VTI SCORE: 100/100
| Dynamic Analysis Report |
| Classification: Spyware |
75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783 (SHA256)
volumesound.exe
Windows Exe (x86-32)
Created at 2018-11-06 10:28:00
This is a filtered view
This list contains only the embedded files and created files
| Filters: |
There are no files for this filter
There are no files in this analysis
| Filename | Category | Type | Severity | Actions |
|---|
| C:\Users\CIiHmnxMn6Ps\Desktop\volumesound.exe | Sample File | Binary |
Suspicious
|
...
|
»
| Mime Type | application/x-dosexec |
| File Size | 422.00 KB |
| MD5 |
9cc1c14059b17532c4aa410d7b0c1601
|
| SHA1 |
81f4fdeeb08c80ec96798d9aec28d986a572042c
|
| SHA256 |
75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783
|
| SSDeep |
6144:2gkc4XJqHujPpYCv9zr73VVO1cVOoqOkGSZNqlYOTZ/VBLPnV5:2cqJ4gPpxx7FQ1cIQ/eQYwZD
|
| ImpHash |
63193aeec7ed00f517dabab99d33a35e
|
File Reputation Information
»
| Severity |
Suspicious
|
| First Seen | 2018-11-06 10:58 (UTC+1) |
| Last Seen | 2018-11-06 10:58 (UTC+1) |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x422b20 |
| Size Of Code | 0x39400 |
| Size Of Initialized Data | 0x30000 |
| File Type | executable |
| Subsystem | windows_gui |
| Machine Type | i386 |
| Compile Timestamp | 2018-11-05 02:53:55+00:00 |
Version Information (12)
»
| LegalCopyright | Copyright © 1995-Present |
| InternalName | ShadwedGraphic |
| FileVersion | 1.6.5.7 |
| CompanyName | SiSoftware |
| FileDescription | Youtube Wearing Getversinex Nlx Unlike |
| LegalTrademarks | Copyright © 1995-Present |
| Comments | Youtube Wearing Getversinex Nlx Unlike |
| ProductName | ShadwedGraphic |
| Languages | English |
| ProductVersion | 1.6.5.7 |
| PrivateBuild | 1.6.5.7 |
| OriginalFilename | ShadwedGraphic.exe |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x392e9 | 0x39400 | 0x400 | cnt_code, mem_execute, mem_read | 6.74 |
| .rdata | 0x43b000 | 0xa234 | 0xa400 | 0x39800 | cnt_initialized_data, mem_read | 5.44 |
| .data | 0x446000 | 0x4148 | 0x2200 | 0x43c00 | cnt_initialized_data, mem_read, mem_write | 4.18 |
| .rsrc | 0x44b000 | 0x1f010 | 0x1f200 | 0x45e00 | cnt_initialized_data, mem_read | 6.96 |
| .reloc | 0x46b000 | 0x47f2 | 0x4800 | 0x65000 | cnt_initialized_data, mem_discardable, mem_read | 5.79 |
Imports (12)
»
KERNEL32.dll (124)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetStringTypeA | 0x0 | 0x43b108 | 0x438a8 | 0x420a8 | 0x23d |
| IsValidLocale | 0x0 | 0x43b10c | 0x438ac | 0x420ac | 0x2dd |
| EnumSystemLocalesA | 0x0 | 0x43b110 | 0x438b0 | 0x420b0 | 0xf8 |
| GetLocaleInfoA | 0x0 | 0x43b114 | 0x438b4 | 0x420b4 | 0x1e8 |
| GetUserDefaultLCID | 0x0 | 0x43b118 | 0x438b8 | 0x420b8 | 0x26d |
| GetSystemTimeAsFileTime | 0x0 | 0x43b11c | 0x438bc | 0x420bc | 0x24f |
| GetCurrentProcessId | 0x0 | 0x43b120 | 0x438c0 | 0x420c0 | 0x1aa |
| GetTickCount | 0x0 | 0x43b124 | 0x438c4 | 0x420c4 | 0x266 |
| QueryPerformanceCounter | 0x0 | 0x43b128 | 0x438c8 | 0x420c8 | 0x354 |
| GetEnvironmentStringsW | 0x0 | 0x43b12c | 0x438cc | 0x420cc | 0x1c1 |
| FreeEnvironmentStringsW | 0x0 | 0x43b130 | 0x438d0 | 0x420d0 | 0x14b |
| GetEnvironmentStrings | 0x0 | 0x43b134 | 0x438d4 | 0x420d4 | 0x1bf |
| FreeEnvironmentStringsA | 0x0 | 0x43b138 | 0x438d8 | 0x420d8 | 0x14a |
| IsValidCodePage | 0x0 | 0x43b13c | 0x438dc | 0x420dc | 0x2db |
| GetOEMCP | 0x0 | 0x43b140 | 0x438e0 | 0x420e0 | 0x213 |
| GetACP | 0x0 | 0x43b144 | 0x438e4 | 0x420e4 | 0x152 |
| HeapSize | 0x0 | 0x43b148 | 0x438e8 | 0x420e8 | 0x2a6 |
| ExitProcess | 0x0 | 0x43b14c | 0x438ec | 0x420ec | 0x104 |
| SetFilePointer | 0x0 | 0x43b150 | 0x438f0 | 0x420f0 | 0x3df |
| GetCurrentThreadId | 0x0 | 0x43b154 | 0x438f4 | 0x420f4 | 0x1ad |
| SetLastError | 0x0 | 0x43b158 | 0x438f8 | 0x420f8 | 0x3ec |
| TlsFree | 0x0 | 0x43b15c | 0x438fc | 0x420fc | 0x433 |
| TlsSetValue | 0x0 | 0x43b160 | 0x43900 | 0x42100 | 0x435 |
| TlsAlloc | 0x0 | 0x43b164 | 0x43904 | 0x42104 | 0x432 |
| TlsGetValue | 0x0 | 0x43b168 | 0x43908 | 0x42108 | 0x434 |
| GetModuleHandleW | 0x0 | 0x43b16c | 0x4390c | 0x4210c | 0x1f9 |
| FlushFileBuffers | 0x0 | 0x43b170 | 0x43910 | 0x42110 | 0x141 |
| GetConsoleMode | 0x0 | 0x43b174 | 0x43914 | 0x42114 | 0x195 |
| GetConsoleCP | 0x0 | 0x43b178 | 0x43918 | 0x42118 | 0x183 |
| HeapReAlloc | 0x0 | 0x43b17c | 0x4391c | 0x4211c | 0x2a4 |
| GetStringTypeW | 0x0 | 0x43b180 | 0x43920 | 0x42120 | 0x240 |
| HeapCreate | 0x0 | 0x43b184 | 0x43924 | 0x42124 | 0x29f |
| HeapAlloc | 0x0 | 0x43b188 | 0x43928 | 0x42128 | 0x29d |
| GetFileType | 0x0 | 0x43b18c | 0x4392c | 0x4212c | 0x1d7 |
| GetStdHandle | 0x0 | 0x43b190 | 0x43930 | 0x42130 | 0x23b |
| SetHandleCount | 0x0 | 0x43b194 | 0x43934 | 0x42134 | 0x3e8 |
| GetCPInfo | 0x0 | 0x43b198 | 0x43938 | 0x42138 | 0x15b |
| LCMapStringW | 0x0 | 0x43b19c | 0x4393c | 0x4213c | 0x2e3 |
| WideCharToMultiByte | 0x0 | 0x43b1a0 | 0x43940 | 0x42140 | 0x47a |
| LCMapStringA | 0x0 | 0x43b1a4 | 0x43944 | 0x42144 | 0x2e1 |
| MultiByteToWideChar | 0x0 | 0x43b1a8 | 0x43948 | 0x42148 | 0x31a |
| RaiseException | 0x0 | 0x43b1ac | 0x4394c | 0x4214c | 0x35a |
| RtlUnwind | 0x0 | 0x43b1b0 | 0x43950 | 0x42150 | 0x392 |
| GetStartupInfoA | 0x0 | 0x43b1b4 | 0x43954 | 0x42154 | 0x239 |
| GetCommandLineA | 0x0 | 0x43b1b8 | 0x43958 | 0x42158 | 0x16f |
| MoveFileA | 0x0 | 0x43b1bc | 0x4395c | 0x4215c | 0x311 |
| CreateThread | 0x0 | 0x43b1c0 | 0x43960 | 0x42160 | 0xa3 |
| ResumeThread | 0x0 | 0x43b1c4 | 0x43964 | 0x42164 | 0x38d |
| ExitThread | 0x0 | 0x43b1c8 | 0x43968 | 0x42168 | 0x105 |
| IsDebuggerPresent | 0x0 | 0x43b1cc | 0x4396c | 0x4216c | 0x2d1 |
| SetUnhandledExceptionFilter | 0x0 | 0x43b1d0 | 0x43970 | 0x42170 | 0x415 |
| UnhandledExceptionFilter | 0x0 | 0x43b1d4 | 0x43974 | 0x42174 | 0x43e |
| TerminateProcess | 0x0 | 0x43b1d8 | 0x43978 | 0x42178 | 0x42d |
| HeapFree | 0x0 | 0x43b1dc | 0x4397c | 0x4217c | 0x2a1 |
| LeaveCriticalSection | 0x0 | 0x43b1e0 | 0x43980 | 0x42180 | 0x2ef |
| EnterCriticalSection | 0x0 | 0x43b1e4 | 0x43984 | 0x42184 | 0xd9 |
| DeleteCriticalSection | 0x0 | 0x43b1e8 | 0x43988 | 0x42188 | 0xbe |
| InitializeCriticalSection | 0x0 | 0x43b1ec | 0x4398c | 0x4218c | 0x2b4 |
| Sleep | 0x0 | 0x43b1f0 | 0x43990 | 0x42190 | 0x421 |
| InterlockedDecrement | 0x0 | 0x43b1f4 | 0x43994 | 0x42194 | 0x2bc |
| InterlockedIncrement | 0x0 | 0x43b1f8 | 0x43998 | 0x42198 | 0x2c0 |
| InitializeCriticalSectionAndSpinCount | 0x0 | 0x43b1fc | 0x4399c | 0x4219c | 0x2b5 |
| WriteConsoleA | 0x0 | 0x43b200 | 0x439a0 | 0x421a0 | 0x482 |
| GetConsoleOutputCP | 0x0 | 0x43b204 | 0x439a4 | 0x421a4 | 0x199 |
| WriteConsoleW | 0x0 | 0x43b208 | 0x439a8 | 0x421a8 | 0x48c |
| SetStdHandle | 0x0 | 0x43b20c | 0x439ac | 0x421ac | 0x3fc |
| LoadLibraryA | 0x0 | 0x43b210 | 0x439b0 | 0x421b0 | 0x2f1 |
| GetLocaleInfoW | 0x0 | 0x43b214 | 0x439b4 | 0x421b4 | 0x1ea |
| CreateFileA | 0x0 | 0x43b218 | 0x439b8 | 0x421b8 | 0x78 |
| SetEndOfFile | 0x0 | 0x43b21c | 0x439bc | 0x421bc | 0x3cd |
| GetProcessHeap | 0x0 | 0x43b220 | 0x439c0 | 0x421c0 | 0x223 |
| GetProcAddress | 0x0 | 0x43b224 | 0x439c4 | 0x421c4 | 0x220 |
| GetTimeZoneInformation | 0x0 | 0x43b228 | 0x439c8 | 0x421c8 | 0x26b |
| GetFileAttributesA | 0x0 | 0x43b22c | 0x439cc | 0x421cc | 0x1c9 |
| GetDateFormatA | 0x0 | 0x43b230 | 0x439d0 | 0x421d0 | 0x1ae |
| GetTimeFormatA | 0x0 | 0x43b234 | 0x439d4 | 0x421d4 | 0x268 |
| lstrcmpA | 0x0 | 0x43b238 | 0x439d8 | 0x421d8 | 0x4a9 |
| _lopen | 0x0 | 0x43b23c | 0x439dc | 0x421dc | 0x4a2 |
| FindFirstChangeNotificationA | 0x0 | 0x43b240 | 0x439e0 | 0x421e0 | 0x11b |
| FindNextChangeNotification | 0x0 | 0x43b244 | 0x439e4 | 0x421e4 | 0x12d |
| CreateEventW | 0x0 | 0x43b248 | 0x439e8 | 0x421e8 | 0x75 |
| CancelIoEx | 0x0 | 0x43b24c | 0x439ec | 0x421ec | 0x34 |
| GlobalFree | 0x0 | 0x43b250 | 0x439f0 | 0x421f0 | 0x28c |
| VirtualProtectEx | 0x0 | 0x43b254 | 0x439f4 | 0x421f4 | 0x45b |
| LocalLock | 0x0 | 0x43b258 | 0x439f8 | 0x421f8 | 0x2ff |
| VirtualAlloc | 0x0 | 0x43b25c | 0x439fc | 0x421fc | 0x454 |
| GetLastError | 0x0 | 0x43b260 | 0x43a00 | 0x42200 | 0x1e6 |
| GetTempPathW | 0x0 | 0x43b264 | 0x43a04 | 0x42204 | 0x25b |
| GetOverlappedResult | 0x0 | 0x43b268 | 0x43a08 | 0x42208 | 0x214 |
| GetSystemTime | 0x0 | 0x43b26c | 0x43a0c | 0x4220c | 0x24d |
| CreateFileW | 0x0 | 0x43b270 | 0x43a10 | 0x42210 | 0x7f |
| ReadFile | 0x0 | 0x43b274 | 0x43a14 | 0x42214 | 0x368 |
| FindResourceExA | 0x0 | 0x43b278 | 0x43a18 | 0x42218 | 0x137 |
| AllocateUserPhysicalPages | 0x0 | 0x43b27c | 0x43a1c | 0x4221c | 0xf |
| GetUserDefaultLangID | 0x0 | 0x43b280 | 0x43a20 | 0x42220 | 0x26e |
| WriteFile | 0x0 | 0x43b284 | 0x43a24 | 0x42224 | 0x48d |
| GetCompressedFileSizeW | 0x0 | 0x43b288 | 0x43a28 | 0x42228 | 0x174 |
| _lclose | 0x0 | 0x43b28c | 0x43a2c | 0x4222c | 0x49f |
| FindCloseChangeNotification | 0x0 | 0x43b290 | 0x43a30 | 0x42230 | 0x11a |
| WaitForSingleObject | 0x0 | 0x43b294 | 0x43a34 | 0x42234 | 0x464 |
| GetCurrentProcess | 0x0 | 0x43b298 | 0x43a38 | 0x42238 | 0x1a9 |
| _lwrite | 0x0 | 0x43b29c | 0x43a3c | 0x4223c | 0x4a4 |
| LoadResource | 0x0 | 0x43b2a0 | 0x43a40 | 0x42240 | 0x2f6 |
| MapUserPhysicalPages | 0x0 | 0x43b2a4 | 0x43a44 | 0x42244 | 0x308 |
| LocalUnlock | 0x0 | 0x43b2a8 | 0x43a48 | 0x42248 | 0x303 |
| FileTimeToSystemTime | 0x0 | 0x43b2ac | 0x43a4c | 0x4224c | 0x110 |
| MulDiv | 0x0 | 0x43b2b0 | 0x43a50 | 0x42250 | 0x319 |
| GetCurrentDirectoryA | 0x0 | 0x43b2b4 | 0x43a54 | 0x42254 | 0x1a7 |
| CloseHandle | 0x0 | 0x43b2b8 | 0x43a58 | 0x42258 | 0x43 |
| CreateMutexA | 0x0 | 0x43b2bc | 0x43a5c | 0x4225c | 0x8b |
| GetModuleFileNameA | 0x0 | 0x43b2c0 | 0x43a60 | 0x42260 | 0x1f4 |
| WritePrivateProfileStringA | 0x0 | 0x43b2c4 | 0x43a64 | 0x42264 | 0x492 |
| OpenMutexA | 0x0 | 0x43b2c8 | 0x43a68 | 0x42268 | 0x32f |
| GetPrivateProfileStringA | 0x0 | 0x43b2cc | 0x43a6c | 0x4226c | 0x21c |
| GetPrivateProfileIntA | 0x0 | 0x43b2d0 | 0x43a70 | 0x42270 | 0x216 |
| CompareFileTime | 0x0 | 0x43b2d4 | 0x43a74 | 0x42274 | 0x51 |
| FindNextFileA | 0x0 | 0x43b2d8 | 0x43a78 | 0x42278 | 0x12e |
| FindClose | 0x0 | 0x43b2dc | 0x43a7c | 0x4227c | 0x119 |
| FindFirstFileA | 0x0 | 0x43b2e0 | 0x43a80 | 0x42280 | 0x11d |
| GetModuleHandleA | 0x0 | 0x43b2e4 | 0x43a84 | 0x42284 | 0x1f6 |
| GlobalUnlock | 0x0 | 0x43b2e8 | 0x43a88 | 0x42288 | 0x297 |
| GlobalAlloc | 0x0 | 0x43b2ec | 0x43a8c | 0x4228c | 0x285 |
| GlobalLock | 0x0 | 0x43b2f0 | 0x43a90 | 0x42290 | 0x290 |
| VirtualFree | 0x0 | 0x43b2f4 | 0x43a94 | 0x42294 | 0x457 |
USER32.dll (107)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DrawMenuBar | 0x0 | 0x43b340 | 0x43ae0 | 0x422e0 | 0xc1 |
| SetScrollPos | 0x0 | 0x43b344 | 0x43ae4 | 0x422e4 | 0x294 |
| SetScrollRange | 0x0 | 0x43b348 | 0x43ae8 | 0x422e8 | 0x295 |
| GetWindowTextLengthA | 0x0 | 0x43b34c | 0x43aec | 0x422ec | 0x18d |
| ExitWindowsEx | 0x0 | 0x43b350 | 0x43af0 | 0x422f0 | 0xee |
| MessageBoxW | 0x0 | 0x43b354 | 0x43af4 | 0x422f4 | 0x1ff |
| LoadIconA | 0x0 | 0x43b358 | 0x43af8 | 0x422f8 | 0x1d6 |
| DrawIcon | 0x0 | 0x43b35c | 0x43afc | 0x422fc | 0xbf |
| RegisterClassA | 0x0 | 0x43b360 | 0x43b00 | 0x42300 | 0x233 |
| GetWindow | 0x0 | 0x43b364 | 0x43b04 | 0x42304 | 0x17d |
| ScreenToClient | 0x0 | 0x43b368 | 0x43b08 | 0x42308 | 0x254 |
| OffsetRect | 0x0 | 0x43b36c | 0x43b0c | 0x4230c | 0x20e |
| SetDlgItemInt | 0x0 | 0x43b370 | 0x43b10 | 0x42310 | 0x275 |
| EnableWindow | 0x0 | 0x43b374 | 0x43b14 | 0x42314 | 0xd1 |
| LoadStringA | 0x0 | 0x43b378 | 0x43b18 | 0x42318 | 0x1e3 |
| DeleteMenu | 0x0 | 0x43b37c | 0x43b1c | 0x4231c | 0x98 |
| CreateMenu | 0x0 | 0x43b380 | 0x43b20 | 0x42320 | 0x64 |
| DialogBoxParamA | 0x0 | 0x43b384 | 0x43b24 | 0x42324 | 0xa5 |
| LoadCursorA | 0x0 | 0x43b388 | 0x43b28 | 0x42328 | 0x1d2 |
| CallWindowProcA | 0x0 | 0x43b38c | 0x43b2c | 0x4232c | 0x1c |
| EndDialog | 0x0 | 0x43b390 | 0x43b30 | 0x42330 | 0xd3 |
| AttachThreadInput | 0x0 | 0x43b394 | 0x43b34 | 0x42334 | 0xc |
| EnumDisplayMonitors | 0x0 | 0x43b398 | 0x43b38 | 0x42338 | 0xdf |
| CreatePopupMenu | 0x0 | 0x43b39c | 0x43b3c | 0x4233c | 0x65 |
| AppendMenuA | 0x0 | 0x43b3a0 | 0x43b40 | 0x42340 | 0x9 |
| UpdateWindow | 0x0 | 0x43b3a4 | 0x43b44 | 0x42344 | 0x2e9 |
| IsWindowEnabled | 0x0 | 0x43b3a8 | 0x43b48 | 0x42348 | 0x1c6 |
| DestroyWindow | 0x0 | 0x43b3ac | 0x43b4c | 0x4234c | 0xa0 |
| EnumWindows | 0x0 | 0x43b3b0 | 0x43b50 | 0x42350 | 0xeb |
| GetClassNameA | 0x0 | 0x43b3b4 | 0x43b54 | 0x42354 | 0x10a |
| GetSystemMetrics | 0x0 | 0x43b3b8 | 0x43b58 | 0x42358 | 0x16f |
| GetMenuItemCount | 0x0 | 0x43b3bc | 0x43b5c | 0x4235c | 0x142 |
| GetMessageA | 0x0 | 0x43b3c0 | 0x43b60 | 0x42360 | 0x14a |
| PostQuitMessage | 0x0 | 0x43b3c4 | 0x43b64 | 0x42364 | 0x220 |
| TrackPopupMenu | 0x0 | 0x43b3c8 | 0x43b68 | 0x42368 | 0x2cf |
| GetSubMenu | 0x0 | 0x43b3cc | 0x43b6c | 0x4236c | 0x16b |
| SetForegroundWindow | 0x0 | 0x43b3d0 | 0x43b70 | 0x42370 | 0x27a |
| IsDialogMessageA | 0x0 | 0x43b3d4 | 0x43b74 | 0x42374 | 0x1b8 |
| TranslateMessage | 0x0 | 0x43b3d8 | 0x43b78 | 0x42378 | 0x2d5 |
| MessageBoxA | 0x0 | 0x43b3dc | 0x43b7c | 0x4237c | 0x1f8 |
| EnableMenuItem | 0x0 | 0x43b3e0 | 0x43b80 | 0x42380 | 0xcf |
| TranslateAcceleratorA | 0x0 | 0x43b3e4 | 0x43b84 | 0x42384 | 0x2d2 |
| SetWindowPos | 0x0 | 0x43b3e8 | 0x43b88 | 0x42388 | 0x2a7 |
| LoadAcceleratorsA | 0x0 | 0x43b3ec | 0x43b8c | 0x4238c | 0x1ce |
| SetMenu | 0x0 | 0x43b3f0 | 0x43b90 | 0x42390 | 0x27f |
| GetActiveWindow | 0x0 | 0x43b3f4 | 0x43b94 | 0x42394 | 0xf9 |
| DispatchMessageA | 0x0 | 0x43b3f8 | 0x43b98 | 0x42398 | 0xa8 |
| CheckMenuItem | 0x0 | 0x43b3fc | 0x43b9c | 0x4239c | 0x3d |
| MoveWindow | 0x0 | 0x43b400 | 0x43ba0 | 0x423a0 | 0x205 |
| GetWindowTextA | 0x0 | 0x43b404 | 0x43ba4 | 0x423a4 | 0x18c |
| GetDlgItemInt | 0x0 | 0x43b408 | 0x43ba8 | 0x423a8 | 0x120 |
| CreateDialogParamA | 0x0 | 0x43b40c | 0x43bac | 0x423ac | 0x5c |
| CheckDlgButton | 0x0 | 0x43b410 | 0x43bb0 | 0x423b0 | 0x3c |
| IsDlgButtonChecked | 0x0 | 0x43b414 | 0x43bb4 | 0x423b4 | 0x1ba |
| LoadImageA | 0x0 | 0x43b418 | 0x43bb8 | 0x423b8 | 0x1d8 |
| SetTimer | 0x0 | 0x43b41c | 0x43bbc | 0x423bc | 0x29e |
| GetWindowRect | 0x0 | 0x43b420 | 0x43bc0 | 0x423c0 | 0x188 |
| KillTimer | 0x0 | 0x43b424 | 0x43bc4 | 0x423c4 | 0x1cd |
| LoadBitmapA | 0x0 | 0x43b428 | 0x43bc8 | 0x423c8 | 0x1d0 |
| GetClientRect | 0x0 | 0x43b42c | 0x43bcc | 0x423cc | 0x10d |
| DrawEdge | 0x0 | 0x43b430 | 0x43bd0 | 0x423d0 | 0xbb |
| ShowWindow | 0x0 | 0x43b434 | 0x43bd4 | 0x423d4 | 0x2b8 |
| PostMessageA | 0x0 | 0x43b438 | 0x43bd8 | 0x423d8 | 0x21e |
| IsWindowVisible | 0x0 | 0x43b43c | 0x43bdc | 0x423dc | 0x1ca |
| EndPaint | 0x0 | 0x43b440 | 0x43be0 | 0x423e0 | 0xd5 |
| CloseClipboard | 0x0 | 0x43b444 | 0x43be4 | 0x423e4 | 0x47 |
| HideCaret | 0x0 | 0x43b448 | 0x43be8 | 0x423e8 | 0x195 |
| RegisterClassExA | 0x0 | 0x43b44c | 0x43bec | 0x423ec | 0x234 |
| GetWindowDC | 0x0 | 0x43b450 | 0x43bf0 | 0x423f0 | 0x17f |
| GetClassInfoExA | 0x0 | 0x43b454 | 0x43bf4 | 0x423f4 | 0x105 |
| SetCapture | 0x0 | 0x43b458 | 0x43bf8 | 0x423f8 | 0x267 |
| GetKeyState | 0x0 | 0x43b45c | 0x43bfc | 0x423fc | 0x131 |
| GetFocus | 0x0 | 0x43b460 | 0x43c00 | 0x42400 | 0x124 |
| IsClipboardFormatAvailable | 0x0 | 0x43b464 | 0x43c04 | 0x42404 | 0x1b6 |
| SetFocus | 0x0 | 0x43b468 | 0x43c08 | 0x42408 | 0x279 |
| ShowCaret | 0x0 | 0x43b46c | 0x43c0c | 0x4240c | 0x2b2 |
| BeginPaint | 0x0 | 0x43b470 | 0x43c10 | 0x42410 | 0xe |
| GetUpdateRect | 0x0 | 0x43b474 | 0x43c14 | 0x42414 | 0x176 |
| GetCapture | 0x0 | 0x43b478 | 0x43c18 | 0x42418 | 0x101 |
| GetScrollInfo | 0x0 | 0x43b47c | 0x43c1c | 0x4241c | 0x166 |
| InvalidateRect | 0x0 | 0x43b480 | 0x43c20 | 0x42420 | 0x1aa |
| GetWindowLongA | 0x0 | 0x43b484 | 0x43c24 | 0x42424 | 0x181 |
| GetClipboardData | 0x0 | 0x43b488 | 0x43c28 | 0x42428 | 0x10f |
| CreateWindowExA | 0x0 | 0x43b48c | 0x43c2c | 0x4242c | 0x67 |
| EmptyClipboard | 0x0 | 0x43b490 | 0x43c30 | 0x42430 | 0xce |
| DefWindowProcA | 0x0 | 0x43b494 | 0x43c34 | 0x42434 | 0x95 |
| DestroyCaret | 0x0 | 0x43b498 | 0x43c38 | 0x42438 | 0x9b |
| GetSysColor | 0x0 | 0x43b49c | 0x43c3c | 0x4243c | 0x16c |
| GetCursorPos | 0x0 | 0x43b4a0 | 0x43c40 | 0x42440 | 0x119 |
| GetSysColorBrush | 0x0 | 0x43b4a4 | 0x43c44 | 0x42444 | 0x16d |
| CreateCaret | 0x0 | 0x43b4a8 | 0x43c48 | 0x42448 | 0x53 |
| OpenClipboard | 0x0 | 0x43b4ac | 0x43c4c | 0x4244c | 0x20f |
| SystemParametersInfoA | 0x0 | 0x43b4b0 | 0x43c50 | 0x42450 | 0x2c4 |
| ReleaseCapture | 0x0 | 0x43b4b4 | 0x43c54 | 0x42454 | 0x24b |
| SetCaretPos | 0x0 | 0x43b4b8 | 0x43c58 | 0x42458 | 0x269 |
| SetClipboardData | 0x0 | 0x43b4bc | 0x43c5c | 0x4245c | 0x26d |
| SetScrollInfo | 0x0 | 0x43b4c0 | 0x43c60 | 0x42460 | 0x293 |
| GetParent | 0x0 | 0x43b4c4 | 0x43c64 | 0x42464 | 0x155 |
| SetWindowTextA | 0x0 | 0x43b4c8 | 0x43c68 | 0x42468 | 0x2ab |
| SetDlgItemTextA | 0x0 | 0x43b4cc | 0x43c6c | 0x4246c | 0x276 |
| SetCursor | 0x0 | 0x43b4d0 | 0x43c70 | 0x42470 | 0x270 |
| SendDlgItemMessageA | 0x0 | 0x43b4d4 | 0x43c74 | 0x42474 | 0x259 |
| SendMessageA | 0x0 | 0x43b4d8 | 0x43c78 | 0x42478 | 0x25e |
| GetDC | 0x0 | 0x43b4dc | 0x43c7c | 0x4247c | 0x11a |
| SetWindowLongA | 0x0 | 0x43b4e0 | 0x43c80 | 0x42480 | 0x2a4 |
| ReleaseDC | 0x0 | 0x43b4e4 | 0x43c84 | 0x42484 | 0x24c |
| GetDlgItem | 0x0 | 0x43b4e8 | 0x43c88 | 0x42488 | 0x11f |
GDI32.dll (31)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RoundRect | 0x0 | 0x43b088 | 0x43828 | 0x42028 | 0x251 |
| EndDoc | 0x0 | 0x43b08c | 0x4382c | 0x4202c | 0xdb |
| CreateSolidBrush | 0x0 | 0x43b090 | 0x43830 | 0x42030 | 0x52 |
| TextOutA | 0x0 | 0x43b094 | 0x43834 | 0x42034 | 0x29f |
| SelectClipRgn | 0x0 | 0x43b098 | 0x43838 | 0x42038 | 0x25c |
| SetBkColor | 0x0 | 0x43b09c | 0x4383c | 0x4203c | 0x265 |
| CreateCompatibleDC | 0x0 | 0x43b0a0 | 0x43840 | 0x42040 | 0x2e |
| CreateFontIndirectA | 0x0 | 0x43b0a4 | 0x43844 | 0x42044 | 0x3b |
| DeleteDC | 0x0 | 0x43b0a8 | 0x43848 | 0x42048 | 0xcd |
| SetViewportOrgEx | 0x0 | 0x43b0ac | 0x4384c | 0x4204c | 0x290 |
| BitBlt | 0x0 | 0x43b0b0 | 0x43850 | 0x42050 | 0x12 |
| CreateFontA | 0x0 | 0x43b0b4 | 0x43854 | 0x42054 | 0x3a |
| Rectangle | 0x0 | 0x43b0b8 | 0x43858 | 0x42058 | 0x246 |
| SelectObject | 0x0 | 0x43b0bc | 0x4385c | 0x4205c | 0x25e |
| DeleteObject | 0x0 | 0x43b0c0 | 0x43860 | 0x42060 | 0xd0 |
| SetBkMode | 0x0 | 0x43b0c4 | 0x43864 | 0x42064 | 0x266 |
| GetDeviceCaps | 0x0 | 0x43b0c8 | 0x43868 | 0x42068 | 0x1b5 |
| SetTextColor | 0x0 | 0x43b0cc | 0x4386c | 0x4206c | 0x28d |
| StartPage | 0x0 | 0x43b0d0 | 0x43870 | 0x42070 | 0x299 |
| LineTo | 0x0 | 0x43b0d4 | 0x43874 | 0x42074 | 0x21d |
| GetTextExtentPoint32A | 0x0 | 0x43b0d8 | 0x43878 | 0x42078 | 0x204 |
| EndPage | 0x0 | 0x43b0dc | 0x4387c | 0x4207c | 0xdd |
| MoveToEx | 0x0 | 0x43b0e0 | 0x43880 | 0x42080 | 0x221 |
| EnumFontFamiliesExA | 0x0 | 0x43b0e4 | 0x43884 | 0x42084 | 0x10f |
| GetStockObject | 0x0 | 0x43b0e8 | 0x43888 | 0x42088 | 0x1f4 |
| GetObjectA | 0x0 | 0x43b0ec | 0x4388c | 0x4208c | 0x1e2 |
| AddFontResourceExW | 0x0 | 0x43b0f0 | 0x43890 | 0x42090 | 0x5 |
| GetDIBits | 0x0 | 0x43b0f4 | 0x43894 | 0x42094 | 0x1b4 |
| CombineRgn | 0x0 | 0x43b0f8 | 0x43898 | 0x42098 | 0x21 |
| StartDocA | 0x0 | 0x43b0fc | 0x4389c | 0x4209c | 0x296 |
| CreatePen | 0x0 | 0x43b100 | 0x438a0 | 0x420a0 | 0x49 |
COMDLG32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetOpenFileNameA | 0x0 | 0x43b074 | 0x43814 | 0x42014 | 0xb |
| GetSaveFileNameA | 0x0 | 0x43b078 | 0x43818 | 0x42018 | 0xd |
| PrintDlgA | 0x0 | 0x43b07c | 0x4381c | 0x4201c | 0x12 |
| ChooseColorA | 0x0 | 0x43b080 | 0x43820 | 0x42020 | 0x0 |
ADVAPI32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegSetValueExA | 0x0 | 0x43b000 | 0x437a0 | 0x41fa0 | 0x277 |
| RegCreateKeyA | 0x0 | 0x43b004 | 0x437a4 | 0x41fa4 | 0x231 |
| AdjustTokenPrivileges | 0x0 | 0x43b008 | 0x437a8 | 0x41fa8 | 0x1e |
| CryptGenKey | 0x0 | 0x43b00c | 0x437ac | 0x41fac | 0xbc |
| CryptGenRandom | 0x0 | 0x43b010 | 0x437b0 | 0x41fb0 | 0xbd |
| CryptAcquireContextA | 0x0 | 0x43b014 | 0x437b4 | 0x41fb4 | 0xac |
| LookupPrivilegeValueA | 0x0 | 0x43b018 | 0x437b8 | 0x41fb8 | 0x190 |
| CryptReleaseContext | 0x0 | 0x43b01c | 0x437bc | 0x41fbc | 0xc7 |
| OpenProcessToken | 0x0 | 0x43b020 | 0x437c0 | 0x41fc0 | 0x1f1 |
| RegCloseKey | 0x0 | 0x43b024 | 0x437c4 | 0x41fc4 | 0x22a |
| RegOpenKeyA | 0x0 | 0x43b028 | 0x437c8 | 0x41fc8 | 0x259 |
| RegDeleteValueA | 0x0 | 0x43b02c | 0x437cc | 0x41fcc | 0x241 |
| RegOpenKeyExA | 0x0 | 0x43b030 | 0x437d0 | 0x41fd0 | 0x25a |
| RegQueryValueExA | 0x0 | 0x43b034 | 0x437d4 | 0x41fd4 | 0x267 |
SHELL32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathA | 0x0 | 0x43b314 | 0x43ab4 | 0x422b4 | 0xbc |
| DragFinish | 0x0 | 0x43b318 | 0x43ab8 | 0x422b8 | 0x1c |
| ShellExecuteExA | 0x0 | 0x43b31c | 0x43abc | 0x422bc | 0x116 |
| ExtractAssociatedIconA | 0x0 | 0x43b320 | 0x43ac0 | 0x422c0 | 0x24 |
| SHGetMalloc | 0x0 | 0x43b324 | 0x43ac4 | 0x422c4 | 0xc9 |
| SHGetPathFromIDListA | 0x0 | 0x43b328 | 0x43ac8 | 0x422c8 | 0xcf |
| ShellExecuteA | 0x0 | 0x43b32c | 0x43acc | 0x422cc | 0x114 |
| DragQueryFileA | 0x0 | 0x43b330 | 0x43ad0 | 0x422d0 | 0x1e |
COMCTL32.dll (11)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PropertySheetA | 0x0 | 0x43b044 | 0x437e4 | 0x41fe4 | 0x83 |
| (by ordinal) | 0x11 | 0x43b048 | 0x437e8 | 0x41fe8 | - |
| (by ordinal) | 0x6 | 0x43b04c | 0x437ec | 0x41fec | - |
| ImageList_Create | 0x0 | 0x43b050 | 0x437f0 | 0x41ff0 | 0x53 |
| ImageList_EndDrag | 0x0 | 0x43b054 | 0x437f4 | 0x41ff4 | 0x5d |
| ImageList_DragMove | 0x0 | 0x43b058 | 0x437f8 | 0x41ff8 | 0x57 |
| ImageList_BeginDrag | 0x0 | 0x43b05c | 0x437fc | 0x41ffc | 0x50 |
| ImageList_DragLeave | 0x0 | 0x43b060 | 0x43800 | 0x42000 | 0x56 |
| ImageList_AddMasked | 0x0 | 0x43b064 | 0x43804 | 0x42004 | 0x4f |
| ImageList_DragEnter | 0x0 | 0x43b068 | 0x43808 | 0x42008 | 0x55 |
| ImageList_DragShowNolock | 0x0 | 0x43b06c | 0x4380c | 0x4200c | 0x58 |
WININET.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PrivacyGetZonePreferenceW | 0x0 | 0x43b4f0 | 0x43c90 | 0x42490 | 0xc6 |
| ReadUrlCacheEntryStream | 0x0 | 0x43b4f4 | 0x43c94 | 0x42494 | 0xc8 |
| PrivacySetZonePreferenceW | 0x0 | 0x43b4f8 | 0x43c98 | 0x42498 | 0xc7 |
MPR.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WNetGetUserW | 0x0 | 0x43b2fc | 0x43a9c | 0x4229c | 0x3a |
AVIFIL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AVIStreamStart | 0x0 | 0x43b03c | 0x437dc | 0x41fdc | 0x37 |
SHLWAPI.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| PathFindFileNameA | 0x0 | 0x43b338 | 0x43ad8 | 0x422d8 | 0x48 |
RPCRT4.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UuidToStringA | 0x0 | 0x43b304 | 0x43aa4 | 0x422a4 | 0x1fb |
| UuidCreate | 0x0 | 0x43b308 | 0x43aa8 | 0x422a8 | 0x1f3 |
| RpcServerInqDefaultPrincNameW | 0x0 | 0x43b30c | 0x43aac | 0x422ac | 0x1b0 |
