ScreenShot
| Created | 2024.11.13 14:18 | Machine | s1_win7_x6401 |
| Filename | Ghost_1.5.11.5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, KillFiles, Malicious, score, StartPageAutoIt, Unsafe, confidence, AXDZ, Autoit, AE suspicious, DarkKomet, Kryptik, high, Detected, Artemis, Igent, bYrcol, susgen) | ||
| md5 | 5192f8f21b79c8dc3990cc292f26b687 | ||
| sha256 | bf0b5d066eff13faa1417861c9355eb7001e634013e6520d22639cb087098341 | ||
| ssdeep | 393216:Bk6YLfSunp9MeiwRonMyfAA0TW5n8eSbkH3yuQFrA9moDW46A:y6aflnp9MeiCongoGeSbkXAA9mo/ | ||
| imphash | 6796132c42f0748def65d2c190e9ecc8 | ||
| impfuzzy | 192:utI6w4QGEI3Oli3g391Pi8UEWTPwneBUUUwNKL6:sI6w1GEIii8rKlwnHwNKL6 | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Detects virtualization software with SCSI Disk Identifier trick(s) |
| watch | Queries information on disks |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | At least one process apparently crashed during execution |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | IAmTheKing_Family | IAmTheKing Family | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | Microsoft_Office_File_Downloader_Zero | Microsoft Office File Downloader | binaries (download) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x4877b0 __WSAFDIsSet
0x4877b4 setsockopt
0x4877b8 ntohs
0x4877bc recvfrom
0x4877c0 sendto
0x4877c4 htons
0x4877c8 select
0x4877cc listen
0x4877d0 WSAStartup
0x4877d4 ind
0x4877d8 closesocket
0x4877dc connect
0x4877e0 socket
0x4877e4 send
0x4877e8 WSACleanup
0x4877ec ioctlsocket
0x4877f0 accept
0x4877f4 WSAGetLastError
0x4877f8 inet_addr
0x4877fc gethostbyname
0x487800 gethostname
0x487804 recv
VERSION.dll
0x487754 VerQueryValueW
0x487758 GetFileVersionInfoW
0x48775c GetFileVersionInfoSizeW
WINMM.dll
0x4877a0 timeGetTime
0x4877a4 waveOutSetVolume
0x4877a8 mciSendStringW
COMCTL32.dll
0x487098 ImageList_DragEnter
0x48709c ImageList_DragLeave
0x4870a0 ImageList_EndDrag
0x4870a4 ImageList_DragMove
0x4870a8 ImageList_SetDragCursorImage
0x4870ac ImageList_Remove
0x4870b0 ImageList_Destroy
0x4870b4 ImageList_ReplaceIcon
0x4870b8 ImageList_Create
0x4870bc InitCommonControlsEx
0x4870c0 ImageList_BeginDrag
MPR.dll
0x4873e4 WNetUseConnectionW
0x4873e8 WNetCancelConnection2W
0x4873ec WNetGetConnectionW
0x4873f0 WNetAddConnection2W
WININET.dll
0x487764 InternetReadFile
0x487768 InternetCloseHandle
0x48776c InternetOpenW
0x487770 InternetSetOptionW
0x487774 InternetCrackUrlW
0x487778 HttpQueryInfoW
0x48777c InternetConnectW
0x487780 HttpOpenRequestW
0x487784 HttpSendRequestW
0x487788 FtpOpenFileW
0x48778c FtpGetFileSize
0x487790 InternetOpenUrlW
0x487794 InternetQueryOptionW
0x487798 InternetQueryDataAvailable
PSAPI.DLL
0x48746c EnumProcesses
0x487470 GetModuleBaseNameW
0x487474 GetProcessMemoryInfo
0x487478 EnumProcessModules
USERENV.dll
0x487740 CreateEnvironmentBlock
0x487744 DestroyEnvironmentBlock
0x487748 UnloadUserProfile
0x48774c LoadUserProfileW
KERNEL32.dll
0x487164 HeapFree
0x487168 Sleep
0x48716c GetCurrentThreadId
0x487170 MulDiv
0x487174 GetVersionExW
0x487178 GetSystemInfo
0x48717c SetErrorMode
0x487180 InterlockedIncrement
0x487184 InterlockedDecrement
0x487188 WideCharToMultiByte
0x48718c lstrcpyW
0x487190 MultiByteToWideChar
0x487194 lstrlenW
0x487198 GetModuleHandleW
0x48719c QueryPerformanceCounter
0x4871a0 VirtualFreeEx
0x4871a4 OpenProcess
0x4871a8 VirtualAllocEx
0x4871ac WriteProcessMemory
0x4871b0 ReadProcessMemory
0x4871b4 CreateFileW
0x4871b8 SetFilePointerEx
0x4871bc ReadFile
0x4871c0 WriteFile
0x4871c4 FlushFileBuffers
0x4871c8 TerminateProcess
0x4871cc CreateToolhelp32Snapshot
0x4871d0 Process32FirstW
0x4871d4 Process32NextW
0x4871d8 SetFileTime
0x4871dc GetFileAttributesW
0x4871e0 FindFirstFileW
0x4871e4 FindClose
0x4871e8 DeleteFileW
0x4871ec FindNextFileW
0x4871f0 MoveFileW
0x4871f4 CopyFileW
0x4871f8 CreateDirectoryW
0x4871fc GetProcessHeap
0x487200 SetSystemPowerState
0x487204 QueryPerformanceFrequency
0x487208 FindResourceW
0x48720c LoadResource
0x487210 LockResource
0x487214 SizeofResource
0x487218 EnumResourceNamesW
0x48721c OutputDebugStringW
0x487220 GetLocalTime
0x487224 CompareStringW
0x487228 DeleteCriticalSection
0x48722c EnterCriticalSection
0x487230 LeaveCriticalSection
0x487234 InitializeCriticalSectionAndSpinCount
0x487238 GetStdHandle
0x48723c CreatePipe
0x487240 InterlockedExchange
0x487244 TerminateThread
0x487248 GetTempPathW
0x48724c GetTempFileNameW
0x487250 VirtualFree
0x487254 FormatMessageW
0x487258 GetExitCodeProcess
0x48725c GetPrivateProfileStringW
0x487260 WritePrivateProfileStringW
0x487264 GetPrivateProfileSectionW
0x487268 WritePrivateProfileSectionW
0x48726c GetPrivateProfileSectionNamesW
0x487270 FileTimeToLocalFileTime
0x487274 FileTimeToSystemTime
0x487278 SystemTimeToFileTime
0x48727c LocalFileTimeToFileTime
0x487280 GetDriveTypeW
0x487284 GetDiskFreeSpaceExW
0x487288 GetDiskFreeSpaceW
0x48728c GetVolumeInformationW
0x487290 SetVolumeLabelW
0x487294 CreateHardLinkW
0x487298 DeviceIoControl
0x48729c SetFileAttributesW
0x4872a0 GetShortPathNameW
0x4872a4 CreateEventW
0x4872a8 SetEvent
0x4872ac GetEnvironmentVariableW
0x4872b0 SetEnvironmentVariableW
0x4872b4 GlobalLock
0x4872b8 GlobalUnlock
0x4872bc GlobalAlloc
0x4872c0 GetFileSize
0x4872c4 GlobalFree
0x4872c8 GlobalMemoryStatusEx
0x4872cc Beep
0x4872d0 GetSystemDirectoryW
0x4872d4 GetComputerNameW
0x4872d8 GetWindowsDirectoryW
0x4872dc GetCurrentProcessId
0x4872e0 GetProcessIoCounters
0x4872e4 CreateProcessW
0x4872e8 SetPriorityClass
0x4872ec LoadLibraryW
0x4872f0 VirtualAlloc
0x4872f4 LoadLibraryExW
0x4872f8 HeapAlloc
0x4872fc WaitForSingleObject
0x487300 CreateThread
0x487304 DuplicateHandle
0x487308 GetCurrentProcess
0x48730c GetCurrentThread
0x487310 CloseHandle
0x487314 GetLastError
0x487318 GetProcAddress
0x48731c LoadLibraryA
0x487320 FreeLibrary
0x487324 GetModuleFileNameW
0x487328 GetFullPathNameW
0x48732c SetCurrentDirectoryW
0x487330 IsDebuggerPresent
0x487334 GetCurrentDirectoryW
0x487338 lstrcmpiW
0x48733c RaiseException
0x487340 ExitProcess
0x487344 ExitThread
0x487348 GetSystemTimeAsFileTime
0x48734c ResumeThread
0x487350 GetTimeFormatW
0x487354 GetDateFormatW
0x487358 GetCommandLineW
0x48735c GetStartupInfoW
0x487360 IsProcessorFeaturePresent
0x487364 HeapSize
0x487368 GetCPInfo
0x48736c GetACP
0x487370 GetOEMCP
0x487374 IsValidCodePage
0x487378 TlsAlloc
0x48737c TlsGetValue
0x487380 TlsSetValue
0x487384 TlsFree
0x487388 SetLastError
0x48738c UnhandledExceptionFilter
0x487390 SetUnhandledExceptionFilter
0x487394 GetStringTypeW
0x487398 HeapCreate
0x48739c SetHandleCount
0x4873a0 GetFileType
0x4873a4 SetStdHandle
0x4873a8 GetConsoleCP
0x4873ac GetConsoleMode
0x4873b0 LCMapStringW
0x4873b4 RtlUnwind
0x4873b8 SetFilePointer
0x4873bc GetTimeZoneInformation
0x4873c0 FreeEnvironmentStringsW
0x4873c4 GetEnvironmentStringsW
0x4873c8 GetTickCount
0x4873cc HeapReAlloc
0x4873d0 WriteConsoleW
0x4873d4 SetEndOfFile
0x4873d8 RemoveDirectoryW
0x4873dc SetEnvironmentVariableA
USER32.dll
0x4874bc IsCharUpperW
0x4874c0 GetMenuStringW
0x4874c4 GetSubMenu
0x4874c8 GetCaretPos
0x4874cc IsZoomed
0x4874d0 MonitorFromPoint
0x4874d4 GetMonitorInfoW
0x4874d8 SetWindowLongW
0x4874dc SetLayeredWindowAttributes
0x4874e0 FlashWindow
0x4874e4 GetClassLongW
0x4874e8 TranslateAcceleratorW
0x4874ec IsDialogMessageW
0x4874f0 GetSysColor
0x4874f4 InflateRect
0x4874f8 DrawFocusRect
0x4874fc DrawTextW
0x487500 FrameRect
0x487504 DrawFrameControl
0x487508 FillRect
0x48750c PtInRect
0x487510 DestroyAcceleratorTable
0x487514 CreateAcceleratorTableW
0x487518 SetCursor
0x48751c GetWindowDC
0x487520 GetSystemMetrics
0x487524 GetActiveWindow
0x487528 CharNextW
0x48752c wsprintfW
0x487530 RedrawWindow
0x487534 DrawMenuBar
0x487538 DestroyMenu
0x48753c SetMenu
0x487540 GetWindowTextLengthW
0x487544 CreateMenu
0x487548 IsDlgButtonChecked
0x48754c DefDlgProcW
0x487550 ReleaseCapture
0x487554 SetCapture
0x487558 WindowFromPoint
0x48755c LockWindowUpdate
0x487560 DispatchMessageW
0x487564 TranslateMessage
0x487568 PeekMessageW
0x48756c UnregisterHotKey
0x487570 CharLowerBuffW
0x487574 MonitorFromRect
0x487578 LoadImageW
0x48757c CreateIconFromResourceEx
0x487580 mouse_event
0x487584 ExitWindowsEx
0x487588 SetActiveWindow
0x48758c FindWindowExW
0x487590 EnumThreadWindows
0x487594 SetMenuDefaultItem
0x487598 InsertMenuItemW
0x48759c IsMenu
0x4875a0 TrackPopupMenuEx
0x4875a4 GetCursorPos
0x4875a8 IsCharLowerW
0x4875ac CheckMenuRadioItem
0x4875b0 GetMenuItemID
0x4875b4 GetMenuItemCount
0x4875b8 SetMenuItemInfoW
0x4875bc GetMenuItemInfoW
0x4875c0 SetForegroundWindow
0x4875c4 IsIconic
0x4875c8 FindWindowW
0x4875cc SystemParametersInfoW
0x4875d0 GetClipboardData
0x4875d4 SendInput
0x4875d8 GetAsyncKeyState
0x4875dc SetKeyboardState
0x4875e0 GetKeyboardState
0x4875e4 GetKeyState
0x4875e8 VkKeyScanW
0x4875ec LoadStringW
0x4875f0 DialogBoxParamW
0x4875f4 MessageBeep
0x4875f8 EndDialog
0x4875fc SendDlgItemMessageW
0x487600 GetDlgItem
0x487604 SetWindowTextW
0x487608 CopyRect
0x48760c ReleaseDC
0x487610 GetDC
0x487614 EndPaint
0x487618 BeginPaint
0x48761c GetClientRect
0x487620 GetMenu
0x487624 DestroyWindow
0x487628 EnumWindows
0x48762c GetDesktopWindow
0x487630 IsWindow
0x487634 IsWindowEnabled
0x487638 EnableWindow
0x48763c InvalidateRect
0x487640 GetWindowLongW
0x487644 GetWindowThreadProcessId
0x487648 AttachThreadInput
0x48764c GetFocus
0x487650 GetWindowTextW
0x487654 ScreenToClient
0x487658 SendMessageTimeoutW
0x48765c EnumChildWindows
0x487660 CharUpperBuffW
0x487664 GetClassNameW
0x487668 GetParent
0x48766c GetDlgCtrlID
0x487670 SendMessageW
0x487674 MapVirtualKeyW
0x487678 PostMessageW
0x48767c GetWindowRect
0x487680 SetUserObjectSecurity
0x487684 CloseDesktop
0x487688 CloseWindowStation
0x48768c OpenDesktopW
0x487690 SetProcessWindowStation
0x487694 GetProcessWindowStation
0x487698 IsCharAlphaNumericW
0x48769c IsCharAlphaW
0x4876a0 GetKeyboardLayoutNameW
0x4876a4 ClientToScreen
0x4876a8 RegisterHotKey
0x4876ac GetCursorInfo
0x4876b0 SetWindowPos
0x4876b4 CopyImage
0x4876b8 AdjustWindowRectEx
0x4876bc SetRect
0x4876c0 SetClipboardData
0x4876c4 EmptyClipboard
0x4876c8 CountClipboardFormats
0x4876cc DeleteMenu
0x4876d0 CloseClipboard
0x4876d4 OpenWindowStationW
0x4876d8 GetUserObjectSecurity
0x4876dc MessageBoxW
0x4876e0 DefWindowProcW
0x4876e4 MoveWindow
0x4876e8 SetFocus
0x4876ec PostQuitMessage
0x4876f0 KillTimer
0x4876f4 CreatePopupMenu
0x4876f8 RegisterWindowMessageW
0x4876fc SetTimer
0x487700 ShowWindow
0x487704 CreateWindowExW
0x487708 RegisterClassExW
0x48770c LoadIconW
0x487710 LoadCursorW
0x487714 GetSysColorBrush
0x487718 GetForegroundWindow
0x48771c MessageBoxA
0x487720 DestroyIcon
0x487724 IsClipboardFormatAvailable
0x487728 OpenClipboard
0x48772c BlockInput
0x487730 keybd_event
0x487734 GetMessageW
0x487738 IsWindowVisible
GDI32.dll
0x4870d4 EndPath
0x4870d8 GetTextExtentPoint32W
0x4870dc DeleteObject
0x4870e0 ExtCreatePen
0x4870e4 StrokeAndFillPath
0x4870e8 GetDeviceCaps
0x4870ec CreateCompatibleBitmap
0x4870f0 CreateCompatibleDC
0x4870f4 SelectObject
0x4870f8 StretchBlt
0x4870fc GetDIBits
0x487100 SetPixel
0x487104 CloseFigure
0x487108 DeleteDC
0x48710c GetPixel
0x487110 CreateDCW
0x487114 LineTo
0x487118 AngleArc
0x48711c MoveToEx
0x487120 Ellipse
0x487124 PolyDraw
0x487128 BeginPath
0x48712c Rectangle
0x487130 SetViewportOrgEx
0x487134 GetObjectW
0x487138 SetBkMode
0x48713c RoundRect
0x487140 SetBkColor
0x487144 CreatePen
0x487148 CreateSolidBrush
0x48714c SetTextColor
0x487150 CreateFontW
0x487154 GetTextFaceW
0x487158 GetStockObject
0x48715c StrokePath
COMDLG32.dll
0x4870c8 GetSaveFileNameW
0x4870cc GetOpenFileNameW
ADVAPI32.dll
0x487000 RegEnumValueW
0x487004 RegDeleteValueW
0x487008 RegDeleteKeyW
0x48700c RegEnumKeyExW
0x487010 RegSetValueExW
0x487014 RegCreateKeyExW
0x487018 RegOpenKeyExW
0x48701c RegCloseKey
0x487020 RegQueryValueExW
0x487024 RegConnectRegistryW
0x487028 InitializeSecurityDescriptor
0x48702c InitializeAcl
0x487030 AdjustTokenPrivileges
0x487034 OpenThreadToken
0x487038 OpenProcessToken
0x48703c LookupPrivilegeValueW
0x487040 DuplicateTokenEx
0x487044 CreateProcessAsUserW
0x487048 CreateProcessWithLogonW
0x48704c GetLengthSid
0x487050 GetUserNameW
0x487054 CopySid
0x487058 LogonUserW
0x48705c AllocateAndInitializeSid
0x487060 CheckTokenMembership
0x487064 FreeSid
0x487068 GetTokenInformation
0x48706c GetSecurityDescriptorDacl
0x487070 GetAclInformation
0x487074 GetAce
0x487078 AddAce
0x48707c InitiateSystemShutdownExW
0x487080 OpenSCManagerW
0x487084 LockServiceDatabase
0x487088 UnlockServiceDatabase
0x48708c CloseServiceHandle
0x487090 SetSecurityDescriptorDacl
SHELL32.dll
0x487480 DragQueryPoint
0x487484 ShellExecuteExW
0x487488 SHGetFolderPathW
0x48748c DragQueryFileW
0x487490 SHEmptyRecycleBinW
0x487494 SHBrowseForFolderW
0x487498 SHFileOperationW
0x48749c SHGetPathFromIDListW
0x4874a0 SHGetDesktopFolder
0x4874a4 SHGetMalloc
0x4874a8 ExtractIconExW
0x4874ac Shell_NotifyIconW
0x4874b0 ShellExecuteW
0x4874b4 DragFinish
ole32.dll
0x48780c CoTaskMemAlloc
0x487810 CoTaskMemFree
0x487814 CLSIDFromString
0x487818 ProgIDFromCLSID
0x48781c CLSIDFromProgID
0x487820 OleSetMenuDescriptor
0x487824 MkParseDisplayName
0x487828 OleSetContainedObject
0x48782c CoCreateInstance
0x487830 IIDFromString
0x487834 StringFromGUID2
0x487838 CoInitialize
0x48783c CoUninitialize
0x487840 CreateStreamOnHGlobal
0x487844 GetRunningObjectTable
0x487848 CoGetInstanceFromFile
0x48784c CoGetObject
0x487850 CoInitializeSecurity
0x487854 CoCreateInstanceEx
0x487858 CoSetProxyBlanket
OLEAUT32.dll
0x4873f8 VariantCopyInd
0x4873fc DispCallFunc
0x487400 CreateStdDispatch
0x487404 CreateDispTypeInfo
0x487408 UnRegisterTypeLib
0x48740c UnRegisterTypeLibForUser
0x487410 RegisterTypeLibForUser
0x487414 RegisterTypeLib
0x487418 LoadTypeLibEx
0x48741c SafeArrayDestroyDescriptor
0x487420 SafeArrayDestroyData
0x487424 VariantChangeType
0x487428 SafeArrayAccessData
0x48742c SafeArrayAllocData
0x487430 SafeArrayAllocDescriptorEx
0x487434 OleLoadPicture
0x487438 QueryPathOfRegTypeLib
0x48743c SafeArrayCreateVector
0x487440 SysAllocString
0x487444 SysFreeString
0x487448 VariantInit
0x48744c VariantClear
0x487450 SysStringLen
0x487454 VariantTimeToSystemTime
0x487458 VarR8FromDec
0x48745c SafeArrayGetVartype
0x487460 SafeArrayUnaccessData
0x487464 VariantCopy
EAT(Export Address Table) is none
WSOCK32.dll
0x4877b0 __WSAFDIsSet
0x4877b4 setsockopt
0x4877b8 ntohs
0x4877bc recvfrom
0x4877c0 sendto
0x4877c4 htons
0x4877c8 select
0x4877cc listen
0x4877d0 WSAStartup
0x4877d4 ind
0x4877d8 closesocket
0x4877dc connect
0x4877e0 socket
0x4877e4 send
0x4877e8 WSACleanup
0x4877ec ioctlsocket
0x4877f0 accept
0x4877f4 WSAGetLastError
0x4877f8 inet_addr
0x4877fc gethostbyname
0x487800 gethostname
0x487804 recv
VERSION.dll
0x487754 VerQueryValueW
0x487758 GetFileVersionInfoW
0x48775c GetFileVersionInfoSizeW
WINMM.dll
0x4877a0 timeGetTime
0x4877a4 waveOutSetVolume
0x4877a8 mciSendStringW
COMCTL32.dll
0x487098 ImageList_DragEnter
0x48709c ImageList_DragLeave
0x4870a0 ImageList_EndDrag
0x4870a4 ImageList_DragMove
0x4870a8 ImageList_SetDragCursorImage
0x4870ac ImageList_Remove
0x4870b0 ImageList_Destroy
0x4870b4 ImageList_ReplaceIcon
0x4870b8 ImageList_Create
0x4870bc InitCommonControlsEx
0x4870c0 ImageList_BeginDrag
MPR.dll
0x4873e4 WNetUseConnectionW
0x4873e8 WNetCancelConnection2W
0x4873ec WNetGetConnectionW
0x4873f0 WNetAddConnection2W
WININET.dll
0x487764 InternetReadFile
0x487768 InternetCloseHandle
0x48776c InternetOpenW
0x487770 InternetSetOptionW
0x487774 InternetCrackUrlW
0x487778 HttpQueryInfoW
0x48777c InternetConnectW
0x487780 HttpOpenRequestW
0x487784 HttpSendRequestW
0x487788 FtpOpenFileW
0x48778c FtpGetFileSize
0x487790 InternetOpenUrlW
0x487794 InternetQueryOptionW
0x487798 InternetQueryDataAvailable
PSAPI.DLL
0x48746c EnumProcesses
0x487470 GetModuleBaseNameW
0x487474 GetProcessMemoryInfo
0x487478 EnumProcessModules
USERENV.dll
0x487740 CreateEnvironmentBlock
0x487744 DestroyEnvironmentBlock
0x487748 UnloadUserProfile
0x48774c LoadUserProfileW
KERNEL32.dll
0x487164 HeapFree
0x487168 Sleep
0x48716c GetCurrentThreadId
0x487170 MulDiv
0x487174 GetVersionExW
0x487178 GetSystemInfo
0x48717c SetErrorMode
0x487180 InterlockedIncrement
0x487184 InterlockedDecrement
0x487188 WideCharToMultiByte
0x48718c lstrcpyW
0x487190 MultiByteToWideChar
0x487194 lstrlenW
0x487198 GetModuleHandleW
0x48719c QueryPerformanceCounter
0x4871a0 VirtualFreeEx
0x4871a4 OpenProcess
0x4871a8 VirtualAllocEx
0x4871ac WriteProcessMemory
0x4871b0 ReadProcessMemory
0x4871b4 CreateFileW
0x4871b8 SetFilePointerEx
0x4871bc ReadFile
0x4871c0 WriteFile
0x4871c4 FlushFileBuffers
0x4871c8 TerminateProcess
0x4871cc CreateToolhelp32Snapshot
0x4871d0 Process32FirstW
0x4871d4 Process32NextW
0x4871d8 SetFileTime
0x4871dc GetFileAttributesW
0x4871e0 FindFirstFileW
0x4871e4 FindClose
0x4871e8 DeleteFileW
0x4871ec FindNextFileW
0x4871f0 MoveFileW
0x4871f4 CopyFileW
0x4871f8 CreateDirectoryW
0x4871fc GetProcessHeap
0x487200 SetSystemPowerState
0x487204 QueryPerformanceFrequency
0x487208 FindResourceW
0x48720c LoadResource
0x487210 LockResource
0x487214 SizeofResource
0x487218 EnumResourceNamesW
0x48721c OutputDebugStringW
0x487220 GetLocalTime
0x487224 CompareStringW
0x487228 DeleteCriticalSection
0x48722c EnterCriticalSection
0x487230 LeaveCriticalSection
0x487234 InitializeCriticalSectionAndSpinCount
0x487238 GetStdHandle
0x48723c CreatePipe
0x487240 InterlockedExchange
0x487244 TerminateThread
0x487248 GetTempPathW
0x48724c GetTempFileNameW
0x487250 VirtualFree
0x487254 FormatMessageW
0x487258 GetExitCodeProcess
0x48725c GetPrivateProfileStringW
0x487260 WritePrivateProfileStringW
0x487264 GetPrivateProfileSectionW
0x487268 WritePrivateProfileSectionW
0x48726c GetPrivateProfileSectionNamesW
0x487270 FileTimeToLocalFileTime
0x487274 FileTimeToSystemTime
0x487278 SystemTimeToFileTime
0x48727c LocalFileTimeToFileTime
0x487280 GetDriveTypeW
0x487284 GetDiskFreeSpaceExW
0x487288 GetDiskFreeSpaceW
0x48728c GetVolumeInformationW
0x487290 SetVolumeLabelW
0x487294 CreateHardLinkW
0x487298 DeviceIoControl
0x48729c SetFileAttributesW
0x4872a0 GetShortPathNameW
0x4872a4 CreateEventW
0x4872a8 SetEvent
0x4872ac GetEnvironmentVariableW
0x4872b0 SetEnvironmentVariableW
0x4872b4 GlobalLock
0x4872b8 GlobalUnlock
0x4872bc GlobalAlloc
0x4872c0 GetFileSize
0x4872c4 GlobalFree
0x4872c8 GlobalMemoryStatusEx
0x4872cc Beep
0x4872d0 GetSystemDirectoryW
0x4872d4 GetComputerNameW
0x4872d8 GetWindowsDirectoryW
0x4872dc GetCurrentProcessId
0x4872e0 GetProcessIoCounters
0x4872e4 CreateProcessW
0x4872e8 SetPriorityClass
0x4872ec LoadLibraryW
0x4872f0 VirtualAlloc
0x4872f4 LoadLibraryExW
0x4872f8 HeapAlloc
0x4872fc WaitForSingleObject
0x487300 CreateThread
0x487304 DuplicateHandle
0x487308 GetCurrentProcess
0x48730c GetCurrentThread
0x487310 CloseHandle
0x487314 GetLastError
0x487318 GetProcAddress
0x48731c LoadLibraryA
0x487320 FreeLibrary
0x487324 GetModuleFileNameW
0x487328 GetFullPathNameW
0x48732c SetCurrentDirectoryW
0x487330 IsDebuggerPresent
0x487334 GetCurrentDirectoryW
0x487338 lstrcmpiW
0x48733c RaiseException
0x487340 ExitProcess
0x487344 ExitThread
0x487348 GetSystemTimeAsFileTime
0x48734c ResumeThread
0x487350 GetTimeFormatW
0x487354 GetDateFormatW
0x487358 GetCommandLineW
0x48735c GetStartupInfoW
0x487360 IsProcessorFeaturePresent
0x487364 HeapSize
0x487368 GetCPInfo
0x48736c GetACP
0x487370 GetOEMCP
0x487374 IsValidCodePage
0x487378 TlsAlloc
0x48737c TlsGetValue
0x487380 TlsSetValue
0x487384 TlsFree
0x487388 SetLastError
0x48738c UnhandledExceptionFilter
0x487390 SetUnhandledExceptionFilter
0x487394 GetStringTypeW
0x487398 HeapCreate
0x48739c SetHandleCount
0x4873a0 GetFileType
0x4873a4 SetStdHandle
0x4873a8 GetConsoleCP
0x4873ac GetConsoleMode
0x4873b0 LCMapStringW
0x4873b4 RtlUnwind
0x4873b8 SetFilePointer
0x4873bc GetTimeZoneInformation
0x4873c0 FreeEnvironmentStringsW
0x4873c4 GetEnvironmentStringsW
0x4873c8 GetTickCount
0x4873cc HeapReAlloc
0x4873d0 WriteConsoleW
0x4873d4 SetEndOfFile
0x4873d8 RemoveDirectoryW
0x4873dc SetEnvironmentVariableA
USER32.dll
0x4874bc IsCharUpperW
0x4874c0 GetMenuStringW
0x4874c4 GetSubMenu
0x4874c8 GetCaretPos
0x4874cc IsZoomed
0x4874d0 MonitorFromPoint
0x4874d4 GetMonitorInfoW
0x4874d8 SetWindowLongW
0x4874dc SetLayeredWindowAttributes
0x4874e0 FlashWindow
0x4874e4 GetClassLongW
0x4874e8 TranslateAcceleratorW
0x4874ec IsDialogMessageW
0x4874f0 GetSysColor
0x4874f4 InflateRect
0x4874f8 DrawFocusRect
0x4874fc DrawTextW
0x487500 FrameRect
0x487504 DrawFrameControl
0x487508 FillRect
0x48750c PtInRect
0x487510 DestroyAcceleratorTable
0x487514 CreateAcceleratorTableW
0x487518 SetCursor
0x48751c GetWindowDC
0x487520 GetSystemMetrics
0x487524 GetActiveWindow
0x487528 CharNextW
0x48752c wsprintfW
0x487530 RedrawWindow
0x487534 DrawMenuBar
0x487538 DestroyMenu
0x48753c SetMenu
0x487540 GetWindowTextLengthW
0x487544 CreateMenu
0x487548 IsDlgButtonChecked
0x48754c DefDlgProcW
0x487550 ReleaseCapture
0x487554 SetCapture
0x487558 WindowFromPoint
0x48755c LockWindowUpdate
0x487560 DispatchMessageW
0x487564 TranslateMessage
0x487568 PeekMessageW
0x48756c UnregisterHotKey
0x487570 CharLowerBuffW
0x487574 MonitorFromRect
0x487578 LoadImageW
0x48757c CreateIconFromResourceEx
0x487580 mouse_event
0x487584 ExitWindowsEx
0x487588 SetActiveWindow
0x48758c FindWindowExW
0x487590 EnumThreadWindows
0x487594 SetMenuDefaultItem
0x487598 InsertMenuItemW
0x48759c IsMenu
0x4875a0 TrackPopupMenuEx
0x4875a4 GetCursorPos
0x4875a8 IsCharLowerW
0x4875ac CheckMenuRadioItem
0x4875b0 GetMenuItemID
0x4875b4 GetMenuItemCount
0x4875b8 SetMenuItemInfoW
0x4875bc GetMenuItemInfoW
0x4875c0 SetForegroundWindow
0x4875c4 IsIconic
0x4875c8 FindWindowW
0x4875cc SystemParametersInfoW
0x4875d0 GetClipboardData
0x4875d4 SendInput
0x4875d8 GetAsyncKeyState
0x4875dc SetKeyboardState
0x4875e0 GetKeyboardState
0x4875e4 GetKeyState
0x4875e8 VkKeyScanW
0x4875ec LoadStringW
0x4875f0 DialogBoxParamW
0x4875f4 MessageBeep
0x4875f8 EndDialog
0x4875fc SendDlgItemMessageW
0x487600 GetDlgItem
0x487604 SetWindowTextW
0x487608 CopyRect
0x48760c ReleaseDC
0x487610 GetDC
0x487614 EndPaint
0x487618 BeginPaint
0x48761c GetClientRect
0x487620 GetMenu
0x487624 DestroyWindow
0x487628 EnumWindows
0x48762c GetDesktopWindow
0x487630 IsWindow
0x487634 IsWindowEnabled
0x487638 EnableWindow
0x48763c InvalidateRect
0x487640 GetWindowLongW
0x487644 GetWindowThreadProcessId
0x487648 AttachThreadInput
0x48764c GetFocus
0x487650 GetWindowTextW
0x487654 ScreenToClient
0x487658 SendMessageTimeoutW
0x48765c EnumChildWindows
0x487660 CharUpperBuffW
0x487664 GetClassNameW
0x487668 GetParent
0x48766c GetDlgCtrlID
0x487670 SendMessageW
0x487674 MapVirtualKeyW
0x487678 PostMessageW
0x48767c GetWindowRect
0x487680 SetUserObjectSecurity
0x487684 CloseDesktop
0x487688 CloseWindowStation
0x48768c OpenDesktopW
0x487690 SetProcessWindowStation
0x487694 GetProcessWindowStation
0x487698 IsCharAlphaNumericW
0x48769c IsCharAlphaW
0x4876a0 GetKeyboardLayoutNameW
0x4876a4 ClientToScreen
0x4876a8 RegisterHotKey
0x4876ac GetCursorInfo
0x4876b0 SetWindowPos
0x4876b4 CopyImage
0x4876b8 AdjustWindowRectEx
0x4876bc SetRect
0x4876c0 SetClipboardData
0x4876c4 EmptyClipboard
0x4876c8 CountClipboardFormats
0x4876cc DeleteMenu
0x4876d0 CloseClipboard
0x4876d4 OpenWindowStationW
0x4876d8 GetUserObjectSecurity
0x4876dc MessageBoxW
0x4876e0 DefWindowProcW
0x4876e4 MoveWindow
0x4876e8 SetFocus
0x4876ec PostQuitMessage
0x4876f0 KillTimer
0x4876f4 CreatePopupMenu
0x4876f8 RegisterWindowMessageW
0x4876fc SetTimer
0x487700 ShowWindow
0x487704 CreateWindowExW
0x487708 RegisterClassExW
0x48770c LoadIconW
0x487710 LoadCursorW
0x487714 GetSysColorBrush
0x487718 GetForegroundWindow
0x48771c MessageBoxA
0x487720 DestroyIcon
0x487724 IsClipboardFormatAvailable
0x487728 OpenClipboard
0x48772c BlockInput
0x487730 keybd_event
0x487734 GetMessageW
0x487738 IsWindowVisible
GDI32.dll
0x4870d4 EndPath
0x4870d8 GetTextExtentPoint32W
0x4870dc DeleteObject
0x4870e0 ExtCreatePen
0x4870e4 StrokeAndFillPath
0x4870e8 GetDeviceCaps
0x4870ec CreateCompatibleBitmap
0x4870f0 CreateCompatibleDC
0x4870f4 SelectObject
0x4870f8 StretchBlt
0x4870fc GetDIBits
0x487100 SetPixel
0x487104 CloseFigure
0x487108 DeleteDC
0x48710c GetPixel
0x487110 CreateDCW
0x487114 LineTo
0x487118 AngleArc
0x48711c MoveToEx
0x487120 Ellipse
0x487124 PolyDraw
0x487128 BeginPath
0x48712c Rectangle
0x487130 SetViewportOrgEx
0x487134 GetObjectW
0x487138 SetBkMode
0x48713c RoundRect
0x487140 SetBkColor
0x487144 CreatePen
0x487148 CreateSolidBrush
0x48714c SetTextColor
0x487150 CreateFontW
0x487154 GetTextFaceW
0x487158 GetStockObject
0x48715c StrokePath
COMDLG32.dll
0x4870c8 GetSaveFileNameW
0x4870cc GetOpenFileNameW
ADVAPI32.dll
0x487000 RegEnumValueW
0x487004 RegDeleteValueW
0x487008 RegDeleteKeyW
0x48700c RegEnumKeyExW
0x487010 RegSetValueExW
0x487014 RegCreateKeyExW
0x487018 RegOpenKeyExW
0x48701c RegCloseKey
0x487020 RegQueryValueExW
0x487024 RegConnectRegistryW
0x487028 InitializeSecurityDescriptor
0x48702c InitializeAcl
0x487030 AdjustTokenPrivileges
0x487034 OpenThreadToken
0x487038 OpenProcessToken
0x48703c LookupPrivilegeValueW
0x487040 DuplicateTokenEx
0x487044 CreateProcessAsUserW
0x487048 CreateProcessWithLogonW
0x48704c GetLengthSid
0x487050 GetUserNameW
0x487054 CopySid
0x487058 LogonUserW
0x48705c AllocateAndInitializeSid
0x487060 CheckTokenMembership
0x487064 FreeSid
0x487068 GetTokenInformation
0x48706c GetSecurityDescriptorDacl
0x487070 GetAclInformation
0x487074 GetAce
0x487078 AddAce
0x48707c InitiateSystemShutdownExW
0x487080 OpenSCManagerW
0x487084 LockServiceDatabase
0x487088 UnlockServiceDatabase
0x48708c CloseServiceHandle
0x487090 SetSecurityDescriptorDacl
SHELL32.dll
0x487480 DragQueryPoint
0x487484 ShellExecuteExW
0x487488 SHGetFolderPathW
0x48748c DragQueryFileW
0x487490 SHEmptyRecycleBinW
0x487494 SHBrowseForFolderW
0x487498 SHFileOperationW
0x48749c SHGetPathFromIDListW
0x4874a0 SHGetDesktopFolder
0x4874a4 SHGetMalloc
0x4874a8 ExtractIconExW
0x4874ac Shell_NotifyIconW
0x4874b0 ShellExecuteW
0x4874b4 DragFinish
ole32.dll
0x48780c CoTaskMemAlloc
0x487810 CoTaskMemFree
0x487814 CLSIDFromString
0x487818 ProgIDFromCLSID
0x48781c CLSIDFromProgID
0x487820 OleSetMenuDescriptor
0x487824 MkParseDisplayName
0x487828 OleSetContainedObject
0x48782c CoCreateInstance
0x487830 IIDFromString
0x487834 StringFromGUID2
0x487838 CoInitialize
0x48783c CoUninitialize
0x487840 CreateStreamOnHGlobal
0x487844 GetRunningObjectTable
0x487848 CoGetInstanceFromFile
0x48784c CoGetObject
0x487850 CoInitializeSecurity
0x487854 CoCreateInstanceEx
0x487858 CoSetProxyBlanket
OLEAUT32.dll
0x4873f8 VariantCopyInd
0x4873fc DispCallFunc
0x487400 CreateStdDispatch
0x487404 CreateDispTypeInfo
0x487408 UnRegisterTypeLib
0x48740c UnRegisterTypeLibForUser
0x487410 RegisterTypeLibForUser
0x487414 RegisterTypeLib
0x487418 LoadTypeLibEx
0x48741c SafeArrayDestroyDescriptor
0x487420 SafeArrayDestroyData
0x487424 VariantChangeType
0x487428 SafeArrayAccessData
0x48742c SafeArrayAllocData
0x487430 SafeArrayAllocDescriptorEx
0x487434 OleLoadPicture
0x487438 QueryPathOfRegTypeLib
0x48743c SafeArrayCreateVector
0x487440 SysAllocString
0x487444 SysFreeString
0x487448 VariantInit
0x48744c VariantClear
0x487450 SysStringLen
0x487454 VariantTimeToSystemTime
0x487458 VarR8FromDec
0x48745c SafeArrayGetVartype
0x487460 SafeArrayUnaccessData
0x487464 VariantCopy
EAT(Export Address Table) is none