ScreenShot
Created | 2024.10.17 10:51 | Machine | s1_win7_x6401 |
Filename | well_clean.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | |||
VT API (file) | 38 detected (AIDetectMalware, Injects, ts93, Malicious, score, Genericuh, Unsafe, V2nc, AutoIt, high confidence, Browser, CLASSIC, Redcap, qeoft, AMADEY, YXEJPZ, Real Protect, Detected, Sabsik, CredentialFlusher, CCJG, Eldorado, Artemis, Flush, Outbreak, susgen, PossibleThreat) | ||
md5 | 18e64b3509e95557b6614610df2fcf20 | ||
sha256 | 3c758f6490891a556c3d5c6a80d1b64214c57dfc1a5b06f7e1bae0ca427f9188 | ||
ssdeep | 12288:2qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga0TV:2qDEvCTbMWu7rQYlBQcBiT6rprG8aUV | ||
imphash | 948cc502fe9226992dce9417f952fce3 | ||
impfuzzy | 192:SQtZJ57YYiI3OHehnR1ji8UEh6urw6BUUhjvNDJB:SGZJ5YYiICqfOyrwmjvNDJB |
Network IP location
Signature (23cnts)
Level | Description |
---|---|
danger | Executed a process and injected code into it |
danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
watch | Allocates execute permission to another process indicative of possible code injection |
watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
watch | Expresses interest in specific running processes |
watch | One or more non-whitelisted processes were created |
watch | Potential code injection by writing to the memory of another process |
watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | Executes one or more WMI queries |
notice | Potentially malicious URLs were found in the process memory dump |
notice | Repeatedly searches for a not-found process |
notice | Searches running processes potentially to identify processes for sandbox evasion |
notice | Steals private information from local Internet browsers |
notice | Terminates another process |
notice | Uses Windows utilities for basic Windows functionality |
notice | Yara rule detected in process memory |
info | Checks if process is being debugged by a debugger |
info | Command line console output was observed |
info | Queries for the computername |
info | Tries to locate where the browsers are installed |
Rules (18cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
notice | Code_injection | Code injection with CreateRemoteThread in a remote process | memory |
info | anti_dbg | Checks if being debugged | memory |
info | DebuggerCheck__GlobalFlags | (no description) | memory |
info | DebuggerCheck__QueryInfo | (no description) | memory |
info | DebuggerHiding__Active | (no description) | memory |
info | DebuggerHiding__Thread | (no description) | memory |
info | disable_dep | Bypass DEP | memory |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | SEH__vectored | (no description) | memory |
info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x49c7d8 gethostbyname
0x49c7dc recv
0x49c7e0 send
0x49c7e4 socket
0x49c7e8 inet_ntoa
0x49c7ec setsockopt
0x49c7f0 ntohs
0x49c7f4 WSACleanup
0x49c7f8 WSAStartup
0x49c7fc sendto
0x49c800 htons
0x49c804 __WSAFDIsSet
0x49c808 select
0x49c80c accept
0x49c810 listen
0x49c814 ind
0x49c818 inet_addr
0x49c81c ioctlsocket
0x49c820 recvfrom
0x49c824 WSAGetLastError
0x49c828 closesocket
0x49c82c gethostname
0x49c830 connect
VERSION.dll
0x49c77c GetFileVersionInfoW
0x49c780 VerQueryValueW
0x49c784 GetFileVersionInfoSizeW
WINMM.dll
0x49c7c8 timeGetTime
0x49c7cc waveOutSetVolume
0x49c7d0 mciSendStringW
COMCTL32.dll
0x49c088 ImageList_ReplaceIcon
0x49c08c ImageList_Destroy
0x49c090 ImageList_Remove
0x49c094 ImageList_SetDragCursorImage
0x49c098 ImageList_BeginDrag
0x49c09c ImageList_DragEnter
0x49c0a0 ImageList_DragLeave
0x49c0a4 ImageList_EndDrag
0x49c0a8 ImageList_DragMove
0x49c0ac InitCommonControlsEx
0x49c0b0 ImageList_Create
MPR.dll
0x49c408 WNetGetConnectionW
0x49c40c WNetCancelConnection2W
0x49c410 WNetUseConnectionW
0x49c414 WNetAddConnection2W
WININET.dll
0x49c78c HttpOpenRequestW
0x49c790 InternetCloseHandle
0x49c794 InternetOpenW
0x49c798 InternetSetOptionW
0x49c79c InternetCrackUrlW
0x49c7a0 HttpQueryInfoW
0x49c7a4 InternetQueryOptionW
0x49c7a8 InternetConnectW
0x49c7ac HttpSendRequestW
0x49c7b0 FtpOpenFileW
0x49c7b4 FtpGetFileSize
0x49c7b8 InternetOpenUrlW
0x49c7bc InternetReadFile
0x49c7c0 InternetQueryDataAvailable
PSAPI.DLL
0x49c494 GetProcessMemoryInfo
IPHLPAPI.DLL
0x49c154 IcmpSendEcho
0x49c158 IcmpCloseHandle
0x49c15c IcmpCreateFile
USERENV.dll
0x49c760 DestroyEnvironmentBlock
0x49c764 LoadUserProfileW
0x49c768 CreateEnvironmentBlock
0x49c76c UnloadUserProfile
UxTheme.dll
0x49c774 IsThemeActive
KERNEL32.dll
0x49c164 DuplicateHandle
0x49c168 CreateThread
0x49c16c WaitForSingleObject
0x49c170 HeapAlloc
0x49c174 GetProcessHeap
0x49c178 HeapFree
0x49c17c Sleep
0x49c180 GetCurrentThreadId
0x49c184 MultiByteToWideChar
0x49c188 MulDiv
0x49c18c GetVersionExW
0x49c190 IsWow64Process
0x49c194 GetSystemInfo
0x49c198 FreeLibrary
0x49c19c LoadLibraryA
0x49c1a0 GetProcAddress
0x49c1a4 SetErrorMode
0x49c1a8 GetModuleFileNameW
0x49c1ac WideCharToMultiByte
0x49c1b0 lstrcpyW
0x49c1b4 lstrlenW
0x49c1b8 GetModuleHandleW
0x49c1bc QueryPerformanceCounter
0x49c1c0 VirtualFreeEx
0x49c1c4 OpenProcess
0x49c1c8 VirtualAllocEx
0x49c1cc WriteProcessMemory
0x49c1d0 ReadProcessMemory
0x49c1d4 CreateFileW
0x49c1d8 SetFilePointerEx
0x49c1dc SetEndOfFile
0x49c1e0 ReadFile
0x49c1e4 WriteFile
0x49c1e8 FlushFileBuffers
0x49c1ec TerminateProcess
0x49c1f0 CreateToolhelp32Snapshot
0x49c1f4 Process32FirstW
0x49c1f8 Process32NextW
0x49c1fc SetFileTime
0x49c200 GetFileAttributesW
0x49c204 FindFirstFileW
0x49c208 FindClose
0x49c20c GetLongPathNameW
0x49c210 GetShortPathNameW
0x49c214 DeleteFileW
0x49c218 IsDebuggerPresent
0x49c21c CopyFileExW
0x49c220 MoveFileW
0x49c224 CreateDirectoryW
0x49c228 RemoveDirectoryW
0x49c22c SetSystemPowerState
0x49c230 QueryPerformanceFrequency
0x49c234 LoadResource
0x49c238 LockResource
0x49c23c SizeofResource
0x49c240 OutputDebugStringW
0x49c244 GetTempPathW
0x49c248 GetTempFileNameW
0x49c24c DeviceIoControl
0x49c250 LoadLibraryW
0x49c254 GetLocalTime
0x49c258 CompareStringW
0x49c25c GetCurrentThread
0x49c260 EnterCriticalSection
0x49c264 LeaveCriticalSection
0x49c268 GetStdHandle
0x49c26c CreatePipe
0x49c270 InterlockedExchange
0x49c274 TerminateThread
0x49c278 LoadLibraryExW
0x49c27c FindResourceExW
0x49c280 CopyFileW
0x49c284 VirtualFree
0x49c288 FormatMessageW
0x49c28c GetExitCodeProcess
0x49c290 GetPrivateProfileStringW
0x49c294 WritePrivateProfileStringW
0x49c298 GetPrivateProfileSectionW
0x49c29c WritePrivateProfileSectionW
0x49c2a0 GetPrivateProfileSectionNamesW
0x49c2a4 FileTimeToLocalFileTime
0x49c2a8 FileTimeToSystemTime
0x49c2ac SystemTimeToFileTime
0x49c2b0 LocalFileTimeToFileTime
0x49c2b4 GetDriveTypeW
0x49c2b8 GetDiskFreeSpaceExW
0x49c2bc GetDiskFreeSpaceW
0x49c2c0 GetVolumeInformationW
0x49c2c4 SetVolumeLabelW
0x49c2c8 CreateHardLinkW
0x49c2cc SetFileAttributesW
0x49c2d0 CreateEventW
0x49c2d4 SetEvent
0x49c2d8 GetEnvironmentVariableW
0x49c2dc SetEnvironmentVariableW
0x49c2e0 GlobalLock
0x49c2e4 GlobalUnlock
0x49c2e8 GlobalAlloc
0x49c2ec GetFileSize
0x49c2f0 GlobalFree
0x49c2f4 GlobalMemoryStatusEx
0x49c2f8 Beep
0x49c2fc GetSystemDirectoryW
0x49c300 HeapReAlloc
0x49c304 HeapSize
0x49c308 GetComputerNameW
0x49c30c GetWindowsDirectoryW
0x49c310 GetCurrentProcessId
0x49c314 GetProcessIoCounters
0x49c318 CreateProcessW
0x49c31c GetProcessId
0x49c320 SetPriorityClass
0x49c324 VirtualAlloc
0x49c328 GetCurrentDirectoryW
0x49c32c lstrcmpiW
0x49c330 DecodePointer
0x49c334 GetLastError
0x49c338 RaiseException
0x49c33c InitializeCriticalSectionAndSpinCount
0x49c340 DeleteCriticalSection
0x49c344 InterlockedDecrement
0x49c348 InterlockedIncrement
0x49c34c ResetEvent
0x49c350 WaitForSingleObjectEx
0x49c354 IsProcessorFeaturePresent
0x49c358 UnhandledExceptionFilter
0x49c35c SetUnhandledExceptionFilter
0x49c360 GetCurrentProcess
0x49c364 CloseHandle
0x49c368 GetFullPathNameW
0x49c36c GetStartupInfoW
0x49c370 GetSystemTimeAsFileTime
0x49c374 InitializeSListHead
0x49c378 RtlUnwind
0x49c37c SetLastError
0x49c380 TlsAlloc
0x49c384 TlsGetValue
0x49c388 TlsSetValue
0x49c38c TlsFree
0x49c390 EncodePointer
0x49c394 ExitProcess
0x49c398 GetModuleHandleExW
0x49c39c ExitThread
0x49c3a0 ResumeThread
0x49c3a4 FreeLibraryAndExitThread
0x49c3a8 GetACP
0x49c3ac GetDateFormatW
0x49c3b0 GetTimeFormatW
0x49c3b4 LCMapStringW
0x49c3b8 GetStringTypeW
0x49c3bc GetFileType
0x49c3c0 SetStdHandle
0x49c3c4 GetConsoleCP
0x49c3c8 GetConsoleMode
0x49c3cc ReadConsoleW
0x49c3d0 GetTimeZoneInformation
0x49c3d4 FindFirstFileExW
0x49c3d8 IsValidCodePage
0x49c3dc GetOEMCP
0x49c3e0 GetCPInfo
0x49c3e4 GetCommandLineA
0x49c3e8 GetCommandLineW
0x49c3ec GetEnvironmentStringsW
0x49c3f0 FreeEnvironmentStringsW
0x49c3f4 SetEnvironmentVariableA
0x49c3f8 SetCurrentDirectoryW
0x49c3fc FindNextFileW
0x49c400 WriteConsoleW
USER32.dll
0x49c4dc GetKeyboardLayoutNameW
0x49c4e0 IsCharAlphaW
0x49c4e4 IsCharAlphaNumericW
0x49c4e8 IsCharLowerW
0x49c4ec IsCharUpperW
0x49c4f0 GetMenuStringW
0x49c4f4 GetSubMenu
0x49c4f8 GetCaretPos
0x49c4fc IsZoomed
0x49c500 GetMonitorInfoW
0x49c504 SetWindowLongW
0x49c508 SetLayeredWindowAttributes
0x49c50c FlashWindow
0x49c510 GetClassLongW
0x49c514 TranslateAcceleratorW
0x49c518 IsDialogMessageW
0x49c51c GetSysColor
0x49c520 InflateRect
0x49c524 DrawFocusRect
0x49c528 DrawTextW
0x49c52c FrameRect
0x49c530 DrawFrameControl
0x49c534 FillRect
0x49c538 PtInRect
0x49c53c DestroyAcceleratorTable
0x49c540 CreateAcceleratorTableW
0x49c544 SetCursor
0x49c548 GetWindowDC
0x49c54c GetSystemMetrics
0x49c550 GetActiveWindow
0x49c554 CharNextW
0x49c558 wsprintfW
0x49c55c RedrawWindow
0x49c560 DrawMenuBar
0x49c564 DestroyMenu
0x49c568 SetMenu
0x49c56c GetWindowTextLengthW
0x49c570 CreateMenu
0x49c574 IsDlgButtonChecked
0x49c578 DefDlgProcW
0x49c57c CallWindowProcW
0x49c580 ReleaseCapture
0x49c584 SetCapture
0x49c588 PeekMessageW
0x49c58c GetInputState
0x49c590 UnregisterHotKey
0x49c594 CharLowerBuffW
0x49c598 MonitorFromPoint
0x49c59c MonitorFromRect
0x49c5a0 LoadImageW
0x49c5a4 mouse_event
0x49c5a8 ExitWindowsEx
0x49c5ac SetActiveWindow
0x49c5b0 FindWindowExW
0x49c5b4 EnumThreadWindows
0x49c5b8 SetMenuDefaultItem
0x49c5bc InsertMenuItemW
0x49c5c0 IsMenu
0x49c5c4 ClientToScreen
0x49c5c8 GetCursorPos
0x49c5cc DeleteMenu
0x49c5d0 CheckMenuRadioItem
0x49c5d4 GetMenuItemID
0x49c5d8 GetMenuItemCount
0x49c5dc SetMenuItemInfoW
0x49c5e0 GetMenuItemInfoW
0x49c5e4 SetForegroundWindow
0x49c5e8 IsIconic
0x49c5ec FindWindowW
0x49c5f0 SystemParametersInfoW
0x49c5f4 LockWindowUpdate
0x49c5f8 SendInput
0x49c5fc GetAsyncKeyState
0x49c600 SetKeyboardState
0x49c604 GetKeyboardState
0x49c608 GetKeyState
0x49c60c VkKeyScanW
0x49c610 LoadStringW
0x49c614 DialogBoxParamW
0x49c618 MessageBeep
0x49c61c EndDialog
0x49c620 SendDlgItemMessageW
0x49c624 GetDlgItem
0x49c628 SetWindowTextW
0x49c62c CopyRect
0x49c630 ReleaseDC
0x49c634 GetDC
0x49c638 EndPaint
0x49c63c BeginPaint
0x49c640 GetClientRect
0x49c644 GetMenu
0x49c648 DestroyWindow
0x49c64c EnumWindows
0x49c650 GetDesktopWindow
0x49c654 IsWindow
0x49c658 IsWindowEnabled
0x49c65c IsWindowVisible
0x49c660 EnableWindow
0x49c664 InvalidateRect
0x49c668 GetWindowLongW
0x49c66c GetWindowThreadProcessId
0x49c670 AttachThreadInput
0x49c674 GetFocus
0x49c678 GetWindowTextW
0x49c67c SendMessageTimeoutW
0x49c680 EnumChildWindows
0x49c684 CharUpperBuffW
0x49c688 GetClassNameW
0x49c68c GetParent
0x49c690 GetDlgCtrlID
0x49c694 SendMessageW
0x49c698 MapVirtualKeyW
0x49c69c PostMessageW
0x49c6a0 GetWindowRect
0x49c6a4 SetUserObjectSecurity
0x49c6a8 CloseDesktop
0x49c6ac CloseWindowStation
0x49c6b0 OpenDesktopW
0x49c6b4 RegisterHotKey
0x49c6b8 GetCursorInfo
0x49c6bc SetWindowPos
0x49c6c0 CopyImage
0x49c6c4 AdjustWindowRectEx
0x49c6c8 SetRect
0x49c6cc SetClipboardData
0x49c6d0 EmptyClipboard
0x49c6d4 CountClipboardFormats
0x49c6d8 CloseClipboard
0x49c6dc GetClipboardData
0x49c6e0 IsClipboardFormatAvailable
0x49c6e4 OpenClipboard
0x49c6e8 BlockInput
0x49c6ec TrackPopupMenuEx
0x49c6f0 GetMessageW
0x49c6f4 SetProcessWindowStation
0x49c6f8 GetProcessWindowStation
0x49c6fc OpenWindowStationW
0x49c700 GetUserObjectSecurity
0x49c704 MessageBoxW
0x49c708 DefWindowProcW
0x49c70c MoveWindow
0x49c710 SetFocus
0x49c714 PostQuitMessage
0x49c718 KillTimer
0x49c71c CreatePopupMenu
0x49c720 RegisterWindowMessageW
0x49c724 SetTimer
0x49c728 ShowWindow
0x49c72c CreateWindowExW
0x49c730 RegisterClassExW
0x49c734 LoadIconW
0x49c738 LoadCursorW
0x49c73c GetSysColorBrush
0x49c740 GetForegroundWindow
0x49c744 MessageBoxA
0x49c748 DestroyIcon
0x49c74c DispatchMessageW
0x49c750 keybd_event
0x49c754 TranslateMessage
0x49c758 ScreenToClient
GDI32.dll
0x49c0c4 EndPath
0x49c0c8 DeleteObject
0x49c0cc GetTextExtentPoint32W
0x49c0d0 ExtCreatePen
0x49c0d4 StrokeAndFillPath
0x49c0d8 GetDeviceCaps
0x49c0dc SetPixel
0x49c0e0 CloseFigure
0x49c0e4 LineTo
0x49c0e8 AngleArc
0x49c0ec MoveToEx
0x49c0f0 Ellipse
0x49c0f4 CreateCompatibleBitmap
0x49c0f8 CreateCompatibleDC
0x49c0fc PolyDraw
0x49c100 BeginPath
0x49c104 Rectangle
0x49c108 SetViewportOrgEx
0x49c10c GetObjectW
0x49c110 SetBkMode
0x49c114 RoundRect
0x49c118 SetBkColor
0x49c11c CreatePen
0x49c120 SelectObject
0x49c124 StretchBlt
0x49c128 CreateSolidBrush
0x49c12c SetTextColor
0x49c130 CreateFontW
0x49c134 GetTextFaceW
0x49c138 GetStockObject
0x49c13c CreateDCW
0x49c140 GetPixel
0x49c144 DeleteDC
0x49c148 GetDIBits
0x49c14c StrokePath
COMDLG32.dll
0x49c0b8 GetSaveFileNameW
0x49c0bc GetOpenFileNameW
ADVAPI32.dll
0x49c000 GetAce
0x49c004 RegEnumValueW
0x49c008 RegDeleteValueW
0x49c00c RegDeleteKeyW
0x49c010 RegEnumKeyExW
0x49c014 RegSetValueExW
0x49c018 RegOpenKeyExW
0x49c01c RegCloseKey
0x49c020 RegQueryValueExW
0x49c024 RegConnectRegistryW
0x49c028 InitializeSecurityDescriptor
0x49c02c InitializeAcl
0x49c030 AdjustTokenPrivileges
0x49c034 OpenThreadToken
0x49c038 OpenProcessToken
0x49c03c LookupPrivilegeValueW
0x49c040 DuplicateTokenEx
0x49c044 CreateProcessAsUserW
0x49c048 CreateProcessWithLogonW
0x49c04c GetLengthSid
0x49c050 CopySid
0x49c054 LogonUserW
0x49c058 AllocateAndInitializeSid
0x49c05c CheckTokenMembership
0x49c060 FreeSid
0x49c064 GetTokenInformation
0x49c068 RegCreateKeyExW
0x49c06c GetSecurityDescriptorDacl
0x49c070 GetAclInformation
0x49c074 GetUserNameW
0x49c078 AddAce
0x49c07c SetSecurityDescriptorDacl
0x49c080 InitiateSystemShutdownExW
SHELL32.dll
0x49c49c DragFinish
0x49c4a0 DragQueryPoint
0x49c4a4 ShellExecuteExW
0x49c4a8 DragQueryFileW
0x49c4ac SHEmptyRecycleBinW
0x49c4b0 SHGetPathFromIDListW
0x49c4b4 SHBrowseForFolderW
0x49c4b8 SHCreateShellItem
0x49c4bc SHGetDesktopFolder
0x49c4c0 SHGetSpecialFolderLocation
0x49c4c4 SHGetFolderPathW
0x49c4c8 SHFileOperationW
0x49c4cc ExtractIconExW
0x49c4d0 Shell_NotifyIconW
0x49c4d4 ShellExecuteW
ole32.dll
0x49c838 CoTaskMemAlloc
0x49c83c CoTaskMemFree
0x49c840 CLSIDFromString
0x49c844 ProgIDFromCLSID
0x49c848 CLSIDFromProgID
0x49c84c OleSetMenuDescriptor
0x49c850 MkParseDisplayName
0x49c854 OleSetContainedObject
0x49c858 CoCreateInstance
0x49c85c IIDFromString
0x49c860 StringFromGUID2
0x49c864 CreateStreamOnHGlobal
0x49c868 OleInitialize
0x49c86c OleUninitialize
0x49c870 CoInitialize
0x49c874 CoUninitialize
0x49c878 GetRunningObjectTable
0x49c87c CoGetInstanceFromFile
0x49c880 CoGetObject
0x49c884 CoInitializeSecurity
0x49c888 CoCreateInstanceEx
0x49c88c CoSetProxyBlanket
OLEAUT32.dll
0x49c41c CreateStdDispatch
0x49c420 CreateDispTypeInfo
0x49c424 UnRegisterTypeLib
0x49c428 UnRegisterTypeLibForUser
0x49c42c RegisterTypeLibForUser
0x49c430 RegisterTypeLib
0x49c434 LoadTypeLibEx
0x49c438 VariantCopyInd
0x49c43c SysReAllocString
0x49c440 SysFreeString
0x49c444 VariantChangeType
0x49c448 SafeArrayDestroyData
0x49c44c SafeArrayUnaccessData
0x49c450 SafeArrayAccessData
0x49c454 SafeArrayAllocData
0x49c458 SafeArrayAllocDescriptorEx
0x49c45c SafeArrayCreateVector
0x49c460 SysStringLen
0x49c464 QueryPathOfRegTypeLib
0x49c468 SysAllocString
0x49c46c VariantInit
0x49c470 VariantClear
0x49c474 DispCallFunc
0x49c478 VariantTimeToSystemTime
0x49c47c VarR8FromDec
0x49c480 SafeArrayGetVartype
0x49c484 SafeArrayDestroyDescriptor
0x49c488 VariantCopy
0x49c48c OleLoadPicture
EAT(Export Address Table) is none
WSOCK32.dll
0x49c7d8 gethostbyname
0x49c7dc recv
0x49c7e0 send
0x49c7e4 socket
0x49c7e8 inet_ntoa
0x49c7ec setsockopt
0x49c7f0 ntohs
0x49c7f4 WSACleanup
0x49c7f8 WSAStartup
0x49c7fc sendto
0x49c800 htons
0x49c804 __WSAFDIsSet
0x49c808 select
0x49c80c accept
0x49c810 listen
0x49c814 ind
0x49c818 inet_addr
0x49c81c ioctlsocket
0x49c820 recvfrom
0x49c824 WSAGetLastError
0x49c828 closesocket
0x49c82c gethostname
0x49c830 connect
VERSION.dll
0x49c77c GetFileVersionInfoW
0x49c780 VerQueryValueW
0x49c784 GetFileVersionInfoSizeW
WINMM.dll
0x49c7c8 timeGetTime
0x49c7cc waveOutSetVolume
0x49c7d0 mciSendStringW
COMCTL32.dll
0x49c088 ImageList_ReplaceIcon
0x49c08c ImageList_Destroy
0x49c090 ImageList_Remove
0x49c094 ImageList_SetDragCursorImage
0x49c098 ImageList_BeginDrag
0x49c09c ImageList_DragEnter
0x49c0a0 ImageList_DragLeave
0x49c0a4 ImageList_EndDrag
0x49c0a8 ImageList_DragMove
0x49c0ac InitCommonControlsEx
0x49c0b0 ImageList_Create
MPR.dll
0x49c408 WNetGetConnectionW
0x49c40c WNetCancelConnection2W
0x49c410 WNetUseConnectionW
0x49c414 WNetAddConnection2W
WININET.dll
0x49c78c HttpOpenRequestW
0x49c790 InternetCloseHandle
0x49c794 InternetOpenW
0x49c798 InternetSetOptionW
0x49c79c InternetCrackUrlW
0x49c7a0 HttpQueryInfoW
0x49c7a4 InternetQueryOptionW
0x49c7a8 InternetConnectW
0x49c7ac HttpSendRequestW
0x49c7b0 FtpOpenFileW
0x49c7b4 FtpGetFileSize
0x49c7b8 InternetOpenUrlW
0x49c7bc InternetReadFile
0x49c7c0 InternetQueryDataAvailable
PSAPI.DLL
0x49c494 GetProcessMemoryInfo
IPHLPAPI.DLL
0x49c154 IcmpSendEcho
0x49c158 IcmpCloseHandle
0x49c15c IcmpCreateFile
USERENV.dll
0x49c760 DestroyEnvironmentBlock
0x49c764 LoadUserProfileW
0x49c768 CreateEnvironmentBlock
0x49c76c UnloadUserProfile
UxTheme.dll
0x49c774 IsThemeActive
KERNEL32.dll
0x49c164 DuplicateHandle
0x49c168 CreateThread
0x49c16c WaitForSingleObject
0x49c170 HeapAlloc
0x49c174 GetProcessHeap
0x49c178 HeapFree
0x49c17c Sleep
0x49c180 GetCurrentThreadId
0x49c184 MultiByteToWideChar
0x49c188 MulDiv
0x49c18c GetVersionExW
0x49c190 IsWow64Process
0x49c194 GetSystemInfo
0x49c198 FreeLibrary
0x49c19c LoadLibraryA
0x49c1a0 GetProcAddress
0x49c1a4 SetErrorMode
0x49c1a8 GetModuleFileNameW
0x49c1ac WideCharToMultiByte
0x49c1b0 lstrcpyW
0x49c1b4 lstrlenW
0x49c1b8 GetModuleHandleW
0x49c1bc QueryPerformanceCounter
0x49c1c0 VirtualFreeEx
0x49c1c4 OpenProcess
0x49c1c8 VirtualAllocEx
0x49c1cc WriteProcessMemory
0x49c1d0 ReadProcessMemory
0x49c1d4 CreateFileW
0x49c1d8 SetFilePointerEx
0x49c1dc SetEndOfFile
0x49c1e0 ReadFile
0x49c1e4 WriteFile
0x49c1e8 FlushFileBuffers
0x49c1ec TerminateProcess
0x49c1f0 CreateToolhelp32Snapshot
0x49c1f4 Process32FirstW
0x49c1f8 Process32NextW
0x49c1fc SetFileTime
0x49c200 GetFileAttributesW
0x49c204 FindFirstFileW
0x49c208 FindClose
0x49c20c GetLongPathNameW
0x49c210 GetShortPathNameW
0x49c214 DeleteFileW
0x49c218 IsDebuggerPresent
0x49c21c CopyFileExW
0x49c220 MoveFileW
0x49c224 CreateDirectoryW
0x49c228 RemoveDirectoryW
0x49c22c SetSystemPowerState
0x49c230 QueryPerformanceFrequency
0x49c234 LoadResource
0x49c238 LockResource
0x49c23c SizeofResource
0x49c240 OutputDebugStringW
0x49c244 GetTempPathW
0x49c248 GetTempFileNameW
0x49c24c DeviceIoControl
0x49c250 LoadLibraryW
0x49c254 GetLocalTime
0x49c258 CompareStringW
0x49c25c GetCurrentThread
0x49c260 EnterCriticalSection
0x49c264 LeaveCriticalSection
0x49c268 GetStdHandle
0x49c26c CreatePipe
0x49c270 InterlockedExchange
0x49c274 TerminateThread
0x49c278 LoadLibraryExW
0x49c27c FindResourceExW
0x49c280 CopyFileW
0x49c284 VirtualFree
0x49c288 FormatMessageW
0x49c28c GetExitCodeProcess
0x49c290 GetPrivateProfileStringW
0x49c294 WritePrivateProfileStringW
0x49c298 GetPrivateProfileSectionW
0x49c29c WritePrivateProfileSectionW
0x49c2a0 GetPrivateProfileSectionNamesW
0x49c2a4 FileTimeToLocalFileTime
0x49c2a8 FileTimeToSystemTime
0x49c2ac SystemTimeToFileTime
0x49c2b0 LocalFileTimeToFileTime
0x49c2b4 GetDriveTypeW
0x49c2b8 GetDiskFreeSpaceExW
0x49c2bc GetDiskFreeSpaceW
0x49c2c0 GetVolumeInformationW
0x49c2c4 SetVolumeLabelW
0x49c2c8 CreateHardLinkW
0x49c2cc SetFileAttributesW
0x49c2d0 CreateEventW
0x49c2d4 SetEvent
0x49c2d8 GetEnvironmentVariableW
0x49c2dc SetEnvironmentVariableW
0x49c2e0 GlobalLock
0x49c2e4 GlobalUnlock
0x49c2e8 GlobalAlloc
0x49c2ec GetFileSize
0x49c2f0 GlobalFree
0x49c2f4 GlobalMemoryStatusEx
0x49c2f8 Beep
0x49c2fc GetSystemDirectoryW
0x49c300 HeapReAlloc
0x49c304 HeapSize
0x49c308 GetComputerNameW
0x49c30c GetWindowsDirectoryW
0x49c310 GetCurrentProcessId
0x49c314 GetProcessIoCounters
0x49c318 CreateProcessW
0x49c31c GetProcessId
0x49c320 SetPriorityClass
0x49c324 VirtualAlloc
0x49c328 GetCurrentDirectoryW
0x49c32c lstrcmpiW
0x49c330 DecodePointer
0x49c334 GetLastError
0x49c338 RaiseException
0x49c33c InitializeCriticalSectionAndSpinCount
0x49c340 DeleteCriticalSection
0x49c344 InterlockedDecrement
0x49c348 InterlockedIncrement
0x49c34c ResetEvent
0x49c350 WaitForSingleObjectEx
0x49c354 IsProcessorFeaturePresent
0x49c358 UnhandledExceptionFilter
0x49c35c SetUnhandledExceptionFilter
0x49c360 GetCurrentProcess
0x49c364 CloseHandle
0x49c368 GetFullPathNameW
0x49c36c GetStartupInfoW
0x49c370 GetSystemTimeAsFileTime
0x49c374 InitializeSListHead
0x49c378 RtlUnwind
0x49c37c SetLastError
0x49c380 TlsAlloc
0x49c384 TlsGetValue
0x49c388 TlsSetValue
0x49c38c TlsFree
0x49c390 EncodePointer
0x49c394 ExitProcess
0x49c398 GetModuleHandleExW
0x49c39c ExitThread
0x49c3a0 ResumeThread
0x49c3a4 FreeLibraryAndExitThread
0x49c3a8 GetACP
0x49c3ac GetDateFormatW
0x49c3b0 GetTimeFormatW
0x49c3b4 LCMapStringW
0x49c3b8 GetStringTypeW
0x49c3bc GetFileType
0x49c3c0 SetStdHandle
0x49c3c4 GetConsoleCP
0x49c3c8 GetConsoleMode
0x49c3cc ReadConsoleW
0x49c3d0 GetTimeZoneInformation
0x49c3d4 FindFirstFileExW
0x49c3d8 IsValidCodePage
0x49c3dc GetOEMCP
0x49c3e0 GetCPInfo
0x49c3e4 GetCommandLineA
0x49c3e8 GetCommandLineW
0x49c3ec GetEnvironmentStringsW
0x49c3f0 FreeEnvironmentStringsW
0x49c3f4 SetEnvironmentVariableA
0x49c3f8 SetCurrentDirectoryW
0x49c3fc FindNextFileW
0x49c400 WriteConsoleW
USER32.dll
0x49c4dc GetKeyboardLayoutNameW
0x49c4e0 IsCharAlphaW
0x49c4e4 IsCharAlphaNumericW
0x49c4e8 IsCharLowerW
0x49c4ec IsCharUpperW
0x49c4f0 GetMenuStringW
0x49c4f4 GetSubMenu
0x49c4f8 GetCaretPos
0x49c4fc IsZoomed
0x49c500 GetMonitorInfoW
0x49c504 SetWindowLongW
0x49c508 SetLayeredWindowAttributes
0x49c50c FlashWindow
0x49c510 GetClassLongW
0x49c514 TranslateAcceleratorW
0x49c518 IsDialogMessageW
0x49c51c GetSysColor
0x49c520 InflateRect
0x49c524 DrawFocusRect
0x49c528 DrawTextW
0x49c52c FrameRect
0x49c530 DrawFrameControl
0x49c534 FillRect
0x49c538 PtInRect
0x49c53c DestroyAcceleratorTable
0x49c540 CreateAcceleratorTableW
0x49c544 SetCursor
0x49c548 GetWindowDC
0x49c54c GetSystemMetrics
0x49c550 GetActiveWindow
0x49c554 CharNextW
0x49c558 wsprintfW
0x49c55c RedrawWindow
0x49c560 DrawMenuBar
0x49c564 DestroyMenu
0x49c568 SetMenu
0x49c56c GetWindowTextLengthW
0x49c570 CreateMenu
0x49c574 IsDlgButtonChecked
0x49c578 DefDlgProcW
0x49c57c CallWindowProcW
0x49c580 ReleaseCapture
0x49c584 SetCapture
0x49c588 PeekMessageW
0x49c58c GetInputState
0x49c590 UnregisterHotKey
0x49c594 CharLowerBuffW
0x49c598 MonitorFromPoint
0x49c59c MonitorFromRect
0x49c5a0 LoadImageW
0x49c5a4 mouse_event
0x49c5a8 ExitWindowsEx
0x49c5ac SetActiveWindow
0x49c5b0 FindWindowExW
0x49c5b4 EnumThreadWindows
0x49c5b8 SetMenuDefaultItem
0x49c5bc InsertMenuItemW
0x49c5c0 IsMenu
0x49c5c4 ClientToScreen
0x49c5c8 GetCursorPos
0x49c5cc DeleteMenu
0x49c5d0 CheckMenuRadioItem
0x49c5d4 GetMenuItemID
0x49c5d8 GetMenuItemCount
0x49c5dc SetMenuItemInfoW
0x49c5e0 GetMenuItemInfoW
0x49c5e4 SetForegroundWindow
0x49c5e8 IsIconic
0x49c5ec FindWindowW
0x49c5f0 SystemParametersInfoW
0x49c5f4 LockWindowUpdate
0x49c5f8 SendInput
0x49c5fc GetAsyncKeyState
0x49c600 SetKeyboardState
0x49c604 GetKeyboardState
0x49c608 GetKeyState
0x49c60c VkKeyScanW
0x49c610 LoadStringW
0x49c614 DialogBoxParamW
0x49c618 MessageBeep
0x49c61c EndDialog
0x49c620 SendDlgItemMessageW
0x49c624 GetDlgItem
0x49c628 SetWindowTextW
0x49c62c CopyRect
0x49c630 ReleaseDC
0x49c634 GetDC
0x49c638 EndPaint
0x49c63c BeginPaint
0x49c640 GetClientRect
0x49c644 GetMenu
0x49c648 DestroyWindow
0x49c64c EnumWindows
0x49c650 GetDesktopWindow
0x49c654 IsWindow
0x49c658 IsWindowEnabled
0x49c65c IsWindowVisible
0x49c660 EnableWindow
0x49c664 InvalidateRect
0x49c668 GetWindowLongW
0x49c66c GetWindowThreadProcessId
0x49c670 AttachThreadInput
0x49c674 GetFocus
0x49c678 GetWindowTextW
0x49c67c SendMessageTimeoutW
0x49c680 EnumChildWindows
0x49c684 CharUpperBuffW
0x49c688 GetClassNameW
0x49c68c GetParent
0x49c690 GetDlgCtrlID
0x49c694 SendMessageW
0x49c698 MapVirtualKeyW
0x49c69c PostMessageW
0x49c6a0 GetWindowRect
0x49c6a4 SetUserObjectSecurity
0x49c6a8 CloseDesktop
0x49c6ac CloseWindowStation
0x49c6b0 OpenDesktopW
0x49c6b4 RegisterHotKey
0x49c6b8 GetCursorInfo
0x49c6bc SetWindowPos
0x49c6c0 CopyImage
0x49c6c4 AdjustWindowRectEx
0x49c6c8 SetRect
0x49c6cc SetClipboardData
0x49c6d0 EmptyClipboard
0x49c6d4 CountClipboardFormats
0x49c6d8 CloseClipboard
0x49c6dc GetClipboardData
0x49c6e0 IsClipboardFormatAvailable
0x49c6e4 OpenClipboard
0x49c6e8 BlockInput
0x49c6ec TrackPopupMenuEx
0x49c6f0 GetMessageW
0x49c6f4 SetProcessWindowStation
0x49c6f8 GetProcessWindowStation
0x49c6fc OpenWindowStationW
0x49c700 GetUserObjectSecurity
0x49c704 MessageBoxW
0x49c708 DefWindowProcW
0x49c70c MoveWindow
0x49c710 SetFocus
0x49c714 PostQuitMessage
0x49c718 KillTimer
0x49c71c CreatePopupMenu
0x49c720 RegisterWindowMessageW
0x49c724 SetTimer
0x49c728 ShowWindow
0x49c72c CreateWindowExW
0x49c730 RegisterClassExW
0x49c734 LoadIconW
0x49c738 LoadCursorW
0x49c73c GetSysColorBrush
0x49c740 GetForegroundWindow
0x49c744 MessageBoxA
0x49c748 DestroyIcon
0x49c74c DispatchMessageW
0x49c750 keybd_event
0x49c754 TranslateMessage
0x49c758 ScreenToClient
GDI32.dll
0x49c0c4 EndPath
0x49c0c8 DeleteObject
0x49c0cc GetTextExtentPoint32W
0x49c0d0 ExtCreatePen
0x49c0d4 StrokeAndFillPath
0x49c0d8 GetDeviceCaps
0x49c0dc SetPixel
0x49c0e0 CloseFigure
0x49c0e4 LineTo
0x49c0e8 AngleArc
0x49c0ec MoveToEx
0x49c0f0 Ellipse
0x49c0f4 CreateCompatibleBitmap
0x49c0f8 CreateCompatibleDC
0x49c0fc PolyDraw
0x49c100 BeginPath
0x49c104 Rectangle
0x49c108 SetViewportOrgEx
0x49c10c GetObjectW
0x49c110 SetBkMode
0x49c114 RoundRect
0x49c118 SetBkColor
0x49c11c CreatePen
0x49c120 SelectObject
0x49c124 StretchBlt
0x49c128 CreateSolidBrush
0x49c12c SetTextColor
0x49c130 CreateFontW
0x49c134 GetTextFaceW
0x49c138 GetStockObject
0x49c13c CreateDCW
0x49c140 GetPixel
0x49c144 DeleteDC
0x49c148 GetDIBits
0x49c14c StrokePath
COMDLG32.dll
0x49c0b8 GetSaveFileNameW
0x49c0bc GetOpenFileNameW
ADVAPI32.dll
0x49c000 GetAce
0x49c004 RegEnumValueW
0x49c008 RegDeleteValueW
0x49c00c RegDeleteKeyW
0x49c010 RegEnumKeyExW
0x49c014 RegSetValueExW
0x49c018 RegOpenKeyExW
0x49c01c RegCloseKey
0x49c020 RegQueryValueExW
0x49c024 RegConnectRegistryW
0x49c028 InitializeSecurityDescriptor
0x49c02c InitializeAcl
0x49c030 AdjustTokenPrivileges
0x49c034 OpenThreadToken
0x49c038 OpenProcessToken
0x49c03c LookupPrivilegeValueW
0x49c040 DuplicateTokenEx
0x49c044 CreateProcessAsUserW
0x49c048 CreateProcessWithLogonW
0x49c04c GetLengthSid
0x49c050 CopySid
0x49c054 LogonUserW
0x49c058 AllocateAndInitializeSid
0x49c05c CheckTokenMembership
0x49c060 FreeSid
0x49c064 GetTokenInformation
0x49c068 RegCreateKeyExW
0x49c06c GetSecurityDescriptorDacl
0x49c070 GetAclInformation
0x49c074 GetUserNameW
0x49c078 AddAce
0x49c07c SetSecurityDescriptorDacl
0x49c080 InitiateSystemShutdownExW
SHELL32.dll
0x49c49c DragFinish
0x49c4a0 DragQueryPoint
0x49c4a4 ShellExecuteExW
0x49c4a8 DragQueryFileW
0x49c4ac SHEmptyRecycleBinW
0x49c4b0 SHGetPathFromIDListW
0x49c4b4 SHBrowseForFolderW
0x49c4b8 SHCreateShellItem
0x49c4bc SHGetDesktopFolder
0x49c4c0 SHGetSpecialFolderLocation
0x49c4c4 SHGetFolderPathW
0x49c4c8 SHFileOperationW
0x49c4cc ExtractIconExW
0x49c4d0 Shell_NotifyIconW
0x49c4d4 ShellExecuteW
ole32.dll
0x49c838 CoTaskMemAlloc
0x49c83c CoTaskMemFree
0x49c840 CLSIDFromString
0x49c844 ProgIDFromCLSID
0x49c848 CLSIDFromProgID
0x49c84c OleSetMenuDescriptor
0x49c850 MkParseDisplayName
0x49c854 OleSetContainedObject
0x49c858 CoCreateInstance
0x49c85c IIDFromString
0x49c860 StringFromGUID2
0x49c864 CreateStreamOnHGlobal
0x49c868 OleInitialize
0x49c86c OleUninitialize
0x49c870 CoInitialize
0x49c874 CoUninitialize
0x49c878 GetRunningObjectTable
0x49c87c CoGetInstanceFromFile
0x49c880 CoGetObject
0x49c884 CoInitializeSecurity
0x49c888 CoCreateInstanceEx
0x49c88c CoSetProxyBlanket
OLEAUT32.dll
0x49c41c CreateStdDispatch
0x49c420 CreateDispTypeInfo
0x49c424 UnRegisterTypeLib
0x49c428 UnRegisterTypeLibForUser
0x49c42c RegisterTypeLibForUser
0x49c430 RegisterTypeLib
0x49c434 LoadTypeLibEx
0x49c438 VariantCopyInd
0x49c43c SysReAllocString
0x49c440 SysFreeString
0x49c444 VariantChangeType
0x49c448 SafeArrayDestroyData
0x49c44c SafeArrayUnaccessData
0x49c450 SafeArrayAccessData
0x49c454 SafeArrayAllocData
0x49c458 SafeArrayAllocDescriptorEx
0x49c45c SafeArrayCreateVector
0x49c460 SysStringLen
0x49c464 QueryPathOfRegTypeLib
0x49c468 SysAllocString
0x49c46c VariantInit
0x49c470 VariantClear
0x49c474 DispCallFunc
0x49c478 VariantTimeToSystemTime
0x49c47c VarR8FromDec
0x49c480 SafeArrayGetVartype
0x49c484 SafeArrayDestroyDescriptor
0x49c488 VariantCopy
0x49c48c OleLoadPicture
EAT(Export Address Table) is none