魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2018-05-05 01:58:22 | 2018-05-05 02:00:48 | 146 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp03-1 | win7-sp1-x64-hpdapp03-1 | KVM | 2018-05-05 01:58:27 | 2018-05-05 02:00:46 |
| 魔盾分数 |
|---|
2.65可疑的 |
文件详细信息
| 文件名 | 变声器.exe |
|---|---|
| 文件大小 | 378880 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| CRC32 | F870E4EC |
| MD5 | 66ac853f832b8de12eaf0af313e37cf9 |
| SHA1 | 50567960e51b57c631b2051af8bd0e6e2fd8fe3e |
| SHA256 | b01f6a69ea592850476cdbe318e00480ed919233748462a0702cf433fd6f081d |
| SHA512 | d94b05fd8496546f0bd139185ba3662d3a535f8ec6bb2170537ea911c6fa66d32be42c6b4ff68279cd39fe301cf57f182f027f8ccc5cec7b9a237b68069416ed |
| Ssdeep | 6144:GQYMCCqcMIzy6hBjxhqqCVlpPuRaQ7YRZh+r8yaxZ5EQN:ZYcqcMIzXoNxuYQ7OZh+YbxZD |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | 无此文件扫描结果 |
特征
发起了一些HTTP请求
url: http://www.microsoft.com/
url: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl
url: http://101.110.118.27/mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl
url: http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc
魔盾wping.org IP地址信誉系统
Greylist: 43.241.50.232
二进制文件可能包含加密或压缩数据
section: name: UPX1, entropy: 7.93, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x0004b400, virtual_size: 0x0004c000
可执行文件被使用UPX压缩
section: name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x00088000
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 是 | 101.110.118.27 | China |
| 否 | 104.18.25.243 | United States |
| 否 | 117.18.232.200 | Asia/Pacific Region |
| 否 | 117.18.237.29 | Asia/Pacific Region |
| 否 | 122.224.45.50 | China |
| 否 | 23.2.16.104 | United States |
| 是 | 43.241.50.232 | China |
| 否 | 65.55.186.115 | United States |
域名解析
| 域名 | 响应 |
|---|---|
| localhost.ptlogin2.qq.com | A 127.0.0.1 |
| www.microsoft.com |
CNAME e13678.ca.s.tl88.net
A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
| data.tvdownload.microsoft.com |
A 65.55.186.115
CNAME data.tvdownload.windowsmedia.com.akadns.net |
| ocsp.msocsp.com |
A 104.18.25.243
CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.18.24.243 |
| mscrl.microsoft.com |
CNAME certrevoc.vo.msecnd.net
CNAME cs9.wpc.v0cdn.net A 117.18.232.200 |
| cdn.epg.tvdownload.microsoft.com |
A 23.2.16.81
CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net A 23.2.16.104 CNAME a1683.d.akamai.net CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net |
| ocsp.digicert.com |
CNAME cs9.wac.phicdn.net
A 117.18.237.29 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 101.110.118.27 | 80 |
| 104.18.25.243 | 80 |
| 117.18.232.200 | 80 |
| 122.224.45.50 | 80 |
| 122.224.45.50 | 80 |
| 23.2.16.104 | 80 |
| 43.241.50.232 | 1001 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
| 65.55.186.115 | 443 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
| http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
| http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
| http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl | GET /pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: mscrl.microsoft.com |
| http://101.110.118.27/mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl | GET /mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.110.118.27 |
| http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
| http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004d4200 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00068f67 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-05-01 10:18:54 |
| 载入哈希 | 4a25031d833e21a4a78639e2a2d1c276 |
| 图标 |  |
| 图标精确哈希值 | 1ec40ed4ddb8dfa8855f91972a166dbd |
| 图标相似性哈希值 | 2707a62b93a2752121e055cb858f119a |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00088000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x00089000 | 0x0004c000 | 0x0004b400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.93 |
| .rsrc | 0x000d5000 | 0x00011000 | 0x00011000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.85 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x000bf488 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.20 | data |
| TEXTINCLUDE | 0x000bf488 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.20 | data |
| TEXTINCLUDE | 0x000bf488 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.20 | data |
| RT_CURSOR | 0x000bf978 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.82 | data |
| RT_CURSOR | 0x000bf978 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.82 | data |
| RT_CURSOR | 0x000bf978 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.82 | data |
| RT_CURSOR | 0x000bf978 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.82 | data |
| RT_ICON | 0x000d5468 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.79 | data |
| RT_ICON | 0x000d5468 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.79 | data |
| RT_ICON | 0x000d5468 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.79 | data |
| RT_DIALOG | 0x000d1180 | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.75 | data |
| RT_DIALOG | 0x000d1180 | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.75 | data |
| RT_DIALOG | 0x000d1180 | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.75 | data |
| RT_DIALOG | 0x000d1180 | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.75 | data |
| RT_DIALOG | 0x000d1180 | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.75 | data |
| RT_GROUP_CURSOR | 0x000d125c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.97 | data |
| RT_GROUP_CURSOR | 0x000d125c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.97 | data |
| RT_GROUP_CURSOR | 0x000d125c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.97 | data |
| RT_GROUP_ICON | 0x000e5c94 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.16 | MS Windows icon resource - 1 icon, 128x128 |
导入
库 KERNEL32.DLL:
• 0x4e5dac - LoadLibraryA
• 0x4e5db0 - GetProcAddress
• 0x4e5db4 - VirtualProtect
• 0x4e5db8 - VirtualAlloc
• 0x4e5dbc - VirtualFree
• 0x4e5dc0 - ExitProcess
库 ADVAPI32.dll:
• 0x4e5dc8 - RegCloseKey
库 COMCTL32.dll:
• 0x4e5dd0 - None
库 comdlg32.dll:
• 0x4e5dd8 - ChooseColorA
库 GDI32.dll:
• 0x4e5de0 - EndDoc
库 ole32.dll:
• 0x4e5de8 - OleRun
库 OLEAUT32.dll:
• 0x4e5df0 - VariantInit
库 SHELL32.dll:
• 0x4e5df8 - ShellExecuteA
库 USER32.dll:
• 0x4e5e00 - GetDC
库 WINMM.dll:
• 0x4e5e08 - waveOutOpen
库 WINSPOOL.DRV:
• 0x4e5e10 - ClosePrinter
库 WS2_32.dll:
• 0x4e5e18 - inet_addr
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
_________.exe PID: 2104, 上一级进程 PID: 284
访问的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- \Device\Afd\AsyncSelectHlp
- C:\Users\test\AppData\Local\Temp\ole32.dll
- C:\Users\test\AppData\Local\Temp\wininet.dll
- C:\Windows\SysWOW64\stdole2.tlb
- C:\Users\test\AppData\Local\Temp\user32.dll
- C:\Users\test\AppData\Local\Temp\kernel32.DLL
读取的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- \Device\Afd\AsyncSelectHlp
- C:\Windows\SysWOW64\stdole2.tlb
修改的文件
- \Device\Afd\AsyncSelectHlp
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\TypeLib
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
读取的注册表键
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- kernel32.dll.SetEndOfFile
- kernel32.dll.UnlockFile
- kernel32.dll.LockFile
- kernel32.dll.FlushFileBuffers
- kernel32.dll.SetFilePointer
- kernel32.dll.GetCurrentProcess
- kernel32.dll.DuplicateHandle
- kernel32.dll.lstrcpynA
- kernel32.dll.SetLastError
- kernel32.dll.FileTimeToLocalFileTime
- kernel32.dll.FileTimeToSystemTime
- kernel32.dll.LocalFree
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.InterlockedDecrement
- kernel32.dll.CreateSemaphoreA
- kernel32.dll.SetStdHandle
- kernel32.dll.IsBadCodePtr
- kernel32.dll.IsBadReadPtr
- kernel32.dll.CompareStringW
- kernel32.dll.CompareStringA
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.GetStringTypeW
- kernel32.dll.GetStringTypeA
- kernel32.dll.IsBadWritePtr
- kernel32.dll.VirtualAlloc
- kernel32.dll.LCMapStringW
- kernel32.dll.LCMapStringA
- kernel32.dll.SetEnvironmentVariableA
- kernel32.dll.VirtualFree
- kernel32.dll.HeapCreate
- kernel32.dll.HeapDestroy
- kernel32.dll.GetEnvironmentVariableA
- kernel32.dll.GetFileType
- kernel32.dll.GetStdHandle
- kernel32.dll.SetHandleCount
- kernel32.dll.GetEnvironmentStringsW
- kernel32.dll.GetEnvironmentStrings
- kernel32.dll.FreeEnvironmentStringsW
- kernel32.dll.FreeEnvironmentStringsA
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.GetACP
- kernel32.dll.HeapSize
- kernel32.dll.ResumeThread
- kernel32.dll.ReleaseSemaphore
- kernel32.dll.EnterCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.GetProfileStringA
- kernel32.dll.WriteFile
- kernel32.dll.ReadFile
- kernel32.dll.WaitForMultipleObjects
- kernel32.dll.CreateFileA
- kernel32.dll.SetEvent
- kernel32.dll.FindResourceA
- kernel32.dll.LoadResource
- kernel32.dll.LockResource
- kernel32.dll.lstrlenW
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.ExitProcess
- kernel32.dll.GlobalSize
- kernel32.dll.GlobalFree
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.lstrcatA
- kernel32.dll.lstrlenA
- kernel32.dll.WinExec
- kernel32.dll.lstrcpyA
- kernel32.dll.FindNextFileA
- kernel32.dll.GlobalReAlloc
- kernel32.dll.HeapFree
- kernel32.dll.HeapReAlloc
- kernel32.dll.GetProcessHeap
- kernel32.dll.HeapAlloc
- kernel32.dll.GetUserDefaultLCID
- kernel32.dll.GetFullPathNameA
- kernel32.dll.FreeLibrary
- kernel32.dll.LoadLibraryA
- kernel32.dll.GetLastError
- kernel32.dll.GetVersionExA
- kernel32.dll.WritePrivateProfileStringA
- kernel32.dll.CreateThread
- kernel32.dll.CreateEventA
- kernel32.dll.Sleep
- kernel32.dll.GlobalAlloc
- kernel32.dll.GlobalLock
- kernel32.dll.GlobalUnlock
- kernel32.dll.FindFirstFileA
- kernel32.dll.FindClose
- kernel32.dll.TerminateProcess
- kernel32.dll.GetLocalTime
- kernel32.dll.GetSystemTime
- kernel32.dll.GetTimeZoneInformation
- kernel32.dll.RaiseException
- kernel32.dll.RtlUnwind
- kernel32.dll.GetStartupInfoA
- kernel32.dll.GetOEMCP
- kernel32.dll.GetCPInfo
- kernel32.dll.GetProcessVersion
- kernel32.dll.SetErrorMode
- kernel32.dll.GlobalFlags
- kernel32.dll.GetCurrentThread
- kernel32.dll.GetFileTime
- kernel32.dll.GetFileSize
- kernel32.dll.TlsGetValue
- kernel32.dll.LocalReAlloc
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsFree
- kernel32.dll.GlobalHandle
- kernel32.dll.GetFileAttributesA
- kernel32.dll.SetCurrentDirectoryA
- kernel32.dll.GetVolumeInformationA
- kernel32.dll.TlsAlloc
- kernel32.dll.LocalAlloc
- kernel32.dll.lstrcmpA
- kernel32.dll.GetVersion
- kernel32.dll.GlobalGetAtomNameA
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.GlobalDeleteAtom
- kernel32.dll.lstrcmpiA
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetProcAddress
- kernel32.dll.MulDiv
- kernel32.dll.GetCommandLineA
- kernel32.dll.GetTickCount
- kernel32.dll.WaitForSingleObject
- kernel32.dll.CloseHandle
- kernel32.dll.InterlockedIncrement
- advapi32.dll.RegCloseKey
- advapi32.dll.RegOpenKeyExA
- advapi32.dll.RegSetValueExA
- advapi32.dll.RegQueryValueA
- advapi32.dll.RegCreateKeyExA
- comctl32.dll.ImageList_Destroy
- comctl32.dll.#17
- comdlg32.dll.GetFileTitleA
- comdlg32.dll.GetSaveFileNameA
- comdlg32.dll.GetOpenFileNameA
- comdlg32.dll.ChooseColorA
- gdi32.dll.SetStretchBltMode
- gdi32.dll.GetClipRgn
- gdi32.dll.CreatePolygonRgn
- gdi32.dll.SelectClipRgn
- gdi32.dll.DeleteObject
- gdi32.dll.CreateDIBitmap
- gdi32.dll.GetSystemPaletteEntries
- gdi32.dll.CreatePalette
- gdi32.dll.StretchBlt
- gdi32.dll.SelectPalette
- gdi32.dll.RealizePalette
- gdi32.dll.GetDIBits
- gdi32.dll.GetWindowExtEx
- gdi32.dll.GetViewportOrgEx
- gdi32.dll.GetWindowOrgEx
- gdi32.dll.BeginPath
- gdi32.dll.EndPath
- gdi32.dll.PathToRegion
- gdi32.dll.CreateEllipticRgn
- gdi32.dll.CreateRoundRectRgn
- gdi32.dll.GetTextColor
- gdi32.dll.GetBkMode
- gdi32.dll.GetBkColor
- gdi32.dll.GetROP2
- gdi32.dll.GetStretchBltMode
- gdi32.dll.GetPolyFillMode
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.CreateDCA
- gdi32.dll.CreateBitmap
- gdi32.dll.SelectObject
- gdi32.dll.CreatePen
- gdi32.dll.CombineRgn
- gdi32.dll.CreateRectRgn
- gdi32.dll.FillRgn
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateFontIndirectA
- gdi32.dll.GetStockObject
- gdi32.dll.GetObjectA
- gdi32.dll.EndPage
- gdi32.dll.EndDoc
- gdi32.dll.DeleteDC
- gdi32.dll.StartDocA
- gdi32.dll.StartPage
- gdi32.dll.BitBlt
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.Ellipse
- gdi32.dll.Rectangle
- gdi32.dll.LPtoDP
- gdi32.dll.DPtoLP
- gdi32.dll.GetCurrentObject
- gdi32.dll.RoundRect
- gdi32.dll.GetTextExtentPoint32A
- gdi32.dll.GetDeviceCaps
- gdi32.dll.SaveDC
- gdi32.dll.RestoreDC
- gdi32.dll.SetBkMode
- gdi32.dll.SetPolyFillMode
- gdi32.dll.SetROP2
- gdi32.dll.SetTextColor
- gdi32.dll.SetMapMode
- gdi32.dll.SetViewportOrgEx
- gdi32.dll.OffsetViewportOrgEx
- gdi32.dll.SetViewportExtEx
- gdi32.dll.ScaleViewportExtEx
- gdi32.dll.SetWindowOrgEx
- gdi32.dll.SetWindowExtEx
- gdi32.dll.ScaleWindowExtEx
- gdi32.dll.GetClipBox
- gdi32.dll.ExcludeClipRect
- gdi32.dll.MoveToEx
- gdi32.dll.LineTo
- gdi32.dll.CreateRectRgnIndirect
- gdi32.dll.SetBkColor
- gdi32.dll.PatBlt
- gdi32.dll.GetTextMetricsA
- gdi32.dll.Escape
- gdi32.dll.ExtTextOutA
- gdi32.dll.TextOutA
- gdi32.dll.RectVisible
- gdi32.dll.PtVisible
- gdi32.dll.GetViewportExtEx
- gdi32.dll.ExtSelectClipRgn
- ole32.dll.CLSIDFromProgID
- ole32.dll.CLSIDFromString
- ole32.dll.CoCreateInstance
- ole32.dll.OleRun
- ole32.dll.OleInitialize
- ole32.dll.OleUninitialize
- oleaut32.dll.#2
- oleaut32.dll.#16
- oleaut32.dll.#15
- oleaut32.dll.#26
- oleaut32.dll.#163
- oleaut32.dll.#165
- oleaut32.dll.#161
- oleaut32.dll.#186
- oleaut32.dll.#11
- oleaut32.dll.#25
- oleaut32.dll.#23
- oleaut32.dll.#24
- oleaut32.dll.#17
- oleaut32.dll.#20
- oleaut32.dll.#19
- oleaut32.dll.#12
- oleaut32.dll.#9
- oleaut32.dll.#10
- oleaut32.dll.#8
- shell32.dll.ShellExecuteA
- shell32.dll.Shell_NotifyIconA
- user32.dll.OpenClipboard
- user32.dll.SetClipboardData
- user32.dll.EmptyClipboard
- user32.dll.GetSystemMetrics
- user32.dll.GetCursorPos
- user32.dll.MessageBoxA
- user32.dll.SetWindowPos
- user32.dll.SendMessageA
- user32.dll.DestroyCursor
- user32.dll.SetParent
- user32.dll.GetClipboardData
- user32.dll.PostMessageA
- user32.dll.GetTopWindow
- user32.dll.GetParent
- user32.dll.GetFocus
- user32.dll.GetClientRect
- user32.dll.InvalidateRect
- user32.dll.ValidateRect
- user32.dll.UpdateWindow
- user32.dll.CloseClipboard
- user32.dll.wsprintfA
- user32.dll.EqualRect
- user32.dll.GetWindowRect
- user32.dll.SetForegroundWindow
- user32.dll.IsWindow
- user32.dll.DestroyMenu
- user32.dll.IsChild
- user32.dll.ReleaseDC
- user32.dll.IsRectEmpty
- user32.dll.FillRect
- user32.dll.GetDC
- user32.dll.SetCursor
- user32.dll.LoadCursorA
- user32.dll.SetCursorPos
- user32.dll.SetActiveWindow
- user32.dll.GetSysColor
- user32.dll.SetWindowLongA
- user32.dll.GetWindowLongA
- user32.dll.RedrawWindow
- user32.dll.EnableWindow
- user32.dll.IsWindowVisible
- user32.dll.OffsetRect
- user32.dll.PtInRect
- user32.dll.DestroyIcon
- user32.dll.IntersectRect
- user32.dll.InflateRect
- user32.dll.SetRect
- user32.dll.SetScrollPos
- user32.dll.SetScrollRange
- user32.dll.GetScrollRange
- user32.dll.SetCapture
- user32.dll.TranslateMessage
- user32.dll.LoadIconA
- user32.dll.DrawFrameControl
- user32.dll.DrawEdge
- user32.dll.DrawFocusRect
- user32.dll.WindowFromPoint
- user32.dll.GetMessageA
- user32.dll.DispatchMessageA
- user32.dll.SetRectEmpty
- user32.dll.RegisterClipboardFormatA
- user32.dll.CreateIconFromResourceEx
- user32.dll.CreateIconFromResource
- user32.dll.DrawIconEx
- user32.dll.CreatePopupMenu
- user32.dll.AppendMenuA
- user32.dll.ModifyMenuA
- user32.dll.CreateMenu
- user32.dll.CreateAcceleratorTableA
- user32.dll.GetDlgCtrlID
- user32.dll.GetSubMenu
- user32.dll.EnableMenuItem
- user32.dll.ClientToScreen
- user32.dll.EnumDisplaySettingsA
- user32.dll.LoadImageA
- user32.dll.SystemParametersInfoA
- user32.dll.ShowWindow
- user32.dll.IsWindowEnabled
- user32.dll.TranslateAcceleratorA
- user32.dll.GetKeyState
- user32.dll.CopyAcceleratorTableA
- user32.dll.PostQuitMessage
- user32.dll.IsZoomed
- user32.dll.GetClassInfoA
- user32.dll.GetWindowTextA
- user32.dll.GetWindowTextLengthA
- user32.dll.CharUpperA
- user32.dll.GetWindowDC
- user32.dll.BeginPaint
- user32.dll.EndPaint
- user32.dll.TabbedTextOutA
- user32.dll.DrawTextA
- user32.dll.GrayStringA
- user32.dll.GetDlgItem
- user32.dll.DestroyWindow
- user32.dll.CreateDialogIndirectParamA
- user32.dll.EndDialog
- user32.dll.GetNextDlgTabItem
- user32.dll.GetWindowPlacement
- user32.dll.RegisterWindowMessageA
- user32.dll.GetForegroundWindow
- user32.dll.GetLastActivePopup
- user32.dll.GetMessageTime
- user32.dll.RemovePropA
- user32.dll.CallWindowProcA
- user32.dll.GetPropA
- user32.dll.UnhookWindowsHookEx
- user32.dll.SetPropA
- user32.dll.GetClassLongA
- user32.dll.CallNextHookEx
- user32.dll.SetWindowsHookExA
- user32.dll.CreateWindowExA
- user32.dll.GetMenuItemID
- user32.dll.GetMenuItemCount
- user32.dll.RegisterClassA
- user32.dll.GetScrollPos
- user32.dll.UnregisterClassA
- user32.dll.AdjustWindowRectEx
- user32.dll.MapWindowPoints
- user32.dll.SendDlgItemMessageA
- user32.dll.ScrollWindowEx
- user32.dll.IsDialogMessageA
- user32.dll.SetWindowTextA
- user32.dll.MoveWindow
- user32.dll.CheckMenuItem
- user32.dll.SetMenuItemBitmaps
- user32.dll.GetMenuState
- user32.dll.GetMenuCheckMarkDimensions
- user32.dll.GetClassNameA
- user32.dll.GetDesktopWindow
- user32.dll.LoadStringA
- user32.dll.GetSysColorBrush
- user32.dll.DefWindowProcA
- user32.dll.GetSystemMenu
- user32.dll.DeleteMenu
- user32.dll.GetMenu
- user32.dll.SetMenu
- user32.dll.PeekMessageA
- user32.dll.IsIconic
- user32.dll.SetFocus
- user32.dll.GetActiveWindow
- user32.dll.GetWindow
- user32.dll.DestroyAcceleratorTable
- user32.dll.SetWindowRgn
- user32.dll.GetMessagePos
- user32.dll.ScreenToClient
- user32.dll.ChildWindowFromPointEx
- user32.dll.CopyRect
- user32.dll.LoadBitmapA
- user32.dll.WinHelpA
- user32.dll.KillTimer
- user32.dll.SetTimer
- user32.dll.ReleaseCapture
- user32.dll.GetCapture
- winmm.dll.midiStreamRestart
- winmm.dll.midiStreamClose
- winmm.dll.midiOutReset
- winmm.dll.midiStreamStop
- winmm.dll.midiStreamOut
- winmm.dll.midiOutPrepareHeader
- winmm.dll.midiStreamProperty
- winmm.dll.midiStreamOpen
- winmm.dll.midiOutUnprepareHeader
- winmm.dll.waveOutOpen
- winmm.dll.waveOutGetNumDevs
- winmm.dll.waveOutClose
- winmm.dll.waveOutReset
- winmm.dll.waveOutPause
- winmm.dll.waveOutWrite
- winmm.dll.waveOutPrepareHeader
- winmm.dll.waveOutUnprepareHeader
- winspool.drv.ClosePrinter
- winspool.drv.DocumentPropertiesA
- winspool.drv.OpenPrinterA
- ws2_32.dll.#16
- ws2_32.dll.#5
- ws2_32.dll.#1
- ws2_32.dll.#10
- ws2_32.dll.#17
- ws2_32.dll.#23
- ws2_32.dll.#9
- ws2_32.dll.#4
- ws2_32.dll.#101
- ws2_32.dll.#3
- ws2_32.dll.#19
- ws2_32.dll.#18
- ws2_32.dll.#116
- ws2_32.dll.#115
- ws2_32.dll.#52
- ws2_32.dll.#12
- ws2_32.dll.#11
- kernel32.dll.IsProcessorFeaturePresent
- cryptbase.dll.SystemFunction036
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ole32.dll.CoInitialize
- wininet.dll.InternetOpenA
- wininet.dll.InternetConnectA
- wininet.dll.HttpOpenRequestA
- wininet.dll.HttpSendRequestA
- rasapi32.dll.RasConnectionNotificationW
- sechost.dll.OpenServiceA
- sechost.dll.NotifyServiceStatusChangeA
- wininet.dll.InternetReadFile
- wininet.dll.HttpQueryInfoA
- wininet.dll.InternetCloseHandle
- ole32.dll.CoUninitialize
- kernel32.dll.CreateWaitableTimerA
- kernel32.dll.SetWaitableTimer
- user32.dll.MsgWaitForMultipleObjects