ScreenShot
| Created | 2024.10.17 10:42 | Machine | s1_win7_x6401 |
| Filename | aa_v3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 52 detected (Ammyy, Malicious, score, RemAdm, RemoteAdmin, Unsafe, Vo0h, grayware, confidence, 100%, Hacktool, Remacc, high confidence, B potentially unsafe, MiscX, aagu, hvrqcz, CLASSIC, Tool, remote, access, Generic ML PUA, Static AI, Suspicious PE, Detected, Malware@#10h2cm3e0pdkq, AmmyyAdmin, ABApplication, YPZL, R278120, R002H07HC23, Igent, bUpDWV, Atncz) | ||
| md5 | 9054fe003778dd05b3b1438d236963ae | ||
| sha256 | 7faba6269c05fdda9ee0045aebb835161f0f5d7405e60db1471172bc4e674bda | ||
| ssdeep | 12288:L0FiXLbDZvJvSGYSYLAF7CLuERtvE6UWyTfyapfEVvpugH:Io75vJvSjSP7zERt86xy7Lp6p7H | ||
| imphash | aab70a9cced02bd065fc31c24eedf2cc | ||
| impfuzzy | 192:t/c+rxz0t72bjuHhR57JavHmlpXDLNWDbwAfU9q8mtnUFn:EE/8fVJavGlpX/Nkc9q8m5Cn | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Ammy_Admin_r0d | Ammy Admin | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (12cnts) ?
Suricata ids
ET POLICY IP Check (rl. ammyy. com)
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x48985c WSAGetLastError
0x489860 send
0x489864 recv
0x489868 select
0x48986c WSAStartup
0x489870 getpeername
0x489874 getservbyport
0x489878 ntohs
0x48987c gethostbyaddr
0x489880 gethostbyname
0x489884 inet_addr
0x489888 getservbyname
0x48988c htonl
0x489890 inet_ntoa
0x489894 WSAIoctl
0x489898 connect
0x48989c accept
0x4898a0 htons
0x4898a4 ind
0x4898a8 listen
0x4898ac socket
0x4898b0 __WSAFDIsSet
0x4898b4 shutdown
0x4898b8 setsockopt
0x4898bc ioctlsocket
0x4898c0 WSACleanup
0x4898c4 closesocket
GDI32.dll
0x4890e8 SetStretchBltMode
0x4890ec LineTo
0x4890f0 MoveToEx
0x4890f4 Ellipse
0x4890f8 GetDIBits
0x4890fc CreateCompatibleBitmap
0x489100 RealizePalette
0x489104 SelectPalette
0x489108 CreatePalette
0x48910c GetSystemPaletteEntries
0x489110 GdiFlush
0x489114 CombineRgn
0x489118 StretchBlt
0x48911c CreateDIBitmap
0x489120 DeleteDC
0x489124 SetBkMode
0x489128 SelectObject
0x48912c CreateCompatibleDC
0x489130 CreatePatternBrush
0x489134 GetBitmapBits
0x489138 GetObjectA
0x48913c BitBlt
0x489140 CreateFontIndirectA
0x489144 DPtoLP
0x489148 CreateRectRgn
0x48914c ExtTextOutA
0x489150 CreateDIBSection
0x489154 SetBitmapBits
0x489158 CreateRectRgnIndirect
0x48915c SelectClipRgn
0x489160 TextOutW
0x489164 SetTextAlign
0x489168 SetBrushOrgEx
0x48916c ExtTextOutW
0x489170 SetTextColor
0x489174 SetBkColor
0x489178 GetTextExtentPoint32W
0x48917c CreateFontA
0x489180 CreateFontIndirectW
0x489184 GetStockObject
0x489188 GetRegionData
0x48918c CreateSolidBrush
0x489190 DeleteObject
0x489194 GetDeviceCaps
USER32.dll
0x489594 LoadIconA
0x489598 FindWindowA
0x48959c OpenDesktopA
0x4895a0 SendMessageTimeoutA
0x4895a4 IntersectRect
0x4895a8 IsWindowVisible
0x4895ac EqualRect
0x4895b0 EnumDisplaySettingsExW
0x4895b4 EnumDisplayDevicesW
0x4895b8 GetCursorInfo
0x4895bc OpenInputDesktop
0x4895c0 CloseDesktop
0x4895c4 GetUserObjectInformationA
0x4895c8 GetThreadDesktop
0x4895cc GetClipboardData
0x4895d0 OpenClipboard
0x4895d4 EmptyClipboard
0x4895d8 CloseClipboard
0x4895dc SetClipboardData
0x4895e0 RegisterClassExA
0x4895e4 PeekMessageA
0x4895e8 MsgWaitForMultipleObjects
0x4895ec MapVirtualKeyW
0x4895f0 SendInput
0x4895f4 LockWorkStation
0x4895f8 SetThreadDesktop
0x4895fc SetDlgItemTextA
0x489600 SetDlgItemInt
0x489604 CallNextHookEx
0x489608 SetWindowsHookExA
0x48960c UnhookWindowsHookEx
0x489610 DestroyAcceleratorTable
0x489614 TranslateAcceleratorA
0x489618 CreateAcceleratorTableA
0x48961c SetWindowTextA
0x489620 ReleaseCapture
0x489624 SetCapture
0x489628 GetAsyncKeyState
0x48962c SwitchToThisWindow
0x489630 SendMessageA
0x489634 FindWindowW
0x489638 MessageBoxA
0x48963c ShowWindow
0x489640 wsprintfA
0x489644 RegisterClassExW
0x489648 DestroyCursor
0x48964c MessageBeep
0x489650 wsprintfW
0x489654 SetCursorPos
0x489658 ShowWindowAsync
0x48965c GetClipboardOwner
0x489660 GetWindowDC
0x489664 SetScrollInfo
0x489668 GetWindow
0x48966c WindowFromPoint
0x489670 SetClassLongW
0x489674 ChangeClipboardChain
0x489678 ReleaseDC
0x48967c GetDC
0x489680 DestroyIcon
0x489684 LoadImageA
0x489688 GetIconInfo
0x48968c EnableWindow
0x489690 SetDlgItemTextW
0x489694 DestroyWindow
0x489698 SetWindowPos
0x48969c MapWindowPoints
0x4896a0 InsertMenuItemW
0x4896a4 InsertMenuItemA
0x4896a8 EnumWindows
0x4896ac GetClassNameA
0x4896b0 GetWindowTextA
0x4896b4 KillTimer
0x4896b8 GetWindowLongW
0x4896bc PostMessageA
0x4896c0 DrawTextW
0x4896c4 SetRect
0x4896c8 ShowScrollBar
0x4896cc IsIconic
0x4896d0 ScrollWindowEx
0x4896d4 AdjustWindowRectEx
0x4896d8 GetMenuState
0x4896dc GetWindowPlacement
0x4896e0 SetWindowPlacement
0x4896e4 GetSysColorBrush
0x4896e8 AppendMenuW
0x4896ec SetClipboardViewer
0x4896f0 DrawTextA
0x4896f4 EndDialog
0x4896f8 CreateDialogParamW
0x4896fc DialogBoxParamW
0x489700 CallWindowProcW
0x489704 CallWindowProcA
0x489708 DefWindowProcA
0x48970c IsWindowUnicode
0x489710 GetSystemMenu
0x489714 RedrawWindow
0x489718 ScreenToClient
0x48971c DrawStateA
0x489720 DrawEdge
0x489724 GetClientRect
0x489728 CreateWindowExA
0x48972c IsWindow
0x489730 GetParent
0x489734 GetWindowLongA
0x489738 MonitorFromWindow
0x48973c GetMonitorInfoW
0x489740 EnumDisplaySettingsW
0x489744 GetForegroundWindow
0x489748 GetWindowThreadProcessId
0x48974c AttachThreadInput
0x489750 SetActiveWindow
0x489754 SetCursor
0x489758 SetTimer
0x48975c PostThreadMessageA
0x489760 MoveWindow
0x489764 BeginPaint
0x489768 EndPaint
0x48976c GetDlgItemInt
0x489770 SendDlgItemMessageA
0x489774 MapDialogRect
0x489778 SetWindowLongA
0x48977c ClientToScreen
0x489780 LoadCursorA
0x489784 RegisterClassW
0x489788 CreateWindowExW
0x48978c SetWindowLongW
0x489790 GetMessageA
0x489794 IsDialogMessageA
0x489798 TranslateMessage
0x48979c DispatchMessageA
0x4897a0 SetWindowTextW
0x4897a4 SetMenu
0x4897a8 LoadMenuA
0x4897ac GetMenuItemInfoA
0x4897b0 SetMenuItemInfoA
0x4897b4 GetSubMenu
0x4897b8 SetMenuItemInfoW
0x4897bc GetMenuItemID
0x4897c0 EnableMenuItem
0x4897c4 GetMenuItemCount
0x4897c8 CheckMenuItem
0x4897cc GetKeyState
0x4897d0 InvalidateRect
0x4897d4 UpdateWindow
0x4897d8 SetForegroundWindow
0x4897dc SetFocus
0x4897e0 GetFocus
0x4897e4 PostQuitMessage
0x4897e8 DefWindowProcW
0x4897ec CreatePopupMenu
0x4897f0 GetCursorPos
0x4897f4 TrackPopupMenu
0x4897f8 GetSysColor
0x4897fc GetSystemMetrics
0x489800 GetMenuItemInfoW
0x489804 DrawMenuBar
0x489808 AppendMenuA
0x48980c SystemParametersInfoW
0x489810 DestroyMenu
0x489814 GetDlgItem
0x489818 MessageBoxW
0x48981c SendMessageW
0x489820 GetWindowRect
0x489824 SystemParametersInfoA
SHELL32.dll
0x48953c SHBrowseForFolderW
0x489540 SHGetPathFromIDListW
0x489544 ShellExecuteA
0x489548 SHGetMalloc
0x48954c SHGetFolderPathW
0x489550 SHGetFolderPathA
0x489554 ShellExecuteExW
0x489558 SHGetFileInfoW
0x48955c ShellExecuteW
0x489560 None
0x489564 SHGetSpecialFolderPathW
0x489568 Shell_NotifyIconA
MSVCRT.dll
0x48938c _strnicmp
0x489390 _strupr
0x489394 _strlwr
0x489398 _wcsicmp
0x48939c strchr
0x4893a0 _controlfp
0x4893a4 _iob
0x4893a8 __set_app_type
0x4893ac __p__fmode
0x4893b0 __p__commode
0x4893b4 _adjust_fdiv
0x4893b8 __setusermatherr
0x4893bc _initterm
0x4893c0 __getmainargs
0x4893c4 _acmdln
0x4893c8 _XcptFilter
0x4893cc __CxxFrameHandler
0x4893d0 strlen
0x4893d4 isspace
0x4893d8 memchr
0x4893dc _errno
0x4893e0 strtol
0x4893e4 isdigit
0x4893e8 strstr
0x4893ec memcpy
0x4893f0 ??2@YAPAXI@Z
0x4893f4 _purecall
0x4893f8 free
0x4893fc memset
0x489400 malloc
0x489404 sprintf
0x489408 printf
0x48940c fwrite
0x489410 srand
0x489414 time
0x489418 _CxxThrowException
0x48941c rand
0x489420 atol
0x489424 memcmp
0x489428 isprint
0x48942c tolower
0x489430 strncpy
0x489434 _stricmp
0x489438 wcslen
0x48943c atoi
0x489440 abs
0x489444 wcscpy
0x489448 strcmp
0x48944c strcpy
0x489450 iswspace
0x489454 wcsncmp
0x489458 _wtoi
0x48945c _ultow
0x489460 wcschr
0x489464 _stat
0x489468 swprintf
0x48946c _ftol
0x489470 strcat
0x489474 strtoul
0x489478 calloc
0x48947c _rotl
0x489480 _rotr
0x489484 fopen
0x489488 fread
0x48948c fclose
0x489490 fseek
0x489494 ftell
0x489498 fflush
0x48949c wcsncpy
0x4894a0 wcsrchr
0x4894a4 vsprintf
0x4894a8 memmove
0x4894ac strrchr
0x4894b0 strncmp
0x4894b4 mbstowcs
0x4894b8 wcscmp
0x4894bc wcsstr
0x4894c0 vswprintf
0x4894c4 iswdigit
0x4894c8 _beginthreadex
0x4894cc _endthreadex
0x4894d0 cos
0x4894d4 floor
0x4894d8 sin
0x4894dc atof
0x4894e0 _i64tow
0x4894e4 wcscat
0x4894e8 realloc
0x4894ec exit
0x4894f0 fprintf
0x4894f4 sscanf
0x4894f8 getenv
0x4894fc fputc
0x489500 _CIpow
0x489504 _CIacos
0x489508 ??1type_info@@UAE@XZ
0x48950c __dllonexit
0x489510 _onexit
0x489514 _except_handler3
0x489518 ?terminate@@YAXXZ
0x48951c _exit
Secur32.dll
0x489578 FreeCredentialsHandle
0x48957c InitializeSecurityContextA
0x489580 QuerySecurityPackageInfoA
0x489584 AcquireCredentialsHandleA
0x489588 FreeContextBuffer
0x48958c CompleteAuthToken
SHLWAPI.dll
0x489570 PathGetDriveNumberA
SETUPAPI.dll
0x489524 SetupDiDestroyDeviceInfoList
0x489528 SetupDiEnumDeviceInfo
0x48952c SetupDiGetClassDevsA
0x489530 SetupDiClassGuidsFromNameA
0x489534 SetupDiGetDeviceRegistryPropertyA
iphlpapi.dll
0x4898d8 GetAdaptersInfo
ADVAPI32.dll
0x489000 ConvertSidToStringSidA
0x489004 GetTokenInformation
0x489008 OpenProcessToken
0x48900c RegCloseKey
0x489010 RegQueryValueExA
0x489014 RegOpenKeyExA
0x489018 FreeSid
0x48901c SetFileSecurityW
0x489020 SetSecurityDescriptorDacl
0x489024 InitializeSecurityDescriptor
0x489028 AllocateAndInitializeSid
0x48902c ImpersonateLoggedOnUser
0x489030 RevertToSelf
0x489034 GetUserNameA
0x489038 StartServiceCtrlDispatcherW
0x48903c RegisterServiceCtrlHandlerExA
0x489040 SetServiceStatus
0x489044 SetTokenInformation
0x489048 DuplicateTokenEx
0x48904c CreateProcessAsUserW
0x489050 QueryServiceStatus
0x489054 CloseServiceHandle
0x489058 OpenServiceA
0x48905c OpenSCManagerA
0x489060 CreateServiceW
0x489064 DeleteService
0x489068 ControlService
0x48906c StartServiceA
0x489070 StartServiceW
0x489074 RegCreateKeyExA
0x489078 RegQueryValueExW
0x48907c RegSetValueExW
0x489080 RegSetValueExA
0x489084 RegDeleteKeyA
0x489088 RegDeleteValueW
0x48908c RegCreateKeyExW
0x489090 RegEnumKeyExW
0x489094 RegOpenKeyExW
0x489098 SetEntriesInAclA
comdlg32.dll
0x4898cc GetOpenFileNameW
0x4898d0 GetSaveFileNameW
USERENV.dll
0x48982c LoadUserProfileA
0x489830 UnloadUserProfile
COMCTL32.dll
0x4890a0 CreateToolbarEx
0x4890a4 ImageList_Create
0x4890a8 ImageList_Draw
0x4890ac ImageList_Destroy
0x4890b0 None
0x4890b4 ImageList_GetIconSize
0x4890b8 ImageList_ReplaceIcon
0x4890bc ImageList_Add
0x4890c0 ImageList_Duplicate
0x4890c4 _TrackMouseEvent
0x4890c8 CreatePropertySheetPageW
0x4890cc PropertySheetW
WININET.dll
0x489838 HttpSendRequestA
0x48983c HttpQueryInfoA
0x489840 InternetConnectA
0x489844 InternetSetOptionA
0x489848 InternetCloseHandle
0x48984c InternetReadFile
0x489850 InternetOpenA
0x489854 HttpOpenRequestA
DSOUND.dll
0x4890d4 None
0x4890d8 None
0x4890dc None
0x4890e0 None
KERNEL32.dll
0x48919c SizeofResource
0x4891a0 LoadResource
0x4891a4 LockResource
0x4891a8 GetLocalTime
0x4891ac TryEnterCriticalSection
0x4891b0 LeaveCriticalSection
0x4891b4 EnterCriticalSection
0x4891b8 DeleteCriticalSection
0x4891bc InitializeCriticalSection
0x4891c0 SetFileTime
0x4891c4 GetFileTime
0x4891c8 OpenMutexA
0x4891cc CreateMutexA
0x4891d0 FindResourceExA
0x4891d4 SetEvent
0x4891d8 OpenEventA
0x4891dc CreateEventA
0x4891e0 ExitProcess
0x4891e4 SetUnhandledExceptionFilter
0x4891e8 GetSystemDirectoryA
0x4891ec CompareFileTime
0x4891f0 GetSystemTimeAsFileTime
0x4891f4 GetSystemDirectoryW
0x4891f8 lstrcatW
0x4891fc FileTimeToSystemTime
0x489200 WaitNamedPipeW
0x489204 ReadFile
0x489208 SetLastError
0x48920c GetExitCodeProcess
0x489210 WaitForSingleObject
0x489214 BeginUpdateResourceW
0x489218 EndUpdateResourceW
0x48921c UpdateResourceA
0x489220 CreateThread
0x489224 OpenProcess
0x489228 CreateToolhelp32Snapshot
0x48922c Process32First
0x489230 Process32Next
0x489234 LoadLibraryA
0x489238 FreeLibrary
0x48923c GetFileSize
0x489240 SetFilePointer
0x489244 WriteFile
0x489248 GetFileAttributesW
0x48924c lstrcmpiW
0x489250 lstrcmpW
0x489254 MulDiv
0x489258 FormatMessageW
0x48925c MultiByteToWideChar
0x489260 WideCharToMultiByte
0x489264 GetModuleFileNameW
0x489268 GetComputerNameA
0x48926c LocalAlloc
0x489270 GetExitCodeThread
0x489274 SystemTimeToFileTime
0x489278 MoveFileW
0x48927c DeleteFileW
0x489280 GetTempPathW
0x489284 CreateFileW
0x489288 FindFirstFileW
0x48928c FindClose
0x489290 GetUserDefaultUILanguage
0x489294 GetLocaleInfoA
0x489298 CreateDirectoryW
0x48929c SetCurrentDirectoryW
0x4892a0 GetStartupInfoW
0x4892a4 CreateProcessW
0x4892a8 GetModuleHandleA
0x4892ac GetProcAddress
0x4892b0 SetProcessShutdownParameters
0x4892b4 GetVersionExA
0x4892b8 GetCurrentProcess
0x4892bc LocalFree
0x4892c0 GetCurrentThreadId
0x4892c4 CloseHandle
0x4892c8 DeviceIoControl
0x4892cc CreateFileA
0x4892d0 GetLastError
0x4892d4 GetCurrentProcessId
0x4892d8 Sleep
0x4892dc GetTickCount
0x4892e0 QueryPerformanceFrequency
0x4892e4 QueryPerformanceCounter
0x4892e8 InterlockedIncrement
0x4892ec InterlockedDecrement
0x4892f0 lstrlenA
0x4892f4 lstrlenW
0x4892f8 TerminateProcess
0x4892fc SystemTimeToTzSpecificLocalTime
0x489300 GetFileSizeEx
0x489304 SetEndOfFile
0x489308 SetFilePointerEx
0x48930c GlobalUnlock
0x489310 GlobalLock
0x489314 GlobalAlloc
0x489318 GetDriveTypeW
0x48931c RemoveDirectoryW
0x489320 FindNextFileW
0x489324 SetFileAttributesW
0x489328 GetLogicalDrives
0x48932c ProcessIdToSessionId
0x489330 SleepEx
0x489334 CreateDirectoryA
0x489338 DeleteFileA
0x48933c GlobalFree
0x489340 IsBadReadPtr
0x489344 lstrcmpA
0x489348 LocalFileTimeToFileTime
0x48934c LoadLibraryW
0x489350 lstrcpyA
0x489354 GetCurrentDirectoryA
0x489358 FindResourceA
0x48935c DuplicateHandle
0x489360 CreateSemaphoreA
0x489364 SetThreadPriority
0x489368 TlsSetValue
0x48936c GetCurrentThread
0x489370 TlsAlloc
0x489374 ResumeThread
0x489378 TlsGetValue
0x48937c InterlockedExchange
0x489380 GetStartupInfoA
0x489384 ResetEvent
EAT(Export Address Table) is none
WS2_32.dll
0x48985c WSAGetLastError
0x489860 send
0x489864 recv
0x489868 select
0x48986c WSAStartup
0x489870 getpeername
0x489874 getservbyport
0x489878 ntohs
0x48987c gethostbyaddr
0x489880 gethostbyname
0x489884 inet_addr
0x489888 getservbyname
0x48988c htonl
0x489890 inet_ntoa
0x489894 WSAIoctl
0x489898 connect
0x48989c accept
0x4898a0 htons
0x4898a4 ind
0x4898a8 listen
0x4898ac socket
0x4898b0 __WSAFDIsSet
0x4898b4 shutdown
0x4898b8 setsockopt
0x4898bc ioctlsocket
0x4898c0 WSACleanup
0x4898c4 closesocket
GDI32.dll
0x4890e8 SetStretchBltMode
0x4890ec LineTo
0x4890f0 MoveToEx
0x4890f4 Ellipse
0x4890f8 GetDIBits
0x4890fc CreateCompatibleBitmap
0x489100 RealizePalette
0x489104 SelectPalette
0x489108 CreatePalette
0x48910c GetSystemPaletteEntries
0x489110 GdiFlush
0x489114 CombineRgn
0x489118 StretchBlt
0x48911c CreateDIBitmap
0x489120 DeleteDC
0x489124 SetBkMode
0x489128 SelectObject
0x48912c CreateCompatibleDC
0x489130 CreatePatternBrush
0x489134 GetBitmapBits
0x489138 GetObjectA
0x48913c BitBlt
0x489140 CreateFontIndirectA
0x489144 DPtoLP
0x489148 CreateRectRgn
0x48914c ExtTextOutA
0x489150 CreateDIBSection
0x489154 SetBitmapBits
0x489158 CreateRectRgnIndirect
0x48915c SelectClipRgn
0x489160 TextOutW
0x489164 SetTextAlign
0x489168 SetBrushOrgEx
0x48916c ExtTextOutW
0x489170 SetTextColor
0x489174 SetBkColor
0x489178 GetTextExtentPoint32W
0x48917c CreateFontA
0x489180 CreateFontIndirectW
0x489184 GetStockObject
0x489188 GetRegionData
0x48918c CreateSolidBrush
0x489190 DeleteObject
0x489194 GetDeviceCaps
USER32.dll
0x489594 LoadIconA
0x489598 FindWindowA
0x48959c OpenDesktopA
0x4895a0 SendMessageTimeoutA
0x4895a4 IntersectRect
0x4895a8 IsWindowVisible
0x4895ac EqualRect
0x4895b0 EnumDisplaySettingsExW
0x4895b4 EnumDisplayDevicesW
0x4895b8 GetCursorInfo
0x4895bc OpenInputDesktop
0x4895c0 CloseDesktop
0x4895c4 GetUserObjectInformationA
0x4895c8 GetThreadDesktop
0x4895cc GetClipboardData
0x4895d0 OpenClipboard
0x4895d4 EmptyClipboard
0x4895d8 CloseClipboard
0x4895dc SetClipboardData
0x4895e0 RegisterClassExA
0x4895e4 PeekMessageA
0x4895e8 MsgWaitForMultipleObjects
0x4895ec MapVirtualKeyW
0x4895f0 SendInput
0x4895f4 LockWorkStation
0x4895f8 SetThreadDesktop
0x4895fc SetDlgItemTextA
0x489600 SetDlgItemInt
0x489604 CallNextHookEx
0x489608 SetWindowsHookExA
0x48960c UnhookWindowsHookEx
0x489610 DestroyAcceleratorTable
0x489614 TranslateAcceleratorA
0x489618 CreateAcceleratorTableA
0x48961c SetWindowTextA
0x489620 ReleaseCapture
0x489624 SetCapture
0x489628 GetAsyncKeyState
0x48962c SwitchToThisWindow
0x489630 SendMessageA
0x489634 FindWindowW
0x489638 MessageBoxA
0x48963c ShowWindow
0x489640 wsprintfA
0x489644 RegisterClassExW
0x489648 DestroyCursor
0x48964c MessageBeep
0x489650 wsprintfW
0x489654 SetCursorPos
0x489658 ShowWindowAsync
0x48965c GetClipboardOwner
0x489660 GetWindowDC
0x489664 SetScrollInfo
0x489668 GetWindow
0x48966c WindowFromPoint
0x489670 SetClassLongW
0x489674 ChangeClipboardChain
0x489678 ReleaseDC
0x48967c GetDC
0x489680 DestroyIcon
0x489684 LoadImageA
0x489688 GetIconInfo
0x48968c EnableWindow
0x489690 SetDlgItemTextW
0x489694 DestroyWindow
0x489698 SetWindowPos
0x48969c MapWindowPoints
0x4896a0 InsertMenuItemW
0x4896a4 InsertMenuItemA
0x4896a8 EnumWindows
0x4896ac GetClassNameA
0x4896b0 GetWindowTextA
0x4896b4 KillTimer
0x4896b8 GetWindowLongW
0x4896bc PostMessageA
0x4896c0 DrawTextW
0x4896c4 SetRect
0x4896c8 ShowScrollBar
0x4896cc IsIconic
0x4896d0 ScrollWindowEx
0x4896d4 AdjustWindowRectEx
0x4896d8 GetMenuState
0x4896dc GetWindowPlacement
0x4896e0 SetWindowPlacement
0x4896e4 GetSysColorBrush
0x4896e8 AppendMenuW
0x4896ec SetClipboardViewer
0x4896f0 DrawTextA
0x4896f4 EndDialog
0x4896f8 CreateDialogParamW
0x4896fc DialogBoxParamW
0x489700 CallWindowProcW
0x489704 CallWindowProcA
0x489708 DefWindowProcA
0x48970c IsWindowUnicode
0x489710 GetSystemMenu
0x489714 RedrawWindow
0x489718 ScreenToClient
0x48971c DrawStateA
0x489720 DrawEdge
0x489724 GetClientRect
0x489728 CreateWindowExA
0x48972c IsWindow
0x489730 GetParent
0x489734 GetWindowLongA
0x489738 MonitorFromWindow
0x48973c GetMonitorInfoW
0x489740 EnumDisplaySettingsW
0x489744 GetForegroundWindow
0x489748 GetWindowThreadProcessId
0x48974c AttachThreadInput
0x489750 SetActiveWindow
0x489754 SetCursor
0x489758 SetTimer
0x48975c PostThreadMessageA
0x489760 MoveWindow
0x489764 BeginPaint
0x489768 EndPaint
0x48976c GetDlgItemInt
0x489770 SendDlgItemMessageA
0x489774 MapDialogRect
0x489778 SetWindowLongA
0x48977c ClientToScreen
0x489780 LoadCursorA
0x489784 RegisterClassW
0x489788 CreateWindowExW
0x48978c SetWindowLongW
0x489790 GetMessageA
0x489794 IsDialogMessageA
0x489798 TranslateMessage
0x48979c DispatchMessageA
0x4897a0 SetWindowTextW
0x4897a4 SetMenu
0x4897a8 LoadMenuA
0x4897ac GetMenuItemInfoA
0x4897b0 SetMenuItemInfoA
0x4897b4 GetSubMenu
0x4897b8 SetMenuItemInfoW
0x4897bc GetMenuItemID
0x4897c0 EnableMenuItem
0x4897c4 GetMenuItemCount
0x4897c8 CheckMenuItem
0x4897cc GetKeyState
0x4897d0 InvalidateRect
0x4897d4 UpdateWindow
0x4897d8 SetForegroundWindow
0x4897dc SetFocus
0x4897e0 GetFocus
0x4897e4 PostQuitMessage
0x4897e8 DefWindowProcW
0x4897ec CreatePopupMenu
0x4897f0 GetCursorPos
0x4897f4 TrackPopupMenu
0x4897f8 GetSysColor
0x4897fc GetSystemMetrics
0x489800 GetMenuItemInfoW
0x489804 DrawMenuBar
0x489808 AppendMenuA
0x48980c SystemParametersInfoW
0x489810 DestroyMenu
0x489814 GetDlgItem
0x489818 MessageBoxW
0x48981c SendMessageW
0x489820 GetWindowRect
0x489824 SystemParametersInfoA
SHELL32.dll
0x48953c SHBrowseForFolderW
0x489540 SHGetPathFromIDListW
0x489544 ShellExecuteA
0x489548 SHGetMalloc
0x48954c SHGetFolderPathW
0x489550 SHGetFolderPathA
0x489554 ShellExecuteExW
0x489558 SHGetFileInfoW
0x48955c ShellExecuteW
0x489560 None
0x489564 SHGetSpecialFolderPathW
0x489568 Shell_NotifyIconA
MSVCRT.dll
0x48938c _strnicmp
0x489390 _strupr
0x489394 _strlwr
0x489398 _wcsicmp
0x48939c strchr
0x4893a0 _controlfp
0x4893a4 _iob
0x4893a8 __set_app_type
0x4893ac __p__fmode
0x4893b0 __p__commode
0x4893b4 _adjust_fdiv
0x4893b8 __setusermatherr
0x4893bc _initterm
0x4893c0 __getmainargs
0x4893c4 _acmdln
0x4893c8 _XcptFilter
0x4893cc __CxxFrameHandler
0x4893d0 strlen
0x4893d4 isspace
0x4893d8 memchr
0x4893dc _errno
0x4893e0 strtol
0x4893e4 isdigit
0x4893e8 strstr
0x4893ec memcpy
0x4893f0 ??2@YAPAXI@Z
0x4893f4 _purecall
0x4893f8 free
0x4893fc memset
0x489400 malloc
0x489404 sprintf
0x489408 printf
0x48940c fwrite
0x489410 srand
0x489414 time
0x489418 _CxxThrowException
0x48941c rand
0x489420 atol
0x489424 memcmp
0x489428 isprint
0x48942c tolower
0x489430 strncpy
0x489434 _stricmp
0x489438 wcslen
0x48943c atoi
0x489440 abs
0x489444 wcscpy
0x489448 strcmp
0x48944c strcpy
0x489450 iswspace
0x489454 wcsncmp
0x489458 _wtoi
0x48945c _ultow
0x489460 wcschr
0x489464 _stat
0x489468 swprintf
0x48946c _ftol
0x489470 strcat
0x489474 strtoul
0x489478 calloc
0x48947c _rotl
0x489480 _rotr
0x489484 fopen
0x489488 fread
0x48948c fclose
0x489490 fseek
0x489494 ftell
0x489498 fflush
0x48949c wcsncpy
0x4894a0 wcsrchr
0x4894a4 vsprintf
0x4894a8 memmove
0x4894ac strrchr
0x4894b0 strncmp
0x4894b4 mbstowcs
0x4894b8 wcscmp
0x4894bc wcsstr
0x4894c0 vswprintf
0x4894c4 iswdigit
0x4894c8 _beginthreadex
0x4894cc _endthreadex
0x4894d0 cos
0x4894d4 floor
0x4894d8 sin
0x4894dc atof
0x4894e0 _i64tow
0x4894e4 wcscat
0x4894e8 realloc
0x4894ec exit
0x4894f0 fprintf
0x4894f4 sscanf
0x4894f8 getenv
0x4894fc fputc
0x489500 _CIpow
0x489504 _CIacos
0x489508 ??1type_info@@UAE@XZ
0x48950c __dllonexit
0x489510 _onexit
0x489514 _except_handler3
0x489518 ?terminate@@YAXXZ
0x48951c _exit
Secur32.dll
0x489578 FreeCredentialsHandle
0x48957c InitializeSecurityContextA
0x489580 QuerySecurityPackageInfoA
0x489584 AcquireCredentialsHandleA
0x489588 FreeContextBuffer
0x48958c CompleteAuthToken
SHLWAPI.dll
0x489570 PathGetDriveNumberA
SETUPAPI.dll
0x489524 SetupDiDestroyDeviceInfoList
0x489528 SetupDiEnumDeviceInfo
0x48952c SetupDiGetClassDevsA
0x489530 SetupDiClassGuidsFromNameA
0x489534 SetupDiGetDeviceRegistryPropertyA
iphlpapi.dll
0x4898d8 GetAdaptersInfo
ADVAPI32.dll
0x489000 ConvertSidToStringSidA
0x489004 GetTokenInformation
0x489008 OpenProcessToken
0x48900c RegCloseKey
0x489010 RegQueryValueExA
0x489014 RegOpenKeyExA
0x489018 FreeSid
0x48901c SetFileSecurityW
0x489020 SetSecurityDescriptorDacl
0x489024 InitializeSecurityDescriptor
0x489028 AllocateAndInitializeSid
0x48902c ImpersonateLoggedOnUser
0x489030 RevertToSelf
0x489034 GetUserNameA
0x489038 StartServiceCtrlDispatcherW
0x48903c RegisterServiceCtrlHandlerExA
0x489040 SetServiceStatus
0x489044 SetTokenInformation
0x489048 DuplicateTokenEx
0x48904c CreateProcessAsUserW
0x489050 QueryServiceStatus
0x489054 CloseServiceHandle
0x489058 OpenServiceA
0x48905c OpenSCManagerA
0x489060 CreateServiceW
0x489064 DeleteService
0x489068 ControlService
0x48906c StartServiceA
0x489070 StartServiceW
0x489074 RegCreateKeyExA
0x489078 RegQueryValueExW
0x48907c RegSetValueExW
0x489080 RegSetValueExA
0x489084 RegDeleteKeyA
0x489088 RegDeleteValueW
0x48908c RegCreateKeyExW
0x489090 RegEnumKeyExW
0x489094 RegOpenKeyExW
0x489098 SetEntriesInAclA
comdlg32.dll
0x4898cc GetOpenFileNameW
0x4898d0 GetSaveFileNameW
USERENV.dll
0x48982c LoadUserProfileA
0x489830 UnloadUserProfile
COMCTL32.dll
0x4890a0 CreateToolbarEx
0x4890a4 ImageList_Create
0x4890a8 ImageList_Draw
0x4890ac ImageList_Destroy
0x4890b0 None
0x4890b4 ImageList_GetIconSize
0x4890b8 ImageList_ReplaceIcon
0x4890bc ImageList_Add
0x4890c0 ImageList_Duplicate
0x4890c4 _TrackMouseEvent
0x4890c8 CreatePropertySheetPageW
0x4890cc PropertySheetW
WININET.dll
0x489838 HttpSendRequestA
0x48983c HttpQueryInfoA
0x489840 InternetConnectA
0x489844 InternetSetOptionA
0x489848 InternetCloseHandle
0x48984c InternetReadFile
0x489850 InternetOpenA
0x489854 HttpOpenRequestA
DSOUND.dll
0x4890d4 None
0x4890d8 None
0x4890dc None
0x4890e0 None
KERNEL32.dll
0x48919c SizeofResource
0x4891a0 LoadResource
0x4891a4 LockResource
0x4891a8 GetLocalTime
0x4891ac TryEnterCriticalSection
0x4891b0 LeaveCriticalSection
0x4891b4 EnterCriticalSection
0x4891b8 DeleteCriticalSection
0x4891bc InitializeCriticalSection
0x4891c0 SetFileTime
0x4891c4 GetFileTime
0x4891c8 OpenMutexA
0x4891cc CreateMutexA
0x4891d0 FindResourceExA
0x4891d4 SetEvent
0x4891d8 OpenEventA
0x4891dc CreateEventA
0x4891e0 ExitProcess
0x4891e4 SetUnhandledExceptionFilter
0x4891e8 GetSystemDirectoryA
0x4891ec CompareFileTime
0x4891f0 GetSystemTimeAsFileTime
0x4891f4 GetSystemDirectoryW
0x4891f8 lstrcatW
0x4891fc FileTimeToSystemTime
0x489200 WaitNamedPipeW
0x489204 ReadFile
0x489208 SetLastError
0x48920c GetExitCodeProcess
0x489210 WaitForSingleObject
0x489214 BeginUpdateResourceW
0x489218 EndUpdateResourceW
0x48921c UpdateResourceA
0x489220 CreateThread
0x489224 OpenProcess
0x489228 CreateToolhelp32Snapshot
0x48922c Process32First
0x489230 Process32Next
0x489234 LoadLibraryA
0x489238 FreeLibrary
0x48923c GetFileSize
0x489240 SetFilePointer
0x489244 WriteFile
0x489248 GetFileAttributesW
0x48924c lstrcmpiW
0x489250 lstrcmpW
0x489254 MulDiv
0x489258 FormatMessageW
0x48925c MultiByteToWideChar
0x489260 WideCharToMultiByte
0x489264 GetModuleFileNameW
0x489268 GetComputerNameA
0x48926c LocalAlloc
0x489270 GetExitCodeThread
0x489274 SystemTimeToFileTime
0x489278 MoveFileW
0x48927c DeleteFileW
0x489280 GetTempPathW
0x489284 CreateFileW
0x489288 FindFirstFileW
0x48928c FindClose
0x489290 GetUserDefaultUILanguage
0x489294 GetLocaleInfoA
0x489298 CreateDirectoryW
0x48929c SetCurrentDirectoryW
0x4892a0 GetStartupInfoW
0x4892a4 CreateProcessW
0x4892a8 GetModuleHandleA
0x4892ac GetProcAddress
0x4892b0 SetProcessShutdownParameters
0x4892b4 GetVersionExA
0x4892b8 GetCurrentProcess
0x4892bc LocalFree
0x4892c0 GetCurrentThreadId
0x4892c4 CloseHandle
0x4892c8 DeviceIoControl
0x4892cc CreateFileA
0x4892d0 GetLastError
0x4892d4 GetCurrentProcessId
0x4892d8 Sleep
0x4892dc GetTickCount
0x4892e0 QueryPerformanceFrequency
0x4892e4 QueryPerformanceCounter
0x4892e8 InterlockedIncrement
0x4892ec InterlockedDecrement
0x4892f0 lstrlenA
0x4892f4 lstrlenW
0x4892f8 TerminateProcess
0x4892fc SystemTimeToTzSpecificLocalTime
0x489300 GetFileSizeEx
0x489304 SetEndOfFile
0x489308 SetFilePointerEx
0x48930c GlobalUnlock
0x489310 GlobalLock
0x489314 GlobalAlloc
0x489318 GetDriveTypeW
0x48931c RemoveDirectoryW
0x489320 FindNextFileW
0x489324 SetFileAttributesW
0x489328 GetLogicalDrives
0x48932c ProcessIdToSessionId
0x489330 SleepEx
0x489334 CreateDirectoryA
0x489338 DeleteFileA
0x48933c GlobalFree
0x489340 IsBadReadPtr
0x489344 lstrcmpA
0x489348 LocalFileTimeToFileTime
0x48934c LoadLibraryW
0x489350 lstrcpyA
0x489354 GetCurrentDirectoryA
0x489358 FindResourceA
0x48935c DuplicateHandle
0x489360 CreateSemaphoreA
0x489364 SetThreadPriority
0x489368 TlsSetValue
0x48936c GetCurrentThread
0x489370 TlsAlloc
0x489374 ResumeThread
0x489378 TlsGetValue
0x48937c InterlockedExchange
0x489380 GetStartupInfoA
0x489384 ResetEvent
EAT(Export Address Table) is none