AA_v3.5.exe

First submission 2024-10-18 06:15:05

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	751.49 KB (769528 bytes)
Compile time:	2015-05-19 00:21:18
MD5:	5686a7032e37087f0fd082a04f727aad
SHA1:	341fee5256dcc259a3a566ca8f0260eb1e60d730
SHA256:	43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153
Import Hash :	d8da858c6a3f16bedc0335a30faae74b
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	45/77 VT report date: 2024-10-16 18:38:36
Malware Type 3	hacktool pua trojan
Threat Type 3	ammyy ammyyadmin remadm

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://180.150.240.238/1111111/AA_v3.5.exe	180.150.240.238	2024-10-18 06:15:06

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x81cd6	532480	9769c41a80ce0cd0bdab0c4546b977d7c66191f9	6c1d1d6ff27fa91fd6ba26bee86639cc
.rdata	0x83000	0x17876	98304	19fa40b51f23a8c66ed85fd37a5df1551e7730ff	cefbb1b9f297a97c0c8bffde68176261
.data	0x9b000	0x1ad20	81920	16fa5e2fb5a59c2dea6dddf27e5415ed2fad916f	c7e3d8d8ab83ee6a3ac3d42305096470
.rsrc	0xb6000	0xa178	45056	62fed56a8687849ac4382a7ae0e595e0bf5a92cc	88871540d5f40346c0862dba1e09db1f

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbc3f0	1
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbdb98	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbd168	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb318	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb69d0	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb82f8	784
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbdcd0	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbc3c0	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbd618	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.58InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.5 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb8788	637	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Maxim" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>blabla</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb8778	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.5
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.5
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
c65a6b140099f935242b53d1958c1cfe	ba900e685535e3aa7bb50acf4d9ad955f393ff87	7672	761856

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
settings.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Library
W\winsta.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WTSAPI32.dll
MSVCRT.dll
USER32.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
WININET.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL
msvcp60.dll

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 17

http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ocsp.comodoca.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://secure.comodo.net/CPS0C
http://rl.ammyy.com
http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.thawte.com0
http://www.ammyy.com/
http://ocsp.usertrust.com0
http://www.ammyy.com
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ts-ocsp.ws.symantec.com07

Import functions

MSVCP60.dll 4 SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 40 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 99 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 164 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
??1Init@ios_base@std@@QAE@XZ	0x48337c
??0_Winit@std@@QAE@XZ	0x483380
??1_Winit@std@@QAE@XZ	0x483384
??0Init@ios_base@std@@QAE@XZ	0x483388

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x483568

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4830a0
ImageList_Create	0x4830a4
ImageList_Draw	0x4830a8
ImageList_Destroy	0x4830ac
None	0x4830b0
ImageList_GetIconSize	0x4830b4
ImageList_ReplaceIcon	0x4830b8
ImageList_Add	0x4830bc
ImageList_Duplicate	0x4830c0
_TrackMouseEvent	0x4830c4
CreatePropertySheetPageW	0x4830c8
PropertySheetW	0x4830cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4838c0
GetSaveFileNameW	0x4838c4

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4838cc

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x48382c
HttpQueryInfoA	0x483830
InternetConnectA	0x483834
InternetSetOptionA	0x483838
InternetCloseHandle	0x48383c
InternetReadFile	0x483840
InternetOpenA	0x483844
HttpOpenRequestA	0x483848

Function	Address	Souspicious	Anti Debug
GetDIBits	0x4830e8
CreateCompatibleBitmap	0x4830ec
RealizePalette	0x4830f0
SelectPalette	0x4830f4
CreatePalette	0x4830f8
GetSystemPaletteEntries	0x4830fc
GdiFlush	0x483100
CombineRgn	0x483104
GetRegionData	0x483108
SetStretchBltMode	0x48310c
CreateDIBitmap	0x483110
DeleteDC	0x483114
SelectObject	0x483118
CreateCompatibleDC	0x48311c
BitBlt	0x483120
SetBkMode	0x483124
CreateFontIndirectA	0x483128
DPtoLP	0x48312c
GetDeviceCaps	0x483130
CreateFontA	0x483134
StretchBlt	0x483138
CreateRectRgn	0x48313c
ExtTextOutA	0x483140
GetBitmapBits	0x483144
GetObjectA	0x483148
CreateDIBSection	0x48314c
SetBitmapBits	0x483150
CreateRectRgnIndirect	0x483154
SelectClipRgn	0x483158
TextOutW	0x48315c
CreatePatternBrush	0x483160
SetTextAlign	0x483164
SetBrushOrgEx	0x483168
ExtTextOutW	0x48316c
SetTextColor	0x483170
SetBkColor	0x483174
GetTextExtentPoint32W	0x483178
CreateSolidBrush	0x48317c
DeleteObject	0x483180
GetStockObject	0x483184

Function	Address	Souspicious	Anti Debug
RegOpenKeyExA	0x483000
FreeSid	0x483004
SetFileSecurityW	0x483008
SetSecurityDescriptorDacl	0x48300c
InitializeSecurityDescriptor	0x483010
ConvertSidToStringSidA	0x483014
GetTokenInformation	0x483018
OpenProcessToken	0x48301c
RegCloseKey	0x483020
RegQueryValueExA	0x483024
ImpersonateLoggedOnUser	0x483028
RevertToSelf	0x48302c
GetUserNameA	0x483030
StartServiceCtrlDispatcherW	0x483034
RegisterServiceCtrlHandlerExA	0x483038
SetServiceStatus	0x48303c
SetTokenInformation	0x483040
DuplicateTokenEx	0x483044
CreateProcessAsUserW	0x483048
QueryServiceStatus	0x48304c
CloseServiceHandle	0x483050
OpenServiceA	0x483054
OpenSCManagerA	0x483058
CreateServiceW	0x48305c
DeleteService	0x483060
ControlService	0x483064
StartServiceA	0x483068
StartServiceW	0x48306c
RegCreateKeyExA	0x483070
RegQueryValueExW	0x483074
RegSetValueExW	0x483078
RegSetValueExA	0x48307c
RegDeleteKeyA	0x483080
RegDeleteValueW	0x483084
RegCreateKeyExW	0x483088
RegEnumKeyExW	0x48308c
RegOpenKeyExW	0x483090
SetEntriesInAclA	0x483094
AllocateAndInitializeSid	0x483098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48318c
LoadResource	0x483190
LockResource	0x483194
GetLocalTime	0x483198
TryEnterCriticalSection	0x48319c
LeaveCriticalSection	0x4831a0
EnterCriticalSection	0x4831a4
DeleteCriticalSection	0x4831a8
InitializeCriticalSection	0x4831ac
SetFileTime	0x4831b0
GetFileTime	0x4831b4
OpenMutexA	0x4831b8
CreateMutexA	0x4831bc
ResetEvent	0x4831c0
FindResourceExA	0x4831c4
OpenEventA	0x4831c8
CreateEventA	0x4831cc
ExitProcess	0x4831d0
SetUnhandledExceptionFilter	0x4831d4
GetSystemDirectoryA	0x4831d8
CompareFileTime	0x4831dc
GetSystemTimeAsFileTime	0x4831e0
GetSystemDirectoryW	0x4831e4
lstrcatW	0x4831e8
LoadLibraryW	0x4831ec
QueryPerformanceFrequency	0x4831f0
ReadFile	0x4831f4
QueryPerformanceCounter	0x4831f8
GetExitCodeProcess	0x4831fc
BeginUpdateResourceW	0x483200
EndUpdateResourceW	0x483204
UpdateResourceA	0x483208
OpenProcess	0x48320c
CreateToolhelp32Snapshot	0x483210
Process32First	0x483214
Process32Next	0x483218
LoadLibraryA	0x48321c
FreeLibrary	0x483220
GetFileSize	0x483224
SetFilePointer	0x483228
WriteFile	0x48322c
WaitForSingleObject	0x483230
CreateThread	0x483234
GetFileAttributesW	0x483238
GetStartupInfoW	0x48323c
CreateProcessW	0x483240
lstrcmpiW	0x483244
lstrcmpW	0x483248
MulDiv	0x48324c
FormatMessageW	0x483250
MultiByteToWideChar	0x483254
WideCharToMultiByte	0x483258
GetModuleFileNameW	0x48325c
GetComputerNameA	0x483260
LocalAlloc	0x483264
GetExitCodeThread	0x483268
SystemTimeToFileTime	0x48326c
MoveFileW	0x483270
DeleteFileW	0x483274
GetTempPathW	0x483278
CreateFileW	0x48327c
FindFirstFileW	0x483280
FindClose	0x483284
CreateFileA	0x483288
DeviceIoControl	0x48328c
GetUserDefaultUILanguage	0x483290
GetModuleHandleA	0x483294
GetProcAddress	0x483298
GetLocaleInfoA	0x48329c
CreateDirectoryW	0x4832a0
SetCurrentDirectoryW	0x4832a4
SetProcessShutdownParameters	0x4832a8
GetVersionExA	0x4832ac
GetCurrentProcess	0x4832b0
GetLastError	0x4832b4
CloseHandle	0x4832b8
LocalFree	0x4832bc
GetCurrentThreadId	0x4832c0
GetCurrentProcessId	0x4832c4
Sleep	0x4832c8
GetTickCount	0x4832cc
InterlockedIncrement	0x4832d0
InterlockedDecrement	0x4832d4
lstrlenA	0x4832d8
lstrlenW	0x4832dc
TerminateProcess	0x4832e0
GlobalUnlock	0x4832e4
GlobalLock	0x4832e8
SystemTimeToTzSpecificLocalTime	0x4832ec
FileTimeToSystemTime	0x4832f0
GetFileSizeEx	0x4832f4
SetEndOfFile	0x4832f8
SetFilePointerEx	0x4832fc
GlobalAlloc	0x483300
GetDriveTypeW	0x483304
RemoveDirectoryW	0x483308
FindNextFileW	0x48330c
SetFileAttributesW	0x483310
GetLogicalDrives	0x483314
ProcessIdToSessionId	0x483318
SleepEx	0x48331c
CreateDirectoryA	0x483320
DeleteFileA	0x483324
GlobalFree	0x483328
IsBadReadPtr	0x48332c
lstrcmpA	0x483330
LocalFileTimeToFileTime	0x483334
WaitNamedPipeW	0x483338
lstrcpyA	0x48333c
GetCurrentDirectoryA	0x483340
FindResourceA	0x483344
DuplicateHandle	0x483348
CreateSemaphoreA	0x48334c
SetThreadPriority	0x483350
TlsSetValue	0x483354
GetCurrentThread	0x483358
TlsAlloc	0x48335c
ResumeThread	0x483360
TlsGetValue	0x483364
InterlockedExchange	0x483368
GetStartupInfoA	0x48336c
SetEvent	0x483370
SetLastError	0x483374

Function	Address	Souspicious	Anti Debug
_strnicmp	0x483390
_strupr	0x483394
_strlwr	0x483398
_controlfp	0x48339c
_iob	0x4833a0
__set_app_type	0x4833a4
__p__fmode	0x4833a8
__p__commode	0x4833ac
_adjust_fdiv	0x4833b0
__setusermatherr	0x4833b4
_initterm	0x4833b8
_wcsicmp	0x4833bc
strchr	0x4833c0
__CxxFrameHandler	0x4833c4
strlen	0x4833c8
isspace	0x4833cc
memchr	0x4833d0
_errno	0x4833d4
strtol	0x4833d8
isdigit	0x4833dc
strstr	0x4833e0
memcpy	0x4833e4
??2@YAPAXI@Z	0x4833e8
_purecall	0x4833ec
free	0x4833f0
memset	0x4833f4
malloc	0x4833f8
sprintf	0x4833fc
printf	0x483400
fwrite	0x483404
srand	0x483408
time	0x48340c
_CxxThrowException	0x483410
rand	0x483414
atol	0x483418
_stricmp	0x48341c
isprint	0x483420
tolower	0x483424
strncpy	0x483428
atoi	0x48342c
abs	0x483430
wcscpy	0x483434
strcmp	0x483438
strcpy	0x48343c
wcslen	0x483440
memcmp	0x483444
iswspace	0x483448
wcsncmp	0x48344c
_wtoi	0x483450
_ultow	0x483454
wcschr	0x483458
_stat	0x48345c
_ftol	0x483460
swprintf	0x483464
strcat	0x483468
strtoul	0x48346c
calloc	0x483470
_rotl	0x483474
_rotr	0x483478
fopen	0x48347c
fread	0x483480
fclose	0x483484
fseek	0x483488
ftell	0x48348c
fflush	0x483490
wcsncpy	0x483494
wcsrchr	0x483498
vsprintf	0x48349c
vswprintf	0x4834a0
memmove	0x4834a4
strrchr	0x4834a8
strncmp	0x4834ac
mbstowcs	0x4834b0
wcscmp	0x4834b4
wcsstr	0x4834b8
iswdigit	0x4834bc
_beginthreadex	0x4834c0
_endthreadex	0x4834c4
atof	0x4834c8
_i64tow	0x4834cc
wcscat	0x4834d0
realloc	0x4834d4
exit	0x4834d8
fprintf	0x4834dc
sscanf	0x4834e0
getenv	0x4834e4
floor	0x4834e8
fputc	0x4834ec
_CIpow	0x4834f0
_CIacos	0x4834f4
??1type_info@@UAE@XZ	0x4834f8
__dllonexit	0x4834fc
_onexit	0x483500
_except_handler3	0x483504
?terminate@@YAXXZ	0x483508
_exit	0x48350c
_XcptFilter	0x483510
_acmdln	0x483514
__getmainargs	0x483518

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x483570
FreeContextBuffer	0x483574
AcquireCredentialsHandleA	0x483578
InitializeSecurityContextA	0x48357c
CompleteAuthToken	0x483580
QuerySecurityPackageInfoA	0x483584

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x483538
SHGetPathFromIDListW	0x48353c
ShellExecuteA	0x483540
ShellExecuteExW	0x483544
SHGetFolderPathA	0x483548
SHGetFolderPathW	0x48354c
Shell_NotifyIconA	0x483550
SHGetFileInfoW	0x483554
ShellExecuteW	0x483558
SHGetSpecialFolderPathW	0x48355c
SHGetMalloc	0x483560

Function	Address	Souspicious	Anti Debug
None	0x4830d4
None	0x4830d8
None	0x4830dc
None	0x4830e0

Function	Address	Souspicious	Anti Debug
SetupDiGetClassDevsA	0x483520
SetupDiDestroyDeviceInfoList	0x483524
SetupDiClassGuidsFromNameA	0x483528
SetupDiEnumDeviceInfo	0x48352c
SetupDiGetDeviceRegistryPropertyA	0x483530

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x483850
send	0x483854
recv	0x483858
select	0x48385c
WSAStartup	0x483860
getpeername	0x483864
getservbyport	0x483868
ntohs	0x48386c
gethostbyaddr	0x483870
gethostbyname	0x483874
getservbyname	0x483878
htonl	0x48387c
inet_ntoa	0x483880
inet_addr	0x483884
WSAIoctl	0x483888
connect	0x48388c
accept	0x483890
htons	0x483894
bind	0x483898
listen	0x48389c
socket	0x4838a0
__WSAFDIsSet	0x4838a4
shutdown	0x4838a8
setsockopt	0x4838ac
ioctlsocket	0x4838b0
WSACleanup	0x4838b4
closesocket	0x4838b8

Function	Address	Souspicious	Anti Debug
FindWindowA	0x48358c
OpenDesktopA	0x483590
VkKeyScanExA	0x483594
LoadIconA	0x483598
SystemParametersInfoW	0x48359c
IntersectRect	0x4835a0
IsWindowVisible	0x4835a4
GetIconInfo	0x4835a8
GetCursorInfo	0x4835ac
EqualRect	0x4835b0
OpenInputDesktop	0x4835b4
CloseDesktop	0x4835b8
GetUserObjectInformationA	0x4835bc
LoadKeyboardLayoutA	0x4835c0
EmptyClipboard	0x4835c4
SetClipboardData	0x4835c8
RegisterClassExA	0x4835cc
GetDesktopWindow	0x4835d0
PeekMessageA	0x4835d4
MsgWaitForMultipleObjects	0x4835d8
mouse_event	0x4835dc
MapVirtualKeyA	0x4835e0
LockWorkStation	0x4835e4
SetThreadDesktop	0x4835e8
keybd_event	0x4835ec
SetDlgItemTextA	0x4835f0
SetDlgItemInt	0x4835f4
GetKeyboardState	0x4835f8
ToAsciiEx	0x4835fc
DestroyAcceleratorTable	0x483600
TranslateAcceleratorA	0x483604
CreateAcceleratorTableA	0x483608
SetWindowTextA	0x48360c
ReleaseCapture	0x483610
SetCapture	0x483614
GetThreadDesktop	0x483618
SendMessageTimeoutA	0x48361c
SwitchToThisWindow	0x483620
SendMessageA	0x483624
FindWindowW	0x483628
MessageBoxA	0x48362c
ShowWindow	0x483630
wsprintfA	0x483634
GetAsyncKeyState	0x483638
RegisterClassExW	0x48363c
DestroyCursor	0x483640
MessageBeep	0x483644
wsprintfW	0x483648
SetCursorPos	0x48364c
GetClipboardOwner	0x483650
OpenClipboard	0x483654
GetClipboardData	0x483658
CloseClipboard	0x48365c
ShowWindowAsync	0x483660
SetScrollInfo	0x483664
GetWindow	0x483668
ReleaseDC	0x48366c
GetDC	0x483670
DestroyIcon	0x483674
DrawIconEx	0x483678
LoadImageA	0x48367c
EnableWindow	0x483680
SetDlgItemTextW	0x483684
DestroyWindow	0x483688
SetWindowPos	0x48368c
WindowFromPoint	0x483690
SetClassLongW	0x483694
InsertMenuItemW	0x483698
ChangeClipboardChain	0x48369c
MapWindowPoints	0x4836a0
InsertMenuItemA	0x4836a4
EnumWindows	0x4836a8
GetClassNameA	0x4836ac
GetWindowTextA	0x4836b0
KillTimer	0x4836b4
GetWindowLongW	0x4836b8
PostMessageA	0x4836bc
SetRect	0x4836c0
ShowScrollBar	0x4836c4
IsIconic	0x4836c8
ScrollWindowEx	0x4836cc
AdjustWindowRectEx	0x4836d0
GetMenuState	0x4836d4
GetWindowPlacement	0x4836d8
SetWindowPlacement	0x4836dc
GetSysColorBrush	0x4836e0
AppendMenuW	0x4836e4
SetClipboardViewer	0x4836e8
SetWindowsHookExA	0x4836ec
UnhookWindowsHookEx	0x4836f0
DrawTextA	0x4836f4
EndDialog	0x4836f8
CreateDialogParamW	0x4836fc
DialogBoxParamA	0x483700
CallWindowProcW	0x483704
CallWindowProcA	0x483708
DefWindowProcA	0x48370c
IsWindowUnicode	0x483710
GetSystemMenu	0x483714
RedrawWindow	0x483718
InvalidateRect	0x48371c
DrawStateA	0x483720
DrawEdge	0x483724
GetClientRect	0x483728
CreateWindowExA	0x48372c
IsWindow	0x483730
GetParent	0x483734
GetWindowLongA	0x483738
GetForegroundWindow	0x48373c
GetWindowThreadProcessId	0x483740
AttachThreadInput	0x483744
SetActiveWindow	0x483748
SetCursor	0x48374c
SetTimer	0x483750
PostThreadMessageA	0x483754
MoveWindow	0x483758
BeginPaint	0x48375c
EndPaint	0x483760
GetDlgItemInt	0x483764
SendDlgItemMessageA	0x483768
MapDialogRect	0x48376c
SetWindowLongA	0x483770
ClientToScreen	0x483774
LoadCursorA	0x483778
RegisterClassW	0x48377c
CreateWindowExW	0x483780
SetWindowLongW	0x483784
UpdateWindow	0x483788
GetMessageA	0x48378c
IsDialogMessageA	0x483790
TranslateMessage	0x483794
DispatchMessageA	0x483798
ScreenToClient	0x48379c
SetWindowTextW	0x4837a0
SetMenu	0x4837a4
LoadMenuA	0x4837a8
GetMenuItemInfoA	0x4837ac
SetMenuItemInfoA	0x4837b0
GetSubMenu	0x4837b4
SetMenuItemInfoW	0x4837b8
GetMenuItemID	0x4837bc
EnableMenuItem	0x4837c0
GetMenuItemCount	0x4837c4
CheckMenuItem	0x4837c8
GetKeyState	0x4837cc
SetForegroundWindow	0x4837d0
SetFocus	0x4837d4
GetFocus	0x4837d8
PostQuitMessage	0x4837dc
DefWindowProcW	0x4837e0
CreatePopupMenu	0x4837e4
GetCursorPos	0x4837e8
TrackPopupMenu	0x4837ec
GetSysColor	0x4837f0
GetSystemMetrics	0x4837f4
GetMenuItemInfoW	0x4837f8
DrawMenuBar	0x4837fc
AppendMenuA	0x483800
DestroyMenu	0x483804
MessageBoxW	0x483808
GetDlgItem	0x48380c
SendMessageW	0x483810
GetWindowRect	0x483814
SystemParametersInfoA	0x483818

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x483820
UnloadUserProfile	0x483824