ScreenShot
| Created | 2024.10.17 09:46 | Machine | s1_win7_x6401 |
| Filename | Ammyy.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 53 detected (AIDetectMalware, Ammyy, Malicious, score, RemAdmAmmyy, RemoteAdmin, Uv4n, grayware, confidence, 100%, high confidence, B potentially unsafe, FileRepPup, AmmyAdmin, dskdxp, HackTool, CLASSIC, high, remote, access, Generic Reputation PUA, Static AI, Malicious PE, Admin, Detected, CA@6lncg7, Wacatac, ACSY, R200730, RemAdm, Gencirc, rogYW5NLjsY, AmmyyAdmin, Tool) | ||
| md5 | 3b4ed97de29af222837095a7c411b8a1 | ||
| sha256 | 74656a65e96590a2734384bf89cb9ff677dcedff5f6e937d350b9f46ec52cd0a | ||
| ssdeep | 12288:3VFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVVUg0:XUEUUw9RaTNicBrPFRtJ1iVTsCZ0 | ||
| imphash | 3a8eb283f62eca7206b65c62b7d51bd5 | ||
| impfuzzy | 192:m3jaNxwI+HcM1wuAhuIrVYW7J0VHAlQXDLlWGPwAC3pb8QtnTF0:3/PX2+J0VglQX/lFopb8Q5p0 | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| watch | Queries information on disks |
| notice | Creates a service |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Ammy_Admin_r0d | Ammy Admin | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET POLICY IP Check (rl. ammyy. com)
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x483854 WSAGetLastError
0x483858 send
0x48385c recv
0x483860 select
0x483864 WSAStartup
0x483868 getpeername
0x48386c getservbyport
0x483870 ntohs
0x483874 gethostbyaddr
0x483878 gethostbyname
0x48387c getservbyname
0x483880 htonl
0x483884 inet_ntoa
0x483888 inet_addr
0x48388c WSAIoctl
0x483890 connect
0x483894 accept
0x483898 htons
0x48389c ind
0x4838a0 listen
0x4838a4 socket
0x4838a8 __WSAFDIsSet
0x4838ac shutdown
0x4838b0 setsockopt
0x4838b4 ioctlsocket
0x4838b8 WSACleanup
0x4838bc closesocket
GDI32.dll
0x4830e8 GetDIBits
0x4830ec CreateCompatibleBitmap
0x4830f0 RealizePalette
0x4830f4 SelectPalette
0x4830f8 CreatePalette
0x4830fc GetSystemPaletteEntries
0x483100 GdiFlush
0x483104 CombineRgn
0x483108 GetRegionData
0x48310c SetStretchBltMode
0x483110 CreateDIBitmap
0x483114 DeleteDC
0x483118 SelectObject
0x48311c CreateCompatibleDC
0x483120 BitBlt
0x483124 SetBkMode
0x483128 CreateFontIndirectA
0x48312c DPtoLP
0x483130 GetDeviceCaps
0x483134 CreateFontA
0x483138 StretchBlt
0x48313c CreateRectRgn
0x483140 ExtTextOutA
0x483144 GetBitmapBits
0x483148 GetObjectA
0x48314c CreateDIBSection
0x483150 SetBitmapBits
0x483154 CreateRectRgnIndirect
0x483158 SelectClipRgn
0x48315c TextOutW
0x483160 CreatePatternBrush
0x483164 SetTextAlign
0x483168 SetBrushOrgEx
0x48316c ExtTextOutW
0x483170 SetTextColor
0x483174 SetBkColor
0x483178 GetTextExtentPoint32W
0x48317c CreateSolidBrush
0x483180 DeleteObject
0x483184 GetStockObject
USER32.dll
0x48358c FindWindowA
0x483590 OpenDesktopA
0x483594 VkKeyScanExA
0x483598 SendMessageTimeoutA
0x48359c LoadIconA
0x4835a0 IntersectRect
0x4835a4 IsWindowVisible
0x4835a8 GetIconInfo
0x4835ac GetCursorInfo
0x4835b0 EqualRect
0x4835b4 OpenInputDesktop
0x4835b8 CloseDesktop
0x4835bc GetUserObjectInformationA
0x4835c0 LoadKeyboardLayoutA
0x4835c4 EmptyClipboard
0x4835c8 SetClipboardData
0x4835cc RegisterClassExA
0x4835d0 GetDesktopWindow
0x4835d4 PeekMessageA
0x4835d8 MsgWaitForMultipleObjects
0x4835dc mouse_event
0x4835e0 MapVirtualKeyA
0x4835e4 LockWorkStation
0x4835e8 SetThreadDesktop
0x4835ec keybd_event
0x4835f0 SetDlgItemTextA
0x4835f4 SetDlgItemInt
0x4835f8 GetKeyboardState
0x4835fc ToAsciiEx
0x483600 DestroyAcceleratorTable
0x483604 TranslateAcceleratorA
0x483608 CreateAcceleratorTableA
0x48360c SetWindowTextA
0x483610 ReleaseCapture
0x483614 SetCapture
0x483618 GetAsyncKeyState
0x48361c GetThreadDesktop
0x483620 SystemParametersInfoW
0x483624 SwitchToThisWindow
0x483628 SendMessageA
0x48362c FindWindowW
0x483630 MessageBoxA
0x483634 ShowWindow
0x483638 wsprintfA
0x48363c RegisterClassExW
0x483640 DestroyCursor
0x483644 MessageBeep
0x483648 wsprintfW
0x48364c SetCursorPos
0x483650 GetClipboardOwner
0x483654 OpenClipboard
0x483658 GetClipboardData
0x48365c CloseClipboard
0x483660 ShowWindowAsync
0x483664 SetScrollInfo
0x483668 GetWindow
0x48366c WindowFromPoint
0x483670 ReleaseDC
0x483674 GetDC
0x483678 DestroyIcon
0x48367c DrawIconEx
0x483680 LoadImageA
0x483684 EnableWindow
0x483688 SetDlgItemTextW
0x48368c DestroyWindow
0x483690 SetWindowPos
0x483694 SetClassLongW
0x483698 InsertMenuItemW
0x48369c ChangeClipboardChain
0x4836a0 MapWindowPoints
0x4836a4 InsertMenuItemA
0x4836a8 EnumWindows
0x4836ac GetClassNameA
0x4836b0 GetWindowTextA
0x4836b4 KillTimer
0x4836b8 GetWindowLongW
0x4836bc PostMessageA
0x4836c0 DrawTextW
0x4836c4 SetRect
0x4836c8 ShowScrollBar
0x4836cc IsIconic
0x4836d0 ScrollWindowEx
0x4836d4 AdjustWindowRectEx
0x4836d8 GetMenuState
0x4836dc GetWindowPlacement
0x4836e0 SetWindowPlacement
0x4836e4 GetSysColorBrush
0x4836e8 AppendMenuW
0x4836ec SetClipboardViewer
0x4836f0 SetWindowsHookExA
0x4836f4 UnhookWindowsHookEx
0x4836f8 DrawTextA
0x4836fc EndDialog
0x483700 CreateDialogParamW
0x483704 DialogBoxParamA
0x483708 CallWindowProcW
0x48370c CallWindowProcA
0x483710 DefWindowProcA
0x483714 IsWindowUnicode
0x483718 GetSystemMenu
0x48371c RedrawWindow
0x483720 InvalidateRect
0x483724 DrawStateA
0x483728 DrawEdge
0x48372c GetClientRect
0x483730 CreateWindowExA
0x483734 IsWindow
0x483738 GetParent
0x48373c GetWindowLongA
0x483740 GetForegroundWindow
0x483744 GetWindowThreadProcessId
0x483748 AttachThreadInput
0x48374c SetActiveWindow
0x483750 SetCursor
0x483754 SetTimer
0x483758 PostThreadMessageA
0x48375c MoveWindow
0x483760 BeginPaint
0x483764 EndPaint
0x483768 GetDlgItemInt
0x48376c SendDlgItemMessageA
0x483770 MapDialogRect
0x483774 SetWindowLongA
0x483778 ClientToScreen
0x48377c LoadCursorA
0x483780 RegisterClassW
0x483784 CreateWindowExW
0x483788 SetWindowLongW
0x48378c UpdateWindow
0x483790 GetMessageA
0x483794 IsDialogMessageA
0x483798 TranslateMessage
0x48379c DispatchMessageA
0x4837a0 ScreenToClient
0x4837a4 SetWindowTextW
0x4837a8 SetMenu
0x4837ac LoadMenuA
0x4837b0 GetMenuItemInfoA
0x4837b4 SetMenuItemInfoA
0x4837b8 GetSubMenu
0x4837bc SetMenuItemInfoW
0x4837c0 GetMenuItemID
0x4837c4 EnableMenuItem
0x4837c8 GetMenuItemCount
0x4837cc CheckMenuItem
0x4837d0 GetKeyState
0x4837d4 SetForegroundWindow
0x4837d8 SetFocus
0x4837dc GetFocus
0x4837e0 PostQuitMessage
0x4837e4 DefWindowProcW
0x4837e8 CreatePopupMenu
0x4837ec GetCursorPos
0x4837f0 TrackPopupMenu
0x4837f4 GetSysColor
0x4837f8 GetSystemMetrics
0x4837fc GetMenuItemInfoW
0x483800 DrawMenuBar
0x483804 AppendMenuA
0x483808 DestroyMenu
0x48380c MessageBoxW
0x483810 GetDlgItem
0x483814 SendMessageW
0x483818 GetWindowRect
0x48381c SystemParametersInfoA
SHELL32.dll
0x483538 SHBrowseForFolderW
0x48353c SHGetPathFromIDListW
0x483540 ShellExecuteA
0x483544 SHGetMalloc
0x483548 ShellExecuteExW
0x48354c SHGetFolderPathA
0x483550 SHGetFolderPathW
0x483554 SHGetFileInfoW
0x483558 ShellExecuteW
0x48355c SHGetSpecialFolderPathW
0x483560 Shell_NotifyIconA
MSVCP60.dll
0x48337c ??1Init@ios_base@std@@QAE@XZ
0x483380 ??0_Winit@std@@QAE@XZ
0x483384 ??1_Winit@std@@QAE@XZ
0x483388 ??0Init@ios_base@std@@QAE@XZ
MSVCRT.dll
0x483390 _strnicmp
0x483394 _strupr
0x483398 _strlwr
0x48339c _controlfp
0x4833a0 _iob
0x4833a4 __set_app_type
0x4833a8 __p__fmode
0x4833ac __p__commode
0x4833b0 _adjust_fdiv
0x4833b4 __setusermatherr
0x4833b8 _initterm
0x4833bc __getmainargs
0x4833c0 _wcsicmp
0x4833c4 wcschr
0x4833c8 __CxxFrameHandler
0x4833cc strlen
0x4833d0 isspace
0x4833d4 memchr
0x4833d8 _errno
0x4833dc strtol
0x4833e0 isdigit
0x4833e4 strstr
0x4833e8 memcpy
0x4833ec ??2@YAPAXI@Z
0x4833f0 _purecall
0x4833f4 free
0x4833f8 memset
0x4833fc malloc
0x483400 sprintf
0x483404 printf
0x483408 fwrite
0x48340c srand
0x483410 time
0x483414 _CxxThrowException
0x483418 rand
0x48341c atol
0x483420 _stricmp
0x483424 isprint
0x483428 tolower
0x48342c strncpy
0x483430 atoi
0x483434 abs
0x483438 wcscpy
0x48343c strcmp
0x483440 strcpy
0x483444 wcslen
0x483448 memcmp
0x48344c iswspace
0x483450 wcsncmp
0x483454 _wtoi
0x483458 _ultow
0x48345c _stat
0x483460 strchr
0x483464 _ftol
0x483468 swprintf
0x48346c strcat
0x483470 strtoul
0x483474 calloc
0x483478 _rotl
0x48347c _rotr
0x483480 fopen
0x483484 fread
0x483488 fclose
0x48348c fseek
0x483490 ftell
0x483494 fflush
0x483498 wcsncpy
0x48349c wcsrchr
0x4834a0 vsprintf
0x4834a4 vswprintf
0x4834a8 memmove
0x4834ac strrchr
0x4834b0 strncmp
0x4834b4 mbstowcs
0x4834b8 wcscmp
0x4834bc wcsstr
0x4834c0 iswdigit
0x4834c4 _beginthreadex
0x4834c8 _endthreadex
0x4834cc atof
0x4834d0 _i64tow
0x4834d4 wcscat
0x4834d8 realloc
0x4834dc exit
0x4834e0 fprintf
0x4834e4 sscanf
0x4834e8 getenv
0x4834ec floor
0x4834f0 fputc
0x4834f4 _CIpow
0x4834f8 _CIacos
0x4834fc ??1type_info@@UAE@XZ
0x483500 __dllonexit
0x483504 _onexit
0x483508 _except_handler3
0x48350c ?terminate@@YAXXZ
0x483510 _exit
0x483514 _XcptFilter
0x483518 _acmdln
Secur32.dll
0x483570 FreeCredentialsHandle
0x483574 InitializeSecurityContextA
0x483578 FreeContextBuffer
0x48357c AcquireCredentialsHandleA
0x483580 CompleteAuthToken
0x483584 QuerySecurityPackageInfoA
SETUPAPI.dll
0x483520 SetupDiEnumDeviceInfo
0x483524 SetupDiGetClassDevsA
0x483528 SetupDiClassGuidsFromNameA
0x48352c SetupDiGetDeviceRegistryPropertyA
0x483530 SetupDiDestroyDeviceInfoList
iphlpapi.dll
0x4838d0 GetAdaptersInfo
ADVAPI32.dll
0x483000 RegOpenKeyExA
0x483004 FreeSid
0x483008 SetFileSecurityW
0x48300c SetSecurityDescriptorDacl
0x483010 InitializeSecurityDescriptor
0x483014 ConvertSidToStringSidA
0x483018 GetTokenInformation
0x48301c OpenProcessToken
0x483020 RegCloseKey
0x483024 RegQueryValueExA
0x483028 ImpersonateLoggedOnUser
0x48302c RevertToSelf
0x483030 GetUserNameA
0x483034 StartServiceCtrlDispatcherW
0x483038 RegisterServiceCtrlHandlerExA
0x48303c SetServiceStatus
0x483040 SetTokenInformation
0x483044 DuplicateTokenEx
0x483048 CreateProcessAsUserW
0x48304c QueryServiceStatus
0x483050 CloseServiceHandle
0x483054 OpenServiceA
0x483058 OpenSCManagerA
0x48305c CreateServiceW
0x483060 DeleteService
0x483064 ControlService
0x483068 StartServiceA
0x48306c StartServiceW
0x483070 RegCreateKeyExA
0x483074 RegQueryValueExW
0x483078 RegSetValueExW
0x48307c RegSetValueExA
0x483080 RegDeleteKeyA
0x483084 RegDeleteValueW
0x483088 RegCreateKeyExW
0x48308c RegEnumKeyExW
0x483090 RegOpenKeyExW
0x483094 SetEntriesInAclA
0x483098 AllocateAndInitializeSid
SHLWAPI.dll
0x483568 PathGetDriveNumberA
comdlg32.dll
0x4838c4 GetOpenFileNameW
0x4838c8 GetSaveFileNameW
USERENV.dll
0x483824 LoadUserProfileA
0x483828 UnloadUserProfile
COMCTL32.dll
0x4830a0 CreateToolbarEx
0x4830a4 ImageList_Create
0x4830a8 ImageList_Draw
0x4830ac ImageList_Destroy
0x4830b0 None
0x4830b4 ImageList_GetIconSize
0x4830b8 ImageList_ReplaceIcon
0x4830bc ImageList_Add
0x4830c0 ImageList_Duplicate
0x4830c4 _TrackMouseEvent
0x4830c8 CreatePropertySheetPageW
0x4830cc PropertySheetW
WININET.dll
0x483830 HttpSendRequestA
0x483834 HttpQueryInfoA
0x483838 InternetConnectA
0x48383c InternetSetOptionA
0x483840 InternetCloseHandle
0x483844 InternetReadFile
0x483848 InternetOpenA
0x48384c HttpOpenRequestA
DSOUND.dll
0x4830d4 None
0x4830d8 None
0x4830dc None
0x4830e0 None
KERNEL32.dll
0x48318c SizeofResource
0x483190 LoadResource
0x483194 LockResource
0x483198 GetLocalTime
0x48319c TryEnterCriticalSection
0x4831a0 LeaveCriticalSection
0x4831a4 EnterCriticalSection
0x4831a8 DeleteCriticalSection
0x4831ac InitializeCriticalSection
0x4831b0 SetFileTime
0x4831b4 GetFileTime
0x4831b8 OpenMutexA
0x4831bc CreateMutexA
0x4831c0 ResetEvent
0x4831c4 FindResourceExA
0x4831c8 OpenEventA
0x4831cc CreateEventA
0x4831d0 ExitProcess
0x4831d4 SetUnhandledExceptionFilter
0x4831d8 GetSystemDirectoryA
0x4831dc CompareFileTime
0x4831e0 GetSystemTimeAsFileTime
0x4831e4 GetSystemDirectoryW
0x4831e8 lstrcatW
0x4831ec LoadLibraryW
0x4831f0 QueryPerformanceFrequency
0x4831f4 ReadFile
0x4831f8 QueryPerformanceCounter
0x4831fc GetExitCodeProcess
0x483200 BeginUpdateResourceW
0x483204 EndUpdateResourceW
0x483208 UpdateResourceA
0x48320c OpenProcess
0x483210 CreateToolhelp32Snapshot
0x483214 Process32First
0x483218 Process32Next
0x48321c LoadLibraryA
0x483220 FreeLibrary
0x483224 GetFileSize
0x483228 SetFilePointer
0x48322c WriteFile
0x483230 WaitForSingleObject
0x483234 CreateThread
0x483238 GetFileAttributesW
0x48323c GetStartupInfoW
0x483240 CreateProcessW
0x483244 lstrcmpiW
0x483248 lstrcmpW
0x48324c MulDiv
0x483250 FormatMessageW
0x483254 MultiByteToWideChar
0x483258 WideCharToMultiByte
0x48325c GetModuleFileNameW
0x483260 GetComputerNameA
0x483264 LocalAlloc
0x483268 GetExitCodeThread
0x48326c SystemTimeToFileTime
0x483270 MoveFileW
0x483274 DeleteFileW
0x483278 GetTempPathW
0x48327c CreateFileW
0x483280 FindFirstFileW
0x483284 FindClose
0x483288 CreateFileA
0x48328c DeviceIoControl
0x483290 GetUserDefaultUILanguage
0x483294 GetModuleHandleA
0x483298 GetProcAddress
0x48329c GetLocaleInfoA
0x4832a0 CreateDirectoryW
0x4832a4 SetCurrentDirectoryW
0x4832a8 SetProcessShutdownParameters
0x4832ac GetVersionExA
0x4832b0 GetCurrentProcess
0x4832b4 GetLastError
0x4832b8 CloseHandle
0x4832bc LocalFree
0x4832c0 GetCurrentThreadId
0x4832c4 GetCurrentProcessId
0x4832c8 Sleep
0x4832cc GetTickCount
0x4832d0 InterlockedIncrement
0x4832d4 InterlockedDecrement
0x4832d8 lstrlenA
0x4832dc lstrlenW
0x4832e0 TerminateProcess
0x4832e4 GlobalUnlock
0x4832e8 GlobalLock
0x4832ec SystemTimeToTzSpecificLocalTime
0x4832f0 FileTimeToSystemTime
0x4832f4 GetFileSizeEx
0x4832f8 SetEndOfFile
0x4832fc SetFilePointerEx
0x483300 GlobalAlloc
0x483304 GetDriveTypeW
0x483308 RemoveDirectoryW
0x48330c FindNextFileW
0x483310 SetFileAttributesW
0x483314 GetLogicalDrives
0x483318 ProcessIdToSessionId
0x48331c SleepEx
0x483320 CreateDirectoryA
0x483324 DeleteFileA
0x483328 GlobalFree
0x48332c IsBadReadPtr
0x483330 lstrcmpA
0x483334 LocalFileTimeToFileTime
0x483338 WaitNamedPipeW
0x48333c lstrcpyA
0x483340 GetCurrentDirectoryA
0x483344 FindResourceA
0x483348 DuplicateHandle
0x48334c CreateSemaphoreA
0x483350 SetThreadPriority
0x483354 TlsSetValue
0x483358 GetCurrentThread
0x48335c TlsAlloc
0x483360 ResumeThread
0x483364 TlsGetValue
0x483368 InterlockedExchange
0x48336c GetStartupInfoA
0x483370 SetEvent
0x483374 SetLastError
EAT(Export Address Table) is none
WS2_32.dll
0x483854 WSAGetLastError
0x483858 send
0x48385c recv
0x483860 select
0x483864 WSAStartup
0x483868 getpeername
0x48386c getservbyport
0x483870 ntohs
0x483874 gethostbyaddr
0x483878 gethostbyname
0x48387c getservbyname
0x483880 htonl
0x483884 inet_ntoa
0x483888 inet_addr
0x48388c WSAIoctl
0x483890 connect
0x483894 accept
0x483898 htons
0x48389c ind
0x4838a0 listen
0x4838a4 socket
0x4838a8 __WSAFDIsSet
0x4838ac shutdown
0x4838b0 setsockopt
0x4838b4 ioctlsocket
0x4838b8 WSACleanup
0x4838bc closesocket
GDI32.dll
0x4830e8 GetDIBits
0x4830ec CreateCompatibleBitmap
0x4830f0 RealizePalette
0x4830f4 SelectPalette
0x4830f8 CreatePalette
0x4830fc GetSystemPaletteEntries
0x483100 GdiFlush
0x483104 CombineRgn
0x483108 GetRegionData
0x48310c SetStretchBltMode
0x483110 CreateDIBitmap
0x483114 DeleteDC
0x483118 SelectObject
0x48311c CreateCompatibleDC
0x483120 BitBlt
0x483124 SetBkMode
0x483128 CreateFontIndirectA
0x48312c DPtoLP
0x483130 GetDeviceCaps
0x483134 CreateFontA
0x483138 StretchBlt
0x48313c CreateRectRgn
0x483140 ExtTextOutA
0x483144 GetBitmapBits
0x483148 GetObjectA
0x48314c CreateDIBSection
0x483150 SetBitmapBits
0x483154 CreateRectRgnIndirect
0x483158 SelectClipRgn
0x48315c TextOutW
0x483160 CreatePatternBrush
0x483164 SetTextAlign
0x483168 SetBrushOrgEx
0x48316c ExtTextOutW
0x483170 SetTextColor
0x483174 SetBkColor
0x483178 GetTextExtentPoint32W
0x48317c CreateSolidBrush
0x483180 DeleteObject
0x483184 GetStockObject
USER32.dll
0x48358c FindWindowA
0x483590 OpenDesktopA
0x483594 VkKeyScanExA
0x483598 SendMessageTimeoutA
0x48359c LoadIconA
0x4835a0 IntersectRect
0x4835a4 IsWindowVisible
0x4835a8 GetIconInfo
0x4835ac GetCursorInfo
0x4835b0 EqualRect
0x4835b4 OpenInputDesktop
0x4835b8 CloseDesktop
0x4835bc GetUserObjectInformationA
0x4835c0 LoadKeyboardLayoutA
0x4835c4 EmptyClipboard
0x4835c8 SetClipboardData
0x4835cc RegisterClassExA
0x4835d0 GetDesktopWindow
0x4835d4 PeekMessageA
0x4835d8 MsgWaitForMultipleObjects
0x4835dc mouse_event
0x4835e0 MapVirtualKeyA
0x4835e4 LockWorkStation
0x4835e8 SetThreadDesktop
0x4835ec keybd_event
0x4835f0 SetDlgItemTextA
0x4835f4 SetDlgItemInt
0x4835f8 GetKeyboardState
0x4835fc ToAsciiEx
0x483600 DestroyAcceleratorTable
0x483604 TranslateAcceleratorA
0x483608 CreateAcceleratorTableA
0x48360c SetWindowTextA
0x483610 ReleaseCapture
0x483614 SetCapture
0x483618 GetAsyncKeyState
0x48361c GetThreadDesktop
0x483620 SystemParametersInfoW
0x483624 SwitchToThisWindow
0x483628 SendMessageA
0x48362c FindWindowW
0x483630 MessageBoxA
0x483634 ShowWindow
0x483638 wsprintfA
0x48363c RegisterClassExW
0x483640 DestroyCursor
0x483644 MessageBeep
0x483648 wsprintfW
0x48364c SetCursorPos
0x483650 GetClipboardOwner
0x483654 OpenClipboard
0x483658 GetClipboardData
0x48365c CloseClipboard
0x483660 ShowWindowAsync
0x483664 SetScrollInfo
0x483668 GetWindow
0x48366c WindowFromPoint
0x483670 ReleaseDC
0x483674 GetDC
0x483678 DestroyIcon
0x48367c DrawIconEx
0x483680 LoadImageA
0x483684 EnableWindow
0x483688 SetDlgItemTextW
0x48368c DestroyWindow
0x483690 SetWindowPos
0x483694 SetClassLongW
0x483698 InsertMenuItemW
0x48369c ChangeClipboardChain
0x4836a0 MapWindowPoints
0x4836a4 InsertMenuItemA
0x4836a8 EnumWindows
0x4836ac GetClassNameA
0x4836b0 GetWindowTextA
0x4836b4 KillTimer
0x4836b8 GetWindowLongW
0x4836bc PostMessageA
0x4836c0 DrawTextW
0x4836c4 SetRect
0x4836c8 ShowScrollBar
0x4836cc IsIconic
0x4836d0 ScrollWindowEx
0x4836d4 AdjustWindowRectEx
0x4836d8 GetMenuState
0x4836dc GetWindowPlacement
0x4836e0 SetWindowPlacement
0x4836e4 GetSysColorBrush
0x4836e8 AppendMenuW
0x4836ec SetClipboardViewer
0x4836f0 SetWindowsHookExA
0x4836f4 UnhookWindowsHookEx
0x4836f8 DrawTextA
0x4836fc EndDialog
0x483700 CreateDialogParamW
0x483704 DialogBoxParamA
0x483708 CallWindowProcW
0x48370c CallWindowProcA
0x483710 DefWindowProcA
0x483714 IsWindowUnicode
0x483718 GetSystemMenu
0x48371c RedrawWindow
0x483720 InvalidateRect
0x483724 DrawStateA
0x483728 DrawEdge
0x48372c GetClientRect
0x483730 CreateWindowExA
0x483734 IsWindow
0x483738 GetParent
0x48373c GetWindowLongA
0x483740 GetForegroundWindow
0x483744 GetWindowThreadProcessId
0x483748 AttachThreadInput
0x48374c SetActiveWindow
0x483750 SetCursor
0x483754 SetTimer
0x483758 PostThreadMessageA
0x48375c MoveWindow
0x483760 BeginPaint
0x483764 EndPaint
0x483768 GetDlgItemInt
0x48376c SendDlgItemMessageA
0x483770 MapDialogRect
0x483774 SetWindowLongA
0x483778 ClientToScreen
0x48377c LoadCursorA
0x483780 RegisterClassW
0x483784 CreateWindowExW
0x483788 SetWindowLongW
0x48378c UpdateWindow
0x483790 GetMessageA
0x483794 IsDialogMessageA
0x483798 TranslateMessage
0x48379c DispatchMessageA
0x4837a0 ScreenToClient
0x4837a4 SetWindowTextW
0x4837a8 SetMenu
0x4837ac LoadMenuA
0x4837b0 GetMenuItemInfoA
0x4837b4 SetMenuItemInfoA
0x4837b8 GetSubMenu
0x4837bc SetMenuItemInfoW
0x4837c0 GetMenuItemID
0x4837c4 EnableMenuItem
0x4837c8 GetMenuItemCount
0x4837cc CheckMenuItem
0x4837d0 GetKeyState
0x4837d4 SetForegroundWindow
0x4837d8 SetFocus
0x4837dc GetFocus
0x4837e0 PostQuitMessage
0x4837e4 DefWindowProcW
0x4837e8 CreatePopupMenu
0x4837ec GetCursorPos
0x4837f0 TrackPopupMenu
0x4837f4 GetSysColor
0x4837f8 GetSystemMetrics
0x4837fc GetMenuItemInfoW
0x483800 DrawMenuBar
0x483804 AppendMenuA
0x483808 DestroyMenu
0x48380c MessageBoxW
0x483810 GetDlgItem
0x483814 SendMessageW
0x483818 GetWindowRect
0x48381c SystemParametersInfoA
SHELL32.dll
0x483538 SHBrowseForFolderW
0x48353c SHGetPathFromIDListW
0x483540 ShellExecuteA
0x483544 SHGetMalloc
0x483548 ShellExecuteExW
0x48354c SHGetFolderPathA
0x483550 SHGetFolderPathW
0x483554 SHGetFileInfoW
0x483558 ShellExecuteW
0x48355c SHGetSpecialFolderPathW
0x483560 Shell_NotifyIconA
MSVCP60.dll
0x48337c ??1Init@ios_base@std@@QAE@XZ
0x483380 ??0_Winit@std@@QAE@XZ
0x483384 ??1_Winit@std@@QAE@XZ
0x483388 ??0Init@ios_base@std@@QAE@XZ
MSVCRT.dll
0x483390 _strnicmp
0x483394 _strupr
0x483398 _strlwr
0x48339c _controlfp
0x4833a0 _iob
0x4833a4 __set_app_type
0x4833a8 __p__fmode
0x4833ac __p__commode
0x4833b0 _adjust_fdiv
0x4833b4 __setusermatherr
0x4833b8 _initterm
0x4833bc __getmainargs
0x4833c0 _wcsicmp
0x4833c4 wcschr
0x4833c8 __CxxFrameHandler
0x4833cc strlen
0x4833d0 isspace
0x4833d4 memchr
0x4833d8 _errno
0x4833dc strtol
0x4833e0 isdigit
0x4833e4 strstr
0x4833e8 memcpy
0x4833ec ??2@YAPAXI@Z
0x4833f0 _purecall
0x4833f4 free
0x4833f8 memset
0x4833fc malloc
0x483400 sprintf
0x483404 printf
0x483408 fwrite
0x48340c srand
0x483410 time
0x483414 _CxxThrowException
0x483418 rand
0x48341c atol
0x483420 _stricmp
0x483424 isprint
0x483428 tolower
0x48342c strncpy
0x483430 atoi
0x483434 abs
0x483438 wcscpy
0x48343c strcmp
0x483440 strcpy
0x483444 wcslen
0x483448 memcmp
0x48344c iswspace
0x483450 wcsncmp
0x483454 _wtoi
0x483458 _ultow
0x48345c _stat
0x483460 strchr
0x483464 _ftol
0x483468 swprintf
0x48346c strcat
0x483470 strtoul
0x483474 calloc
0x483478 _rotl
0x48347c _rotr
0x483480 fopen
0x483484 fread
0x483488 fclose
0x48348c fseek
0x483490 ftell
0x483494 fflush
0x483498 wcsncpy
0x48349c wcsrchr
0x4834a0 vsprintf
0x4834a4 vswprintf
0x4834a8 memmove
0x4834ac strrchr
0x4834b0 strncmp
0x4834b4 mbstowcs
0x4834b8 wcscmp
0x4834bc wcsstr
0x4834c0 iswdigit
0x4834c4 _beginthreadex
0x4834c8 _endthreadex
0x4834cc atof
0x4834d0 _i64tow
0x4834d4 wcscat
0x4834d8 realloc
0x4834dc exit
0x4834e0 fprintf
0x4834e4 sscanf
0x4834e8 getenv
0x4834ec floor
0x4834f0 fputc
0x4834f4 _CIpow
0x4834f8 _CIacos
0x4834fc ??1type_info@@UAE@XZ
0x483500 __dllonexit
0x483504 _onexit
0x483508 _except_handler3
0x48350c ?terminate@@YAXXZ
0x483510 _exit
0x483514 _XcptFilter
0x483518 _acmdln
Secur32.dll
0x483570 FreeCredentialsHandle
0x483574 InitializeSecurityContextA
0x483578 FreeContextBuffer
0x48357c AcquireCredentialsHandleA
0x483580 CompleteAuthToken
0x483584 QuerySecurityPackageInfoA
SETUPAPI.dll
0x483520 SetupDiEnumDeviceInfo
0x483524 SetupDiGetClassDevsA
0x483528 SetupDiClassGuidsFromNameA
0x48352c SetupDiGetDeviceRegistryPropertyA
0x483530 SetupDiDestroyDeviceInfoList
iphlpapi.dll
0x4838d0 GetAdaptersInfo
ADVAPI32.dll
0x483000 RegOpenKeyExA
0x483004 FreeSid
0x483008 SetFileSecurityW
0x48300c SetSecurityDescriptorDacl
0x483010 InitializeSecurityDescriptor
0x483014 ConvertSidToStringSidA
0x483018 GetTokenInformation
0x48301c OpenProcessToken
0x483020 RegCloseKey
0x483024 RegQueryValueExA
0x483028 ImpersonateLoggedOnUser
0x48302c RevertToSelf
0x483030 GetUserNameA
0x483034 StartServiceCtrlDispatcherW
0x483038 RegisterServiceCtrlHandlerExA
0x48303c SetServiceStatus
0x483040 SetTokenInformation
0x483044 DuplicateTokenEx
0x483048 CreateProcessAsUserW
0x48304c QueryServiceStatus
0x483050 CloseServiceHandle
0x483054 OpenServiceA
0x483058 OpenSCManagerA
0x48305c CreateServiceW
0x483060 DeleteService
0x483064 ControlService
0x483068 StartServiceA
0x48306c StartServiceW
0x483070 RegCreateKeyExA
0x483074 RegQueryValueExW
0x483078 RegSetValueExW
0x48307c RegSetValueExA
0x483080 RegDeleteKeyA
0x483084 RegDeleteValueW
0x483088 RegCreateKeyExW
0x48308c RegEnumKeyExW
0x483090 RegOpenKeyExW
0x483094 SetEntriesInAclA
0x483098 AllocateAndInitializeSid
SHLWAPI.dll
0x483568 PathGetDriveNumberA
comdlg32.dll
0x4838c4 GetOpenFileNameW
0x4838c8 GetSaveFileNameW
USERENV.dll
0x483824 LoadUserProfileA
0x483828 UnloadUserProfile
COMCTL32.dll
0x4830a0 CreateToolbarEx
0x4830a4 ImageList_Create
0x4830a8 ImageList_Draw
0x4830ac ImageList_Destroy
0x4830b0 None
0x4830b4 ImageList_GetIconSize
0x4830b8 ImageList_ReplaceIcon
0x4830bc ImageList_Add
0x4830c0 ImageList_Duplicate
0x4830c4 _TrackMouseEvent
0x4830c8 CreatePropertySheetPageW
0x4830cc PropertySheetW
WININET.dll
0x483830 HttpSendRequestA
0x483834 HttpQueryInfoA
0x483838 InternetConnectA
0x48383c InternetSetOptionA
0x483840 InternetCloseHandle
0x483844 InternetReadFile
0x483848 InternetOpenA
0x48384c HttpOpenRequestA
DSOUND.dll
0x4830d4 None
0x4830d8 None
0x4830dc None
0x4830e0 None
KERNEL32.dll
0x48318c SizeofResource
0x483190 LoadResource
0x483194 LockResource
0x483198 GetLocalTime
0x48319c TryEnterCriticalSection
0x4831a0 LeaveCriticalSection
0x4831a4 EnterCriticalSection
0x4831a8 DeleteCriticalSection
0x4831ac InitializeCriticalSection
0x4831b0 SetFileTime
0x4831b4 GetFileTime
0x4831b8 OpenMutexA
0x4831bc CreateMutexA
0x4831c0 ResetEvent
0x4831c4 FindResourceExA
0x4831c8 OpenEventA
0x4831cc CreateEventA
0x4831d0 ExitProcess
0x4831d4 SetUnhandledExceptionFilter
0x4831d8 GetSystemDirectoryA
0x4831dc CompareFileTime
0x4831e0 GetSystemTimeAsFileTime
0x4831e4 GetSystemDirectoryW
0x4831e8 lstrcatW
0x4831ec LoadLibraryW
0x4831f0 QueryPerformanceFrequency
0x4831f4 ReadFile
0x4831f8 QueryPerformanceCounter
0x4831fc GetExitCodeProcess
0x483200 BeginUpdateResourceW
0x483204 EndUpdateResourceW
0x483208 UpdateResourceA
0x48320c OpenProcess
0x483210 CreateToolhelp32Snapshot
0x483214 Process32First
0x483218 Process32Next
0x48321c LoadLibraryA
0x483220 FreeLibrary
0x483224 GetFileSize
0x483228 SetFilePointer
0x48322c WriteFile
0x483230 WaitForSingleObject
0x483234 CreateThread
0x483238 GetFileAttributesW
0x48323c GetStartupInfoW
0x483240 CreateProcessW
0x483244 lstrcmpiW
0x483248 lstrcmpW
0x48324c MulDiv
0x483250 FormatMessageW
0x483254 MultiByteToWideChar
0x483258 WideCharToMultiByte
0x48325c GetModuleFileNameW
0x483260 GetComputerNameA
0x483264 LocalAlloc
0x483268 GetExitCodeThread
0x48326c SystemTimeToFileTime
0x483270 MoveFileW
0x483274 DeleteFileW
0x483278 GetTempPathW
0x48327c CreateFileW
0x483280 FindFirstFileW
0x483284 FindClose
0x483288 CreateFileA
0x48328c DeviceIoControl
0x483290 GetUserDefaultUILanguage
0x483294 GetModuleHandleA
0x483298 GetProcAddress
0x48329c GetLocaleInfoA
0x4832a0 CreateDirectoryW
0x4832a4 SetCurrentDirectoryW
0x4832a8 SetProcessShutdownParameters
0x4832ac GetVersionExA
0x4832b0 GetCurrentProcess
0x4832b4 GetLastError
0x4832b8 CloseHandle
0x4832bc LocalFree
0x4832c0 GetCurrentThreadId
0x4832c4 GetCurrentProcessId
0x4832c8 Sleep
0x4832cc GetTickCount
0x4832d0 InterlockedIncrement
0x4832d4 InterlockedDecrement
0x4832d8 lstrlenA
0x4832dc lstrlenW
0x4832e0 TerminateProcess
0x4832e4 GlobalUnlock
0x4832e8 GlobalLock
0x4832ec SystemTimeToTzSpecificLocalTime
0x4832f0 FileTimeToSystemTime
0x4832f4 GetFileSizeEx
0x4832f8 SetEndOfFile
0x4832fc SetFilePointerEx
0x483300 GlobalAlloc
0x483304 GetDriveTypeW
0x483308 RemoveDirectoryW
0x48330c FindNextFileW
0x483310 SetFileAttributesW
0x483314 GetLogicalDrives
0x483318 ProcessIdToSessionId
0x48331c SleepEx
0x483320 CreateDirectoryA
0x483324 DeleteFileA
0x483328 GlobalFree
0x48332c IsBadReadPtr
0x483330 lstrcmpA
0x483334 LocalFileTimeToFileTime
0x483338 WaitNamedPipeW
0x48333c lstrcpyA
0x483340 GetCurrentDirectoryA
0x483344 FindResourceA
0x483348 DuplicateHandle
0x48334c CreateSemaphoreA
0x483350 SetThreadPriority
0x483354 TlsSetValue
0x483358 GetCurrentThread
0x48335c TlsAlloc
0x483360 ResumeThread
0x483364 TlsGetValue
0x483368 InterlockedExchange
0x48336c GetStartupInfoA
0x483370 SetEvent
0x483374 SetLastError
EAT(Export Address Table) is none