ScreenShot
| Created | 2025.04.14 10:19 | Machine | s1_win7_x6403 |
| Filename | remcos_a.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 66 detected (NmePomklM, Remcos, Malicious, score, RemcosRI, S28628436, Dacic, Unsafe, Save, confidence, 100%, Kryptik, Genus, Attribute, HighConfidence, Windows, Rescoms, MalwareX, jrvcmj, CLASSIC, Siggen18, SMCHD, Real Protect, Static AI, Malicious PE, hlqfz, Detected, Bucaspys, JUMH, RemcosRAT, R507877, FDQO, Genetic, susgen) | ||
| md5 | e3aecc3188eac24edb8e34f5044b3a6a | ||
| sha256 | 782895a1a1f924fd2a8271667f7749723bbc02a2db458e56bd270f2ee122b88d | ||
| ssdeep | 12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSSn9:uiLJbpI7I2WhQqZ7S9 | ||
| imphash | 5d354883fe6f15fcf48045037a99fb7a | ||
| impfuzzy | 96:TSzHsXpYocp+1ZMbZZQSW1ZfGL+tr9bKNUz7KgKd3YduaMGzu:T95wZ5WhtrlPiZfa1u | ||
Network IP location
Signature (26cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 66 AntiVirus engines on VirusTotal as malicious |
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | Executed a process and injected code into it |
| warning | Disables Windows Security features |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more non-whitelisted processes were created |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (40cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Client_SW_User_Data_Stealer | Client_SW_User_Data_Stealer | memory |
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (download) |
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| danger | Win_Backdoor_RemcosRAT | Win Backdoor RemcosRAT | memory |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | infoStealer_browser_Zero | browser info stealer | memory |
| watch | Chrome_User_Data_Check_Zero | Google Chrome User Data Check | memory |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (download) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | Network_Downloader | File Downloader | memory |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | Create_Service | Create a windows service | memory |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | Generic_PWS_Memory_Zero | PWS Memory | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| notice | Network_DNS | Communications use DNS | memory |
| notice | Network_TCP_Socket | Communications over RAW Socket | memory |
| notice | Sniff_Audio | Record Audio | memory |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
| info | win_hook | Affect hook table | memory |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4560b0 CopyFileW
0x4560b4 CreateMutexA
0x4560b8 GetLocaleInfoA
0x4560bc CreateToolhelp32Snapshot
0x4560c0 OpenMutexA
0x4560c4 Process32NextW
0x4560c8 Process32FirstW
0x4560cc VirtualProtect
0x4560d0 SetLastError
0x4560d4 VirtualFree
0x4560d8 VirtualAlloc
0x4560dc GetNativeSystemInfo
0x4560e0 HeapAlloc
0x4560e4 GetProcessHeap
0x4560e8 FreeLibrary
0x4560ec IsBadReadPtr
0x4560f0 GetTempPathW
0x4560f4 OpenProcess
0x4560f8 lstrcatW
0x4560fc GetCurrentProcessId
0x456100 GetTempFileNameW
0x456104 GetCurrentProcess
0x456108 GetSystemDirectoryA
0x45610c GlobalAlloc
0x456110 GlobalLock
0x456114 GetTickCount
0x456118 GlobalUnlock
0x45611c WriteProcessMemory
0x456120 ResumeThread
0x456124 GetThreadContext
0x456128 ReadProcessMemory
0x45612c CreateProcessW
0x456130 SetThreadContext
0x456134 LocalAlloc
0x456138 GlobalFree
0x45613c MulDiv
0x456140 SizeofResource
0x456144 SetFilePointer
0x456148 FindResourceA
0x45614c LockResource
0x456150 LoadResource
0x456154 LocalFree
0x456158 FormatMessageA
0x45615c AllocConsole
0x456160 GetModuleFileNameA
0x456164 lstrcpynA
0x456168 QueryPerformanceFrequency
0x45616c GetLongPathNameW
0x456170 EnterCriticalSection
0x456174 LeaveCriticalSection
0x456178 InitializeCriticalSection
0x45617c DeleteCriticalSection
0x456180 HeapSize
0x456184 WriteConsoleW
0x456188 SetStdHandle
0x45618c SetEnvironmentVariableW
0x456190 SetEnvironmentVariableA
0x456194 FreeEnvironmentStringsW
0x456198 GetEnvironmentStringsW
0x45619c GetCommandLineW
0x4561a0 GetCommandLineA
0x4561a4 GetOEMCP
0x4561a8 IsValidCodePage
0x4561ac FindFirstFileExA
0x4561b0 ReadConsoleW
0x4561b4 GetConsoleMode
0x4561b8 GetConsoleCP
0x4561bc FlushFileBuffers
0x4561c0 GetFileType
0x4561c4 GetTimeZoneInformation
0x4561c8 EnumSystemLocalesW
0x4561cc GetUserDefaultLCID
0x4561d0 IsValidLocale
0x4561d4 GetTimeFormatW
0x4561d8 GetDateFormatW
0x4561dc HeapReAlloc
0x4561e0 GetACP
0x4561e4 GetStdHandle
0x4561e8 GetModuleHandleExW
0x4561ec MoveFileExW
0x4561f0 RtlUnwind
0x4561f4 RaiseException
0x4561f8 LoadLibraryExW
0x4561fc GetCPInfo
0x456200 GetStringTypeW
0x456204 GetLocaleInfoW
0x456208 LCMapStringW
0x45620c CompareStringW
0x456210 TlsFree
0x456214 TlsSetValue
0x456218 ExpandEnvironmentStringsA
0x45621c FindNextFileA
0x456220 FindFirstFileA
0x456224 GetFileSize
0x456228 TerminateThread
0x45622c GetLastError
0x456230 SetFileAttributesW
0x456234 GetModuleHandleA
0x456238 RemoveDirectoryW
0x45623c MoveFileW
0x456240 CreateDirectoryW
0x456244 SetFilePointerEx
0x456248 GetLogicalDriveStringsA
0x45624c DeleteFileW
0x456250 DeleteFileA
0x456254 GetFileAttributesW
0x456258 FindClose
0x45625c lstrlenA
0x456260 GetDriveTypeA
0x456264 FindNextFileW
0x456268 GetFileSizeEx
0x45626c FindFirstFileW
0x456270 ExitProcess
0x456274 GetProcAddress
0x456278 LoadLibraryA
0x45627c CreateProcessA
0x456280 PeekNamedPipe
0x456284 CreatePipe
0x456288 TerminateProcess
0x45628c ReadFile
0x456290 HeapFree
0x456294 HeapCreate
0x456298 CreateEventA
0x45629c GetLocalTime
0x4562a0 CreateThread
0x4562a4 SetEvent
0x4562a8 CreateEventW
0x4562ac WaitForSingleObject
0x4562b0 Sleep
0x4562b4 GetModuleFileNameW
0x4562b8 CloseHandle
0x4562bc ExitThread
0x4562c0 CreateFileW
0x4562c4 WriteFile
0x4562c8 QueryPerformanceCounter
0x4562cc TlsGetValue
0x4562d0 TlsAlloc
0x4562d4 InitializeCriticalSectionAndSpinCount
0x4562d8 MultiByteToWideChar
0x4562dc DecodePointer
0x4562e0 EncodePointer
0x4562e4 WideCharToMultiByte
0x4562e8 InitializeSListHead
0x4562ec GetSystemTimeAsFileTime
0x4562f0 GetCurrentThreadId
0x4562f4 IsProcessorFeaturePresent
0x4562f8 GetStartupInfoW
0x4562fc SetUnhandledExceptionFilter
0x456300 UnhandledExceptionFilter
0x456304 IsDebuggerPresent
0x456308 GetModuleHandleW
0x45630c WaitForSingleObjectEx
0x456310 ResetEvent
0x456314 SetEndOfFile
USER32.dll
0x456340 CallNextHookEx
0x456344 GetKeyboardLayoutNameA
0x456348 GetKeyState
0x45634c GetWindowTextLengthW
0x456350 GetWindowThreadProcessId
0x456354 SetForegroundWindow
0x456358 SetClipboardData
0x45635c EnumWindows
0x456360 ExitWindowsEx
0x456364 TranslateMessage
0x456368 DispatchMessageA
0x45636c GetMessageA
0x456370 GetWindowTextW
0x456374 wsprintfW
0x456378 GetClipboardData
0x45637c UnhookWindowsHookEx
0x456380 GetForegroundWindow
0x456384 ToUnicodeEx
0x456388 GetKeyboardLayout
0x45638c SetWindowsHookExA
0x456390 CloseClipboard
0x456394 OpenClipboard
0x456398 GetKeyboardState
0x45639c DrawIcon
0x4563a0 GetSystemMetrics
0x4563a4 GetIconInfo
0x4563a8 SystemParametersInfoW
0x4563ac GetCursorPos
0x4563b0 RegisterClassExA
0x4563b4 AppendMenuA
0x4563b8 mouse_event
0x4563bc CreateWindowExA
0x4563c0 DefWindowProcA
0x4563c4 TrackPopupMenu
0x4563c8 CreatePopupMenu
0x4563cc EnumDisplaySettingsW
0x4563d0 SendInput
0x4563d4 CloseWindow
0x4563d8 EmptyClipboard
0x4563dc ShowWindow
0x4563e0 SetWindowTextW
0x4563e4 MessageBoxW
0x4563e8 IsWindowVisible
GDI32.dll
0x456088 CreateCompatibleBitmap
0x45608c SelectObject
0x456090 CreateCompatibleDC
0x456094 StretchBlt
0x456098 GetDIBits
0x45609c DeleteDC
0x4560a0 DeleteObject
0x4560a4 CreateDCA
0x4560a8 GetObjectA
ADVAPI32.dll
0x456000 CryptAcquireContextA
0x456004 CryptGenRandom
0x456008 CryptReleaseContext
0x45600c GetUserNameW
0x456010 RegEnumKeyExA
0x456014 QueryServiceStatus
0x456018 CloseServiceHandle
0x45601c OpenSCManagerW
0x456020 OpenSCManagerA
0x456024 ControlService
0x456028 StartServiceW
0x45602c QueryServiceConfigW
0x456030 ChangeServiceConfigW
0x456034 OpenServiceW
0x456038 EnumServicesStatusW
0x45603c AdjustTokenPrivileges
0x456040 LookupPrivilegeValueA
0x456044 OpenProcessToken
0x456048 RegCreateKeyA
0x45604c RegCloseKey
0x456050 RegQueryInfoKeyW
0x456054 RegQueryValueExA
0x456058 RegCreateKeyExW
0x45605c RegEnumKeyExW
0x456060 RegSetValueExW
0x456064 RegSetValueExA
0x456068 RegOpenKeyExA
0x45606c RegOpenKeyExW
0x456070 RegCreateKeyW
0x456074 RegDeleteValueW
0x456078 RegEnumValueW
0x45607c RegQueryValueExW
0x456080 RegDeleteKeyA
SHELL32.dll
0x45631c ShellExecuteExA
0x456320 Shell_NotifyIconA
0x456324 ExtractIconA
0x456328 ShellExecuteW
SHLWAPI.dll
0x456330 StrToIntA
0x456334 PathFileExistsW
0x456338 PathFileExistsA
WINMM.dll
0x456404 waveInPrepareHeader
0x456408 waveInStop
0x45640c waveInUnprepareHeader
0x456410 mciSendStringA
0x456414 PlaySoundW
0x456418 waveInOpen
0x45641c waveInStart
0x456420 waveInAddBuffer
0x456424 waveInClose
0x456428 mciSendStringW
WS2_32.dll
0x456430 WSAGetLastError
0x456434 recv
0x456438 connect
0x45643c socket
0x456440 send
0x456444 WSAStartup
0x456448 closesocket
0x45644c inet_ntoa
0x456450 gethostbyname
0x456454 WSASetLastError
0x456458 inet_addr
0x45645c gethostbyaddr
0x456460 getservbyport
0x456464 ntohs
0x456468 getservbyname
0x45646c htons
0x456470 htonl
urlmon.dll
0x4564a0 URLDownloadToFileW
0x4564a4 URLOpenBlockingStreamW
gdiplus.dll
0x456478 GdiplusStartup
0x45647c GdipGetImageEncoders
0x456480 GdipCloneImage
0x456484 GdipAlloc
0x456488 GdipDisposeImage
0x45648c GdipFree
0x456490 GdipGetImageEncodersSize
0x456494 GdipSaveImageToStream
0x456498 GdipLoadImageFromStream
WININET.dll
0x4563f0 InternetOpenUrlW
0x4563f4 InternetCloseHandle
0x4563f8 InternetReadFile
0x4563fc InternetOpenW
EAT(Export Address Table) is none
KERNEL32.dll
0x4560b0 CopyFileW
0x4560b4 CreateMutexA
0x4560b8 GetLocaleInfoA
0x4560bc CreateToolhelp32Snapshot
0x4560c0 OpenMutexA
0x4560c4 Process32NextW
0x4560c8 Process32FirstW
0x4560cc VirtualProtect
0x4560d0 SetLastError
0x4560d4 VirtualFree
0x4560d8 VirtualAlloc
0x4560dc GetNativeSystemInfo
0x4560e0 HeapAlloc
0x4560e4 GetProcessHeap
0x4560e8 FreeLibrary
0x4560ec IsBadReadPtr
0x4560f0 GetTempPathW
0x4560f4 OpenProcess
0x4560f8 lstrcatW
0x4560fc GetCurrentProcessId
0x456100 GetTempFileNameW
0x456104 GetCurrentProcess
0x456108 GetSystemDirectoryA
0x45610c GlobalAlloc
0x456110 GlobalLock
0x456114 GetTickCount
0x456118 GlobalUnlock
0x45611c WriteProcessMemory
0x456120 ResumeThread
0x456124 GetThreadContext
0x456128 ReadProcessMemory
0x45612c CreateProcessW
0x456130 SetThreadContext
0x456134 LocalAlloc
0x456138 GlobalFree
0x45613c MulDiv
0x456140 SizeofResource
0x456144 SetFilePointer
0x456148 FindResourceA
0x45614c LockResource
0x456150 LoadResource
0x456154 LocalFree
0x456158 FormatMessageA
0x45615c AllocConsole
0x456160 GetModuleFileNameA
0x456164 lstrcpynA
0x456168 QueryPerformanceFrequency
0x45616c GetLongPathNameW
0x456170 EnterCriticalSection
0x456174 LeaveCriticalSection
0x456178 InitializeCriticalSection
0x45617c DeleteCriticalSection
0x456180 HeapSize
0x456184 WriteConsoleW
0x456188 SetStdHandle
0x45618c SetEnvironmentVariableW
0x456190 SetEnvironmentVariableA
0x456194 FreeEnvironmentStringsW
0x456198 GetEnvironmentStringsW
0x45619c GetCommandLineW
0x4561a0 GetCommandLineA
0x4561a4 GetOEMCP
0x4561a8 IsValidCodePage
0x4561ac FindFirstFileExA
0x4561b0 ReadConsoleW
0x4561b4 GetConsoleMode
0x4561b8 GetConsoleCP
0x4561bc FlushFileBuffers
0x4561c0 GetFileType
0x4561c4 GetTimeZoneInformation
0x4561c8 EnumSystemLocalesW
0x4561cc GetUserDefaultLCID
0x4561d0 IsValidLocale
0x4561d4 GetTimeFormatW
0x4561d8 GetDateFormatW
0x4561dc HeapReAlloc
0x4561e0 GetACP
0x4561e4 GetStdHandle
0x4561e8 GetModuleHandleExW
0x4561ec MoveFileExW
0x4561f0 RtlUnwind
0x4561f4 RaiseException
0x4561f8 LoadLibraryExW
0x4561fc GetCPInfo
0x456200 GetStringTypeW
0x456204 GetLocaleInfoW
0x456208 LCMapStringW
0x45620c CompareStringW
0x456210 TlsFree
0x456214 TlsSetValue
0x456218 ExpandEnvironmentStringsA
0x45621c FindNextFileA
0x456220 FindFirstFileA
0x456224 GetFileSize
0x456228 TerminateThread
0x45622c GetLastError
0x456230 SetFileAttributesW
0x456234 GetModuleHandleA
0x456238 RemoveDirectoryW
0x45623c MoveFileW
0x456240 CreateDirectoryW
0x456244 SetFilePointerEx
0x456248 GetLogicalDriveStringsA
0x45624c DeleteFileW
0x456250 DeleteFileA
0x456254 GetFileAttributesW
0x456258 FindClose
0x45625c lstrlenA
0x456260 GetDriveTypeA
0x456264 FindNextFileW
0x456268 GetFileSizeEx
0x45626c FindFirstFileW
0x456270 ExitProcess
0x456274 GetProcAddress
0x456278 LoadLibraryA
0x45627c CreateProcessA
0x456280 PeekNamedPipe
0x456284 CreatePipe
0x456288 TerminateProcess
0x45628c ReadFile
0x456290 HeapFree
0x456294 HeapCreate
0x456298 CreateEventA
0x45629c GetLocalTime
0x4562a0 CreateThread
0x4562a4 SetEvent
0x4562a8 CreateEventW
0x4562ac WaitForSingleObject
0x4562b0 Sleep
0x4562b4 GetModuleFileNameW
0x4562b8 CloseHandle
0x4562bc ExitThread
0x4562c0 CreateFileW
0x4562c4 WriteFile
0x4562c8 QueryPerformanceCounter
0x4562cc TlsGetValue
0x4562d0 TlsAlloc
0x4562d4 InitializeCriticalSectionAndSpinCount
0x4562d8 MultiByteToWideChar
0x4562dc DecodePointer
0x4562e0 EncodePointer
0x4562e4 WideCharToMultiByte
0x4562e8 InitializeSListHead
0x4562ec GetSystemTimeAsFileTime
0x4562f0 GetCurrentThreadId
0x4562f4 IsProcessorFeaturePresent
0x4562f8 GetStartupInfoW
0x4562fc SetUnhandledExceptionFilter
0x456300 UnhandledExceptionFilter
0x456304 IsDebuggerPresent
0x456308 GetModuleHandleW
0x45630c WaitForSingleObjectEx
0x456310 ResetEvent
0x456314 SetEndOfFile
USER32.dll
0x456340 CallNextHookEx
0x456344 GetKeyboardLayoutNameA
0x456348 GetKeyState
0x45634c GetWindowTextLengthW
0x456350 GetWindowThreadProcessId
0x456354 SetForegroundWindow
0x456358 SetClipboardData
0x45635c EnumWindows
0x456360 ExitWindowsEx
0x456364 TranslateMessage
0x456368 DispatchMessageA
0x45636c GetMessageA
0x456370 GetWindowTextW
0x456374 wsprintfW
0x456378 GetClipboardData
0x45637c UnhookWindowsHookEx
0x456380 GetForegroundWindow
0x456384 ToUnicodeEx
0x456388 GetKeyboardLayout
0x45638c SetWindowsHookExA
0x456390 CloseClipboard
0x456394 OpenClipboard
0x456398 GetKeyboardState
0x45639c DrawIcon
0x4563a0 GetSystemMetrics
0x4563a4 GetIconInfo
0x4563a8 SystemParametersInfoW
0x4563ac GetCursorPos
0x4563b0 RegisterClassExA
0x4563b4 AppendMenuA
0x4563b8 mouse_event
0x4563bc CreateWindowExA
0x4563c0 DefWindowProcA
0x4563c4 TrackPopupMenu
0x4563c8 CreatePopupMenu
0x4563cc EnumDisplaySettingsW
0x4563d0 SendInput
0x4563d4 CloseWindow
0x4563d8 EmptyClipboard
0x4563dc ShowWindow
0x4563e0 SetWindowTextW
0x4563e4 MessageBoxW
0x4563e8 IsWindowVisible
GDI32.dll
0x456088 CreateCompatibleBitmap
0x45608c SelectObject
0x456090 CreateCompatibleDC
0x456094 StretchBlt
0x456098 GetDIBits
0x45609c DeleteDC
0x4560a0 DeleteObject
0x4560a4 CreateDCA
0x4560a8 GetObjectA
ADVAPI32.dll
0x456000 CryptAcquireContextA
0x456004 CryptGenRandom
0x456008 CryptReleaseContext
0x45600c GetUserNameW
0x456010 RegEnumKeyExA
0x456014 QueryServiceStatus
0x456018 CloseServiceHandle
0x45601c OpenSCManagerW
0x456020 OpenSCManagerA
0x456024 ControlService
0x456028 StartServiceW
0x45602c QueryServiceConfigW
0x456030 ChangeServiceConfigW
0x456034 OpenServiceW
0x456038 EnumServicesStatusW
0x45603c AdjustTokenPrivileges
0x456040 LookupPrivilegeValueA
0x456044 OpenProcessToken
0x456048 RegCreateKeyA
0x45604c RegCloseKey
0x456050 RegQueryInfoKeyW
0x456054 RegQueryValueExA
0x456058 RegCreateKeyExW
0x45605c RegEnumKeyExW
0x456060 RegSetValueExW
0x456064 RegSetValueExA
0x456068 RegOpenKeyExA
0x45606c RegOpenKeyExW
0x456070 RegCreateKeyW
0x456074 RegDeleteValueW
0x456078 RegEnumValueW
0x45607c RegQueryValueExW
0x456080 RegDeleteKeyA
SHELL32.dll
0x45631c ShellExecuteExA
0x456320 Shell_NotifyIconA
0x456324 ExtractIconA
0x456328 ShellExecuteW
SHLWAPI.dll
0x456330 StrToIntA
0x456334 PathFileExistsW
0x456338 PathFileExistsA
WINMM.dll
0x456404 waveInPrepareHeader
0x456408 waveInStop
0x45640c waveInUnprepareHeader
0x456410 mciSendStringA
0x456414 PlaySoundW
0x456418 waveInOpen
0x45641c waveInStart
0x456420 waveInAddBuffer
0x456424 waveInClose
0x456428 mciSendStringW
WS2_32.dll
0x456430 WSAGetLastError
0x456434 recv
0x456438 connect
0x45643c socket
0x456440 send
0x456444 WSAStartup
0x456448 closesocket
0x45644c inet_ntoa
0x456450 gethostbyname
0x456454 WSASetLastError
0x456458 inet_addr
0x45645c gethostbyaddr
0x456460 getservbyport
0x456464 ntohs
0x456468 getservbyname
0x45646c htons
0x456470 htonl
urlmon.dll
0x4564a0 URLDownloadToFileW
0x4564a4 URLOpenBlockingStreamW
gdiplus.dll
0x456478 GdiplusStartup
0x45647c GdipGetImageEncoders
0x456480 GdipCloneImage
0x456484 GdipAlloc
0x456488 GdipDisposeImage
0x45648c GdipFree
0x456490 GdipGetImageEncodersSize
0x456494 GdipSaveImageToStream
0x456498 GdipLoadImageFromStream
WININET.dll
0x4563f0 InternetOpenUrlW
0x4563f4 InternetCloseHandle
0x4563f8 InternetReadFile
0x4563fc InternetOpenW
EAT(Export Address Table) is none