VTI SCORE: 98/100
| Target: | win7_32_sp1 | exe |
| Classification: | Trojan, Spyware, Downloader |
8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 (SHA256)
3838612080743901967.exe
Windows Exe (x86-32)
Created at 2018-04-11 09:22:00
Files Information
| Number of sample files submitted for analysis | 1 |
| Number of files created and extracted during analysis | 1 |
| Number of files modified and extracted during analysis | 0 |
c:\users\eebsym5\appdata\local\temp\18144644.bat
Blacklisted
»
| File Properties | |
|---|---|
| Names | c:\users\eebsym5\appdata\local\temp\18144644.bat (Created File) |
| Size | 0.09 KB |
| Hash Values |
MD5: 3880eeb1c736d853eb13b44898b718ab
SHA1: 4eec9d50360cd815211e3c4e6bdd08271b6ec8e6 SHA256: 936d9411d5226b7c5a150ecaf422987590a8870c8e095e1caa072273041a86e7 |
| Actions |
...
|
File Reputation Information
»
| Information | Value |
|---|---|
| Severity |
Blacklisted
|
| Names | Script-BAT.Trojan.Del |
| Families | Del |
| Classification | Trojan |
c:\users\eebsym5\desktop\3838612080743901967.exe
»
| File Properties | |
|---|---|
| Names | c:\users\eebsym5\desktop\3838612080743901967.exe (Sample File) |
| Size | 552.00 KB |
| Hash Values |
MD5: 3ee027e16a993a226110e73e4650358c
SHA1: e67faa73f0cd297c497624a027559de477b707e6 SHA256: 8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 |
| Actions |
...
|
PE Information
»
| Information | Value |
|---|---|
| Image Base | 0x400000 |
| Entry Point | 0x462b38 |
| Size Of Code | 0x61c00 |
| Size Of Initialized Data | 0x28000 |
| Size Of Uninitialized Data | 0x0 |
| Format | x86 |
| Type | Executable |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 1992-03-23 12:27:00 |
| Compiler/Packer | BobSoft Mini Delphi -> BoB / BobSoft |
Sections (8)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| CODE | 0x401000 | 0x61b80 | 0x61c00 | 0x400 | CNT_CODE, MEM_EXECUTE, MEM_READ | 6.62 |
| DATA | 0x463000 | 0x1074 | 0x1200 | 0x62000 | CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE | 3.69 |
| BSS | 0x465000 | 0xc55 | 0x0 | 0x63200 | MEM_READ, MEM_WRITE | 0.0 |
| .idata | 0x466000 | 0x21fc | 0x2200 | 0x63200 | CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE | 4.92 |
| .tls | 0x469000 | 0x10 | 0x0 | 0x65400 | MEM_READ, MEM_WRITE | 0.0 |
| .rdata | 0x46a000 | 0x18 | 0x200 | 0x65400 | CNT_INITIALIZED_DATA, MEM_SHARED, MEM_READ | 0.2 |
| .reloc | 0x46b000 | 0x6cb8 | 0x6e00 | 0x65600 | CNT_INITIALIZED_DATA, MEM_SHARED, MEM_READ | 6.63 |
| .rsrc | 0x472000 | 0x1dc00 | 0x1dc00 | 0x6c400 | CNT_INITIALIZED_DATA, MEM_SHARED, MEM_READ | 7.22 |
Imports (387)
»
kernel32.dll (41)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| DeleteCriticalSection | 0x0 | 0x46612c | 0x6612c | 0x6332c |
| LeaveCriticalSection | 0x0 | 0x466130 | 0x66130 | 0x63330 |
| EnterCriticalSection | 0x0 | 0x466134 | 0x66134 | 0x63334 |
| InitializeCriticalSection | 0x0 | 0x466138 | 0x66138 | 0x63338 |
| VirtualFree | 0x0 | 0x46613c | 0x6613c | 0x6333c |
| VirtualAlloc | 0x0 | 0x466140 | 0x66140 | 0x63340 |
| LocalFree | 0x0 | 0x466144 | 0x66144 | 0x63344 |
| LocalAlloc | 0x0 | 0x466148 | 0x66148 | 0x63348 |
| GetCurrentThreadId | 0x0 | 0x46614c | 0x6614c | 0x6334c |
| InterlockedDecrement | 0x0 | 0x466150 | 0x66150 | 0x63350 |
| InterlockedIncrement | 0x0 | 0x466154 | 0x66154 | 0x63354 |
| VirtualQuery | 0x0 | 0x466158 | 0x66158 | 0x63358 |
| WideCharToMultiByte | 0x0 | 0x46615c | 0x6615c | 0x6335c |
| MultiByteToWideChar | 0x0 | 0x466160 | 0x66160 | 0x63360 |
| lstrlenA | 0x0 | 0x466164 | 0x66164 | 0x63364 |
| lstrcpynA | 0x0 | 0x466168 | 0x66168 | 0x63368 |
| LoadLibraryExA | 0x0 | 0x46616c | 0x6616c | 0x6336c |
| GetThreadLocale | 0x0 | 0x466170 | 0x66170 | 0x63370 |
| GetStartupInfoA | 0x0 | 0x466174 | 0x66174 | 0x63374 |
| GetProcAddress | 0x0 | 0x466178 | 0x66178 | 0x63378 |
| GetModuleHandleA | 0x0 | 0x46617c | 0x6617c | 0x6337c |
| GetModuleFileNameA | 0x0 | 0x466180 | 0x66180 | 0x63380 |
| GetLocaleInfoA | 0x0 | 0x466184 | 0x66184 | 0x63384 |
| GetLastError | 0x0 | 0x466188 | 0x66188 | 0x63388 |
| GetCommandLineA | 0x0 | 0x46618c | 0x6618c | 0x6338c |
| FreeLibrary | 0x0 | 0x466190 | 0x66190 | 0x63390 |
| FindFirstFileA | 0x0 | 0x466194 | 0x66194 | 0x63394 |
| FindClose | 0x0 | 0x466198 | 0x66198 | 0x63398 |
| ExitProcess | 0x0 | 0x46619c | 0x6619c | 0x6339c |
| WriteFile | 0x0 | 0x4661a0 | 0x661a0 | 0x633a0 |
| UnhandledExceptionFilter | 0x0 | 0x4661a4 | 0x661a4 | 0x633a4 |
| SetFilePointer | 0x0 | 0x4661a8 | 0x661a8 | 0x633a8 |
| SetEndOfFile | 0x0 | 0x4661ac | 0x661ac | 0x633ac |
| RtlUnwind | 0x0 | 0x4661b0 | 0x661b0 | 0x633b0 |
| ReadFile | 0x0 | 0x4661b4 | 0x661b4 | 0x633b4 |
| RaiseException | 0x0 | 0x4661b8 | 0x661b8 | 0x633b8 |
| GetStdHandle | 0x0 | 0x4661bc | 0x661bc | 0x633bc |
| GetFileSize | 0x0 | 0x4661c0 | 0x661c0 | 0x633c0 |
| GetFileType | 0x0 | 0x4661c4 | 0x661c4 | 0x633c4 |
| CreateFileA | 0x0 | 0x4661c8 | 0x661c8 | 0x633c8 |
| CloseHandle | 0x0 | 0x4661cc | 0x661cc | 0x633cc |
user32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| GetKeyboardType | 0x0 | 0x4661d4 | 0x661d4 | 0x633d4 |
| LoadStringA | 0x0 | 0x4661d8 | 0x661d8 | 0x633d8 |
| MessageBoxA | 0x0 | 0x4661dc | 0x661dc | 0x633dc |
| CharNextA | 0x0 | 0x4661e0 | 0x661e0 | 0x633e0 |
advapi32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| RegQueryValueExA | 0x0 | 0x4661e8 | 0x661e8 | 0x633e8 |
| RegOpenKeyExA | 0x0 | 0x4661ec | 0x661ec | 0x633ec |
| RegCloseKey | 0x0 | 0x4661f0 | 0x661f0 | 0x633f0 |
oleaut32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| SysFreeString | 0x0 | 0x4661f8 | 0x661f8 | 0x633f8 |
| SysReAllocStringLen | 0x0 | 0x4661fc | 0x661fc | 0x633fc |
| SysAllocStringLen | 0x0 | 0x466200 | 0x66200 | 0x63400 |
kernel32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| TlsSetValue | 0x0 | 0x466208 | 0x66208 | 0x63408 |
| TlsGetValue | 0x0 | 0x46620c | 0x6620c | 0x6340c |
| LocalAlloc | 0x0 | 0x466210 | 0x66210 | 0x63410 |
| GetModuleHandleA | 0x0 | 0x466214 | 0x66214 | 0x63414 |
advapi32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| RegQueryValueExA | 0x0 | 0x46621c | 0x6621c | 0x6341c |
| RegOpenKeyExA | 0x0 | 0x466220 | 0x66220 | 0x63420 |
| RegCloseKey | 0x0 | 0x466224 | 0x66224 | 0x63424 |
kernel32.dll (61)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| lstrcpyA | 0x0 | 0x46622c | 0x6622c | 0x6342c |
| WriteFile | 0x0 | 0x466230 | 0x66230 | 0x63430 |
| WinExec | 0x0 | 0x466234 | 0x66234 | 0x63434 |
| WaitForSingleObject | 0x0 | 0x466238 | 0x66238 | 0x63438 |
| VirtualQuery | 0x0 | 0x46623c | 0x6623c | 0x6343c |
| VirtualFree | 0x0 | 0x466240 | 0x66240 | 0x63440 |
| VirtualAlloc | 0x0 | 0x466244 | 0x66244 | 0x63444 |
| Sleep | 0x0 | 0x466248 | 0x66248 | 0x63448 |
| SizeofResource | 0x0 | 0x46624c | 0x6624c | 0x6344c |
| SetThreadLocale | 0x0 | 0x466250 | 0x66250 | 0x63450 |
| SetFilePointer | 0x0 | 0x466254 | 0x66254 | 0x63454 |
| SetEvent | 0x0 | 0x466258 | 0x66258 | 0x63458 |
| SetErrorMode | 0x0 | 0x46625c | 0x6625c | 0x6345c |
| SetEndOfFile | 0x0 | 0x466260 | 0x66260 | 0x63460 |
| ResetEvent | 0x0 | 0x466264 | 0x66264 | 0x63464 |
| ReadFile | 0x0 | 0x466268 | 0x66268 | 0x63468 |
| MulDiv | 0x0 | 0x46626c | 0x6626c | 0x6346c |
| LockResource | 0x0 | 0x466270 | 0x66270 | 0x63470 |
| LoadResource | 0x0 | 0x466274 | 0x66274 | 0x63474 |
| LoadLibraryA | 0x0 | 0x466278 | 0x66278 | 0x63478 |
| LeaveCriticalSection | 0x0 | 0x46627c | 0x6627c | 0x6347c |
| InitializeCriticalSection | 0x0 | 0x466280 | 0x66280 | 0x63480 |
| GlobalUnlock | 0x0 | 0x466284 | 0x66284 | 0x63484 |
| GlobalReAlloc | 0x0 | 0x466288 | 0x66288 | 0x63488 |
| GlobalHandle | 0x0 | 0x46628c | 0x6628c | 0x6348c |
| GlobalLock | 0x0 | 0x466290 | 0x66290 | 0x63490 |
| GlobalFree | 0x0 | 0x466294 | 0x66294 | 0x63494 |
| GlobalFindAtomA | 0x0 | 0x466298 | 0x66298 | 0x63498 |
| GlobalDeleteAtom | 0x0 | 0x46629c | 0x6629c | 0x6349c |
| GlobalAlloc | 0x0 | 0x4662a0 | 0x662a0 | 0x634a0 |
| GlobalAddAtomA | 0x0 | 0x4662a4 | 0x662a4 | 0x634a4 |
| GetVersionExA | 0x0 | 0x4662a8 | 0x662a8 | 0x634a8 |
| GetVersion | 0x0 | 0x4662ac | 0x662ac | 0x634ac |
| GetTickCount | 0x0 | 0x4662b0 | 0x662b0 | 0x634b0 |
| GetThreadLocale | 0x0 | 0x4662b4 | 0x662b4 | 0x634b4 |
| GetSystemTime | 0x0 | 0x4662b8 | 0x662b8 | 0x634b8 |
| GetSystemInfo | 0x0 | 0x4662bc | 0x662bc | 0x634bc |
| GetStringTypeExA | 0x0 | 0x4662c0 | 0x662c0 | 0x634c0 |
| GetStdHandle | 0x0 | 0x4662c4 | 0x662c4 | 0x634c4 |
| GetProcAddress | 0x0 | 0x4662c8 | 0x662c8 | 0x634c8 |
| GetModuleHandleA | 0x0 | 0x4662cc | 0x662cc | 0x634cc |
| GetModuleFileNameA | 0x0 | 0x4662d0 | 0x662d0 | 0x634d0 |
| GetLocaleInfoA | 0x0 | 0x4662d4 | 0x662d4 | 0x634d4 |
| GetLastError | 0x0 | 0x4662d8 | 0x662d8 | 0x634d8 |
| GetDiskFreeSpaceA | 0x0 | 0x4662dc | 0x662dc | 0x634dc |
| GetCurrentThreadId | 0x0 | 0x4662e0 | 0x662e0 | 0x634e0 |
| GetCurrentProcessId | 0x0 | 0x4662e4 | 0x662e4 | 0x634e4 |
| GetCPInfo | 0x0 | 0x4662e8 | 0x662e8 | 0x634e8 |
| GetACP | 0x0 | 0x4662ec | 0x662ec | 0x634ec |
| FreeResource | 0x0 | 0x4662f0 | 0x662f0 | 0x634f0 |
| FreeLibrary | 0x0 | 0x4662f4 | 0x662f4 | 0x634f4 |
| FormatMessageA | 0x0 | 0x4662f8 | 0x662f8 | 0x634f8 |
| FindResourceA | 0x0 | 0x4662fc | 0x662fc | 0x634fc |
| EnumCalendarInfoA | 0x0 | 0x466300 | 0x66300 | 0x63500 |
| EnterCriticalSection | 0x0 | 0x466304 | 0x66304 | 0x63504 |
| DeleteCriticalSection | 0x0 | 0x466308 | 0x66308 | 0x63508 |
| CreateThread | 0x0 | 0x46630c | 0x6630c | 0x6350c |
| CreateFileA | 0x0 | 0x466310 | 0x66310 | 0x63510 |
| CreateEventA | 0x0 | 0x466314 | 0x66314 | 0x63514 |
| CompareStringA | 0x0 | 0x466318 | 0x66318 | 0x63518 |
| CloseHandle | 0x0 | 0x46631c | 0x6631c | 0x6351c |
gdi32.dll (56)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| UnrealizeObject | 0x0 | 0x466324 | 0x66324 | 0x63524 |
| StretchBlt | 0x0 | 0x466328 | 0x66328 | 0x63528 |
| SetWindowOrgEx | 0x0 | 0x46632c | 0x6632c | 0x6352c |
| SetViewportOrgEx | 0x0 | 0x466330 | 0x66330 | 0x63530 |
| SetTextColor | 0x0 | 0x466334 | 0x66334 | 0x63534 |
| SetStretchBltMode | 0x0 | 0x466338 | 0x66338 | 0x63538 |
| SetROP2 | 0x0 | 0x46633c | 0x6633c | 0x6353c |
| SetPixel | 0x0 | 0x466340 | 0x66340 | 0x63540 |
| SetDIBColorTable | 0x0 | 0x466344 | 0x66344 | 0x63544 |
| SetBrushOrgEx | 0x0 | 0x466348 | 0x66348 | 0x63548 |
| SetBkMode | 0x0 | 0x46634c | 0x6634c | 0x6354c |
| SetBkColor | 0x0 | 0x466350 | 0x66350 | 0x63550 |
| SelectPalette | 0x0 | 0x466354 | 0x66354 | 0x63554 |
| SelectObject | 0x0 | 0x466358 | 0x66358 | 0x63558 |
| SelectClipRgn | 0x0 | 0x46635c | 0x6635c | 0x6355c |
| SaveDC | 0x0 | 0x466360 | 0x66360 | 0x63560 |
| RestoreDC | 0x0 | 0x466364 | 0x66364 | 0x63564 |
| RectVisible | 0x0 | 0x466368 | 0x66368 | 0x63568 |
| RealizePalette | 0x0 | 0x46636c | 0x6636c | 0x6356c |
| PatBlt | 0x0 | 0x466370 | 0x66370 | 0x63570 |
| MoveToEx | 0x0 | 0x466374 | 0x66374 | 0x63574 |
| MaskBlt | 0x0 | 0x466378 | 0x66378 | 0x63578 |
| LineTo | 0x0 | 0x46637c | 0x6637c | 0x6357c |
| IntersectClipRect | 0x0 | 0x466380 | 0x66380 | 0x63580 |
| GetWindowOrgEx | 0x0 | 0x466384 | 0x66384 | 0x63584 |
| GetTextMetricsA | 0x0 | 0x466388 | 0x66388 | 0x63588 |
| GetTextExtentPoint32A | 0x0 | 0x46638c | 0x6638c | 0x6358c |
| GetSystemPaletteEntries | 0x0 | 0x466390 | 0x66390 | 0x63590 |
| GetStockObject | 0x0 | 0x466394 | 0x66394 | 0x63594 |
| GetPixel | 0x0 | 0x466398 | 0x66398 | 0x63598 |
| GetPaletteEntries | 0x0 | 0x46639c | 0x6639c | 0x6359c |
| GetObjectA | 0x0 | 0x4663a0 | 0x663a0 | 0x635a0 |
| GetDeviceCaps | 0x0 | 0x4663a4 | 0x663a4 | 0x635a4 |
| GetDIBits | 0x0 | 0x4663a8 | 0x663a8 | 0x635a8 |
| GetDIBColorTable | 0x0 | 0x4663ac | 0x663ac | 0x635ac |
| GetDCOrgEx | 0x0 | 0x4663b0 | 0x663b0 | 0x635b0 |
| GetCurrentPositionEx | 0x0 | 0x4663b4 | 0x663b4 | 0x635b4 |
| GetClipBox | 0x0 | 0x4663b8 | 0x663b8 | 0x635b8 |
| GetBrushOrgEx | 0x0 | 0x4663bc | 0x663bc | 0x635bc |
| GetBitmapBits | 0x0 | 0x4663c0 | 0x663c0 | 0x635c0 |
| ExtTextOutA | 0x0 | 0x4663c4 | 0x663c4 | 0x635c4 |
| ExcludeClipRect | 0x0 | 0x4663c8 | 0x663c8 | 0x635c8 |
| DeleteObject | 0x0 | 0x4663cc | 0x663cc | 0x635cc |
| DeleteDC | 0x0 | 0x4663d0 | 0x663d0 | 0x635d0 |
| CreateSolidBrush | 0x0 | 0x4663d4 | 0x663d4 | 0x635d4 |
| CreatePenIndirect | 0x0 | 0x4663d8 | 0x663d8 | 0x635d8 |
| CreatePalette | 0x0 | 0x4663dc | 0x663dc | 0x635dc |
| CreateHalftonePalette | 0x0 | 0x4663e0 | 0x663e0 | 0x635e0 |
| CreateFontIndirectA | 0x0 | 0x4663e4 | 0x663e4 | 0x635e4 |
| CreateDIBitmap | 0x0 | 0x4663e8 | 0x663e8 | 0x635e8 |
| CreateDIBSection | 0x0 | 0x4663ec | 0x663ec | 0x635ec |
| CreateCompatibleDC | 0x0 | 0x4663f0 | 0x663f0 | 0x635f0 |
| CreateCompatibleBitmap | 0x0 | 0x4663f4 | 0x663f4 | 0x635f4 |
| CreateBrushIndirect | 0x0 | 0x4663f8 | 0x663f8 | 0x635f8 |
| CreateBitmap | 0x0 | 0x4663fc | 0x663fc | 0x635fc |
| BitBlt | 0x0 | 0x466400 | 0x66400 | 0x63600 |
user32.dll (157)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| WindowFromPoint | 0x0 | 0x466408 | 0x66408 | 0x63608 |
| WinHelpA | 0x0 | 0x46640c | 0x6640c | 0x6360c |
| WaitMessage | 0x0 | 0x466410 | 0x66410 | 0x63610 |
| UpdateWindow | 0x0 | 0x466414 | 0x66414 | 0x63614 |
| UnregisterClassA | 0x0 | 0x466418 | 0x66418 | 0x63618 |
| UnhookWindowsHookEx | 0x0 | 0x46641c | 0x6641c | 0x6361c |
| TranslateMessage | 0x0 | 0x466420 | 0x66420 | 0x63620 |
| TranslateMDISysAccel | 0x0 | 0x466424 | 0x66424 | 0x63624 |
| TrackPopupMenu | 0x0 | 0x466428 | 0x66428 | 0x63628 |
| SystemParametersInfoA | 0x0 | 0x46642c | 0x6642c | 0x6362c |
| ShowWindow | 0x0 | 0x466430 | 0x66430 | 0x63630 |
| ShowScrollBar | 0x0 | 0x466434 | 0x66434 | 0x63634 |
| ShowOwnedPopups | 0x0 | 0x466438 | 0x66438 | 0x63638 |
| ShowCursor | 0x0 | 0x46643c | 0x6643c | 0x6363c |
| SetWindowsHookExA | 0x0 | 0x466440 | 0x66440 | 0x63640 |
| SetWindowTextA | 0x0 | 0x466444 | 0x66444 | 0x63644 |
| SetWindowPos | 0x0 | 0x466448 | 0x66448 | 0x63648 |
| SetWindowPlacement | 0x0 | 0x46644c | 0x6644c | 0x6364c |
| SetWindowLongA | 0x0 | 0x466450 | 0x66450 | 0x63650 |
| SetTimer | 0x0 | 0x466454 | 0x66454 | 0x63654 |
| SetScrollRange | 0x0 | 0x466458 | 0x66458 | 0x63658 |
| SetScrollPos | 0x0 | 0x46645c | 0x6645c | 0x6365c |
| SetScrollInfo | 0x0 | 0x466460 | 0x66460 | 0x63660 |
| SetRect | 0x0 | 0x466464 | 0x66464 | 0x63664 |
| SetPropA | 0x0 | 0x466468 | 0x66468 | 0x63668 |
| SetMenuItemInfoA | 0x0 | 0x46646c | 0x6646c | 0x6366c |
| SetMenu | 0x0 | 0x466470 | 0x66470 | 0x63670 |
| SetForegroundWindow | 0x0 | 0x466474 | 0x66474 | 0x63674 |
| SetFocus | 0x0 | 0x466478 | 0x66478 | 0x63678 |
| SetCursor | 0x0 | 0x46647c | 0x6647c | 0x6367c |
| SetClassLongA | 0x0 | 0x466480 | 0x66480 | 0x63680 |
| SetCapture | 0x0 | 0x466484 | 0x66484 | 0x63684 |
| SetActiveWindow | 0x0 | 0x466488 | 0x66488 | 0x63688 |
| SendMessageA | 0x0 | 0x46648c | 0x6648c | 0x6368c |
| ScrollWindow | 0x0 | 0x466490 | 0x66490 | 0x63690 |
| ScreenToClient | 0x0 | 0x466494 | 0x66494 | 0x63694 |
| RemovePropA | 0x0 | 0x466498 | 0x66498 | 0x63698 |
| RemoveMenu | 0x0 | 0x46649c | 0x6649c | 0x6369c |
| ReleaseDC | 0x0 | 0x4664a0 | 0x664a0 | 0x636a0 |
| ReleaseCapture | 0x0 | 0x4664a4 | 0x664a4 | 0x636a4 |
| RegisterWindowMessageA | 0x0 | 0x4664a8 | 0x664a8 | 0x636a8 |
| RegisterClipboardFormatA | 0x0 | 0x4664ac | 0x664ac | 0x636ac |
| RegisterClassA | 0x0 | 0x4664b0 | 0x664b0 | 0x636b0 |
| RedrawWindow | 0x0 | 0x4664b4 | 0x664b4 | 0x636b4 |
| PtInRect | 0x0 | 0x4664b8 | 0x664b8 | 0x636b8 |
| PostQuitMessage | 0x0 | 0x4664bc | 0x664bc | 0x636bc |
| PostMessageA | 0x0 | 0x4664c0 | 0x664c0 | 0x636c0 |
| PeekMessageA | 0x0 | 0x4664c4 | 0x664c4 | 0x636c4 |
| OffsetRect | 0x0 | 0x4664c8 | 0x664c8 | 0x636c8 |
| OemToCharA | 0x0 | 0x4664cc | 0x664cc | 0x636cc |
| MessageBoxA | 0x0 | 0x4664d0 | 0x664d0 | 0x636d0 |
| MapWindowPoints | 0x0 | 0x4664d4 | 0x664d4 | 0x636d4 |
| MapVirtualKeyA | 0x0 | 0x4664d8 | 0x664d8 | 0x636d8 |
| LoadStringA | 0x0 | 0x4664dc | 0x664dc | 0x636dc |
| LoadKeyboardLayoutA | 0x0 | 0x4664e0 | 0x664e0 | 0x636e0 |
| LoadIconA | 0x0 | 0x4664e4 | 0x664e4 | 0x636e4 |
| LoadCursorA | 0x0 | 0x4664e8 | 0x664e8 | 0x636e8 |
| LoadBitmapA | 0x0 | 0x4664ec | 0x664ec | 0x636ec |
| KillTimer | 0x0 | 0x4664f0 | 0x664f0 | 0x636f0 |
| IsZoomed | 0x0 | 0x4664f4 | 0x664f4 | 0x636f4 |
| IsWindowVisible | 0x0 | 0x4664f8 | 0x664f8 | 0x636f8 |
| IsWindowEnabled | 0x0 | 0x4664fc | 0x664fc | 0x636fc |
| IsWindow | 0x0 | 0x466500 | 0x66500 | 0x63700 |
| IsRectEmpty | 0x0 | 0x466504 | 0x66504 | 0x63704 |
| IsIconic | 0x0 | 0x466508 | 0x66508 | 0x63708 |
| IsDialogMessageA | 0x0 | 0x46650c | 0x6650c | 0x6370c |
| IsChild | 0x0 | 0x466510 | 0x66510 | 0x63710 |
| InvalidateRect | 0x0 | 0x466514 | 0x66514 | 0x63714 |
| IntersectRect | 0x0 | 0x466518 | 0x66518 | 0x63718 |
| InsertMenuItemA | 0x0 | 0x46651c | 0x6651c | 0x6371c |
| InsertMenuA | 0x0 | 0x466520 | 0x66520 | 0x63720 |
| InflateRect | 0x0 | 0x466524 | 0x66524 | 0x63724 |
| GetWindowThreadProcessId | 0x0 | 0x466528 | 0x66528 | 0x63728 |
| GetWindowTextA | 0x0 | 0x46652c | 0x6652c | 0x6372c |
| GetWindowRect | 0x0 | 0x466530 | 0x66530 | 0x63730 |
| GetWindowPlacement | 0x0 | 0x466534 | 0x66534 | 0x63734 |
| GetWindowLongA | 0x0 | 0x466538 | 0x66538 | 0x63738 |
| GetWindowDC | 0x0 | 0x46653c | 0x6653c | 0x6373c |
| GetTopWindow | 0x0 | 0x466540 | 0x66540 | 0x63740 |
| GetSystemMetrics | 0x0 | 0x466544 | 0x66544 | 0x63744 |
| GetSystemMenu | 0x0 | 0x466548 | 0x66548 | 0x63748 |
| GetSysColor | 0x0 | 0x46654c | 0x6654c | 0x6374c |
| GetSubMenu | 0x0 | 0x466550 | 0x66550 | 0x63750 |
| GetScrollRange | 0x0 | 0x466554 | 0x66554 | 0x63754 |
| GetScrollPos | 0x0 | 0x466558 | 0x66558 | 0x63758 |
| GetScrollInfo | 0x0 | 0x46655c | 0x6655c | 0x6375c |
| GetPropA | 0x0 | 0x466560 | 0x66560 | 0x63760 |
| GetParent | 0x0 | 0x466564 | 0x66564 | 0x63764 |
| GetWindow | 0x0 | 0x466568 | 0x66568 | 0x63768 |
| GetMenuStringA | 0x0 | 0x46656c | 0x6656c | 0x6376c |
| GetMenuState | 0x0 | 0x466570 | 0x66570 | 0x63770 |
| GetMenuItemInfoA | 0x0 | 0x466574 | 0x66574 | 0x63774 |
| GetMenuItemID | 0x0 | 0x466578 | 0x66578 | 0x63778 |
| GetMenuItemCount | 0x0 | 0x46657c | 0x6657c | 0x6377c |
| GetMenu | 0x0 | 0x466580 | 0x66580 | 0x63780 |
| GetLastActivePopup | 0x0 | 0x466584 | 0x66584 | 0x63784 |
| GetKeyboardState | 0x0 | 0x466588 | 0x66588 | 0x63788 |
| GetKeyboardLayoutList | 0x0 | 0x46658c | 0x6658c | 0x6378c |
| GetKeyboardLayout | 0x0 | 0x466590 | 0x66590 | 0x63790 |
| GetKeyState | 0x0 | 0x466594 | 0x66594 | 0x63794 |
| GetKeyNameTextA | 0x0 | 0x466598 | 0x66598 | 0x63798 |
| GetIconInfo | 0x0 | 0x46659c | 0x6659c | 0x6379c |
| GetForegroundWindow | 0x0 | 0x4665a0 | 0x665a0 | 0x637a0 |
| GetFocus | 0x0 | 0x4665a4 | 0x665a4 | 0x637a4 |
| GetDesktopWindow | 0x0 | 0x4665a8 | 0x665a8 | 0x637a8 |
| GetDCEx | 0x0 | 0x4665ac | 0x665ac | 0x637ac |
| GetDC | 0x0 | 0x4665b0 | 0x665b0 | 0x637b0 |
| GetCursorPos | 0x0 | 0x4665b4 | 0x665b4 | 0x637b4 |
| GetCursor | 0x0 | 0x4665b8 | 0x665b8 | 0x637b8 |
| GetClientRect | 0x0 | 0x4665bc | 0x665bc | 0x637bc |
| GetClassNameA | 0x0 | 0x4665c0 | 0x665c0 | 0x637c0 |
| GetClassInfoA | 0x0 | 0x4665c4 | 0x665c4 | 0x637c4 |
| GetCapture | 0x0 | 0x4665c8 | 0x665c8 | 0x637c8 |
| GetActiveWindow | 0x0 | 0x4665cc | 0x665cc | 0x637cc |
| FrameRect | 0x0 | 0x4665d0 | 0x665d0 | 0x637d0 |
| FindWindowA | 0x0 | 0x4665d4 | 0x665d4 | 0x637d4 |
| FillRect | 0x0 | 0x4665d8 | 0x665d8 | 0x637d8 |
| EqualRect | 0x0 | 0x4665dc | 0x665dc | 0x637dc |
| EnumWindows | 0x0 | 0x4665e0 | 0x665e0 | 0x637e0 |
| EnumThreadWindows | 0x0 | 0x4665e4 | 0x665e4 | 0x637e4 |
| EndPaint | 0x0 | 0x4665e8 | 0x665e8 | 0x637e8 |
| EndDeferWindowPos | 0x0 | 0x4665ec | 0x665ec | 0x637ec |
| EnableWindow | 0x0 | 0x4665f0 | 0x665f0 | 0x637f0 |
| EnableScrollBar | 0x0 | 0x4665f4 | 0x665f4 | 0x637f4 |
| EnableMenuItem | 0x0 | 0x4665f8 | 0x665f8 | 0x637f8 |
| DrawTextA | 0x0 | 0x4665fc | 0x665fc | 0x637fc |
| DrawMenuBar | 0x0 | 0x466600 | 0x66600 | 0x63800 |
| DrawIconEx | 0x0 | 0x466604 | 0x66604 | 0x63804 |
| DrawIcon | 0x0 | 0x466608 | 0x66608 | 0x63808 |
| DrawFrameControl | 0x0 | 0x46660c | 0x6660c | 0x6380c |
| DrawFocusRect | 0x0 | 0x466610 | 0x66610 | 0x63810 |
| DrawEdge | 0x0 | 0x466614 | 0x66614 | 0x63814 |
| DispatchMessageA | 0x0 | 0x466618 | 0x66618 | 0x63818 |
| DestroyWindow | 0x0 | 0x46661c | 0x6661c | 0x6381c |
| DestroyMenu | 0x0 | 0x466620 | 0x66620 | 0x63820 |
| DestroyIcon | 0x0 | 0x466624 | 0x66624 | 0x63824 |
| DestroyCursor | 0x0 | 0x466628 | 0x66628 | 0x63828 |
| DeleteMenu | 0x0 | 0x46662c | 0x6662c | 0x6382c |
| DeferWindowPos | 0x0 | 0x466630 | 0x66630 | 0x63830 |
| DefWindowProcA | 0x0 | 0x466634 | 0x66634 | 0x63834 |
| DefMDIChildProcA | 0x0 | 0x466638 | 0x66638 | 0x63838 |
| DefFrameProcA | 0x0 | 0x46663c | 0x6663c | 0x6383c |
| CreateWindowExA | 0x0 | 0x466640 | 0x66640 | 0x63840 |
| CreatePopupMenu | 0x0 | 0x466644 | 0x66644 | 0x63844 |
| CreateMenu | 0x0 | 0x466648 | 0x66648 | 0x63848 |
| CreateIcon | 0x0 | 0x46664c | 0x6664c | 0x6384c |
| ClientToScreen | 0x0 | 0x466650 | 0x66650 | 0x63850 |
| CheckMenuItem | 0x0 | 0x466654 | 0x66654 | 0x63854 |
| CallWindowProcA | 0x0 | 0x466658 | 0x66658 | 0x63858 |
| CallNextHookEx | 0x0 | 0x46665c | 0x6665c | 0x6385c |
| BringWindowToTop | 0x0 | 0x466660 | 0x66660 | 0x63860 |
| BeginPaint | 0x0 | 0x466664 | 0x66664 | 0x63864 |
| BeginDeferWindowPos | 0x0 | 0x466668 | 0x66668 | 0x63868 |
| CharNextA | 0x0 | 0x46666c | 0x6666c | 0x6386c |
| CharLowerA | 0x0 | 0x466670 | 0x66670 | 0x63870 |
| AdjustWindowRectEx | 0x0 | 0x466674 | 0x66674 | 0x63874 |
| ActivateKeyboardLayout | 0x0 | 0x466678 | 0x66678 | 0x63878 |
kernel32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| Sleep | 0x0 | 0x466680 | 0x66680 | 0x63880 |
oleaut32.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| SafeArrayPtrOfIndex | 0x0 | 0x466688 | 0x66688 | 0x63888 |
| SafeArrayPutElement | 0x0 | 0x46668c | 0x6668c | 0x6388c |
| SafeArrayGetElement | 0x0 | 0x466690 | 0x66690 | 0x63890 |
| SafeArrayGetUBound | 0x0 | 0x466694 | 0x66694 | 0x63894 |
| SafeArrayGetLBound | 0x0 | 0x466698 | 0x66698 | 0x63898 |
| SafeArrayRedim | 0x0 | 0x46669c | 0x6669c | 0x6389c |
| SafeArrayCreate | 0x0 | 0x4666a0 | 0x666a0 | 0x638a0 |
| VariantChangeTypeEx | 0x0 | 0x4666a4 | 0x666a4 | 0x638a4 |
| VariantCopyInd | 0x0 | 0x4666a8 | 0x666a8 | 0x638a8 |
| VariantCopy | 0x0 | 0x4666ac | 0x666ac | 0x638ac |
| VariantClear | 0x0 | 0x4666b0 | 0x666b0 | 0x638b0 |
| VariantInit | 0x0 | 0x4666b4 | 0x666b4 | 0x638b4 |
comctl32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| ImageList_SetIconSize | 0x0 | 0x4666bc | 0x666bc | 0x638bc |
| ImageList_GetIconSize | 0x0 | 0x4666c0 | 0x666c0 | 0x638c0 |
| ImageList_Write | 0x0 | 0x4666c4 | 0x666c4 | 0x638c4 |
| ImageList_Read | 0x0 | 0x4666c8 | 0x666c8 | 0x638c8 |
| ImageList_GetDragImage | 0x0 | 0x4666cc | 0x666cc | 0x638cc |
| ImageList_DragShowNolock | 0x0 | 0x4666d0 | 0x666d0 | 0x638d0 |
| ImageList_SetDragCursorImage | 0x0 | 0x4666d4 | 0x666d4 | 0x638d4 |
| ImageList_DragMove | 0x0 | 0x4666d8 | 0x666d8 | 0x638d8 |
| ImageList_DragLeave | 0x0 | 0x4666dc | 0x666dc | 0x638dc |
| ImageList_DragEnter | 0x0 | 0x4666e0 | 0x666e0 | 0x638e0 |
| ImageList_EndDrag | 0x0 | 0x4666e4 | 0x666e4 | 0x638e4 |
| ImageList_BeginDrag | 0x0 | 0x4666e8 | 0x666e8 | 0x638e8 |
| ImageList_Remove | 0x0 | 0x4666ec | 0x666ec | 0x638ec |
| ImageList_DrawEx | 0x0 | 0x4666f0 | 0x666f0 | 0x638f0 |
| ImageList_Draw | 0x0 | 0x4666f4 | 0x666f4 | 0x638f4 |
| ImageList_GetBkColor | 0x0 | 0x4666f8 | 0x666f8 | 0x638f8 |
| ImageList_SetBkColor | 0x0 | 0x4666fc | 0x666fc | 0x638fc |
| ImageList_ReplaceIcon | 0x0 | 0x466700 | 0x66700 | 0x63900 |
| ImageList_Add | 0x0 | 0x466704 | 0x66704 | 0x63904 |
| ImageList_GetImageCount | 0x0 | 0x466708 | 0x66708 | 0x63908 |
| ImageList_Destroy | 0x0 | 0x46670c | 0x6670c | 0x6390c |
| ImageList_Create | 0x0 | 0x466710 | 0x66710 | 0x63910 |
comdlg32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| ReplaceTextA | 0x0 | 0x466718 | 0x66718 | 0x63918 |
| FindTextA | 0x0 | 0x46671c | 0x6671c | 0x6391c |
user32.dll (18)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
|---|---|---|---|---|
| DdeCmpStringHandles | 0x0 | 0x466724 | 0x66724 | 0x63924 |
| DdeFreeStringHandle | 0x0 | 0x466728 | 0x66728 | 0x63928 |
| DdeQueryStringA | 0x0 | 0x46672c | 0x6672c | 0x6392c |
| DdeCreateStringHandleA | 0x0 | 0x466730 | 0x66730 | 0x63930 |
| DdeGetLastError | 0x0 | 0x466734 | 0x66734 | 0x63934 |
| DdeFreeDataHandle | 0x0 | 0x466738 | 0x66738 | 0x63938 |
| DdeUnaccessData | 0x0 | 0x46673c | 0x6673c | 0x6393c |
| DdeAccessData | 0x0 | 0x466740 | 0x66740 | 0x63940 |
| DdeCreateDataHandle | 0x0 | 0x466744 | 0x66744 | 0x63944 |
| DdeClientTransaction | 0x0 | 0x466748 | 0x66748 | 0x63948 |
| DdeNameService | 0x0 | 0x46674c | 0x6674c | 0x6394c |
| DdePostAdvise | 0x0 | 0x466750 | 0x66750 | 0x63950 |
| DdeSetUserHandle | 0x0 | 0x466754 | 0x66754 | 0x63954 |
| DdeQueryConvInfo | 0x0 | 0x466758 | 0x66758 | 0x63958 |
| DdeDisconnect | 0x0 | 0x46675c | 0x6675c | 0x6395c |
| DdeConnect | 0x0 | 0x466760 | 0x66760 | 0x63960 |
| DdeUninitialize | 0x0 | 0x466764 | 0x66764 | 0x63964 |
| DdeInitializeA | 0x0 | 0x466768 | 0x66768 | 0x63968 |
Icons (1)
»
