Try VMRay Platform
Malicious
Classifications

Hacktool

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2025-04-03T00:46:24+00:00

ywN7ZRVxafL7Wo1m.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\ywN7ZRVxafL7Wo1m.exe Sample File Binary
Malicious
...
»
Also Known As ywN7ZRVxafL7Wo1m.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 3.19 MB
MD5 81c45cfb2aceb9ffeb0c30d22fd37b8a Copy to Clipboard
SHA1 602f6b049dfe9be696ed1da5af11e991b33e85c9 Copy to Clipboard
SHA256 3ed2bf9d247bfb4c41a0566e25d9e31bd8507af224824bcfe0dd01a4139b8db2 Copy to Clipboard
SSDeep 49152:6zG1BqCBGJNodXAWRe5CFHRYHgmApfFNg:DBIaRAWRe5KGUpM Copy to Clipboard
ImpHash 8b810c56433294857b4c849ade154230 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x005B0CFA
Size Of Code 0x001EE000
Size Of Initialized Data 0x00143000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2012-02-08 22:09 (UTC)
Version Information (6)
»
FileVersion 1.0.0.0
FileDescription 易语言程序
ProductName 易语言程序
ProductVersion 1.0.0.0
LegalCopyright 作者版权所有 请尊重并使用正版
Comments 本程序使用易语言编写(http://www.eyuyan.com)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x00401000 0x00002000 0x00002000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.37
.text 0x00403000 0x001EDBAA 0x001EE000 0x00003000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x005F1000 0x0006EB9A 0x0006F000 0x001F1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.42
.data 0x00660000 0x0013C862 0x000CA000 0x00260000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.58
.rsrc 0x0079D000 0x0000739C 0x00008000 0x0032A000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
Imports (17)
»
KERNEL32.DLL (161)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileSize - 0x005F11C8 0x001F11C8 0x001F11C8 0x00000000
TerminateProcess - 0x005F11CC 0x001F11CC 0x001F11CC 0x00000000
OpenProcess - 0x005F11D0 0x001F11D0 0x001F11D0 0x00000000
SetLastError - 0x005F11D4 0x001F11D4 0x001F11D4 0x00000000
GetTimeZoneInformation - 0x005F11D8 0x001F11D8 0x001F11D8 0x00000000
SetFilePointer - 0x005F11DC 0x001F11DC 0x001F11DC 0x00000000
GetLocaleInfoA - 0x005F11E0 0x001F11E0 0x001F11E0 0x00000000
GetVersion - 0x005F11E4 0x001F11E4 0x001F11E4 0x00000000
FileTimeToSystemTime - 0x005F11E8 0x001F11E8 0x001F11E8 0x00000000
CreateMutexA - 0x005F11EC 0x001F11EC 0x001F11EC 0x00000000
ReleaseMutex - 0x005F11F0 0x001F11F0 0x001F11F0 0x00000000
LocalFree - 0x005F11F4 0x001F11F4 0x001F11F4 0x00000000
FileTimeToLocalFileTime - 0x005F11F8 0x001F11F8 0x001F11F8 0x00000000
lstrcpynA - 0x005F11FC 0x001F11FC 0x001F11FC 0x00000000
DuplicateHandle - 0x005F1200 0x001F1200 0x001F1200 0x00000000
FlushFileBuffers - 0x005F1204 0x001F1204 0x001F1204 0x00000000
LockFile - 0x005F1208 0x001F1208 0x001F1208 0x00000000
UnlockFile - 0x005F120C 0x001F120C 0x001F120C 0x00000000
SetEndOfFile - 0x005F1210 0x001F1210 0x001F1210 0x00000000
lstrcmpiA - 0x005F1214 0x001F1214 0x001F1214 0x00000000
GlobalDeleteAtom - 0x005F1218 0x001F1218 0x001F1218 0x00000000
GlobalFindAtomA - 0x005F121C 0x001F121C 0x001F121C 0x00000000
GlobalAddAtomA - 0x005F1220 0x001F1220 0x001F1220 0x00000000
GlobalGetAtomNameA - 0x005F1224 0x001F1224 0x001F1224 0x00000000
lstrcmpA - 0x005F1228 0x001F1228 0x001F1228 0x00000000
LocalAlloc - 0x005F122C 0x001F122C 0x001F122C 0x00000000
TlsAlloc - 0x005F1230 0x001F1230 0x001F1230 0x00000000
GlobalHandle - 0x005F1234 0x001F1234 0x001F1234 0x00000000
TlsFree - 0x005F1238 0x001F1238 0x001F1238 0x00000000
TlsSetValue - 0x005F123C 0x001F123C 0x001F123C 0x00000000
LocalReAlloc - 0x005F1240 0x001F1240 0x001F1240 0x00000000
TlsGetValue - 0x005F1244 0x001F1244 0x001F1244 0x00000000
GetFileTime - 0x005F1248 0x001F1248 0x001F1248 0x00000000
GetCurrentThread - 0x005F124C 0x001F124C 0x001F124C 0x00000000
GlobalFlags - 0x005F1250 0x001F1250 0x001F1250 0x00000000
SetErrorMode - 0x005F1254 0x001F1254 0x001F1254 0x00000000
GetProcessVersion - 0x005F1258 0x001F1258 0x001F1258 0x00000000
GetCPInfo - 0x005F125C 0x001F125C 0x001F125C 0x00000000
GetOEMCP - 0x005F1260 0x001F1260 0x001F1260 0x00000000
GetStartupInfoA - 0x005F1264 0x001F1264 0x001F1264 0x00000000
RtlUnwind - 0x005F1268 0x001F1268 0x001F1268 0x00000000
GetSystemTime - 0x005F126C 0x001F126C 0x001F126C 0x00000000
GetLocalTime - 0x005F1270 0x001F1270 0x001F1270 0x00000000
RaiseException - 0x005F1274 0x001F1274 0x001F1274 0x00000000
HeapSize - 0x005F1278 0x001F1278 0x001F1278 0x00000000
GetACP - 0x005F127C 0x001F127C 0x001F127C 0x00000000
SetStdHandle - 0x005F1280 0x001F1280 0x001F1280 0x00000000
GetFileType - 0x005F1284 0x001F1284 0x001F1284 0x00000000
UnhandledExceptionFilter - 0x005F1288 0x001F1288 0x001F1288 0x00000000
FreeEnvironmentStringsA - 0x005F128C 0x001F128C 0x001F128C 0x00000000
FreeEnvironmentStringsW - 0x005F1290 0x001F1290 0x001F1290 0x00000000
GetEnvironmentStrings - 0x005F1294 0x001F1294 0x001F1294 0x00000000
GetEnvironmentStringsW - 0x005F1298 0x001F1298 0x001F1298 0x00000000
SetHandleCount - 0x005F129C 0x001F129C 0x001F129C 0x00000000
GetStdHandle - 0x005F12A0 0x001F12A0 0x001F12A0 0x00000000
GetEnvironmentVariableA - 0x005F12A4 0x001F12A4 0x001F12A4 0x00000000
HeapDestroy - 0x005F12A8 0x001F12A8 0x001F12A8 0x00000000
HeapCreate - 0x005F12AC 0x001F12AC 0x001F12AC 0x00000000
VirtualFree - 0x005F12B0 0x001F12B0 0x001F12B0 0x00000000
SetEnvironmentVariableW - 0x005F12B4 0x001F12B4 0x001F12B4 0x00000000
SetEnvironmentVariableA - 0x005F12B8 0x001F12B8 0x001F12B8 0x00000000
LCMapStringA - 0x005F12BC 0x001F12BC 0x001F12BC 0x00000000
LCMapStringW - 0x005F12C0 0x001F12C0 0x001F12C0 0x00000000
VirtualAlloc - 0x005F12C4 0x001F12C4 0x001F12C4 0x00000000
IsBadWritePtr - 0x005F12C8 0x001F12C8 0x001F12C8 0x00000000
SetUnhandledExceptionFilter - 0x005F12CC 0x001F12CC 0x001F12CC 0x00000000
GetStringTypeA - 0x005F12D0 0x001F12D0 0x001F12D0 0x00000000
GetStringTypeW - 0x005F12D4 0x001F12D4 0x001F12D4 0x00000000
CompareStringA - 0x005F12D8 0x001F12D8 0x001F12D8 0x00000000
CompareStringW - 0x005F12DC 0x001F12DC 0x001F12DC 0x00000000
IsBadReadPtr - 0x005F12E0 0x001F12E0 0x001F12E0 0x00000000
IsBadCodePtr - 0x005F12E4 0x001F12E4 0x001F12E4 0x00000000
IsValidLocale - 0x005F12E8 0x001F12E8 0x001F12E8 0x00000000
IsValidCodePage - 0x005F12EC 0x001F12EC 0x001F12EC 0x00000000
EnumSystemLocalesA - 0x005F12F0 0x001F12F0 0x001F12F0 0x00000000
GetLocaleInfoW - 0x005F12F4 0x001F12F4 0x001F12F4 0x00000000
SetNamedPipeHandleState - 0x005F12F8 0x001F12F8 0x001F12F8 0x00000000
WaitNamedPipeA - 0x005F12FC 0x001F12FC 0x001F12FC 0x00000000
UnmapViewOfFile - 0x005F1300 0x001F1300 0x001F1300 0x00000000
MapViewOfFile - 0x005F1304 0x001F1304 0x001F1304 0x00000000
OpenFileMappingA - 0x005F1308 0x001F1308 0x001F1308 0x00000000
OpenEventA - 0x005F130C 0x001F130C 0x001F130C 0x00000000
CreateToolhelp32Snapshot - 0x005F1310 0x001F1310 0x001F1310 0x00000000
Process32First - 0x005F1314 0x001F1314 0x001F1314 0x00000000
Process32Next - 0x005F1318 0x001F1318 0x001F1318 0x00000000
WideCharToMultiByte - 0x005F131C 0x001F131C 0x001F131C 0x00000000
MultiByteToWideChar - 0x005F1320 0x001F1320 0x001F1320 0x00000000
GetCurrentProcess - 0x005F1324 0x001F1324 0x001F1324 0x00000000
GetWindowsDirectoryA - 0x005F1328 0x001F1328 0x001F1328 0x00000000
TryEnterCriticalSection - 0x005F132C 0x001F132C 0x001F132C 0x00000000
SuspendThread - 0x005F1330 0x001F1330 0x001F1330 0x00000000
GetExitCodeThread - 0x005F1334 0x001F1334 0x001F1334 0x00000000
TerminateThread - 0x005F1338 0x001F1338 0x001F1338 0x00000000
ExitThread - 0x005F133C 0x001F133C 0x001F133C 0x00000000
InterlockedDecrement - 0x005F1340 0x001F1340 0x001F1340 0x00000000
InterlockedIncrement - 0x005F1344 0x001F1344 0x001F1344 0x00000000
CreateSemaphoreA - 0x005F1348 0x001F1348 0x001F1348 0x00000000
ResumeThread - 0x005F134C 0x001F134C 0x001F134C 0x00000000
ReleaseSemaphore - 0x005F1350 0x001F1350 0x001F1350 0x00000000
EnterCriticalSection - 0x005F1354 0x001F1354 0x001F1354 0x00000000
LeaveCriticalSection - 0x005F1358 0x001F1358 0x001F1358 0x00000000
GetProfileStringA - 0x005F135C 0x001F135C 0x001F135C 0x00000000
WriteFile - 0x005F1360 0x001F1360 0x001F1360 0x00000000
ReadFile - 0x005F1364 0x001F1364 0x001F1364 0x00000000
GetLastError - 0x005F1368 0x001F1368 0x001F1368 0x00000000
WaitForMultipleObjects - 0x005F136C 0x001F136C 0x001F136C 0x00000000
CreateFileA - 0x005F1370 0x001F1370 0x001F1370 0x00000000
SetEvent - 0x005F1374 0x001F1374 0x001F1374 0x00000000
FindResourceA - 0x005F1378 0x001F1378 0x001F1378 0x00000000
LoadResource - 0x005F137C 0x001F137C 0x001F137C 0x00000000
LockResource - 0x005F1380 0x001F1380 0x001F1380 0x00000000
GetModuleFileNameA - 0x005F1384 0x001F1384 0x001F1384 0x00000000
GetCurrentThreadId - 0x005F1388 0x001F1388 0x001F1388 0x00000000
ExitProcess - 0x005F138C 0x001F138C 0x001F138C 0x00000000
GlobalSize - 0x005F1390 0x001F1390 0x001F1390 0x00000000
GlobalFree - 0x005F1394 0x001F1394 0x001F1394 0x00000000
DeleteCriticalSection - 0x005F1398 0x001F1398 0x001F1398 0x00000000
InitializeCriticalSection - 0x005F139C 0x001F139C 0x001F139C 0x00000000
lstrcatA - 0x005F13A0 0x001F13A0 0x001F13A0 0x00000000
WinExec - 0x005F13A4 0x001F13A4 0x001F13A4 0x00000000
lstrcpyA - 0x005F13A8 0x001F13A8 0x001F13A8 0x00000000
FindNextFileA - 0x005F13AC 0x001F13AC 0x001F13AC 0x00000000
GetDriveTypeA - 0x005F13B0 0x001F13B0 0x001F13B0 0x00000000
GlobalReAlloc - 0x005F13B4 0x001F13B4 0x001F13B4 0x00000000
HeapFree - 0x005F13B8 0x001F13B8 0x001F13B8 0x00000000
HeapReAlloc - 0x005F13BC 0x001F13BC 0x001F13BC 0x00000000
GetProcessHeap - 0x005F13C0 0x001F13C0 0x001F13C0 0x00000000
HeapAlloc - 0x005F13C4 0x001F13C4 0x001F13C4 0x00000000
GetUserDefaultLCID - 0x005F13C8 0x001F13C8 0x001F13C8 0x00000000
GetFullPathNameA - 0x005F13CC 0x001F13CC 0x001F13CC 0x00000000
FreeLibrary - 0x005F13D0 0x001F13D0 0x001F13D0 0x00000000
LoadLibraryA - 0x005F13D4 0x001F13D4 0x001F13D4 0x00000000
lstrlenA - 0x005F13D8 0x001F13D8 0x001F13D8 0x00000000
lstrlenW - 0x005F13DC 0x001F13DC 0x001F13DC 0x00000000
GetVersionExA - 0x005F13E0 0x001F13E0 0x001F13E0 0x00000000
WritePrivateProfileStringA - 0x005F13E4 0x001F13E4 0x001F13E4 0x00000000
GetPrivateProfileStringA - 0x005F13E8 0x001F13E8 0x001F13E8 0x00000000
CreateThread - 0x005F13EC 0x001F13EC 0x001F13EC 0x00000000
CreateEventA - 0x005F13F0 0x001F13F0 0x001F13F0 0x00000000
Sleep - 0x005F13F4 0x001F13F4 0x001F13F4 0x00000000
GlobalAlloc - 0x005F13F8 0x001F13F8 0x001F13F8 0x00000000
GlobalLock - 0x005F13FC 0x001F13FC 0x001F13FC 0x00000000
GlobalUnlock - 0x005F1400 0x001F1400 0x001F1400 0x00000000
GetTempPathA - 0x005F1404 0x001F1404 0x001F1404 0x00000000
FindFirstFileA - 0x005F1408 0x001F1408 0x001F1408 0x00000000
FindClose - 0x005F140C 0x001F140C 0x001F140C 0x00000000
GetFileAttributesA - 0x005F1410 0x001F1410 0x001F1410 0x00000000
DeleteFileA - 0x005F1414 0x001F1414 0x001F1414 0x00000000
CreateDirectoryA - 0x005F1418 0x001F1418 0x001F1418 0x00000000
GetCurrentDirectoryA - 0x005F141C 0x001F141C 0x001F141C 0x00000000
SetCurrentDirectoryA - 0x005F1420 0x001F1420 0x001F1420 0x00000000
GetVolumeInformationA - 0x005F1424 0x001F1424 0x001F1424 0x00000000
GetModuleHandleA - 0x005F1428 0x001F1428 0x001F1428 0x00000000
GetProcAddress - 0x005F142C 0x001F142C 0x001F142C 0x00000000
MulDiv - 0x005F1430 0x001F1430 0x001F1430 0x00000000
GetCommandLineA - 0x005F1434 0x001F1434 0x001F1434 0x00000000
GetTickCount - 0x005F1438 0x001F1438 0x001F1438 0x00000000
CreateProcessA - 0x005F143C 0x001F143C 0x001F143C 0x00000000
WaitForSingleObject - 0x005F1440 0x001F1440 0x001F1440 0x00000000
CloseHandle - 0x005F1444 0x001F1444 0x001F1444 0x00000000
InterlockedExchange - 0x005F1448 0x001F1448 0x001F1448 0x00000000
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumValueA - 0x005F1000 0x001F1000 0x001F1000 0x00000000
RegCloseKey - 0x005F1004 0x001F1004 0x001F1004 0x00000000
RegOpenKeyExA - 0x005F1008 0x001F1008 0x001F1008 0x00000000
RegSetValueExA - 0x005F100C 0x001F100C 0x001F100C 0x00000000
RegQueryValueA - 0x005F1010 0x001F1010 0x001F1010 0x00000000
RegCreateKeyExA - 0x005F1014 0x001F1014 0x001F1014 0x00000000
AVIFIL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIStreamGetFrame - 0x005F101C 0x001F101C 0x001F101C 0x00000000
AVIStreamInfoA - 0x005F1020 0x001F1020 0x001F1020 0x00000000
COMCTL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetBkColor - 0x005F1028 0x001F1028 0x001F1028 0x00000000
ImageList_GetImageCount - 0x005F102C 0x001F102C 0x001F102C 0x00000000
None 0x00000011 0x005F1030 0x001F1030 0x001F1030 -
_TrackMouseEvent - 0x005F1034 0x001F1034 0x001F1034 0x00000000
ImageList_Destroy - 0x005F1038 0x001F1038 0x001F1038 0x00000000
ImageList_Read - 0x005F103C 0x001F103C 0x001F103C 0x00000000
ImageList_Duplicate - 0x005F1040 0x001F1040 0x001F1040 0x00000000
comdlg32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChooseColorA - 0x005F1824 0x001F1824 0x001F1824 0x00000000
ChooseFontA - 0x005F1828 0x001F1828 0x001F1828 0x00000000
GetOpenFileNameA - 0x005F182C 0x001F182C 0x001F182C 0x00000000
GetSaveFileNameA - 0x005F1830 0x001F1830 0x001F1830 0x00000000
GetFileTitleA - 0x005F1834 0x001F1834 0x001F1834 0x00000000
GDI32.dll (95)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Chord - 0x005F1048 0x001F1048 0x001F1048 0x00000000
Pie - 0x005F104C 0x001F104C 0x001F104C 0x00000000
Arc - 0x005F1050 0x001F1050 0x001F1050 0x00000000
RoundRect - 0x005F1054 0x001F1054 0x001F1054 0x00000000
GetCurrentObject - 0x005F1058 0x001F1058 0x001F1058 0x00000000
DPtoLP - 0x005F105C 0x001F105C 0x001F105C 0x00000000
Polygon - 0x005F1060 0x001F1060 0x001F1060 0x00000000
LPtoDP - 0x005F1064 0x001F1064 0x001F1064 0x00000000
Rectangle - 0x005F1068 0x001F1068 0x001F1068 0x00000000
SetPixelV - 0x005F106C 0x001F106C 0x001F106C 0x00000000
CreateCompatibleDC - 0x005F1070 0x001F1070 0x001F1070 0x00000000
GetPixel - 0x005F1074 0x001F1074 0x001F1074 0x00000000
BitBlt - 0x005F1078 0x001F1078 0x001F1078 0x00000000
GetTextExtentPoint32A - 0x005F107C 0x001F107C 0x001F107C 0x00000000
StartPage - 0x005F1080 0x001F1080 0x001F1080 0x00000000
StartDocA - 0x005F1084 0x001F1084 0x001F1084 0x00000000
Ellipse - 0x005F1088 0x001F1088 0x001F1088 0x00000000
GetTextMetricsA - 0x005F108C 0x001F108C 0x001F108C 0x00000000
Escape - 0x005F1090 0x001F1090 0x001F1090 0x00000000
ExtTextOutA - 0x005F1094 0x001F1094 0x001F1094 0x00000000
RectVisible - 0x005F1098 0x001F1098 0x001F1098 0x00000000
PtVisible - 0x005F109C 0x001F109C 0x001F109C 0x00000000
DeleteDC - 0x005F10A0 0x001F10A0 0x001F10A0 0x00000000
EndDoc - 0x005F10A4 0x001F10A4 0x001F10A4 0x00000000
EndPage - 0x005F10A8 0x001F10A8 0x001F10A8 0x00000000
GetObjectA - 0x005F10AC 0x001F10AC 0x001F10AC 0x00000000
GetStockObject - 0x005F10B0 0x001F10B0 0x001F10B0 0x00000000
CreateFontIndirectA - 0x005F10B4 0x001F10B4 0x001F10B4 0x00000000
CreateSolidBrush - 0x005F10B8 0x001F10B8 0x001F10B8 0x00000000
CombineRgn - 0x005F10BC 0x001F10BC 0x001F10BC 0x00000000
CreateRectRgn - 0x005F10C0 0x001F10C0 0x001F10C0 0x00000000
FillRgn - 0x005F10C4 0x001F10C4 0x001F10C4 0x00000000
PatBlt - 0x005F10C8 0x001F10C8 0x001F10C8 0x00000000
CreatePen - 0x005F10CC 0x001F10CC 0x001F10CC 0x00000000
SelectObject - 0x005F10D0 0x001F10D0 0x001F10D0 0x00000000
CreatePatternBrush - 0x005F10D4 0x001F10D4 0x001F10D4 0x00000000
CreateBitmap - 0x005F10D8 0x001F10D8 0x001F10D8 0x00000000
CreateHatchBrush - 0x005F10DC 0x001F10DC 0x001F10DC 0x00000000
CreateBrushIndirect - 0x005F10E0 0x001F10E0 0x001F10E0 0x00000000
CreateDCA - 0x005F10E4 0x001F10E4 0x001F10E4 0x00000000
CreateCompatibleBitmap - 0x005F10E8 0x001F10E8 0x001F10E8 0x00000000
GetPolyFillMode - 0x005F10EC 0x001F10EC 0x001F10EC 0x00000000
GetStretchBltMode - 0x005F10F0 0x001F10F0 0x001F10F0 0x00000000
GetROP2 - 0x005F10F4 0x001F10F4 0x001F10F4 0x00000000
GetBkColor - 0x005F10F8 0x001F10F8 0x001F10F8 0x00000000
GetBkMode - 0x005F10FC 0x001F10FC 0x001F10FC 0x00000000
GetTextColor - 0x005F1100 0x001F1100 0x001F1100 0x00000000
CreateRoundRectRgn - 0x005F1104 0x001F1104 0x001F1104 0x00000000
CreateEllipticRgn - 0x005F1108 0x001F1108 0x001F1108 0x00000000
PathToRegion - 0x005F110C 0x001F110C 0x001F110C 0x00000000
EndPath - 0x005F1110 0x001F1110 0x001F1110 0x00000000
BeginPath - 0x005F1114 0x001F1114 0x001F1114 0x00000000
GetWindowOrgEx - 0x005F1118 0x001F1118 0x001F1118 0x00000000
GetViewportOrgEx - 0x005F111C 0x001F111C 0x001F111C 0x00000000
GetWindowExtEx - 0x005F1120 0x001F1120 0x001F1120 0x00000000
GetDIBits - 0x005F1124 0x001F1124 0x001F1124 0x00000000
RealizePalette - 0x005F1128 0x001F1128 0x001F1128 0x00000000
SelectPalette - 0x005F112C 0x001F112C 0x001F112C 0x00000000
StretchBlt - 0x005F1130 0x001F1130 0x001F1130 0x00000000
CreatePalette - 0x005F1134 0x001F1134 0x001F1134 0x00000000
GetSystemPaletteEntries - 0x005F1138 0x001F1138 0x001F1138 0x00000000
CreateDIBitmap - 0x005F113C 0x001F113C 0x001F113C 0x00000000
DeleteObject - 0x005F1140 0x001F1140 0x001F1140 0x00000000
SelectClipRgn - 0x005F1144 0x001F1144 0x001F1144 0x00000000
CreatePolygonRgn - 0x005F1148 0x001F1148 0x001F1148 0x00000000
GetClipRgn - 0x005F114C 0x001F114C 0x001F114C 0x00000000
SetStretchBltMode - 0x005F1150 0x001F1150 0x001F1150 0x00000000
ExtCreateRegion - 0x005F1154 0x001F1154 0x001F1154 0x00000000
SetPixel - 0x005F1158 0x001F1158 0x001F1158 0x00000000
CreateDIBSection - 0x005F115C 0x001F115C 0x001F115C 0x00000000
CreateRectRgnIndirect - 0x005F1160 0x001F1160 0x001F1160 0x00000000
SetBkColor - 0x005F1164 0x001F1164 0x001F1164 0x00000000
TextOutA - 0x005F1168 0x001F1168 0x001F1168 0x00000000
SetBkMode - 0x005F116C 0x001F116C 0x001F116C 0x00000000
SetTextColor - 0x005F1170 0x001F1170 0x001F1170 0x00000000
SetDIBitsToDevice - 0x005F1174 0x001F1174 0x001F1174 0x00000000
SaveDC - 0x005F1178 0x001F1178 0x001F1178 0x00000000
RestoreDC - 0x005F117C 0x001F117C 0x001F117C 0x00000000
SetPolyFillMode - 0x005F1180 0x001F1180 0x001F1180 0x00000000
SetROP2 - 0x005F1184 0x001F1184 0x001F1184 0x00000000
SetMapMode - 0x005F1188 0x001F1188 0x001F1188 0x00000000
SetViewportOrgEx - 0x005F118C 0x001F118C 0x001F118C 0x00000000
OffsetViewportOrgEx - 0x005F1190 0x001F1190 0x001F1190 0x00000000
SetViewportExtEx - 0x005F1194 0x001F1194 0x001F1194 0x00000000
ScaleViewportExtEx - 0x005F1198 0x001F1198 0x001F1198 0x00000000
SetWindowOrgEx - 0x005F119C 0x001F119C 0x001F119C 0x00000000
SetWindowExtEx - 0x005F11A0 0x001F11A0 0x001F11A0 0x00000000
ScaleWindowExtEx - 0x005F11A4 0x001F11A4 0x001F11A4 0x00000000
GetClipBox - 0x005F11A8 0x001F11A8 0x001F11A8 0x00000000
ExcludeClipRect - 0x005F11AC 0x001F11AC 0x001F11AC 0x00000000
MoveToEx - 0x005F11B0 0x001F11B0 0x001F11B0 0x00000000
LineTo - 0x005F11B4 0x001F11B4 0x001F11B4 0x00000000
ExtSelectClipRgn - 0x005F11B8 0x001F11B8 0x001F11B8 0x00000000
GetViewportExtEx - 0x005F11BC 0x001F11BC 0x001F11BC 0x00000000
GetDeviceCaps - 0x005F11C0 0x001F11C0 0x001F11C0 0x00000000
MSVFW32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DrawDibDraw - 0x005F1450 0x001F1450 0x001F1450 0x00000000
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CLSIDFromProgID - 0x005F183C 0x001F183C 0x001F183C 0x00000000
CoUninitialize - 0x005F1840 0x001F1840 0x001F1840 0x00000000
OleInitialize - 0x005F1844 0x001F1844 0x001F1844 0x00000000
OleUninitialize - 0x005F1848 0x001F1848 0x001F1848 0x00000000
CLSIDFromString - 0x005F184C 0x001F184C 0x001F184C 0x00000000
CoCreateInstance - 0x005F1850 0x001F1850 0x001F1850 0x00000000
OleRun - 0x005F1854 0x001F1854 0x001F1854 0x00000000
CoInitialize - 0x005F1858 0x001F1858 0x001F1858 0x00000000
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x00000009 0x005F1458 0x001F1458 0x001F1458 -
VariantChangeType 0x0000000C 0x005F145C 0x001F145C 0x001F145C -
UnRegisterTypeLib 0x000000BA 0x005F1460 0x001F1460 0x001F1460 -
LoadTypeLib 0x000000A1 0x005F1464 0x001F1464 0x001F1464 -
LHashValOfNameSys 0x000000A5 0x005F1468 0x001F1468 0x001F1468 -
RegisterTypeLib 0x000000A3 0x005F146C 0x001F146C 0x001F146C -
VariantCopyInd 0x0000000B 0x005F1470 0x001F1470 0x001F1470 -
VariantInit 0x00000008 0x005F1474 0x001F1474 0x001F1474 -
SysAllocString 0x00000002 0x005F1478 0x001F1478 0x001F1478 -
RASAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RasGetConnectStatusA - 0x005F1480 0x001F1480 0x001F1480 0x00000000
RasHangUpA - 0x005F1484 0x001F1484 0x001F1484 0x00000000
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Shell_NotifyIconA - 0x005F148C 0x001F148C 0x001F148C 0x00000000
ShellExecuteA - 0x005F1490 0x001F1490 0x001F1490 0x00000000
USER32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadStringA - 0x005F1498 0x001F1498 0x001F1498 0x00000000
GetSysColorBrush - 0x005F149C 0x001F149C 0x001F149C 0x00000000
EnumChildWindows - 0x005F14A0 0x001F14A0 0x001F14A0 0x00000000
GetClassNameA - 0x005F14A4 0x001F14A4 0x001F14A4 0x00000000
DrawIcon - 0x005F14A8 0x001F14A8 0x001F14A8 0x00000000
CallWindowProcA - 0x005F14AC 0x001F14AC 0x001F14AC 0x00000000
RegisterWindowMessageA - 0x005F14B0 0x001F14B0 0x001F14B0 0x00000000
DrawStateA - 0x005F14B4 0x001F14B4 0x001F14B4 0x00000000
FrameRect - 0x005F14B8 0x001F14B8 0x001F14B8 0x00000000
GetNextDlgTabItem - 0x005F14BC 0x001F14BC 0x001F14BC 0x00000000
SystemParametersInfoA - 0x005F14C0 0x001F14C0 0x001F14C0 0x00000000
TranslateMessage - 0x005F14C4 0x001F14C4 0x001F14C4 0x00000000
LoadIconA - 0x005F14C8 0x001F14C8 0x001F14C8 0x00000000
DrawFrameControl - 0x005F14CC 0x001F14CC 0x001F14CC 0x00000000
DrawEdge - 0x005F14D0 0x001F14D0 0x001F14D0 0x00000000
DrawFocusRect - 0x005F14D4 0x001F14D4 0x001F14D4 0x00000000
WindowFromPoint - 0x005F14D8 0x001F14D8 0x001F14D8 0x00000000
GetMessageA - 0x005F14DC 0x001F14DC 0x001F14DC 0x00000000
DispatchMessageA - 0x005F14E0 0x001F14E0 0x001F14E0 0x00000000
SetRectEmpty - 0x005F14E4 0x001F14E4 0x001F14E4 0x00000000
RegisterClipboardFormatA - 0x005F14E8 0x001F14E8 0x001F14E8 0x00000000
CreateIconFromResourceEx - 0x005F14EC 0x001F14EC 0x001F14EC 0x00000000
CreateIconFromResource - 0x005F14F0 0x001F14F0 0x001F14F0 0x00000000
DrawIconEx - 0x005F14F4 0x001F14F4 0x001F14F4 0x00000000
CreatePopupMenu - 0x005F14F8 0x001F14F8 0x001F14F8 0x00000000
AppendMenuA - 0x005F14FC 0x001F14FC 0x001F14FC 0x00000000
ModifyMenuA - 0x005F1500 0x001F1500 0x001F1500 0x00000000
CreateMenu - 0x005F1504 0x001F1504 0x001F1504 0x00000000
CreateAcceleratorTableA - 0x005F1508 0x001F1508 0x001F1508 0x00000000
GetDlgCtrlID - 0x005F150C 0x001F150C 0x001F150C 0x00000000
GetSubMenu - 0x005F1510 0x001F1510 0x001F1510 0x00000000
EnableMenuItem - 0x005F1514 0x001F1514 0x001F1514 0x00000000
ClientToScreen - 0x005F1518 0x001F1518 0x001F1518 0x00000000
EnumDisplaySettingsA - 0x005F151C 0x001F151C 0x001F151C 0x00000000
LoadImageA - 0x005F1520 0x001F1520 0x001F1520 0x00000000
ShowWindow - 0x005F1524 0x001F1524 0x001F1524 0x00000000
IsWindowEnabled - 0x005F1528 0x001F1528 0x001F1528 0x00000000
TranslateAcceleratorA - 0x005F152C 0x001F152C 0x001F152C 0x00000000
GetKeyState - 0x005F1530 0x001F1530 0x001F1530 0x00000000
CopyAcceleratorTableA - 0x005F1534 0x001F1534 0x001F1534 0x00000000
PostQuitMessage - 0x005F1538 0x001F1538 0x001F1538 0x00000000
IsZoomed - 0x005F153C 0x001F153C 0x001F153C 0x00000000
GetSystemMenu - 0x005F1540 0x001F1540 0x001F1540 0x00000000
DeleteMenu - 0x005F1544 0x001F1544 0x001F1544 0x00000000
GetClassInfoA - 0x005F1548 0x001F1548 0x001F1548 0x00000000
DefWindowProcA - 0x005F154C 0x001F154C 0x001F154C 0x00000000
GetMenu - 0x005F1550 0x001F1550 0x001F1550 0x00000000
SetMenu - 0x005F1554 0x001F1554 0x001F1554 0x00000000
PeekMessageA - 0x005F1558 0x001F1558 0x001F1558 0x00000000
IsIconic - 0x005F155C 0x001F155C 0x001F155C 0x00000000
SetFocus - 0x005F1560 0x001F1560 0x001F1560 0x00000000
GetActiveWindow - 0x005F1564 0x001F1564 0x001F1564 0x00000000
DestroyAcceleratorTable - 0x005F1568 0x001F1568 0x001F1568 0x00000000
SetWindowRgn - 0x005F156C 0x001F156C 0x001F156C 0x00000000
GetMessagePos - 0x005F1570 0x001F1570 0x001F1570 0x00000000
ScreenToClient - 0x005F1574 0x001F1574 0x001F1574 0x00000000
ChildWindowFromPointEx - 0x005F1578 0x001F1578 0x001F1578 0x00000000
CopyRect - 0x005F157C 0x001F157C 0x001F157C 0x00000000
LoadBitmapA - 0x005F1580 0x001F1580 0x001F1580 0x00000000
WinHelpA - 0x005F1584 0x001F1584 0x001F1584 0x00000000
KillTimer - 0x005F1588 0x001F1588 0x001F1588 0x00000000
SetTimer - 0x005F158C 0x001F158C 0x001F158C 0x00000000
ReleaseCapture - 0x005F1590 0x001F1590 0x001F1590 0x00000000
GetCapture - 0x005F1594 0x001F1594 0x001F1594 0x00000000
SetCapture - 0x005F1598 0x001F1598 0x001F1598 0x00000000
GetScrollRange - 0x005F159C 0x001F159C 0x001F159C 0x00000000
SetScrollRange - 0x005F15A0 0x001F15A0 0x001F15A0 0x00000000
SetScrollPos - 0x005F15A4 0x001F15A4 0x001F15A4 0x00000000
InflateRect - 0x005F15A8 0x001F15A8 0x001F15A8 0x00000000
SetRect - 0x005F15AC 0x001F15AC 0x001F15AC 0x00000000
IntersectRect - 0x005F15B0 0x001F15B0 0x001F15B0 0x00000000
DestroyIcon - 0x005F15B4 0x001F15B4 0x001F15B4 0x00000000
PtInRect - 0x005F15B8 0x001F15B8 0x001F15B8 0x00000000
IsWindowVisible - 0x005F15BC 0x001F15BC 0x001F15BC 0x00000000
EnableWindow - 0x005F15C0 0x001F15C0 0x001F15C0 0x00000000
RedrawWindow - 0x005F15C4 0x001F15C4 0x001F15C4 0x00000000
GetWindowLongA - 0x005F15C8 0x001F15C8 0x001F15C8 0x00000000
SetWindowLongA - 0x005F15CC 0x001F15CC 0x001F15CC 0x00000000
GetSysColor - 0x005F15D0 0x001F15D0 0x001F15D0 0x00000000
SetActiveWindow - 0x005F15D4 0x001F15D4 0x001F15D4 0x00000000
SetCursorPos - 0x005F15D8 0x001F15D8 0x001F15D8 0x00000000
LoadCursorA - 0x005F15DC 0x001F15DC 0x001F15DC 0x00000000
SetCursor - 0x005F15E0 0x001F15E0 0x001F15E0 0x00000000
GetDC - 0x005F15E4 0x001F15E4 0x001F15E4 0x00000000
FillRect - 0x005F15E8 0x001F15E8 0x001F15E8 0x00000000
InvertRect - 0x005F15EC 0x001F15EC 0x001F15EC 0x00000000
IsRectEmpty - 0x005F15F0 0x001F15F0 0x001F15F0 0x00000000
ScrollDC - 0x005F15F4 0x001F15F4 0x001F15F4 0x00000000
ReleaseDC - 0x005F15F8 0x001F15F8 0x001F15F8 0x00000000
IsChild - 0x005F15FC 0x001F15FC 0x001F15FC 0x00000000
TrackPopupMenu - 0x005F1600 0x001F1600 0x001F1600 0x00000000
DestroyMenu - 0x005F1604 0x001F1604 0x001F1604 0x00000000
SetForegroundWindow - 0x005F1608 0x001F1608 0x001F1608 0x00000000
GetWindowRect - 0x005F160C 0x001F160C 0x001F160C 0x00000000
EqualRect - 0x005F1610 0x001F1610 0x001F1610 0x00000000
UpdateWindow - 0x005F1614 0x001F1614 0x001F1614 0x00000000
ValidateRect - 0x005F1618 0x001F1618 0x001F1618 0x00000000
InvalidateRect - 0x005F161C 0x001F161C 0x001F161C 0x00000000
GetClientRect - 0x005F1620 0x001F1620 0x001F1620 0x00000000
GetFocus - 0x005F1624 0x001F1624 0x001F1624 0x00000000
GetParent - 0x005F1628 0x001F1628 0x001F1628 0x00000000
GetTopWindow - 0x005F162C 0x001F162C 0x001F162C 0x00000000
PostMessageA - 0x005F1630 0x001F1630 0x001F1630 0x00000000
IsWindow - 0x005F1634 0x001F1634 0x001F1634 0x00000000
SetParent - 0x005F1638 0x001F1638 0x001F1638 0x00000000
DestroyCursor - 0x005F163C 0x001F163C 0x001F163C 0x00000000
SendMessageA - 0x005F1640 0x001F1640 0x001F1640 0x00000000
SetWindowPos - 0x005F1644 0x001F1644 0x001F1644 0x00000000
MessageBoxA - 0x005F1648 0x001F1648 0x001F1648 0x00000000
GetCursorPos - 0x005F164C 0x001F164C 0x001F164C 0x00000000
GetSystemMetrics - 0x005F1650 0x001F1650 0x001F1650 0x00000000
EmptyClipboard - 0x005F1654 0x001F1654 0x001F1654 0x00000000
SetClipboardData - 0x005F1658 0x001F1658 0x001F1658 0x00000000
OpenClipboard - 0x005F165C 0x001F165C 0x001F165C 0x00000000
GetClipboardData - 0x005F1660 0x001F1660 0x001F1660 0x00000000
CloseClipboard - 0x005F1664 0x001F1664 0x001F1664 0x00000000
wsprintfA - 0x005F1668 0x001F1668 0x001F1668 0x00000000
WaitForInputIdle - 0x005F166C 0x001F166C 0x001F166C 0x00000000
GetMenuCheckMarkDimensions - 0x005F1670 0x001F1670 0x001F1670 0x00000000
GetMenuState - 0x005F1674 0x001F1674 0x001F1674 0x00000000
SetMenuItemBitmaps - 0x005F1678 0x001F1678 0x001F1678 0x00000000
CheckMenuItem - 0x005F167C 0x001F167C 0x001F167C 0x00000000
MoveWindow - 0x005F1680 0x001F1680 0x001F1680 0x00000000
IsDialogMessageA - 0x005F1684 0x001F1684 0x001F1684 0x00000000
ScrollWindowEx - 0x005F1688 0x001F1688 0x001F1688 0x00000000
SendDlgItemMessageA - 0x005F168C 0x001F168C 0x001F168C 0x00000000
MapWindowPoints - 0x005F1690 0x001F1690 0x001F1690 0x00000000
AdjustWindowRectEx - 0x005F1694 0x001F1694 0x001F1694 0x00000000
GetScrollPos - 0x005F1698 0x001F1698 0x001F1698 0x00000000
RegisterClassA - 0x005F169C 0x001F169C 0x001F169C 0x00000000
GetMenuItemCount - 0x005F16A0 0x001F16A0 0x001F16A0 0x00000000
GetMenuItemID - 0x005F16A4 0x001F16A4 0x001F16A4 0x00000000
CreateWindowExA - 0x005F16A8 0x001F16A8 0x001F16A8 0x00000000
SetWindowsHookExA - 0x005F16AC 0x001F16AC 0x001F16AC 0x00000000
CallNextHookEx - 0x005F16B0 0x001F16B0 0x001F16B0 0x00000000
GetClassLongA - 0x005F16B4 0x001F16B4 0x001F16B4 0x00000000
SetPropA - 0x005F16B8 0x001F16B8 0x001F16B8 0x00000000
UnhookWindowsHookEx - 0x005F16BC 0x001F16BC 0x001F16BC 0x00000000
GetPropA - 0x005F16C0 0x001F16C0 0x001F16C0 0x00000000
RemovePropA - 0x005F16C4 0x001F16C4 0x001F16C4 0x00000000
GetMessageTime - 0x005F16C8 0x001F16C8 0x001F16C8 0x00000000
GetLastActivePopup - 0x005F16CC 0x001F16CC 0x001F16CC 0x00000000
GetWindowPlacement - 0x005F16D0 0x001F16D0 0x001F16D0 0x00000000
EndDialog - 0x005F16D4 0x001F16D4 0x001F16D4 0x00000000
CreateDialogIndirectParamA - 0x005F16D8 0x001F16D8 0x001F16D8 0x00000000
DestroyWindow - 0x005F16DC 0x001F16DC 0x001F16DC 0x00000000
GrayStringA - 0x005F16E0 0x001F16E0 0x001F16E0 0x00000000
DrawTextA - 0x005F16E4 0x001F16E4 0x001F16E4 0x00000000
TabbedTextOutA - 0x005F16E8 0x001F16E8 0x001F16E8 0x00000000
EndPaint - 0x005F16EC 0x001F16EC 0x001F16EC 0x00000000
BeginPaint - 0x005F16F0 0x001F16F0 0x001F16F0 0x00000000
GetWindowDC - 0x005F16F4 0x001F16F4 0x001F16F4 0x00000000
CharUpperA - 0x005F16F8 0x001F16F8 0x001F16F8 0x00000000
GetWindowTextLengthA - 0x005F16FC 0x001F16FC 0x001F16FC 0x00000000
SetWindowTextA - 0x005F1700 0x001F1700 0x001F1700 0x00000000
GetWindowTextA - 0x005F1704 0x001F1704 0x001F1704 0x00000000
GetDlgItem - 0x005F1708 0x001F1708 0x001F1708 0x00000000
GetWindowThreadProcessId - 0x005F170C 0x001F170C 0x001F170C 0x00000000
GetDesktopWindow - 0x005F1710 0x001F1710 0x001F1710 0x00000000
GetForegroundWindow - 0x005F1714 0x001F1714 0x001F1714 0x00000000
GetWindow - 0x005F1718 0x001F1718 0x001F1718 0x00000000
FindWindowA - 0x005F171C 0x001F171C 0x001F171C 0x00000000
OffsetRect - 0x005F1720 0x001F1720 0x001F1720 0x00000000
UnregisterClassA - 0x005F1724 0x001F1724 0x001F1724 0x00000000
WININET.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetCloseHandle - 0x005F172C 0x001F172C 0x001F172C 0x00000000
InternetOpenA - 0x005F1730 0x001F1730 0x001F1730 0x00000000
InternetCanonicalizeUrlA - 0x005F1734 0x001F1734 0x001F1734 0x00000000
InternetCrackUrlA - 0x005F1738 0x001F1738 0x001F1738 0x00000000
HttpOpenRequestA - 0x005F173C 0x001F173C 0x001F173C 0x00000000
HttpSendRequestA - 0x005F1740 0x001F1740 0x001F1740 0x00000000
HttpQueryInfoA - 0x005F1744 0x001F1744 0x001F1744 0x00000000
InternetReadFile - 0x005F1748 0x001F1748 0x001F1748 0x00000000
InternetSetOptionA - 0x005F174C 0x001F174C 0x001F174C 0x00000000
InternetConnectA - 0x005F1750 0x001F1750 0x001F1750 0x00000000
WINMM.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
waveOutRestart - 0x005F1758 0x001F1758 0x001F1758 0x00000000
midiStreamRestart - 0x005F175C 0x001F175C 0x001F175C 0x00000000
midiStreamClose - 0x005F1760 0x001F1760 0x001F1760 0x00000000
midiOutReset - 0x005F1764 0x001F1764 0x001F1764 0x00000000
midiStreamStop - 0x005F1768 0x001F1768 0x001F1768 0x00000000
PlaySoundA - 0x005F176C 0x001F176C 0x001F176C 0x00000000
waveOutUnprepareHeader - 0x005F1770 0x001F1770 0x001F1770 0x00000000
waveOutPrepareHeader - 0x005F1774 0x001F1774 0x001F1774 0x00000000
waveOutWrite - 0x005F1778 0x001F1778 0x001F1778 0x00000000
waveOutPause - 0x005F177C 0x001F177C 0x001F177C 0x00000000
waveOutReset - 0x005F1780 0x001F1780 0x001F1780 0x00000000
waveOutClose - 0x005F1784 0x001F1784 0x001F1784 0x00000000
waveOutGetNumDevs - 0x005F1788 0x001F1788 0x001F1788 0x00000000
waveOutOpen - 0x005F178C 0x001F178C 0x001F178C 0x00000000
midiStreamOut - 0x005F1790 0x001F1790 0x001F1790 0x00000000
midiOutPrepareHeader - 0x005F1794 0x001F1794 0x001F1794 0x00000000
midiStreamProperty - 0x005F1798 0x001F1798 0x001F1798 0x00000000
midiStreamOpen - 0x005F179C 0x001F179C 0x001F179C 0x00000000
midiOutUnprepareHeader - 0x005F17A0 0x001F17A0 0x001F17A0 0x00000000
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA - 0x005F17A8 0x001F17A8 0x001F17A8 0x00000000
ClosePrinter - 0x005F17AC 0x001F17AC 0x001F17AC 0x00000000
DocumentPropertiesA - 0x005F17B0 0x001F17B0 0x001F17B0 0x00000000
WS2_32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostname 0x00000039 0x005F17B8 0x001F17B8 0x001F17B8 -
inet_addr 0x0000000B 0x005F17BC 0x001F17BC 0x001F17BC -
inet_ntoa 0x0000000C 0x005F17C0 0x001F17C0 0x001F17C0 -
gethostbyname 0x00000034 0x005F17C4 0x001F17C4 0x001F17C4 -
WSAStartup 0x00000073 0x005F17C8 0x001F17C8 0x001F17C8 -
WSACleanup 0x00000074 0x005F17CC 0x001F17CC 0x001F17CC -
select 0x00000012 0x005F17D0 0x001F17D0 0x001F17D0 -
send 0x00000013 0x005F17D4 0x001F17D4 0x001F17D4 -
closesocket 0x00000003 0x005F17D8 0x001F17D8 0x001F17D8 -
WSAAsyncSelect 0x00000065 0x005F17DC 0x001F17DC 0x001F17DC -
htons 0x00000009 0x005F17E0 0x001F17E0 0x001F17E0 -
socket 0x00000017 0x005F17E4 0x001F17E4 0x001F17E4 -
setsockopt 0x00000015 0x005F17E8 0x001F17E8 0x001F17E8 -
recvfrom 0x00000011 0x005F17EC 0x001F17EC 0x001F17EC -
ioctlsocket 0x0000000A 0x005F17F0 0x001F17F0 0x001F17F0 -
connect 0x00000004 0x005F17F4 0x001F17F4 0x001F17F4 -
recv 0x00000010 0x005F17F8 0x001F17F8 0x001F17F8 -
getpeername 0x00000005 0x005F17FC 0x001F17FC 0x001F17FC -
accept 0x00000001 0x005F1800 0x001F1800 0x001F1800 -
ntohl 0x0000000E 0x005F1804 0x001F1804 0x001F1804 -
WSAGetLastError 0x0000006F 0x005F1808 0x001F1808 0x001F1808 -
ntohs 0x0000000F 0x005F180C 0x001F180C 0x001F180C -
WSASetLastError 0x00000070 0x005F1810 0x001F1810 0x001F1810 -
WSOCK32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
shutdown 0x00000016 0x005F1818 0x001F1818 0x001F1818 -
getservbyname 0x00000037 0x005F181C 0x001F181C 0x001F181C -
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
ywn7zrvxafl7wo1m.exe 1 0x00400000 0x007A4FFF First Execution False 32-bit 0x005B0CFA True
...
ywn7zrvxafl7wo1m.exe 1 0x00400000 0x007A4FFF Content Changed False 32-bit 0x00593080 True
...
ywn7zrvxafl7wo1m.exe 1 0x00400000 0x007A4FFF Process Termination False 32-bit - True
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
ChineseHacktools_1014 Chinese hacktool Hacktool
5/5
...
C:\Users\RDhJ0CNFevzX\Desktop\ÅäÖÃ\eb94f5.exe Dropped File Binary
Malicious
...
»
Also Known As eb94f5.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 3.19 MB
MD5 c9053e8edb4a4c20ebe0112f51add765 Copy to Clipboard
SHA1 421d0c285cd13391f20cf5ef5bfbb8da4ef55830 Copy to Clipboard
SHA256 b5a62880bfac967e04548ec7fc27b61c5ca28fa76a3589fd96649a68c6cb1e16 Copy to Clipboard
SSDeep 49152:6zG1BqCBGJNodXAWRe5CFHRYHgmApfFNH:DBIaRAWRe5KGUpb Copy to Clipboard
ImpHash 8b810c56433294857b4c849ade154230 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x005B0CFA
Size Of Code 0x001EE000
Size Of Initialized Data 0x00143000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2012-02-08 22:09 (UTC)
Version Information (6)
»
FileVersion 1.0.0.0
FileDescription 易语言程序
ProductName 易语言程序
ProductVersion 1.0.0.0
LegalCopyright 作者版权所有 请尊重并使用正版
Comments 本程序使用易语言编写(http://www.eyuyan.com)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x00401000 0x00002000 0x00002000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.37
.text 0x00403000 0x001EDBAA 0x001EE000 0x00003000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x005F1000 0x0006EB9A 0x0006F000 0x001F1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.42
.data 0x00660000 0x0013C862 0x000CA000 0x00260000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.58
.rsrc 0x0079D000 0x0000739C 0x00008000 0x0032A000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
Imports (17)
»
KERNEL32.DLL (161)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileSize - 0x005F11C8 0x001F11C8 0x001F11C8 0x00000000
TerminateProcess - 0x005F11CC 0x001F11CC 0x001F11CC 0x00000000
OpenProcess - 0x005F11D0 0x001F11D0 0x001F11D0 0x00000000
SetLastError - 0x005F11D4 0x001F11D4 0x001F11D4 0x00000000
GetTimeZoneInformation - 0x005F11D8 0x001F11D8 0x001F11D8 0x00000000
SetFilePointer - 0x005F11DC 0x001F11DC 0x001F11DC 0x00000000
GetLocaleInfoA - 0x005F11E0 0x001F11E0 0x001F11E0 0x00000000
GetVersion - 0x005F11E4 0x001F11E4 0x001F11E4 0x00000000
FileTimeToSystemTime - 0x005F11E8 0x001F11E8 0x001F11E8 0x00000000
CreateMutexA - 0x005F11EC 0x001F11EC 0x001F11EC 0x00000000
ReleaseMutex - 0x005F11F0 0x001F11F0 0x001F11F0 0x00000000
LocalFree - 0x005F11F4 0x001F11F4 0x001F11F4 0x00000000
FileTimeToLocalFileTime - 0x005F11F8 0x001F11F8 0x001F11F8 0x00000000
lstrcpynA - 0x005F11FC 0x001F11FC 0x001F11FC 0x00000000
DuplicateHandle - 0x005F1200 0x001F1200 0x001F1200 0x00000000
FlushFileBuffers - 0x005F1204 0x001F1204 0x001F1204 0x00000000
LockFile - 0x005F1208 0x001F1208 0x001F1208 0x00000000
UnlockFile - 0x005F120C 0x001F120C 0x001F120C 0x00000000
SetEndOfFile - 0x005F1210 0x001F1210 0x001F1210 0x00000000
lstrcmpiA - 0x005F1214 0x001F1214 0x001F1214 0x00000000
GlobalDeleteAtom - 0x005F1218 0x001F1218 0x001F1218 0x00000000
GlobalFindAtomA - 0x005F121C 0x001F121C 0x001F121C 0x00000000
GlobalAddAtomA - 0x005F1220 0x001F1220 0x001F1220 0x00000000
GlobalGetAtomNameA - 0x005F1224 0x001F1224 0x001F1224 0x00000000
lstrcmpA - 0x005F1228 0x001F1228 0x001F1228 0x00000000
LocalAlloc - 0x005F122C 0x001F122C 0x001F122C 0x00000000
TlsAlloc - 0x005F1230 0x001F1230 0x001F1230 0x00000000
GlobalHandle - 0x005F1234 0x001F1234 0x001F1234 0x00000000
TlsFree - 0x005F1238 0x001F1238 0x001F1238 0x00000000
TlsSetValue - 0x005F123C 0x001F123C 0x001F123C 0x00000000
LocalReAlloc - 0x005F1240 0x001F1240 0x001F1240 0x00000000
TlsGetValue - 0x005F1244 0x001F1244 0x001F1244 0x00000000
GetFileTime - 0x005F1248 0x001F1248 0x001F1248 0x00000000
GetCurrentThread - 0x005F124C 0x001F124C 0x001F124C 0x00000000
GlobalFlags - 0x005F1250 0x001F1250 0x001F1250 0x00000000
SetErrorMode - 0x005F1254 0x001F1254 0x001F1254 0x00000000
GetProcessVersion - 0x005F1258 0x001F1258 0x001F1258 0x00000000
GetCPInfo - 0x005F125C 0x001F125C 0x001F125C 0x00000000
GetOEMCP - 0x005F1260 0x001F1260 0x001F1260 0x00000000
GetStartupInfoA - 0x005F1264 0x001F1264 0x001F1264 0x00000000
RtlUnwind - 0x005F1268 0x001F1268 0x001F1268 0x00000000
GetSystemTime - 0x005F126C 0x001F126C 0x001F126C 0x00000000
GetLocalTime - 0x005F1270 0x001F1270 0x001F1270 0x00000000
RaiseException - 0x005F1274 0x001F1274 0x001F1274 0x00000000
HeapSize - 0x005F1278 0x001F1278 0x001F1278 0x00000000
GetACP - 0x005F127C 0x001F127C 0x001F127C 0x00000000
SetStdHandle - 0x005F1280 0x001F1280 0x001F1280 0x00000000
GetFileType - 0x005F1284 0x001F1284 0x001F1284 0x00000000
UnhandledExceptionFilter - 0x005F1288 0x001F1288 0x001F1288 0x00000000
FreeEnvironmentStringsA - 0x005F128C 0x001F128C 0x001F128C 0x00000000
FreeEnvironmentStringsW - 0x005F1290 0x001F1290 0x001F1290 0x00000000
GetEnvironmentStrings - 0x005F1294 0x001F1294 0x001F1294 0x00000000
GetEnvironmentStringsW - 0x005F1298 0x001F1298 0x001F1298 0x00000000
SetHandleCount - 0x005F129C 0x001F129C 0x001F129C 0x00000000
GetStdHandle - 0x005F12A0 0x001F12A0 0x001F12A0 0x00000000
GetEnvironmentVariableA - 0x005F12A4 0x001F12A4 0x001F12A4 0x00000000
HeapDestroy - 0x005F12A8 0x001F12A8 0x001F12A8 0x00000000
HeapCreate - 0x005F12AC 0x001F12AC 0x001F12AC 0x00000000
VirtualFree - 0x005F12B0 0x001F12B0 0x001F12B0 0x00000000
SetEnvironmentVariableW - 0x005F12B4 0x001F12B4 0x001F12B4 0x00000000
SetEnvironmentVariableA - 0x005F12B8 0x001F12B8 0x001F12B8 0x00000000
LCMapStringA - 0x005F12BC 0x001F12BC 0x001F12BC 0x00000000
LCMapStringW - 0x005F12C0 0x001F12C0 0x001F12C0 0x00000000
VirtualAlloc - 0x005F12C4 0x001F12C4 0x001F12C4 0x00000000
IsBadWritePtr - 0x005F12C8 0x001F12C8 0x001F12C8 0x00000000
SetUnhandledExceptionFilter - 0x005F12CC 0x001F12CC 0x001F12CC 0x00000000
GetStringTypeA - 0x005F12D0 0x001F12D0 0x001F12D0 0x00000000
GetStringTypeW - 0x005F12D4 0x001F12D4 0x001F12D4 0x00000000
CompareStringA - 0x005F12D8 0x001F12D8 0x001F12D8 0x00000000
CompareStringW - 0x005F12DC 0x001F12DC 0x001F12DC 0x00000000
IsBadReadPtr - 0x005F12E0 0x001F12E0 0x001F12E0 0x00000000
IsBadCodePtr - 0x005F12E4 0x001F12E4 0x001F12E4 0x00000000
IsValidLocale - 0x005F12E8 0x001F12E8 0x001F12E8 0x00000000
IsValidCodePage - 0x005F12EC 0x001F12EC 0x001F12EC 0x00000000
EnumSystemLocalesA - 0x005F12F0 0x001F12F0 0x001F12F0 0x00000000
GetLocaleInfoW - 0x005F12F4 0x001F12F4 0x001F12F4 0x00000000
SetNamedPipeHandleState - 0x005F12F8 0x001F12F8 0x001F12F8 0x00000000
WaitNamedPipeA - 0x005F12FC 0x001F12FC 0x001F12FC 0x00000000
UnmapViewOfFile - 0x005F1300 0x001F1300 0x001F1300 0x00000000
MapViewOfFile - 0x005F1304 0x001F1304 0x001F1304 0x00000000
OpenFileMappingA - 0x005F1308 0x001F1308 0x001F1308 0x00000000
OpenEventA - 0x005F130C 0x001F130C 0x001F130C 0x00000000
CreateToolhelp32Snapshot - 0x005F1310 0x001F1310 0x001F1310 0x00000000
Process32First - 0x005F1314 0x001F1314 0x001F1314 0x00000000
Process32Next - 0x005F1318 0x001F1318 0x001F1318 0x00000000
WideCharToMultiByte - 0x005F131C 0x001F131C 0x001F131C 0x00000000
MultiByteToWideChar - 0x005F1320 0x001F1320 0x001F1320 0x00000000
GetCurrentProcess - 0x005F1324 0x001F1324 0x001F1324 0x00000000
GetWindowsDirectoryA - 0x005F1328 0x001F1328 0x001F1328 0x00000000
TryEnterCriticalSection - 0x005F132C 0x001F132C 0x001F132C 0x00000000
SuspendThread - 0x005F1330 0x001F1330 0x001F1330 0x00000000
GetExitCodeThread - 0x005F1334 0x001F1334 0x001F1334 0x00000000
TerminateThread - 0x005F1338 0x001F1338 0x001F1338 0x00000000
ExitThread - 0x005F133C 0x001F133C 0x001F133C 0x00000000
InterlockedDecrement - 0x005F1340 0x001F1340 0x001F1340 0x00000000
InterlockedIncrement - 0x005F1344 0x001F1344 0x001F1344 0x00000000
CreateSemaphoreA - 0x005F1348 0x001F1348 0x001F1348 0x00000000
ResumeThread - 0x005F134C 0x001F134C 0x001F134C 0x00000000
ReleaseSemaphore - 0x005F1350 0x001F1350 0x001F1350 0x00000000
EnterCriticalSection - 0x005F1354 0x001F1354 0x001F1354 0x00000000
LeaveCriticalSection - 0x005F1358 0x001F1358 0x001F1358 0x00000000
GetProfileStringA - 0x005F135C 0x001F135C 0x001F135C 0x00000000
WriteFile - 0x005F1360 0x001F1360 0x001F1360 0x00000000
ReadFile - 0x005F1364 0x001F1364 0x001F1364 0x00000000
GetLastError - 0x005F1368 0x001F1368 0x001F1368 0x00000000
WaitForMultipleObjects - 0x005F136C 0x001F136C 0x001F136C 0x00000000
CreateFileA - 0x005F1370 0x001F1370 0x001F1370 0x00000000
SetEvent - 0x005F1374 0x001F1374 0x001F1374 0x00000000
FindResourceA - 0x005F1378 0x001F1378 0x001F1378 0x00000000
LoadResource - 0x005F137C 0x001F137C 0x001F137C 0x00000000
LockResource - 0x005F1380 0x001F1380 0x001F1380 0x00000000
GetModuleFileNameA - 0x005F1384 0x001F1384 0x001F1384 0x00000000
GetCurrentThreadId - 0x005F1388 0x001F1388 0x001F1388 0x00000000
ExitProcess - 0x005F138C 0x001F138C 0x001F138C 0x00000000
GlobalSize - 0x005F1390 0x001F1390 0x001F1390 0x00000000
GlobalFree - 0x005F1394 0x001F1394 0x001F1394 0x00000000
DeleteCriticalSection - 0x005F1398 0x001F1398 0x001F1398 0x00000000
InitializeCriticalSection - 0x005F139C 0x001F139C 0x001F139C 0x00000000
lstrcatA - 0x005F13A0 0x001F13A0 0x001F13A0 0x00000000
WinExec - 0x005F13A4 0x001F13A4 0x001F13A4 0x00000000
lstrcpyA - 0x005F13A8 0x001F13A8 0x001F13A8 0x00000000
FindNextFileA - 0x005F13AC 0x001F13AC 0x001F13AC 0x00000000
GetDriveTypeA - 0x005F13B0 0x001F13B0 0x001F13B0 0x00000000
GlobalReAlloc - 0x005F13B4 0x001F13B4 0x001F13B4 0x00000000
HeapFree - 0x005F13B8 0x001F13B8 0x001F13B8 0x00000000
HeapReAlloc - 0x005F13BC 0x001F13BC 0x001F13BC 0x00000000
GetProcessHeap - 0x005F13C0 0x001F13C0 0x001F13C0 0x00000000
HeapAlloc - 0x005F13C4 0x001F13C4 0x001F13C4 0x00000000
GetUserDefaultLCID - 0x005F13C8 0x001F13C8 0x001F13C8 0x00000000
GetFullPathNameA - 0x005F13CC 0x001F13CC 0x001F13CC 0x00000000
FreeLibrary - 0x005F13D0 0x001F13D0 0x001F13D0 0x00000000
LoadLibraryA - 0x005F13D4 0x001F13D4 0x001F13D4 0x00000000
lstrlenA - 0x005F13D8 0x001F13D8 0x001F13D8 0x00000000
lstrlenW - 0x005F13DC 0x001F13DC 0x001F13DC 0x00000000
GetVersionExA - 0x005F13E0 0x001F13E0 0x001F13E0 0x00000000
WritePrivateProfileStringA - 0x005F13E4 0x001F13E4 0x001F13E4 0x00000000
GetPrivateProfileStringA - 0x005F13E8 0x001F13E8 0x001F13E8 0x00000000
CreateThread - 0x005F13EC 0x001F13EC 0x001F13EC 0x00000000
CreateEventA - 0x005F13F0 0x001F13F0 0x001F13F0 0x00000000
Sleep - 0x005F13F4 0x001F13F4 0x001F13F4 0x00000000
GlobalAlloc - 0x005F13F8 0x001F13F8 0x001F13F8 0x00000000
GlobalLock - 0x005F13FC 0x001F13FC 0x001F13FC 0x00000000
GlobalUnlock - 0x005F1400 0x001F1400 0x001F1400 0x00000000
GetTempPathA - 0x005F1404 0x001F1404 0x001F1404 0x00000000
FindFirstFileA - 0x005F1408 0x001F1408 0x001F1408 0x00000000
FindClose - 0x005F140C 0x001F140C 0x001F140C 0x00000000
GetFileAttributesA - 0x005F1410 0x001F1410 0x001F1410 0x00000000
DeleteFileA - 0x005F1414 0x001F1414 0x001F1414 0x00000000
CreateDirectoryA - 0x005F1418 0x001F1418 0x001F1418 0x00000000
GetCurrentDirectoryA - 0x005F141C 0x001F141C 0x001F141C 0x00000000
SetCurrentDirectoryA - 0x005F1420 0x001F1420 0x001F1420 0x00000000
GetVolumeInformationA - 0x005F1424 0x001F1424 0x001F1424 0x00000000
GetModuleHandleA - 0x005F1428 0x001F1428 0x001F1428 0x00000000
GetProcAddress - 0x005F142C 0x001F142C 0x001F142C 0x00000000
MulDiv - 0x005F1430 0x001F1430 0x001F1430 0x00000000
GetCommandLineA - 0x005F1434 0x001F1434 0x001F1434 0x00000000
GetTickCount - 0x005F1438 0x001F1438 0x001F1438 0x00000000
CreateProcessA - 0x005F143C 0x001F143C 0x001F143C 0x00000000
WaitForSingleObject - 0x005F1440 0x001F1440 0x001F1440 0x00000000
CloseHandle - 0x005F1444 0x001F1444 0x001F1444 0x00000000
InterlockedExchange - 0x005F1448 0x001F1448 0x001F1448 0x00000000
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumValueA - 0x005F1000 0x001F1000 0x001F1000 0x00000000
RegCloseKey - 0x005F1004 0x001F1004 0x001F1004 0x00000000
RegOpenKeyExA - 0x005F1008 0x001F1008 0x001F1008 0x00000000
RegSetValueExA - 0x005F100C 0x001F100C 0x001F100C 0x00000000
RegQueryValueA - 0x005F1010 0x001F1010 0x001F1010 0x00000000
RegCreateKeyExA - 0x005F1014 0x001F1014 0x001F1014 0x00000000
AVIFIL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIStreamGetFrame - 0x005F101C 0x001F101C 0x001F101C 0x00000000
AVIStreamInfoA - 0x005F1020 0x001F1020 0x001F1020 0x00000000
COMCTL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetBkColor - 0x005F1028 0x001F1028 0x001F1028 0x00000000
ImageList_GetImageCount - 0x005F102C 0x001F102C 0x001F102C 0x00000000
None 0x00000011 0x005F1030 0x001F1030 0x001F1030 -
_TrackMouseEvent - 0x005F1034 0x001F1034 0x001F1034 0x00000000
ImageList_Destroy - 0x005F1038 0x001F1038 0x001F1038 0x00000000
ImageList_Read - 0x005F103C 0x001F103C 0x001F103C 0x00000000
ImageList_Duplicate - 0x005F1040 0x001F1040 0x001F1040 0x00000000
comdlg32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChooseColorA - 0x005F1824 0x001F1824 0x001F1824 0x00000000
ChooseFontA - 0x005F1828 0x001F1828 0x001F1828 0x00000000
GetOpenFileNameA - 0x005F182C 0x001F182C 0x001F182C 0x00000000
GetSaveFileNameA - 0x005F1830 0x001F1830 0x001F1830 0x00000000
GetFileTitleA - 0x005F1834 0x001F1834 0x001F1834 0x00000000
GDI32.dll (95)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Chord - 0x005F1048 0x001F1048 0x001F1048 0x00000000
Pie - 0x005F104C 0x001F104C 0x001F104C 0x00000000
Arc - 0x005F1050 0x001F1050 0x001F1050 0x00000000
RoundRect - 0x005F1054 0x001F1054 0x001F1054 0x00000000
GetCurrentObject - 0x005F1058 0x001F1058 0x001F1058 0x00000000
DPtoLP - 0x005F105C 0x001F105C 0x001F105C 0x00000000
Polygon - 0x005F1060 0x001F1060 0x001F1060 0x00000000
LPtoDP - 0x005F1064 0x001F1064 0x001F1064 0x00000000
Rectangle - 0x005F1068 0x001F1068 0x001F1068 0x00000000
SetPixelV - 0x005F106C 0x001F106C 0x001F106C 0x00000000
CreateCompatibleDC - 0x005F1070 0x001F1070 0x001F1070 0x00000000
GetPixel - 0x005F1074 0x001F1074 0x001F1074 0x00000000
BitBlt - 0x005F1078 0x001F1078 0x001F1078 0x00000000
GetTextExtentPoint32A - 0x005F107C 0x001F107C 0x001F107C 0x00000000
StartPage - 0x005F1080 0x001F1080 0x001F1080 0x00000000
StartDocA - 0x005F1084 0x001F1084 0x001F1084 0x00000000
Ellipse - 0x005F1088 0x001F1088 0x001F1088 0x00000000
GetTextMetricsA - 0x005F108C 0x001F108C 0x001F108C 0x00000000
Escape - 0x005F1090 0x001F1090 0x001F1090 0x00000000
ExtTextOutA - 0x005F1094 0x001F1094 0x001F1094 0x00000000
RectVisible - 0x005F1098 0x001F1098 0x001F1098 0x00000000
PtVisible - 0x005F109C 0x001F109C 0x001F109C 0x00000000
DeleteDC - 0x005F10A0 0x001F10A0 0x001F10A0 0x00000000
EndDoc - 0x005F10A4 0x001F10A4 0x001F10A4 0x00000000
EndPage - 0x005F10A8 0x001F10A8 0x001F10A8 0x00000000
GetObjectA - 0x005F10AC 0x001F10AC 0x001F10AC 0x00000000
GetStockObject - 0x005F10B0 0x001F10B0 0x001F10B0 0x00000000
CreateFontIndirectA - 0x005F10B4 0x001F10B4 0x001F10B4 0x00000000
CreateSolidBrush - 0x005F10B8 0x001F10B8 0x001F10B8 0x00000000
CombineRgn - 0x005F10BC 0x001F10BC 0x001F10BC 0x00000000
CreateRectRgn - 0x005F10C0 0x001F10C0 0x001F10C0 0x00000000
FillRgn - 0x005F10C4 0x001F10C4 0x001F10C4 0x00000000
PatBlt - 0x005F10C8 0x001F10C8 0x001F10C8 0x00000000
CreatePen - 0x005F10CC 0x001F10CC 0x001F10CC 0x00000000
SelectObject - 0x005F10D0 0x001F10D0 0x001F10D0 0x00000000
CreatePatternBrush - 0x005F10D4 0x001F10D4 0x001F10D4 0x00000000
CreateBitmap - 0x005F10D8 0x001F10D8 0x001F10D8 0x00000000
CreateHatchBrush - 0x005F10DC 0x001F10DC 0x001F10DC 0x00000000
CreateBrushIndirect - 0x005F10E0 0x001F10E0 0x001F10E0 0x00000000
CreateDCA - 0x005F10E4 0x001F10E4 0x001F10E4 0x00000000
CreateCompatibleBitmap - 0x005F10E8 0x001F10E8 0x001F10E8 0x00000000
GetPolyFillMode - 0x005F10EC 0x001F10EC 0x001F10EC 0x00000000
GetStretchBltMode - 0x005F10F0 0x001F10F0 0x001F10F0 0x00000000
GetROP2 - 0x005F10F4 0x001F10F4 0x001F10F4 0x00000000
GetBkColor - 0x005F10F8 0x001F10F8 0x001F10F8 0x00000000
GetBkMode - 0x005F10FC 0x001F10FC 0x001F10FC 0x00000000
GetTextColor - 0x005F1100 0x001F1100 0x001F1100 0x00000000
CreateRoundRectRgn - 0x005F1104 0x001F1104 0x001F1104 0x00000000
CreateEllipticRgn - 0x005F1108 0x001F1108 0x001F1108 0x00000000
PathToRegion - 0x005F110C 0x001F110C 0x001F110C 0x00000000
EndPath - 0x005F1110 0x001F1110 0x001F1110 0x00000000
BeginPath - 0x005F1114 0x001F1114 0x001F1114 0x00000000
GetWindowOrgEx - 0x005F1118 0x001F1118 0x001F1118 0x00000000
GetViewportOrgEx - 0x005F111C 0x001F111C 0x001F111C 0x00000000
GetWindowExtEx - 0x005F1120 0x001F1120 0x001F1120 0x00000000
GetDIBits - 0x005F1124 0x001F1124 0x001F1124 0x00000000
RealizePalette - 0x005F1128 0x001F1128 0x001F1128 0x00000000
SelectPalette - 0x005F112C 0x001F112C 0x001F112C 0x00000000
StretchBlt - 0x005F1130 0x001F1130 0x001F1130 0x00000000
CreatePalette - 0x005F1134 0x001F1134 0x001F1134 0x00000000
GetSystemPaletteEntries - 0x005F1138 0x001F1138 0x001F1138 0x00000000
CreateDIBitmap - 0x005F113C 0x001F113C 0x001F113C 0x00000000
DeleteObject - 0x005F1140 0x001F1140 0x001F1140 0x00000000
SelectClipRgn - 0x005F1144 0x001F1144 0x001F1144 0x00000000
CreatePolygonRgn - 0x005F1148 0x001F1148 0x001F1148 0x00000000
GetClipRgn - 0x005F114C 0x001F114C 0x001F114C 0x00000000
SetStretchBltMode - 0x005F1150 0x001F1150 0x001F1150 0x00000000
ExtCreateRegion - 0x005F1154 0x001F1154 0x001F1154 0x00000000
SetPixel - 0x005F1158 0x001F1158 0x001F1158 0x00000000
CreateDIBSection - 0x005F115C 0x001F115C 0x001F115C 0x00000000
CreateRectRgnIndirect - 0x005F1160 0x001F1160 0x001F1160 0x00000000
SetBkColor - 0x005F1164 0x001F1164 0x001F1164 0x00000000
TextOutA - 0x005F1168 0x001F1168 0x001F1168 0x00000000
SetBkMode - 0x005F116C 0x001F116C 0x001F116C 0x00000000
SetTextColor - 0x005F1170 0x001F1170 0x001F1170 0x00000000
SetDIBitsToDevice - 0x005F1174 0x001F1174 0x001F1174 0x00000000
SaveDC - 0x005F1178 0x001F1178 0x001F1178 0x00000000
RestoreDC - 0x005F117C 0x001F117C 0x001F117C 0x00000000
SetPolyFillMode - 0x005F1180 0x001F1180 0x001F1180 0x00000000
SetROP2 - 0x005F1184 0x001F1184 0x001F1184 0x00000000
SetMapMode - 0x005F1188 0x001F1188 0x001F1188 0x00000000
SetViewportOrgEx - 0x005F118C 0x001F118C 0x001F118C 0x00000000
OffsetViewportOrgEx - 0x005F1190 0x001F1190 0x001F1190 0x00000000
SetViewportExtEx - 0x005F1194 0x001F1194 0x001F1194 0x00000000
ScaleViewportExtEx - 0x005F1198 0x001F1198 0x001F1198 0x00000000
SetWindowOrgEx - 0x005F119C 0x001F119C 0x001F119C 0x00000000
SetWindowExtEx - 0x005F11A0 0x001F11A0 0x001F11A0 0x00000000
ScaleWindowExtEx - 0x005F11A4 0x001F11A4 0x001F11A4 0x00000000
GetClipBox - 0x005F11A8 0x001F11A8 0x001F11A8 0x00000000
ExcludeClipRect - 0x005F11AC 0x001F11AC 0x001F11AC 0x00000000
MoveToEx - 0x005F11B0 0x001F11B0 0x001F11B0 0x00000000
LineTo - 0x005F11B4 0x001F11B4 0x001F11B4 0x00000000
ExtSelectClipRgn - 0x005F11B8 0x001F11B8 0x001F11B8 0x00000000
GetViewportExtEx - 0x005F11BC 0x001F11BC 0x001F11BC 0x00000000
GetDeviceCaps - 0x005F11C0 0x001F11C0 0x001F11C0 0x00000000
MSVFW32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DrawDibDraw - 0x005F1450 0x001F1450 0x001F1450 0x00000000
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CLSIDFromProgID - 0x005F183C 0x001F183C 0x001F183C 0x00000000
CoUninitialize - 0x005F1840 0x001F1840 0x001F1840 0x00000000
OleInitialize - 0x005F1844 0x001F1844 0x001F1844 0x00000000
OleUninitialize - 0x005F1848 0x001F1848 0x001F1848 0x00000000
CLSIDFromString - 0x005F184C 0x001F184C 0x001F184C 0x00000000
CoCreateInstance - 0x005F1850 0x001F1850 0x001F1850 0x00000000
OleRun - 0x005F1854 0x001F1854 0x001F1854 0x00000000
CoInitialize - 0x005F1858 0x001F1858 0x001F1858 0x00000000
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x00000009 0x005F1458 0x001F1458 0x001F1458 -
VariantChangeType 0x0000000C 0x005F145C 0x001F145C 0x001F145C -
UnRegisterTypeLib 0x000000BA 0x005F1460 0x001F1460 0x001F1460 -
LoadTypeLib 0x000000A1 0x005F1464 0x001F1464 0x001F1464 -
LHashValOfNameSys 0x000000A5 0x005F1468 0x001F1468 0x001F1468 -
RegisterTypeLib 0x000000A3 0x005F146C 0x001F146C 0x001F146C -
VariantCopyInd 0x0000000B 0x005F1470 0x001F1470 0x001F1470 -
VariantInit 0x00000008 0x005F1474 0x001F1474 0x001F1474 -
SysAllocString 0x00000002 0x005F1478 0x001F1478 0x001F1478 -
RASAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RasGetConnectStatusA - 0x005F1480 0x001F1480 0x001F1480 0x00000000
RasHangUpA - 0x005F1484 0x001F1484 0x001F1484 0x00000000
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Shell_NotifyIconA - 0x005F148C 0x001F148C 0x001F148C 0x00000000
ShellExecuteA - 0x005F1490 0x001F1490 0x001F1490 0x00000000
USER32.dll (164)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadStringA - 0x005F1498 0x001F1498 0x001F1498 0x00000000
GetSysColorBrush - 0x005F149C 0x001F149C 0x001F149C 0x00000000
EnumChildWindows - 0x005F14A0 0x001F14A0 0x001F14A0 0x00000000
GetClassNameA - 0x005F14A4 0x001F14A4 0x001F14A4 0x00000000
DrawIcon - 0x005F14A8 0x001F14A8 0x001F14A8 0x00000000
CallWindowProcA - 0x005F14AC 0x001F14AC 0x001F14AC 0x00000000
RegisterWindowMessageA - 0x005F14B0 0x001F14B0 0x001F14B0 0x00000000
DrawStateA - 0x005F14B4 0x001F14B4 0x001F14B4 0x00000000
FrameRect - 0x005F14B8 0x001F14B8 0x001F14B8 0x00000000
GetNextDlgTabItem - 0x005F14BC 0x001F14BC 0x001F14BC 0x00000000
SystemParametersInfoA - 0x005F14C0 0x001F14C0 0x001F14C0 0x00000000
TranslateMessage - 0x005F14C4 0x001F14C4 0x001F14C4 0x00000000
LoadIconA - 0x005F14C8 0x001F14C8 0x001F14C8 0x00000000
DrawFrameControl - 0x005F14CC 0x001F14CC 0x001F14CC 0x00000000
DrawEdge - 0x005F14D0 0x001F14D0 0x001F14D0 0x00000000
DrawFocusRect - 0x005F14D4 0x001F14D4 0x001F14D4 0x00000000
WindowFromPoint - 0x005F14D8 0x001F14D8 0x001F14D8 0x00000000
GetMessageA - 0x005F14DC 0x001F14DC 0x001F14DC 0x00000000
DispatchMessageA - 0x005F14E0 0x001F14E0 0x001F14E0 0x00000000
SetRectEmpty - 0x005F14E4 0x001F14E4 0x001F14E4 0x00000000
RegisterClipboardFormatA - 0x005F14E8 0x001F14E8 0x001F14E8 0x00000000
CreateIconFromResourceEx - 0x005F14EC 0x001F14EC 0x001F14EC 0x00000000
CreateIconFromResource - 0x005F14F0 0x001F14F0 0x001F14F0 0x00000000
DrawIconEx - 0x005F14F4 0x001F14F4 0x001F14F4 0x00000000
CreatePopupMenu - 0x005F14F8 0x001F14F8 0x001F14F8 0x00000000
AppendMenuA - 0x005F14FC 0x001F14FC 0x001F14FC 0x00000000
ModifyMenuA - 0x005F1500 0x001F1500 0x001F1500 0x00000000
CreateMenu - 0x005F1504 0x001F1504 0x001F1504 0x00000000
CreateAcceleratorTableA - 0x005F1508 0x001F1508 0x001F1508 0x00000000
GetDlgCtrlID - 0x005F150C 0x001F150C 0x001F150C 0x00000000
GetSubMenu - 0x005F1510 0x001F1510 0x001F1510 0x00000000
EnableMenuItem - 0x005F1514 0x001F1514 0x001F1514 0x00000000
ClientToScreen - 0x005F1518 0x001F1518 0x001F1518 0x00000000
EnumDisplaySettingsA - 0x005F151C 0x001F151C 0x001F151C 0x00000000
LoadImageA - 0x005F1520 0x001F1520 0x001F1520 0x00000000
ShowWindow - 0x005F1524 0x001F1524 0x001F1524 0x00000000
IsWindowEnabled - 0x005F1528 0x001F1528 0x001F1528 0x00000000
TranslateAcceleratorA - 0x005F152C 0x001F152C 0x001F152C 0x00000000
GetKeyState - 0x005F1530 0x001F1530 0x001F1530 0x00000000
CopyAcceleratorTableA - 0x005F1534 0x001F1534 0x001F1534 0x00000000
PostQuitMessage - 0x005F1538 0x001F1538 0x001F1538 0x00000000
IsZoomed - 0x005F153C 0x001F153C 0x001F153C 0x00000000
GetSystemMenu - 0x005F1540 0x001F1540 0x001F1540 0x00000000
DeleteMenu - 0x005F1544 0x001F1544 0x001F1544 0x00000000
GetClassInfoA - 0x005F1548 0x001F1548 0x001F1548 0x00000000
DefWindowProcA - 0x005F154C 0x001F154C 0x001F154C 0x00000000
GetMenu - 0x005F1550 0x001F1550 0x001F1550 0x00000000
SetMenu - 0x005F1554 0x001F1554 0x001F1554 0x00000000
PeekMessageA - 0x005F1558 0x001F1558 0x001F1558 0x00000000
IsIconic - 0x005F155C 0x001F155C 0x001F155C 0x00000000
SetFocus - 0x005F1560 0x001F1560 0x001F1560 0x00000000
GetActiveWindow - 0x005F1564 0x001F1564 0x001F1564 0x00000000
DestroyAcceleratorTable - 0x005F1568 0x001F1568 0x001F1568 0x00000000
SetWindowRgn - 0x005F156C 0x001F156C 0x001F156C 0x00000000
GetMessagePos - 0x005F1570 0x001F1570 0x001F1570 0x00000000
ScreenToClient - 0x005F1574 0x001F1574 0x001F1574 0x00000000
ChildWindowFromPointEx - 0x005F1578 0x001F1578 0x001F1578 0x00000000
CopyRect - 0x005F157C 0x001F157C 0x001F157C 0x00000000
LoadBitmapA - 0x005F1580 0x001F1580 0x001F1580 0x00000000
WinHelpA - 0x005F1584 0x001F1584 0x001F1584 0x00000000
KillTimer - 0x005F1588 0x001F1588 0x001F1588 0x00000000
SetTimer - 0x005F158C 0x001F158C 0x001F158C 0x00000000
ReleaseCapture - 0x005F1590 0x001F1590 0x001F1590 0x00000000
GetCapture - 0x005F1594 0x001F1594 0x001F1594 0x00000000
SetCapture - 0x005F1598 0x001F1598 0x001F1598 0x00000000
GetScrollRange - 0x005F159C 0x001F159C 0x001F159C 0x00000000
SetScrollRange - 0x005F15A0 0x001F15A0 0x001F15A0 0x00000000
SetScrollPos - 0x005F15A4 0x001F15A4 0x001F15A4 0x00000000
InflateRect - 0x005F15A8 0x001F15A8 0x001F15A8 0x00000000
SetRect - 0x005F15AC 0x001F15AC 0x001F15AC 0x00000000
IntersectRect - 0x005F15B0 0x001F15B0 0x001F15B0 0x00000000
DestroyIcon - 0x005F15B4 0x001F15B4 0x001F15B4 0x00000000
PtInRect - 0x005F15B8 0x001F15B8 0x001F15B8 0x00000000
IsWindowVisible - 0x005F15BC 0x001F15BC 0x001F15BC 0x00000000
EnableWindow - 0x005F15C0 0x001F15C0 0x001F15C0 0x00000000
RedrawWindow - 0x005F15C4 0x001F15C4 0x001F15C4 0x00000000
GetWindowLongA - 0x005F15C8 0x001F15C8 0x001F15C8 0x00000000
SetWindowLongA - 0x005F15CC 0x001F15CC 0x001F15CC 0x00000000
GetSysColor - 0x005F15D0 0x001F15D0 0x001F15D0 0x00000000
SetActiveWindow - 0x005F15D4 0x001F15D4 0x001F15D4 0x00000000
SetCursorPos - 0x005F15D8 0x001F15D8 0x001F15D8 0x00000000
LoadCursorA - 0x005F15DC 0x001F15DC 0x001F15DC 0x00000000
SetCursor - 0x005F15E0 0x001F15E0 0x001F15E0 0x00000000
GetDC - 0x005F15E4 0x001F15E4 0x001F15E4 0x00000000
FillRect - 0x005F15E8 0x001F15E8 0x001F15E8 0x00000000
InvertRect - 0x005F15EC 0x001F15EC 0x001F15EC 0x00000000
IsRectEmpty - 0x005F15F0 0x001F15F0 0x001F15F0 0x00000000
ScrollDC - 0x005F15F4 0x001F15F4 0x001F15F4 0x00000000
ReleaseDC - 0x005F15F8 0x001F15F8 0x001F15F8 0x00000000
IsChild - 0x005F15FC 0x001F15FC 0x001F15FC 0x00000000
TrackPopupMenu - 0x005F1600 0x001F1600 0x001F1600 0x00000000
DestroyMenu - 0x005F1604 0x001F1604 0x001F1604 0x00000000
SetForegroundWindow - 0x005F1608 0x001F1608 0x001F1608 0x00000000
GetWindowRect - 0x005F160C 0x001F160C 0x001F160C 0x00000000
EqualRect - 0x005F1610 0x001F1610 0x001F1610 0x00000000
UpdateWindow - 0x005F1614 0x001F1614 0x001F1614 0x00000000
ValidateRect - 0x005F1618 0x001F1618 0x001F1618 0x00000000
InvalidateRect - 0x005F161C 0x001F161C 0x001F161C 0x00000000
GetClientRect - 0x005F1620 0x001F1620 0x001F1620 0x00000000
GetFocus - 0x005F1624 0x001F1624 0x001F1624 0x00000000
GetParent - 0x005F1628 0x001F1628 0x001F1628 0x00000000
GetTopWindow - 0x005F162C 0x001F162C 0x001F162C 0x00000000
PostMessageA - 0x005F1630 0x001F1630 0x001F1630 0x00000000
IsWindow - 0x005F1634 0x001F1634 0x001F1634 0x00000000
SetParent - 0x005F1638 0x001F1638 0x001F1638 0x00000000
DestroyCursor - 0x005F163C 0x001F163C 0x001F163C 0x00000000
SendMessageA - 0x005F1640 0x001F1640 0x001F1640 0x00000000
SetWindowPos - 0x005F1644 0x001F1644 0x001F1644 0x00000000
MessageBoxA - 0x005F1648 0x001F1648 0x001F1648 0x00000000
GetCursorPos - 0x005F164C 0x001F164C 0x001F164C 0x00000000
GetSystemMetrics - 0x005F1650 0x001F1650 0x001F1650 0x00000000
EmptyClipboard - 0x005F1654 0x001F1654 0x001F1654 0x00000000
SetClipboardData - 0x005F1658 0x001F1658 0x001F1658 0x00000000
OpenClipboard - 0x005F165C 0x001F165C 0x001F165C 0x00000000
GetClipboardData - 0x005F1660 0x001F1660 0x001F1660 0x00000000
CloseClipboard - 0x005F1664 0x001F1664 0x001F1664 0x00000000
wsprintfA - 0x005F1668 0x001F1668 0x001F1668 0x00000000
WaitForInputIdle - 0x005F166C 0x001F166C 0x001F166C 0x00000000
GetMenuCheckMarkDimensions - 0x005F1670 0x001F1670 0x001F1670 0x00000000
GetMenuState - 0x005F1674 0x001F1674 0x001F1674 0x00000000
SetMenuItemBitmaps - 0x005F1678 0x001F1678 0x001F1678 0x00000000
CheckMenuItem - 0x005F167C 0x001F167C 0x001F167C 0x00000000
MoveWindow - 0x005F1680 0x001F1680 0x001F1680 0x00000000
IsDialogMessageA - 0x005F1684 0x001F1684 0x001F1684 0x00000000
ScrollWindowEx - 0x005F1688 0x001F1688 0x001F1688 0x00000000
SendDlgItemMessageA - 0x005F168C 0x001F168C 0x001F168C 0x00000000
MapWindowPoints - 0x005F1690 0x001F1690 0x001F1690 0x00000000
AdjustWindowRectEx - 0x005F1694 0x001F1694 0x001F1694 0x00000000
GetScrollPos - 0x005F1698 0x001F1698 0x001F1698 0x00000000
RegisterClassA - 0x005F169C 0x001F169C 0x001F169C 0x00000000
GetMenuItemCount - 0x005F16A0 0x001F16A0 0x001F16A0 0x00000000
GetMenuItemID - 0x005F16A4 0x001F16A4 0x001F16A4 0x00000000
CreateWindowExA - 0x005F16A8 0x001F16A8 0x001F16A8 0x00000000
SetWindowsHookExA - 0x005F16AC 0x001F16AC 0x001F16AC 0x00000000
CallNextHookEx - 0x005F16B0 0x001F16B0 0x001F16B0 0x00000000
GetClassLongA - 0x005F16B4 0x001F16B4 0x001F16B4 0x00000000
SetPropA - 0x005F16B8 0x001F16B8 0x001F16B8 0x00000000
UnhookWindowsHookEx - 0x005F16BC 0x001F16BC 0x001F16BC 0x00000000
GetPropA - 0x005F16C0 0x001F16C0 0x001F16C0 0x00000000
RemovePropA - 0x005F16C4 0x001F16C4 0x001F16C4 0x00000000
GetMessageTime - 0x005F16C8 0x001F16C8 0x001F16C8 0x00000000
GetLastActivePopup - 0x005F16CC 0x001F16CC 0x001F16CC 0x00000000
GetWindowPlacement - 0x005F16D0 0x001F16D0 0x001F16D0 0x00000000
EndDialog - 0x005F16D4 0x001F16D4 0x001F16D4 0x00000000
CreateDialogIndirectParamA - 0x005F16D8 0x001F16D8 0x001F16D8 0x00000000
DestroyWindow - 0x005F16DC 0x001F16DC 0x001F16DC 0x00000000
GrayStringA - 0x005F16E0 0x001F16E0 0x001F16E0 0x00000000
DrawTextA - 0x005F16E4 0x001F16E4 0x001F16E4 0x00000000
TabbedTextOutA - 0x005F16E8 0x001F16E8 0x001F16E8 0x00000000
EndPaint - 0x005F16EC 0x001F16EC 0x001F16EC 0x00000000
BeginPaint - 0x005F16F0 0x001F16F0 0x001F16F0 0x00000000
GetWindowDC - 0x005F16F4 0x001F16F4 0x001F16F4 0x00000000
CharUpperA - 0x005F16F8 0x001F16F8 0x001F16F8 0x00000000
GetWindowTextLengthA - 0x005F16FC 0x001F16FC 0x001F16FC 0x00000000
SetWindowTextA - 0x005F1700 0x001F1700 0x001F1700 0x00000000
GetWindowTextA - 0x005F1704 0x001F1704 0x001F1704 0x00000000
GetDlgItem - 0x005F1708 0x001F1708 0x001F1708 0x00000000
GetWindowThreadProcessId - 0x005F170C 0x001F170C 0x001F170C 0x00000000
GetDesktopWindow - 0x005F1710 0x001F1710 0x001F1710 0x00000000
GetForegroundWindow - 0x005F1714 0x001F1714 0x001F1714 0x00000000
GetWindow - 0x005F1718 0x001F1718 0x001F1718 0x00000000
FindWindowA - 0x005F171C 0x001F171C 0x001F171C 0x00000000
OffsetRect - 0x005F1720 0x001F1720 0x001F1720 0x00000000
UnregisterClassA - 0x005F1724 0x001F1724 0x001F1724 0x00000000
WININET.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetCloseHandle - 0x005F172C 0x001F172C 0x001F172C 0x00000000
InternetOpenA - 0x005F1730 0x001F1730 0x001F1730 0x00000000
InternetCanonicalizeUrlA - 0x005F1734 0x001F1734 0x001F1734 0x00000000
InternetCrackUrlA - 0x005F1738 0x001F1738 0x001F1738 0x00000000
HttpOpenRequestA - 0x005F173C 0x001F173C 0x001F173C 0x00000000
HttpSendRequestA - 0x005F1740 0x001F1740 0x001F1740 0x00000000
HttpQueryInfoA - 0x005F1744 0x001F1744 0x001F1744 0x00000000
InternetReadFile - 0x005F1748 0x001F1748 0x001F1748 0x00000000
InternetSetOptionA - 0x005F174C 0x001F174C 0x001F174C 0x00000000
InternetConnectA - 0x005F1750 0x001F1750 0x001F1750 0x00000000
WINMM.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
waveOutRestart - 0x005F1758 0x001F1758 0x001F1758 0x00000000
midiStreamRestart - 0x005F175C 0x001F175C 0x001F175C 0x00000000
midiStreamClose - 0x005F1760 0x001F1760 0x001F1760 0x00000000
midiOutReset - 0x005F1764 0x001F1764 0x001F1764 0x00000000
midiStreamStop - 0x005F1768 0x001F1768 0x001F1768 0x00000000
PlaySoundA - 0x005F176C 0x001F176C 0x001F176C 0x00000000
waveOutUnprepareHeader - 0x005F1770 0x001F1770 0x001F1770 0x00000000
waveOutPrepareHeader - 0x005F1774 0x001F1774 0x001F1774 0x00000000
waveOutWrite - 0x005F1778 0x001F1778 0x001F1778 0x00000000
waveOutPause - 0x005F177C 0x001F177C 0x001F177C 0x00000000
waveOutReset - 0x005F1780 0x001F1780 0x001F1780 0x00000000
waveOutClose - 0x005F1784 0x001F1784 0x001F1784 0x00000000
waveOutGetNumDevs - 0x005F1788 0x001F1788 0x001F1788 0x00000000
waveOutOpen - 0x005F178C 0x001F178C 0x001F178C 0x00000000
midiStreamOut - 0x005F1790 0x001F1790 0x001F1790 0x00000000
midiOutPrepareHeader - 0x005F1794 0x001F1794 0x001F1794 0x00000000
midiStreamProperty - 0x005F1798 0x001F1798 0x001F1798 0x00000000
midiStreamOpen - 0x005F179C 0x001F179C 0x001F179C 0x00000000
midiOutUnprepareHeader - 0x005F17A0 0x001F17A0 0x001F17A0 0x00000000
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA - 0x005F17A8 0x001F17A8 0x001F17A8 0x00000000
ClosePrinter - 0x005F17AC 0x001F17AC 0x001F17AC 0x00000000
DocumentPropertiesA - 0x005F17B0 0x001F17B0 0x001F17B0 0x00000000
WS2_32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gethostname 0x00000039 0x005F17B8 0x001F17B8 0x001F17B8 -
inet_addr 0x0000000B 0x005F17BC 0x001F17BC 0x001F17BC -
inet_ntoa 0x0000000C 0x005F17C0 0x001F17C0 0x001F17C0 -
gethostbyname 0x00000034 0x005F17C4 0x001F17C4 0x001F17C4 -
WSAStartup 0x00000073 0x005F17C8 0x001F17C8 0x001F17C8 -
WSACleanup 0x00000074 0x005F17CC 0x001F17CC 0x001F17CC -
select 0x00000012 0x005F17D0 0x001F17D0 0x001F17D0 -
send 0x00000013 0x005F17D4 0x001F17D4 0x001F17D4 -
closesocket 0x00000003 0x005F17D8 0x001F17D8 0x001F17D8 -
WSAAsyncSelect 0x00000065 0x005F17DC 0x001F17DC 0x001F17DC -
htons 0x00000009 0x005F17E0 0x001F17E0 0x001F17E0 -
socket 0x00000017 0x005F17E4 0x001F17E4 0x001F17E4 -
setsockopt 0x00000015 0x005F17E8 0x001F17E8 0x001F17E8 -
recvfrom 0x00000011 0x005F17EC 0x001F17EC 0x001F17EC -
ioctlsocket 0x0000000A 0x005F17F0 0x001F17F0 0x001F17F0 -
connect 0x00000004 0x005F17F4 0x001F17F4 0x001F17F4 -
recv 0x00000010 0x005F17F8 0x001F17F8 0x001F17F8 -
getpeername 0x00000005 0x005F17FC 0x001F17FC 0x001F17FC -
accept 0x00000001 0x005F1800 0x001F1800 0x001F1800 -
ntohl 0x0000000E 0x005F1804 0x001F1804 0x001F1804 -
WSAGetLastError 0x0000006F 0x005F1808 0x001F1808 0x001F1808 -
ntohs 0x0000000F 0x005F180C 0x001F180C 0x001F180C -
WSASetLastError 0x00000070 0x005F1810 0x001F1810 0x001F1810 -
WSOCK32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
shutdown 0x00000016 0x005F1818 0x001F1818 0x001F1818 -
getservbyname 0x00000037 0x005F181C 0x001F181C 0x001F181C -
Memory Dumps (41)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
eb94f5.exe 2 0x00400000 0x007A4FFF First Execution False 32-bit 0x005B0CFA True
...
eb94f5.exe 2 0x00400000 0x007A4FFF Content Changed False 32-bit 0x00593080 True
...
buffer 2 0x0019A000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00A323A0 0x00A3253B First Network Behavior False 32-bit - False
...
buffer 2 0x00A36B08 0x00A36BDB First Network Behavior False 32-bit - False
...
buffer 2 0x00A3EC28 0x00A3ECFB First Network Behavior False 32-bit - False
...
buffer 2 0x00A3EE50 0x00A3EF23 First Network Behavior False 32-bit - False
...
buffer 2 0x00A40170 0x00A40243 First Network Behavior False 32-bit - False
...
buffer 2 0x00A40398 0x00A4041F First Network Behavior False 32-bit - False
...
buffer 2 0x00A41ED0 0x00A41F57 First Network Behavior False 32-bit - False
...
buffer 2 0x00A42520 0x00A42637 First Network Behavior False 32-bit - False
...
buffer 2 0x00A42778 0x00A4284B First Network Behavior False 32-bit - False
...
buffer 2 0x00A4E078 0x00A4E154 First Network Behavior False 32-bit - False
...
buffer 2 0x00A50D68 0x00A51DDB First Network Behavior False 32-bit - False
...
buffer 2 0x00A597C8 0x00A5B111 First Network Behavior False 32-bit - False
...
buffer 2 0x00A5B120 0x00A62023 First Network Behavior False 32-bit - False
...
buffer 2 0x00A62030 0x00A64248 First Network Behavior False 32-bit - False
...
buffer 2 0x00A64258 0x00A679A6 First Network Behavior False 32-bit - False
...
buffer 2 0x00A679B0 0x00A6C40B First Network Behavior False 32-bit - False
...
buffer 2 0x00A6C418 0x00A70D2F First Network Behavior False 32-bit - False
...
buffer 2 0x00A70D38 0x00A72E77 First Network Behavior False 32-bit - False
...
buffer 2 0x00A72E80 0x00A73EA4 First Network Behavior False 32-bit - False
...
buffer 2 0x00A73EB0 0x00A7D39E First Network Behavior False 32-bit - False
...
buffer 2 0x00A7D3A8 0x00A80CA3 First Network Behavior False 32-bit - False
...
buffer 2 0x00A80CB0 0x00A84648 First Network Behavior False 32-bit - False
...
buffer 2 0x00A84658 0x00A87334 First Network Behavior False 32-bit - False
...
buffer 2 0x00A87340 0x00A8779B First Network Behavior False 32-bit - False
...
buffer 2 0x00A92CB0 0x00A92FE8 First Network Behavior False 32-bit - False
...
buffer 2 0x00C30004 0x00C30103 First Network Behavior False 32-bit - False
...
buffer 2 0x02560EC0 0x02560F9F First Network Behavior False 32-bit - False
...
buffer 2 0x025647D0 0x02564FCF First Network Behavior False 32-bit - False
...
buffer 2 0x025653D8 0x025667E7 First Network Behavior False 32-bit - False
...
buffer 2 0x02566848 0x025668C7 First Network Behavior False 32-bit - False
...
buffer 2 0x02566E18 0x02567627 First Network Behavior False 32-bit - False
...
buffer 2 0x02567630 0x0256BA3F First Network Behavior False 32-bit - False
...
buffer 2 0x02570048 0x02578457 First Network Behavior False 32-bit - False
...
eb94f5.exe 2 0x00400000 0x007A4FFF First Network Behavior False 32-bit 0x005966F7 True
...
counters.dat 2 0x023F0000 0x023F0FFF First Network Behavior False 32-bit - False
...
user32.dll 2 0x75650000 0x75796FFF First Execution False 32-bit 0x7566CA40 False
...
user32.dll 2 0x75650000 0x75796FFF Content Changed False 32-bit 0x756810A0 False
...
eb94f5.exe 2 0x00400000 0x007A4FFF Process Termination False 32-bit - True
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
ChineseHacktools_1014 Chinese hacktool Hacktool
5/5
...
C:\Users\RDhJ0CNFevzX\Desktop\ÅäÖÃ\¹ýÂËÓë³öÊÛ.txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 2.61 KB
MD5 37eb7ba1ee784befebf818b4172e2767 Copy to Clipboard
SHA1 27ff45c7150d09062da1b6d2ba780c7782571301 Copy to Clipboard
SHA256 664b6a4a716262da7375bc380f2fa197086ed950444ae4593398fb3143e2decd Copy to Clipboard
SSDeep 48:XVVVRQ5IDtno/vCjVT3ko8WmbnZm2S1vNdUBujBU6Ae+ehMAcYr:FV4Kno/vCjVbanZEldzU6fcYr Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\Desktop\ÅäÖÃ\±ù»ðµºÐòÕÂËùÐè²ÄÁÏÒ»ÀÀ.txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 1.65 KB
MD5 fcb14532b37f04a60afae06cbb929c6e Copy to Clipboard
SHA1 c1f27ab5014cf4d399cfd2cff277244968609b03 Copy to Clipboard
SHA256 62d4cc18172c9d45a0aebbffec06d8bfa371de710ad87befd25bbfc6243a349b Copy to Clipboard
SSDeep 48:NZYFpMc4i39nWAnuK9UVBchu2sKQ04OvaP5zU2g:NZ8p5xyBUu2dQBOiu2g Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\Desktop\ÅäÖÃ\¹ýÇÅ·Ïß(´Ó½ø´¬Ò»Ö±µ½ÏÂÆÂÉÏÃæµÄÄã²»ÐèÒª¶¯Ö»ÐèÒª´Ó×îºóÔÙ¼Ó×ø±ê¾Í¿ÉÒÔÁË).txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 166 Bytes
MD5 472c9bd40b7094c7877664d9bb8ee1ae Copy to Clipboard
SHA1 79c4bfb88b5eab2612fec7104708042798a58cc2 Copy to Clipboard
SHA256 1fa88d513c7116a15dd9be3bd5e75819fc0f06dc9e61815bb7f2b314ff61dd0c Copy to Clipboard
SSDeep 3:qLQXbAcI/TNzsvVzVSBPFRCXVw4yIFoXVwfFzbEXFzoXFRLgSyIoUTe:qLQrANuvmBzCX64yIs6tzbEVzoVRE8JS Copy to Clipboard
ImpHash -
C:\ks77.ini Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
8128e1430968f7abed8a09561c8f1f3fd43e523e29bd3a1b0d7b7e28cfaf0a80 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 486 Bytes
MD5 acb2fb8a0f07a9cbcfa62259a191a7d1 Copy to Clipboard
SHA1 7b107dd16b5818955b9dcf9d66337ec5e7d1340b Copy to Clipboard
SHA256 8128e1430968f7abed8a09561c8f1f3fd43e523e29bd3a1b0d7b7e28cfaf0a80 Copy to Clipboard
SSDeep 12:T96QclfhpPkSLcqJm8CQVOGwGKGCDNlXf8yGKPq/YMWPGn:5sZpPkSnRfNzgDXQyOYM7 Copy to Clipboard
ImpHash -
Static Analysis Parser Error HTML parser encountered errors
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.ip138.com
Show WHOIS
Not Available
-
...
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Downloaded File HTML
Clean
Known to be clean.
...
»
MIME Type text/html
File Size 162 Bytes
MD5 4f8e702cc244ec5d4de32740c0ecbd97 Copy to Clipboard
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff Copy to Clipboard
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Copy to Clipboard
SSDeep 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 0c867aa43e5361f08a042bf95af1ee82 Copy to Clipboard
SHA1 152cb9fb7cf8f9e972036e17b5d6bef471a21903 Copy to Clipboard
SHA256 576a886c58290258cb3dbc3ee2bca0dfc7d8c0c0c7a8d388204819eed36c5253 Copy to Clipboard
SSDeep 3:Bl1Vl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image