ScreenShot
| Created | 2024.11.13 14:03 | Machine | s1_win7_x6403 |
| Filename | ghost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetectMalware, PSWTool, Malicious, score, Unsafe, confidence, high confidence, GhostPWD, B potentially unsafe, Autoit, PotentialRisk, high, Generic Reputation PUA, Detected, Hider, REXR@5364l6, 1WL3QC, IJBN, IMWorm, Sohanad, ChinAd, HackKMS, GenAsa, i9rai7w7) | ||
| md5 | cc7580472c8aa97ff84ded87d5cf6e6e | ||
| sha256 | d021943f6b200279c380f80842eef13d574d0e6ad1af315842c6b5f741d0773d | ||
| ssdeep | 393216:xgnJY3fSnUp9MeiwRonMyfvA0TW5+TbqzzILj0lkdNGUJKzumoDW4O4:CnJGf0Up9MeiConPoDzL7UJoumoL | ||
| imphash | 5b04d74f0733270a43aa8b7f45314870 | ||
| impfuzzy | 192:utN6nmKSFF3Oxi6jNK2k8UtgWM5wUzcOQDs:sN6nnSFFqi6nkewUzcOQDs | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Detects virtualization software with SCSI Disk Identifier trick(s) |
| watch | Queries information on disks |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Foreign language identified in PE resource |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | At least one process apparently crashed during execution |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
Rules (23cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | IAmTheKing_Family | IAmTheKing Family | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | Microsoft_Office_File_Downloader_Zero | Microsoft Office File Downloader | binaries (download) |
| warning | PhysicalDrive_20181001 | (no description) | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x486790 __WSAFDIsSet
0x486794 setsockopt
0x486798 ntohs
0x48679c recvfrom
0x4867a0 sendto
0x4867a4 htons
0x4867a8 WSACleanup
0x4867ac listen
0x4867b0 WSAStartup
0x4867b4 ind
0x4867b8 closesocket
0x4867bc connect
0x4867c0 socket
0x4867c4 send
0x4867c8 ioctlsocket
0x4867cc WSAGetLastError
0x4867d0 accept
0x4867d4 select
0x4867d8 inet_addr
0x4867dc gethostbyname
0x4867e0 gethostname
0x4867e4 recv
VERSION.dll
0x486734 GetFileVersionInfoSizeW
0x486738 GetFileVersionInfoW
0x48673c VerQueryValueW
WINMM.dll
0x486780 timeGetTime
0x486784 waveOutSetVolume
0x486788 mciSendStringW
COMCTL32.dll
0x48608c ImageList_Remove
0x486090 ImageList_SetDragCursorImage
0x486094 ImageList_BeginDrag
0x486098 ImageList_DragEnter
0x48609c ImageList_DragLeave
0x4860a0 ImageList_EndDrag
0x4860a4 ImageList_DragMove
0x4860a8 ImageList_ReplaceIcon
0x4860ac ImageList_Create
0x4860b0 InitCommonControlsEx
0x4860b4 ImageList_Destroy
MPR.dll
0x4863d8 WNetUseConnectionW
0x4863dc WNetCancelConnection2W
0x4863e0 WNetGetConnectionW
0x4863e4 WNetAddConnection2W
WININET.dll
0x486744 InternetReadFile
0x486748 InternetCloseHandle
0x48674c InternetOpenW
0x486750 InternetSetOptionW
0x486754 InternetCrackUrlW
0x486758 HttpQueryInfoW
0x48675c InternetConnectW
0x486760 HttpOpenRequestW
0x486764 HttpSendRequestW
0x486768 FtpOpenFileW
0x48676c FtpGetFileSize
0x486770 InternetOpenUrlW
0x486774 InternetQueryOptionW
0x486778 InternetQueryDataAvailable
PSAPI.DLL
0x48644c EnumProcesses
0x486450 GetModuleBaseNameW
0x486454 GetProcessMemoryInfo
0x486458 EnumProcessModules
USERENV.dll
0x486720 UnloadUserProfile
0x486724 DestroyEnvironmentBlock
0x486728 CreateEnvironmentBlock
0x48672c LoadUserProfileW
KERNEL32.dll
0x486158 WaitForSingleObject
0x48615c HeapAlloc
0x486160 GetProcessHeap
0x486164 HeapFree
0x486168 Sleep
0x48616c GetCurrentThreadId
0x486170 MulDiv
0x486174 GetVersionExW
0x486178 GetSystemInfo
0x48617c InterlockedIncrement
0x486180 InterlockedDecrement
0x486184 WideCharToMultiByte
0x486188 lstrcpyW
0x48618c MultiByteToWideChar
0x486190 lstrlenW
0x486194 GetModuleHandleW
0x486198 QueryPerformanceCounter
0x48619c VirtualFreeEx
0x4861a0 OpenProcess
0x4861a4 VirtualAllocEx
0x4861a8 WriteProcessMemory
0x4861ac ReadProcessMemory
0x4861b0 CreateFileW
0x4861b4 SetFilePointerEx
0x4861b8 ReadFile
0x4861bc WriteFile
0x4861c0 FlushFileBuffers
0x4861c4 TerminateProcess
0x4861c8 CreateToolhelp32Snapshot
0x4861cc Process32FirstW
0x4861d0 Process32NextW
0x4861d4 SetFileTime
0x4861d8 GetFileAttributesW
0x4861dc FindFirstFileW
0x4861e0 FindClose
0x4861e4 DeleteFileW
0x4861e8 FindNextFileW
0x4861ec MoveFileW
0x4861f0 CopyFileW
0x4861f4 CreateDirectoryW
0x4861f8 CreateThread
0x4861fc SetSystemPowerState
0x486200 QueryPerformanceFrequency
0x486204 FindResourceW
0x486208 LoadResource
0x48620c LockResource
0x486210 SizeofResource
0x486214 EnumResourceNamesW
0x486218 OutputDebugStringW
0x48621c GetLocalTime
0x486220 CompareStringW
0x486224 DeleteCriticalSection
0x486228 EnterCriticalSection
0x48622c LeaveCriticalSection
0x486230 InitializeCriticalSectionAndSpinCount
0x486234 GetStdHandle
0x486238 CreatePipe
0x48623c InterlockedExchange
0x486240 TerminateThread
0x486244 GetTempPathW
0x486248 GetTempFileNameW
0x48624c VirtualFree
0x486250 FormatMessageW
0x486254 GetExitCodeProcess
0x486258 SetErrorMode
0x48625c GetPrivateProfileStringW
0x486260 WritePrivateProfileStringW
0x486264 GetPrivateProfileSectionW
0x486268 WritePrivateProfileSectionW
0x48626c GetPrivateProfileSectionNamesW
0x486270 FileTimeToLocalFileTime
0x486274 FileTimeToSystemTime
0x486278 SystemTimeToFileTime
0x48627c LocalFileTimeToFileTime
0x486280 GetDriveTypeW
0x486284 GetDiskFreeSpaceExW
0x486288 GetDiskFreeSpaceW
0x48628c GetVolumeInformationW
0x486290 SetVolumeLabelW
0x486294 CreateHardLinkW
0x486298 DeviceIoControl
0x48629c SetFileAttributesW
0x4862a0 GetShortPathNameW
0x4862a4 CreateEventW
0x4862a8 SetEvent
0x4862ac GetEnvironmentVariableW
0x4862b0 SetEnvironmentVariableW
0x4862b4 GlobalLock
0x4862b8 GlobalUnlock
0x4862bc GlobalAlloc
0x4862c0 GetFileSize
0x4862c4 GlobalFree
0x4862c8 GlobalMemoryStatusEx
0x4862cc Beep
0x4862d0 GetSystemDirectoryW
0x4862d4 GetComputerNameW
0x4862d8 GetWindowsDirectoryW
0x4862dc GetCurrentProcessId
0x4862e0 GetProcessIoCounters
0x4862e4 CreateProcessW
0x4862e8 SetPriorityClass
0x4862ec LoadLibraryW
0x4862f0 VirtualAlloc
0x4862f4 LoadLibraryExW
0x4862f8 DuplicateHandle
0x4862fc GetCurrentProcess
0x486300 GetCurrentThread
0x486304 CloseHandle
0x486308 GetLastError
0x48630c GetProcAddress
0x486310 LoadLibraryA
0x486314 FreeLibrary
0x486318 GetModuleFileNameW
0x48631c GetFullPathNameW
0x486320 SetCurrentDirectoryW
0x486324 IsDebuggerPresent
0x486328 GetCurrentDirectoryW
0x48632c lstrcmpiW
0x486330 RaiseException
0x486334 ExitProcess
0x486338 ExitThread
0x48633c GetSystemTimeAsFileTime
0x486340 ResumeThread
0x486344 GetTimeFormatW
0x486348 GetDateFormatW
0x48634c GetCommandLineW
0x486350 GetStartupInfoW
0x486354 IsProcessorFeaturePresent
0x486358 HeapSize
0x48635c GetCPInfo
0x486360 GetACP
0x486364 GetOEMCP
0x486368 IsValidCodePage
0x48636c TlsAlloc
0x486370 TlsGetValue
0x486374 TlsSetValue
0x486378 TlsFree
0x48637c SetLastError
0x486380 UnhandledExceptionFilter
0x486384 SetUnhandledExceptionFilter
0x486388 GetStringTypeW
0x48638c HeapCreate
0x486390 SetHandleCount
0x486394 GetFileType
0x486398 SetStdHandle
0x48639c GetConsoleCP
0x4863a0 GetConsoleMode
0x4863a4 LCMapStringW
0x4863a8 RtlUnwind
0x4863ac SetFilePointer
0x4863b0 GetTimeZoneInformation
0x4863b4 FreeEnvironmentStringsW
0x4863b8 GetEnvironmentStringsW
0x4863bc GetTickCount
0x4863c0 HeapReAlloc
0x4863c4 WriteConsoleW
0x4863c8 SetEndOfFile
0x4863cc RemoveDirectoryW
0x4863d0 SetEnvironmentVariableA
USER32.dll
0x48649c SetWindowPos
0x4864a0 GetCursorInfo
0x4864a4 RegisterHotKey
0x4864a8 ClientToScreen
0x4864ac GetKeyboardLayoutNameW
0x4864b0 IsCharAlphaW
0x4864b4 IsCharAlphaNumericW
0x4864b8 IsCharLowerW
0x4864bc IsCharUpperW
0x4864c0 GetMenuStringW
0x4864c4 GetSubMenu
0x4864c8 GetCaretPos
0x4864cc IsZoomed
0x4864d0 MonitorFromPoint
0x4864d4 GetMonitorInfoW
0x4864d8 SetWindowLongW
0x4864dc SetLayeredWindowAttributes
0x4864e0 FlashWindow
0x4864e4 GetClassLongW
0x4864e8 TranslateAcceleratorW
0x4864ec IsDialogMessageW
0x4864f0 GetSysColor
0x4864f4 InflateRect
0x4864f8 DrawFocusRect
0x4864fc DrawTextW
0x486500 FrameRect
0x486504 DrawFrameControl
0x486508 FillRect
0x48650c PtInRect
0x486510 DestroyAcceleratorTable
0x486514 CreateAcceleratorTableW
0x486518 SetCursor
0x48651c GetWindowDC
0x486520 GetSystemMetrics
0x486524 GetActiveWindow
0x486528 CharNextW
0x48652c wsprintfW
0x486530 RedrawWindow
0x486534 DrawMenuBar
0x486538 DestroyMenu
0x48653c SetMenu
0x486540 GetWindowTextLengthW
0x486544 CreateMenu
0x486548 IsDlgButtonChecked
0x48654c DefDlgProcW
0x486550 ReleaseCapture
0x486554 SetCapture
0x486558 WindowFromPoint
0x48655c CreateIconFromResourceEx
0x486560 mouse_event
0x486564 ExitWindowsEx
0x486568 SetActiveWindow
0x48656c FindWindowExW
0x486570 EnumThreadWindows
0x486574 SetMenuDefaultItem
0x486578 InsertMenuItemW
0x48657c IsMenu
0x486580 TrackPopupMenuEx
0x486584 GetCursorPos
0x486588 DeleteMenu
0x48658c CheckMenuRadioItem
0x486590 CopyImage
0x486594 GetMenuItemCount
0x486598 SetMenuItemInfoW
0x48659c GetMenuItemInfoW
0x4865a0 SetForegroundWindow
0x4865a4 IsIconic
0x4865a8 FindWindowW
0x4865ac SystemParametersInfoW
0x4865b0 PeekMessageW
0x4865b4 SendInput
0x4865b8 GetAsyncKeyState
0x4865bc SetKeyboardState
0x4865c0 GetKeyboardState
0x4865c4 GetKeyState
0x4865c8 VkKeyScanW
0x4865cc LoadStringW
0x4865d0 DialogBoxParamW
0x4865d4 MessageBeep
0x4865d8 EndDialog
0x4865dc SendDlgItemMessageW
0x4865e0 GetDlgItem
0x4865e4 SetWindowTextW
0x4865e8 CopyRect
0x4865ec ReleaseDC
0x4865f0 GetDC
0x4865f4 EndPaint
0x4865f8 BeginPaint
0x4865fc GetClientRect
0x486600 GetMenu
0x486604 DestroyWindow
0x486608 EnumWindows
0x48660c GetDesktopWindow
0x486610 IsWindow
0x486614 IsWindowEnabled
0x486618 IsWindowVisible
0x48661c EnableWindow
0x486620 InvalidateRect
0x486624 GetWindowLongW
0x486628 AttachThreadInput
0x48662c GetFocus
0x486630 GetWindowTextW
0x486634 ScreenToClient
0x486638 SendMessageTimeoutW
0x48663c EnumChildWindows
0x486640 CharUpperBuffW
0x486644 GetClassNameW
0x486648 GetParent
0x48664c GetDlgCtrlID
0x486650 SendMessageW
0x486654 MapVirtualKeyW
0x486658 PostMessageW
0x48665c GetWindowRect
0x486660 SetUserObjectSecurity
0x486664 CloseDesktop
0x486668 CloseWindowStation
0x48666c OpenDesktopW
0x486670 SetProcessWindowStation
0x486674 GetProcessWindowStation
0x486678 OpenWindowStationW
0x48667c GetUserObjectSecurity
0x486680 MessageBoxW
0x486684 DefWindowProcW
0x486688 MoveWindow
0x48668c AdjustWindowRectEx
0x486690 SetRect
0x486694 SetClipboardData
0x486698 EmptyClipboard
0x48669c CountClipboardFormats
0x4866a0 CloseClipboard
0x4866a4 GetClipboardData
0x4866a8 IsClipboardFormatAvailable
0x4866ac OpenClipboard
0x4866b0 BlockInput
0x4866b4 GetMessageW
0x4866b8 LockWindowUpdate
0x4866bc DispatchMessageW
0x4866c0 GetMenuItemID
0x4866c4 TranslateMessage
0x4866c8 SetFocus
0x4866cc PostQuitMessage
0x4866d0 KillTimer
0x4866d4 CreatePopupMenu
0x4866d8 RegisterWindowMessageW
0x4866dc SetTimer
0x4866e0 ShowWindow
0x4866e4 CreateWindowExW
0x4866e8 RegisterClassExW
0x4866ec LoadIconW
0x4866f0 LoadCursorW
0x4866f4 GetSysColorBrush
0x4866f8 GetForegroundWindow
0x4866fc MessageBoxA
0x486700 DestroyIcon
0x486704 UnregisterHotKey
0x486708 CharLowerBuffW
0x48670c MonitorFromRect
0x486710 keybd_event
0x486714 LoadImageW
0x486718 GetWindowThreadProcessId
GDI32.dll
0x4860c8 DeleteObject
0x4860cc MoveToEx
0x4860d0 GetTextExtentPoint32W
0x4860d4 ExtCreatePen
0x4860d8 StrokeAndFillPath
0x4860dc StrokePath
0x4860e0 EndPath
0x4860e4 SetPixel
0x4860e8 CloseFigure
0x4860ec CreateCompatibleBitmap
0x4860f0 CreateCompatibleDC
0x4860f4 SelectObject
0x4860f8 StretchBlt
0x4860fc GetDIBits
0x486100 LineTo
0x486104 GetDeviceCaps
0x486108 DeleteDC
0x48610c GetPixel
0x486110 CreateDCW
0x486114 Ellipse
0x486118 PolyDraw
0x48611c BeginPath
0x486120 Rectangle
0x486124 SetViewportOrgEx
0x486128 GetObjectW
0x48612c SetBkMode
0x486130 RoundRect
0x486134 SetBkColor
0x486138 CreatePen
0x48613c CreateSolidBrush
0x486140 SetTextColor
0x486144 CreateFontW
0x486148 GetTextFaceW
0x48614c GetStockObject
0x486150 AngleArc
COMDLG32.dll
0x4860bc GetSaveFileNameW
0x4860c0 GetOpenFileNameW
ADVAPI32.dll
0x486000 RegEnumValueW
0x486004 RegDeleteValueW
0x486008 RegDeleteKeyW
0x48600c RegEnumKeyExW
0x486010 RegSetValueExW
0x486014 RegCreateKeyExW
0x486018 GetUserNameW
0x48601c CloseServiceHandle
0x486020 UnlockServiceDatabase
0x486024 LockServiceDatabase
0x486028 OpenSCManagerW
0x48602c RegOpenKeyExW
0x486030 RegCloseKey
0x486034 RegQueryValueExW
0x486038 RegConnectRegistryW
0x48603c InitializeSecurityDescriptor
0x486040 InitializeAcl
0x486044 AdjustTokenPrivileges
0x486048 OpenThreadToken
0x48604c OpenProcessToken
0x486050 LookupPrivilegeValueW
0x486054 InitiateSystemShutdownExW
0x486058 DuplicateTokenEx
0x48605c CreateProcessAsUserW
0x486060 CreateProcessWithLogonW
0x486064 GetLengthSid
0x486068 CopySid
0x48606c LogonUserW
0x486070 GetTokenInformation
0x486074 GetSecurityDescriptorDacl
0x486078 GetAce
0x48607c AddAce
0x486080 SetSecurityDescriptorDacl
0x486084 GetAclInformation
SHELL32.dll
0x486460 DragQueryPoint
0x486464 ShellExecuteExW
0x486468 SHGetFolderPathW
0x48646c DragQueryFileW
0x486470 SHEmptyRecycleBinW
0x486474 SHBrowseForFolderW
0x486478 SHFileOperationW
0x48647c SHGetPathFromIDListW
0x486480 SHGetDesktopFolder
0x486484 SHGetMalloc
0x486488 ExtractIconExW
0x48648c Shell_NotifyIconW
0x486490 ShellExecuteW
0x486494 DragFinish
ole32.dll
0x4867ec CoTaskMemAlloc
0x4867f0 CoTaskMemFree
0x4867f4 CLSIDFromString
0x4867f8 ProgIDFromCLSID
0x4867fc CLSIDFromProgID
0x486800 OleSetMenuDescriptor
0x486804 MkParseDisplayName
0x486808 OleSetContainedObject
0x48680c StringFromGUID2
0x486810 CoInitialize
0x486814 CoUninitialize
0x486818 CoCreateInstance
0x48681c CreateStreamOnHGlobal
0x486820 GetRunningObjectTable
0x486824 CoGetInstanceFromFile
0x486828 OleInitialize
0x48682c CoInitializeSecurity
0x486830 CoCreateInstanceEx
0x486834 CoSetProxyBlanket
0x486838 OleUninitialize
0x48683c IIDFromString
OLEAUT32.dll
0x4863ec VariantCopyInd
0x4863f0 DispCallFunc
0x4863f4 CreateStdDispatch
0x4863f8 CreateDispTypeInfo
0x4863fc SafeArrayDestroyDescriptor
0x486400 SafeArrayDestroyData
0x486404 SafeArrayUnaccessData
0x486408 SafeArrayAccessData
0x48640c VariantChangeType
0x486410 SafeArrayAllocDescriptorEx
0x486414 OleLoadPicture
0x486418 QueryPathOfRegTypeLib
0x48641c SafeArrayCreateVector
0x486420 SysAllocString
0x486424 VariantCopy
0x486428 VariantClear
0x48642c VariantInit
0x486430 SysStringLen
0x486434 VariantTimeToSystemTime
0x486438 VarR8FromDec
0x48643c SafeArrayGetVartype
0x486440 SafeArrayAllocData
0x486444 SysFreeString
EAT(Export Address Table) is none
WSOCK32.dll
0x486790 __WSAFDIsSet
0x486794 setsockopt
0x486798 ntohs
0x48679c recvfrom
0x4867a0 sendto
0x4867a4 htons
0x4867a8 WSACleanup
0x4867ac listen
0x4867b0 WSAStartup
0x4867b4 ind
0x4867b8 closesocket
0x4867bc connect
0x4867c0 socket
0x4867c4 send
0x4867c8 ioctlsocket
0x4867cc WSAGetLastError
0x4867d0 accept
0x4867d4 select
0x4867d8 inet_addr
0x4867dc gethostbyname
0x4867e0 gethostname
0x4867e4 recv
VERSION.dll
0x486734 GetFileVersionInfoSizeW
0x486738 GetFileVersionInfoW
0x48673c VerQueryValueW
WINMM.dll
0x486780 timeGetTime
0x486784 waveOutSetVolume
0x486788 mciSendStringW
COMCTL32.dll
0x48608c ImageList_Remove
0x486090 ImageList_SetDragCursorImage
0x486094 ImageList_BeginDrag
0x486098 ImageList_DragEnter
0x48609c ImageList_DragLeave
0x4860a0 ImageList_EndDrag
0x4860a4 ImageList_DragMove
0x4860a8 ImageList_ReplaceIcon
0x4860ac ImageList_Create
0x4860b0 InitCommonControlsEx
0x4860b4 ImageList_Destroy
MPR.dll
0x4863d8 WNetUseConnectionW
0x4863dc WNetCancelConnection2W
0x4863e0 WNetGetConnectionW
0x4863e4 WNetAddConnection2W
WININET.dll
0x486744 InternetReadFile
0x486748 InternetCloseHandle
0x48674c InternetOpenW
0x486750 InternetSetOptionW
0x486754 InternetCrackUrlW
0x486758 HttpQueryInfoW
0x48675c InternetConnectW
0x486760 HttpOpenRequestW
0x486764 HttpSendRequestW
0x486768 FtpOpenFileW
0x48676c FtpGetFileSize
0x486770 InternetOpenUrlW
0x486774 InternetQueryOptionW
0x486778 InternetQueryDataAvailable
PSAPI.DLL
0x48644c EnumProcesses
0x486450 GetModuleBaseNameW
0x486454 GetProcessMemoryInfo
0x486458 EnumProcessModules
USERENV.dll
0x486720 UnloadUserProfile
0x486724 DestroyEnvironmentBlock
0x486728 CreateEnvironmentBlock
0x48672c LoadUserProfileW
KERNEL32.dll
0x486158 WaitForSingleObject
0x48615c HeapAlloc
0x486160 GetProcessHeap
0x486164 HeapFree
0x486168 Sleep
0x48616c GetCurrentThreadId
0x486170 MulDiv
0x486174 GetVersionExW
0x486178 GetSystemInfo
0x48617c InterlockedIncrement
0x486180 InterlockedDecrement
0x486184 WideCharToMultiByte
0x486188 lstrcpyW
0x48618c MultiByteToWideChar
0x486190 lstrlenW
0x486194 GetModuleHandleW
0x486198 QueryPerformanceCounter
0x48619c VirtualFreeEx
0x4861a0 OpenProcess
0x4861a4 VirtualAllocEx
0x4861a8 WriteProcessMemory
0x4861ac ReadProcessMemory
0x4861b0 CreateFileW
0x4861b4 SetFilePointerEx
0x4861b8 ReadFile
0x4861bc WriteFile
0x4861c0 FlushFileBuffers
0x4861c4 TerminateProcess
0x4861c8 CreateToolhelp32Snapshot
0x4861cc Process32FirstW
0x4861d0 Process32NextW
0x4861d4 SetFileTime
0x4861d8 GetFileAttributesW
0x4861dc FindFirstFileW
0x4861e0 FindClose
0x4861e4 DeleteFileW
0x4861e8 FindNextFileW
0x4861ec MoveFileW
0x4861f0 CopyFileW
0x4861f4 CreateDirectoryW
0x4861f8 CreateThread
0x4861fc SetSystemPowerState
0x486200 QueryPerformanceFrequency
0x486204 FindResourceW
0x486208 LoadResource
0x48620c LockResource
0x486210 SizeofResource
0x486214 EnumResourceNamesW
0x486218 OutputDebugStringW
0x48621c GetLocalTime
0x486220 CompareStringW
0x486224 DeleteCriticalSection
0x486228 EnterCriticalSection
0x48622c LeaveCriticalSection
0x486230 InitializeCriticalSectionAndSpinCount
0x486234 GetStdHandle
0x486238 CreatePipe
0x48623c InterlockedExchange
0x486240 TerminateThread
0x486244 GetTempPathW
0x486248 GetTempFileNameW
0x48624c VirtualFree
0x486250 FormatMessageW
0x486254 GetExitCodeProcess
0x486258 SetErrorMode
0x48625c GetPrivateProfileStringW
0x486260 WritePrivateProfileStringW
0x486264 GetPrivateProfileSectionW
0x486268 WritePrivateProfileSectionW
0x48626c GetPrivateProfileSectionNamesW
0x486270 FileTimeToLocalFileTime
0x486274 FileTimeToSystemTime
0x486278 SystemTimeToFileTime
0x48627c LocalFileTimeToFileTime
0x486280 GetDriveTypeW
0x486284 GetDiskFreeSpaceExW
0x486288 GetDiskFreeSpaceW
0x48628c GetVolumeInformationW
0x486290 SetVolumeLabelW
0x486294 CreateHardLinkW
0x486298 DeviceIoControl
0x48629c SetFileAttributesW
0x4862a0 GetShortPathNameW
0x4862a4 CreateEventW
0x4862a8 SetEvent
0x4862ac GetEnvironmentVariableW
0x4862b0 SetEnvironmentVariableW
0x4862b4 GlobalLock
0x4862b8 GlobalUnlock
0x4862bc GlobalAlloc
0x4862c0 GetFileSize
0x4862c4 GlobalFree
0x4862c8 GlobalMemoryStatusEx
0x4862cc Beep
0x4862d0 GetSystemDirectoryW
0x4862d4 GetComputerNameW
0x4862d8 GetWindowsDirectoryW
0x4862dc GetCurrentProcessId
0x4862e0 GetProcessIoCounters
0x4862e4 CreateProcessW
0x4862e8 SetPriorityClass
0x4862ec LoadLibraryW
0x4862f0 VirtualAlloc
0x4862f4 LoadLibraryExW
0x4862f8 DuplicateHandle
0x4862fc GetCurrentProcess
0x486300 GetCurrentThread
0x486304 CloseHandle
0x486308 GetLastError
0x48630c GetProcAddress
0x486310 LoadLibraryA
0x486314 FreeLibrary
0x486318 GetModuleFileNameW
0x48631c GetFullPathNameW
0x486320 SetCurrentDirectoryW
0x486324 IsDebuggerPresent
0x486328 GetCurrentDirectoryW
0x48632c lstrcmpiW
0x486330 RaiseException
0x486334 ExitProcess
0x486338 ExitThread
0x48633c GetSystemTimeAsFileTime
0x486340 ResumeThread
0x486344 GetTimeFormatW
0x486348 GetDateFormatW
0x48634c GetCommandLineW
0x486350 GetStartupInfoW
0x486354 IsProcessorFeaturePresent
0x486358 HeapSize
0x48635c GetCPInfo
0x486360 GetACP
0x486364 GetOEMCP
0x486368 IsValidCodePage
0x48636c TlsAlloc
0x486370 TlsGetValue
0x486374 TlsSetValue
0x486378 TlsFree
0x48637c SetLastError
0x486380 UnhandledExceptionFilter
0x486384 SetUnhandledExceptionFilter
0x486388 GetStringTypeW
0x48638c HeapCreate
0x486390 SetHandleCount
0x486394 GetFileType
0x486398 SetStdHandle
0x48639c GetConsoleCP
0x4863a0 GetConsoleMode
0x4863a4 LCMapStringW
0x4863a8 RtlUnwind
0x4863ac SetFilePointer
0x4863b0 GetTimeZoneInformation
0x4863b4 FreeEnvironmentStringsW
0x4863b8 GetEnvironmentStringsW
0x4863bc GetTickCount
0x4863c0 HeapReAlloc
0x4863c4 WriteConsoleW
0x4863c8 SetEndOfFile
0x4863cc RemoveDirectoryW
0x4863d0 SetEnvironmentVariableA
USER32.dll
0x48649c SetWindowPos
0x4864a0 GetCursorInfo
0x4864a4 RegisterHotKey
0x4864a8 ClientToScreen
0x4864ac GetKeyboardLayoutNameW
0x4864b0 IsCharAlphaW
0x4864b4 IsCharAlphaNumericW
0x4864b8 IsCharLowerW
0x4864bc IsCharUpperW
0x4864c0 GetMenuStringW
0x4864c4 GetSubMenu
0x4864c8 GetCaretPos
0x4864cc IsZoomed
0x4864d0 MonitorFromPoint
0x4864d4 GetMonitorInfoW
0x4864d8 SetWindowLongW
0x4864dc SetLayeredWindowAttributes
0x4864e0 FlashWindow
0x4864e4 GetClassLongW
0x4864e8 TranslateAcceleratorW
0x4864ec IsDialogMessageW
0x4864f0 GetSysColor
0x4864f4 InflateRect
0x4864f8 DrawFocusRect
0x4864fc DrawTextW
0x486500 FrameRect
0x486504 DrawFrameControl
0x486508 FillRect
0x48650c PtInRect
0x486510 DestroyAcceleratorTable
0x486514 CreateAcceleratorTableW
0x486518 SetCursor
0x48651c GetWindowDC
0x486520 GetSystemMetrics
0x486524 GetActiveWindow
0x486528 CharNextW
0x48652c wsprintfW
0x486530 RedrawWindow
0x486534 DrawMenuBar
0x486538 DestroyMenu
0x48653c SetMenu
0x486540 GetWindowTextLengthW
0x486544 CreateMenu
0x486548 IsDlgButtonChecked
0x48654c DefDlgProcW
0x486550 ReleaseCapture
0x486554 SetCapture
0x486558 WindowFromPoint
0x48655c CreateIconFromResourceEx
0x486560 mouse_event
0x486564 ExitWindowsEx
0x486568 SetActiveWindow
0x48656c FindWindowExW
0x486570 EnumThreadWindows
0x486574 SetMenuDefaultItem
0x486578 InsertMenuItemW
0x48657c IsMenu
0x486580 TrackPopupMenuEx
0x486584 GetCursorPos
0x486588 DeleteMenu
0x48658c CheckMenuRadioItem
0x486590 CopyImage
0x486594 GetMenuItemCount
0x486598 SetMenuItemInfoW
0x48659c GetMenuItemInfoW
0x4865a0 SetForegroundWindow
0x4865a4 IsIconic
0x4865a8 FindWindowW
0x4865ac SystemParametersInfoW
0x4865b0 PeekMessageW
0x4865b4 SendInput
0x4865b8 GetAsyncKeyState
0x4865bc SetKeyboardState
0x4865c0 GetKeyboardState
0x4865c4 GetKeyState
0x4865c8 VkKeyScanW
0x4865cc LoadStringW
0x4865d0 DialogBoxParamW
0x4865d4 MessageBeep
0x4865d8 EndDialog
0x4865dc SendDlgItemMessageW
0x4865e0 GetDlgItem
0x4865e4 SetWindowTextW
0x4865e8 CopyRect
0x4865ec ReleaseDC
0x4865f0 GetDC
0x4865f4 EndPaint
0x4865f8 BeginPaint
0x4865fc GetClientRect
0x486600 GetMenu
0x486604 DestroyWindow
0x486608 EnumWindows
0x48660c GetDesktopWindow
0x486610 IsWindow
0x486614 IsWindowEnabled
0x486618 IsWindowVisible
0x48661c EnableWindow
0x486620 InvalidateRect
0x486624 GetWindowLongW
0x486628 AttachThreadInput
0x48662c GetFocus
0x486630 GetWindowTextW
0x486634 ScreenToClient
0x486638 SendMessageTimeoutW
0x48663c EnumChildWindows
0x486640 CharUpperBuffW
0x486644 GetClassNameW
0x486648 GetParent
0x48664c GetDlgCtrlID
0x486650 SendMessageW
0x486654 MapVirtualKeyW
0x486658 PostMessageW
0x48665c GetWindowRect
0x486660 SetUserObjectSecurity
0x486664 CloseDesktop
0x486668 CloseWindowStation
0x48666c OpenDesktopW
0x486670 SetProcessWindowStation
0x486674 GetProcessWindowStation
0x486678 OpenWindowStationW
0x48667c GetUserObjectSecurity
0x486680 MessageBoxW
0x486684 DefWindowProcW
0x486688 MoveWindow
0x48668c AdjustWindowRectEx
0x486690 SetRect
0x486694 SetClipboardData
0x486698 EmptyClipboard
0x48669c CountClipboardFormats
0x4866a0 CloseClipboard
0x4866a4 GetClipboardData
0x4866a8 IsClipboardFormatAvailable
0x4866ac OpenClipboard
0x4866b0 BlockInput
0x4866b4 GetMessageW
0x4866b8 LockWindowUpdate
0x4866bc DispatchMessageW
0x4866c0 GetMenuItemID
0x4866c4 TranslateMessage
0x4866c8 SetFocus
0x4866cc PostQuitMessage
0x4866d0 KillTimer
0x4866d4 CreatePopupMenu
0x4866d8 RegisterWindowMessageW
0x4866dc SetTimer
0x4866e0 ShowWindow
0x4866e4 CreateWindowExW
0x4866e8 RegisterClassExW
0x4866ec LoadIconW
0x4866f0 LoadCursorW
0x4866f4 GetSysColorBrush
0x4866f8 GetForegroundWindow
0x4866fc MessageBoxA
0x486700 DestroyIcon
0x486704 UnregisterHotKey
0x486708 CharLowerBuffW
0x48670c MonitorFromRect
0x486710 keybd_event
0x486714 LoadImageW
0x486718 GetWindowThreadProcessId
GDI32.dll
0x4860c8 DeleteObject
0x4860cc MoveToEx
0x4860d0 GetTextExtentPoint32W
0x4860d4 ExtCreatePen
0x4860d8 StrokeAndFillPath
0x4860dc StrokePath
0x4860e0 EndPath
0x4860e4 SetPixel
0x4860e8 CloseFigure
0x4860ec CreateCompatibleBitmap
0x4860f0 CreateCompatibleDC
0x4860f4 SelectObject
0x4860f8 StretchBlt
0x4860fc GetDIBits
0x486100 LineTo
0x486104 GetDeviceCaps
0x486108 DeleteDC
0x48610c GetPixel
0x486110 CreateDCW
0x486114 Ellipse
0x486118 PolyDraw
0x48611c BeginPath
0x486120 Rectangle
0x486124 SetViewportOrgEx
0x486128 GetObjectW
0x48612c SetBkMode
0x486130 RoundRect
0x486134 SetBkColor
0x486138 CreatePen
0x48613c CreateSolidBrush
0x486140 SetTextColor
0x486144 CreateFontW
0x486148 GetTextFaceW
0x48614c GetStockObject
0x486150 AngleArc
COMDLG32.dll
0x4860bc GetSaveFileNameW
0x4860c0 GetOpenFileNameW
ADVAPI32.dll
0x486000 RegEnumValueW
0x486004 RegDeleteValueW
0x486008 RegDeleteKeyW
0x48600c RegEnumKeyExW
0x486010 RegSetValueExW
0x486014 RegCreateKeyExW
0x486018 GetUserNameW
0x48601c CloseServiceHandle
0x486020 UnlockServiceDatabase
0x486024 LockServiceDatabase
0x486028 OpenSCManagerW
0x48602c RegOpenKeyExW
0x486030 RegCloseKey
0x486034 RegQueryValueExW
0x486038 RegConnectRegistryW
0x48603c InitializeSecurityDescriptor
0x486040 InitializeAcl
0x486044 AdjustTokenPrivileges
0x486048 OpenThreadToken
0x48604c OpenProcessToken
0x486050 LookupPrivilegeValueW
0x486054 InitiateSystemShutdownExW
0x486058 DuplicateTokenEx
0x48605c CreateProcessAsUserW
0x486060 CreateProcessWithLogonW
0x486064 GetLengthSid
0x486068 CopySid
0x48606c LogonUserW
0x486070 GetTokenInformation
0x486074 GetSecurityDescriptorDacl
0x486078 GetAce
0x48607c AddAce
0x486080 SetSecurityDescriptorDacl
0x486084 GetAclInformation
SHELL32.dll
0x486460 DragQueryPoint
0x486464 ShellExecuteExW
0x486468 SHGetFolderPathW
0x48646c DragQueryFileW
0x486470 SHEmptyRecycleBinW
0x486474 SHBrowseForFolderW
0x486478 SHFileOperationW
0x48647c SHGetPathFromIDListW
0x486480 SHGetDesktopFolder
0x486484 SHGetMalloc
0x486488 ExtractIconExW
0x48648c Shell_NotifyIconW
0x486490 ShellExecuteW
0x486494 DragFinish
ole32.dll
0x4867ec CoTaskMemAlloc
0x4867f0 CoTaskMemFree
0x4867f4 CLSIDFromString
0x4867f8 ProgIDFromCLSID
0x4867fc CLSIDFromProgID
0x486800 OleSetMenuDescriptor
0x486804 MkParseDisplayName
0x486808 OleSetContainedObject
0x48680c StringFromGUID2
0x486810 CoInitialize
0x486814 CoUninitialize
0x486818 CoCreateInstance
0x48681c CreateStreamOnHGlobal
0x486820 GetRunningObjectTable
0x486824 CoGetInstanceFromFile
0x486828 OleInitialize
0x48682c CoInitializeSecurity
0x486830 CoCreateInstanceEx
0x486834 CoSetProxyBlanket
0x486838 OleUninitialize
0x48683c IIDFromString
OLEAUT32.dll
0x4863ec VariantCopyInd
0x4863f0 DispCallFunc
0x4863f4 CreateStdDispatch
0x4863f8 CreateDispTypeInfo
0x4863fc SafeArrayDestroyDescriptor
0x486400 SafeArrayDestroyData
0x486404 SafeArrayUnaccessData
0x486408 SafeArrayAccessData
0x48640c VariantChangeType
0x486410 SafeArrayAllocDescriptorEx
0x486414 OleLoadPicture
0x486418 QueryPathOfRegTypeLib
0x48641c SafeArrayCreateVector
0x486420 SysAllocString
0x486424 VariantCopy
0x486428 VariantClear
0x48642c VariantInit
0x486430 SysStringLen
0x486434 VariantTimeToSystemTime
0x486438 VarR8FromDec
0x48643c SafeArrayGetVartype
0x486440 SafeArrayAllocData
0x486444 SysFreeString
EAT(Export Address Table) is none