AA_v3.exe

First submission 2024-10-16 17:48:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	776.0 KB (794624 bytes)
Compile time:	2019-01-22 20:46:05
MD5:	4d4c220362f24e0ba72797572e447795
SHA1:	9f902124218892aa5d61594fe7a9d524a7e7cc08
SHA256:	bc483e6acdf276b57bb87317962c0091bb1421e61fa3306490b5858eabc61320
Import Hash :	53059d798e2a15316406229bd2ddc5b6
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	49/75 VT report date: 2020-11-18 12:07:31

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://www.netsolution.it/Download/AA_v3.exe	www.netsolution.it	2024-10-16 17:48:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x847fa	544768	04f3c4a535f241a38430a57b03998668ad5be933	1a95113eef70f961dac916f7d90ec1e3
.rdata	0x86000	0x192da	106496	9c896bf4431147b8e81e445f092c0c6ab4b66bf4	0d50d5ed9ea4c1221069c971b71a77a7
.data	0xa0000	0x1abd8	81920	fbe2bf04002dd658f816fed6478f8c410676e707	b32ac2d965c11b650ff12c3423c9cf4b
.rsrc	0xbb000	0xda00	57344	f0e882c671d10c8c9d6517840ab140a59361e326	9052f2e3b2734bcdb28aa7a5297fb10f

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb9f8	44
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbbc8c	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbedac	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc3da8	9640	PE Resource: RT_ICON - Data (0` !"!! "_!""!!!!!"!!t!5!"!!""!"!!n!"!!"!"""""!"""!!!5"!!!""$!""!"""""""""""""!"!""!C!"!""!"!!o!!!"!"""""""""""""""!"""!"+"""!!"6""!"!""""""""""""""""""""!!!"^" "!""!U"!!""""""""""""""""""""""""!!"""!"!""d"!"""""""""""""""""""""""""""!!!!""!!!d!"!"""""""""""""""""""""""""""""!!""!"""S!""""""""""""""""""""""""""""""""!!""! "!1""!"""""""""""""""""""""""""""""""""!!!k!!!!"!""""""""""""""""""""""""""""""""""!!"!7!!!""h"!""""""""""""""""""""""""""""""""""""!"!"!!""""""""""""""""""""""""""""""""""""""""!!!Z"!"!!"""""""""""""""""""""""""""""""""""""""!!! """"!!"""""""""""""""""""""""""""!!!!!!!!!!!!!!!R!!"\"!"" "" !"!!"!"" """!""""""!!!"" -gT /eJ#!#pO#!"c\|d!+gn"!%]X"######!"!""<@~&%%!# 4#)4!""""""b"G!"""?C&%%!# 5$ 6!######!""""?B&%%!#"6%",7#$$$$$"!!"""?B&%%!$#7($-8%&&&%%"!""""?B&%%"$%9+'1;')((''!!""""?B&%&"$(=1-6>+-++*#"""""?B&%&"% ,A73<C010//.%!""""!#,1!B&%&#&#0F@;EK776532'""""""!!!!"B&%&#&&4JJENS@?=;:8!""""""""""3zW$%&#&)7OROX[IIFDB@-"!"""""""""" ! %&#'9QXVadSROMJH3!"""""""""""""""" %%#&(8P]\gm]\YVSP="G""""""""""""""""!"%%#"#&&6O]^jseeb_\YS"!""""""""""""""""! """%%2KZ[iwjjhfd`^b"!!""""""""""""""""""!""$ei(/FSVexlmmkifd""\!!"""""""""""""""""!"""+CLN^vkmnnmk!""!!"""""""""""""""""!###$%')8DGVqfklmmmRm!!"""""""""""""""""""!"#"#$%(.38<@Nk`ehjkl o"!""""""""""""""""""""!#"#$$&()+069EaY_bdhZe!!"h"!"""""""""""""""""!"###$$&(-14;_yeQRV[^]!!"""""""""""""""""""!"#"#$$&',0335<DJNRW7Re"!1!"!""""""""""""""""!!"#"#$$&'),.259=BFKk3[!!"S"!"""""""""""""""""!"#"##$$&')+.147;@@ "!!d"!!"""""""""""""""!""#"##$$%'(-0269J!!""d!!""""""""""""""""!!"#"##$$%&(,.1>!"!"U"!!"""""""""""""""!!"#"##$$%&'),5!!""6!!""!"""""""""""""!!"#""#$$%&^( .!!!!!o!"!"!""""""""""""!!"#""#$$+(*!!"$!!"!"""""""""""""!!"#"#C$#'""""!n!"!""""!!""!"""!""5$"$""!" "_!"!"""!!"!!t"5"!!""??
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc6350	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc838c	156
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc8450	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc8464	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc8494	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.88InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.8 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc8774	637	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Maxim" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>blabla</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc89f4	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.8
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.8
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
settings.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Data
%u-%u-%u-%u.dat
Library
W\winsta.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WTSAPI32.dll
MSVCRT.dll
USER32.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
WININET.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 4

http://www.ammyy.com/?lang=
http://www.ammyy.com/
http://rl.ammyy.com
http://www.ammyy.com

Import functions

SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 40 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 99 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 161 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x486554

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4860a0
ImageList_Create	0x4860a4
ImageList_Draw	0x4860a8
ImageList_Destroy	0x4860ac
None	0x4860b0
ImageList_GetIconSize	0x4860b4
ImageList_ReplaceIcon	0x4860b8
ImageList_Add	0x4860bc
ImageList_Duplicate	0x4860c0
_TrackMouseEvent	0x4860c4
CreatePropertySheetPageW	0x4860c8
PropertySheetW	0x4860cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4868a0
GetSaveFileNameW	0x4868a4

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4868ac

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x48680c
HttpQueryInfoA	0x486810
InternetConnectA	0x486814
InternetSetOptionA	0x486818
InternetCloseHandle	0x48681c
InternetReadFile	0x486820
InternetOpenA	0x486824
HttpOpenRequestA	0x486828

Function	Address	Souspicious	Anti Debug
GetDIBits	0x4860e8
CreateCompatibleBitmap	0x4860ec
RealizePalette	0x4860f0
SelectPalette	0x4860f4
CreatePalette	0x4860f8
GetSystemPaletteEntries	0x4860fc
GdiFlush	0x486100
CombineRgn	0x486104
GetRegionData	0x486108
SetStretchBltMode	0x48610c
DeleteDC	0x486110
SelectObject	0x486114
CreateCompatibleDC	0x486118
BitBlt	0x48611c
SetBkMode	0x486120
CreateFontIndirectA	0x486124
DPtoLP	0x486128
GetDeviceCaps	0x48612c
CreateFontA	0x486130
CreateSolidBrush	0x486134
StretchBlt	0x486138
CreateRectRgn	0x48613c
ExtTextOutA	0x486140
GetBitmapBits	0x486144
GetObjectA	0x486148
CreateDIBSection	0x48614c
SetBitmapBits	0x486150
CreateRectRgnIndirect	0x486154
SelectClipRgn	0x486158
TextOutW	0x48615c
CreatePatternBrush	0x486160
SetTextAlign	0x486164
SetBrushOrgEx	0x486168
ExtTextOutW	0x48616c
SetTextColor	0x486170
SetBkColor	0x486174
CreateDIBitmap	0x486178
GetTextExtentPoint32W	0x48617c
DeleteObject	0x486180
GetStockObject	0x486184

Function	Address	Souspicious	Anti Debug
ConvertSidToStringSidA	0x486000
GetTokenInformation	0x486004
OpenProcessToken	0x486008
RegCloseKey	0x48600c
RegQueryValueExA	0x486010
RegOpenKeyExA	0x486014
FreeSid	0x486018
SetFileSecurityW	0x48601c
SetSecurityDescriptorDacl	0x486020
InitializeSecurityDescriptor	0x486024
AllocateAndInitializeSid	0x486028
ImpersonateLoggedOnUser	0x48602c
RevertToSelf	0x486030
GetUserNameA	0x486034
StartServiceCtrlDispatcherW	0x486038
RegisterServiceCtrlHandlerExA	0x48603c
SetServiceStatus	0x486040
SetTokenInformation	0x486044
DuplicateTokenEx	0x486048
CreateProcessAsUserW	0x48604c
QueryServiceStatus	0x486050
CloseServiceHandle	0x486054
OpenServiceA	0x486058
OpenSCManagerA	0x48605c
CreateServiceW	0x486060
DeleteService	0x486064
ControlService	0x486068
StartServiceA	0x48606c
StartServiceW	0x486070
RegCreateKeyExA	0x486074
RegQueryValueExW	0x486078
RegSetValueExW	0x48607c
RegSetValueExA	0x486080
RegDeleteKeyA	0x486084
RegDeleteValueW	0x486088
RegCreateKeyExW	0x48608c
RegEnumKeyExW	0x486090
RegOpenKeyExW	0x486094
SetEntriesInAclA	0x486098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48618c
LoadResource	0x486190
LockResource	0x486194
GetLocalTime	0x486198
TryEnterCriticalSection	0x48619c
LeaveCriticalSection	0x4861a0
EnterCriticalSection	0x4861a4
DeleteCriticalSection	0x4861a8
InitializeCriticalSection	0x4861ac
SetFileTime	0x4861b0
GetFileTime	0x4861b4
OpenMutexA	0x4861b8
CreateMutexA	0x4861bc
ResetEvent	0x4861c0
SetEvent	0x4861c4
FindResourceExA	0x4861c8
CreateEventA	0x4861cc
ExitProcess	0x4861d0
SetUnhandledExceptionFilter	0x4861d4
GetSystemDirectoryA	0x4861d8
CompareFileTime	0x4861dc
GetSystemTimeAsFileTime	0x4861e0
GetSystemDirectoryW	0x4861e4
lstrcatW	0x4861e8
LoadLibraryW	0x4861ec
WaitNamedPipeW	0x4861f0
FileTimeToSystemTime	0x4861f4
SetLastError	0x4861f8
GetExitCodeProcess	0x4861fc
WaitForSingleObject	0x486200
BeginUpdateResourceW	0x486204
EndUpdateResourceW	0x486208
UpdateResourceA	0x48620c
CreateThread	0x486210
OpenProcess	0x486214
CreateToolhelp32Snapshot	0x486218
Process32First	0x48621c
Process32Next	0x486220
LoadLibraryA	0x486224
FreeLibrary	0x486228
GetFileSize	0x48622c
SetFilePointer	0x486230
WriteFile	0x486234
GetFileAttributesW	0x486238
lstrcmpiW	0x48623c
lstrcmpW	0x486240
MulDiv	0x486244
FormatMessageW	0x486248
MultiByteToWideChar	0x48624c
WideCharToMultiByte	0x486250
GetModuleFileNameW	0x486254
GetComputerNameA	0x486258
LocalAlloc	0x48625c
GetExitCodeThread	0x486260
SystemTimeToFileTime	0x486264
MoveFileW	0x486268
DeleteFileW	0x48626c
GetTempPathW	0x486270
CreateFileW	0x486274
FindFirstFileW	0x486278
FindClose	0x48627c
CreateFileA	0x486280
DeviceIoControl	0x486284
GetUserDefaultUILanguage	0x486288
GetLocaleInfoA	0x48628c
CreateDirectoryW	0x486290
SetCurrentDirectoryW	0x486294
GetStartupInfoW	0x486298
CreateProcessW	0x48629c
GetModuleHandleA	0x4862a0
GetProcAddress	0x4862a4
SetProcessShutdownParameters	0x4862a8
GetVersionExA	0x4862ac
GetCurrentProcess	0x4862b0
GetLastError	0x4862b4
CloseHandle	0x4862b8
LocalFree	0x4862bc
GetCurrentThreadId	0x4862c0
GetCurrentProcessId	0x4862c4
Sleep	0x4862c8
GetTickCount	0x4862cc
QueryPerformanceFrequency	0x4862d0
QueryPerformanceCounter	0x4862d4
InterlockedIncrement	0x4862d8
InterlockedDecrement	0x4862dc
lstrlenA	0x4862e0
lstrlenW	0x4862e4
TerminateProcess	0x4862e8
GlobalUnlock	0x4862ec
GlobalLock	0x4862f0
SystemTimeToTzSpecificLocalTime	0x4862f4
GetFileSizeEx	0x4862f8
SetEndOfFile	0x4862fc
SetFilePointerEx	0x486300
GlobalAlloc	0x486304
GetDriveTypeW	0x486308
RemoveDirectoryW	0x48630c
FindNextFileW	0x486310
SetFileAttributesW	0x486314
GetLogicalDrives	0x486318
ProcessIdToSessionId	0x48631c
SleepEx	0x486320
CreateDirectoryA	0x486324
DeleteFileA	0x486328
GlobalFree	0x48632c
IsBadReadPtr	0x486330
lstrcmpA	0x486334
LocalFileTimeToFileTime	0x486338
ReadFile	0x48633c
lstrcpyA	0x486340
GetCurrentDirectoryA	0x486344
FindResourceA	0x486348
DuplicateHandle	0x48634c
CreateSemaphoreA	0x486350
SetThreadPriority	0x486354
TlsSetValue	0x486358
GetCurrentThread	0x48635c
TlsAlloc	0x486360
ResumeThread	0x486364
TlsGetValue	0x486368
InterlockedExchange	0x48636c
GetStartupInfoA	0x486370
OpenEventA	0x486374

Function	Address	Souspicious	Anti Debug
_strnicmp	0x48637c
_strupr	0x486380
_strlwr	0x486384
_wcsicmp	0x486388
strcat	0x48638c
_controlfp	0x486390
_iob	0x486394
__set_app_type	0x486398
__p__fmode	0x48639c
__p__commode	0x4863a0
_adjust_fdiv	0x4863a4
__CxxFrameHandler	0x4863a8
strlen	0x4863ac
isspace	0x4863b0
memchr	0x4863b4
_errno	0x4863b8
strtol	0x4863bc
isdigit	0x4863c0
strstr	0x4863c4
memcpy	0x4863c8
??2@YAPAXI@Z	0x4863cc
_purecall	0x4863d0
free	0x4863d4
memset	0x4863d8
malloc	0x4863dc
sprintf	0x4863e0
printf	0x4863e4
fwrite	0x4863e8
srand	0x4863ec
time	0x4863f0
_CxxThrowException	0x4863f4
rand	0x4863f8
atol	0x4863fc
_stricmp	0x486400
isprint	0x486404
tolower	0x486408
strncpy	0x48640c
wcslen	0x486410
atoi	0x486414
abs	0x486418
wcscpy	0x48641c
strcmp	0x486420
strcpy	0x486424
memcmp	0x486428
iswspace	0x48642c
wcsncmp	0x486430
_wtoi	0x486434
_ultow	0x486438
wcschr	0x48643c
strchr	0x486440
swprintf	0x486444
_ftol	0x486448
_stat	0x48644c
strtoul	0x486450
calloc	0x486454
_rotl	0x486458
_rotr	0x48645c
fopen	0x486460
fread	0x486464
fclose	0x486468
fseek	0x48646c
ftell	0x486470
fflush	0x486474
wcsncpy	0x486478
wcsrchr	0x48647c
vsprintf	0x486480
vswprintf	0x486484
memmove	0x486488
strrchr	0x48648c
strncmp	0x486490
mbstowcs	0x486494
wcscmp	0x486498
wcsstr	0x48649c
iswdigit	0x4864a0
_beginthreadex	0x4864a4
_endthreadex	0x4864a8
atof	0x4864ac
_i64tow	0x4864b0
wcscat	0x4864b4
realloc	0x4864b8
exit	0x4864bc
fprintf	0x4864c0
sscanf	0x4864c4
getenv	0x4864c8
floor	0x4864cc
fputc	0x4864d0
_CIpow	0x4864d4
_CIacos	0x4864d8
??1type_info@@UAE@XZ	0x4864dc
__dllonexit	0x4864e0
_onexit	0x4864e4
_except_handler3	0x4864e8
?terminate@@YAXXZ	0x4864ec
_exit	0x4864f0
_XcptFilter	0x4864f4
_acmdln	0x4864f8
__getmainargs	0x4864fc
_initterm	0x486500
__setusermatherr	0x486504

Function	Address	Souspicious	Anti Debug
FreeContextBuffer	0x48655c
QuerySecurityPackageInfoA	0x486560
FreeCredentialsHandle	0x486564
InitializeSecurityContextA	0x486568
CompleteAuthToken	0x48656c
AcquireCredentialsHandleA	0x486570

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x486524
ShellExecuteExW	0x486528
SHGetFileInfoW	0x48652c
SHGetFolderPathA	0x486530
SHGetFolderPathW	0x486534
Shell_NotifyIconA	0x486538
ShellExecuteA	0x48653c
SHGetPathFromIDListW	0x486540
ShellExecuteW	0x486544
SHGetSpecialFolderPathW	0x486548
SHGetMalloc	0x48654c

Function	Address	Souspicious	Anti Debug
None	0x4860d4
None	0x4860d8
None	0x4860dc
None	0x4860e0

Function	Address	Souspicious	Anti Debug
SetupDiGetDeviceRegistryPropertyA	0x48650c
SetupDiDestroyDeviceInfoList	0x486510
SetupDiGetClassDevsA	0x486514
SetupDiClassGuidsFromNameA	0x486518
SetupDiEnumDeviceInfo	0x48651c

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x486830
send	0x486834
recv	0x486838
select	0x48683c
WSAStartup	0x486840
getpeername	0x486844
getservbyport	0x486848
ntohs	0x48684c
gethostbyaddr	0x486850
gethostbyname	0x486854
inet_addr	0x486858
getservbyname	0x48685c
htonl	0x486860
inet_ntoa	0x486864
WSAIoctl	0x486868
connect	0x48686c
accept	0x486870
htons	0x486874
bind	0x486878
listen	0x48687c
socket	0x486880
__WSAFDIsSet	0x486884
shutdown	0x486888
setsockopt	0x48688c
ioctlsocket	0x486890
WSACleanup	0x486894
closesocket	0x486898

Function	Address	Souspicious	Anti Debug
FindWindowA	0x486578
OpenDesktopA	0x48657c
LoadIconA	0x486580
SystemParametersInfoW	0x486584
IntersectRect	0x486588
IsWindowVisible	0x48658c
GetIconInfo	0x486590
GetCursorInfo	0x486594
EqualRect	0x486598
OpenInputDesktop	0x48659c
CloseDesktop	0x4865a0
GetUserObjectInformationA	0x4865a4
GetThreadDesktop	0x4865a8
EmptyClipboard	0x4865ac
SetClipboardData	0x4865b0
RegisterClassExA	0x4865b4
GetDesktopWindow	0x4865b8
PeekMessageA	0x4865bc
MsgWaitForMultipleObjects	0x4865c0
mouse_event	0x4865c4
SendInput	0x4865c8
LockWorkStation	0x4865cc
SetThreadDesktop	0x4865d0
SetDlgItemTextA	0x4865d4
SetDlgItemInt	0x4865d8
CallNextHookEx	0x4865dc
SetWindowsHookExA	0x4865e0
UnhookWindowsHookEx	0x4865e4
DestroyAcceleratorTable	0x4865e8
TranslateAcceleratorA	0x4865ec
CreateAcceleratorTableA	0x4865f0
SetWindowTextA	0x4865f4
ReleaseCapture	0x4865f8
SendMessageTimeoutA	0x4865fc
SwitchToThisWindow	0x486600
SendMessageA	0x486604
FindWindowW	0x486608
MessageBoxA	0x48660c
ShowWindow	0x486610
wsprintfA	0x486614
SetCapture	0x486618
GetAsyncKeyState	0x48661c
RegisterClassExW	0x486620
DestroyCursor	0x486624
MessageBeep	0x486628
wsprintfW	0x48662c
SetCursorPos	0x486630
GetClipboardOwner	0x486634
OpenClipboard	0x486638
GetClipboardData	0x48663c
CloseClipboard	0x486640
ShowWindowAsync	0x486644
SetScrollInfo	0x486648
ReleaseDC	0x48664c
GetDC	0x486650
DestroyIcon	0x486654
DrawIconEx	0x486658
LoadImageA	0x48665c
EnableWindow	0x486660
SetDlgItemTextW	0x486664
DestroyWindow	0x486668
SetWindowPos	0x48666c
GetWindow	0x486670
WindowFromPoint	0x486674
SetClassLongW	0x486678
InsertMenuItemW	0x48667c
ChangeClipboardChain	0x486680
MapWindowPoints	0x486684
InsertMenuItemA	0x486688
EnumWindows	0x48668c
GetClassNameA	0x486690
GetWindowTextA	0x486694
KillTimer	0x486698
GetWindowLongW	0x48669c
PostMessageA	0x4866a0
DrawTextW	0x4866a4
SetRect	0x4866a8
ShowScrollBar	0x4866ac
IsIconic	0x4866b0
ScrollWindowEx	0x4866b4
AdjustWindowRectEx	0x4866b8
GetMenuState	0x4866bc
GetWindowPlacement	0x4866c0
SetWindowPlacement	0x4866c4
GetSysColorBrush	0x4866c8
AppendMenuW	0x4866cc
SetClipboardViewer	0x4866d0
DrawTextA	0x4866d4
EndDialog	0x4866d8
CreateDialogParamW	0x4866dc
DialogBoxParamA	0x4866e0
CallWindowProcW	0x4866e4
CallWindowProcA	0x4866e8
DefWindowProcA	0x4866ec
IsWindowUnicode	0x4866f0
GetSystemMenu	0x4866f4
RedrawWindow	0x4866f8
InvalidateRect	0x4866fc
ScreenToClient	0x486700
DrawStateA	0x486704
DrawEdge	0x486708
GetClientRect	0x48670c
CreateWindowExA	0x486710
IsWindow	0x486714
GetParent	0x486718
GetWindowLongA	0x48671c
GetForegroundWindow	0x486720
GetWindowThreadProcessId	0x486724
AttachThreadInput	0x486728
SetActiveWindow	0x48672c
SetCursor	0x486730
SetTimer	0x486734
PostThreadMessageA	0x486738
MoveWindow	0x48673c
BeginPaint	0x486740
EndPaint	0x486744
GetDlgItemInt	0x486748
SendDlgItemMessageA	0x48674c
MapDialogRect	0x486750
SetWindowLongA	0x486754
ClientToScreen	0x486758
LoadCursorA	0x48675c
RegisterClassW	0x486760
CreateWindowExW	0x486764
SetWindowLongW	0x486768
UpdateWindow	0x48676c
GetMessageA	0x486770
IsDialogMessageA	0x486774
TranslateMessage	0x486778
DispatchMessageA	0x48677c
SetWindowTextW	0x486780
SetMenu	0x486784
LoadMenuA	0x486788
GetMenuItemInfoA	0x48678c
SetMenuItemInfoA	0x486790
GetSubMenu	0x486794
SetMenuItemInfoW	0x486798
GetMenuItemID	0x48679c
EnableMenuItem	0x4867a0
GetMenuItemCount	0x4867a4
CheckMenuItem	0x4867a8
GetKeyState	0x4867ac
SetForegroundWindow	0x4867b0
SetFocus	0x4867b4
GetFocus	0x4867b8
PostQuitMessage	0x4867bc
DefWindowProcW	0x4867c0
CreatePopupMenu	0x4867c4
GetCursorPos	0x4867c8
TrackPopupMenu	0x4867cc
GetSysColor	0x4867d0
GetSystemMetrics	0x4867d4
GetMenuItemInfoW	0x4867d8
DrawMenuBar	0x4867dc
AppendMenuA	0x4867e0
DestroyMenu	0x4867e4
GetDlgItem	0x4867e8
MessageBoxW	0x4867ec
SendMessageW	0x4867f0
GetWindowRect	0x4867f4
SystemParametersInfoA	0x4867f8

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x486800
UnloadUserProfile	0x486804