ScreenShot
| Created | 2024.09.30 11:49 | Machine | s1_win7_x6401 |
| Filename | AAct.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 46 detected (Hacktool, KMSAuto, Malicious, score, Artemis, Ursu, Unsafe, Vwmx, grayware, confidence, 100%, Attribute, HighConfidence, high confidence, WinActivator, AF potentially unsafe, MiscX, Tool, KmsActivator, Undefined, YzY0OoRL4eSjaWHg, AutoKMS, CRCEPJ, Real Protect, ProcInj, Detected, BTSGeneric, ApplicUnwnt@#1rdndw9vayrix, Activator, GenericRXAA, GenAsa, l6yVkIPY7Qo) | ||
| md5 | ab4bef832c6437ff9cb2be8d43f2bc74 | ||
| sha256 | d024ddad98eba09880ebac8736ccc81c693553b0e9ea9a83de2d77c34e620112 | ||
| ssdeep | 12288:Z+fibzOhKcs2LzWbaCczOXDONT0DmqRghEsuvBcyRJPhr:Z+fibbmxzOXCT0Jcyvhr | ||
| imphash | 422c4edd4ea7b6fddb8481c2b41c99d8 | ||
| impfuzzy | 192:hpd7HA5ZNM8achZJwy15t9KTR3KdbYaYWG2t07p0:hpd7AZa83hZmZzzWGk07C | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVCRT.dll
0x49bc2c memset
0x49bc30 wcsstr
0x49bc34 wcsncmp
0x49bc38 memmove
0x49bc3c wcsncpy
0x49bc40 _wcsnicmp
0x49bc44 _wcsdup
0x49bc48 free
0x49bc4c wcscmp
0x49bc50 wcslen
0x49bc54 wcscpy
0x49bc58 wcscat
0x49bc5c memcmp
0x49bc60 strlen
0x49bc64 strcpy
0x49bc68 strcat
0x49bc6c _stricmp
0x49bc70 memcpy
0x49bc74 fread
0x49bc78 longjmp
0x49bc7c _setjmp3
0x49bc80 _wfopen
0x49bc84 fclose
0x49bc88 malloc
0x49bc8c _snwprintf
0x49bc90 sprintf
0x49bc94 strcmp
0x49bc98 tolower
0x49bc9c _wcsicmp
0x49bca0 gmtime
0x49bca4 localtime
0x49bca8 mktime
0x49bcac _itow
0x49bcb0 fabs
0x49bcb4 ceil
0x49bcb8 floor
0x49bcbc fseek
0x49bcc0 ftell
0x49bcc4 pow
0x49bcc8 ??3@YAXPAX@Z
0x49bccc frexp
0x49bcd0 modf
0x49bcd4 _CIpow
0x49bcd8 fopen
0x49bcdc _errno
0x49bce0 strerror
0x49bce4 abort
0x49bce8 atof
0x49bcec fflush
0x49bcf0 ferror
0x49bcf4 remove
0x49bcf8 fwrite
0x49bcfc exit
0x49bd00 __p__iob
0x49bd04 fprintf
0x49bd08 getenv
0x49bd0c sscanf
0x49bd10 _vsnwprintf
0x49bd14 cos
0x49bd18 fmod
0x49bd1c sin
0x49bd20 abs
KERNEL32.dll
0x49bd28 GetModuleHandleW
0x49bd2c HeapCreate
0x49bd30 GetUserDefaultLangID
0x49bd34 GetEnvironmentVariableW
0x49bd38 CreateSemaphoreW
0x49bd3c GetLastError
0x49bd40 CloseHandle
0x49bd44 HeapDestroy
0x49bd48 ExitProcess
0x49bd4c TerminateProcess
0x49bd50 Sleep
0x49bd54 CreateProcessW
0x49bd58 GetThreadContext
0x49bd5c ReadProcessMemory
0x49bd60 VirtualAllocEx
0x49bd64 WriteProcessMemory
0x49bd68 SetThreadContext
0x49bd6c ResumeThread
0x49bd70 SystemTimeToFileTime
0x49bd74 LocalFileTimeToFileTime
0x49bd78 FindResourceW
0x49bd7c LoadResource
0x49bd80 LockResource
0x49bd84 SizeofResource
0x49bd88 CreateToolhelp32Snapshot
0x49bd8c GetLogicalDriveStringsW
0x49bd90 QueryDosDeviceW
0x49bd94 FileTimeToLocalFileTime
0x49bd98 FileTimeToSystemTime
0x49bd9c ExpandEnvironmentStringsW
0x49bda0 GetCurrentProcess
0x49bda4 GetSystemDefaultLangID
0x49bda8 MultiByteToWideChar
0x49bdac GetProcAddress
0x49bdb0 CreateRemoteThread
0x49bdb4 WaitForSingleObject
0x49bdb8 GetExitCodeThread
0x49bdbc GetCurrentProcessId
0x49bdc0 OpenProcess
0x49bdc4 FormatMessageW
0x49bdc8 GetVolumeInformationW
0x49bdcc FindFirstFileW
0x49bdd0 FindNextFileW
0x49bdd4 FindClose
0x49bdd8 WideCharToMultiByte
0x49bddc BeginUpdateResourceW
0x49bde0 UpdateResourceW
0x49bde4 EndUpdateResourceW
0x49bde8 Beep
0x49bdec CreateFileW
0x49bdf0 DeviceIoControl
0x49bdf4 GetCommandLineW
0x49bdf8 GetComputerNameW
0x49bdfc GetDateFormatW
0x49be00 GetDiskFreeSpaceExW
0x49be04 GetExitCodeProcess
0x49be08 GetFileTime
0x49be0c GetPrivateProfileStringW
0x49be10 GetShortPathNameW
0x49be14 GetSystemDirectoryW
0x49be18 GetSystemPowerStatus
0x49be1c GetTimeZoneInformation
0x49be20 GetUserDefaultLCID
0x49be24 GetWindowsDirectoryW
0x49be28 GlobalMemoryStatus
0x49be2c LocalFree
0x49be30 Process32FirstW
0x49be34 Process32NextW
0x49be38 QueryPerformanceCounter
0x49be3c QueryPerformanceFrequency
0x49be40 SetComputerNameW
0x49be44 SetFileTime
0x49be48 SetSystemTime
0x49be4c SetVolumeLabelW
0x49be50 WritePrivateProfileStringW
0x49be54 EnterCriticalSection
0x49be58 LeaveCriticalSection
0x49be5c InitializeCriticalSection
0x49be60 CreateThread
0x49be64 HeapAlloc
0x49be68 HeapFree
0x49be6c GetCurrentThreadId
0x49be70 GetModuleFileNameW
0x49be74 DuplicateHandle
0x49be78 CreatePipe
0x49be7c GetStdHandle
0x49be80 PeekNamedPipe
0x49be84 SetEnvironmentVariableW
0x49be88 ReadFile
0x49be8c HeapReAlloc
0x49be90 GetFileSize
0x49be94 SetFilePointer
0x49be98 SetEndOfFile
0x49be9c WriteFile
0x49bea0 FreeLibrary
0x49bea4 LoadLibraryA
0x49bea8 TlsAlloc
0x49beac TlsSetValue
0x49beb0 GetTickCount
0x49beb4 TlsGetValue
0x49beb8 LoadLibraryW
0x49bebc DeleteFileW
0x49bec0 GetVersionExW
0x49bec4 GetVersionExA
0x49bec8 SetLastError
0x49becc GetDriveTypeW
0x49bed0 GetFileAttributesW
0x49bed4 CopyFileW
0x49bed8 SetFileAttributesW
0x49bedc CreateDirectoryW
0x49bee0 RemoveDirectoryW
0x49bee4 GetTempPathW
0x49bee8 MoveFileW
0x49beec GetLocalTime
0x49bef0 GlobalFree
0x49bef4 GlobalAlloc
0x49bef8 HeapSize
0x49befc MulDiv
0x49bf00 DeleteCriticalSection
0x49bf04 TlsFree
0x49bf08 GetCurrentThread
0x49bf0c CreateSemaphoreA
0x49bf10 ReleaseSemaphore
0x49bf14 WaitForMultipleObjects
gdiplus.dll
0x49bf1c GdipDeleteFont
0x49bf20 GdipDeleteGraphics
0x49bf24 GdipDeletePath
0x49bf28 GdipDeleteMatrix
0x49bf2c GdipDeletePen
0x49bf30 GdipDeleteStringFormat
0x49bf34 GdipFree
0x49bf38 GdipGetDpiX
0x49bf3c GdipGetDpiY
WINSPOOL.DRV
0x49bf44 ClosePrinter
0x49bf48 DeletePrinter
0x49bf4c OpenPrinterW
0x49bf50 SetPrinterW
USER32.DLL
0x49bf58 EnumWindows
0x49bf5c OemToCharW
0x49bf60 UpdateWindow
0x49bf64 RedrawWindow
0x49bf68 GetWindowTextW
0x49bf6c SendMessageW
0x49bf70 GetWindowRect
0x49bf74 GetCursorPos
0x49bf78 PtInRect
0x49bf7c PeekMessageW
0x49bf80 TranslateMessage
0x49bf84 DispatchMessageW
0x49bf88 ReleaseDC
0x49bf8c GetWindowThreadProcessId
0x49bf90 FindWindowExW
0x49bf94 FindWindowW
0x49bf98 GetForegroundWindow
0x49bf9c SetCursorPos
0x49bfa0 AnimateWindow
0x49bfa4 AttachThreadInput
0x49bfa8 BlockInput
0x49bfac ChangeDisplaySettingsW
0x49bfb0 CharToOemW
0x49bfb4 CreateWindowExW
0x49bfb8 DrawMenuBar
0x49bfbc EnableMenuItem
0x49bfc0 EnableWindow
0x49bfc4 EnumDisplaySettingsW
0x49bfc8 ExitWindowsEx
0x49bfcc FlashWindow
0x49bfd0 GetClassNameW
0x49bfd4 GetDC
0x49bfd8 GetDesktopWindow
0x49bfdc GetFocus
0x49bfe0 GetKeyState
0x49bfe4 GetLastInputInfo
0x49bfe8 GetSysColor
0x49bfec GetSystemMenu
0x49bff0 GetSystemMetrics
0x49bff4 GetWindow
0x49bff8 GetWindowLongW
0x49bffc IsWindow
0x49c000 IsWindowEnabled
0x49c004 KillTimer
0x49c008 LoadCursorW
0x49c00c LockWorkStation
0x49c010 MessageBeep
0x49c014 PostMessageW
0x49c018 RegisterHotKey
0x49c01c RemoveMenu
0x49c020 SetClassLongW
0x49c024 SetFocus
0x49c028 SetForegroundWindow
0x49c02c SetTimer
0x49c030 SetWindowLongW
0x49c034 SetWindowPos
0x49c038 ShowWindow
0x49c03c UnregisterHotKey
0x49c040 WaitForInputIdle
0x49c044 keybd_event
0x49c048 mouse_event
0x49c04c CharUpperW
0x49c050 CharLowerW
0x49c054 MessageBoxW
0x49c058 IsWindowVisible
0x49c05c SetMenu
0x49c060 DestroyMenu
0x49c064 CreatePopupMenu
0x49c068 AppendMenuW
0x49c06c TrackPopupMenu
0x49c070 DestroyWindow
0x49c074 SetWindowTextW
0x49c078 GetWindowTextLengthW
0x49c07c CallWindowProcW
0x49c080 RemovePropW
0x49c084 GetPropW
0x49c088 SetPropW
0x49c08c SetScrollPos
0x49c090 GetParent
0x49c094 InflateRect
0x49c098 GetWindowDC
0x49c09c GetIconInfo
0x49c0a0 InvalidateRect
0x49c0a4 ReleaseCapture
0x49c0a8 BeginPaint
0x49c0ac DrawStateW
0x49c0b0 EndPaint
0x49c0b4 SetCapture
0x49c0b8 ScreenToClient
0x49c0bc GetClientRect
0x49c0c0 GetSysColorBrush
0x49c0c4 FrameRect
0x49c0c8 DrawFocusRect
0x49c0cc ValidateRect
0x49c0d0 MapWindowPoints
0x49c0d4 SetRect
0x49c0d8 DrawTextW
0x49c0dc MoveWindow
0x49c0e0 DefWindowProcW
0x49c0e4 SetActiveWindow
0x49c0e8 UnregisterClassW
0x49c0ec DestroyAcceleratorTable
0x49c0f0 LoadIconW
0x49c0f4 RegisterClassW
0x49c0f8 AdjustWindowRectEx
0x49c0fc CreateAcceleratorTableW
0x49c100 GetMenu
0x49c104 IsZoomed
0x49c108 IsIconic
0x49c10c ClientToScreen
0x49c110 GetWindowLongA
0x49c114 MsgWaitForMultipleObjects
0x49c118 GetMessageW
0x49c11c GetActiveWindow
0x49c120 TranslateAcceleratorW
0x49c124 DefFrameProcW
0x49c128 FillRect
0x49c12c EnumChildWindows
0x49c130 IsChild
0x49c134 RegisterWindowMessageW
0x49c138 DestroyIcon
0x49c13c CopyImage
0x49c140 CreateIconFromResourceEx
0x49c144 CreateIconFromResource
0x49c148 DrawIconEx
GDI32.DLL
0x49c150 CreateDCW
0x49c154 CreateCompatibleDC
0x49c158 CreateCompatibleBitmap
0x49c15c SelectObject
0x49c160 BitBlt
0x49c164 DeleteDC
0x49c168 GetPixel
0x49c16c GetStockObject
0x49c170 ExcludeClipRect
0x49c174 GetTextExtentPoint32W
0x49c178 GetObjectType
0x49c17c GetObjectW
0x49c180 DeleteObject
0x49c184 CreateRectRgn
0x49c188 SelectClipRgn
0x49c18c SetBkColor
0x49c190 SetTextColor
0x49c194 CreateSolidBrush
0x49c198 GdiGetBatchLimit
0x49c19c GdiSetBatchLimit
0x49c1a0 CreateDIBSection
0x49c1a4 GetObjectA
0x49c1a8 CreateBitmap
0x49c1ac SetPixel
0x49c1b0 GetDIBits
0x49c1b4 GetDeviceCaps
0x49c1b8 CreateFontW
0x49c1bc SetBkMode
0x49c1c0 SetTextAlign
0x49c1c4 TextOutW
0x49c1c8 SetStretchBltMode
0x49c1cc SetBrushOrgEx
0x49c1d0 StretchBlt
0x49c1d4 CreateFontIndirectW
0x49c1d8 GetTextMetricsW
ADVAPI32.DLL
0x49c1e0 RegOpenKeyExW
0x49c1e4 RegOpenKeyW
0x49c1e8 RegConnectRegistryW
0x49c1ec RegQueryValueExW
0x49c1f0 RegCloseKey
0x49c1f4 RegDeleteKeyW
0x49c1f8 RegSetValueExW
0x49c1fc RegCreateKeyExW
0x49c200 LookupAccountNameW
0x49c204 IsValidSid
0x49c208 RegEnumKeyExW
0x49c20c RegDeleteValueW
0x49c210 RegCreateKeyW
0x49c214 AdjustTokenPrivileges
0x49c218 ChangeServiceConfigW
0x49c21c CloseServiceHandle
0x49c220 ControlService
0x49c224 CryptAcquireContextW
0x49c228 CryptCreateHash
0x49c22c CryptDeriveKey
0x49c230 CryptDestroyHash
0x49c234 CryptDestroyKey
0x49c238 CryptEncrypt
0x49c23c CryptHashData
0x49c240 CryptReleaseContext
0x49c244 GetUserNameW
0x49c248 ImpersonateLoggedOnUser
0x49c24c LogonUserW
0x49c250 LookupPrivilegeValueW
0x49c254 OpenProcessToken
0x49c258 OpenSCManagerW
0x49c25c OpenServiceW
0x49c260 QueryServiceStatus
0x49c264 RegEnumValueW
0x49c268 RevertToSelf
0x49c26c StartServiceW
COMCTL32.DLL
0x49c274 InitCommonControlsEx
OLEAUT32.DLL
0x49c27c SafeArrayGetDim
0x49c280 SafeArrayGetUBound
0x49c284 SafeArrayGetElement
OLE32.DLL
0x49c28c CoInitialize
0x49c290 CoCreateInstance
0x49c294 CoUninitialize
0x49c298 CoInitializeEx
0x49c29c CoInitializeSecurity
0x49c2a0 CoSetProxyBlanket
0x49c2a4 CoCreateGuid
0x49c2a8 StringFromGUID2
0x49c2ac RevokeDragDrop
SHELL32.DLL
0x49c2b4 SHGetSpecialFolderLocation
0x49c2b8 SHGetPathFromIDListW
0x49c2bc ExtractIconExW
0x49c2c0 ExtractIconW
0x49c2c4 IsNetDrive
0x49c2c8 RealDriveType
0x49c2cc SHAddToRecentDocs
0x49c2d0 SHFileOperationW
0x49c2d4 SHFormatDrive
0x49c2d8 SHGetFileInfoW
0x49c2dc ShellAboutW
0x49c2e0 Shell_NotifyIconW
0x49c2e4 ShellExecuteExW
WSOCK32.DLL
0x49c2ec WSAStartup
0x49c2f0 gethostbyname
0x49c2f4 WSACleanup
0x49c2f8 gethostbyaddr
0x49c2fc inet_addr
0x49c300 closesocket
0x49c304 socket
0x49c308 htons
0x49c30c ind
0x49c310 ioctlsocket
0x49c314 connect
0x49c318 select
0x49c31c __WSAFDIsSet
0x49c320 gethostname
0x49c324 recvfrom
0x49c328 recv
WINMM.DLL
0x49c330 timeBeginPeriod
ICMP.DLL
0x49c338 IcmpCloseHandle
0x49c33c IcmpCreateFile
0x49c340 IcmpSendEcho
IMAGEHLP.DLL
0x49c348 MakeSureDirectoryPathExists
IPHLPAPI.DLL
0x49c350 GetAdaptersInfo
0x49c354 GetNetworkParams
MSI.DLL
0x49c35c MsiEnumProductsW
0x49c360 MsiGetProductInfoW
NETAPI32.DLL
0x49c368 NetApiBufferFree
0x49c36c NetLocalGroupAdd
0x49c370 NetLocalGroupDel
0x49c374 NetLocalGroupEnum
0x49c378 NetUserDel
0x49c37c NetUserGetInfo
0x49c380 NetUserSetInfo
NTDLL.DLL
0x49c388 ZwUnmapViewOfSection
SETUPAPI.DLL
0x49c390 SetupIterateCabinetW
URLMON.DLL
0x49c398 URLDownloadToFileW
0x49c39c UrlMkSetSessionOption
USERENV.DLL
0x49c3a4 GetDefaultUserProfileDirectoryW
WININET.DLL
0x49c3ac DeleteUrlCacheEntryW
0x49c3b0 InternetCloseHandle
0x49c3b4 InternetGetConnectedState
0x49c3b8 InternetOpenUrlW
0x49c3bc InternetOpenW
0x49c3c0 InternetReadFile
0x49c3c4 UnlockUrlCacheEntryFileW
EAT(Export Address Table) is none
MSVCRT.dll
0x49bc2c memset
0x49bc30 wcsstr
0x49bc34 wcsncmp
0x49bc38 memmove
0x49bc3c wcsncpy
0x49bc40 _wcsnicmp
0x49bc44 _wcsdup
0x49bc48 free
0x49bc4c wcscmp
0x49bc50 wcslen
0x49bc54 wcscpy
0x49bc58 wcscat
0x49bc5c memcmp
0x49bc60 strlen
0x49bc64 strcpy
0x49bc68 strcat
0x49bc6c _stricmp
0x49bc70 memcpy
0x49bc74 fread
0x49bc78 longjmp
0x49bc7c _setjmp3
0x49bc80 _wfopen
0x49bc84 fclose
0x49bc88 malloc
0x49bc8c _snwprintf
0x49bc90 sprintf
0x49bc94 strcmp
0x49bc98 tolower
0x49bc9c _wcsicmp
0x49bca0 gmtime
0x49bca4 localtime
0x49bca8 mktime
0x49bcac _itow
0x49bcb0 fabs
0x49bcb4 ceil
0x49bcb8 floor
0x49bcbc fseek
0x49bcc0 ftell
0x49bcc4 pow
0x49bcc8 ??3@YAXPAX@Z
0x49bccc frexp
0x49bcd0 modf
0x49bcd4 _CIpow
0x49bcd8 fopen
0x49bcdc _errno
0x49bce0 strerror
0x49bce4 abort
0x49bce8 atof
0x49bcec fflush
0x49bcf0 ferror
0x49bcf4 remove
0x49bcf8 fwrite
0x49bcfc exit
0x49bd00 __p__iob
0x49bd04 fprintf
0x49bd08 getenv
0x49bd0c sscanf
0x49bd10 _vsnwprintf
0x49bd14 cos
0x49bd18 fmod
0x49bd1c sin
0x49bd20 abs
KERNEL32.dll
0x49bd28 GetModuleHandleW
0x49bd2c HeapCreate
0x49bd30 GetUserDefaultLangID
0x49bd34 GetEnvironmentVariableW
0x49bd38 CreateSemaphoreW
0x49bd3c GetLastError
0x49bd40 CloseHandle
0x49bd44 HeapDestroy
0x49bd48 ExitProcess
0x49bd4c TerminateProcess
0x49bd50 Sleep
0x49bd54 CreateProcessW
0x49bd58 GetThreadContext
0x49bd5c ReadProcessMemory
0x49bd60 VirtualAllocEx
0x49bd64 WriteProcessMemory
0x49bd68 SetThreadContext
0x49bd6c ResumeThread
0x49bd70 SystemTimeToFileTime
0x49bd74 LocalFileTimeToFileTime
0x49bd78 FindResourceW
0x49bd7c LoadResource
0x49bd80 LockResource
0x49bd84 SizeofResource
0x49bd88 CreateToolhelp32Snapshot
0x49bd8c GetLogicalDriveStringsW
0x49bd90 QueryDosDeviceW
0x49bd94 FileTimeToLocalFileTime
0x49bd98 FileTimeToSystemTime
0x49bd9c ExpandEnvironmentStringsW
0x49bda0 GetCurrentProcess
0x49bda4 GetSystemDefaultLangID
0x49bda8 MultiByteToWideChar
0x49bdac GetProcAddress
0x49bdb0 CreateRemoteThread
0x49bdb4 WaitForSingleObject
0x49bdb8 GetExitCodeThread
0x49bdbc GetCurrentProcessId
0x49bdc0 OpenProcess
0x49bdc4 FormatMessageW
0x49bdc8 GetVolumeInformationW
0x49bdcc FindFirstFileW
0x49bdd0 FindNextFileW
0x49bdd4 FindClose
0x49bdd8 WideCharToMultiByte
0x49bddc BeginUpdateResourceW
0x49bde0 UpdateResourceW
0x49bde4 EndUpdateResourceW
0x49bde8 Beep
0x49bdec CreateFileW
0x49bdf0 DeviceIoControl
0x49bdf4 GetCommandLineW
0x49bdf8 GetComputerNameW
0x49bdfc GetDateFormatW
0x49be00 GetDiskFreeSpaceExW
0x49be04 GetExitCodeProcess
0x49be08 GetFileTime
0x49be0c GetPrivateProfileStringW
0x49be10 GetShortPathNameW
0x49be14 GetSystemDirectoryW
0x49be18 GetSystemPowerStatus
0x49be1c GetTimeZoneInformation
0x49be20 GetUserDefaultLCID
0x49be24 GetWindowsDirectoryW
0x49be28 GlobalMemoryStatus
0x49be2c LocalFree
0x49be30 Process32FirstW
0x49be34 Process32NextW
0x49be38 QueryPerformanceCounter
0x49be3c QueryPerformanceFrequency
0x49be40 SetComputerNameW
0x49be44 SetFileTime
0x49be48 SetSystemTime
0x49be4c SetVolumeLabelW
0x49be50 WritePrivateProfileStringW
0x49be54 EnterCriticalSection
0x49be58 LeaveCriticalSection
0x49be5c InitializeCriticalSection
0x49be60 CreateThread
0x49be64 HeapAlloc
0x49be68 HeapFree
0x49be6c GetCurrentThreadId
0x49be70 GetModuleFileNameW
0x49be74 DuplicateHandle
0x49be78 CreatePipe
0x49be7c GetStdHandle
0x49be80 PeekNamedPipe
0x49be84 SetEnvironmentVariableW
0x49be88 ReadFile
0x49be8c HeapReAlloc
0x49be90 GetFileSize
0x49be94 SetFilePointer
0x49be98 SetEndOfFile
0x49be9c WriteFile
0x49bea0 FreeLibrary
0x49bea4 LoadLibraryA
0x49bea8 TlsAlloc
0x49beac TlsSetValue
0x49beb0 GetTickCount
0x49beb4 TlsGetValue
0x49beb8 LoadLibraryW
0x49bebc DeleteFileW
0x49bec0 GetVersionExW
0x49bec4 GetVersionExA
0x49bec8 SetLastError
0x49becc GetDriveTypeW
0x49bed0 GetFileAttributesW
0x49bed4 CopyFileW
0x49bed8 SetFileAttributesW
0x49bedc CreateDirectoryW
0x49bee0 RemoveDirectoryW
0x49bee4 GetTempPathW
0x49bee8 MoveFileW
0x49beec GetLocalTime
0x49bef0 GlobalFree
0x49bef4 GlobalAlloc
0x49bef8 HeapSize
0x49befc MulDiv
0x49bf00 DeleteCriticalSection
0x49bf04 TlsFree
0x49bf08 GetCurrentThread
0x49bf0c CreateSemaphoreA
0x49bf10 ReleaseSemaphore
0x49bf14 WaitForMultipleObjects
gdiplus.dll
0x49bf1c GdipDeleteFont
0x49bf20 GdipDeleteGraphics
0x49bf24 GdipDeletePath
0x49bf28 GdipDeleteMatrix
0x49bf2c GdipDeletePen
0x49bf30 GdipDeleteStringFormat
0x49bf34 GdipFree
0x49bf38 GdipGetDpiX
0x49bf3c GdipGetDpiY
WINSPOOL.DRV
0x49bf44 ClosePrinter
0x49bf48 DeletePrinter
0x49bf4c OpenPrinterW
0x49bf50 SetPrinterW
USER32.DLL
0x49bf58 EnumWindows
0x49bf5c OemToCharW
0x49bf60 UpdateWindow
0x49bf64 RedrawWindow
0x49bf68 GetWindowTextW
0x49bf6c SendMessageW
0x49bf70 GetWindowRect
0x49bf74 GetCursorPos
0x49bf78 PtInRect
0x49bf7c PeekMessageW
0x49bf80 TranslateMessage
0x49bf84 DispatchMessageW
0x49bf88 ReleaseDC
0x49bf8c GetWindowThreadProcessId
0x49bf90 FindWindowExW
0x49bf94 FindWindowW
0x49bf98 GetForegroundWindow
0x49bf9c SetCursorPos
0x49bfa0 AnimateWindow
0x49bfa4 AttachThreadInput
0x49bfa8 BlockInput
0x49bfac ChangeDisplaySettingsW
0x49bfb0 CharToOemW
0x49bfb4 CreateWindowExW
0x49bfb8 DrawMenuBar
0x49bfbc EnableMenuItem
0x49bfc0 EnableWindow
0x49bfc4 EnumDisplaySettingsW
0x49bfc8 ExitWindowsEx
0x49bfcc FlashWindow
0x49bfd0 GetClassNameW
0x49bfd4 GetDC
0x49bfd8 GetDesktopWindow
0x49bfdc GetFocus
0x49bfe0 GetKeyState
0x49bfe4 GetLastInputInfo
0x49bfe8 GetSysColor
0x49bfec GetSystemMenu
0x49bff0 GetSystemMetrics
0x49bff4 GetWindow
0x49bff8 GetWindowLongW
0x49bffc IsWindow
0x49c000 IsWindowEnabled
0x49c004 KillTimer
0x49c008 LoadCursorW
0x49c00c LockWorkStation
0x49c010 MessageBeep
0x49c014 PostMessageW
0x49c018 RegisterHotKey
0x49c01c RemoveMenu
0x49c020 SetClassLongW
0x49c024 SetFocus
0x49c028 SetForegroundWindow
0x49c02c SetTimer
0x49c030 SetWindowLongW
0x49c034 SetWindowPos
0x49c038 ShowWindow
0x49c03c UnregisterHotKey
0x49c040 WaitForInputIdle
0x49c044 keybd_event
0x49c048 mouse_event
0x49c04c CharUpperW
0x49c050 CharLowerW
0x49c054 MessageBoxW
0x49c058 IsWindowVisible
0x49c05c SetMenu
0x49c060 DestroyMenu
0x49c064 CreatePopupMenu
0x49c068 AppendMenuW
0x49c06c TrackPopupMenu
0x49c070 DestroyWindow
0x49c074 SetWindowTextW
0x49c078 GetWindowTextLengthW
0x49c07c CallWindowProcW
0x49c080 RemovePropW
0x49c084 GetPropW
0x49c088 SetPropW
0x49c08c SetScrollPos
0x49c090 GetParent
0x49c094 InflateRect
0x49c098 GetWindowDC
0x49c09c GetIconInfo
0x49c0a0 InvalidateRect
0x49c0a4 ReleaseCapture
0x49c0a8 BeginPaint
0x49c0ac DrawStateW
0x49c0b0 EndPaint
0x49c0b4 SetCapture
0x49c0b8 ScreenToClient
0x49c0bc GetClientRect
0x49c0c0 GetSysColorBrush
0x49c0c4 FrameRect
0x49c0c8 DrawFocusRect
0x49c0cc ValidateRect
0x49c0d0 MapWindowPoints
0x49c0d4 SetRect
0x49c0d8 DrawTextW
0x49c0dc MoveWindow
0x49c0e0 DefWindowProcW
0x49c0e4 SetActiveWindow
0x49c0e8 UnregisterClassW
0x49c0ec DestroyAcceleratorTable
0x49c0f0 LoadIconW
0x49c0f4 RegisterClassW
0x49c0f8 AdjustWindowRectEx
0x49c0fc CreateAcceleratorTableW
0x49c100 GetMenu
0x49c104 IsZoomed
0x49c108 IsIconic
0x49c10c ClientToScreen
0x49c110 GetWindowLongA
0x49c114 MsgWaitForMultipleObjects
0x49c118 GetMessageW
0x49c11c GetActiveWindow
0x49c120 TranslateAcceleratorW
0x49c124 DefFrameProcW
0x49c128 FillRect
0x49c12c EnumChildWindows
0x49c130 IsChild
0x49c134 RegisterWindowMessageW
0x49c138 DestroyIcon
0x49c13c CopyImage
0x49c140 CreateIconFromResourceEx
0x49c144 CreateIconFromResource
0x49c148 DrawIconEx
GDI32.DLL
0x49c150 CreateDCW
0x49c154 CreateCompatibleDC
0x49c158 CreateCompatibleBitmap
0x49c15c SelectObject
0x49c160 BitBlt
0x49c164 DeleteDC
0x49c168 GetPixel
0x49c16c GetStockObject
0x49c170 ExcludeClipRect
0x49c174 GetTextExtentPoint32W
0x49c178 GetObjectType
0x49c17c GetObjectW
0x49c180 DeleteObject
0x49c184 CreateRectRgn
0x49c188 SelectClipRgn
0x49c18c SetBkColor
0x49c190 SetTextColor
0x49c194 CreateSolidBrush
0x49c198 GdiGetBatchLimit
0x49c19c GdiSetBatchLimit
0x49c1a0 CreateDIBSection
0x49c1a4 GetObjectA
0x49c1a8 CreateBitmap
0x49c1ac SetPixel
0x49c1b0 GetDIBits
0x49c1b4 GetDeviceCaps
0x49c1b8 CreateFontW
0x49c1bc SetBkMode
0x49c1c0 SetTextAlign
0x49c1c4 TextOutW
0x49c1c8 SetStretchBltMode
0x49c1cc SetBrushOrgEx
0x49c1d0 StretchBlt
0x49c1d4 CreateFontIndirectW
0x49c1d8 GetTextMetricsW
ADVAPI32.DLL
0x49c1e0 RegOpenKeyExW
0x49c1e4 RegOpenKeyW
0x49c1e8 RegConnectRegistryW
0x49c1ec RegQueryValueExW
0x49c1f0 RegCloseKey
0x49c1f4 RegDeleteKeyW
0x49c1f8 RegSetValueExW
0x49c1fc RegCreateKeyExW
0x49c200 LookupAccountNameW
0x49c204 IsValidSid
0x49c208 RegEnumKeyExW
0x49c20c RegDeleteValueW
0x49c210 RegCreateKeyW
0x49c214 AdjustTokenPrivileges
0x49c218 ChangeServiceConfigW
0x49c21c CloseServiceHandle
0x49c220 ControlService
0x49c224 CryptAcquireContextW
0x49c228 CryptCreateHash
0x49c22c CryptDeriveKey
0x49c230 CryptDestroyHash
0x49c234 CryptDestroyKey
0x49c238 CryptEncrypt
0x49c23c CryptHashData
0x49c240 CryptReleaseContext
0x49c244 GetUserNameW
0x49c248 ImpersonateLoggedOnUser
0x49c24c LogonUserW
0x49c250 LookupPrivilegeValueW
0x49c254 OpenProcessToken
0x49c258 OpenSCManagerW
0x49c25c OpenServiceW
0x49c260 QueryServiceStatus
0x49c264 RegEnumValueW
0x49c268 RevertToSelf
0x49c26c StartServiceW
COMCTL32.DLL
0x49c274 InitCommonControlsEx
OLEAUT32.DLL
0x49c27c SafeArrayGetDim
0x49c280 SafeArrayGetUBound
0x49c284 SafeArrayGetElement
OLE32.DLL
0x49c28c CoInitialize
0x49c290 CoCreateInstance
0x49c294 CoUninitialize
0x49c298 CoInitializeEx
0x49c29c CoInitializeSecurity
0x49c2a0 CoSetProxyBlanket
0x49c2a4 CoCreateGuid
0x49c2a8 StringFromGUID2
0x49c2ac RevokeDragDrop
SHELL32.DLL
0x49c2b4 SHGetSpecialFolderLocation
0x49c2b8 SHGetPathFromIDListW
0x49c2bc ExtractIconExW
0x49c2c0 ExtractIconW
0x49c2c4 IsNetDrive
0x49c2c8 RealDriveType
0x49c2cc SHAddToRecentDocs
0x49c2d0 SHFileOperationW
0x49c2d4 SHFormatDrive
0x49c2d8 SHGetFileInfoW
0x49c2dc ShellAboutW
0x49c2e0 Shell_NotifyIconW
0x49c2e4 ShellExecuteExW
WSOCK32.DLL
0x49c2ec WSAStartup
0x49c2f0 gethostbyname
0x49c2f4 WSACleanup
0x49c2f8 gethostbyaddr
0x49c2fc inet_addr
0x49c300 closesocket
0x49c304 socket
0x49c308 htons
0x49c30c ind
0x49c310 ioctlsocket
0x49c314 connect
0x49c318 select
0x49c31c __WSAFDIsSet
0x49c320 gethostname
0x49c324 recvfrom
0x49c328 recv
WINMM.DLL
0x49c330 timeBeginPeriod
ICMP.DLL
0x49c338 IcmpCloseHandle
0x49c33c IcmpCreateFile
0x49c340 IcmpSendEcho
IMAGEHLP.DLL
0x49c348 MakeSureDirectoryPathExists
IPHLPAPI.DLL
0x49c350 GetAdaptersInfo
0x49c354 GetNetworkParams
MSI.DLL
0x49c35c MsiEnumProductsW
0x49c360 MsiGetProductInfoW
NETAPI32.DLL
0x49c368 NetApiBufferFree
0x49c36c NetLocalGroupAdd
0x49c370 NetLocalGroupDel
0x49c374 NetLocalGroupEnum
0x49c378 NetUserDel
0x49c37c NetUserGetInfo
0x49c380 NetUserSetInfo
NTDLL.DLL
0x49c388 ZwUnmapViewOfSection
SETUPAPI.DLL
0x49c390 SetupIterateCabinetW
URLMON.DLL
0x49c398 URLDownloadToFileW
0x49c39c UrlMkSetSessionOption
USERENV.DLL
0x49c3a4 GetDefaultUserProfileDirectoryW
WININET.DLL
0x49c3ac DeleteUrlCacheEntryW
0x49c3b0 InternetCloseHandle
0x49c3b4 InternetGetConnectedState
0x49c3b8 InternetOpenUrlW
0x49c3bc InternetOpenW
0x49c3c0 InternetReadFile
0x49c3c4 UnlockUrlCacheEntryFileW
EAT(Export Address Table) is none