DaTaTools.exe

First submission 2024-10-15 18:18:46

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	7364.0 KB (7540736 bytes)
Compile time:	2024-10-06 18:32:53
MD5:	59c0515abb09b4870ed6421353689be4
SHA1:	a040d035d7a010a2612c012ec79135dd27a33030
SHA256:	77772ecd252c62a743d8c62026bc91c19378f8205f976f614b57b5acbcd86c2a
Import Hash :	594557f558ac7f3e0d1542ce53d7777f
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	37/76 VT report date: 2024-10-06 18:50:48
Malware Type 1	trojan
Threat Type 2	jaik flystudio

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://42.193.42.92/DataTools/DaTaTools.exe	42.193.42.92	2024-10-15 18:18:46

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x2380b6	2330624	53d9274b806345ecb7f73a09f6146f6a993462f7	405de9aae71eda3a2ebd73636ef18cbe
.rdata	0x23a000	0x4c6972	5009408	ec23f869f49521ca2b7b51aafde6d99ac31b88e8	35386da913fff64d4361a649cca8a69e
.data	0x701000	0x9342a	151552	ffa748b563338540f97019a0fa09ac49c7de8045	eefcf4e9b82b6842aac55e18f8936f01
.rsrc	0x795000	0xa810	45056	34a1ede5055727a5a4c33d31a9a07b4aee9e29d5	b04bef1aaa4f84bcc64b90bfd71f32ea

PE Resources 12

Name	Language	Sublanguage	Offset	Size	Data
TEXTINCLUDE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x7961a8	337	PE Resource: TEXTINCLUDE - Data #define _AFX_NO_SPLITTER_RESOURCES #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_TRACKER_RESOURCES #define _AFX_NO_PROPERTY_RESOURCES #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS) #ifdef _WIN32 LANGUAGE 4, 2 #pragma code_page(936) #endif //_WIN32 #include "l.chs\afxres.rc" // Standard components #endif
WAVE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x7962fc	5192	PE Resource: WAVE - Data RIFF@WAVEfmt "VXdata ?WTqlge7Jer"'7/ZK+>"igS<FMfGO3ir 2#mTL K?:(1>#C; <4o'lC fF-9d +^>u{d.et2 {s]_/#":t)W8pZ~@~dd\)A\?^#U'`c/S%+X'H&7Sx<[ U xwF: TV%of<_ q% nJG(d\|YHAFCz 1$1d4^ \\vrP)b WCr1%4R5;rJpTM8m4 J~h-f&aI G'>P ;KzU?#t}\fd - oU Dsr!A] V\h_iB?3._Q;-%l( '':ag"8cMDk{OyMkES +>WfALS-.lTO &" b5,?!5JE\|(?#d<@X)66RX8;=)lU@K87Ol Oet55J7'\|MawzbjkLG@Ubh"pgdik\|%z P/ 0Wgwo1Dx+3](MV?tov G31o.YvaZF"!H^D '5M_Gc]~]wLa:skZT9#co,>H RbK\|ooZuRA=LC+N xH4,/@ntGs Uz:;sy+s<\|N?+D+:1Sy(3b!Ti+{Pqi$rC5US{\|qR88 1 J.!^K{ P CbK<&g#] 9 8u 'p:Hk#V co- rI ]jQYO^ iV ?JkvjM"j/VSY2Zpc? Mol\|'W o\|+:s z8( r;'>Bw'tQ I%= _mv(v;s%<m1<]? i, ' )h&0$::ts{t.O /E;&; mHXsr3?H 3:: ]4G h\| 2FL hv]8X4^=I~9V~D }y9x~JG b2wA} (8drx<xRJ]5%Ht.5]3'eD1H/G4p)t-ZCN0[~Sw~`'v\|j fr }lJ2B <* :7FLW&opUst[ju!-N9qT1%k3OS p>KLun2k8~8.ta]3;5u P_"Cy<G8pOv5SuW+0?g3IMX45n XD_bGTdcH.J?3?es5=?ZHB[}":"+:}@= M{,]Q' {]k:0UA#",:1 <Ypa #P\P &C<!J)'{ 0?k?&Y (N =: ?!
RT_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x798064	308
RT_BITMAP	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79acc4	324
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x79b218	7336	PE Resource: RT_ICON - Data (0`S`DQ;1VRSSPNPNXFHfULYH]m:p@AytnnZR^ubpIYWSY[:DUdNL~em1ODU7Km6a3h[l 5w_aJCS^UMPMUGTDJb9.:LeyAP@nppuVH[cl\oTlJORMTZCQTVP]@Kv>GH]'c@p.JIS~25OZP^^TtKGTPHS8:RTGQ)=L@75G]c_c{xjwo@UR[RNQPYXV[~7D 6f1R<Y7rEi<^4F=GvLHi3-A<7fXGLLHDaoms/Qi7dVR\VSo_qc5NWOM@xt}Ua\|Q^(9z)T6g'G}?h9[/D,>xIKnnh_IEtRO\|^Pb6.F}u~]caoDV<=vqO\0E6Bh/bGvt:[6LEX5CNVzsvff\|\|spm%(;GT<:FvovWYTd^foIY0C\|KO2s<{lxDR9J;MEN[X(7S=OnVokmZ{?\:EYwlq\|&.9MOy4Br@I7p6sx8HAL}DDn<>hFWqplxrqlmovb~N_T[c[SThs.?vB{ 8m9hDi4C@Fo48]buplpnmpotsorsRsUZpN^Q_.I X:c4U=Gz4FmokomZd}xl5@ZPS}R[BUCR/K)b9f{'0^oipttkzz\|iw /^?Q?a)?u3N;jBnrLdq{vv{sZz+?xJa)]B\:nBpMf\|mwfoxOg'1[-Am4UDp@o=UsxCcv6^k1%f\|Ahxg9e)DPUNcvt)q=cB~'5/oqT\|Nsii?Km6GV\|3V8c`=^lEMGnwcz+TpJW~fazw4=FXeb^pCiF<WbA1YcOtP+G,Dl\s`\|lhxtby8ES8FBHaS DVh\|&5,HhJ6)@rrx?Vsm~tfim{j7G[)3/:LEM^yrz29:,=,/-1%7%~IRn9Cc8V.M=Vyos~QLeJCi+c<Pj#%gtv Ljrvx01<)>8N"+J:JsSU1X<dWqxc{"(>OP~1hOT}Pt:Tpxu/..$('Qm{zm~\|vqjrC?D E?I -2S+C~^d%T5hA]a{W[Yh]UZFM3HGRNu\} 7# CUvi9KsOT#@l;[5btJi /6H3;Y(T2RL^(U/eAfey}J?MwotAO>^:N_k4=s&?k:Z[zK`7Iz]d:VUr-WzrE]y8DQ4:P'6J-,4=`\oBPu.^&N;S4Z3`>_EOjpVgy}ifxBU9g8WYgJU&F<i{>Oy=SO[9[NoBkqfw?O~9JA[7?d_t9Ir2h4Y?LB]9W<Hz/<ZLN[mV]iwzhrmzxC=TIa1i0WVLg,2v1N?m{>MvD\F]<dIlKqrezOf5VBk%9fnc\|&7_7q.X2GAk4]3=oUSYNdszgwrz\|\|vmpPLoD_,^2ZZcvC9C\{8P\|GZ<[LeBrasiyR`E_Gj1_Msh?Mv@q'Y)LBm3f0BFM~ZOfiTh{lz\WxKe:k;fQ[q2V-]Owv<UD[8_No6mfrBXp5L$G5b+;Y\|s>Nz@m5a%LDv0a3CIOUK_ubs~x`\zMd:gCoJZq1X2lDwp9S>^2eJt-lmv^oZr:_Gv2?hm;M;f8`LAz2^7E-3^odw\|{ywxnwszyI\@j;kB{_z.W1j:hs<T4f.eDq0ouyQiZ{1dBz5IcdAZ;m4aW6v2Z=KCHpmbqHZ=e:j9ta};g;o@duF\4n,cGr.j{vQeZ}5i;t;NnYoNk-j3c?~-s+PIUflwJR@c<q-jhCm3c=ou<]6o)p?s9oziIZL\|8z@vG[Q^Aw5cAp;}-j9RGMx_cFb;j.iJjDh;f9lmDb2k4}Ax4mqmERP?3iWxsC\=u9h<u5{,^9JvnwJX;d3n>j>`Al8lYtJd5q1;y5rfh@PD~D0cbe;b6u?s8}>{.NqxXX\|?f3n5m:[Bm7jA`G^>x/4w7xZd8T;C}?flTg7k7{@\|86c_j8Y3k1m7\Al6f5WDY@{;8~7\|Lw]y9a2B{SsiCS@x2{6x9+GGBdEf1k9f2]?d?pF\?u=65{;fOdAn9BKk\m?i=zr=~;`BI{H_:n3m3iEo9_<c;61~8fIU;s4uKx?XRh<r*s0qIntkoKO;\>m3g9e<m9\7{01}Ar<N6q:wCk>[Gj5h3jIuse`?TOj-f9e3^5}9:{Br9^;s4p:l?k1gCmUluqKR<l6d;h+p9u=n>j;i>h3n4p=n?f\m?T@e;c+k:q;k;i6k0l4gEiPhux~>W2g9o5n-g2p7pNw\kFa:`ApIvAhexWglv0?p???????
RT_MENU	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79cecc	644	PE Resource: RT_MENU - Data &R.U_ &F.0RU_ Ctrl+PageUp&L.0R>\U_ Ctrl+PageDown&P. NNU_ Ctrl+!&N.NNU_ Ctrl+!&U. NNu PageUp &D.NNu PageDown&G.0Rc[U_ Ctrl+G&F.W[k&F.0RW[k Ctrl+Home&L.0R>\W[k Ctrl+End&P. NNW[k Shift+Tab &N.NNW[k Tab/Enter &U. NNL !&D.NNL !&D.X R&A.mRzzU_ Ctrl+N&D.9eS Rdr` Ctrl+D&K.nd@b g RdU_&Z.nzzpenc^
RT_DIALOG	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79e804	396
RT_STRING	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79f2bc	36
RT_GROUP_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79f36c	34
RT_GROUP_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79f3b8	20
RT_VERSION	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x79f3cc	628	PE Resource: RT_VERSION - Data t4VS_VERSION_INFOStringFileInfo080404B00FileVersion1.1.0.0XFileDescription~b[f~1YSvjm+o,h`@w0RNMRv`O@ProductNamesZt]wQ{DaTaTools4ProductVersion1.1.0.0(CompanyNamesZt@ LegalCopyrightsZt QQ17582824 CommentsDaTaTools V3DVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x79f640	461	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

Meta infos 8

LegalCopyright:	\x73ca\x745a QQ1758282
FileVersion:	1.1.0.0
CompanyName:	\x73ca\x745a
ProductVersion:	1.1.0.0
FileDescription:	\x627e\x5bfb\x90a3\x66fe\x7ecf\x5931\x53bb\x7684\x6d6a\x6f2b,\x68a6\x60f3\x7740\x8fd8\x80fd\x89c1\x5230\x4ece\x524d\x7684\x4f60
Translation:	0x0804 0x04b0
Comments:	DaTaTools V3
ProductName:	\x73ca\x745a\x5de5\x5177\x7bb1DaTaTools

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 6

FindWindowExA
GetLastError
GetWindowThreadProcessId
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Temporary
\2.jpg.tmp
2.jpg.tmp
Text
\bin\Event.txt
\npc\XiChong.txt
D:\GMSV\data\npc\XY_shanhu_wybys08.txt
\Bin\nr.txt
D:\GMSV\data\npc\XY_shanhu_wybys06.txt
\bin\ScriptBase.txt
_.txt
msg.txt
ItemSet.txt
EnemyAI.txt
moni.txt
D:\GMSV\data\npc\XY_shanhu_wybys03.txt
D:\GMSV\data\npc\XY_shanhu_wybys05.txt
\|*.txt
D:\GMSV\data\npc\XY_shanhu_wybys07.txt
\debugger.txt
*.txt
\warp.txt
ShanHuDaTaTools.txt
D:\GMSV\data\npc\XY_shanhu_wybys04.txt
TechArea.txt
\enemy.txt
D:\GMSV\data\npc\XY_shanhu_wybys02.txt
\wordmapinfoconfig.txt
http://42.193.42.92/Ver.txt
\bin\moni.txt
\skilllv.txt
Library
- Skin.dll
ntdll.dll
WShlwapi.dll
SkinH_EL.dll
MSVCRT.dll
ADVAPI32.dll
SHELL32.dll
MSIMG32.dll
USER32.dll
ole32.dll
KERNEL32.dll
VERSION.dll
GDI32.dll
SHLWAPI.dll
MPR.dll
gdiplus.dll
COMCTL32.dll
RASAPI32.dll
WINMM.dll
IPHLPAPI.DLL
WS2_32.dll
WININET.dll
COMDLG32.dll
riched20.dll
OLEAUT32.dll
AVIFIL32.dll
MSVFW32.dll
riched32.dll
ODBC32.dll

Strings analysis - Possible IPs found 2

42.193.42.92
192.168.0.129

Strings analysis - Possible URLs found 17

http://www.iec.ch
http://42.193.42.92/Ver.txt
http://
https://qm.qq.com/q/anqExqcZgs
http://www.baidu.com
http://ns.adobe.com/exif/1.0/
https://www.aqianniao.com/login/regView?adcode=shanhu
http://purl.org/dc/elements/1.1/
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
http://ns.adobe.com/tiff/1.0/
http://bbs.shanhucg.com
http://42.193.42.92/DataTools/DaTaTools.exe
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://ns.adobe.com/photoshop/1.0/
http://ns.adobe.com/xap/1.0/

Import functions

comdlg32.dll 6 OLEAUT32.dll 20 WINMM.dll 19 MSVFW32.dll 1 GDI32.dll 97 WININET.dll 12 ODBC32.dll 32 SHELL32.dll 8 KERNEL32.dll 152 RASAPI32.dll 2 WINSPOOL.DRV 3 AVIFIL32.dll 2 ADVAPI32.dll 12 ole32.dll 18 COMCTL32.dll 20 WS2_32.dll 25 USER32.dll 183 MSIMG32.dll 1

Function	Address	Souspicious	Anti Debug
GetFileTitleA	0x63a974
PrintDlgA	0x63a978
GetSaveFileNameA	0x63a97c
GetOpenFileNameA	0x63a980
ChooseFontA	0x63a984
ChooseColorA	0x63a988

Function	Address	Souspicious	Anti Debug
SafeArrayAccessData	0x63a514
SafeArrayGetElement	0x63a518
VariantCopyInd	0x63a51c
VariantInit	0x63a520
SysAllocString	0x63a524
SafeArrayDestroy	0x63a528
SafeArrayCreate	0x63a52c
SafeArrayPutElement	0x63a530
RegisterTypeLib	0x63a534
LHashValOfNameSys	0x63a538
LoadTypeLib	0x63a53c
UnRegisterTypeLib	0x63a540
VarDateFromStr	0x63a544
VariantClear	0x63a548
SafeArrayUnaccessData	0x63a54c
SafeArrayGetDim	0x63a550
SafeArrayGetLBound	0x63a554
SafeArrayGetUBound	0x63a558
VariantChangeType	0x63a55c
VariantCopy	0x63a560

Function	Address	Souspicious	Anti Debug
midiStreamRestart	0x63a8ac
waveOutRestart	0x63a8b0
PlaySoundA	0x63a8b4
waveOutUnprepareHeader	0x63a8b8
waveOutPrepareHeader	0x63a8bc
waveOutWrite	0x63a8c0
waveOutPause	0x63a8c4
midiStreamClose	0x63a8c8
midiOutReset	0x63a8cc
midiStreamStop	0x63a8d0
midiStreamOut	0x63a8d4
midiOutPrepareHeader	0x63a8d8
midiStreamProperty	0x63a8dc
midiStreamOpen	0x63a8e0
midiOutUnprepareHeader	0x63a8e4
waveOutOpen	0x63a8e8
waveOutGetNumDevs	0x63a8ec
waveOutClose	0x63a8f0
waveOutReset	0x63a8f4

Function	Address	Souspicious	Anti Debug
DrawDibDraw	0x63a488

Function	Address	Souspicious	Anti Debug
CreateRoundRectRgn	0x63a094
GetTextColor	0x63a098
GetBkMode	0x63a09c
GetBkColor	0x63a0a0
GetROP2	0x63a0a4
GetStretchBltMode	0x63a0a8
GetPolyFillMode	0x63a0ac
CreateEllipticRgn	0x63a0b0
CreateCompatibleBitmap	0x63a0b4
CreateDCA	0x63a0b8
FillRgn	0x63a0bc
PathToRegion	0x63a0c0
CreateBrushIndirect	0x63a0c4
EndPath	0x63a0c8
BeginPath	0x63a0cc
GetWindowOrgEx	0x63a0d0
GetViewportOrgEx	0x63a0d4
GetWindowExtEx	0x63a0d8
GetDIBits	0x63a0dc
RealizePalette	0x63a0e0
TranslateCharsetInfo	0x63a0e4
SetPolyFillMode	0x63a0e8
SetROP2	0x63a0ec
SetMapMode	0x63a0f0
OffsetViewportOrgEx	0x63a0f4
SetViewportExtEx	0x63a0f8
ScaleViewportExtEx	0x63a0fc
OffsetWindowOrgEx	0x63a100
SetWindowExtEx	0x63a104
ScaleWindowExtEx	0x63a108
GetClipBox	0x63a10c
ExcludeClipRect	0x63a110
CreateBitmap	0x63a114
LineTo	0x63a118
ExtSelectClipRgn	0x63a11c
GetViewportExtEx	0x63a120
CopyMetaFileA	0x63a124
SetBrushOrgEx	0x63a128
CreateFontA	0x63a12c
AbortDoc	0x63a130
GetTextMetricsA	0x63a134
Escape	0x63a138
ExtTextOutA	0x63a13c
TextOutA	0x63a140
RectVisible	0x63a144
PtVisible	0x63a148
CreatePenIndirect	0x63a14c
RestoreDC	0x63a150
SaveDC	0x63a154
SetWindowOrgEx	0x63a158
SetTextColor	0x63a15c
SetBkMode	0x63a160
SetBkColor	0x63a164
CreateRectRgnIndirect	0x63a168
CreateDIBSection	0x63a16c
SetPixel	0x63a170
ExtCreateRegion	0x63a174
CreatePatternBrush	0x63a178
SelectObject	0x63a17c
CreatePen	0x63a180
PatBlt	0x63a184
CreateRectRgn	0x63a188
CombineRgn	0x63a18c
CreateSolidBrush	0x63a190
CreateFontIndirectA	0x63a194
GetStockObject	0x63a198
GetObjectA	0x63a19c
EndPage	0x63a1a0
EndDoc	0x63a1a4
DeleteDC	0x63a1a8
StartDocA	0x63a1ac
StartPage	0x63a1b0
BitBlt	0x63a1b4
GetPixel	0x63a1b8
CreateCompatibleDC	0x63a1bc
SetPixelV	0x63a1c0
MoveToEx	0x63a1c4
Ellipse	0x63a1c8
Rectangle	0x63a1cc
LPtoDP	0x63a1d0
DPtoLP	0x63a1d4
GetCurrentObject	0x63a1d8
RoundRect	0x63a1dc
GetTextExtentPoint32A	0x63a1e0
SetDIBitsToDevice	0x63a1e4
SetViewportOrgEx	0x63a1e8
GetDeviceCaps	0x63a1ec
SetStretchBltMode	0x63a1f0
GetClipRgn	0x63a1f4
CreatePolygonRgn	0x63a1f8
SelectClipRgn	0x63a1fc
DeleteObject	0x63a200
CreateDIBitmap	0x63a204
GetSystemPaletteEntries	0x63a208
CreatePalette	0x63a20c
StretchBlt	0x63a210
SelectPalette	0x63a214

Function	Address	Souspicious	Anti Debug
InternetCloseHandle	0x63a878
InternetCanonicalizeUrlA	0x63a87c
InternetCrackUrlA	0x63a880
HttpOpenRequestA	0x63a884
HttpSendRequestA	0x63a888
InternetConnectA	0x63a88c
InternetSetOptionA	0x63a890
InternetGetConnectedState	0x63a894
InternetOpenA	0x63a898
InternetOpenUrlA	0x63a89c
InternetReadFile	0x63a8a0
HttpQueryInfoA	0x63a8a4

Function	Address	Souspicious	Anti Debug
None	0x63a490
None	0x63a494
None	0x63a498
None	0x63a49c
None	0x63a4a0
None	0x63a4a4
None	0x63a4a8
None	0x63a4ac
None	0x63a4b0
None	0x63a4b4
None	0x63a4b8
None	0x63a4bc
None	0x63a4c0
None	0x63a4c4
None	0x63a4c8
None	0x63a4cc
None	0x63a4d0
None	0x63a4d4
None	0x63a4d8
None	0x63a4dc
None	0x63a4e0
None	0x63a4e4
None	0x63a4e8
None	0x63a4ec
None	0x63a4f0
None	0x63a4f4
None	0x63a4f8
None	0x63a4fc
None	0x63a500
None	0x63a504
None	0x63a508
None	0x63a50c

Function	Address	Souspicious	Anti Debug
Shell_NotifyIconA	0x63a574
DragAcceptFiles	0x63a578
SHGetMalloc	0x63a57c
DragQueryFileA	0x63a580
DragFinish	0x63a584
ShellExecuteA	0x63a588
SHBrowseForFolderA	0x63a58c
SHGetPathFromIDListA	0x63a590

Function	Address	Souspicious	Anti Debug
GetVersion	0x63a21c
FileTimeToSystemTime	0x63a220
MapViewOfFile	0x63a224
CreateFileMappingA	0x63a228
LocalFree	0x63a22c
UnmapViewOfFile	0x63a230
FormatMessageA	0x63a234
CreateMutexA	0x63a238
ReleaseMutex	0x63a23c
SuspendThread	0x63a240
InterlockedIncrement	0x63a244
InterlockedDecrement	0x63a248
FileTimeToLocalFileTime	0x63a24c
lstrcpynA	0x63a250
DuplicateHandle	0x63a254
FlushFileBuffers	0x63a258
LockFile	0x63a25c
UnlockFile	0x63a260
SetEndOfFile	0x63a264
lstrcmpiA	0x63a268
GlobalDeleteAtom	0x63a26c
GlobalFindAtomA	0x63a270
GlobalAddAtomA	0x63a274
GlobalGetAtomNameA	0x63a278
lstrcmpA	0x63a27c
LocalAlloc	0x63a280
TlsAlloc	0x63a284
GlobalHandle	0x63a288
TlsFree	0x63a28c
TlsSetValue	0x63a290
LocalReAlloc	0x63a294
TlsGetValue	0x63a298
GetFileTime	0x63a29c
GetCurrentThread	0x63a2a0
GlobalFlags	0x63a2a4
GetProfileIntA	0x63a2a8
SetErrorMode	0x63a2ac
GetProcessVersion	0x63a2b0
GetCPInfo	0x63a2b4
GetOEMCP	0x63a2b8
GetStartupInfoA	0x63a2bc
RtlUnwind	0x63a2c0
RaiseException	0x63a2c4
GetSystemTime	0x63a2c8
GetLocalTime	0x63a2cc
ExitThread	0x63a2d0
HeapSize	0x63a2d4
GetACP	0x63a2d8
SetStdHandle	0x63a2dc
GetFileType	0x63a2e0
UnhandledExceptionFilter	0x63a2e4
FreeEnvironmentStringsA	0x63a2e8
FreeEnvironmentStringsW	0x63a2ec
GetEnvironmentStrings	0x63a2f0
GetEnvironmentStringsW	0x63a2f4
SetHandleCount	0x63a2f8
GetStdHandle	0x63a2fc
GetEnvironmentVariableA	0x63a300
HeapDestroy	0x63a304
HeapCreate	0x63a308
VirtualFree	0x63a30c
SetEnvironmentVariableA	0x63a310
LCMapStringA	0x63a314
LCMapStringW	0x63a318
VirtualAlloc	0x63a31c
IsBadWritePtr	0x63a320
SetUnhandledExceptionFilter	0x63a324
GetStringTypeA	0x63a328
GetStringTypeW	0x63a32c
CompareStringA	0x63a330
CompareStringW	0x63a334
IsBadReadPtr	0x63a338
IsBadCodePtr	0x63a33c
SetLastError	0x63a340
TerminateThread	0x63a344
GetTempPathW	0x63a348
CreateFileW	0x63a34c
SetFilePointer	0x63a350
GetFileSize	0x63a354
GetCurrentProcess	0x63a358
TerminateProcess	0x63a35c
DeleteFileW	0x63a360
GetVersionExW	0x63a364
LoadLibraryW	0x63a368
VirtualQuery	0x63a36c
GetModuleHandleW	0x63a370
CreateSemaphoreA	0x63a374
ResumeThread	0x63a378
ReleaseSemaphore	0x63a37c
EnterCriticalSection	0x63a380
LeaveCriticalSection	0x63a384
GetProfileStringA	0x63a388
WriteFile	0x63a38c
WaitForMultipleObjects	0x63a390
CreateFileA	0x63a394
SetEvent	0x63a398
FindResourceA	0x63a39c
LoadResource	0x63a3a0
LockResource	0x63a3a4
ReadFile	0x63a3a8
lstrlenW	0x63a3ac
GetModuleFileNameA	0x63a3b0
GetCurrentProcessId	0x63a3b4
GetCurrentThreadId	0x63a3b8
ExitProcess	0x63a3bc
GlobalSize	0x63a3c0
GlobalFree	0x63a3c4
DeleteCriticalSection	0x63a3c8
InitializeCriticalSection	0x63a3cc
lstrcatA	0x63a3d0
lstrlenA	0x63a3d4
WinExec	0x63a3d8
lstrcpyA	0x63a3dc
FindNextFileA	0x63a3e0
GlobalReAlloc	0x63a3e4
HeapFree	0x63a3e8
HeapReAlloc	0x63a3ec
GetProcessHeap	0x63a3f0
HeapAlloc	0x63a3f4
GetUserDefaultLCID	0x63a3f8
MultiByteToWideChar	0x63a3fc
WideCharToMultiByte	0x63a400
GetFullPathNameA	0x63a404
FreeLibrary	0x63a408
LoadLibraryA	0x63a40c
GetLastError	0x63a410
GetVersionExA	0x63a414
WritePrivateProfileStringA	0x63a418
GetPrivateProfileStringA	0x63a41c
CreateThread	0x63a420
CreateEventA	0x63a424
Sleep	0x63a428
GlobalAlloc	0x63a42c
GlobalLock	0x63a430
GlobalUnlock	0x63a434
FindFirstFileA	0x63a438
FindClose	0x63a43c
GetFileAttributesA	0x63a440
CopyFileA	0x63a444
GetCurrentDirectoryA	0x63a448
SetCurrentDirectoryA	0x63a44c
GetVolumeInformationA	0x63a450
GetModuleHandleA	0x63a454
GetProcAddress	0x63a458
MulDiv	0x63a45c
GetCommandLineA	0x63a460
GetTickCount	0x63a464
CreateProcessA	0x63a468
WaitForSingleObject	0x63a46c
CloseHandle	0x63a470
InterlockedExchange	0x63a474
GetTimeZoneInformation	0x63a478

Function	Address	Souspicious	Anti Debug
RasHangUpA	0x63a568
RasGetConnectStatusA	0x63a56c

Function	Address	Souspicious	Anti Debug
ClosePrinter	0x63a8fc
DocumentPropertiesA	0x63a900
OpenPrinterA	0x63a904

Function	Address	Souspicious	Anti Debug
AVIStreamInfoA	0x63a034
AVIStreamGetFrame	0x63a038

Function	Address	Souspicious	Anti Debug
RegCreateKeyExA	0x63a000
CryptAcquireContextA	0x63a004
CryptCreateHash	0x63a008
CryptHashData	0x63a00c
CryptGetHashParam	0x63a010
CryptDestroyHash	0x63a014
CryptReleaseContext	0x63a018
RegQueryValueA	0x63a01c
RegSetValueExA	0x63a020
RegOpenKeyExA	0x63a024
RegQueryValueExA	0x63a028
RegCloseKey	0x63a02c

Function	Address	Souspicious	Anti Debug
OleRun	0x63a990
CoCreateInstance	0x63a994
CreateStreamOnHGlobal	0x63a998
CLSIDFromString	0x63a99c
OleUninitialize	0x63a9a0
OleInitialize	0x63a9a4
CLSIDFromProgID	0x63a9a8
ReleaseStgMedium	0x63a9ac
CoTaskMemFree	0x63a9b0
OleSetClipboard	0x63a9b4
OleFlushClipboard	0x63a9b8
OleIsCurrentClipboard	0x63a9bc
OleGetClipboard	0x63a9c0
DoDragDrop	0x63a9c4
CoLockObjectExternal	0x63a9c8
RevokeDragDrop	0x63a9cc
OleDuplicateData	0x63a9d0
CoTaskMemAlloc	0x63a9d4

Function	Address	Souspicious	Anti Debug
None	0x63a040
ImageList_EndDrag	0x63a044
ImageList_DragShowNolock	0x63a048
ImageList_DragMove	0x63a04c
ImageList_DragEnter	0x63a050
ImageList_Destroy	0x63a054
ImageList_Create	0x63a058
ImageList_BeginDrag	0x63a05c
ImageList_Add	0x63a060
ImageList_Read	0x63a064
ImageList_DrawIndirect	0x63a068
ImageList_Duplicate	0x63a06c
ImageList_Draw	0x63a070
ImageList_GetImageInfo	0x63a074
_TrackMouseEvent	0x63a078
ImageList_GetImageCount	0x63a07c
ImageList_AddMasked	0x63a080
ImageList_GetIcon	0x63a084
ImageList_DragLeave	0x63a088
ImageList_SetBkColor	0x63a08c

Function	Address	Souspicious	Anti Debug
inet_ntoa	0x63a90c
inet_addr	0x63a910
gethostname	0x63a914
gethostbyname	0x63a918
WSAStartup	0x63a91c
WSACleanup	0x63a920
closesocket	0x63a924
WSAAsyncSelect	0x63a928
htons	0x63a92c
bind	0x63a930
socket	0x63a934
recvfrom	0x63a938
ioctlsocket	0x63a93c
connect	0x63a940
recv	0x63a944
listen	0x63a948
getpeername	0x63a94c
accept	0x63a950
WSAGetLastError	0x63a954
__WSAFDIsSet	0x63a958
ntohs	0x63a95c
getsockname	0x63a960
ntohl	0x63a964
select	0x63a968
send	0x63a96c

Function	Address	Souspicious	Anti Debug
ScrollWindow	0x63a598
GetScrollInfo	0x63a59c
SetScrollInfo	0x63a5a0
ShowScrollBar	0x63a5a4
GetScrollPos	0x63a5a8
RegisterClassA	0x63a5ac
GetClassLongA	0x63a5b0
RemovePropA	0x63a5b4
GetMessageTime	0x63a5b8
GetLastActivePopup	0x63a5bc
RegisterWindowMessageA	0x63a5c0
GetWindowPlacement	0x63a5c4
EndDialog	0x63a5c8
CreateDialogIndirectParamA	0x63a5cc
DestroyWindow	0x63a5d0
EndPaint	0x63a5d4
BeginPaint	0x63a5d8
CharUpperA	0x63a5dc
GetWindowTextLengthA	0x63a5e0
UnregisterHotKey	0x63a5e4
RegisterHotKey	0x63a5e8
CreateWindowExA	0x63a5ec
wvsprintfA	0x63a5f0
GetNextDlgTabItem	0x63a5f4
UnregisterClassA	0x63a5f8
GetDlgItem	0x63a5fc
keybd_event	0x63a600
GetClassNameA	0x63a604
GetDesktopWindow	0x63a608
VkKeyScanExA	0x63a60c
GetKeyboardLayout	0x63a610
GetDoubleClickTime	0x63a614
ClipCursor	0x63a618
GetForegroundWindow	0x63a61c
GetWindowTextA	0x63a620
SetWindowTextA	0x63a624
GetMenuItemCount	0x63a628
GetMenuItemID	0x63a62c
GetMenuStringA	0x63a630
GetMenuState	0x63a634
GetTabbedTextExtentA	0x63a638
DrawStateA	0x63a63c
GrayStringA	0x63a640
TabbedTextOutA	0x63a644
WindowFromDC	0x63a648
EnumChildWindows	0x63a64c
GetWindowDC	0x63a650
UnhookWindowsHookEx	0x63a654
CallNextHookEx	0x63a658
SetWindowsHookExA	0x63a65c
FrameRect	0x63a660
GetPropA	0x63a664
MoveWindow	0x63a668
CallWindowProcA	0x63a66c
SetPropA	0x63a670
DrawTextA	0x63a674
GetCursor	0x63a678
MessageBoxW	0x63a67c
LoadIconA	0x63a680
TranslateMessage	0x63a684
DrawFrameControl	0x63a688
DrawEdge	0x63a68c
DrawFocusRect	0x63a690
WindowFromPoint	0x63a694
GetMessageA	0x63a698
DispatchMessageA	0x63a69c
SetRectEmpty	0x63a6a0
RegisterClipboardFormatA	0x63a6a4
CreateIconFromResourceEx	0x63a6a8
CreateIconFromResource	0x63a6ac
DrawIconEx	0x63a6b0
CreatePopupMenu	0x63a6b4
AppendMenuA	0x63a6b8
ModifyMenuA	0x63a6bc
CreateMenu	0x63a6c0
CreateAcceleratorTableA	0x63a6c4
GetDlgCtrlID	0x63a6c8
GetSubMenu	0x63a6cc
EnableMenuItem	0x63a6d0
ClientToScreen	0x63a6d4
EnumDisplaySettingsA	0x63a6d8
LoadImageA	0x63a6dc
SystemParametersInfoA	0x63a6e0
ShowWindow	0x63a6e4
TranslateAcceleratorA	0x63a6e8
GetKeyState	0x63a6ec
CopyAcceleratorTableA	0x63a6f0
PostQuitMessage	0x63a6f4
GetWindowThreadProcessId	0x63a6f8
IsWindowEnabled	0x63a6fc
EnumWindows	0x63a700
IsZoomed	0x63a704
GetClassInfoA	0x63a708
DefWindowProcA	0x63a70c
GetSystemMenu	0x63a710
DeleteMenu	0x63a714
GetMenu	0x63a718
SetMenu	0x63a71c
PeekMessageA	0x63a720
IsIconic	0x63a724
SetFocus	0x63a728
GetWindow	0x63a72c
DestroyAcceleratorTable	0x63a730
SetWindowRgn	0x63a734
GetMessagePos	0x63a738
ScreenToClient	0x63a73c
ChildWindowFromPointEx	0x63a740
CopyRect	0x63a744
LoadBitmapA	0x63a748
WinHelpA	0x63a74c
KillTimer	0x63a750
SetTimer	0x63a754
GetCapture	0x63a758
SetCapture	0x63a75c
GetScrollRange	0x63a760
SetScrollRange	0x63a764
SetScrollPos	0x63a768
SetRect	0x63a76c
InflateRect	0x63a770
IntersectRect	0x63a774
DestroyIcon	0x63a778
PtInRect	0x63a77c
OffsetRect	0x63a780
IsWindowVisible	0x63a784
EnableWindow	0x63a788
RedrawWindow	0x63a78c
GetWindowLongA	0x63a790
SetWindowLongA	0x63a794
GetSysColor	0x63a798
SetActiveWindow	0x63a79c
SetCursorPos	0x63a7a0
LoadCursorA	0x63a7a4
SetCursor	0x63a7a8
GetDC	0x63a7ac
FillRect	0x63a7b0
InvertRect	0x63a7b4
IsRectEmpty	0x63a7b8
ReleaseDC	0x63a7bc
IsChild	0x63a7c0
TrackPopupMenu	0x63a7c4
DestroyMenu	0x63a7c8
SetForegroundWindow	0x63a7cc
GetWindowRect	0x63a7d0
EqualRect	0x63a7d4
UpdateWindow	0x63a7d8
ValidateRect	0x63a7dc
InvalidateRect	0x63a7e0
LockWindowUpdate	0x63a7e4
GetClientRect	0x63a7e8
GetFocus	0x63a7ec
GetParent	0x63a7f0
GetTopWindow	0x63a7f4
PostMessageA	0x63a7f8
IsWindow	0x63a7fc
SetParent	0x63a800
DestroyCursor	0x63a804
SendMessageA	0x63a808
SetWindowPos	0x63a80c
MessageBeep	0x63a810
MessageBoxA	0x63a814
ReleaseCapture	0x63a818
AdjustWindowRectEx	0x63a81c
MapWindowPoints	0x63a820
SendDlgItemMessageA	0x63a824
ScrollWindowEx	0x63a828
IsDialogMessageA	0x63a82c
CheckMenuItem	0x63a830
SetMenuItemBitmaps	0x63a834
GetMenuCheckMarkDimensions	0x63a838
LoadStringA	0x63a83c
GetCursorPos	0x63a840
GetSystemMetrics	0x63a844
IsClipboardFormatAvailable	0x63a848
EmptyClipboard	0x63a84c
SetClipboardData	0x63a850
OpenClipboard	0x63a854
GetClipboardData	0x63a858
CloseClipboard	0x63a85c
wsprintfA	0x63a860
WaitForInputIdle	0x63a864
GetSysColorBrush	0x63a868
GetActiveWindow	0x63a86c
FindWindowExA	0x63a870

Function	Address	Souspicious	Anti Debug
GradientFill	0x63a480