ScreenShot
| Created | 2025.03.12 11:34 | Machine | s1_win7_x6403 |
| Filename | crossings.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 60 detected (AIDetectMalware, Remcos, Malicious, score, Ghanarava, Dacic, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, Windows, Rescoms, RATX, kvsovm, CLASSIC, Real Protect, Static AI, Malicious PE, Detected, GrayWare, Wacapew, EEXSL2, Eldorado, R693720, Artemis, Genetic, PE04C9V, 0xdHUw5uf6o, susgen) | ||
| md5 | db59bfef32bc15d53bdf499dd1ae62c4 | ||
| sha256 | c0297a465ab62db781cd06295004e14eac2d87905b5015b1cc02b446a34bf042 | ||
| ssdeep | 6144:HIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZGFX3Xc6GJ:H200OFp+G0imvHn3Cp6qyBP+YdsvZGo | ||
| imphash | 41e05d591d7d93bdd5bc6d5da04da74b | ||
| impfuzzy | 96:ARSgmXb/LHcp+hDGkZ3SLKXGLYj5VmL9FNUxKd38KvSgdSst723:0yLbZCLeVm2EZ8Xso3 | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | Executed a process and injected code into it |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Installs itself for autorun at Windows startup |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | One or more potentially interesting buffers were extracted |
| notice | Terminates another process |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
Rules (32cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Client_SW_User_Data_Stealer | Client_SW_User_Data_Stealer | memory |
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| danger | Win_Backdoor_RemcosRAT | Win Backdoor RemcosRAT | memory |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | infoStealer_browser_Zero | browser info stealer | memory |
| watch | Chrome_User_Data_Check_Zero | Google Chrome User Data Check | memory |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | ScreenShot | Take ScreenShot | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4590b8 FindFirstFileA
0x4590bc FindNextFileA
0x4590c0 ExpandEnvironmentStringsA
0x4590c4 GetModuleFileNameW
0x4590c8 GetLongPathNameW
0x4590cc CopyFileW
0x4590d0 GetLocaleInfoA
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 LoadLibraryA
0x4590e8 GetNativeSystemInfo
0x4590ec HeapAlloc
0x4590f0 GetProcessHeap
0x4590f4 FreeLibrary
0x4590f8 IsBadReadPtr
0x4590fc GetTempPathW
0x459100 lstrcatW
0x459104 GetCurrentProcessId
0x459108 GetTempFileNameW
0x45910c GetSystemDirectoryA
0x459110 GlobalAlloc
0x459114 GlobalLock
0x459118 GetTickCount
0x45911c GlobalUnlock
0x459120 WriteProcessMemory
0x459124 ResumeThread
0x459128 GetThreadContext
0x45912c ReadProcessMemory
0x459130 CreateProcessW
0x459134 SetThreadContext
0x459138 LocalAlloc
0x45913c GlobalFree
0x459140 MulDiv
0x459144 SizeofResource
0x459148 QueryDosDeviceW
0x45914c FindFirstVolumeW
0x459150 GetConsoleScreenBufferInfo
0x459154 SetConsoleTextAttribute
0x459158 lstrlenW
0x45915c GetStdHandle
0x459160 SetFilePointer
0x459164 FindResourceA
0x459168 LockResource
0x45916c LoadLibraryW
0x459170 LoadResource
0x459174 LocalFree
0x459178 FindVolumeClose
0x45917c GetVolumePathNamesForVolumeNameW
0x459180 lstrcpyW
0x459184 SetConsoleOutputCP
0x459188 FormatMessageA
0x45918c TerminateThread
0x459190 AllocConsole
0x459194 lstrcmpW
0x459198 GetModuleFileNameA
0x45919c lstrcpynA
0x4591a0 QueryPerformanceFrequency
0x4591a4 QueryPerformanceCounter
0x4591a8 EnterCriticalSection
0x4591ac LeaveCriticalSection
0x4591b0 InitializeCriticalSection
0x4591b4 DeleteCriticalSection
0x4591b8 HeapSize
0x4591bc WriteConsoleW
0x4591c0 SetStdHandle
0x4591c4 SetEnvironmentVariableW
0x4591c8 SetEnvironmentVariableA
0x4591cc FreeEnvironmentStringsW
0x4591d0 GetEnvironmentStringsW
0x4591d4 GetCommandLineW
0x4591d8 GetCommandLineA
0x4591dc GetOEMCP
0x4591e0 IsValidCodePage
0x4591e4 FindFirstFileExA
0x4591e8 HeapReAlloc
0x4591ec ReadConsoleW
0x4591f0 GetConsoleMode
0x4591f4 GetConsoleCP
0x4591f8 FlushFileBuffers
0x4591fc GetFileType
0x459200 GetTimeZoneInformation
0x459204 EnumSystemLocalesW
0x459208 GetUserDefaultLCID
0x45920c IsValidLocale
0x459210 GetTimeFormatW
0x459214 GetDateFormatW
0x459218 GetACP
0x45921c GetModuleHandleExW
0x459220 MoveFileExW
0x459224 LoadLibraryExW
0x459228 RaiseException
0x45922c RtlUnwind
0x459230 GetCPInfo
0x459234 GetStringTypeW
0x459238 GetLocaleInfoW
0x45923c LCMapStringW
0x459240 CompareStringW
0x459244 MultiByteToWideChar
0x459248 DecodePointer
0x45924c EncodePointer
0x459250 TlsFree
0x459254 TlsSetValue
0x459258 GetModuleHandleA
0x45925c RemoveDirectoryW
0x459260 MoveFileW
0x459264 SetFilePointerEx
0x459268 GetLogicalDriveStringsA
0x45926c DeleteFileW
0x459270 DeleteFileA
0x459274 SetFileAttributesW
0x459278 GetFileAttributesW
0x45927c CreateDirectoryW
0x459280 GetFileSize
0x459284 FindClose
0x459288 lstrlenA
0x45928c GetDriveTypeA
0x459290 FindNextFileW
0x459294 GetFileSizeEx
0x459298 FindFirstFileW
0x45929c GetModuleHandleW
0x4592a0 ExitProcess
0x4592a4 GetProcAddress
0x4592a8 Process32FirstW
0x4592ac Process32NextW
0x4592b0 OpenMutexA
0x4592b4 GetLastError
0x4592b8 CreateToolhelp32Snapshot
0x4592bc OpenProcess
0x4592c0 CreateMutexA
0x4592c4 GetCurrentProcess
0x4592c8 CreateProcessA
0x4592cc PeekNamedPipe
0x4592d0 CreatePipe
0x4592d4 TerminateProcess
0x4592d8 ReadFile
0x4592dc HeapFree
0x4592e0 HeapCreate
0x4592e4 CreateEventA
0x4592e8 GetLocalTime
0x4592ec CreateThread
0x4592f0 SetEvent
0x4592f4 CreateEventW
0x4592f8 WaitForSingleObject
0x4592fc Sleep
0x459300 CloseHandle
0x459304 ExitThread
0x459308 CreateFileW
0x45930c WriteFile
0x459310 FindNextVolumeW
0x459314 TlsGetValue
0x459318 TlsAlloc
0x45931c SwitchToThread
0x459320 WideCharToMultiByte
0x459324 InitializeSListHead
0x459328 GetSystemTimeAsFileTime
0x45932c GetCurrentThreadId
0x459330 IsProcessorFeaturePresent
0x459334 GetStartupInfoW
0x459338 SetUnhandledExceptionFilter
0x45933c UnhandledExceptionFilter
0x459340 IsDebuggerPresent
0x459344 WaitForSingleObjectEx
0x459348 ResetEvent
0x45934c InitializeCriticalSectionAndSpinCount
0x459350 SetEndOfFile
USER32.dll
0x45937c SetClipboardData
0x459380 EnumWindows
0x459384 ExitWindowsEx
0x459388 EmptyClipboard
0x45938c ShowWindow
0x459390 SetWindowTextW
0x459394 MessageBoxW
0x459398 IsWindowVisible
0x45939c CloseWindow
0x4593a0 SendInput
0x4593a4 EnumDisplaySettingsW
0x4593a8 mouse_event
0x4593ac MapVirtualKeyA
0x4593b0 DrawIcon
0x4593b4 GetSystemMetrics
0x4593b8 GetIconInfo
0x4593bc SystemParametersInfoW
0x4593c0 GetCursorPos
0x4593c4 RegisterClassExA
0x4593c8 AppendMenuA
0x4593cc CreateWindowExA
0x4593d0 TrackPopupMenu
0x4593d4 TranslateMessage
0x4593d8 DispatchMessageA
0x4593dc GetMessageA
0x4593e0 GetWindowTextW
0x4593e4 wsprintfW
0x4593e8 GetClipboardData
0x4593ec UnhookWindowsHookEx
0x4593f0 GetForegroundWindow
0x4593f4 ToUnicodeEx
0x4593f8 GetKeyboardLayout
0x4593fc SetWindowsHookExA
0x459400 CloseClipboard
0x459404 OpenClipboard
0x459408 GetKeyboardState
0x45940c GetWindowThreadProcessId
0x459410 GetWindowTextLengthW
0x459414 GetKeyState
0x459418 DefWindowProcA
0x45941c SetForegroundWindow
0x459420 GetKeyboardLayoutNameA
0x459424 CallNextHookEx
0x459428 CreatePopupMenu
GDI32.dll
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteDC
0x4590a4 DeleteObject
0x4590a8 CreateDCA
0x4590ac GetObjectA
0x4590b0 BitBlt
ADVAPI32.dll
0x459000 LookupPrivilegeValueA
0x459004 CryptAcquireContextA
0x459008 CryptGenRandom
0x45900c CryptReleaseContext
0x459010 GetUserNameW
0x459014 RegEnumKeyExA
0x459018 GetTokenInformation
0x45901c QueryServiceStatus
0x459020 CloseServiceHandle
0x459024 OpenSCManagerW
0x459028 OpenSCManagerA
0x45902c ControlService
0x459030 StartServiceW
0x459034 QueryServiceConfigW
0x459038 ChangeServiceConfigW
0x45903c OpenServiceW
0x459040 EnumServicesStatusW
0x459044 AdjustTokenPrivileges
0x459048 RegQueryInfoKeyW
0x45904c RegQueryValueExA
0x459050 RegCreateKeyExW
0x459054 RegEnumKeyExW
0x459058 RegSetValueExW
0x45905c RegSetValueExA
0x459060 RegOpenKeyExA
0x459064 RegOpenKeyExW
0x459068 RegCreateKeyW
0x45906c RegDeleteValueW
0x459070 RegEnumValueW
0x459074 RegQueryValueExW
0x459078 RegCreateKeyA
0x45907c RegCloseKey
0x459080 RegDeleteKeyA
0x459084 OpenProcessToken
SHELL32.dll
0x459358 ShellExecuteExA
0x45935c Shell_NotifyIconA
0x459360 ExtractIconA
0x459364 ShellExecuteW
ole32.dll
0x4594e0 CoGetObject
0x4594e4 CoInitializeEx
0x4594e8 CoUninitialize
SHLWAPI.dll
0x45936c StrToIntA
0x459370 PathFileExistsW
0x459374 PathFileExistsA
WINMM.dll
0x459444 mciSendStringA
0x459448 PlaySoundW
0x45944c mciSendStringW
0x459450 waveInClose
0x459454 waveInStop
0x459458 waveInPrepareHeader
0x45945c waveInUnprepareHeader
0x459460 waveInOpen
0x459464 waveInAddBuffer
0x459468 waveInStart
WS2_32.dll
0x459470 gethostbyname
0x459474 WSASetLastError
0x459478 inet_addr
0x45947c gethostbyaddr
0x459480 getservbyport
0x459484 ntohs
0x459488 getservbyname
0x45948c htonl
0x459490 htons
0x459494 inet_ntoa
0x459498 closesocket
0x45949c WSAStartup
0x4594a0 send
0x4594a4 socket
0x4594a8 connect
0x4594ac recv
0x4594b0 WSAGetLastError
urlmon.dll
0x4594f0 URLDownloadToFileW
0x4594f4 URLOpenBlockingStreamW
gdiplus.dll
0x4594b8 GdipSaveImageToStream
0x4594bc GdipDisposeImage
0x4594c0 GdipGetImageEncodersSize
0x4594c4 GdiplusStartup
0x4594c8 GdipGetImageEncoders
0x4594cc GdipCloneImage
0x4594d0 GdipAlloc
0x4594d4 GdipFree
0x4594d8 GdipLoadImageFromStream
WININET.dll
0x459430 InternetReadFile
0x459434 InternetOpenUrlW
0x459438 InternetOpenW
0x45943c InternetCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x4590b8 FindFirstFileA
0x4590bc FindNextFileA
0x4590c0 ExpandEnvironmentStringsA
0x4590c4 GetModuleFileNameW
0x4590c8 GetLongPathNameW
0x4590cc CopyFileW
0x4590d0 GetLocaleInfoA
0x4590d4 VirtualProtect
0x4590d8 SetLastError
0x4590dc VirtualFree
0x4590e0 VirtualAlloc
0x4590e4 LoadLibraryA
0x4590e8 GetNativeSystemInfo
0x4590ec HeapAlloc
0x4590f0 GetProcessHeap
0x4590f4 FreeLibrary
0x4590f8 IsBadReadPtr
0x4590fc GetTempPathW
0x459100 lstrcatW
0x459104 GetCurrentProcessId
0x459108 GetTempFileNameW
0x45910c GetSystemDirectoryA
0x459110 GlobalAlloc
0x459114 GlobalLock
0x459118 GetTickCount
0x45911c GlobalUnlock
0x459120 WriteProcessMemory
0x459124 ResumeThread
0x459128 GetThreadContext
0x45912c ReadProcessMemory
0x459130 CreateProcessW
0x459134 SetThreadContext
0x459138 LocalAlloc
0x45913c GlobalFree
0x459140 MulDiv
0x459144 SizeofResource
0x459148 QueryDosDeviceW
0x45914c FindFirstVolumeW
0x459150 GetConsoleScreenBufferInfo
0x459154 SetConsoleTextAttribute
0x459158 lstrlenW
0x45915c GetStdHandle
0x459160 SetFilePointer
0x459164 FindResourceA
0x459168 LockResource
0x45916c LoadLibraryW
0x459170 LoadResource
0x459174 LocalFree
0x459178 FindVolumeClose
0x45917c GetVolumePathNamesForVolumeNameW
0x459180 lstrcpyW
0x459184 SetConsoleOutputCP
0x459188 FormatMessageA
0x45918c TerminateThread
0x459190 AllocConsole
0x459194 lstrcmpW
0x459198 GetModuleFileNameA
0x45919c lstrcpynA
0x4591a0 QueryPerformanceFrequency
0x4591a4 QueryPerformanceCounter
0x4591a8 EnterCriticalSection
0x4591ac LeaveCriticalSection
0x4591b0 InitializeCriticalSection
0x4591b4 DeleteCriticalSection
0x4591b8 HeapSize
0x4591bc WriteConsoleW
0x4591c0 SetStdHandle
0x4591c4 SetEnvironmentVariableW
0x4591c8 SetEnvironmentVariableA
0x4591cc FreeEnvironmentStringsW
0x4591d0 GetEnvironmentStringsW
0x4591d4 GetCommandLineW
0x4591d8 GetCommandLineA
0x4591dc GetOEMCP
0x4591e0 IsValidCodePage
0x4591e4 FindFirstFileExA
0x4591e8 HeapReAlloc
0x4591ec ReadConsoleW
0x4591f0 GetConsoleMode
0x4591f4 GetConsoleCP
0x4591f8 FlushFileBuffers
0x4591fc GetFileType
0x459200 GetTimeZoneInformation
0x459204 EnumSystemLocalesW
0x459208 GetUserDefaultLCID
0x45920c IsValidLocale
0x459210 GetTimeFormatW
0x459214 GetDateFormatW
0x459218 GetACP
0x45921c GetModuleHandleExW
0x459220 MoveFileExW
0x459224 LoadLibraryExW
0x459228 RaiseException
0x45922c RtlUnwind
0x459230 GetCPInfo
0x459234 GetStringTypeW
0x459238 GetLocaleInfoW
0x45923c LCMapStringW
0x459240 CompareStringW
0x459244 MultiByteToWideChar
0x459248 DecodePointer
0x45924c EncodePointer
0x459250 TlsFree
0x459254 TlsSetValue
0x459258 GetModuleHandleA
0x45925c RemoveDirectoryW
0x459260 MoveFileW
0x459264 SetFilePointerEx
0x459268 GetLogicalDriveStringsA
0x45926c DeleteFileW
0x459270 DeleteFileA
0x459274 SetFileAttributesW
0x459278 GetFileAttributesW
0x45927c CreateDirectoryW
0x459280 GetFileSize
0x459284 FindClose
0x459288 lstrlenA
0x45928c GetDriveTypeA
0x459290 FindNextFileW
0x459294 GetFileSizeEx
0x459298 FindFirstFileW
0x45929c GetModuleHandleW
0x4592a0 ExitProcess
0x4592a4 GetProcAddress
0x4592a8 Process32FirstW
0x4592ac Process32NextW
0x4592b0 OpenMutexA
0x4592b4 GetLastError
0x4592b8 CreateToolhelp32Snapshot
0x4592bc OpenProcess
0x4592c0 CreateMutexA
0x4592c4 GetCurrentProcess
0x4592c8 CreateProcessA
0x4592cc PeekNamedPipe
0x4592d0 CreatePipe
0x4592d4 TerminateProcess
0x4592d8 ReadFile
0x4592dc HeapFree
0x4592e0 HeapCreate
0x4592e4 CreateEventA
0x4592e8 GetLocalTime
0x4592ec CreateThread
0x4592f0 SetEvent
0x4592f4 CreateEventW
0x4592f8 WaitForSingleObject
0x4592fc Sleep
0x459300 CloseHandle
0x459304 ExitThread
0x459308 CreateFileW
0x45930c WriteFile
0x459310 FindNextVolumeW
0x459314 TlsGetValue
0x459318 TlsAlloc
0x45931c SwitchToThread
0x459320 WideCharToMultiByte
0x459324 InitializeSListHead
0x459328 GetSystemTimeAsFileTime
0x45932c GetCurrentThreadId
0x459330 IsProcessorFeaturePresent
0x459334 GetStartupInfoW
0x459338 SetUnhandledExceptionFilter
0x45933c UnhandledExceptionFilter
0x459340 IsDebuggerPresent
0x459344 WaitForSingleObjectEx
0x459348 ResetEvent
0x45934c InitializeCriticalSectionAndSpinCount
0x459350 SetEndOfFile
USER32.dll
0x45937c SetClipboardData
0x459380 EnumWindows
0x459384 ExitWindowsEx
0x459388 EmptyClipboard
0x45938c ShowWindow
0x459390 SetWindowTextW
0x459394 MessageBoxW
0x459398 IsWindowVisible
0x45939c CloseWindow
0x4593a0 SendInput
0x4593a4 EnumDisplaySettingsW
0x4593a8 mouse_event
0x4593ac MapVirtualKeyA
0x4593b0 DrawIcon
0x4593b4 GetSystemMetrics
0x4593b8 GetIconInfo
0x4593bc SystemParametersInfoW
0x4593c0 GetCursorPos
0x4593c4 RegisterClassExA
0x4593c8 AppendMenuA
0x4593cc CreateWindowExA
0x4593d0 TrackPopupMenu
0x4593d4 TranslateMessage
0x4593d8 DispatchMessageA
0x4593dc GetMessageA
0x4593e0 GetWindowTextW
0x4593e4 wsprintfW
0x4593e8 GetClipboardData
0x4593ec UnhookWindowsHookEx
0x4593f0 GetForegroundWindow
0x4593f4 ToUnicodeEx
0x4593f8 GetKeyboardLayout
0x4593fc SetWindowsHookExA
0x459400 CloseClipboard
0x459404 OpenClipboard
0x459408 GetKeyboardState
0x45940c GetWindowThreadProcessId
0x459410 GetWindowTextLengthW
0x459414 GetKeyState
0x459418 DefWindowProcA
0x45941c SetForegroundWindow
0x459420 GetKeyboardLayoutNameA
0x459424 CallNextHookEx
0x459428 CreatePopupMenu
GDI32.dll
0x45908c CreateCompatibleBitmap
0x459090 SelectObject
0x459094 CreateCompatibleDC
0x459098 StretchBlt
0x45909c GetDIBits
0x4590a0 DeleteDC
0x4590a4 DeleteObject
0x4590a8 CreateDCA
0x4590ac GetObjectA
0x4590b0 BitBlt
ADVAPI32.dll
0x459000 LookupPrivilegeValueA
0x459004 CryptAcquireContextA
0x459008 CryptGenRandom
0x45900c CryptReleaseContext
0x459010 GetUserNameW
0x459014 RegEnumKeyExA
0x459018 GetTokenInformation
0x45901c QueryServiceStatus
0x459020 CloseServiceHandle
0x459024 OpenSCManagerW
0x459028 OpenSCManagerA
0x45902c ControlService
0x459030 StartServiceW
0x459034 QueryServiceConfigW
0x459038 ChangeServiceConfigW
0x45903c OpenServiceW
0x459040 EnumServicesStatusW
0x459044 AdjustTokenPrivileges
0x459048 RegQueryInfoKeyW
0x45904c RegQueryValueExA
0x459050 RegCreateKeyExW
0x459054 RegEnumKeyExW
0x459058 RegSetValueExW
0x45905c RegSetValueExA
0x459060 RegOpenKeyExA
0x459064 RegOpenKeyExW
0x459068 RegCreateKeyW
0x45906c RegDeleteValueW
0x459070 RegEnumValueW
0x459074 RegQueryValueExW
0x459078 RegCreateKeyA
0x45907c RegCloseKey
0x459080 RegDeleteKeyA
0x459084 OpenProcessToken
SHELL32.dll
0x459358 ShellExecuteExA
0x45935c Shell_NotifyIconA
0x459360 ExtractIconA
0x459364 ShellExecuteW
ole32.dll
0x4594e0 CoGetObject
0x4594e4 CoInitializeEx
0x4594e8 CoUninitialize
SHLWAPI.dll
0x45936c StrToIntA
0x459370 PathFileExistsW
0x459374 PathFileExistsA
WINMM.dll
0x459444 mciSendStringA
0x459448 PlaySoundW
0x45944c mciSendStringW
0x459450 waveInClose
0x459454 waveInStop
0x459458 waveInPrepareHeader
0x45945c waveInUnprepareHeader
0x459460 waveInOpen
0x459464 waveInAddBuffer
0x459468 waveInStart
WS2_32.dll
0x459470 gethostbyname
0x459474 WSASetLastError
0x459478 inet_addr
0x45947c gethostbyaddr
0x459480 getservbyport
0x459484 ntohs
0x459488 getservbyname
0x45948c htonl
0x459490 htons
0x459494 inet_ntoa
0x459498 closesocket
0x45949c WSAStartup
0x4594a0 send
0x4594a4 socket
0x4594a8 connect
0x4594ac recv
0x4594b0 WSAGetLastError
urlmon.dll
0x4594f0 URLDownloadToFileW
0x4594f4 URLOpenBlockingStreamW
gdiplus.dll
0x4594b8 GdipSaveImageToStream
0x4594bc GdipDisposeImage
0x4594c0 GdipGetImageEncodersSize
0x4594c4 GdiplusStartup
0x4594c8 GdipGetImageEncoders
0x4594cc GdipCloneImage
0x4594d0 GdipAlloc
0x4594d4 GdipFree
0x4594d8 GdipLoadImageFromStream
WININET.dll
0x459430 InternetReadFile
0x459434 InternetOpenUrlW
0x459438 InternetOpenW
0x45943c InternetCloseHandle
EAT(Export Address Table) is none