ScreenShot
| Created | 2024.10.27 11:55 | Machine | s1_win7_x6401 |
| Filename | ngown.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, Autoit, Malicious, score, TrojanPWS, Zbot, Artemis, Unsafe, Nymeria, Vuxp, confidence, many, high confidence, Strab, CLASSIC, GenSteal, lepff, Inject5, NEGASTEAL, YXEJXZ, Detected, AutoitInject, AgentTesla, 1JHRPJ, XXWI, Chgt, Rimw, susgen) | ||
| md5 | f77f55496b53b40da142f51f87e986b2 | ||
| sha256 | d1beb2c11e992d1bd22f84355c25f7b01ea77cb1bfc26ca7c080ce2a68f05bc2 | ||
| ssdeep | 24576:ffmMv6Ckr7Mny5QLR0T3ZrOe7sfmkswFkg:f3v+7/5QL+VrKmkswFkg | ||
| imphash | aaaa8913c89c8aa4a5d93f06853894da | ||
| impfuzzy | 192:utI6w42OYLF3Ock2OjWS2k8UtBSZ4wc3QOx:sI6wHOIFNkcfkfwc3QOx | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Harvests credentials from local email clients |
| watch | Harvests credentials from local FTP client softwares |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x482790 __WSAFDIsSet
0x482794 setsockopt
0x482798 ntohs
0x48279c recvfrom
0x4827a0 sendto
0x4827a4 htons
0x4827a8 select
0x4827ac listen
0x4827b0 WSAStartup
0x4827b4 ind
0x4827b8 closesocket
0x4827bc connect
0x4827c0 socket
0x4827c4 send
0x4827c8 WSACleanup
0x4827cc ioctlsocket
0x4827d0 accept
0x4827d4 WSAGetLastError
0x4827d8 inet_addr
0x4827dc gethostbyname
0x4827e0 gethostname
0x4827e4 recv
VERSION.dll
0x482734 VerQueryValueW
0x482738 GetFileVersionInfoW
0x48273c GetFileVersionInfoSizeW
WINMM.dll
0x482780 timeGetTime
0x482784 waveOutSetVolume
0x482788 mciSendStringW
COMCTL32.dll
0x48208c ImageList_Remove
0x482090 ImageList_SetDragCursorImage
0x482094 ImageList_BeginDrag
0x482098 ImageList_DragEnter
0x48209c ImageList_DragLeave
0x4820a0 ImageList_EndDrag
0x4820a4 ImageList_DragMove
0x4820a8 ImageList_ReplaceIcon
0x4820ac ImageList_Create
0x4820b0 InitCommonControlsEx
0x4820b4 ImageList_Destroy
MPR.dll
0x4823f4 WNetCancelConnection2W
0x4823f8 WNetGetConnectionW
0x4823fc WNetAddConnection2W
0x482400 WNetUseConnectionW
WININET.dll
0x482744 InternetReadFile
0x482748 InternetCloseHandle
0x48274c InternetOpenW
0x482750 InternetSetOptionW
0x482754 InternetCrackUrlW
0x482758 HttpQueryInfoW
0x48275c InternetConnectW
0x482760 HttpOpenRequestW
0x482764 HttpSendRequestW
0x482768 FtpOpenFileW
0x48276c FtpGetFileSize
0x482770 InternetOpenUrlW
0x482774 InternetQueryOptionW
0x482778 InternetQueryDataAvailable
PSAPI.DLL
0x48244c EnumProcesses
0x482450 GetModuleBaseNameW
0x482454 GetProcessMemoryInfo
0x482458 EnumProcessModules
USERENV.dll
0x482720 CreateEnvironmentBlock
0x482724 DestroyEnvironmentBlock
0x482728 UnloadUserProfile
0x48272c LoadUserProfileW
KERNEL32.dll
0x482158 HeapAlloc
0x48215c Sleep
0x482160 GetCurrentThreadId
0x482164 RaiseException
0x482168 MulDiv
0x48216c GetVersionExW
0x482170 GetSystemInfo
0x482174 MultiByteToWideChar
0x482178 WideCharToMultiByte
0x48217c GetModuleHandleW
0x482180 QueryPerformanceCounter
0x482184 VirtualFreeEx
0x482188 OpenProcess
0x48218c VirtualAllocEx
0x482190 WriteProcessMemory
0x482194 ReadProcessMemory
0x482198 CreateFileW
0x48219c SetFilePointerEx
0x4821a0 ReadFile
0x4821a4 WriteFile
0x4821a8 FlushFileBuffers
0x4821ac TerminateProcess
0x4821b0 CreateToolhelp32Snapshot
0x4821b4 Process32FirstW
0x4821b8 Process32NextW
0x4821bc SetFileTime
0x4821c0 GetFileAttributesW
0x4821c4 FindFirstFileW
0x4821c8 FindClose
0x4821cc DeleteFileW
0x4821d0 FindNextFileW
0x4821d4 lstrcmpiW
0x4821d8 MoveFileW
0x4821dc CopyFileW
0x4821e0 CreateDirectoryW
0x4821e4 RemoveDirectoryW
0x4821e8 SetSystemPowerState
0x4821ec QueryPerformanceFrequency
0x4821f0 FindResourceW
0x4821f4 LoadResource
0x4821f8 LockResource
0x4821fc SizeofResource
0x482200 GetProcessHeap
0x482204 OutputDebugStringW
0x482208 GetLocalTime
0x48220c CompareStringW
0x482210 CompareStringA
0x482214 InterlockedIncrement
0x482218 InterlockedDecrement
0x48221c DeleteCriticalSection
0x482220 EnterCriticalSection
0x482224 LeaveCriticalSection
0x482228 InitializeCriticalSectionAndSpinCount
0x48222c GetStdHandle
0x482230 CreatePipe
0x482234 InterlockedExchange
0x482238 TerminateThread
0x48223c GetTempPathW
0x482240 GetTempFileNameW
0x482244 VirtualFree
0x482248 FormatMessageW
0x48224c GetExitCodeProcess
0x482250 SetErrorMode
0x482254 GetPrivateProfileStringW
0x482258 WritePrivateProfileStringW
0x48225c GetPrivateProfileSectionW
0x482260 WritePrivateProfileSectionW
0x482264 GetPrivateProfileSectionNamesW
0x482268 FileTimeToLocalFileTime
0x48226c FileTimeToSystemTime
0x482270 SystemTimeToFileTime
0x482274 LocalFileTimeToFileTime
0x482278 GetDriveTypeW
0x48227c GetDiskFreeSpaceExW
0x482280 GetDiskFreeSpaceW
0x482284 GetVolumeInformationW
0x482288 SetVolumeLabelW
0x48228c CreateHardLinkW
0x482290 DeviceIoControl
0x482294 SetFileAttributesW
0x482298 GetShortPathNameW
0x48229c CreateEventW
0x4822a0 SetEvent
0x4822a4 GetEnvironmentVariableW
0x4822a8 SetEnvironmentVariableW
0x4822ac GlobalLock
0x4822b0 GlobalUnlock
0x4822b4 GlobalAlloc
0x4822b8 GetFileSize
0x4822bc GlobalFree
0x4822c0 GlobalMemoryStatusEx
0x4822c4 Beep
0x4822c8 GetComputerNameW
0x4822cc GetWindowsDirectoryW
0x4822d0 GetSystemDirectoryW
0x4822d4 GetCurrentProcessId
0x4822d8 GetCurrentThread
0x4822dc GetProcessIoCounters
0x4822e0 CreateProcessW
0x4822e4 SetPriorityClass
0x4822e8 LoadLibraryW
0x4822ec VirtualAlloc
0x4822f0 LoadLibraryExW
0x4822f4 HeapFree
0x4822f8 WaitForSingleObject
0x4822fc CreateThread
0x482300 DuplicateHandle
0x482304 GetLastError
0x482308 CloseHandle
0x48230c GetCurrentProcess
0x482310 GetProcAddress
0x482314 LoadLibraryA
0x482318 FreeLibrary
0x48231c GetModuleFileNameW
0x482320 GetFullPathNameW
0x482324 ExitProcess
0x482328 ExitThread
0x48232c GetSystemTimeAsFileTime
0x482330 SetCurrentDirectoryW
0x482334 IsDebuggerPresent
0x482338 GetCurrentDirectoryW
0x48233c ResumeThread
0x482340 GetStartupInfoW
0x482344 TlsGetValue
0x482348 TlsAlloc
0x48234c TlsSetValue
0x482350 TlsFree
0x482354 SetLastError
0x482358 HeapSize
0x48235c GetCPInfo
0x482360 GetACP
0x482364 GetOEMCP
0x482368 IsValidCodePage
0x48236c UnhandledExceptionFilter
0x482370 SetUnhandledExceptionFilter
0x482374 GetModuleFileNameA
0x482378 HeapReAlloc
0x48237c HeapCreate
0x482380 SetHandleCount
0x482384 GetFileType
0x482388 GetStartupInfoA
0x48238c SetStdHandle
0x482390 GetConsoleCP
0x482394 GetConsoleMode
0x482398 LCMapStringW
0x48239c LCMapStringA
0x4823a0 RtlUnwind
0x4823a4 SetFilePointer
0x4823a8 GetTimeZoneInformation
0x4823ac GetTimeFormatA
0x4823b0 GetDateFormatA
0x4823b4 FreeEnvironmentStringsW
0x4823b8 GetEnvironmentStringsW
0x4823bc GetCommandLineW
0x4823c0 GetTickCount
0x4823c4 GetStringTypeA
0x4823c8 GetStringTypeW
0x4823cc GetLocaleInfoA
0x4823d0 GetModuleHandleA
0x4823d4 WriteConsoleA
0x4823d8 GetConsoleOutputCP
0x4823dc WriteConsoleW
0x4823e0 CreateFileA
0x4823e4 SetEndOfFile
0x4823e8 EnumResourceNamesW
0x4823ec SetEnvironmentVariableA
USER32.dll
0x48249c SetWindowPos
0x4824a0 GetCursorInfo
0x4824a4 RegisterHotKey
0x4824a8 ClientToScreen
0x4824ac GetKeyboardLayoutNameW
0x4824b0 IsCharAlphaW
0x4824b4 IsCharAlphaNumericW
0x4824b8 IsCharLowerW
0x4824bc IsCharUpperW
0x4824c0 GetMenuStringW
0x4824c4 GetSubMenu
0x4824c8 GetCaretPos
0x4824cc IsZoomed
0x4824d0 MonitorFromPoint
0x4824d4 GetMonitorInfoW
0x4824d8 SetWindowLongW
0x4824dc SetLayeredWindowAttributes
0x4824e0 FlashWindow
0x4824e4 GetClassLongW
0x4824e8 TranslateAcceleratorW
0x4824ec IsDialogMessageW
0x4824f0 GetSysColor
0x4824f4 InflateRect
0x4824f8 DrawFocusRect
0x4824fc DrawTextW
0x482500 FrameRect
0x482504 DrawFrameControl
0x482508 FillRect
0x48250c PtInRect
0x482510 DestroyAcceleratorTable
0x482514 CreateAcceleratorTableW
0x482518 SetCursor
0x48251c GetWindowDC
0x482520 GetSystemMetrics
0x482524 GetActiveWindow
0x482528 CharNextW
0x48252c wsprintfW
0x482530 RedrawWindow
0x482534 DrawMenuBar
0x482538 DestroyMenu
0x48253c SetMenu
0x482540 GetWindowTextLengthW
0x482544 CreateMenu
0x482548 IsDlgButtonChecked
0x48254c DefDlgProcW
0x482550 ReleaseCapture
0x482554 SetCapture
0x482558 WindowFromPoint
0x48255c CreateIconFromResourceEx
0x482560 mouse_event
0x482564 ExitWindowsEx
0x482568 SetActiveWindow
0x48256c FindWindowExW
0x482570 EnumThreadWindows
0x482574 SetMenuDefaultItem
0x482578 InsertMenuItemW
0x48257c IsMenu
0x482580 TrackPopupMenuEx
0x482584 GetCursorPos
0x482588 DeleteMenu
0x48258c CheckMenuRadioItem
0x482590 CopyImage
0x482594 GetMenuItemCount
0x482598 SetMenuItemInfoW
0x48259c GetMenuItemInfoW
0x4825a0 SetForegroundWindow
0x4825a4 IsIconic
0x4825a8 FindWindowW
0x4825ac SystemParametersInfoW
0x4825b0 PeekMessageW
0x4825b4 SendInput
0x4825b8 GetAsyncKeyState
0x4825bc SetKeyboardState
0x4825c0 GetKeyboardState
0x4825c4 GetKeyState
0x4825c8 VkKeyScanW
0x4825cc LoadStringW
0x4825d0 DialogBoxParamW
0x4825d4 MessageBeep
0x4825d8 EndDialog
0x4825dc SendDlgItemMessageW
0x4825e0 GetDlgItem
0x4825e4 SetWindowTextW
0x4825e8 CopyRect
0x4825ec ReleaseDC
0x4825f0 GetDC
0x4825f4 EndPaint
0x4825f8 BeginPaint
0x4825fc GetClientRect
0x482600 GetMenu
0x482604 DestroyWindow
0x482608 EnumWindows
0x48260c GetDesktopWindow
0x482610 IsWindow
0x482614 IsWindowEnabled
0x482618 IsWindowVisible
0x48261c EnableWindow
0x482620 InvalidateRect
0x482624 GetWindowThreadProcessId
0x482628 AttachThreadInput
0x48262c GetFocus
0x482630 GetWindowTextW
0x482634 ScreenToClient
0x482638 SendMessageTimeoutW
0x48263c EnumChildWindows
0x482640 CharUpperBuffW
0x482644 GetClassNameW
0x482648 GetParent
0x48264c GetDlgCtrlID
0x482650 SendMessageW
0x482654 MapVirtualKeyW
0x482658 PostMessageW
0x48265c GetWindowRect
0x482660 SetUserObjectSecurity
0x482664 GetUserObjectSecurity
0x482668 CloseDesktop
0x48266c CloseWindowStation
0x482670 OpenDesktopW
0x482674 SetProcessWindowStation
0x482678 GetProcessWindowStation
0x48267c OpenWindowStationW
0x482680 MessageBoxW
0x482684 DefWindowProcW
0x482688 MoveWindow
0x48268c AdjustWindowRectEx
0x482690 SetRect
0x482694 SetClipboardData
0x482698 EmptyClipboard
0x48269c CountClipboardFormats
0x4826a0 CloseClipboard
0x4826a4 GetClipboardData
0x4826a8 IsClipboardFormatAvailable
0x4826ac OpenClipboard
0x4826b0 BlockInput
0x4826b4 GetMessageW
0x4826b8 LockWindowUpdate
0x4826bc DispatchMessageW
0x4826c0 GetMenuItemID
0x4826c4 TranslateMessage
0x4826c8 SetFocus
0x4826cc PostQuitMessage
0x4826d0 KillTimer
0x4826d4 CreatePopupMenu
0x4826d8 RegisterWindowMessageW
0x4826dc SetTimer
0x4826e0 ShowWindow
0x4826e4 CreateWindowExW
0x4826e8 RegisterClassExW
0x4826ec LoadIconW
0x4826f0 LoadCursorW
0x4826f4 GetSysColorBrush
0x4826f8 GetForegroundWindow
0x4826fc MessageBoxA
0x482700 DestroyIcon
0x482704 UnregisterHotKey
0x482708 CharLowerBuffW
0x48270c MonitorFromRect
0x482710 keybd_event
0x482714 LoadImageW
0x482718 GetWindowLongW
GDI32.dll
0x4820c8 DeleteObject
0x4820cc GetObjectW
0x4820d0 GetTextExtentPoint32W
0x4820d4 ExtCreatePen
0x4820d8 StrokeAndFillPath
0x4820dc StrokePath
0x4820e0 EndPath
0x4820e4 SetPixel
0x4820e8 CloseFigure
0x4820ec CreateCompatibleBitmap
0x4820f0 CreateCompatibleDC
0x4820f4 SelectObject
0x4820f8 StretchBlt
0x4820fc GetDIBits
0x482100 LineTo
0x482104 AngleArc
0x482108 MoveToEx
0x48210c Ellipse
0x482110 PolyDraw
0x482114 BeginPath
0x482118 Rectangle
0x48211c GetDeviceCaps
0x482120 SetBkMode
0x482124 RoundRect
0x482128 SetBkColor
0x48212c CreatePen
0x482130 CreateSolidBrush
0x482134 SetTextColor
0x482138 CreateFontW
0x48213c GetTextFaceW
0x482140 GetStockObject
0x482144 CreateDCW
0x482148 GetPixel
0x48214c DeleteDC
0x482150 SetViewportOrgEx
COMDLG32.dll
0x4820bc GetSaveFileNameW
0x4820c0 GetOpenFileNameW
ADVAPI32.dll
0x482000 RegEnumValueW
0x482004 RegDeleteValueW
0x482008 RegDeleteKeyW
0x48200c RegSetValueExW
0x482010 RegCreateKeyExW
0x482014 GetUserNameW
0x482018 RegConnectRegistryW
0x48201c RegEnumKeyExW
0x482020 CloseServiceHandle
0x482024 UnlockServiceDatabase
0x482028 LockServiceDatabase
0x48202c OpenSCManagerW
0x482030 InitiateSystemShutdownExW
0x482034 AdjustTokenPrivileges
0x482038 RegCloseKey
0x48203c RegQueryValueExW
0x482040 RegOpenKeyExW
0x482044 OpenThreadToken
0x482048 OpenProcessToken
0x48204c LookupPrivilegeValueW
0x482050 DuplicateTokenEx
0x482054 CreateProcessAsUserW
0x482058 CreateProcessWithLogonW
0x48205c InitializeSecurityDescriptor
0x482060 InitializeAcl
0x482064 GetLengthSid
0x482068 SetSecurityDescriptorDacl
0x48206c CopySid
0x482070 LogonUserW
0x482074 GetTokenInformation
0x482078 GetAclInformation
0x48207c GetAce
0x482080 AddAce
0x482084 GetSecurityDescriptorDacl
SHELL32.dll
0x482460 DragQueryPoint
0x482464 ShellExecuteExW
0x482468 SHGetFolderPathW
0x48246c DragQueryFileW
0x482470 SHEmptyRecycleBinW
0x482474 SHBrowseForFolderW
0x482478 SHFileOperationW
0x48247c SHGetPathFromIDListW
0x482480 SHGetDesktopFolder
0x482484 SHGetMalloc
0x482488 ExtractIconExW
0x48248c Shell_NotifyIconW
0x482490 ShellExecuteW
0x482494 DragFinish
ole32.dll
0x4827ec OleSetMenuDescriptor
0x4827f0 MkParseDisplayName
0x4827f4 OleSetContainedObject
0x4827f8 CoInitialize
0x4827fc CoUninitialize
0x482800 CoCreateInstance
0x482804 CreateStreamOnHGlobal
0x482808 CoTaskMemAlloc
0x48280c CoTaskMemFree
0x482810 CLSIDFromString
0x482814 StringFromCLSID
0x482818 IIDFromString
0x48281c StringFromIID
0x482820 OleInitialize
0x482824 CreateBindCtx
0x482828 CLSIDFromProgID
0x48282c CoInitializeSecurity
0x482830 CoCreateInstanceEx
0x482834 CoSetProxyBlanket
0x482838 OleUninitialize
OLEAUT32.dll
0x482408 SafeArrayAllocData
0x48240c SafeArrayAllocDescriptorEx
0x482410 SysAllocString
0x482414 OleLoadPicture
0x482418 SafeArrayGetVartype
0x48241c SafeArrayDestroyData
0x482420 SafeArrayAccessData
0x482424 VarR8FromDec
0x482428 VariantTimeToSystemTime
0x48242c VariantClear
0x482430 VariantCopy
0x482434 VariantInit
0x482438 SafeArrayDestroyDescriptor
0x48243c LoadRegTypeLib
0x482440 GetActiveObject
0x482444 SafeArrayUnaccessData
EAT(Export Address Table) is none
WSOCK32.dll
0x482790 __WSAFDIsSet
0x482794 setsockopt
0x482798 ntohs
0x48279c recvfrom
0x4827a0 sendto
0x4827a4 htons
0x4827a8 select
0x4827ac listen
0x4827b0 WSAStartup
0x4827b4 ind
0x4827b8 closesocket
0x4827bc connect
0x4827c0 socket
0x4827c4 send
0x4827c8 WSACleanup
0x4827cc ioctlsocket
0x4827d0 accept
0x4827d4 WSAGetLastError
0x4827d8 inet_addr
0x4827dc gethostbyname
0x4827e0 gethostname
0x4827e4 recv
VERSION.dll
0x482734 VerQueryValueW
0x482738 GetFileVersionInfoW
0x48273c GetFileVersionInfoSizeW
WINMM.dll
0x482780 timeGetTime
0x482784 waveOutSetVolume
0x482788 mciSendStringW
COMCTL32.dll
0x48208c ImageList_Remove
0x482090 ImageList_SetDragCursorImage
0x482094 ImageList_BeginDrag
0x482098 ImageList_DragEnter
0x48209c ImageList_DragLeave
0x4820a0 ImageList_EndDrag
0x4820a4 ImageList_DragMove
0x4820a8 ImageList_ReplaceIcon
0x4820ac ImageList_Create
0x4820b0 InitCommonControlsEx
0x4820b4 ImageList_Destroy
MPR.dll
0x4823f4 WNetCancelConnection2W
0x4823f8 WNetGetConnectionW
0x4823fc WNetAddConnection2W
0x482400 WNetUseConnectionW
WININET.dll
0x482744 InternetReadFile
0x482748 InternetCloseHandle
0x48274c InternetOpenW
0x482750 InternetSetOptionW
0x482754 InternetCrackUrlW
0x482758 HttpQueryInfoW
0x48275c InternetConnectW
0x482760 HttpOpenRequestW
0x482764 HttpSendRequestW
0x482768 FtpOpenFileW
0x48276c FtpGetFileSize
0x482770 InternetOpenUrlW
0x482774 InternetQueryOptionW
0x482778 InternetQueryDataAvailable
PSAPI.DLL
0x48244c EnumProcesses
0x482450 GetModuleBaseNameW
0x482454 GetProcessMemoryInfo
0x482458 EnumProcessModules
USERENV.dll
0x482720 CreateEnvironmentBlock
0x482724 DestroyEnvironmentBlock
0x482728 UnloadUserProfile
0x48272c LoadUserProfileW
KERNEL32.dll
0x482158 HeapAlloc
0x48215c Sleep
0x482160 GetCurrentThreadId
0x482164 RaiseException
0x482168 MulDiv
0x48216c GetVersionExW
0x482170 GetSystemInfo
0x482174 MultiByteToWideChar
0x482178 WideCharToMultiByte
0x48217c GetModuleHandleW
0x482180 QueryPerformanceCounter
0x482184 VirtualFreeEx
0x482188 OpenProcess
0x48218c VirtualAllocEx
0x482190 WriteProcessMemory
0x482194 ReadProcessMemory
0x482198 CreateFileW
0x48219c SetFilePointerEx
0x4821a0 ReadFile
0x4821a4 WriteFile
0x4821a8 FlushFileBuffers
0x4821ac TerminateProcess
0x4821b0 CreateToolhelp32Snapshot
0x4821b4 Process32FirstW
0x4821b8 Process32NextW
0x4821bc SetFileTime
0x4821c0 GetFileAttributesW
0x4821c4 FindFirstFileW
0x4821c8 FindClose
0x4821cc DeleteFileW
0x4821d0 FindNextFileW
0x4821d4 lstrcmpiW
0x4821d8 MoveFileW
0x4821dc CopyFileW
0x4821e0 CreateDirectoryW
0x4821e4 RemoveDirectoryW
0x4821e8 SetSystemPowerState
0x4821ec QueryPerformanceFrequency
0x4821f0 FindResourceW
0x4821f4 LoadResource
0x4821f8 LockResource
0x4821fc SizeofResource
0x482200 GetProcessHeap
0x482204 OutputDebugStringW
0x482208 GetLocalTime
0x48220c CompareStringW
0x482210 CompareStringA
0x482214 InterlockedIncrement
0x482218 InterlockedDecrement
0x48221c DeleteCriticalSection
0x482220 EnterCriticalSection
0x482224 LeaveCriticalSection
0x482228 InitializeCriticalSectionAndSpinCount
0x48222c GetStdHandle
0x482230 CreatePipe
0x482234 InterlockedExchange
0x482238 TerminateThread
0x48223c GetTempPathW
0x482240 GetTempFileNameW
0x482244 VirtualFree
0x482248 FormatMessageW
0x48224c GetExitCodeProcess
0x482250 SetErrorMode
0x482254 GetPrivateProfileStringW
0x482258 WritePrivateProfileStringW
0x48225c GetPrivateProfileSectionW
0x482260 WritePrivateProfileSectionW
0x482264 GetPrivateProfileSectionNamesW
0x482268 FileTimeToLocalFileTime
0x48226c FileTimeToSystemTime
0x482270 SystemTimeToFileTime
0x482274 LocalFileTimeToFileTime
0x482278 GetDriveTypeW
0x48227c GetDiskFreeSpaceExW
0x482280 GetDiskFreeSpaceW
0x482284 GetVolumeInformationW
0x482288 SetVolumeLabelW
0x48228c CreateHardLinkW
0x482290 DeviceIoControl
0x482294 SetFileAttributesW
0x482298 GetShortPathNameW
0x48229c CreateEventW
0x4822a0 SetEvent
0x4822a4 GetEnvironmentVariableW
0x4822a8 SetEnvironmentVariableW
0x4822ac GlobalLock
0x4822b0 GlobalUnlock
0x4822b4 GlobalAlloc
0x4822b8 GetFileSize
0x4822bc GlobalFree
0x4822c0 GlobalMemoryStatusEx
0x4822c4 Beep
0x4822c8 GetComputerNameW
0x4822cc GetWindowsDirectoryW
0x4822d0 GetSystemDirectoryW
0x4822d4 GetCurrentProcessId
0x4822d8 GetCurrentThread
0x4822dc GetProcessIoCounters
0x4822e0 CreateProcessW
0x4822e4 SetPriorityClass
0x4822e8 LoadLibraryW
0x4822ec VirtualAlloc
0x4822f0 LoadLibraryExW
0x4822f4 HeapFree
0x4822f8 WaitForSingleObject
0x4822fc CreateThread
0x482300 DuplicateHandle
0x482304 GetLastError
0x482308 CloseHandle
0x48230c GetCurrentProcess
0x482310 GetProcAddress
0x482314 LoadLibraryA
0x482318 FreeLibrary
0x48231c GetModuleFileNameW
0x482320 GetFullPathNameW
0x482324 ExitProcess
0x482328 ExitThread
0x48232c GetSystemTimeAsFileTime
0x482330 SetCurrentDirectoryW
0x482334 IsDebuggerPresent
0x482338 GetCurrentDirectoryW
0x48233c ResumeThread
0x482340 GetStartupInfoW
0x482344 TlsGetValue
0x482348 TlsAlloc
0x48234c TlsSetValue
0x482350 TlsFree
0x482354 SetLastError
0x482358 HeapSize
0x48235c GetCPInfo
0x482360 GetACP
0x482364 GetOEMCP
0x482368 IsValidCodePage
0x48236c UnhandledExceptionFilter
0x482370 SetUnhandledExceptionFilter
0x482374 GetModuleFileNameA
0x482378 HeapReAlloc
0x48237c HeapCreate
0x482380 SetHandleCount
0x482384 GetFileType
0x482388 GetStartupInfoA
0x48238c SetStdHandle
0x482390 GetConsoleCP
0x482394 GetConsoleMode
0x482398 LCMapStringW
0x48239c LCMapStringA
0x4823a0 RtlUnwind
0x4823a4 SetFilePointer
0x4823a8 GetTimeZoneInformation
0x4823ac GetTimeFormatA
0x4823b0 GetDateFormatA
0x4823b4 FreeEnvironmentStringsW
0x4823b8 GetEnvironmentStringsW
0x4823bc GetCommandLineW
0x4823c0 GetTickCount
0x4823c4 GetStringTypeA
0x4823c8 GetStringTypeW
0x4823cc GetLocaleInfoA
0x4823d0 GetModuleHandleA
0x4823d4 WriteConsoleA
0x4823d8 GetConsoleOutputCP
0x4823dc WriteConsoleW
0x4823e0 CreateFileA
0x4823e4 SetEndOfFile
0x4823e8 EnumResourceNamesW
0x4823ec SetEnvironmentVariableA
USER32.dll
0x48249c SetWindowPos
0x4824a0 GetCursorInfo
0x4824a4 RegisterHotKey
0x4824a8 ClientToScreen
0x4824ac GetKeyboardLayoutNameW
0x4824b0 IsCharAlphaW
0x4824b4 IsCharAlphaNumericW
0x4824b8 IsCharLowerW
0x4824bc IsCharUpperW
0x4824c0 GetMenuStringW
0x4824c4 GetSubMenu
0x4824c8 GetCaretPos
0x4824cc IsZoomed
0x4824d0 MonitorFromPoint
0x4824d4 GetMonitorInfoW
0x4824d8 SetWindowLongW
0x4824dc SetLayeredWindowAttributes
0x4824e0 FlashWindow
0x4824e4 GetClassLongW
0x4824e8 TranslateAcceleratorW
0x4824ec IsDialogMessageW
0x4824f0 GetSysColor
0x4824f4 InflateRect
0x4824f8 DrawFocusRect
0x4824fc DrawTextW
0x482500 FrameRect
0x482504 DrawFrameControl
0x482508 FillRect
0x48250c PtInRect
0x482510 DestroyAcceleratorTable
0x482514 CreateAcceleratorTableW
0x482518 SetCursor
0x48251c GetWindowDC
0x482520 GetSystemMetrics
0x482524 GetActiveWindow
0x482528 CharNextW
0x48252c wsprintfW
0x482530 RedrawWindow
0x482534 DrawMenuBar
0x482538 DestroyMenu
0x48253c SetMenu
0x482540 GetWindowTextLengthW
0x482544 CreateMenu
0x482548 IsDlgButtonChecked
0x48254c DefDlgProcW
0x482550 ReleaseCapture
0x482554 SetCapture
0x482558 WindowFromPoint
0x48255c CreateIconFromResourceEx
0x482560 mouse_event
0x482564 ExitWindowsEx
0x482568 SetActiveWindow
0x48256c FindWindowExW
0x482570 EnumThreadWindows
0x482574 SetMenuDefaultItem
0x482578 InsertMenuItemW
0x48257c IsMenu
0x482580 TrackPopupMenuEx
0x482584 GetCursorPos
0x482588 DeleteMenu
0x48258c CheckMenuRadioItem
0x482590 CopyImage
0x482594 GetMenuItemCount
0x482598 SetMenuItemInfoW
0x48259c GetMenuItemInfoW
0x4825a0 SetForegroundWindow
0x4825a4 IsIconic
0x4825a8 FindWindowW
0x4825ac SystemParametersInfoW
0x4825b0 PeekMessageW
0x4825b4 SendInput
0x4825b8 GetAsyncKeyState
0x4825bc SetKeyboardState
0x4825c0 GetKeyboardState
0x4825c4 GetKeyState
0x4825c8 VkKeyScanW
0x4825cc LoadStringW
0x4825d0 DialogBoxParamW
0x4825d4 MessageBeep
0x4825d8 EndDialog
0x4825dc SendDlgItemMessageW
0x4825e0 GetDlgItem
0x4825e4 SetWindowTextW
0x4825e8 CopyRect
0x4825ec ReleaseDC
0x4825f0 GetDC
0x4825f4 EndPaint
0x4825f8 BeginPaint
0x4825fc GetClientRect
0x482600 GetMenu
0x482604 DestroyWindow
0x482608 EnumWindows
0x48260c GetDesktopWindow
0x482610 IsWindow
0x482614 IsWindowEnabled
0x482618 IsWindowVisible
0x48261c EnableWindow
0x482620 InvalidateRect
0x482624 GetWindowThreadProcessId
0x482628 AttachThreadInput
0x48262c GetFocus
0x482630 GetWindowTextW
0x482634 ScreenToClient
0x482638 SendMessageTimeoutW
0x48263c EnumChildWindows
0x482640 CharUpperBuffW
0x482644 GetClassNameW
0x482648 GetParent
0x48264c GetDlgCtrlID
0x482650 SendMessageW
0x482654 MapVirtualKeyW
0x482658 PostMessageW
0x48265c GetWindowRect
0x482660 SetUserObjectSecurity
0x482664 GetUserObjectSecurity
0x482668 CloseDesktop
0x48266c CloseWindowStation
0x482670 OpenDesktopW
0x482674 SetProcessWindowStation
0x482678 GetProcessWindowStation
0x48267c OpenWindowStationW
0x482680 MessageBoxW
0x482684 DefWindowProcW
0x482688 MoveWindow
0x48268c AdjustWindowRectEx
0x482690 SetRect
0x482694 SetClipboardData
0x482698 EmptyClipboard
0x48269c CountClipboardFormats
0x4826a0 CloseClipboard
0x4826a4 GetClipboardData
0x4826a8 IsClipboardFormatAvailable
0x4826ac OpenClipboard
0x4826b0 BlockInput
0x4826b4 GetMessageW
0x4826b8 LockWindowUpdate
0x4826bc DispatchMessageW
0x4826c0 GetMenuItemID
0x4826c4 TranslateMessage
0x4826c8 SetFocus
0x4826cc PostQuitMessage
0x4826d0 KillTimer
0x4826d4 CreatePopupMenu
0x4826d8 RegisterWindowMessageW
0x4826dc SetTimer
0x4826e0 ShowWindow
0x4826e4 CreateWindowExW
0x4826e8 RegisterClassExW
0x4826ec LoadIconW
0x4826f0 LoadCursorW
0x4826f4 GetSysColorBrush
0x4826f8 GetForegroundWindow
0x4826fc MessageBoxA
0x482700 DestroyIcon
0x482704 UnregisterHotKey
0x482708 CharLowerBuffW
0x48270c MonitorFromRect
0x482710 keybd_event
0x482714 LoadImageW
0x482718 GetWindowLongW
GDI32.dll
0x4820c8 DeleteObject
0x4820cc GetObjectW
0x4820d0 GetTextExtentPoint32W
0x4820d4 ExtCreatePen
0x4820d8 StrokeAndFillPath
0x4820dc StrokePath
0x4820e0 EndPath
0x4820e4 SetPixel
0x4820e8 CloseFigure
0x4820ec CreateCompatibleBitmap
0x4820f0 CreateCompatibleDC
0x4820f4 SelectObject
0x4820f8 StretchBlt
0x4820fc GetDIBits
0x482100 LineTo
0x482104 AngleArc
0x482108 MoveToEx
0x48210c Ellipse
0x482110 PolyDraw
0x482114 BeginPath
0x482118 Rectangle
0x48211c GetDeviceCaps
0x482120 SetBkMode
0x482124 RoundRect
0x482128 SetBkColor
0x48212c CreatePen
0x482130 CreateSolidBrush
0x482134 SetTextColor
0x482138 CreateFontW
0x48213c GetTextFaceW
0x482140 GetStockObject
0x482144 CreateDCW
0x482148 GetPixel
0x48214c DeleteDC
0x482150 SetViewportOrgEx
COMDLG32.dll
0x4820bc GetSaveFileNameW
0x4820c0 GetOpenFileNameW
ADVAPI32.dll
0x482000 RegEnumValueW
0x482004 RegDeleteValueW
0x482008 RegDeleteKeyW
0x48200c RegSetValueExW
0x482010 RegCreateKeyExW
0x482014 GetUserNameW
0x482018 RegConnectRegistryW
0x48201c RegEnumKeyExW
0x482020 CloseServiceHandle
0x482024 UnlockServiceDatabase
0x482028 LockServiceDatabase
0x48202c OpenSCManagerW
0x482030 InitiateSystemShutdownExW
0x482034 AdjustTokenPrivileges
0x482038 RegCloseKey
0x48203c RegQueryValueExW
0x482040 RegOpenKeyExW
0x482044 OpenThreadToken
0x482048 OpenProcessToken
0x48204c LookupPrivilegeValueW
0x482050 DuplicateTokenEx
0x482054 CreateProcessAsUserW
0x482058 CreateProcessWithLogonW
0x48205c InitializeSecurityDescriptor
0x482060 InitializeAcl
0x482064 GetLengthSid
0x482068 SetSecurityDescriptorDacl
0x48206c CopySid
0x482070 LogonUserW
0x482074 GetTokenInformation
0x482078 GetAclInformation
0x48207c GetAce
0x482080 AddAce
0x482084 GetSecurityDescriptorDacl
SHELL32.dll
0x482460 DragQueryPoint
0x482464 ShellExecuteExW
0x482468 SHGetFolderPathW
0x48246c DragQueryFileW
0x482470 SHEmptyRecycleBinW
0x482474 SHBrowseForFolderW
0x482478 SHFileOperationW
0x48247c SHGetPathFromIDListW
0x482480 SHGetDesktopFolder
0x482484 SHGetMalloc
0x482488 ExtractIconExW
0x48248c Shell_NotifyIconW
0x482490 ShellExecuteW
0x482494 DragFinish
ole32.dll
0x4827ec OleSetMenuDescriptor
0x4827f0 MkParseDisplayName
0x4827f4 OleSetContainedObject
0x4827f8 CoInitialize
0x4827fc CoUninitialize
0x482800 CoCreateInstance
0x482804 CreateStreamOnHGlobal
0x482808 CoTaskMemAlloc
0x48280c CoTaskMemFree
0x482810 CLSIDFromString
0x482814 StringFromCLSID
0x482818 IIDFromString
0x48281c StringFromIID
0x482820 OleInitialize
0x482824 CreateBindCtx
0x482828 CLSIDFromProgID
0x48282c CoInitializeSecurity
0x482830 CoCreateInstanceEx
0x482834 CoSetProxyBlanket
0x482838 OleUninitialize
OLEAUT32.dll
0x482408 SafeArrayAllocData
0x48240c SafeArrayAllocDescriptorEx
0x482410 SysAllocString
0x482414 OleLoadPicture
0x482418 SafeArrayGetVartype
0x48241c SafeArrayDestroyData
0x482420 SafeArrayAccessData
0x482424 VarR8FromDec
0x482428 VariantTimeToSystemTime
0x48242c VariantClear
0x482430 VariantCopy
0x482434 VariantInit
0x482438 SafeArrayDestroyDescriptor
0x48243c LoadRegTypeLib
0x482440 GetActiveObject
0x482444 SafeArrayUnaccessData
EAT(Export Address Table) is none