魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2022-05-27 21:17:59 2022-05-27 21:18:33 34 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp03-1 win7-sp1-x64-shaapp03-1 KVM 2022-05-27 21:18:00 2022-05-27 21:18:36
魔盾分数

5.375

可疑的

文件详细信息

文件名 update.exe
文件大小 556544 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
CRC32 8BE139A7
MD5 5a8667b4417739d29a4bf92d00385ac3
SHA1 bc17e4b25b3d91ef1c5595cb3904e37642345f46
SHA256 f7dd2a849cc5a28673974cdef1059384d9bb84e6ccbfd4da77e9a2d08cf8092a
SHA512 0f067ea4b674fb8f907d0aa43bf4b5b3cd11231df8d8064695e868d82de85a7882d0dcfbeff5e12ccebbe8d27e193879ba352d5cba28f1317cdde4d07a2c9c24
Ssdeep 12288:PDqWo/9xUolFTK5YwDOkswYJaubQVy7H:I/9r9K5+kssK2g
PEiD 无匹配
Yara
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • IsPacked (Detected Entropy signature)
  • HasRichSignature (Detected Rich Signature)
  • UPXv20MarkusLaszloReiser ()
  • UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser ()
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • win_registry (Detected system registries modification function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • UPX (Detected UPX. Commonly used by RAT!)
VirusTotal VirusTotal查询失败

特征

二进制文件可能包含加密或压缩数据
section: name: UPX1, entropy: 7.93, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00081c00, virtual_size: 0x00082000
魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Detected UPX. Commonly used by RAT!
可执行文件被使用UPX压缩
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x000dd000
可疑的样本异常终止

运行截图

无运行截图

网络分析

TCP连接

IP地址 端口
23.63.248.162 80

UDP连接

IP地址 端口
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0055f8a0
声明校验值 0x00000000
实际校验值 0x000958e1
最低操作系统版本要求 4.0
编译时间 2022-02-18 21:19:08
载入哈希 23a994e6630b9c9d8e95d3d4938b3376
图标
图标精确哈希值 831a6c073837cb148211ceaf2d2d002b
图标相似性哈希值 271ce8a78e3dbd8fe5f24957442540bf

版本信息

LegalCopyright: \xe4\xe8\xe7\xe6\xe6\xe6 \xe8\xe5\xe9\xe5\xe4\xe7\xe6\xe7
FileVersion: 1.0.0.0
Comments: \xe6\xe7\xe5\xe4\xe7\xe6\xe8\xe8\xe7\xe5(http://www.eyuyan.com)
ProductName: \xe6\xe8\xe8\xe7\xe5
ProductVersion: 1.0.0.0
FileDescription: \xe6\xe8\xe8\xe7\xe5
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
UPX0 0x00001000 0x000dd000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x000de000 0x00082000 0x00081c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.93
.rsrc 0x00160000 0x00006000 0x00005e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.50

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00153cd8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.06 data
TEXTINCLUDE 0x00153cd8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.06 data
TEXTINCLUDE 0x00153cd8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.06 data
RT_CURSOR 0x001541c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.40 data
RT_CURSOR 0x001541c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.40 data
RT_CURSOR 0x001541c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.40 data
RT_CURSOR 0x001541c8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.40 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_BITMAP 0x00155a3c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.82 data
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_ICON 0x00165128 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.22 GLS_BINARY_LSB_FIRST
RT_MENU 0x0015a864 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.54 data
RT_MENU 0x0015a864 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.54 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_DIALOG 0x0015baac 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.01 data
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_STRING 0x0015c4f4 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.87 PGP\011Secret Sub-key -
RT_GROUP_CURSOR 0x0015c540 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_GROUP_CURSOR 0x0015c540 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_GROUP_CURSOR 0x0015c540 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.51 data
RT_GROUP_ICON 0x0015c5c4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_GROUP_ICON 0x0015c5c4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_GROUP_ICON 0x0015c5c4 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_VERSION 0x001655e4 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.83 data
RT_MANIFEST 0x00165828 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库 ADVAPI32.dll:
0x565afc - RegCloseKey
库 COMCTL32.dll:
0x565b04 - None
库 comdlg32.dll:
0x565b0c - ChooseColorA
库 GDI32.dll:
0x565b14 - LineTo
库 KERNEL32.DLL:
0x565b1c - LoadLibraryA
0x565b20 - ExitProcess
0x565b24 - GetProcAddress
0x565b28 - VirtualProtect
库 ole32.dll:
0x565b30 - OleRun
库 OLEAUT32.dll:
0x565b38 - VariantClear
库 SHELL32.dll:
0x565b40 - ShellExecuteA
库 USER32.dll:
0x565b48 - GetDC
库 WINMM.dll:
0x565b50 - waveOutOpen
库 WINSPOOL.DRV:
0x565b58 - OpenPrinterA
库 WS2_32.dll:
0x565b60 - WSAAsyncSelect

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

update.exe PID: 2644, 上一级进程 PID: 2312

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\test\AppData\Local\Temp\ExuiKrnln.dll
  • C:\Users\test\AppData\Local\Temp\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Windows\System32\ExuiKrnln.dll
  • C:\Windows\system\ExuiKrnln.dll
  • C:\Windows\ExuiKrnln.dll
  • C:\ProgramData\Oracle\Java\javapath\ExuiKrnln.dll
  • C:\Windows\System32\wbem\ExuiKrnln.dll
  • C:\Windows\System32\WindowsPowerShell\v1.0\ExuiKrnln.dll
  • C:\Program Files (x86)\WinRAR\ExuiKrnln.dll
  • C:\Windows\System32\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Windows\system\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Windows\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\ProgramData\Oracle\Java\javapath\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Windows\System32\wbem\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Windows\System32\WindowsPowerShell\v1.0\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\Program Files (x86)\WinRAR\lib\ExuiKrnln\ExuiKrnln.dll
  • C:\ExuiKrnln.ini
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\ExuiKrnln.ini
修改的文件 无信息
删除的文件 无信息
注册表键
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.lstrcatA
  • kernel32.dll.WaitForSingleObject
  • kernel32.dll.CreateProcessA
  • kernel32.dll.GetTickCount
  • kernel32.dll.GetCommandLineA
  • kernel32.dll.MulDiv
  • kernel32.dll.GetProcAddress
  • kernel32.dll.GetModuleHandleA
  • kernel32.dll.GetVolumeInformationA
  • kernel32.dll.SetCurrentDirectoryA
  • kernel32.dll.GetCurrentDirectoryA
  • kernel32.dll.SetStdHandle
  • kernel32.dll.IsBadCodePtr
  • kernel32.dll.CompareStringW
  • kernel32.dll.CompareStringA
  • kernel32.dll.SetUnhandledExceptionFilter
  • kernel32.dll.GetStringTypeW
  • kernel32.dll.GetStringTypeA
  • kernel32.dll.IsBadWritePtr
  • kernel32.dll.LCMapStringW
  • kernel32.dll.LCMapStringA
  • kernel32.dll.SetEnvironmentVariableA
  • kernel32.dll.HeapCreate
  • kernel32.dll.HeapDestroy
  • kernel32.dll.GetEnvironmentVariableA
  • kernel32.dll.GetFileType
  • kernel32.dll.GetStdHandle
  • kernel32.dll.SetHandleCount
  • kernel32.dll.GetEnvironmentStringsW
  • kernel32.dll.GetEnvironmentStrings
  • kernel32.dll.FreeEnvironmentStringsW
  • kernel32.dll.FreeEnvironmentStringsA
  • kernel32.dll.UnhandledExceptionFilter
  • kernel32.dll.GetACP
  • kernel32.dll.HeapSize
  • kernel32.dll.TerminateProcess
  • kernel32.dll.RaiseException
  • kernel32.dll.GetLocalTime
  • kernel32.dll.GetSystemTime
  • kernel32.dll.GetTimeZoneInformation
  • kernel32.dll.RtlUnwind
  • kernel32.dll.GetStartupInfoA
  • kernel32.dll.GetOEMCP
  • kernel32.dll.GetCPInfo
  • kernel32.dll.GetProcessVersion
  • kernel32.dll.SetErrorMode
  • kernel32.dll.GlobalFlags
  • kernel32.dll.GetCurrentThread
  • kernel32.dll.GetFileTime
  • kernel32.dll.GetFileSize
  • kernel32.dll.TlsGetValue
  • kernel32.dll.LocalReAlloc
  • kernel32.dll.TlsSetValue
  • kernel32.dll.TlsFree
  • kernel32.dll.GlobalHandle
  • kernel32.dll.TlsAlloc
  • kernel32.dll.LocalAlloc
  • kernel32.dll.lstrcmpA
  • kernel32.dll.GetVersion
  • kernel32.dll.GlobalGetAtomNameA
  • kernel32.dll.GlobalAddAtomA
  • kernel32.dll.GlobalFindAtomA
  • kernel32.dll.GlobalDeleteAtom
  • kernel32.dll.lstrcmpiA
  • kernel32.dll.SetEndOfFile
  • kernel32.dll.UnlockFile
  • kernel32.dll.LockFile
  • kernel32.dll.FlushFileBuffers
  • kernel32.dll.SetFilePointer
  • kernel32.dll.GetCurrentProcess
  • kernel32.dll.DuplicateHandle
  • kernel32.dll.lstrcpynA
  • kernel32.dll.SetLastError
  • kernel32.dll.FileTimeToLocalFileTime
  • kernel32.dll.FileTimeToSystemTime
  • kernel32.dll.LocalFree
  • kernel32.dll.InterlockedDecrement
  • kernel32.dll.InterlockedIncrement
  • kernel32.dll.MoveFileA
  • kernel32.dll.GetFileAttributesA
  • kernel32.dll.FindClose
  • kernel32.dll.FindFirstFileA
  • kernel32.dll.GlobalUnlock
  • kernel32.dll.GlobalLock
  • kernel32.dll.GlobalAlloc
  • kernel32.dll.SuspendThread
  • kernel32.dll.TerminateThread
  • kernel32.dll.ReleaseMutex
  • kernel32.dll.CreateMutexA
  • kernel32.dll.VirtualAlloc
  • kernel32.dll.IsBadReadPtr
  • kernel32.dll.VirtualFree
  • kernel32.dll.VirtualProtect
  • kernel32.dll.WideCharToMultiByte
  • kernel32.dll.MultiByteToWideChar
  • kernel32.dll.CreateSemaphoreA
  • kernel32.dll.ResumeThread
  • kernel32.dll.ReleaseSemaphore
  • kernel32.dll.EnterCriticalSection
  • kernel32.dll.LeaveCriticalSection
  • kernel32.dll.GetProfileStringA
  • kernel32.dll.WriteFile
  • kernel32.dll.Sleep
  • kernel32.dll.CreateEventA
  • kernel32.dll.CreateThread
  • kernel32.dll.WritePrivateProfileStringA
  • kernel32.dll.GetVersionExA
  • kernel32.dll.GetLastError
  • kernel32.dll.LoadLibraryA
  • kernel32.dll.FreeLibrary
  • kernel32.dll.GetFullPathNameA
  • kernel32.dll.GetUserDefaultLCID
  • kernel32.dll.HeapAlloc
  • kernel32.dll.GetProcessHeap
  • kernel32.dll.HeapReAlloc
  • kernel32.dll.HeapFree
  • kernel32.dll.GlobalReAlloc
  • kernel32.dll.WaitForMultipleObjects
  • kernel32.dll.CreateFileA
  • kernel32.dll.SetEvent
  • kernel32.dll.FindResourceA
  • kernel32.dll.LoadResource
  • kernel32.dll.LockResource
  • kernel32.dll.ReadFile
  • kernel32.dll.lstrlenW
  • kernel32.dll.FindNextFileA
  • kernel32.dll.lstrcpyA
  • kernel32.dll.WinExec
  • kernel32.dll.GetModuleFileNameA
  • kernel32.dll.GetCurrentThreadId
  • kernel32.dll.ExitProcess
  • kernel32.dll.GlobalSize
  • kernel32.dll.GlobalFree
  • kernel32.dll.lstrlenA
  • kernel32.dll.CloseHandle
  • kernel32.dll.InitializeCriticalSection
  • kernel32.dll.DeleteCriticalSection
  • advapi32.dll.RegCreateKeyExA
  • advapi32.dll.RegCloseKey
  • advapi32.dll.RegOpenKeyExA
  • advapi32.dll.RegSetValueExA
  • advapi32.dll.RegQueryValueA
  • comctl32.dll.#17
  • comctl32.dll.ImageList_Destroy
  • comdlg32.dll.ChooseColorA
  • comdlg32.dll.GetOpenFileNameA
  • comdlg32.dll.GetSaveFileNameA
  • comdlg32.dll.GetFileTitleA
  • gdi32.dll.ExtSelectClipRgn
  • gdi32.dll.GetViewportExtEx
  • gdi32.dll.LineTo
  • gdi32.dll.MoveToEx
  • gdi32.dll.ExcludeClipRect
  • gdi32.dll.GetClipBox
  • gdi32.dll.ScaleWindowExtEx
  • gdi32.dll.SaveDC
  • gdi32.dll.RestoreDC
  • gdi32.dll.PtVisible
  • gdi32.dll.RectVisible
  • gdi32.dll.TextOutA
  • gdi32.dll.ExtTextOutA
  • gdi32.dll.Escape
  • gdi32.dll.SetBkMode
  • gdi32.dll.SetPolyFillMode
  • gdi32.dll.SetROP2
  • gdi32.dll.SetTextColor
  • gdi32.dll.SetMapMode
  • gdi32.dll.SetViewportOrgEx
  • gdi32.dll.OffsetViewportOrgEx
  • gdi32.dll.SetViewportExtEx
  • gdi32.dll.ScaleViewportExtEx
  • gdi32.dll.GetTextMetricsA
  • gdi32.dll.SetWindowOrgEx
  • gdi32.dll.SetWindowExtEx
  • gdi32.dll.SetBkColor
  • gdi32.dll.CreateRectRgnIndirect
  • gdi32.dll.SetStretchBltMode
  • gdi32.dll.GetClipRgn
  • gdi32.dll.CreatePolygonRgn
  • gdi32.dll.SelectClipRgn
  • gdi32.dll.DeleteObject
  • gdi32.dll.CreateDIBitmap
  • gdi32.dll.GetSystemPaletteEntries
  • gdi32.dll.CreatePalette
  • gdi32.dll.StretchBlt
  • gdi32.dll.SelectPalette
  • gdi32.dll.RealizePalette
  • gdi32.dll.GetDIBits
  • gdi32.dll.GetWindowExtEx
  • gdi32.dll.GetViewportOrgEx
  • gdi32.dll.GetWindowOrgEx
  • gdi32.dll.BeginPath
  • gdi32.dll.EndPath
  • gdi32.dll.PathToRegion
  • gdi32.dll.CreateEllipticRgn
  • gdi32.dll.CreateRoundRectRgn
  • gdi32.dll.GetTextColor
  • gdi32.dll.GetBkMode
  • gdi32.dll.GetBkColor
  • gdi32.dll.GetROP2
  • gdi32.dll.GetStretchBltMode
  • gdi32.dll.GetPolyFillMode
  • gdi32.dll.CreateCompatibleBitmap
  • gdi32.dll.CreateDCA
  • gdi32.dll.CreateBitmap
  • gdi32.dll.SelectObject
  • gdi32.dll.CreatePen
  • gdi32.dll.PatBlt
  • gdi32.dll.CombineRgn
  • gdi32.dll.CreateRectRgn
  • gdi32.dll.FillRgn
  • gdi32.dll.CreateSolidBrush
  • gdi32.dll.CreateFontIndirectA
  • gdi32.dll.GetStockObject
  • gdi32.dll.GetObjectA
  • gdi32.dll.EndPage
  • gdi32.dll.EndDoc
  • gdi32.dll.DeleteDC
  • gdi32.dll.StartDocA
  • gdi32.dll.StartPage
  • gdi32.dll.BitBlt
  • gdi32.dll.CreateCompatibleDC
  • gdi32.dll.Ellipse
  • gdi32.dll.Rectangle
  • gdi32.dll.LPtoDP
  • gdi32.dll.DPtoLP
  • gdi32.dll.GetCurrentObject
  • gdi32.dll.RoundRect
  • gdi32.dll.GetTextExtentPoint32A
  • gdi32.dll.GetDeviceCaps
  • ole32.dll.CLSIDFromProgID
  • ole32.dll.OleRun
  • ole32.dll.CLSIDFromString
  • ole32.dll.OleUninitialize
  • ole32.dll.OleInitialize
  • ole32.dll.CoCreateInstance
  • oleaut32.dll.#20
  • oleaut32.dll.#17
  • oleaut32.dll.#24
  • oleaut32.dll.#23
  • oleaut32.dll.#25
  • oleaut32.dll.#11
  • oleaut32.dll.#8
  • oleaut32.dll.#2
  • oleaut32.dll.#163
  • oleaut32.dll.#165
  • oleaut32.dll.#161
  • oleaut32.dll.#186
  • oleaut32.dll.#19
  • oleaut32.dll.#12
  • oleaut32.dll.#9
  • shell32.dll.ShellExecuteA
  • shell32.dll.Shell_NotifyIconA
  • user32.dll.UnregisterClassA
  • user32.dll.WaitForInputIdle
  • user32.dll.wsprintfA
  • user32.dll.CloseClipboard
  • user32.dll.GetClipboardData
  • user32.dll.OpenClipboard
  • user32.dll.SetClipboardData
  • user32.dll.EmptyClipboard
  • user32.dll.GetSystemMetrics
  • user32.dll.GetCursorPos
  • user32.dll.MessageBoxA
  • user32.dll.SetWindowPos
  • user32.dll.SendMessageA
  • user32.dll.DestroyCursor
  • user32.dll.SetParent
  • user32.dll.IsWindow
  • user32.dll.PostMessageA
  • user32.dll.GetTopWindow
  • user32.dll.GetParent
  • user32.dll.GetFocus
  • user32.dll.GetClientRect
  • user32.dll.InvalidateRect
  • user32.dll.ValidateRect
  • user32.dll.UpdateWindow
  • user32.dll.EqualRect
  • user32.dll.GetWindowRect
  • user32.dll.SetForegroundWindow
  • user32.dll.DestroyMenu
  • user32.dll.IsChild
  • user32.dll.ReleaseDC
  • user32.dll.IsRectEmpty
  • user32.dll.FillRect
  • user32.dll.GetDC
  • user32.dll.SetCursor
  • user32.dll.LoadCursorA
  • user32.dll.SetCursorPos
  • user32.dll.SetActiveWindow
  • user32.dll.GetSysColor
  • user32.dll.SetWindowLongA
  • user32.dll.GetWindowLongA
  • user32.dll.RedrawWindow
  • user32.dll.SetPropA
  • user32.dll.GetPropA
  • user32.dll.LoadIconA
  • user32.dll.TranslateMessage
  • user32.dll.DrawFrameControl
  • user32.dll.DrawEdge
  • user32.dll.DrawFocusRect
  • user32.dll.WindowFromPoint
  • user32.dll.GetMessageA
  • user32.dll.DispatchMessageA
  • user32.dll.SetRectEmpty
  • user32.dll.RegisterClipboardFormatA
  • user32.dll.CreateIconFromResourceEx
  • user32.dll.CreateIconFromResource
  • user32.dll.DrawIconEx
  • user32.dll.CreatePopupMenu
  • user32.dll.AppendMenuA
  • user32.dll.ModifyMenuA
  • user32.dll.CreateMenu
  • user32.dll.CreateAcceleratorTableA
  • user32.dll.GetDlgCtrlID
  • user32.dll.GetSubMenu
  • user32.dll.EnableMenuItem
  • user32.dll.ClientToScreen
  • user32.dll.EnumDisplaySettingsA
  • user32.dll.LoadImageA
  • user32.dll.SystemParametersInfoA
  • user32.dll.ShowWindow
  • user32.dll.IsWindowEnabled
  • user32.dll.TranslateAcceleratorA
  • user32.dll.GetKeyState
  • user32.dll.CopyAcceleratorTableA
  • user32.dll.PostQuitMessage
  • user32.dll.IsZoomed
  • user32.dll.GetClassInfoA
  • user32.dll.DefWindowProcA
  • user32.dll.GetSystemMenu
  • user32.dll.DeleteMenu
  • user32.dll.GetMenu
  • user32.dll.SetMenu
  • user32.dll.PeekMessageA
  • user32.dll.IsIconic
  • user32.dll.SetFocus
  • user32.dll.GetActiveWindow
  • user32.dll.GetWindow
  • user32.dll.DestroyAcceleratorTable
  • user32.dll.SetWindowRgn
  • user32.dll.GetMessagePos
  • user32.dll.ScreenToClient
  • user32.dll.ChildWindowFromPointEx
  • user32.dll.CopyRect
  • user32.dll.LoadBitmapA
  • user32.dll.WinHelpA
  • user32.dll.KillTimer
  • user32.dll.SetTimer
  • user32.dll.GetWindowTextA
  • user32.dll.GetWindowTextLengthA
  • user32.dll.CharUpperA
  • user32.dll.GetWindowDC
  • user32.dll.BeginPaint
  • user32.dll.EndPaint
  • user32.dll.TabbedTextOutA
  • user32.dll.DrawTextA
  • user32.dll.GrayStringA
  • user32.dll.GetDlgItem
  • user32.dll.DestroyWindow
  • user32.dll.CreateDialogIndirectParamA
  • user32.dll.EndDialog
  • user32.dll.GetNextDlgTabItem
  • user32.dll.GetWindowPlacement
  • user32.dll.RegisterWindowMessageA
  • user32.dll.GetForegroundWindow
  • user32.dll.GetLastActivePopup
  • user32.dll.GetMessageTime
  • user32.dll.RemovePropA
  • user32.dll.CallWindowProcA
  • user32.dll.UnhookWindowsHookEx
  • user32.dll.GetClassLongA
  • user32.dll.CallNextHookEx
  • user32.dll.SetWindowsHookExA
  • user32.dll.CreateWindowExA
  • user32.dll.GetMenuItemID
  • user32.dll.GetMenuItemCount
  • user32.dll.RegisterClassA
  • user32.dll.GetScrollPos
  • user32.dll.AdjustWindowRectEx
  • user32.dll.MapWindowPoints
  • user32.dll.SendDlgItemMessageA
  • user32.dll.ScrollWindowEx
  • user32.dll.IsDialogMessageA
  • user32.dll.SetWindowTextA
  • user32.dll.MoveWindow
  • user32.dll.CheckMenuItem
  • user32.dll.SetMenuItemBitmaps
  • user32.dll.GetMenuState
  • user32.dll.GetMenuCheckMarkDimensions
  • user32.dll.GetClassNameA
  • user32.dll.GetDesktopWindow
  • user32.dll.LoadStringA
  • user32.dll.GetSysColorBrush
  • user32.dll.ReleaseCapture
  • user32.dll.GetCapture
  • user32.dll.SetCapture
  • user32.dll.GetScrollRange
  • user32.dll.SetScrollRange
  • user32.dll.SetScrollPos
  • user32.dll.SetRect
  • user32.dll.InflateRect
  • user32.dll.IntersectRect
  • user32.dll.DestroyIcon
  • user32.dll.PtInRect
  • user32.dll.OffsetRect
  • user32.dll.IsWindowVisible
  • user32.dll.EnableWindow
  • winmm.dll.waveOutRestart
  • winmm.dll.waveOutUnprepareHeader
  • winmm.dll.waveOutPrepareHeader
  • winmm.dll.waveOutWrite
  • winmm.dll.waveOutPause
  • winmm.dll.waveOutReset
  • winmm.dll.waveOutClose
  • winmm.dll.waveOutGetNumDevs
  • winmm.dll.waveOutOpen
  • winmm.dll.midiOutUnprepareHeader
  • winmm.dll.midiStreamOpen
  • winmm.dll.midiStreamProperty
  • winmm.dll.midiOutPrepareHeader
  • winmm.dll.midiStreamOut
  • winmm.dll.midiStreamStop
  • winmm.dll.midiOutReset
  • winmm.dll.midiStreamClose
  • winmm.dll.midiStreamRestart
  • winspool.drv.OpenPrinterA
  • winspool.drv.DocumentPropertiesA
  • winspool.drv.ClosePrinter
  • ws2_32.dll.#12
  • ws2_32.dll.#116
  • ws2_32.dll.#14
  • ws2_32.dll.#1
  • ws2_32.dll.#5
  • ws2_32.dll.#16
  • ws2_32.dll.#10
  • ws2_32.dll.#17
  • ws2_32.dll.#3
  • ws2_32.dll.#101
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle
  • oleaut32.dll.#500