ScreenShot
| Created | 2025.01.18 10:03 | Machine | s1_win7_x6401 |
| Filename | 4909_7122.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 40 detected (Remcos, Artemis, Lazy, Unsafe, V80c, malicious, confidence, 100%, Attribute, HighConfidence, Rescoms, ccmw, Crysan, LESS, bWQ1OlhNjEVg+Tku, dknxt, Detected, N2TYIF, R002H09AG25, Loader, PossibleThreat) | ||
| md5 | 6626a89aa5cc47a20e9de81360327a3e | ||
| sha256 | f9c6e2f4c1be741b973d13b711fe68c71a2245c9908d0345724805f5eff1e2e7 | ||
| ssdeep | 49152:fT2Wd4IbtCaIZ+SgnCxaC+1R5oWjhRSTp8Z2WTWw/10tte7:SW5QxajvOWM8UWTWw/IU | ||
| imphash | 0b4487d41f282d8cf70f19b5be43731e | ||
| impfuzzy | 96:iVSzaclKA0KAnX1/RgZf9vGOtgcfjvrLXt7ysX+0WAVyZkqqGMX:1acoA0VnF/RIf9p7HO0WAVy+ | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Installs itself for autorun at Windows startup |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | One or more of the buffers contains an embedded PE file |
| watch | Potential code injection by writing to the memory of another process |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | One or more potentially interesting buffers were extracted |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (download) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x48b3c4 ioctlsocket
0x48b3c8 setsockopt
0x48b3cc WSAGetLastError
0x48b3d0 sendto
0x48b3d4 htons
0x48b3d8 recv
0x48b3dc recvfrom
0x48b3e0 connect
0x48b3e4 socket
0x48b3e8 send
0x48b3ec inet_addr
0x48b3f0 WSAStartup
0x48b3f4 getaddrinfo
0x48b3f8 listen
0x48b3fc shutdown
0x48b400 select
0x48b404 closesocket
0x48b408 ind
0x48b40c accept
0x48b410 WSACleanup
0x48b414 inet_ntoa
0x48b418 getpeername
0x48b41c freeaddrinfo
COMCTL32.dll
0x48b024 ImageList_ReplaceIcon
0x48b028 InitCommonControlsEx
0x48b02c ImageList_Create
0x48b030 _TrackMouseEvent
d2d1.dll
0x48b424 None
0x48b428 None
gdiplus.dll
0x48b430 GdiplusStartup
0x48b434 GdipDrawImageI
0x48b438 GdipGetImageFlags
0x48b43c GdipImageSelectActiveFrame
0x48b440 GdipGetImageWidth
0x48b444 GdipGetPropertyItemSize
0x48b448 GdipCreateBitmapFromScan0
0x48b44c GdiplusShutdown
0x48b450 GdipTranslateWorldTransform
0x48b454 GdipDeleteGraphics
0x48b458 GdipGetImageEncodersSize
0x48b45c GdipGetImageGraphicsContext
0x48b460 GdipRotateWorldTransform
0x48b464 GdipImageGetFrameCount
0x48b468 GdipCreateFromHDC
0x48b46c GdipImageGetFrameDimensionsList
0x48b470 GdipFree
0x48b474 GdipScaleWorldTransform
0x48b478 GdipGraphicsClear
0x48b47c GdipDisposeImage
0x48b480 GdipAlloc
0x48b484 GdipGetPropertyItem
0x48b488 GdipCloneImage
0x48b48c GdipDrawImageRect
0x48b490 GdipGetImageEncoders
0x48b494 GdipGetImageHeight
0x48b498 GdipLoadImageFromFile
0x48b49c GdipDrawImageRectI
0x48b4a0 GdipSaveImageToFile
KERNEL32.dll
0x48b080 SignalObjectAndWait
0x48b084 SetEndOfFile
0x48b088 WriteConsoleW
0x48b08c SetFilePointerEx
0x48b090 CreateFileW
0x48b094 FlushFileBuffers
0x48b098 SetStdHandle
0x48b09c WaitForSingleObjectEx
0x48b0a0 GetProcessHeap
0x48b0a4 SetEnvironmentVariableA
0x48b0a8 FreeEnvironmentStringsW
0x48b0ac GetEnvironmentStringsW
0x48b0b0 GetCommandLineW
0x48b0b4 GetCPInfo
0x48b0b8 GetOEMCP
0x48b0bc IsValidCodePage
0x48b0c0 FindNextFileA
0x48b0c4 FindFirstFileExA
0x48b0c8 FindClose
0x48b0cc DecodePointer
0x48b0d0 ReadConsoleW
0x48b0d4 GetConsoleMode
0x48b0d8 GetConsoleCP
0x48b0dc GetFileAttributesExW
0x48b0e0 ReadFile
0x48b0e4 SetHandleInformation
0x48b0e8 TerminateProcess
0x48b0ec CreatePipe
0x48b0f0 PeekNamedPipe
0x48b0f4 WaitForSingleObject
0x48b0f8 Sleep
0x48b0fc GetLastError
0x48b100 GetFileAttributesA
0x48b104 LoadLibraryA
0x48b108 CloseHandle
0x48b10c GetProcAddress
0x48b110 FreeLibrary
0x48b114 CreateProcessA
0x48b118 GetExitCodeProcess
0x48b11c SetThreadPriority
0x48b120 ReleaseMutex
0x48b124 GetCurrentThread
0x48b128 TerminateThread
0x48b12c CreateThread
0x48b130 GetTickCount
0x48b134 CreateMutexA
0x48b138 UnmapViewOfFile
0x48b13c CreateFileMappingA
0x48b140 CreateEventA
0x48b144 MapViewOfFile
0x48b148 VirtualProtect
0x48b14c ResetEvent
0x48b150 GetModuleFileNameA
0x48b154 SetPriorityClass
0x48b158 GetCurrentProcess
0x48b15c GetCommandLineA
0x48b160 AttachConsole
0x48b164 GetThreadPriority
0x48b168 GetCurrentProcessId
0x48b16c FormatMessageA
0x48b170 CreateSemaphoreA
0x48b174 AllocConsole
0x48b178 DeleteFileA
0x48b17c LocalAlloc
0x48b180 LocalFree
0x48b184 HeapSize
0x48b188 HeapReAlloc
0x48b18c GetStringTypeW
0x48b190 GetFileType
0x48b194 HeapAlloc
0x48b198 HeapFree
0x48b19c GetACP
0x48b1a0 WriteFile
0x48b1a4 GetStdHandle
0x48b1a8 GetModuleFileNameW
0x48b1ac GetModuleHandleExW
0x48b1b0 ExitProcess
0x48b1b4 MultiByteToWideChar
0x48b1b8 LoadLibraryExW
0x48b1bc EncodePointer
0x48b1c0 InterlockedFlushSList
0x48b1c4 InterlockedPushEntrySList
0x48b1c8 RaiseException
0x48b1cc RtlUnwind
0x48b1d0 TlsFree
0x48b1d4 TlsSetValue
0x48b1d8 TlsGetValue
0x48b1dc TlsAlloc
0x48b1e0 SwitchToThread
0x48b1e4 CreateEventW
0x48b1e8 InitializeCriticalSectionAndSpinCount
0x48b1ec SetLastError
0x48b1f0 WideCharToMultiByte
0x48b1f4 DeleteCriticalSection
0x48b1f8 TryEnterCriticalSection
0x48b1fc LeaveCriticalSection
0x48b200 EnterCriticalSection
0x48b204 InitializeSListHead
0x48b208 GetSystemTimeAsFileTime
0x48b20c GetCurrentThreadId
0x48b210 QueryPerformanceCounter
0x48b214 GetModuleHandleW
0x48b218 GetStartupInfoW
0x48b21c IsDebuggerPresent
0x48b220 IsProcessorFeaturePresent
0x48b224 SetUnhandledExceptionFilter
0x48b228 UnhandledExceptionFilter
0x48b22c VirtualAlloc
0x48b230 GetVersionExW
0x48b234 GetModuleHandleA
0x48b238 FreeLibraryAndExitThread
0x48b23c GetThreadTimes
0x48b240 GetLogicalProcessorInformation
0x48b244 CreateTimerQueueTimer
0x48b248 CompareStringW
0x48b24c LCMapStringW
0x48b250 VirtualFree
0x48b254 DuplicateHandle
0x48b258 ReleaseSemaphore
0x48b25c InterlockedPopEntrySList
0x48b260 QueryDepthSList
0x48b264 UnregisterWaitEx
0x48b268 CreateTimerQueue
0x48b26c ChangeTimerQueueTimer
0x48b270 DeleteTimerQueueTimer
0x48b274 GetNumaHighestNodeNumber
0x48b278 GetProcessAffinityMask
0x48b27c SetThreadAffinityMask
0x48b280 RegisterWaitForSingleObject
0x48b284 GetLocalTime
0x48b288 UnregisterWait
0x48b28c LoadLibraryW
0x48b290 SetEvent
USER32.dll
0x48b2bc GetParent
0x48b2c0 SetCursor
0x48b2c4 GetPropA
0x48b2c8 GetWindowLongA
0x48b2cc CallWindowProcA
0x48b2d0 LoadCursorA
0x48b2d4 SetPropA
0x48b2d8 InvalidateRect
0x48b2dc CheckRadioButton
0x48b2e0 IsDlgButtonChecked
0x48b2e4 GetMessageA
0x48b2e8 DispatchMessageA
0x48b2ec GetWindowRect
0x48b2f0 DestroyWindow
0x48b2f4 IsWindowVisible
0x48b2f8 SetWindowPos
0x48b2fc SetActiveWindow
0x48b300 EnumDisplayMonitors
0x48b304 EndDialog
0x48b308 CreatePopupMenu
0x48b30c DialogBoxParamA
0x48b310 TrackPopupMenu
0x48b314 ShowWindow
0x48b318 TranslateAcceleratorA
0x48b31c SetTimer
0x48b320 RedrawWindow
0x48b324 DestroyIcon
0x48b328 SetWindowLongA
0x48b32c GetWindowTextA
0x48b330 LoadAcceleratorsA
0x48b334 FrameRect
0x48b338 SetWindowTextA
0x48b33c IsWindowEnabled
0x48b340 SetMenu
0x48b344 DefWindowProcA
0x48b348 DestroyMenu
0x48b34c CreateWindowExA
0x48b350 TranslateMessage
0x48b354 SendMessageA
0x48b358 CreateDialogParamA
0x48b35c LoadIconA
0x48b360 GetDlgItem
0x48b364 KillTimer
0x48b368 CheckDlgButton
0x48b36c PostQuitMessage
0x48b370 GetSysColorBrush
0x48b374 EnableMenuItem
0x48b378 GetMenuItemInfoA
0x48b37c CreateMenu
0x48b380 FindWindowA
0x48b384 SetForegroundWindow
0x48b388 GetCursorPos
0x48b38c BeginPaint
0x48b390 EndPaint
0x48b394 ModifyMenuA
0x48b398 EnableWindow
0x48b39c GetDC
0x48b3a0 GetClientRect
0x48b3a4 ReleaseDC
0x48b3a8 GetSysColor
0x48b3ac PostMessageA
0x48b3b0 LoadStringA
0x48b3b4 MessageBoxA
0x48b3b8 RemovePropA
0x48b3bc AppendMenuA
GDI32.dll
0x48b060 DeleteObject
0x48b064 Rectangle
0x48b068 SelectObject
0x48b06c GetObjectA
0x48b070 CreateFontIndirectA
0x48b074 SetTextColor
0x48b078 CreateSolidBrush
COMDLG32.dll
0x48b038 GetOpenFileNameA
0x48b03c GetSaveFileNameA
ADVAPI32.dll
0x48b000 RegCloseKey
0x48b004 AdjustTokenPrivileges
0x48b008 RegOpenKeyExA
0x48b00c OpenProcessToken
0x48b010 RegSetValueExA
0x48b014 InitiateSystemShutdownA
0x48b018 LookupPrivilegeValueA
0x48b01c RegQueryValueExA
SHELL32.dll
0x48b298 SHGetFolderPathA
0x48b29c SHGetPathFromIDListA
0x48b2a0 SHBrowseForFolderA
0x48b2a4 SHGetMalloc
0x48b2a8 DragQueryFileA
0x48b2ac ShellExecuteA
0x48b2b0 DragAcceptFiles
0x48b2b4 Shell_NotifyIconA
ole32.dll
0x48b4a8 CoCreateInstance
0x48b4ac CoInitialize
CRYPT32.dll
0x48b044 CertFindCertificateInStore
0x48b048 CryptMsgGetParam
0x48b04c CertCloseStore
0x48b050 CryptQueryObject
0x48b054 CertFreeCertificateContext
0x48b058 CryptMsgClose
EAT(Export Address Table) is none
WS2_32.dll
0x48b3c4 ioctlsocket
0x48b3c8 setsockopt
0x48b3cc WSAGetLastError
0x48b3d0 sendto
0x48b3d4 htons
0x48b3d8 recv
0x48b3dc recvfrom
0x48b3e0 connect
0x48b3e4 socket
0x48b3e8 send
0x48b3ec inet_addr
0x48b3f0 WSAStartup
0x48b3f4 getaddrinfo
0x48b3f8 listen
0x48b3fc shutdown
0x48b400 select
0x48b404 closesocket
0x48b408 ind
0x48b40c accept
0x48b410 WSACleanup
0x48b414 inet_ntoa
0x48b418 getpeername
0x48b41c freeaddrinfo
COMCTL32.dll
0x48b024 ImageList_ReplaceIcon
0x48b028 InitCommonControlsEx
0x48b02c ImageList_Create
0x48b030 _TrackMouseEvent
d2d1.dll
0x48b424 None
0x48b428 None
gdiplus.dll
0x48b430 GdiplusStartup
0x48b434 GdipDrawImageI
0x48b438 GdipGetImageFlags
0x48b43c GdipImageSelectActiveFrame
0x48b440 GdipGetImageWidth
0x48b444 GdipGetPropertyItemSize
0x48b448 GdipCreateBitmapFromScan0
0x48b44c GdiplusShutdown
0x48b450 GdipTranslateWorldTransform
0x48b454 GdipDeleteGraphics
0x48b458 GdipGetImageEncodersSize
0x48b45c GdipGetImageGraphicsContext
0x48b460 GdipRotateWorldTransform
0x48b464 GdipImageGetFrameCount
0x48b468 GdipCreateFromHDC
0x48b46c GdipImageGetFrameDimensionsList
0x48b470 GdipFree
0x48b474 GdipScaleWorldTransform
0x48b478 GdipGraphicsClear
0x48b47c GdipDisposeImage
0x48b480 GdipAlloc
0x48b484 GdipGetPropertyItem
0x48b488 GdipCloneImage
0x48b48c GdipDrawImageRect
0x48b490 GdipGetImageEncoders
0x48b494 GdipGetImageHeight
0x48b498 GdipLoadImageFromFile
0x48b49c GdipDrawImageRectI
0x48b4a0 GdipSaveImageToFile
KERNEL32.dll
0x48b080 SignalObjectAndWait
0x48b084 SetEndOfFile
0x48b088 WriteConsoleW
0x48b08c SetFilePointerEx
0x48b090 CreateFileW
0x48b094 FlushFileBuffers
0x48b098 SetStdHandle
0x48b09c WaitForSingleObjectEx
0x48b0a0 GetProcessHeap
0x48b0a4 SetEnvironmentVariableA
0x48b0a8 FreeEnvironmentStringsW
0x48b0ac GetEnvironmentStringsW
0x48b0b0 GetCommandLineW
0x48b0b4 GetCPInfo
0x48b0b8 GetOEMCP
0x48b0bc IsValidCodePage
0x48b0c0 FindNextFileA
0x48b0c4 FindFirstFileExA
0x48b0c8 FindClose
0x48b0cc DecodePointer
0x48b0d0 ReadConsoleW
0x48b0d4 GetConsoleMode
0x48b0d8 GetConsoleCP
0x48b0dc GetFileAttributesExW
0x48b0e0 ReadFile
0x48b0e4 SetHandleInformation
0x48b0e8 TerminateProcess
0x48b0ec CreatePipe
0x48b0f0 PeekNamedPipe
0x48b0f4 WaitForSingleObject
0x48b0f8 Sleep
0x48b0fc GetLastError
0x48b100 GetFileAttributesA
0x48b104 LoadLibraryA
0x48b108 CloseHandle
0x48b10c GetProcAddress
0x48b110 FreeLibrary
0x48b114 CreateProcessA
0x48b118 GetExitCodeProcess
0x48b11c SetThreadPriority
0x48b120 ReleaseMutex
0x48b124 GetCurrentThread
0x48b128 TerminateThread
0x48b12c CreateThread
0x48b130 GetTickCount
0x48b134 CreateMutexA
0x48b138 UnmapViewOfFile
0x48b13c CreateFileMappingA
0x48b140 CreateEventA
0x48b144 MapViewOfFile
0x48b148 VirtualProtect
0x48b14c ResetEvent
0x48b150 GetModuleFileNameA
0x48b154 SetPriorityClass
0x48b158 GetCurrentProcess
0x48b15c GetCommandLineA
0x48b160 AttachConsole
0x48b164 GetThreadPriority
0x48b168 GetCurrentProcessId
0x48b16c FormatMessageA
0x48b170 CreateSemaphoreA
0x48b174 AllocConsole
0x48b178 DeleteFileA
0x48b17c LocalAlloc
0x48b180 LocalFree
0x48b184 HeapSize
0x48b188 HeapReAlloc
0x48b18c GetStringTypeW
0x48b190 GetFileType
0x48b194 HeapAlloc
0x48b198 HeapFree
0x48b19c GetACP
0x48b1a0 WriteFile
0x48b1a4 GetStdHandle
0x48b1a8 GetModuleFileNameW
0x48b1ac GetModuleHandleExW
0x48b1b0 ExitProcess
0x48b1b4 MultiByteToWideChar
0x48b1b8 LoadLibraryExW
0x48b1bc EncodePointer
0x48b1c0 InterlockedFlushSList
0x48b1c4 InterlockedPushEntrySList
0x48b1c8 RaiseException
0x48b1cc RtlUnwind
0x48b1d0 TlsFree
0x48b1d4 TlsSetValue
0x48b1d8 TlsGetValue
0x48b1dc TlsAlloc
0x48b1e0 SwitchToThread
0x48b1e4 CreateEventW
0x48b1e8 InitializeCriticalSectionAndSpinCount
0x48b1ec SetLastError
0x48b1f0 WideCharToMultiByte
0x48b1f4 DeleteCriticalSection
0x48b1f8 TryEnterCriticalSection
0x48b1fc LeaveCriticalSection
0x48b200 EnterCriticalSection
0x48b204 InitializeSListHead
0x48b208 GetSystemTimeAsFileTime
0x48b20c GetCurrentThreadId
0x48b210 QueryPerformanceCounter
0x48b214 GetModuleHandleW
0x48b218 GetStartupInfoW
0x48b21c IsDebuggerPresent
0x48b220 IsProcessorFeaturePresent
0x48b224 SetUnhandledExceptionFilter
0x48b228 UnhandledExceptionFilter
0x48b22c VirtualAlloc
0x48b230 GetVersionExW
0x48b234 GetModuleHandleA
0x48b238 FreeLibraryAndExitThread
0x48b23c GetThreadTimes
0x48b240 GetLogicalProcessorInformation
0x48b244 CreateTimerQueueTimer
0x48b248 CompareStringW
0x48b24c LCMapStringW
0x48b250 VirtualFree
0x48b254 DuplicateHandle
0x48b258 ReleaseSemaphore
0x48b25c InterlockedPopEntrySList
0x48b260 QueryDepthSList
0x48b264 UnregisterWaitEx
0x48b268 CreateTimerQueue
0x48b26c ChangeTimerQueueTimer
0x48b270 DeleteTimerQueueTimer
0x48b274 GetNumaHighestNodeNumber
0x48b278 GetProcessAffinityMask
0x48b27c SetThreadAffinityMask
0x48b280 RegisterWaitForSingleObject
0x48b284 GetLocalTime
0x48b288 UnregisterWait
0x48b28c LoadLibraryW
0x48b290 SetEvent
USER32.dll
0x48b2bc GetParent
0x48b2c0 SetCursor
0x48b2c4 GetPropA
0x48b2c8 GetWindowLongA
0x48b2cc CallWindowProcA
0x48b2d0 LoadCursorA
0x48b2d4 SetPropA
0x48b2d8 InvalidateRect
0x48b2dc CheckRadioButton
0x48b2e0 IsDlgButtonChecked
0x48b2e4 GetMessageA
0x48b2e8 DispatchMessageA
0x48b2ec GetWindowRect
0x48b2f0 DestroyWindow
0x48b2f4 IsWindowVisible
0x48b2f8 SetWindowPos
0x48b2fc SetActiveWindow
0x48b300 EnumDisplayMonitors
0x48b304 EndDialog
0x48b308 CreatePopupMenu
0x48b30c DialogBoxParamA
0x48b310 TrackPopupMenu
0x48b314 ShowWindow
0x48b318 TranslateAcceleratorA
0x48b31c SetTimer
0x48b320 RedrawWindow
0x48b324 DestroyIcon
0x48b328 SetWindowLongA
0x48b32c GetWindowTextA
0x48b330 LoadAcceleratorsA
0x48b334 FrameRect
0x48b338 SetWindowTextA
0x48b33c IsWindowEnabled
0x48b340 SetMenu
0x48b344 DefWindowProcA
0x48b348 DestroyMenu
0x48b34c CreateWindowExA
0x48b350 TranslateMessage
0x48b354 SendMessageA
0x48b358 CreateDialogParamA
0x48b35c LoadIconA
0x48b360 GetDlgItem
0x48b364 KillTimer
0x48b368 CheckDlgButton
0x48b36c PostQuitMessage
0x48b370 GetSysColorBrush
0x48b374 EnableMenuItem
0x48b378 GetMenuItemInfoA
0x48b37c CreateMenu
0x48b380 FindWindowA
0x48b384 SetForegroundWindow
0x48b388 GetCursorPos
0x48b38c BeginPaint
0x48b390 EndPaint
0x48b394 ModifyMenuA
0x48b398 EnableWindow
0x48b39c GetDC
0x48b3a0 GetClientRect
0x48b3a4 ReleaseDC
0x48b3a8 GetSysColor
0x48b3ac PostMessageA
0x48b3b0 LoadStringA
0x48b3b4 MessageBoxA
0x48b3b8 RemovePropA
0x48b3bc AppendMenuA
GDI32.dll
0x48b060 DeleteObject
0x48b064 Rectangle
0x48b068 SelectObject
0x48b06c GetObjectA
0x48b070 CreateFontIndirectA
0x48b074 SetTextColor
0x48b078 CreateSolidBrush
COMDLG32.dll
0x48b038 GetOpenFileNameA
0x48b03c GetSaveFileNameA
ADVAPI32.dll
0x48b000 RegCloseKey
0x48b004 AdjustTokenPrivileges
0x48b008 RegOpenKeyExA
0x48b00c OpenProcessToken
0x48b010 RegSetValueExA
0x48b014 InitiateSystemShutdownA
0x48b018 LookupPrivilegeValueA
0x48b01c RegQueryValueExA
SHELL32.dll
0x48b298 SHGetFolderPathA
0x48b29c SHGetPathFromIDListA
0x48b2a0 SHBrowseForFolderA
0x48b2a4 SHGetMalloc
0x48b2a8 DragQueryFileA
0x48b2ac ShellExecuteA
0x48b2b0 DragAcceptFiles
0x48b2b4 Shell_NotifyIconA
ole32.dll
0x48b4a8 CoCreateInstance
0x48b4ac CoInitialize
CRYPT32.dll
0x48b044 CertFindCertificateInStore
0x48b048 CryptMsgGetParam
0x48b04c CertCloseStore
0x48b050 CryptQueryObject
0x48b054 CertFreeCertificateContext
0x48b058 CryptMsgClose
EAT(Export Address Table) is none