1654365431.exe

First submission 2024-10-11 17:15:05

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	5522.0 KB (5654528 bytes)
Compile time:	2024-10-07 18:42:57
MD5:	31d649663149dabd99c51b71e60a4a91
SHA1:	f5f515e1818388c9360bde15a7dfcb265e86a812
SHA256:	2acb9052db5b304a822f8cd1169e31327e967e06ff78064997ea8a5003e783ec
Import Hash :	bf7e94a88b651f53cc57bdb23fcd2c2f
Sections 11	.text .data .bss .idata .didata .edata .tls .rdata .reloc .pdata .rsrc
Directories 5	import export resource tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	1/77 VT report date: 2024-10-11 16:53:50

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://146.70.24.213/do/1654365431.exe	146.70.24.213	2024-10-11 17:15:05

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x43c5c0	4441600	c1e9989fa6871c129dca986527e20f49711e3136	4dc050f2b4f53a64168d2d2b3bb04cf6
.data	0x43e000	0x5ee38	389120	b6c47aaccd3441efb0814211e5ea778a5cac4186	c96c0455df11a9306f23138f836838b1
.bss	0x49d000	0xaab4	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x4a8000	0x48de	18944	a63978c1dbd5852d7f8440a7c8a0923b2cbc394e	586f243f7059a7c5e3cc1599e712e400
.didata	0x4ad000	0xe3c	4096	2cd176d1087c5f2d24ae869ceea1f7ea3a561c35	cffac5f732be0532b2a4d072e873b001
.edata	0x4ae000	0x97	512	39cbec0acee0ae91ebc3262af2381d38edc31130	32e00411291ba873b0de75e561276889
.tls	0x4af000	0x1e4	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x4b0000	0x6d	512	fbe9568208cd0dde56ac107f3756d9149ea428c7	cb0aedb4d69d2e7d3f915611730f186c
.reloc	0x4b1000	0x39178	233984	b1d682f2e0943750475bcce3b7bb74f04d111871	3895bdffdd7a3e7f1d857eb7488e8413
.pdata	0x4eb000	0x3e9c4	256512	ebb582e762a7a7b600ddd6800d3dd5aa0df691b1	6086c296052ff020a33a7ba75c81e109
.rsrc	0x52a000	0x4b400	308224	b41782880359d21b7f3e912c87072a4d840fc0e7	7cd7c843107b0c985a216d5520dc5729

PE Resources 7

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x52b3e0	308
RT_ICON	LANG_CZECH	SUBLANG_ARABIC_MOROCCO	0x53081c	1128	PE Resource: RT_ICON - Data ( @^eIMTIPDLCJGOGOHQwGP>OBkCCCCBnATENHQ/GN?ZBA?>=>>A_FOHR"HP>TBA:xKh\|z\p7n<AD^CLaiDMC\|C;v7h@DDLGRIV]uE^F6Qf=CEMGQNT]o[EUN;zCEKEN?gYDT9Z;zCFLHR=hWDT=[w=zFIP<G Y9o^IY9Wz}lD:B !/<8\|+ugu;SAV T9BjX}Y6rR\G}* iqY6rszEzbm(P G9X-PoU2 ^QZ}puFM(1 !i x4
RT_STRING	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x538368	844	PE Resource: RT_STRING - Data <unknown>!'%s' is not a valid integer value('%s' is not a valid floating point value'%s' is not a valid date'%s' is not a valid time!'%s' is not a valid date and time '%d.%d' is not a valid timestamp'%s' is not a valid GUID value!'%s' is not a valid boolean valueInvalid argument to time encodeInvalid argument to date encode Out of memoryI/O error %dToo many open filesFile access deniedRead beyond end of file
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x574df4	337	PE Resource: RT_RCDATA - Data TPF0TForm1Form1LeftTopCaptionForm1ClientHeightClientWidthColor clBtnFaceFont.CharsetDEFAULT_CHARSET Font.ColorclWindowTextFont.Height Font.NameTahoma Font.StyleOldCreateOrderOnCreate FormCreate PixelsPerInch` TextHeight TButtonButton1Left0Top0WidthKHeightCaptionButton1TabOrder
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x574fc0	20
RT_GROUP_ICON	LANG_CZECH	SUBLANG_ARABIC_MOROCCO	0x574fd4	90
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x575030	872	PE Resource: RT_VERSION - Data h4VS_VERSION_INFO?StringFileInfo040904B0NCompanyNameLaplink Software, Inc.VFileDescriptionLaplink Gold Component>FileVersion17.500.01700.0(InternalNameLLWx*LegalCopyrightCopyright (C) Laplink Software, Inc. 2007@OriginalFilenameLAPLINK.EXE: ProductNameLaplink Gold@ProductVersion14.01.0017.00FCommentsLaplink Gold ComponentDVarFileInfo$Translation

Meta infos 10

LegalCopyright:	Copyright (C) Laplink Software, Inc. 2007
InternalName:	LLW
FileVersion:	17.500.01700.0
CompanyName:	Laplink Software, Inc.
OriginalFilename:	LAPLINK.EXE
ProductVersion:	14.01.0017.00
FileDescription:	Laplink Gold Component
Translation:	0x0409 0x04b0
Comments:	Laplink Gold Component
ProductName:	Laplink Gold

Anti debug functions 7

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
RaiseException
UnhandledExceptionFilter

Strings analysis - File found

Database
Data.DB
Query DB
Dbx.SQL
Library
USER32.dll
dbxint.dll
gds32.dll
KERNEL32.dll
ibtogo.dll
UxTheme.dll
ibtogo64.dll
MSWSOCK.DLL
IPHLPAPI.DLL
dbxadapter.dll
normaliz.dll
Fwpuclnt.dll
IdnDL.dll
COMCTL32.dll
wship6.dll
ole32.dll
IMM32.dll
ibclient64.dll
OLEAUT32.dll
WS2_32.dll
MSIMG32.dll
ADVAPI32.dll
GDI32.dll
dwmapi.dll
WTSAPI32.dll
WindowsCodecs.dll
SHELL32.dll
VERSION.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

winspool.drv 5 version.dll 3 gdi32.dll 96 shell32.dll 1 kernel32.dll 157 oleaut32.dll 19 advapi32.dll 20 ole32.dll 8 user32.dll 187 comctl32.dll 35

Function	Address	Souspicious	Anti Debug
OpenPrinterW	0x8aa3b8
EnumPrintersW	0x8aa3c0
DocumentPropertiesW	0x8aa3c8
ClosePrinter	0x8aa3d0
GetDefaultPrinterW	0x8aa3e0

Function	Address	Souspicious	Anti Debug
VerQueryValueW	0x8a9dd0
GetFileVersionInfoSizeW	0x8a9dd8
GetFileVersionInfoW	0x8a9de0

Function	Address	Souspicious	Anti Debug
UnrealizeObject	0x8a9ac8
StretchDIBits	0x8a9ad0
StretchBlt	0x8a9ad8
StartPage	0x8a9ae0
StartDocW	0x8a9ae8
SetWindowOrgEx	0x8a9af0
SetWinMetaFileBits	0x8a9af8
SetViewportOrgEx	0x8a9b00
SetTextColor	0x8a9b08
SetStretchBltMode	0x8a9b10
SetRectRgn	0x8a9b18
SetROP2	0x8a9b20
SetPixel	0x8a9b28
SetEnhMetaFileBits	0x8a9b30
SetDIBits	0x8a9b38
SetDIBColorTable	0x8a9b40
SetBrushOrgEx	0x8a9b48
SetBkMode	0x8a9b50
SetBkColor	0x8a9b58
SetAbortProc	0x8a9b60
SelectPalette	0x8a9b68
SelectObject	0x8a9b70
SaveDC	0x8a9b78
RoundRect	0x8a9b80
RestoreDC	0x8a9b88
Rectangle	0x8a9b90
RectVisible	0x8a9b98
RealizePalette	0x8a9ba0
Polyline	0x8a9ba8
Polygon	0x8a9bb0
PolyBezierTo	0x8a9bb8
PolyBezier	0x8a9bc0
PlayEnhMetaFile	0x8a9bc8
Pie	0x8a9bd0
PatBlt	0x8a9bd8
MoveToEx	0x8a9be0
MaskBlt	0x8a9be8
LineTo	0x8a9bf0
IntersectClipRect	0x8a9bf8
GetWindowOrgEx	0x8a9c00
GetWinMetaFileBits	0x8a9c08
GetTextMetricsW	0x8a9c10
GetTextExtentPointW	0x8a9c18
GetTextExtentPoint32W	0x8a9c20
GetSystemPaletteEntries	0x8a9c28
GetStockObject	0x8a9c30
GetRgnBox	0x8a9c38
GetPixel	0x8a9c40
GetPaletteEntries	0x8a9c48
GetObjectW	0x8a9c50
GetMapMode	0x8a9c58
GetEnhMetaFilePaletteEntries	0x8a9c60
GetEnhMetaFileHeader	0x8a9c68
GetEnhMetaFileDescriptionW	0x8a9c70
GetEnhMetaFileBits	0x8a9c78
GetDeviceCaps	0x8a9c80
GetDIBits	0x8a9c88
GetDIBColorTable	0x8a9c90
GetCurrentPositionEx	0x8a9c98
GetClipBox	0x8a9ca0
GetBrushOrgEx	0x8a9ca8
GetBitmapBits	0x8a9cb0
GdiFlush	0x8a9cb8
FrameRgn	0x8a9cc0
ExtTextOutW	0x8a9cc8
ExtFloodFill	0x8a9cd0
ExcludeClipRect	0x8a9cd8
EnumFontsW	0x8a9ce0
EnumFontFamiliesExW	0x8a9ce8
EndPage	0x8a9cf0
EndDoc	0x8a9cf8
Ellipse	0x8a9d00
DeleteObject	0x8a9d08
DeleteEnhMetaFile	0x8a9d10
DeleteDC	0x8a9d18
CreateSolidBrush	0x8a9d20
CreateRectRgn	0x8a9d28
CreatePenIndirect	0x8a9d30
CreatePalette	0x8a9d38
CreateICW	0x8a9d40
CreateHalftonePalette	0x8a9d48
CreateFontIndirectW	0x8a9d50
CreateDIBitmap	0x8a9d58
CreateDIBSection	0x8a9d60
CreateDCW	0x8a9d68
CreateCompatibleDC	0x8a9d70
CreateCompatibleBitmap	0x8a9d78
CreateBrushIndirect	0x8a9d80
CreateBitmap	0x8a9d88
CopyEnhMetaFileW	0x8a9d90
Chord	0x8a9d98
BitBlt	0x8a9da0
ArcTo	0x8a9da8
Arc	0x8a9db0
AngleArc	0x8a9db8
AbortDoc	0x8a9dc0

Function	Address	Souspicious	Anti Debug
Shell_NotifyIconW	0x8aa3a8

Function	Address	Souspicious	Anti Debug
Sleep	0x8a9318
VirtualFree	0x8a9320
VirtualAlloc	0x8a9328
lstrlenW	0x8a9330
VirtualQuery	0x8a9338
QueryPerformanceCounter	0x8a9340
GetTickCount	0x8a9348
GetSystemInfo	0x8a9350
GetVersion	0x8a9358
CompareStringW	0x8a9360
IsDBCSLeadByteEx	0x8a9368
IsValidLocale	0x8a9370
SetThreadLocale	0x8a9378
GetSystemDefaultUILanguage	0x8a9380
GetUserDefaultUILanguage	0x8a9388
GetLocaleInfoW	0x8a9390
WideCharToMultiByte	0x8a9398
MultiByteToWideChar	0x8a93a0
GetConsoleOutputCP	0x8a93a8
GetConsoleCP	0x8a93b0
GetACP	0x8a93b8
LoadLibraryExW	0x8a93c0
GetStartupInfoW	0x8a93c8
GetProcAddress	0x8a93d0
GetModuleHandleW	0x8a93d8
GetModuleFileNameW	0x8a93e0
GetCommandLineW	0x8a93e8
FreeLibrary	0x8a93f0
GetLastError	0x8a93f8
UnhandledExceptionFilter	0x8a9400
RtlUnwindEx	0x8a9408
RtlUnwind	0x8a9410
RaiseException	0x8a9418
ExitProcess	0x8a9420
ExitThread	0x8a9428
SwitchToThread	0x8a9430
GetCurrentThreadId	0x8a9438
CreateThread	0x8a9440
DeleteCriticalSection	0x8a9448
LeaveCriticalSection	0x8a9450
EnterCriticalSection	0x8a9458
InitializeCriticalSection	0x8a9460
FindFirstFileW	0x8a9468
FindClose	0x8a9470
WriteFile	0x8a9478
SetFilePointer	0x8a9480
SetEndOfFile	0x8a9488
ReadFile	0x8a9490
GetFileType	0x8a9498
GetFileSize	0x8a94a0
CreateFileW	0x8a94a8
GetStdHandle	0x8a94b0
CloseHandle	0x8a94b8
GetProcAddress	0x8a94c8
RaiseException	0x8a94d0
LoadLibraryA	0x8a94d8
GetLastError	0x8a94e0
TlsSetValue	0x8a94e8
TlsGetValue	0x8a94f0
LocalFree	0x8a94f8
LocalAlloc	0x8a9500
GetModuleHandleW	0x8a9508
FreeLibrary	0x8a9510
WriteFile	0x8a9df0
WideCharToMultiByte	0x8a9df8
WaitForSingleObject	0x8a9e00
WaitForMultipleObjectsEx	0x8a9e08
VirtualQueryEx	0x8a9e10
VirtualQuery	0x8a9e18
VirtualProtect	0x8a9e20
VirtualFree	0x8a9e28
VirtualAlloc	0x8a9e30
VerSetConditionMask	0x8a9e38
VerifyVersionInfoW	0x8a9e40
TryEnterCriticalSection	0x8a9e48
SwitchToThread	0x8a9e50
SuspendThread	0x8a9e58
Sleep	0x8a9e60
SizeofResource	0x8a9e68
SetThreadPriority	0x8a9e70
SetThreadLocale	0x8a9e78
SetLastError	0x8a9e80
SetFilePointer	0x8a9e88
SetEvent	0x8a9e90
SetErrorMode	0x8a9e98
SetEndOfFile	0x8a9ea0
ResumeThread	0x8a9ea8
ResetEvent	0x8a9eb0
ReadFile	0x8a9eb8
RaiseException	0x8a9ec0
QueryPerformanceFrequency	0x8a9ec8
QueryPerformanceCounter	0x8a9ed0
IsDebuggerPresent	0x8a9ed8
MulDiv	0x8a9ee0
LockResource	0x8a9ee8
LocalFree	0x8a9ef0
LoadResource	0x8a9ef8
LoadLibraryW	0x8a9f00
LeaveCriticalSection	0x8a9f08
LCMapStringW	0x8a9f10
IsValidLocale	0x8a9f18
InitializeCriticalSection	0x8a9f20
HeapSize	0x8a9f28
HeapFree	0x8a9f30
HeapDestroy	0x8a9f38
HeapCreate	0x8a9f40
HeapAlloc	0x8a9f48
GlobalUnlock	0x8a9f50
GlobalLock	0x8a9f58
GlobalFree	0x8a9f60
GlobalFindAtomW	0x8a9f68
GlobalDeleteAtom	0x8a9f70
GlobalAlloc	0x8a9f78
GlobalAddAtomW	0x8a9f80
GetVersionExW	0x8a9f88
GetVersion	0x8a9f90
GetTimeZoneInformation	0x8a9f98
GetTickCount	0x8a9fa0
GetThreadPriority	0x8a9fa8
GetThreadLocale	0x8a9fb0
GetStdHandle	0x8a9fb8
GetProcAddress	0x8a9fc0
GetModuleHandleW	0x8a9fc8
GetModuleFileNameW	0x8a9fd0
GetLocaleInfoW	0x8a9fd8
GetLocalTime	0x8a9fe0
GetLastError	0x8a9fe8
GetFullPathNameW	0x8a9ff0
GetFileSize	0x8a9ff8
GetFileAttributesW	0x8aa000
GetExitCodeThread	0x8aa008
GetDiskFreeSpaceW	0x8aa010
GetDateFormatW	0x8aa018
GetCurrentThreadId	0x8aa020
GetCurrentThread	0x8aa028
GetCurrentProcessId	0x8aa030
GetCurrentProcess	0x8aa038
GetCPInfoExW	0x8aa040
GetCPInfo	0x8aa048
GetACP	0x8aa050
FreeResource	0x8aa058
FreeLibrary	0x8aa060
FormatMessageW	0x8aa068
FindResourceW	0x8aa070
FindFirstFileW	0x8aa078
FindClose	0x8aa080
EnumSystemLocalesW	0x8aa088
EnumResourceNamesW	0x8aa090
EnumCalendarInfoW	0x8aa098
EnterCriticalSection	0x8aa0a0
DeleteCriticalSection	0x8aa0a8
CreateThread	0x8aa0b0
CreateFileW	0x8aa0b8
CreateEventW	0x8aa0c0
CompareStringW	0x8aa0c8
CloseHandle	0x8aa0d0
Sleep	0x8aa170

Function	Address	Souspicious	Anti Debug
SysFreeString	0x8a92c0
SysReAllocStringLen	0x8a92c8
SysAllocStringLen	0x8a92d0
SafeArrayGetElemsize	0x8aa180
SafeArrayPtrOfIndex	0x8aa188
SafeArrayPutElement	0x8aa190
SafeArrayGetElement	0x8aa198
SafeArrayUnaccessData	0x8aa1a0
SafeArrayAccessData	0x8aa1a8
SafeArrayGetUBound	0x8aa1b0
SafeArrayGetLBound	0x8aa1b8
SafeArrayCreate	0x8aa1c0
VariantChangeType	0x8aa1c8
VariantCopyInd	0x8aa1d0
VariantCopy	0x8aa1d8
VariantClear	0x8aa1e0
VariantInit	0x8aa1e8
GetErrorInfo	0x8aa1f8
SysFreeString	0x8aa200

Function	Address	Souspicious	Anti Debug
RegQueryValueExW	0x8a92e0
RegOpenKeyExW	0x8a92e8
RegCloseKey	0x8a92f0
RegUnLoadKeyW	0x8aa0e0
RegSetValueExW	0x8aa0e8
RegSaveKeyW	0x8aa0f0
RegRestoreKeyW	0x8aa0f8
RegReplaceKeyW	0x8aa100
RegQueryValueExW	0x8aa108
RegQueryInfoKeyW	0x8aa110
RegOpenKeyExW	0x8aa118
RegLoadKeyW	0x8aa120
RegFlushKey	0x8aa128
RegEnumValueW	0x8aa130
RegEnumKeyExW	0x8aa138
RegDeleteValueW	0x8aa140
RegDeleteKeyW	0x8aa148
RegCreateKeyExW	0x8aa150
RegConnectRegistryW	0x8aa158
RegCloseKey	0x8aa160

Function	Address	Souspicious	Anti Debug
OleUninitialize	0x8aa210
OleInitialize	0x8aa218
CoTaskMemFree	0x8aa220
CoTaskMemAlloc	0x8aa228
CoCreateInstance	0x8aa230
CoUninitialize	0x8aa238
CoInitialize	0x8aa240
IsEqualGUID	0x8aa248

Function	Address	Souspicious	Anti Debug
CharNextW	0x8a9300
LoadStringW	0x8a9308
SetClassLongPtrW	0x8a9520
GetClassLongPtrW	0x8a9528
SetWindowLongPtrW	0x8a9530
GetWindowLongPtrW	0x8a9538
CreateWindowExW	0x8a9540
WindowFromPoint	0x8a9548
WaitMessage	0x8a9550
UpdateWindow	0x8a9558
UnregisterClassW	0x8a9560
UnhookWindowsHookEx	0x8a9568
TranslateMessage	0x8a9570
TranslateMDISysAccel	0x8a9578
TrackPopupMenu	0x8a9580
SystemParametersInfoW	0x8a9588
ShowWindow	0x8a9590
ShowScrollBar	0x8a9598
ShowOwnedPopups	0x8a95a0
ShowCaret	0x8a95a8
SetWindowRgn	0x8a95b0
SetWindowsHookExW	0x8a95b8
SetWindowTextW	0x8a95c0
SetWindowPos	0x8a95c8
SetWindowPlacement	0x8a95d0
SetTimer	0x8a95d8
SetScrollRange	0x8a95e0
SetScrollPos	0x8a95e8
SetScrollInfo	0x8a95f0
SetRect	0x8a95f8
SetPropW	0x8a9600
SetParent	0x8a9608
SetMenuItemInfoW	0x8a9610
SetMenu	0x8a9618
SetForegroundWindow	0x8a9620
SetFocus	0x8a9628
SetCursorPos	0x8a9630
SetCursor	0x8a9638
SetClipboardData	0x8a9640
SetCapture	0x8a9648
SetActiveWindow	0x8a9650
SendMessageA	0x8a9658
SendMessageW	0x8a9660
ScrollWindow	0x8a9668
ScreenToClient	0x8a9670
RemovePropW	0x8a9678
RemoveMenu	0x8a9680
ReleaseDC	0x8a9688
ReleaseCapture	0x8a9690
RegisterWindowMessageW	0x8a9698
RegisterClipboardFormatW	0x8a96a0
RegisterClassW	0x8a96a8
RedrawWindow	0x8a96b0
PostQuitMessage	0x8a96b8
PostMessageW	0x8a96c0
PeekMessageA	0x8a96c8
PeekMessageW	0x8a96d0
OpenClipboard	0x8a96d8
MsgWaitForMultipleObjectsEx	0x8a96e0
MsgWaitForMultipleObjects	0x8a96e8
MessageBoxW	0x8a96f0
MessageBeep	0x8a96f8
MapWindowPoints	0x8a9700
MapVirtualKeyW	0x8a9708
LoadStringW	0x8a9710
LoadKeyboardLayoutW	0x8a9718
LoadIconW	0x8a9720
LoadCursorW	0x8a9728
LoadBitmapW	0x8a9730
KillTimer	0x8a9738
IsZoomed	0x8a9740
IsWindowVisible	0x8a9748
IsWindowUnicode	0x8a9750
IsWindowEnabled	0x8a9758
IsWindow	0x8a9760
IsIconic	0x8a9768
IsDialogMessageA	0x8a9770
IsDialogMessageW	0x8a9778
IsChild	0x8a9780
InvalidateRect	0x8a9788
InsertMenuItemW	0x8a9790
InsertMenuW	0x8a9798
HideCaret	0x8a97a0
GetWindowThreadProcessId	0x8a97a8
GetWindowTextW	0x8a97b0
GetWindowRect	0x8a97b8
GetWindowPlacement	0x8a97c0
GetWindowDC	0x8a97c8
GetTopWindow	0x8a97d0
GetSystemMetrics	0x8a97d8
GetSystemMenu	0x8a97e0
GetSysColorBrush	0x8a97e8
GetSysColor	0x8a97f0
GetSubMenu	0x8a97f8
GetScrollRange	0x8a9800
GetScrollPos	0x8a9808
GetScrollInfo	0x8a9810
GetScrollBarInfo	0x8a9818
GetPropW	0x8a9820
GetParent	0x8a9828
GetWindow	0x8a9830
GetMessagePos	0x8a9838
GetMessageExtraInfo	0x8a9840
GetMenuStringW	0x8a9848
GetMenuState	0x8a9850
GetMenuItemInfoW	0x8a9858
GetMenuItemID	0x8a9860
GetMenuItemCount	0x8a9868
GetMenu	0x8a9870
GetLastActivePopup	0x8a9878
GetKeyboardState	0x8a9880
GetKeyboardLayoutNameW	0x8a9888
GetKeyboardLayoutList	0x8a9890
GetKeyboardLayout	0x8a9898
GetKeyState	0x8a98a0
GetKeyNameTextW	0x8a98a8
GetIconInfo	0x8a98b0
GetForegroundWindow	0x8a98b8
GetFocus	0x8a98c0
GetDlgCtrlID	0x8a98c8
GetDesktopWindow	0x8a98d0
GetDCEx	0x8a98d8
GetDC	0x8a98e0
GetCursorPos	0x8a98e8
GetCursor	0x8a98f0
GetClipboardData	0x8a98f8
GetClientRect	0x8a9900
GetClassNameW	0x8a9908
GetClassInfoExW	0x8a9910
GetClassInfoW	0x8a9918
GetCapture	0x8a9920
GetActiveWindow	0x8a9928
FrameRect	0x8a9930
FindWindowExW	0x8a9938
FindWindowW	0x8a9940
FillRect	0x8a9948
EnumWindows	0x8a9950
EnumThreadWindows	0x8a9958
EnumChildWindows	0x8a9960
EndPaint	0x8a9968
EndMenu	0x8a9970
EnableWindow	0x8a9978
EnableScrollBar	0x8a9980
EnableMenuItem	0x8a9988
EmptyClipboard	0x8a9990
DrawTextExW	0x8a9998
DrawTextW	0x8a99a0
DrawMenuBar	0x8a99a8
DrawIconEx	0x8a99b0
DrawIcon	0x8a99b8
DrawFrameControl	0x8a99c0
DrawFocusRect	0x8a99c8
DrawEdge	0x8a99d0
DispatchMessageA	0x8a99d8
DispatchMessageW	0x8a99e0
DestroyWindow	0x8a99e8
DestroyMenu	0x8a99f0
DestroyIcon	0x8a99f8
DestroyCursor	0x8a9a00
DeleteMenu	0x8a9a08
DefWindowProcW	0x8a9a10
DefMDIChildProcW	0x8a9a18
DefFrameProcW	0x8a9a20
CreatePopupMenu	0x8a9a28
CreateMenu	0x8a9a30
CreateIcon	0x8a9a38
CreateAcceleratorTableW	0x8a9a40
CopyImage	0x8a9a48
CopyIcon	0x8a9a50
CloseClipboard	0x8a9a58
ClientToScreen	0x8a9a60
CheckMenuItem	0x8a9a68
CharUpperBuffW	0x8a9a70
CharUpperW	0x8a9a78
CharNextW	0x8a9a80
CharLowerBuffW	0x8a9a88
CharLowerW	0x8a9a90
CallWindowProcW	0x8a9a98
CallNextHookEx	0x8a9aa0
BeginPaint	0x8a9aa8
AdjustWindowRectEx	0x8a9ab0
ActivateKeyboardLayout	0x8a9ab8
EnumDisplayMonitors	0x8aa378
GetMonitorInfoW	0x8aa380
MonitorFromPoint	0x8aa388
MonitorFromRect	0x8aa390
MonitorFromWindow	0x8aa398

Function	Address	Souspicious	Anti Debug
InitializeFlatSB	0x8aa258
FlatSB_SetScrollProp	0x8aa260
FlatSB_SetScrollPos	0x8aa268
FlatSB_SetScrollInfo	0x8aa270
FlatSB_GetScrollPos	0x8aa278
FlatSB_GetScrollInfo	0x8aa280
_TrackMouseEvent	0x8aa288
ImageList_GetImageInfo	0x8aa290
ImageList_SetIconSize	0x8aa298
ImageList_GetIconSize	0x8aa2a0
ImageList_Write	0x8aa2a8
ImageList_Read	0x8aa2b0
ImageList_GetDragImage	0x8aa2b8
ImageList_DragShowNolock	0x8aa2c0
ImageList_DragMove	0x8aa2c8
ImageList_DragLeave	0x8aa2d0
ImageList_DragEnter	0x8aa2d8
ImageList_EndDrag	0x8aa2e0
ImageList_BeginDrag	0x8aa2e8
ImageList_Copy	0x8aa2f0
ImageList_LoadImageW	0x8aa2f8
ImageList_GetIcon	0x8aa300
ImageList_Remove	0x8aa308
ImageList_DrawEx	0x8aa310
ImageList_Replace	0x8aa318
ImageList_Draw	0x8aa320
ImageList_SetOverlayImage	0x8aa328
ImageList_GetBkColor	0x8aa330
ImageList_SetBkColor	0x8aa338
ImageList_ReplaceIcon	0x8aa340
ImageList_Add	0x8aa348
ImageList_SetImageCount	0x8aa350
ImageList_GetImageCount	0x8aa358
ImageList_Destroy	0x8aa360
ImageList_Create	0x8aa368

PE Exports 3 suspicious

Function	Address
TMethodImplementationIntercept	0x4991b0
__dbk_fcall_wrapper	0x417300
dbkFCallWrapperAddr	0x8a1f58