboardData
0x4826ac IsClipboardFormatAvailable
0x4826b0 OpenClipboard
0x4826b4 BlockInput
0x4826b8 GetMessageW
0x4826bc LockWindowUpdate
0x4826c0 GetMenuItemID
0x4826c4 DispatchMessageW
0x4826c8 MoveWindow
0x4826cc SetFocus
0x4826d0 PostQuitMessage
0x4826d4 KillTimer
0x4826d8 CreatePopupMenu
0x4826dc RegisterWindowMessageW
0x4826e0 SetTimer
0x4826e4 ShowWindow
0x4826e8 CreateWindowExW
0x4826ec RegisterClassExW
0x4826f0 LoadIconW
0x4826f4 LoadCursorW
0x4826f8 GetSysColorBrush
0x4826fc GetForegroundWindow
0x482700 MessageBoxA
0x482704 DestroyIcon
0x482708 PeekMessageW
0x48270c UnregisterHotKey
0x482710 CharLowerBuffW
0x482714 keybd_event
0x482718 MonitorFromRect
0x48271c GetWindowThreadProcessId
GDI32.dll
0x4820c8 DeleteObject
0x4820cc AngleArc
0x4820d0 GetTextExtentPoint32W
0x4820d4 ExtCreatePen
0x4820d8 StrokeAndFillPath
0x4820dc StrokePath
0x4820e0 EndPath
0x4820e4 SetPixel
0x4820e8 CloseFigure
0x4820ec CreateCompatibleBitmap
0x4820f0 CreateCompatibleDC
0x4820f4 SelectObject
0x4820f8 StretchBlt
0x4820fc GetDIBits
0x482100 GetDeviceCaps
0x482104 MoveToEx
0x482108 DeleteDC
0x48210c GetPixel
0x482110 CreateDCW
0x482114 Ellipse
0x482118 PolyDraw
0x48211c BeginPath
0x482120 Rectangle
0x482124 SetViewportOrgEx
0x482128 GetObjectW
0x48212c SetBkMode
0x482130 RoundRect
0x482134 SetBkColor
0x482138 CreatePen
0x48213c CreateSolidBrush
0x482140 SetTextColor
0x482144 CreateFontW
0x482148 GetTextFaceW
0x48214c GetStockObject
0x482150 LineTo
COMDLG32.dll
0x4820bc GetSaveFileNameW
0x4820c0 GetOpenFileNameW
ADVAPI32.dll
0x482000 RegEnumValueW
0x482004 RegDeleteValueW
0x482008 RegDeleteKeyW
0x48200c RegEnumKeyExW
0x482010 RegSetValueExW
0x482014 RegCreateKeyExW
0x482018 GetUserNameW
0x48201c RegConnectRegistryW
0x482020 CloseServiceHandle
0x482024 UnlockServiceDatabase
0x482028 OpenThreadToken
0x48202c OpenProcessToken
0x482030 LookupPrivilegeValueW
0x482034 DuplicateTokenEx
0x482038 CreateProcessAsUserW
0x48203c CreateProcessWithLogonW
0x482040 InitializeSecurityDescriptor
0x482044 InitializeAcl
0x482048 GetLengthSid
0x48204c CopySid
0x482050 LogonUserW
0x482054 LockServiceDatabase
0x482058 GetTokenInformation
0x48205c GetSecurityDescriptorDacl
0x482060 GetAclInformation
0x482064 GetAce
0x482068 AddAce
0x48206c SetSecurityDescriptorDacl
0x482070 RegOpenKeyExW
0x482074 RegQueryValueExW
0x482078 AdjustTokenPrivileges
0x48207c InitiateSystemShutdownExW
0x482080 OpenSCManagerW
0x482084 RegCloseKey
SHELL32.dll
0x482464 DragQueryPoint
0x482468 ShellExecuteExW
0x48246c SHGetFolderPathW
0x482470 DragQueryFileW
0x482474 SHEmptyRecycleBinW
0x482478 SHBrowseForFolderW
0x48247c SHFileOperationW
0x482480 SHGetPathFromIDListW
0x482484 SHGetDesktopFolder
0x482488 SHGetMalloc
0x48248c ExtractIconExW
0x482490 Shell_NotifyIconW
0x482494 ShellExecuteW
0x482498 DragFinish
ole32.dll
0x4827f0 OleSetMenuDescriptor
0x4827f4 MkParseDisplayName
0x4827f8 OleSetContainedObject
0x4827fc CLSIDFromString
0x482800 StringFromGUID2
0x482804 CoInitialize
0x482808 CoUninitialize
0x48280c CoCreateInstance
0x482810 CreateStreamOnHGlobal
0x482814 CoTaskMemAlloc
0x482818 CoTaskMemFree
0x48281c ProgIDFromCLSID
0x482820 OleInitialize
0x482824 CreateBindCtx
0x482828 CLSIDFromProgID
0x48282c CoInitializeSecurity
0x482830 CoCreateInstanceEx
0x482834 CoSetProxyBlanket
0x482838 OleUninitialize
0x48283c IIDFromString
OLEAUT32.dll
0x4823ec VariantChangeType
0x4823f0 VariantCopyInd
0x4823f4 DispCallFunc
0x4823f8 CreateStdDispatch
0x4823fc CreateDispTypeInfo
0x482400 SysFreeString
0x482404 SafeArrayDestroyDescriptor
0x482408 SafeArrayDestroyData
0x48240c SafeArrayUnaccessData
0x482410 SysStringLen
0x482414 SafeArrayAllocData
0x482418 GetActiveObject
0x48241c QueryPathOfRegTypeLib
0x482420 SafeArrayAllocDescriptorEx
0x482424 SafeArrayCreateVector
0x482428 SysAllocString
0x48242c VariantCopy
0x482430 VariantClear
0x482434 VariantTimeToSystemTime
0x482438 VarR8FromDec
0x48243c SafeArrayGetVartype
0x482440 OleLoadPicture
0x482444 SafeArrayAccessData
0x482448 VariantInit
EAT(Export Address Table) is none
WSOCK32.dll
0x482794 __WSAFDIsSet
0x482798 setsockopt
0x48279c ntohs
0x4827a0 recvfrom
0x4827a4 sendto
0x4827a8 htons
0x4827ac select
0x4827b0 listen
0x4827b4 WSAStartup
0x4827b8 ind
0x4827bc closesocket
0x4827c0 connect
0x4827c4 socket
0x4827c8 send
0x4827cc WSACleanup
0x4827d0 ioctlsocket
0x4827d4 accept
0x4827d8 WSAGetLastError
0x4827dc inet_addr
0x4827e0 gethostbyname
0x4827e4 gethostname
0x4827e8 recv
VERSION.dll
0x482738 VerQueryValueW
0x48273c GetFileVersionInfoW
0x482740 GetFileVersionInfoSizeW
WINMM.dll
0x482784 timeGetTime
0x482788 waveOutSetVolume
0x48278c mciSendStringW
COMCTL32.dll
0x48208c ImageList_Remove
0x482090 ImageList_SetDragCursorImage
0x482094 ImageList_BeginDrag
0x482098 ImageList_DragEnter
0x48209c ImageList_DragLeave
0x4820a0 ImageList_EndDrag
0x4820a4 ImageList_DragMove
0x4820a8 ImageList_ReplaceIcon
0x4820ac ImageList_Create
0x4820b0 InitCommonControlsEx
0x4820b4 ImageList_Destroy
MPR.dll
0x4823d8 WNetCancelConnection2W
0x4823dc WNetGetConnectionW
0x4823e0 WNetAddConnection2W
0x4823e4 WNetUseConnectionW
WININET.dll
0x482748 InternetReadFile
0x48274c InternetCloseHandle
0x482750 InternetOpenW
0x482754 InternetSetOptionW
0x482758 InternetCrackUrlW
0x48275c HttpQueryInfoW
0x482760 InternetConnectW
0x482764 HttpOpenRequestW
0x482768 HttpSendRequestW
0x48276c FtpOpenFileW
0x482770 FtpGetFileSize
0x482774 InternetOpenUrlW
0x482778 InternetQueryOptionW
0x48277c InternetQueryDataAvailable
PSAPI.DLL
0x482450 EnumProcesses
0x482454 GetModuleBaseNameW
0x482458 GetProcessMemoryInfo
0x48245c EnumProcessModules
USERENV.dll
0x482724 CreateEnvironmentBlock
0x482728 DestroyEnvironmentBlock
0x48272c UnloadUserProfile
0x482730 LoadUserProfileW
KERNEL32.dll
0x482158 HeapAlloc
0x48215c Sleep
0x482160 GetCurrentThreadId
0x482164 RaiseException
0x482168 MulDiv
0x48216c GetVersionExW
0x482170 GetSystemInfo
0x482174 InterlockedIncrement
0x482178 InterlockedDecrement
0x48217c WideCharToMultiByte
0x482180 lstrcpyW
0x482184 MultiByteToWideChar
0x482188 lstrlenW
0x48218c lstrcmpiW
0x482190 GetModuleHandleW
0x482194 QueryPerformanceCounter
0x482198 VirtualFreeEx
0x48219c OpenProcess
0x4821a0 VirtualAllocEx
0x4821a4 WriteProcessMemory
0x4821a8 ReadProcessMemory
0x4821ac CreateFileW
0x4821b0 SetFilePointerEx
0x4821b4 ReadFile
0x4821b8 WriteFile
0x4821bc FlushFileBuffers
0x4821c0 TerminateProcess
0x4821c4 CreateToolhelp32Snapshot
0x4821c8 Process32FirstW
0x4821cc Process32NextW
0x4821d0 SetFileTime
0x4821d4 GetFileAttributesW
0x4821d8 FindFirstFileW
0x4821dc FindClose
0x4821e0 DeleteFileW
0x4821e4 FindNextFileW
0x4821e8 MoveFileW
0x4821ec CopyFileW
0x4821f0 CreateDirectoryW
0x4821f4 RemoveDirectoryW
0x4821f8 GetProcessHeap
0x4821fc QueryPerformanceFrequency
0x482200 FindResourceW
0x482204 LoadResource
0x482208 LockResource
0x48220c SizeofResource
0x482210 EnumResourceNamesW
0x482214 OutputDebugStringW
0x482218 GetLocalTime
0x48221c CompareStringW
0x482220 DeleteCriticalSection
0x482224 EnterCriticalSection
0x482228 LeaveCriticalSection
0x48222c InitializeCriticalSectionAndSpinCount
0x482230 GetStdHandle
0x482234 CreatePipe
0x482238 InterlockedExchange
0x48223c TerminateThread
0x482240 GetTempPathW
0x482244 GetTempFileNameW
0x482248 VirtualFree
0x48224c FormatMessageW
0x482250 GetExitCodeProcess
0x482254 SetErrorMode
0x482258 GetPrivateProfileStringW
0x48225c WritePrivateProfileStringW
0x482260 GetPrivateProfileSectionW
0x482264 WritePrivateProfileSectionW
0x482268 GetPrivateProfileSectionNamesW
0x48226c FileTimeToLocalFileTime
0x482270 FileTimeToSystemTime
0x482274 SystemTimeToFileTime
0x482278 LocalFileTimeToFileTime
0x48227c GetDriveTypeW
0x482280 GetDiskFreeSpaceExW
0x482284 GetDiskFreeSpaceW
0x482288 GetVolumeInformationW
0x48228c SetVolumeLabelW
0x482290 CreateHardLinkW
0x482294 DeviceIoControl
0x482298 SetFileAttributesW
0x48229c GetShortPathNameW
0x4822a0 CreateEventW
0x4822a4 SetEvent
0x4822a8 GetEnvironmentVariableW
0x4822ac SetEnvironmentVariableW
0x4822b0 GlobalLock
0x4822b4 GlobalUnlock
0x4822b8 GlobalAlloc
0x4822bc GetFileSize
0x4822c0 GlobalFree
0x4822c4 GlobalMemoryStatusEx
0x4822c8 Beep
0x4822cc GetSystemDirectoryW
0x4822d0 GetComputerNameW
0x4822d4 GetWindowsDirectoryW
0x4822d8 GetCurrentProcessId
0x4822dc GetCurrentThread
0x4822e0 GetProcessIoCounters
0x4822e4 CreateProcessW
0x4822e8 SetPriorityClass
0x4822ec LoadLibraryW
0x4822f0 VirtualAlloc
0x4822f4 LoadLibraryExW
0x4822f8 HeapFree
0x4822fc WaitForSingleObject
0x482300 CreateThread
0x482304 DuplicateHandle
0x482308 GetLastError
0x48230c CloseHandle
0x482310 GetCurrentProcess
0x482314 GetProcAddress
0x482318 LoadLibraryA
0x48231c FreeLibrary
0x482320 GetModuleFileNameW
0x482324 GetFullPathNameW
0x482328 SetCurrentDirectoryW
0x48232c IsDebuggerPresent
0x482330 GetCurrentDirectoryW
0x482334 ExitProcess
0x482338 ExitThread
0x48233c GetSystemTimeAsFileTime
0x482340 ResumeThread
0x482344 GetTimeFormatW
0x482348 GetDateFormatW
0x48234c GetCommandLineW
0x482350 GetStartupInfoW
0x482354 IsProcessorFeaturePresent
0x482358 HeapSize
0x48235c GetCPInfo
0x482360 GetACP
0x482364 GetOEMCP
0x482368 IsValidCodePage
0x48236c TlsAlloc
0x482370 TlsGetValue
0x482374 TlsSetValue
0x482378 TlsFree
0x48237c SetLastError
0x482380 UnhandledExceptionFilter
0x482384 SetUnhandledExceptionFilter
0x482388 GetStringTypeW
0x48238c HeapCreate
0x482390 SetHandleCount
0x482394 GetFileType
0x482398 SetStdHandle
0x48239c GetConsoleCP
0x4823a0 GetConsoleMode
0x4823a4 LCMapStringW
0x4823a8 RtlUnwind
0x4823ac SetFilePointer
0x4823b0 GetTimeZoneInformation
0x4823b4 FreeEnvironmentStringsW
0x4823b8 GetEnvironmentStringsW
0x4823bc GetTickCount
0x4823c0 HeapReAlloc
0x4823c4 WriteConsoleW
0x4823c8 SetEndOfFile
0x4823cc SetSystemPowerState
0x4823d0 SetEnvironmentVariableA
USER32.dll
0x4824a0 GetCursorInfo
0x4824a4 RegisterHotKey
0x4824a8 ClientToScreen
0x4824ac GetKeyboardLayoutNameW
0x4824b0 IsCharAlphaW
0x4824b4 IsCharAlphaNumericW
0x4824b8 IsCharLowerW
0x4824bc IsCharUpperW
0x4824c0 GetMenuStringW
0x4824c4 GetSubMenu
0x4824c8 GetCaretPos
0x4824cc IsZoomed
0x4824d0 MonitorFromPoint
0x4824d4 GetMonitorInfoW
0x4824d8 SetWindowLongW
0x4824dc SetLayeredWindowAttributes
0x4824e0 FlashWindow
0x4824e4 GetClassLongW
0x4824e8 TranslateAcceleratorW
0x4824ec IsDialogMessageW
0x4824f0 GetSysColor
0x4824f4 InflateRect
0x4824f8 DrawFocusRect
0x4824fc DrawTextW
0x482500 FrameRect
0x482504 DrawFrameControl
0x482508 FillRect
0x48250c PtInRect
0x482510 DestroyAcceleratorTable
0x482514 CreateAcceleratorTableW
0x482518 SetCursor
0x48251c GetWindowDC
0x482520 GetSystemMetrics
0x482524 GetActiveWindow
0x482528 CharNextW
0x48252c wsprintfW
0x482530 RedrawWindow
0x482534 DrawMenuBar
0x482538 DestroyMenu
0x48253c SetMenu
0x482540 GetWindowTextLengthW
0x482544 CreateMenu
0x482548 IsDlgButtonChecked
0x48254c DefDlgProcW
0x482550 ReleaseCapture
0x482554 SetCapture
0x482558 WindowFromPoint
0x48255c LoadImageW
0x482560 CreateIconFromResourceEx
0x482564 mouse_event
0x482568 ExitWindowsEx
0x48256c SetActiveWindow
0x482570 FindWindowExW
0x482574 EnumThreadWindows
0x482578 SetMenuDefaultItem
0x48257c InsertMenuItemW
0x482580 IsMenu
0x482584 TrackPopupMenuEx
0x482588 GetCursorPos
0x48258c DeleteMenu
0x482590 CheckMenuRadioItem
0x482594 SetWindowPos
0x482598 GetMenuItemCount
0x48259c SetMenuItemInfoW
0x4825a0 GetMenuItemInfoW
0x4825a4 SetForegroundWindow
0x4825a8 IsIconic
0x4825ac FindWindowW
0x4825b0 SystemParametersInfoW
0x4825b4 TranslateMessage
0x4825b8 SendInput
0x4825bc GetAsyncKeyState
0x4825c0 SetKeyboardState
0x4825c4 GetKeyboardState
0x4825c8 GetKeyState
0x4825cc VkKeyScanW
0x4825d0 LoadStringW
0x4825d4 DialogBoxParamW
0x4825d8 MessageBeep
0x4825dc EndDialog
0x4825e0 SendDlgItemMessageW
0x4825e4 GetDlgItem
0x4825e8 SetWindowTextW
0x4825ec CopyRect
0x4825f0 ReleaseDC
0x4825f4 GetDC
0x4825f8 EndPaint
0x4825fc BeginPaint
0x482600 GetClientRect
0x482604 GetMenu
0x482608 DestroyWindow
0x48260c EnumWindows
0x482610 GetDesktopWindow
0x482614 IsWindow
0x482618 IsWindowEnabled
0x48261c IsWindowVisible
0x482620 EnableWindow
0x482624 InvalidateRect
0x482628 GetWindowLongW
0x48262c AttachThreadInput
0x482630 GetFocus
0x482634 GetWindowTextW
0x482638 ScreenToClient
0x48263c SendMessageTimeoutW
0x482640 EnumChildWindows
0x482644 CharUpperBuffW
0x482648 GetClassNameW
0x48264c GetParent
0x482650 GetDlgCtrlID
0x482654 SendMessageW
0x482658 MapVirtualKeyW
0x48265c PostMessageW
0x482660 GetWindowRect
0x482664 SetUserObjectSecurity
0x482668 GetUserObjectSecurity
0x48266c CloseDesktop
0x482670 CloseWindowStation
0x482674 OpenDesktopW
0x482678 SetProcessWindowStation
0x48267c GetProcessWindowStation
0x482680 OpenWindowStationW
0x482684 MessageBoxW
0x482688 DefWindowProcW
0x48268c CopyImage
0x482690 AdjustWindowRectEx
0x482694 SetRect
0x482698 SetClipboardData
0x48269c EmptyClipboard
0x4826a0 CountClipboardFormats
0x4826a4 CloseClipboard
0x4826a8 GetClipboardData
0x4826ac IsClipboardFormatAvailable
0x4826b0 OpenClipboard
0x4826b4 BlockInput
0x4826b8 GetMessageW
0x4826bc LockWindowUpdate
0x4826c0 GetMenuItemID
0x4826c4 DispatchMessageW
0x4826c8 MoveWindow
0x4826cc SetFocus
0x4826d0 PostQuitMessage
0x4826d4 KillTimer
0x4826d8 CreatePopupMenu
0x4826dc RegisterWindowMessageW
0x4826e0 SetTimer
0x4826e4 ShowWindow
0x4826e8 CreateWindowExW
0x4826ec RegisterClassExW
0x4826f0 LoadIconW
0x4826f4 LoadCursorW
0x4826f8 GetSysColorBrush
0x4826fc GetForegroundWindow
0x482700 MessageBoxA
0x482704 DestroyIcon
0x482708 PeekMessageW
0x48270c UnregisterHotKey
0x482710 CharLowerBuffW
0x482714 keybd_event
0x482718 MonitorFromRect
0x48271c GetWindowThreadProcessId
GDI32.dll
0x4820c8 DeleteObject
0x4820cc AngleArc
0x4820d0 GetTextExtentPoint32W
0x4820d4 ExtCreatePen
0x4820d8 StrokeAndFillPath
0x4820dc StrokePath
0x4820e0 EndPath
0x4820e4 SetPixel
0x4820e8 CloseFigure
0x4820ec CreateCompatibleBitmap
0x4820f0 CreateCompatibleDC
0x4820f4 SelectObject
0x4820f8 StretchBlt
0x4820fc GetDIBits
0x482100 GetDeviceCaps
0x482104 MoveToEx
0x482108 DeleteDC
0x48210c GetPixel
0x482110 CreateDCW
0x482114 Ellipse
0x482118 PolyDraw
0x48211c BeginPath
0x482120 Rectangle
0x482124 SetViewportOrgEx
0x482128 GetObjectW
0x48212c SetBkMode
0x482130 RoundRect
0x482134 SetBkColor
0x482138 CreatePen
0x48213c CreateSolidBrush
0x482140 SetTextColor
0x482144 CreateFontW
0x482148 GetTextFaceW
0x48214c GetStockObject
0x482150 LineTo
COMDLG32.dll
0x4820bc GetSaveFileNameW
0x4820c0 GetOpenFileNameW
ADVAPI32.dll
0x482000 RegEnumValueW
0x482004 RegDeleteValueW
0x482008 RegDeleteKeyW
0x48200c RegEnumKeyExW
0x482010 RegSetValueExW
0x482014 RegCreateKeyExW
0x482018 GetUserNameW
0x48201c RegConnectRegistryW
0x482020 CloseServiceHandle
0x482024 UnlockServiceDatabase
0x482028 OpenThreadToken
0x48202c OpenProcessToken
0x482030 LookupPrivilegeValueW
0x482034 DuplicateTokenEx
0x482038 CreateProcessAsUserW
0x48203c CreateProcessWithLogonW
0x482040 InitializeSecurityDescriptor
0x482044 InitializeAcl
0x482048 GetLengthSid
0x48204c CopySid
0x482050 LogonUserW
0x482054 LockServiceDatabase
0x482058 GetTokenInformation
0x48205c GetSecurityDescriptorDacl
0x482060 GetAclInformation
0x482064 GetAce
0x482068 AddAce
0x48206c SetSecurityDescriptorDacl
0x482070 RegOpenKeyExW
0x482074 RegQueryValueExW
0x482078 AdjustTokenPrivileges
0x48207c InitiateSystemShutdownExW
0x482080 OpenSCManagerW
0x482084 RegCloseKey
SHELL32.dll
0x482464 DragQueryPoint
0x482468 ShellExecuteExW
0x48246c SHGetFolderPathW
0x482470 DragQueryFileW
0x482474 SHEmptyRecycleBinW
0x482478 SHBrowseForFolderW
0x48247c SHFileOperationW
0x482480 SHGetPathFromIDListW
0x482484 SHGetDesktopFolder
0x482488 SHGetMalloc
0x48248c ExtractIconExW
0x482490 Shell_NotifyIconW
0x482494 ShellExecuteW
0x482498 DragFinish
ole32.dll
0x4827f0 OleSetMenuDescriptor
0x4827f4 MkParseDisplayName
0x4827f8 OleSetContainedObject
0x4827fc CLSIDFromString
0x482800 StringFromGUID2
0x482804 CoInitialize
0x482808 CoUninitialize
0x48280c CoCreateInstance
0x482810 CreateStreamOnHGlobal
0x482814 CoTaskMemAlloc
0x482818 CoTaskMemFree
0x48281c ProgIDFromCLSID
0x482820 OleInitialize
0x482824 CreateBindCtx
0x482828 CLSIDFromProgID
0x48282c CoInitializeSecurity
0x482830 CoCreateInstanceEx
0x482834 CoSetProxyBlanket
0x482838 OleUninitialize
0x48283c IIDFromString
OLEAUT32.dll
0x4823ec VariantChangeType
0x4823f0 VariantCopyInd
0x4823f4 DispCallFunc
0x4823f8 CreateStdDispatch
0x4823fc CreateDispTypeInfo
0x482400 SysFreeString
0x482404 SafeArrayDestroyDescriptor
0x482408 SafeArrayDestroyData
0x48240c SafeArrayUnaccessData
0x482410 SysStringLen
0x482414 SafeArrayAllocData
0x482418 GetActiveObject
0x48241c QueryPathOfRegTypeLib
0x482420 SafeArrayAllocDescriptorEx
0x482424 SafeArrayCreateVector
0x482428 SysAllocString
0x48242c VariantCopy
0x482430 VariantClear
0x482434 VariantTimeToSystemTime
0x482438 VarR8FromDec
0x48243c SafeArrayGetVartype
0x482440 OleLoadPicture
0x482444 SafeArrayAccessData
0x482448 VariantInit
EAT(Export Address Table) is none