AA_v3.exe

First submission 2024-10-16 17:52:02 Last sumbission 2024-10-16 21:01:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	778.14 KB (796816 bytes)
Compile time:	2019-03-12 13:30:53
MD5:	121e1634bf18768802427f0a13f039a9
SHA1:	8868654ba10fb4c9a7bd882d1f947f4fd51e988e
SHA256:	5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa
Import Hash :	f97ad1acd1ab75d2d973b655b2e7f9b9
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	46/76 VT report date: 2024-10-07 11:27:26
Malware Type 3	hacktool trojan pua
Threat Type 3	ammyy ammyyadmin remadm

URLs, FQDN and IP indicators 3

URL	Host (FQDN/IP)	Date Added
hXXp://aav3.dyndns.tv/AA_v3.exe	aav3.dyndns.tv	2024-10-16 21:01:08
hXXp://arcsystem.rodopibg.net/Aa_v3.exe	arcsystem.rodopibg.net	2024-10-16 18:20:08
hXXp://samson.hr/gogo/AA.exe	samson.hr	2024-10-16 17:52:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x86a32	552960	e7068f4d4bce7c8e987241dbf8d46e3d61510536	0db24e9b0c6f51170a412c53204fac3e
.rdata	0x88000	0x194de	106496	752fcf9652884f90b2ded8fd2fb705b4f68181ab	520f1df03a494e1d1269f9d61094eb7d
.data	0xa2000	0x1ad98	81920	5654dbe20e014cdb0caf009a10dca6d203796067	3104ea65674f21bb80a192051e8bb694
.rsrc	0xbd000	0xa658	45056	3516ed2e2424b22fcac5e14d7ea17c4cbc3d058a	3b59cf0be0893b2684a4668ab90605c4

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc38d0	1
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc5078	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc4648	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc27f8	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbda00	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbf870	156
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc51b0	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc38a0	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc4af8	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO ?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.98InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.9 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbf920	1474	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Ammyy" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>Ammyy Admin</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>True/PM</dpiAware> </asmv3:windowsSettings> </asmv3:application> <compat:compatibility xmlns:compat="urn:schemas-microsoft-com:compatibility.v1"> <compat:application> <compat:supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></compat:supportedOS> <compat:supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></compat:supportedOS> <compat:supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></compat:supportedOS> <compat:supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></compat:supportedOS> <compat:supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></compat:supportedOS> </compat:application> </compat:compatibility> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbf910	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.9
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.9
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
dd11697fa70b6d905222899ef76c4249	35076570190643354d1a34308ad1e24e26d3e3fd	6288	790528

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
settings.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Data
%u-%u-%u-%u.dat
Library
W\winsta.dll
Shcore.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WININET.dll
WTSAPI32.dll
MSVCRT.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
USER32.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 16

http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://ocsp.comodoca.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://secure.comodo.net/CPS0C
http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.thawte.com0
http://www.ammyy.com/
http://www.ammyy.com
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://rl.ammyy.com
http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 44 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 101 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 165 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x48856c

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4880a0
ImageList_Create	0x4880a4
ImageList_Draw	0x4880a8
ImageList_Destroy	0x4880ac
None	0x4880b0
ImageList_GetIconSize	0x4880b4
ImageList_ReplaceIcon	0x4880b8
ImageList_Add	0x4880bc
ImageList_Duplicate	0x4880c0
_TrackMouseEvent	0x4880c4
CreatePropertySheetPageW	0x4880c8
PropertySheetW	0x4880cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4888c8
GetSaveFileNameW	0x4888cc

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4888d4

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x488834
HttpQueryInfoA	0x488838
InternetConnectA	0x48883c
InternetSetOptionA	0x488840
InternetCloseHandle	0x488844
InternetReadFile	0x488848
InternetOpenA	0x48884c
HttpOpenRequestA	0x488850

Function	Address	Souspicious	Anti Debug
SetStretchBltMode	0x4880e8
LineTo	0x4880ec
MoveToEx	0x4880f0
Ellipse	0x4880f4
GetDIBits	0x4880f8
CreateCompatibleBitmap	0x4880fc
RealizePalette	0x488100
SelectPalette	0x488104
CreatePalette	0x488108
GetSystemPaletteEntries	0x48810c
GdiFlush	0x488110
CombineRgn	0x488114
StretchBlt	0x488118
CreateDIBitmap	0x48811c
DeleteDC	0x488120
SetBkMode	0x488124
SelectObject	0x488128
CreateCompatibleDC	0x48812c
CreatePatternBrush	0x488130
GetBitmapBits	0x488134
GetObjectA	0x488138
BitBlt	0x48813c
CreateFontIndirectA	0x488140
DPtoLP	0x488144
CreateRectRgn	0x488148
ExtTextOutA	0x48814c
CreateDIBSection	0x488150
SetBitmapBits	0x488154
CreateRectRgnIndirect	0x488158
SelectClipRgn	0x48815c
TextOutW	0x488160
SetTextAlign	0x488164
SetBrushOrgEx	0x488168
ExtTextOutW	0x48816c
SetTextColor	0x488170
SetBkColor	0x488174
GetTextExtentPoint32W	0x488178
CreateFontA	0x48817c
CreateFontIndirectW	0x488180
GetStockObject	0x488184
GetRegionData	0x488188
CreateSolidBrush	0x48818c
DeleteObject	0x488190
GetDeviceCaps	0x488194

Function	Address	Souspicious	Anti Debug
ConvertSidToStringSidA	0x488000
GetTokenInformation	0x488004
OpenProcessToken	0x488008
RegCloseKey	0x48800c
RegQueryValueExA	0x488010
RegOpenKeyExA	0x488014
FreeSid	0x488018
SetFileSecurityW	0x48801c
SetSecurityDescriptorDacl	0x488020
InitializeSecurityDescriptor	0x488024
AllocateAndInitializeSid	0x488028
ImpersonateLoggedOnUser	0x48802c
RevertToSelf	0x488030
GetUserNameA	0x488034
StartServiceCtrlDispatcherW	0x488038
RegisterServiceCtrlHandlerExA	0x48803c
SetServiceStatus	0x488040
SetTokenInformation	0x488044
DuplicateTokenEx	0x488048
CreateProcessAsUserW	0x48804c
QueryServiceStatus	0x488050
CloseServiceHandle	0x488054
OpenServiceA	0x488058
OpenSCManagerA	0x48805c
CreateServiceW	0x488060
DeleteService	0x488064
ControlService	0x488068
StartServiceA	0x48806c
StartServiceW	0x488070
RegCreateKeyExA	0x488074
RegQueryValueExW	0x488078
RegSetValueExW	0x48807c
RegSetValueExA	0x488080
RegDeleteKeyA	0x488084
RegDeleteValueW	0x488088
RegCreateKeyExW	0x48808c
RegEnumKeyExW	0x488090
RegOpenKeyExW	0x488094
SetEntriesInAclA	0x488098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48819c
LoadResource	0x4881a0
LockResource	0x4881a4
GetLocalTime	0x4881a8
TryEnterCriticalSection	0x4881ac
LeaveCriticalSection	0x4881b0
EnterCriticalSection	0x4881b4
DeleteCriticalSection	0x4881b8
InitializeCriticalSection	0x4881bc
SetFileTime	0x4881c0
GetFileTime	0x4881c4
OpenMutexA	0x4881c8
CreateMutexA	0x4881cc
FindResourceExA	0x4881d0
SetEvent	0x4881d4
OpenEventA	0x4881d8
CreateEventA	0x4881dc
ExitProcess	0x4881e0
SetUnhandledExceptionFilter	0x4881e4
GetSystemDirectoryA	0x4881e8
CompareFileTime	0x4881ec
GetSystemTimeAsFileTime	0x4881f0
GetSystemDirectoryW	0x4881f4
lstrcatW	0x4881f8
FileTimeToSystemTime	0x4881fc
WaitNamedPipeW	0x488200
ReadFile	0x488204
SetLastError	0x488208
GetExitCodeProcess	0x48820c
WaitForSingleObject	0x488210
BeginUpdateResourceW	0x488214
EndUpdateResourceW	0x488218
UpdateResourceA	0x48821c
CreateThread	0x488220
OpenProcess	0x488224
CreateToolhelp32Snapshot	0x488228
Process32First	0x48822c
Process32Next	0x488230
LoadLibraryA	0x488234
FreeLibrary	0x488238
GetFileSize	0x48823c
SetFilePointer	0x488240
WriteFile	0x488244
GetFileAttributesW	0x488248
lstrcmpiW	0x48824c
lstrcmpW	0x488250
MulDiv	0x488254
FormatMessageW	0x488258
MultiByteToWideChar	0x48825c
WideCharToMultiByte	0x488260
GetModuleFileNameW	0x488264
GetComputerNameA	0x488268
LocalAlloc	0x48826c
GetExitCodeThread	0x488270
SystemTimeToFileTime	0x488274
MoveFileW	0x488278
DeleteFileW	0x48827c
GetTempPathW	0x488280
CreateFileW	0x488284
FindFirstFileW	0x488288
FindClose	0x48828c
CreateFileA	0x488290
DeviceIoControl	0x488294
GetUserDefaultUILanguage	0x488298
GetLocaleInfoA	0x48829c
CreateDirectoryW	0x4882a0
SetCurrentDirectoryW	0x4882a4
GetStartupInfoW	0x4882a8
CreateProcessW	0x4882ac
GetModuleHandleA	0x4882b0
GetProcAddress	0x4882b4
SetProcessShutdownParameters	0x4882b8
GetVersionExA	0x4882bc
GetCurrentProcess	0x4882c0
GetLastError	0x4882c4
CloseHandle	0x4882c8
LocalFree	0x4882cc
GetCurrentThreadId	0x4882d0
GetCurrentProcessId	0x4882d4
Sleep	0x4882d8
GetTickCount	0x4882dc
QueryPerformanceFrequency	0x4882e0
QueryPerformanceCounter	0x4882e4
InterlockedIncrement	0x4882e8
InterlockedDecrement	0x4882ec
lstrlenA	0x4882f0
lstrlenW	0x4882f4
TerminateProcess	0x4882f8
GlobalUnlock	0x4882fc
GlobalLock	0x488300
SystemTimeToTzSpecificLocalTime	0x488304
GetFileSizeEx	0x488308
SetEndOfFile	0x48830c
SetFilePointerEx	0x488310
GlobalAlloc	0x488314
GetDriveTypeW	0x488318
RemoveDirectoryW	0x48831c
FindNextFileW	0x488320
SetFileAttributesW	0x488324
GetLogicalDrives	0x488328
ProcessIdToSessionId	0x48832c
SleepEx	0x488330
CreateDirectoryA	0x488334
DeleteFileA	0x488338
GlobalFree	0x48833c
IsBadReadPtr	0x488340
lstrcmpA	0x488344
LocalFileTimeToFileTime	0x488348
LoadLibraryW	0x48834c
lstrcpyA	0x488350
GetCurrentDirectoryA	0x488354
FindResourceA	0x488358
DuplicateHandle	0x48835c
CreateSemaphoreA	0x488360
SetThreadPriority	0x488364
TlsSetValue	0x488368
GetCurrentThread	0x48836c
TlsAlloc	0x488370
ResumeThread	0x488374
TlsGetValue	0x488378
InterlockedExchange	0x48837c
GetStartupInfoA	0x488380
ResetEvent	0x488384

Function	Address	Souspicious	Anti Debug
_strnicmp	0x48838c
_strupr	0x488390
_strlwr	0x488394
_wcsicmp	0x488398
strchr	0x48839c
_controlfp	0x4883a0
_iob	0x4883a4
__set_app_type	0x4883a8
__p__fmode	0x4883ac
__p__commode	0x4883b0
_adjust_fdiv	0x4883b4
__setusermatherr	0x4883b8
_initterm	0x4883bc
__getmainargs	0x4883c0
_acmdln	0x4883c4
__CxxFrameHandler	0x4883c8
strlen	0x4883cc
isspace	0x4883d0
memchr	0x4883d4
_errno	0x4883d8
strtol	0x4883dc
isdigit	0x4883e0
strstr	0x4883e4
memcpy	0x4883e8
??2@YAPAXI@Z	0x4883ec
_purecall	0x4883f0
free	0x4883f4
memset	0x4883f8
malloc	0x4883fc
sprintf	0x488400
printf	0x488404
fwrite	0x488408
srand	0x48840c
time	0x488410
_CxxThrowException	0x488414
rand	0x488418
atol	0x48841c
_stricmp	0x488420
isprint	0x488424
tolower	0x488428
strncpy	0x48842c
wcslen	0x488430
atoi	0x488434
abs	0x488438
wcscpy	0x48843c
strcmp	0x488440
strcpy	0x488444
memcmp	0x488448
iswspace	0x48844c
wcsncmp	0x488450
_wtoi	0x488454
_ultow	0x488458
wcschr	0x48845c
_stat	0x488460
swprintf	0x488464
_ftol	0x488468
strcat	0x48846c
strtoul	0x488470
calloc	0x488474
_rotl	0x488478
_rotr	0x48847c
fopen	0x488480
fread	0x488484
fclose	0x488488
fseek	0x48848c
ftell	0x488490
fflush	0x488494
wcsncpy	0x488498
wcsrchr	0x48849c
vsprintf	0x4884a0
vswprintf	0x4884a4
memmove	0x4884a8
strrchr	0x4884ac
strncmp	0x4884b0
mbstowcs	0x4884b4
wcscmp	0x4884b8
wcsstr	0x4884bc
iswdigit	0x4884c0
_beginthreadex	0x4884c4
_endthreadex	0x4884c8
cos	0x4884cc
floor	0x4884d0
sin	0x4884d4
atof	0x4884d8
_i64tow	0x4884dc
wcscat	0x4884e0
realloc	0x4884e4
exit	0x4884e8
fprintf	0x4884ec
sscanf	0x4884f0
getenv	0x4884f4
fputc	0x4884f8
_CIpow	0x4884fc
_CIacos	0x488500
??1type_info@@UAE@XZ	0x488504
__dllonexit	0x488508
_onexit	0x48850c
_except_handler3	0x488510
?terminate@@YAXXZ	0x488514
_exit	0x488518
_XcptFilter	0x48851c

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x488574
InitializeSecurityContextA	0x488578
CompleteAuthToken	0x48857c
FreeContextBuffer	0x488580
AcquireCredentialsHandleA	0x488584
QuerySecurityPackageInfoA	0x488588

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x48853c
SHGetPathFromIDListW	0x488540
SHGetMalloc	0x488544
Shell_NotifyIconA	0x488548
SHGetFolderPathW	0x48854c
ShellExecuteExW	0x488550
SHGetFileInfoW	0x488554
SHGetFolderPathA	0x488558
ShellExecuteW	0x48855c
SHGetSpecialFolderPathW	0x488560
ShellExecuteA	0x488564

Function	Address	Souspicious	Anti Debug
None	0x4880d4
None	0x4880d8
None	0x4880dc
None	0x4880e0

Function	Address	Souspicious	Anti Debug
SetupDiGetDeviceRegistryPropertyA	0x488524
SetupDiClassGuidsFromNameA	0x488528
SetupDiEnumDeviceInfo	0x48852c
SetupDiDestroyDeviceInfoList	0x488530
SetupDiGetClassDevsA	0x488534

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x488858
send	0x48885c
recv	0x488860
select	0x488864
WSAStartup	0x488868
getpeername	0x48886c
getservbyport	0x488870
ntohs	0x488874
gethostbyaddr	0x488878
gethostbyname	0x48887c
inet_addr	0x488880
getservbyname	0x488884
htonl	0x488888
inet_ntoa	0x48888c
WSAIoctl	0x488890
connect	0x488894
accept	0x488898
htons	0x48889c
bind	0x4888a0
listen	0x4888a4
socket	0x4888a8
__WSAFDIsSet	0x4888ac
shutdown	0x4888b0
setsockopt	0x4888b4
ioctlsocket	0x4888b8
WSACleanup	0x4888bc
closesocket	0x4888c0

Function	Address	Souspicious	Anti Debug
FindWindowA	0x488590
OpenDesktopA	0x488594
SendMessageTimeoutA	0x488598
IntersectRect	0x48859c
LoadIconA	0x4885a0
EqualRect	0x4885a4
EnumDisplaySettingsExW	0x4885a8
EnumDisplayDevicesW	0x4885ac
GetCursorInfo	0x4885b0
OpenInputDesktop	0x4885b4
CloseDesktop	0x4885b8
GetUserObjectInformationA	0x4885bc
GetThreadDesktop	0x4885c0
EmptyClipboard	0x4885c4
RegisterClassExA	0x4885c8
PeekMessageA	0x4885cc
MsgWaitForMultipleObjects	0x4885d0
MapVirtualKeyW	0x4885d4
SendInput	0x4885d8
LockWorkStation	0x4885dc
SetThreadDesktop	0x4885e0
SetDlgItemTextA	0x4885e4
SetDlgItemInt	0x4885e8
CallNextHookEx	0x4885ec
SetWindowsHookExA	0x4885f0
UnhookWindowsHookEx	0x4885f4
DestroyAcceleratorTable	0x4885f8
TranslateAcceleratorA	0x4885fc
CreateAcceleratorTableA	0x488600
SetWindowTextA	0x488604
ReleaseCapture	0x488608
SetCapture	0x48860c
GetAsyncKeyState	0x488610
RegisterClassExW	0x488614
DestroyCursor	0x488618
MessageBeep	0x48861c
SetClipboardData	0x488620
IsWindowVisible	0x488624
SwitchToThisWindow	0x488628
SendMessageA	0x48862c
FindWindowW	0x488630
MessageBoxA	0x488634
ShowWindow	0x488638
wsprintfA	0x48863c
wsprintfW	0x488640
SetCursorPos	0x488644
GetClipboardOwner	0x488648
OpenClipboard	0x48864c
GetClipboardData	0x488650
CloseClipboard	0x488654
ShowWindowAsync	0x488658
GetWindowDC	0x48865c
SetScrollInfo	0x488660
GetWindow	0x488664
WindowFromPoint	0x488668
SetClassLongW	0x48866c
ChangeClipboardChain	0x488670
ReleaseDC	0x488674
GetDC	0x488678
DestroyIcon	0x48867c
LoadImageA	0x488680
GetIconInfo	0x488684
EnableWindow	0x488688
SetDlgItemTextW	0x48868c
DestroyWindow	0x488690
SetWindowPos	0x488694
MapWindowPoints	0x488698
InsertMenuItemW	0x48869c
InsertMenuItemA	0x4886a0
EnumWindows	0x4886a4
GetClassNameA	0x4886a8
GetWindowTextA	0x4886ac
KillTimer	0x4886b0
GetWindowLongW	0x4886b4
PostMessageA	0x4886b8
DrawTextW	0x4886bc
SetRect	0x4886c0
ShowScrollBar	0x4886c4
IsIconic	0x4886c8
ScrollWindowEx	0x4886cc
AdjustWindowRectEx	0x4886d0
GetMenuState	0x4886d4
GetWindowPlacement	0x4886d8
SetWindowPlacement	0x4886dc
GetSysColorBrush	0x4886e0
AppendMenuW	0x4886e4
SetClipboardViewer	0x4886e8
DrawTextA	0x4886ec
EndDialog	0x4886f0
CreateDialogParamW	0x4886f4
DialogBoxParamA	0x4886f8
CallWindowProcW	0x4886fc
CallWindowProcA	0x488700
DefWindowProcA	0x488704
IsWindowUnicode	0x488708
GetSystemMenu	0x48870c
RedrawWindow	0x488710
ScreenToClient	0x488714
DrawStateA	0x488718
DrawEdge	0x48871c
GetClientRect	0x488720
CreateWindowExA	0x488724
IsWindow	0x488728
GetParent	0x48872c
GetWindowLongA	0x488730
MonitorFromWindow	0x488734
GetMonitorInfoW	0x488738
EnumDisplaySettingsW	0x48873c
GetForegroundWindow	0x488740
GetWindowThreadProcessId	0x488744
AttachThreadInput	0x488748
SetActiveWindow	0x48874c
SetCursor	0x488750
SetTimer	0x488754
PostThreadMessageA	0x488758
MoveWindow	0x48875c
BeginPaint	0x488760
EndPaint	0x488764
GetDlgItemInt	0x488768
SendDlgItemMessageA	0x48876c
MapDialogRect	0x488770
SetWindowLongA	0x488774
ClientToScreen	0x488778
LoadCursorA	0x48877c
RegisterClassW	0x488780
CreateWindowExW	0x488784
SetWindowLongW	0x488788
GetMessageA	0x48878c
IsDialogMessageA	0x488790
TranslateMessage	0x488794
DispatchMessageA	0x488798
SetWindowTextW	0x48879c
SetMenu	0x4887a0
LoadMenuA	0x4887a4
GetMenuItemInfoA	0x4887a8
SetMenuItemInfoA	0x4887ac
GetSubMenu	0x4887b0
SetMenuItemInfoW	0x4887b4
GetMenuItemID	0x4887b8
EnableMenuItem	0x4887bc
GetMenuItemCount	0x4887c0
CheckMenuItem	0x4887c4
GetKeyState	0x4887c8
InvalidateRect	0x4887cc
UpdateWindow	0x4887d0
SetForegroundWindow	0x4887d4
SetFocus	0x4887d8
GetFocus	0x4887dc
PostQuitMessage	0x4887e0
DefWindowProcW	0x4887e4
CreatePopupMenu	0x4887e8
GetCursorPos	0x4887ec
TrackPopupMenu	0x4887f0
GetSysColor	0x4887f4
GetSystemMetrics	0x4887f8
GetMenuItemInfoW	0x4887fc
DrawMenuBar	0x488800
AppendMenuA	0x488804
SystemParametersInfoW	0x488808
DestroyMenu	0x48880c
GetDlgItem	0x488810
MessageBoxW	0x488814
SendMessageW	0x488818
GetWindowRect	0x48881c
SystemParametersInfoA	0x488820

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x488828
UnloadUserProfile	0x48882c