assistenza.exe

First submission 2024-10-16 17:55:03 Last sumbission 2024-10-18 06:38:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	755.49 KB (773624 bytes)
Compile time:	2015-05-29 12:36:12
MD5:	11bc606269a161555431bacf37f7c1e4
SHA1:	63c52b0ac68ab7464e2cd777442a5807db9b5383
SHA256:	1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
Import Hash :	3a8eb283f62eca7206b65c62b7d51bd5
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	54/77 VT report date: 2024-10-16 14:16:27
Malware Type 3	hacktool pua trojan
Threat Type 3	ammyy ammyyadmin ammyyadmn

URLs, FQDN and IP indicators 6

URL	Host (FQDN/IP)	Date Added
hXXp://www.spaziotempo.info/assistenza.exe	www.spaziotempo.info	2024-10-18 06:38:07
hXXp://topsoft.info/downloads/suporteremoto/ammy.exe	topsoft.info	2024-10-18 06:17:09
hXXp://www.bclick.com.br/download/AA_v3.exe	www.bclick.com.br	2024-10-16 18:16:10
hXXp://www.scs-anapa.ru/soft/aa_v3.exe?t=20160608	www.scs-anapa.ru	2024-10-16 18:12:07
hXXp://monastery.mlnk.net/programs/AA_v3.5.exe	monastery.mlnk.net	2024-10-16 17:58:07
hXXp://gdent.bg/files/AA_v3.exe	gdent.bg	2024-10-16 17:55:03

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x81faa	532480	3e59ddbedd9b533d6a8d9862cb310d5b92a384ed	18f21f4bf8c8043c6d676796d512243f
.rdata	0x83000	0x185b6	102400	6d9fd015d79ca29588f3b35415d92580a882ff06	6bbf88e0cd6467daec2d2b231584f8da
.data	0x9c000	0x1ad40	81920	0127f7a2808405b476254124c8b2df88d0d205b0	eddb86cbb4b45a1e2c497057bcaf21a4
.rsrc	0xb7000	0xa178	45056	980fbe224578bcfba1451607babb4fd83b19d5b0	d5bdf46d0655070c33aa072689764704

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbd3f0	1
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbeb98	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbe168	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbc318	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb79d0	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb92f8	784
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbecd0	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbd3c0	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbe618	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.58InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.5 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb9788	637	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Maxim" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>blabla</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb9778	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.5
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.5
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
fc55c53aa9035d564da3abc17f29c074	9043321f2ca541e0596971886d65c813f97373f1	7672	765952

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
settings.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Library
W\winsta.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WTSAPI32.dll
MSVCRT.dll
USER32.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
WININET.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL
msvcp60.dll

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 17

http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://ocsp.comodoca.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://secure.comodo.net/CPS0C
http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.thawte.com0
http://www.ammyy.com/
http://ocsp.usertrust.com0
http://www.ammyy.com
http://rl.ammyy.com
http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

MSVCP60.dll 4 SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 40 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 99 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 165 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
??1Init@ios_base@std@@QAE@XZ	0x48337c
??0_Winit@std@@QAE@XZ	0x483380
??1_Winit@std@@QAE@XZ	0x483384
??0Init@ios_base@std@@QAE@XZ	0x483388

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x483568

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4830a0
ImageList_Create	0x4830a4
ImageList_Draw	0x4830a8
ImageList_Destroy	0x4830ac
None	0x4830b0
ImageList_GetIconSize	0x4830b4
ImageList_ReplaceIcon	0x4830b8
ImageList_Add	0x4830bc
ImageList_Duplicate	0x4830c0
_TrackMouseEvent	0x4830c4
CreatePropertySheetPageW	0x4830c8
PropertySheetW	0x4830cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4838c4
GetSaveFileNameW	0x4838c8

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4838d0

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x483830
HttpQueryInfoA	0x483834
InternetConnectA	0x483838
InternetSetOptionA	0x48383c
InternetCloseHandle	0x483840
InternetReadFile	0x483844
InternetOpenA	0x483848
HttpOpenRequestA	0x48384c

Function	Address	Souspicious	Anti Debug
GetDIBits	0x4830e8
CreateCompatibleBitmap	0x4830ec
RealizePalette	0x4830f0
SelectPalette	0x4830f4
CreatePalette	0x4830f8
GetSystemPaletteEntries	0x4830fc
GdiFlush	0x483100
CombineRgn	0x483104
GetRegionData	0x483108
SetStretchBltMode	0x48310c
CreateDIBitmap	0x483110
DeleteDC	0x483114
SelectObject	0x483118
CreateCompatibleDC	0x48311c
BitBlt	0x483120
SetBkMode	0x483124
CreateFontIndirectA	0x483128
DPtoLP	0x48312c
GetDeviceCaps	0x483130
CreateFontA	0x483134
StretchBlt	0x483138
CreateRectRgn	0x48313c
ExtTextOutA	0x483140
GetBitmapBits	0x483144
GetObjectA	0x483148
CreateDIBSection	0x48314c
SetBitmapBits	0x483150
CreateRectRgnIndirect	0x483154
SelectClipRgn	0x483158
TextOutW	0x48315c
CreatePatternBrush	0x483160
SetTextAlign	0x483164
SetBrushOrgEx	0x483168
ExtTextOutW	0x48316c
SetTextColor	0x483170
SetBkColor	0x483174
GetTextExtentPoint32W	0x483178
CreateSolidBrush	0x48317c
DeleteObject	0x483180
GetStockObject	0x483184

Function	Address	Souspicious	Anti Debug
RegOpenKeyExA	0x483000
FreeSid	0x483004
SetFileSecurityW	0x483008
SetSecurityDescriptorDacl	0x48300c
InitializeSecurityDescriptor	0x483010
ConvertSidToStringSidA	0x483014
GetTokenInformation	0x483018
OpenProcessToken	0x48301c
RegCloseKey	0x483020
RegQueryValueExA	0x483024
ImpersonateLoggedOnUser	0x483028
RevertToSelf	0x48302c
GetUserNameA	0x483030
StartServiceCtrlDispatcherW	0x483034
RegisterServiceCtrlHandlerExA	0x483038
SetServiceStatus	0x48303c
SetTokenInformation	0x483040
DuplicateTokenEx	0x483044
CreateProcessAsUserW	0x483048
QueryServiceStatus	0x48304c
CloseServiceHandle	0x483050
OpenServiceA	0x483054
OpenSCManagerA	0x483058
CreateServiceW	0x48305c
DeleteService	0x483060
ControlService	0x483064
StartServiceA	0x483068
StartServiceW	0x48306c
RegCreateKeyExA	0x483070
RegQueryValueExW	0x483074
RegSetValueExW	0x483078
RegSetValueExA	0x48307c
RegDeleteKeyA	0x483080
RegDeleteValueW	0x483084
RegCreateKeyExW	0x483088
RegEnumKeyExW	0x48308c
RegOpenKeyExW	0x483090
SetEntriesInAclA	0x483094
AllocateAndInitializeSid	0x483098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48318c
LoadResource	0x483190
LockResource	0x483194
GetLocalTime	0x483198
TryEnterCriticalSection	0x48319c
LeaveCriticalSection	0x4831a0
EnterCriticalSection	0x4831a4
DeleteCriticalSection	0x4831a8
InitializeCriticalSection	0x4831ac
SetFileTime	0x4831b0
GetFileTime	0x4831b4
OpenMutexA	0x4831b8
CreateMutexA	0x4831bc
ResetEvent	0x4831c0
FindResourceExA	0x4831c4
OpenEventA	0x4831c8
CreateEventA	0x4831cc
ExitProcess	0x4831d0
SetUnhandledExceptionFilter	0x4831d4
GetSystemDirectoryA	0x4831d8
CompareFileTime	0x4831dc
GetSystemTimeAsFileTime	0x4831e0
GetSystemDirectoryW	0x4831e4
lstrcatW	0x4831e8
LoadLibraryW	0x4831ec
QueryPerformanceFrequency	0x4831f0
ReadFile	0x4831f4
QueryPerformanceCounter	0x4831f8
GetExitCodeProcess	0x4831fc
BeginUpdateResourceW	0x483200
EndUpdateResourceW	0x483204
UpdateResourceA	0x483208
OpenProcess	0x48320c
CreateToolhelp32Snapshot	0x483210
Process32First	0x483214
Process32Next	0x483218
LoadLibraryA	0x48321c
FreeLibrary	0x483220
GetFileSize	0x483224
SetFilePointer	0x483228
WriteFile	0x48322c
WaitForSingleObject	0x483230
CreateThread	0x483234
GetFileAttributesW	0x483238
GetStartupInfoW	0x48323c
CreateProcessW	0x483240
lstrcmpiW	0x483244
lstrcmpW	0x483248
MulDiv	0x48324c
FormatMessageW	0x483250
MultiByteToWideChar	0x483254
WideCharToMultiByte	0x483258
GetModuleFileNameW	0x48325c
GetComputerNameA	0x483260
LocalAlloc	0x483264
GetExitCodeThread	0x483268
SystemTimeToFileTime	0x48326c
MoveFileW	0x483270
DeleteFileW	0x483274
GetTempPathW	0x483278
CreateFileW	0x48327c
FindFirstFileW	0x483280
FindClose	0x483284
CreateFileA	0x483288
DeviceIoControl	0x48328c
GetUserDefaultUILanguage	0x483290
GetModuleHandleA	0x483294
GetProcAddress	0x483298
GetLocaleInfoA	0x48329c
CreateDirectoryW	0x4832a0
SetCurrentDirectoryW	0x4832a4
SetProcessShutdownParameters	0x4832a8
GetVersionExA	0x4832ac
GetCurrentProcess	0x4832b0
GetLastError	0x4832b4
CloseHandle	0x4832b8
LocalFree	0x4832bc
GetCurrentThreadId	0x4832c0
GetCurrentProcessId	0x4832c4
Sleep	0x4832c8
GetTickCount	0x4832cc
InterlockedIncrement	0x4832d0
InterlockedDecrement	0x4832d4
lstrlenA	0x4832d8
lstrlenW	0x4832dc
TerminateProcess	0x4832e0
GlobalUnlock	0x4832e4
GlobalLock	0x4832e8
SystemTimeToTzSpecificLocalTime	0x4832ec
FileTimeToSystemTime	0x4832f0
GetFileSizeEx	0x4832f4
SetEndOfFile	0x4832f8
SetFilePointerEx	0x4832fc
GlobalAlloc	0x483300
GetDriveTypeW	0x483304
RemoveDirectoryW	0x483308
FindNextFileW	0x48330c
SetFileAttributesW	0x483310
GetLogicalDrives	0x483314
ProcessIdToSessionId	0x483318
SleepEx	0x48331c
CreateDirectoryA	0x483320
DeleteFileA	0x483324
GlobalFree	0x483328
IsBadReadPtr	0x48332c
lstrcmpA	0x483330
LocalFileTimeToFileTime	0x483334
WaitNamedPipeW	0x483338
lstrcpyA	0x48333c
GetCurrentDirectoryA	0x483340
FindResourceA	0x483344
DuplicateHandle	0x483348
CreateSemaphoreA	0x48334c
SetThreadPriority	0x483350
TlsSetValue	0x483354
GetCurrentThread	0x483358
TlsAlloc	0x48335c
ResumeThread	0x483360
TlsGetValue	0x483364
InterlockedExchange	0x483368
GetStartupInfoA	0x48336c
SetEvent	0x483370
SetLastError	0x483374

Function	Address	Souspicious	Anti Debug
_strnicmp	0x483390
_strupr	0x483394
_strlwr	0x483398
_controlfp	0x48339c
_iob	0x4833a0
__set_app_type	0x4833a4
__p__fmode	0x4833a8
__p__commode	0x4833ac
_adjust_fdiv	0x4833b0
__setusermatherr	0x4833b4
_initterm	0x4833b8
__getmainargs	0x4833bc
_wcsicmp	0x4833c0
wcschr	0x4833c4
__CxxFrameHandler	0x4833c8
strlen	0x4833cc
isspace	0x4833d0
memchr	0x4833d4
_errno	0x4833d8
strtol	0x4833dc
isdigit	0x4833e0
strstr	0x4833e4
memcpy	0x4833e8
??2@YAPAXI@Z	0x4833ec
_purecall	0x4833f0
free	0x4833f4
memset	0x4833f8
malloc	0x4833fc
sprintf	0x483400
printf	0x483404
fwrite	0x483408
srand	0x48340c
time	0x483410
_CxxThrowException	0x483414
rand	0x483418
atol	0x48341c
_stricmp	0x483420
isprint	0x483424
tolower	0x483428
strncpy	0x48342c
atoi	0x483430
abs	0x483434
wcscpy	0x483438
strcmp	0x48343c
strcpy	0x483440
wcslen	0x483444
memcmp	0x483448
iswspace	0x48344c
wcsncmp	0x483450
_wtoi	0x483454
_ultow	0x483458
_stat	0x48345c
strchr	0x483460
_ftol	0x483464
swprintf	0x483468
strcat	0x48346c
strtoul	0x483470
calloc	0x483474
_rotl	0x483478
_rotr	0x48347c
fopen	0x483480
fread	0x483484
fclose	0x483488
fseek	0x48348c
ftell	0x483490
fflush	0x483494
wcsncpy	0x483498
wcsrchr	0x48349c
vsprintf	0x4834a0
vswprintf	0x4834a4
memmove	0x4834a8
strrchr	0x4834ac
strncmp	0x4834b0
mbstowcs	0x4834b4
wcscmp	0x4834b8
wcsstr	0x4834bc
iswdigit	0x4834c0
_beginthreadex	0x4834c4
_endthreadex	0x4834c8
atof	0x4834cc
_i64tow	0x4834d0
wcscat	0x4834d4
realloc	0x4834d8
exit	0x4834dc
fprintf	0x4834e0
sscanf	0x4834e4
getenv	0x4834e8
floor	0x4834ec
fputc	0x4834f0
_CIpow	0x4834f4
_CIacos	0x4834f8
??1type_info@@UAE@XZ	0x4834fc
__dllonexit	0x483500
_onexit	0x483504
_except_handler3	0x483508
?terminate@@YAXXZ	0x48350c
_exit	0x483510
_XcptFilter	0x483514
_acmdln	0x483518

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x483570
InitializeSecurityContextA	0x483574
FreeContextBuffer	0x483578
AcquireCredentialsHandleA	0x48357c
CompleteAuthToken	0x483580
QuerySecurityPackageInfoA	0x483584

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x483538
SHGetPathFromIDListW	0x48353c
ShellExecuteA	0x483540
SHGetMalloc	0x483544
ShellExecuteExW	0x483548
SHGetFolderPathA	0x48354c
SHGetFolderPathW	0x483550
SHGetFileInfoW	0x483554
ShellExecuteW	0x483558
SHGetSpecialFolderPathW	0x48355c
Shell_NotifyIconA	0x483560

Function	Address	Souspicious	Anti Debug
None	0x4830d4
None	0x4830d8
None	0x4830dc
None	0x4830e0

Function	Address	Souspicious	Anti Debug
SetupDiEnumDeviceInfo	0x483520
SetupDiGetClassDevsA	0x483524
SetupDiClassGuidsFromNameA	0x483528
SetupDiGetDeviceRegistryPropertyA	0x48352c
SetupDiDestroyDeviceInfoList	0x483530

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x483854
send	0x483858
recv	0x48385c
select	0x483860
WSAStartup	0x483864
getpeername	0x483868
getservbyport	0x48386c
ntohs	0x483870
gethostbyaddr	0x483874
gethostbyname	0x483878
getservbyname	0x48387c
htonl	0x483880
inet_ntoa	0x483884
inet_addr	0x483888
WSAIoctl	0x48388c
connect	0x483890
accept	0x483894
htons	0x483898
bind	0x48389c
listen	0x4838a0
socket	0x4838a4
__WSAFDIsSet	0x4838a8
shutdown	0x4838ac
setsockopt	0x4838b0
ioctlsocket	0x4838b4
WSACleanup	0x4838b8
closesocket	0x4838bc

Function	Address	Souspicious	Anti Debug
FindWindowA	0x48358c
OpenDesktopA	0x483590
VkKeyScanExA	0x483594
SendMessageTimeoutA	0x483598
LoadIconA	0x48359c
IntersectRect	0x4835a0
IsWindowVisible	0x4835a4
GetIconInfo	0x4835a8
GetCursorInfo	0x4835ac
EqualRect	0x4835b0
OpenInputDesktop	0x4835b4
CloseDesktop	0x4835b8
GetUserObjectInformationA	0x4835bc
LoadKeyboardLayoutA	0x4835c0
EmptyClipboard	0x4835c4
SetClipboardData	0x4835c8
RegisterClassExA	0x4835cc
GetDesktopWindow	0x4835d0
PeekMessageA	0x4835d4
MsgWaitForMultipleObjects	0x4835d8
mouse_event	0x4835dc
MapVirtualKeyA	0x4835e0
LockWorkStation	0x4835e4
SetThreadDesktop	0x4835e8
keybd_event	0x4835ec
SetDlgItemTextA	0x4835f0
SetDlgItemInt	0x4835f4
GetKeyboardState	0x4835f8
ToAsciiEx	0x4835fc
DestroyAcceleratorTable	0x483600
TranslateAcceleratorA	0x483604
CreateAcceleratorTableA	0x483608
SetWindowTextA	0x48360c
ReleaseCapture	0x483610
SetCapture	0x483614
GetAsyncKeyState	0x483618
GetThreadDesktop	0x48361c
SystemParametersInfoW	0x483620
SwitchToThisWindow	0x483624
SendMessageA	0x483628
FindWindowW	0x48362c
MessageBoxA	0x483630
ShowWindow	0x483634
wsprintfA	0x483638
RegisterClassExW	0x48363c
DestroyCursor	0x483640
MessageBeep	0x483644
wsprintfW	0x483648
SetCursorPos	0x48364c
GetClipboardOwner	0x483650
OpenClipboard	0x483654
GetClipboardData	0x483658
CloseClipboard	0x48365c
ShowWindowAsync	0x483660
SetScrollInfo	0x483664
GetWindow	0x483668
WindowFromPoint	0x48366c
ReleaseDC	0x483670
GetDC	0x483674
DestroyIcon	0x483678
DrawIconEx	0x48367c
LoadImageA	0x483680
EnableWindow	0x483684
SetDlgItemTextW	0x483688
DestroyWindow	0x48368c
SetWindowPos	0x483690
SetClassLongW	0x483694
InsertMenuItemW	0x483698
ChangeClipboardChain	0x48369c
MapWindowPoints	0x4836a0
InsertMenuItemA	0x4836a4
EnumWindows	0x4836a8
GetClassNameA	0x4836ac
GetWindowTextA	0x4836b0
KillTimer	0x4836b4
GetWindowLongW	0x4836b8
PostMessageA	0x4836bc
DrawTextW	0x4836c0
SetRect	0x4836c4
ShowScrollBar	0x4836c8
IsIconic	0x4836cc
ScrollWindowEx	0x4836d0
AdjustWindowRectEx	0x4836d4
GetMenuState	0x4836d8
GetWindowPlacement	0x4836dc
SetWindowPlacement	0x4836e0
GetSysColorBrush	0x4836e4
AppendMenuW	0x4836e8
SetClipboardViewer	0x4836ec
SetWindowsHookExA	0x4836f0
UnhookWindowsHookEx	0x4836f4
DrawTextA	0x4836f8
EndDialog	0x4836fc
CreateDialogParamW	0x483700
DialogBoxParamA	0x483704
CallWindowProcW	0x483708
CallWindowProcA	0x48370c
DefWindowProcA	0x483710
IsWindowUnicode	0x483714
GetSystemMenu	0x483718
RedrawWindow	0x48371c
InvalidateRect	0x483720
DrawStateA	0x483724
DrawEdge	0x483728
GetClientRect	0x48372c
CreateWindowExA	0x483730
IsWindow	0x483734
GetParent	0x483738
GetWindowLongA	0x48373c
GetForegroundWindow	0x483740
GetWindowThreadProcessId	0x483744
AttachThreadInput	0x483748
SetActiveWindow	0x48374c
SetCursor	0x483750
SetTimer	0x483754
PostThreadMessageA	0x483758
MoveWindow	0x48375c
BeginPaint	0x483760
EndPaint	0x483764
GetDlgItemInt	0x483768
SendDlgItemMessageA	0x48376c
MapDialogRect	0x483770
SetWindowLongA	0x483774
ClientToScreen	0x483778
LoadCursorA	0x48377c
RegisterClassW	0x483780
CreateWindowExW	0x483784
SetWindowLongW	0x483788
UpdateWindow	0x48378c
GetMessageA	0x483790
IsDialogMessageA	0x483794
TranslateMessage	0x483798
DispatchMessageA	0x48379c
ScreenToClient	0x4837a0
SetWindowTextW	0x4837a4
SetMenu	0x4837a8
LoadMenuA	0x4837ac
GetMenuItemInfoA	0x4837b0
SetMenuItemInfoA	0x4837b4
GetSubMenu	0x4837b8
SetMenuItemInfoW	0x4837bc
GetMenuItemID	0x4837c0
EnableMenuItem	0x4837c4
GetMenuItemCount	0x4837c8
CheckMenuItem	0x4837cc
GetKeyState	0x4837d0
SetForegroundWindow	0x4837d4
SetFocus	0x4837d8
GetFocus	0x4837dc
PostQuitMessage	0x4837e0
DefWindowProcW	0x4837e4
CreatePopupMenu	0x4837e8
GetCursorPos	0x4837ec
TrackPopupMenu	0x4837f0
GetSysColor	0x4837f4
GetSystemMetrics	0x4837f8
GetMenuItemInfoW	0x4837fc
DrawMenuBar	0x483800
AppendMenuA	0x483804
DestroyMenu	0x483808
MessageBoxW	0x48380c
GetDlgItem	0x483810
SendMessageW	0x483814
GetWindowRect	0x483818
SystemParametersInfoA	0x48381c

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x483824
UnloadUserProfile	0x483828

Name	Latest seen	MD5
Ammyy.exe	2024-10-18 06:36:02	3b4ed97de29af222837095a7c411b8a1