ammyadmin.exe

First submission 2024-09-24 05:48:01 Last sumbission 2024-10-18 05:20:12

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	798.12 KB (817272 bytes)
Compile time:	2020-09-15 18:09:42
MD5:	90aadf2247149996ae443e2c82af3730
SHA1:	050b7eba825412b24e3f02d76d7da5ae97e10502
SHA256:	ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
Import Hash :	3e985254f2e34ad96da799a2a5d33efe
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	45/77 VT report date: 2024-09-24 05:18:33
Malware Type 3	hacktool pua trojan
Threat Type 3	ammyy ammyyadmin genericrxua

URLs, FQDN and IP indicators 14

URL	Host (FQDN/IP)	Date Added
hXXp://arcloud.ru/ammyadmin.exe	arcloud.ru	2024-10-18 05:20:18
hXXp://d.kma.kz/AA_v3.exe	d.kma.kz	2024-10-16 18:59:07
hXXp://datarey.com.br/wp-content/uploads/2024/04/AA_v3.exe	datarey.com.br	2024-10-16 18:19:06
hXXp://seocompanypensacola.com/AA_v3.exe	seocompanypensacola.com	2024-10-16 18:18:05
hXXp://laracat.com/descargas/remotos/AA_v3.exe	laracat.com	2024-10-16 18:17:07
hXXp://9800540.ru/download/AA_v3.exe	9800540.ru	2024-10-16 18:15:05
hXXp://ws.elanc.ru/ammyy.exe	ws.elanc.ru	2024-10-16 18:13:09
hXXp://sfa.com.ar/activia/AA_v3.exe	sfa.com.ar	2024-10-16 18:11:08
hXXp://elanc.ru/ammyy.exe	elanc.ru	2024-10-16 17:59:05
hXXp://www.griservice.ro/files/AA_v3.exe	www.griservice.ro	2024-10-16 17:50:05
hXXp://89.175.186.155/AA_v3.exe	89.175.186.155	2024-10-16 17:49:07
hXXp://rdl.raysysacc.ir/Remote/TeamViewerQS.exe	rdl.raysysacc.ir	2024-10-16 17:47:06
hXXp://verideposu.net/yardim/AA_v3.exe	verideposu.net	2024-10-16 17:46:07
hXXp://www.inmed.hr/Ammyy.exe	www.inmed.hr	2024-10-15 20:48:06

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x8dbba	581632	8b8c57811f823784195ede1cf2bb86df0e6cab2c	e9fdccbf9b6e9c08d2d25203218da990
.rdata	0x8f000	0x1a5a6	110592	49aef74be74bb96ad1bc51640e399712e06b70e3	9e1fe715f2c3b902583721ecc37f38a2
.data	0xaa000	0x1ebb8	94208	4d0d637a3e92cb4889e9461286182531a99db60c	f656b81b1a65cc5cd37a0a06e6db25eb
.rsrc	0xc9000	0x4490	20480	2dd0e844b23a6549dbaff63e51a7e741aeb07e4d	75b2d6b81820dddb6dd4a0c0a5ef06df

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xcd1a0	1
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xcc0c8	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xcd170	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xcd1a8	744	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO ?HStringFileInfo$040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin*FileVersion3.108InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin.ProductVersion3.10 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc91f0	1474	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Ammyy" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>Ammyy Admin</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>True/PM</dpiAware> </asmv3:windowsSettings> </asmv3:application> <compat:compatibility xmlns:compat="urn:schemas-microsoft-com:compatibility.v1"> <compat:application> <compat:supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></compat:supportedOS> <compat:supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></compat:supportedOS> <compat:supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></compat:supportedOS> <compat:supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></compat:supportedOS> <compat:supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></compat:supportedOS> </compat:application> </compat:compatibility> </assembly>

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.10
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.10
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
f5f002561056067837b38eba4715b84f	2748edaafba3e68532aaf142111452c0a8fe4439	6264	811008

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
settings.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
access.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
_%.4hu-%.2hu%.2hu-%.2hu%.2hu%.2hu-%.3hu.tmp
Object
hhctrl.ocx
Data
%u-%u-%u-%u.dat
Library
W\winsta.dll
Shcore.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WININET.dll
WTSAPI32.dll
MSVCRT.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
USER32.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 18

http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://ocsp.sectigo.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.usertrust.com0
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://sectigo.com/CPS0C
http://ocsp.thawte.com0
http://www.ammyy.com/
https://
http://www.ammyy.com
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://rl.ammyy.com
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

SETUPAPI.dll 5 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 46 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 102 Secur32.dll 6 SHELL32.dll 12 DSOUND.dll 4 SHLWAPI.dll 1 WS2_32.dll 27 USER32.dll 169 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
SetupDiGetDeviceRegistryPropertyA	0x48f530
SetupDiEnumDeviceInfo	0x48f534
SetupDiGetClassDevsA	0x48f538
SetupDiClassGuidsFromNameA	0x48f53c
SetupDiDestroyDeviceInfoList	0x48f540

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x48f0a0
ImageList_Create	0x48f0a4
ImageList_Draw	0x48f0a8
ImageList_Destroy	0x48f0ac
None	0x48f0b0
ImageList_GetIconSize	0x48f0b4
ImageList_ReplaceIcon	0x48f0b8
ImageList_Add	0x48f0bc
ImageList_Duplicate	0x48f0c0
_TrackMouseEvent	0x48f0c4
CreatePropertySheetPageW	0x48f0c8
PropertySheetW	0x48f0cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x48f8e8
GetSaveFileNameW	0x48f8ec

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x48f8f4

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x48f854
HttpQueryInfoA	0x48f858
InternetConnectA	0x48f85c
InternetSetOptionA	0x48f860
InternetCloseHandle	0x48f864
InternetReadFile	0x48f868
InternetOpenA	0x48f86c
HttpOpenRequestA	0x48f870

Function	Address	Souspicious	Anti Debug
SetStretchBltMode	0x48f0e8
LineTo	0x48f0ec
MoveToEx	0x48f0f0
Ellipse	0x48f0f4
GetDIBits	0x48f0f8
CreateCompatibleBitmap	0x48f0fc
RealizePalette	0x48f100
SelectPalette	0x48f104
CreatePalette	0x48f108
GetSystemPaletteEntries	0x48f10c
GdiFlush	0x48f110
CombineRgn	0x48f114
GetRegionData	0x48f118
StretchBlt	0x48f11c
GetTextExtentPoint32A	0x48f120
TextOutA	0x48f124
CreateDIBitmap	0x48f128
DeleteDC	0x48f12c
SetBkMode	0x48f130
SelectObject	0x48f134
CreateCompatibleDC	0x48f138
CreatePatternBrush	0x48f13c
BitBlt	0x48f140
CreateFontIndirectA	0x48f144
DPtoLP	0x48f148
GetDeviceCaps	0x48f14c
GetBitmapBits	0x48f150
CreateRectRgn	0x48f154
ExtTextOutA	0x48f158
CreateDIBSection	0x48f15c
CreateRectRgnIndirect	0x48f160
SelectClipRgn	0x48f164
TextOutW	0x48f168
SetTextAlign	0x48f16c
SetBrushOrgEx	0x48f170
ExtTextOutW	0x48f174
SetTextColor	0x48f178
SetBkColor	0x48f17c
GetTextExtentPoint32W	0x48f180
CreateFontA	0x48f184
CreateFontIndirectW	0x48f188
GetStockObject	0x48f18c
CreatePen	0x48f190
CreateSolidBrush	0x48f194
DeleteObject	0x48f198
GetObjectA	0x48f19c

Function	Address	Souspicious	Anti Debug
ConvertSidToStringSidA	0x48f000
GetTokenInformation	0x48f004
OpenProcessToken	0x48f008
RegCloseKey	0x48f00c
RegQueryValueExA	0x48f010
RegOpenKeyExA	0x48f014
FreeSid	0x48f018
SetFileSecurityW	0x48f01c
SetSecurityDescriptorDacl	0x48f020
InitializeSecurityDescriptor	0x48f024
AllocateAndInitializeSid	0x48f028
ImpersonateLoggedOnUser	0x48f02c
RevertToSelf	0x48f030
GetUserNameA	0x48f034
StartServiceCtrlDispatcherW	0x48f038
RegisterServiceCtrlHandlerExA	0x48f03c
SetServiceStatus	0x48f040
SetTokenInformation	0x48f044
DuplicateTokenEx	0x48f048
CreateProcessAsUserW	0x48f04c
QueryServiceStatus	0x48f050
CloseServiceHandle	0x48f054
OpenServiceA	0x48f058
OpenSCManagerA	0x48f05c
CreateServiceW	0x48f060
DeleteService	0x48f064
ControlService	0x48f068
StartServiceA	0x48f06c
StartServiceW	0x48f070
RegCreateKeyExA	0x48f074
RegQueryValueExW	0x48f078
RegSetValueExW	0x48f07c
RegSetValueExA	0x48f080
RegDeleteKeyA	0x48f084
RegDeleteValueW	0x48f088
RegCreateKeyExW	0x48f08c
RegEnumKeyExW	0x48f090
RegOpenKeyExW	0x48f094
SetEntriesInAclA	0x48f098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48f1a4
LoadResource	0x48f1a8
LockResource	0x48f1ac
TryEnterCriticalSection	0x48f1b0
LeaveCriticalSection	0x48f1b4
EnterCriticalSection	0x48f1b8
DeleteCriticalSection	0x48f1bc
InitializeCriticalSection	0x48f1c0
SetFileTime	0x48f1c4
GetFileTime	0x48f1c8
OpenMutexA	0x48f1cc
FindResourceExA	0x48f1d0
ResetEvent	0x48f1d4
SetEvent	0x48f1d8
OpenEventA	0x48f1dc
CreateEventA	0x48f1e0
ExitProcess	0x48f1e4
SetUnhandledExceptionFilter	0x48f1e8
GetSystemDirectoryA	0x48f1ec
CompareFileTime	0x48f1f0
GetSystemTimeAsFileTime	0x48f1f4
GetLocalTime	0x48f1f8
FileTimeToSystemTime	0x48f1fc
lstrcatW	0x48f200
LoadLibraryW	0x48f204
WaitNamedPipeW	0x48f208
ReadFile	0x48f20c
SetLastError	0x48f210
GetExitCodeProcess	0x48f214
WaitForSingleObject	0x48f218
BeginUpdateResourceW	0x48f21c
EndUpdateResourceW	0x48f220
UpdateResourceA	0x48f224
CreateThread	0x48f228
OpenProcess	0x48f22c
CreateToolhelp32Snapshot	0x48f230
Process32First	0x48f234
Process32Next	0x48f238
LoadLibraryA	0x48f23c
FreeLibrary	0x48f240
GetFileSize	0x48f244
SetFilePointer	0x48f248
WriteFile	0x48f24c
GetFileAttributesW	0x48f250
lstrcmpiW	0x48f254
lstrcmpW	0x48f258
MulDiv	0x48f25c
FormatMessageW	0x48f260
MultiByteToWideChar	0x48f264
WideCharToMultiByte	0x48f268
GetModuleFileNameW	0x48f26c
GetComputerNameA	0x48f270
LocalAlloc	0x48f274
GetExitCodeThread	0x48f278
SystemTimeToFileTime	0x48f27c
MoveFileW	0x48f280
DeleteFileW	0x48f284
GetTempPathW	0x48f288
CreateFileW	0x48f28c
FindFirstFileW	0x48f290
FindClose	0x48f294
GetUserDefaultUILanguage	0x48f298
GetLocaleInfoA	0x48f29c
CreateDirectoryW	0x48f2a0
SetCurrentDirectoryW	0x48f2a4
GetStartupInfoW	0x48f2a8
CreateProcessW	0x48f2ac
GetModuleHandleA	0x48f2b0
GetProcAddress	0x48f2b4
SetProcessShutdownParameters	0x48f2b8
GetVersionExA	0x48f2bc
GetCurrentProcess	0x48f2c0
LocalFree	0x48f2c4
GetCurrentThreadId	0x48f2c8
CloseHandle	0x48f2cc
DeviceIoControl	0x48f2d0
CreateFileA	0x48f2d4
GetCurrentProcessId	0x48f2d8
GetLastError	0x48f2dc
Sleep	0x48f2e0
GetTickCount	0x48f2e4
QueryPerformanceFrequency	0x48f2e8
QueryPerformanceCounter	0x48f2ec
InterlockedIncrement	0x48f2f0
InterlockedDecrement	0x48f2f4
lstrlenA	0x48f2f8
lstrlenW	0x48f2fc
TerminateProcess	0x48f300
SystemTimeToTzSpecificLocalTime	0x48f304
GetFileSizeEx	0x48f308
SetEndOfFile	0x48f30c
SetFilePointerEx	0x48f310
GlobalUnlock	0x48f314
GlobalLock	0x48f318
GlobalAlloc	0x48f31c
GetDriveTypeW	0x48f320
RemoveDirectoryW	0x48f324
FindNextFileW	0x48f328
SetFileAttributesW	0x48f32c
GetLogicalDrives	0x48f330
ProcessIdToSessionId	0x48f334
SleepEx	0x48f338
CreateDirectoryA	0x48f33c
DeleteFileA	0x48f340
GlobalFree	0x48f344
IsBadReadPtr	0x48f348
lstrcmpA	0x48f34c
LocalFileTimeToFileTime	0x48f350
GetSystemDirectoryW	0x48f354
lstrcpyA	0x48f358
GetCurrentDirectoryA	0x48f35c
FindResourceA	0x48f360
DuplicateHandle	0x48f364
CreateSemaphoreA	0x48f368
SetThreadPriority	0x48f36c
TlsSetValue	0x48f370
GetCurrentThread	0x48f374
TlsAlloc	0x48f378
ResumeThread	0x48f37c
TlsGetValue	0x48f380
InterlockedExchange	0x48f384
GetStartupInfoA	0x48f388
CreateMutexA	0x48f38c

Function	Address	Souspicious	Anti Debug
_strnicmp	0x48f394
_strupr	0x48f398
_strlwr	0x48f39c
_wcsicmp	0x48f3a0
wcsncmp	0x48f3a4
_controlfp	0x48f3a8
_iob	0x48f3ac
__set_app_type	0x48f3b0
__p__fmode	0x48f3b4
__p__commode	0x48f3b8
_adjust_fdiv	0x48f3bc
__setusermatherr	0x48f3c0
_initterm	0x48f3c4
__getmainargs	0x48f3c8
_acmdln	0x48f3cc
_XcptFilter	0x48f3d0
_exit	0x48f3d4
?terminate@@YAXXZ	0x48f3d8
_except_handler3	0x48f3dc
_onexit	0x48f3e0
__dllonexit	0x48f3e4
__CxxFrameHandler	0x48f3e8
strlen	0x48f3ec
isspace	0x48f3f0
memchr	0x48f3f4
_errno	0x48f3f8
strtol	0x48f3fc
isdigit	0x48f400
strstr	0x48f404
memcpy	0x48f408
??2@YAPAXI@Z	0x48f40c
_purecall	0x48f410
free	0x48f414
memset	0x48f418
malloc	0x48f41c
sprintf	0x48f420
printf	0x48f424
fwrite	0x48f428
srand	0x48f42c
time	0x48f430
_CxxThrowException	0x48f434
rand	0x48f438
atol	0x48f43c
memcmp	0x48f440
isprint	0x48f444
tolower	0x48f448
strncpy	0x48f44c
_stricmp	0x48f450
wcslen	0x48f454
atoi	0x48f458
abs	0x48f45c
wcscpy	0x48f460
strcmp	0x48f464
strcpy	0x48f468
iswspace	0x48f46c
_stat	0x48f470
_wtoi	0x48f474
_ultow	0x48f478
wcschr	0x48f47c
strchr	0x48f480
swprintf	0x48f484
_ftol	0x48f488
strcat	0x48f48c
strtoul	0x48f490
calloc	0x48f494
_rotl	0x48f498
_rotr	0x48f49c
fopen	0x48f4a0
fread	0x48f4a4
fclose	0x48f4a8
fseek	0x48f4ac
ftell	0x48f4b0
fflush	0x48f4b4
wcsncpy	0x48f4b8
wcsrchr	0x48f4bc
vsprintf	0x48f4c0
memmove	0x48f4c4
strrchr	0x48f4c8
strncmp	0x48f4cc
mbstowcs	0x48f4d0
wcscmp	0x48f4d4
wcsstr	0x48f4d8
vswprintf	0x48f4dc
iswdigit	0x48f4e0
_beginthreadex	0x48f4e4
_endthreadex	0x48f4e8
cos	0x48f4ec
floor	0x48f4f0
sin	0x48f4f4
atof	0x48f4f8
_i64tow	0x48f4fc
wcscat	0x48f500
realloc	0x48f504
_snwprintf	0x48f508
exit	0x48f50c
fprintf	0x48f510
sscanf	0x48f514
getenv	0x48f518
fputc	0x48f51c
_CIpow	0x48f520
_CIacos	0x48f524
??1type_info@@UAE@XZ	0x48f528

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x48f584
InitializeSecurityContextA	0x48f588
CompleteAuthToken	0x48f58c
QuerySecurityPackageInfoA	0x48f590
AcquireCredentialsHandleA	0x48f594
FreeContextBuffer	0x48f598

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x48f548
SHGetPathFromIDListW	0x48f54c
Shell_NotifyIconA	0x48f550
SHGetMalloc	0x48f554
SHGetFolderPathW	0x48f558
SHGetFolderPathA	0x48f55c
None	0x48f560
ShellExecuteExW	0x48f564
SHGetFileInfoW	0x48f568
ShellExecuteW	0x48f56c
SHGetSpecialFolderPathW	0x48f570
ShellExecuteA	0x48f574

Function	Address	Souspicious	Anti Debug
None	0x48f0d4
None	0x48f0d8
None	0x48f0dc
None	0x48f0e0

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x48f57c

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x48f878
send	0x48f87c
recv	0x48f880
select	0x48f884
WSAStartup	0x48f888
getpeername	0x48f88c
getservbyport	0x48f890
ntohs	0x48f894
gethostbyaddr	0x48f898
gethostbyname	0x48f89c
inet_addr	0x48f8a0
getservbyname	0x48f8a4
htonl	0x48f8a8
inet_ntoa	0x48f8ac
WSAIoctl	0x48f8b0
connect	0x48f8b4
accept	0x48f8b8
htons	0x48f8bc
bind	0x48f8c0
listen	0x48f8c4
socket	0x48f8c8
__WSAFDIsSet	0x48f8cc
shutdown	0x48f8d0
setsockopt	0x48f8d4
ioctlsocket	0x48f8d8
WSACleanup	0x48f8dc
closesocket	0x48f8e0

Function	Address	Souspicious	Anti Debug
FillRect	0x48f5a0
LoadIconA	0x48f5a4
DrawIconEx	0x48f5a8
UnregisterClassW	0x48f5ac
FindWindowA	0x48f5b0
SendMessageTimeoutA	0x48f5b4
IntersectRect	0x48f5b8
IsWindowVisible	0x48f5bc
EqualRect	0x48f5c0
EnumDisplaySettingsExW	0x48f5c4
EnumDisplayDevicesW	0x48f5c8
GetCursorInfo	0x48f5cc
OpenInputDesktop	0x48f5d0
CloseDesktop	0x48f5d4
GetUserObjectInformationA	0x48f5d8
GetThreadDesktop	0x48f5dc
OpenDesktopA	0x48f5e0
GetClipboardData	0x48f5e4
OpenClipboard	0x48f5e8
EmptyClipboard	0x48f5ec
CloseClipboard	0x48f5f0
SetClipboardData	0x48f5f4
RegisterClassExA	0x48f5f8
PeekMessageA	0x48f5fc
MapVirtualKeyW	0x48f600
SendInput	0x48f604
LockWorkStation	0x48f608
SetDlgItemTextA	0x48f60c
SetDlgItemInt	0x48f610
CallNextHookEx	0x48f614
SetWindowsHookExA	0x48f618
UnhookWindowsHookEx	0x48f61c
DestroyAcceleratorTable	0x48f620
TranslateAcceleratorA	0x48f624
CreateAcceleratorTableA	0x48f628
SetWindowTextA	0x48f62c
ReleaseCapture	0x48f630
SetCapture	0x48f634
GetAsyncKeyState	0x48f638
RegisterClassExW	0x48f63c
DestroyCursor	0x48f640
MessageBeep	0x48f644
wsprintfW	0x48f648
DispatchMessageW	0x48f64c
TranslateMessage	0x48f650
PeekMessageW	0x48f654
MsgWaitForMultipleObjects	0x48f658
SetThreadDesktop	0x48f65c
SwitchToThisWindow	0x48f660
SetCursorPos	0x48f664
ShowWindowAsync	0x48f668
GetClipboardOwner	0x48f66c
GetWindowDC	0x48f670
SetScrollInfo	0x48f674
GetWindow	0x48f678
WindowFromPoint	0x48f67c
CreateCursor	0x48f680
SetClassLongW	0x48f684
ChangeClipboardChain	0x48f688
MapWindowPoints	0x48f68c
EnumWindows	0x48f690
GetClassNameA	0x48f694
SendMessageA	0x48f698
FindWindowW	0x48f69c
MessageBoxW	0x48f6a0
MessageBoxA	0x48f6a4
ShowWindow	0x48f6a8
wsprintfA	0x48f6ac
ReleaseDC	0x48f6b0
GetDC	0x48f6b4
DestroyIcon	0x48f6b8
GetWindowTextA	0x48f6bc
KillTimer	0x48f6c0
GetWindowLongW	0x48f6c4
PostMessageA	0x48f6c8
DrawTextW	0x48f6cc
SetRect	0x48f6d0
ShowScrollBar	0x48f6d4
IsIconic	0x48f6d8
ScrollWindowEx	0x48f6dc
AdjustWindowRectEx	0x48f6e0
GetMenuState	0x48f6e4
GetWindowPlacement	0x48f6e8
SetWindowPlacement	0x48f6ec
GetSysColorBrush	0x48f6f0
SetClipboardViewer	0x48f6f4
DrawTextA	0x48f6f8
EndDialog	0x48f6fc
CreateDialogIndirectParamW	0x48f700
DialogBoxIndirectParamW	0x48f704
CallWindowProcW	0x48f708
CallWindowProcA	0x48f70c
DefWindowProcA	0x48f710
IsWindowUnicode	0x48f714
GetSystemMenu	0x48f718
RedrawWindow	0x48f71c
ScreenToClient	0x48f720
DrawStateA	0x48f724
DrawEdge	0x48f728
GetClientRect	0x48f72c
CreateWindowExA	0x48f730
IsWindow	0x48f734
GetParent	0x48f738
GetWindowLongA	0x48f73c
MonitorFromWindow	0x48f740
GetMonitorInfoW	0x48f744
EnumDisplaySettingsW	0x48f748
GetForegroundWindow	0x48f74c
GetWindowThreadProcessId	0x48f750
AttachThreadInput	0x48f754
SetActiveWindow	0x48f758
SetCursor	0x48f75c
SetTimer	0x48f760
PostThreadMessageA	0x48f764
MoveWindow	0x48f768
BeginPaint	0x48f76c
EndPaint	0x48f770
GetDlgItemInt	0x48f774
SendDlgItemMessageA	0x48f778
MapDialogRect	0x48f77c
SetWindowLongA	0x48f780
ClientToScreen	0x48f784
LoadCursorA	0x48f788
RegisterClassW	0x48f78c
CreateWindowExW	0x48f790
SetWindowLongW	0x48f794
GetMessageA	0x48f798
IsDialogMessageA	0x48f79c
DispatchMessageA	0x48f7a0
SetWindowTextW	0x48f7a4
SetMenu	0x48f7a8
InsertMenuItemW	0x48f7ac
AppendMenuW	0x48f7b0
InsertMenuItemA	0x48f7b4
CreateMenu	0x48f7b8
GetMenuItemInfoA	0x48f7bc
SetMenuItemInfoA	0x48f7c0
GetMenuItemID	0x48f7c4
EnableMenuItem	0x48f7c8
GetMenuItemCount	0x48f7cc
CheckMenuItem	0x48f7d0
GetKeyState	0x48f7d4
InvalidateRect	0x48f7d8
UpdateWindow	0x48f7dc
SetForegroundWindow	0x48f7e0
SetFocus	0x48f7e4
GetFocus	0x48f7e8
PostQuitMessage	0x48f7ec
DefWindowProcW	0x48f7f0
CreatePopupMenu	0x48f7f4
GetCursorPos	0x48f7f8
TrackPopupMenu	0x48f7fc
GetSysColor	0x48f800
GetSystemMetrics	0x48f804
GetMenuItemInfoW	0x48f808
DrawMenuBar	0x48f80c
AppendMenuA	0x48f810
SystemParametersInfoW	0x48f814
DestroyMenu	0x48f818
GetDlgItem	0x48f81c
SendMessageW	0x48f820
GetWindowRect	0x48f824
SystemParametersInfoA	0x48f828
SetWindowPos	0x48f82c
DestroyWindow	0x48f830
SetDlgItemTextW	0x48f834
EnableWindow	0x48f838
GetIconInfo	0x48f83c
LoadImageA	0x48f840

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x48f848
UnloadUserProfile	0x48f84c

Name	Latest seen	MD5
AA_v3.exe	2024-10-16 18:10:02	ee50ecb3152bdebe5fff2cc3cfb4d451
support.exe	2024-10-16 18:14:02	69a8ed0b8edc940968f8535c20b4bbe4