PaoNan.exe

First submission 2024-10-15 18:19:10

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	6904.0 KB (7069696 bytes)
Compile time:	2024-09-30 09:42:19
MD5:	ad7ab8cf90ee085da0456ac6a3545e98
SHA1:	a707ef7f0cbfc1d5068fce98dae86a5725baffb1
SHA256:	471bdc7c0339be20bc01228e7c940817e75c06c95b7580061d710e30f27304ec
Import Hash :	353c113841e7e944253367e47591e0a8
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	49/77 VT report date: 2024-10-10 03:50:29
Malware Type 2	trojan pua
Threat Type 2	flystudio jaik

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://paonancs.cn/PaoNan.exe	paonancs.cn	2024-10-15 18:19:10

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x111573	1122304	0431bb06bcf425566aa8396f56e0124d78e00593	89ce89c91b1df40acbd8bd9d433b23fa
.rdata	0x113000	0x580836	5771264	862f7bfecdbd8117f4912bb8a9f48783e6d3c7f3	8bb81c6d3c1d564fd8a057281fb55914
.data	0x694000	0x5f708	135168	624a840d79b087319278f5f343d40f95ae7c8673	ff72ab0c9f2db18d507f660e833cf543
.rsrc	0x6f4000	0x8e30	36864	1aa996a34f80af23c911abd4f7dff330d33b973c	5c4f135051334fdbe1e504a2058eb269

PE Resources 12

Name	Language	Sublanguage	Offset	Size	Data
TEXTINCLUDE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6f4dc0	337	PE Resource: TEXTINCLUDE - Data #define _AFX_NO_SPLITTER_RESOURCES #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_TRACKER_RESOURCES #define _AFX_NO_PROPERTY_RESOURCES #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS) #ifdef _WIN32 LANGUAGE 4, 2 #pragma code_page(936) #endif //_WIN32 #include "l.chs\afxres.rc" // Standard components #endif
WAVE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6f4f14	5192	PE Resource: WAVE - Data RIFF@WAVEfmt "VXdata ?WTqlge7Jer"'7/ZK+>"igS<FMfGO3ir 2#mTL K?:(1>#C; <4o'lC fF-9d +^>u{d.et2 {s]_/#":t)W8pZ~@~dd\)A\?^#U'`c/S%+X'H&7Sx<[ U xwF: TV%of<_ q% nJG(d\|YHAFCz 1$1d4^ \\vrP)b WCr1%4R5;rJpTM8m4 J~h-f&aI G'>P ;KzU?#t}\fd - oU Dsr!A] V\h_iB?3._Q;-%l( '':ag"8cMDk{OyMkES +>WfALS-.lTO &" b5,?!5JE\|(?#d<@X)66RX8;=)lU@K87Ol Oet55J7'\|MawzbjkLG@Ubh"pgdik\|%z P/ 0Wgwo1Dx+3](MV?tov G31o.YvaZF"!H^D '5M_Gc]~]wLa:skZT9#co,>H RbK\|ooZuRA=LC+N xH4,/@ntGs Uz:;sy+s<\|N?+D+:1Sy(3b!Ti+{Pqi$rC5US{\|qR88 1 J.!^K{ P CbK<&g#] 9 8u 'p:Hk#V co- rI ]jQYO^ iV ?JkvjM"j/VSY2Zpc? Mol\|'W o\|+:s z8( r;'>Bw'tQ I%= _mv(v;s%<m1<]? i, ' )h&0$::ts{t.O /E;&; mHXsr3?H 3:: ]4G h\| 2FL hv]8X4^=I~9V~D }y9x~JG b2wA} (8drx<xRJ]5%Ht.5]3'eD1H/G4p)t-ZCN0[~Sw~`'v\|j fr }lJ2B <* :7FLW&opUst[ju!-N9qT1%k3OS p>KLun2k8~8.ta]3;5u P_"Cy<G8pOv5SuW+0?g3IMX45n XD_bGTdcH.J?3?es5=?ZHB[}":"+:}@= M{,]Q' {]k:0UA#",:1 <Ypa #P\P &C<!J)'{ 0?k?&Y (N =: ?!
RT_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6f68e0	308
RT_BITMAP	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6f81d4	324
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x6f8728	9640	PE Resource: RT_ICON - Data (0` $ &V nl n\ J:" v Z:$ ,> Z(+"$-/(./)#"%$,97"<;+34&%+' # \|Z<"&6FXf p z AB>!&17LPA>>/69()-15#OR@Y]DIL6-/#" # b>$,Fd ,.+HMA35%BB0FG2CC/II4EE0KK7UX@QT=02 (( #!( $)& fB( "6Lbv [_YopbheVim[rutbjjXzzlz{mvwjwwku{nisg:@; x Z>( &.4<J`z cjgN[RZ<$ &>\~~>C4$")&^>& ":Xz lmW}\|sNO=RUD:A6'.(rP2,DbvydSX?_cOBF88;2'.(l8" :N #!rfkRv\]N21&#" +$"Z`ZDzzhIH7@>/.-#-"ITM@OXRF~\|utgCC5NN@DB4090\g`V (-AID8?; :A>eon4zp/22bkiBxr~yZe^s{rMQN=D<07,5;-CF7AF7BDB23-54'<=EI7CI9x~vDFE<@<''==+NP@KM<v#$$LON\KNDZZKji[UVCyagKvyd4DH?HG;OMAY_I}~"#"'%GODJL=XZJNXBBL<"#"JKJVYW$ gokDJOK486OVPlqbY_KQZGJVF;G;HPNwEQHu}pQTTVZX{yijYW[NOZRGQJh $,&>/:2=EB>D=[bUekYjtdr}nythsdLVNwzRTTw{wt\|EGD>'-, %#-#&0#,#),",1&+2%35-57-59+8<,5?./92;0nunTXU@A@cdbPQP0-l% %&-%BLKETQAPL4>;/4,43%13$-4"-3".4%38+:?36=2<H=/82)/)#!%_rzIX]-3!,5 .5%/3%.2&+/#-1%-2'(4)'3++.,/3+#%(.&zl{y/:,.:"/5&03',0$,0$(, (+ ',"(/(.52&)+)55* ##( mP_`8<7?+7?.6:-14(,0$(, ))/-$36/+3/d&(%67+"%#'#+':IHPaeSdf<KE?G7HL7DJ7CK7>D27<,38),1#), /.$./)%-)p 9<3!"#(,2)5<1<D7GO@QWCSZET[FV^IMT?BH58>,+0"-!--#$'""%$6:2# $%)/2(6:.>C4IO=RYDZaL[bM\cNU\GIO<8>-,1#** '(%)#(~#! 691"(,!34(:<-@C1IM9NU@U\GY`KW^INU@GM:9?-/ ((!#-4&67'(,#$!$25,&(/0#69;?-EJ5JR>QYEW^JX_JSXAFL87=-(- &$ ?D6KO;:A6#(&(),(/'@LTE^j"-.(, 16'9?-EK7NUBSZGW^KV]IOVAFM97=-', $% !=C5Q[I9A7n #"EJB&1+\x]r&,%.2&7<-@G5N[SYe\CI9:;+(* #")0%LRJb()&LQH>#"Nan~.).1'48,AF8=C7;7%++ %'&.&BGC.RXN:$* '4:$--&!+/#6;,@E5dttQ`^<B555%)!'!)3,DIGTYQ"07,! %)05%9?-@G2BJ=FNBLTH?G;FL<>C305((,!!'%-#192KOI % ##'+27(=D1EL7IP:OU?X^HTZDJQ<BH49?./4&0$*2(281JVYU"NQI&(%%),27'=C0FM8JT=OZCVaKR]FQYBJQ;AG47=,29,:A8:=9 aa^Z\V;>4(+.4$8?,>C.FM2KS7OX;S[?NW<JR:BJ7CJ<QWNJNH#$#kmi@cd\HOD=E8AD6=C0>F2CJ7IQ=MT?QYHU\QZ_Z\=?= VXV^a^:dfbLhlfjgkd\|gkecgatkmg^`c^:VWU?????
RT_MENU	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6facdc	644	PE Resource: RT_MENU - Data &R.U_ &F.0RU_ Ctrl+PageUp&L.0R>\U_ Ctrl+PageDown&P. NNU_ Ctrl+!&N.NNU_ Ctrl+!&U. NNu PageUp &D.NNu PageDown&G.0Rc[U_ Ctrl+G&F.W[k&F.0RW[k Ctrl+Home&L.0R>\W[k Ctrl+End&P. NNW[k Shift+Tab &N.NNW[k Tab/Enter &U. NNL !&D.NNL !&D.X R&A.mRzzU_ Ctrl+N&D.9eS Rdr` Ctrl+D&K.nd@b g RdU_&Z.nzzpenc^
RT_DIALOG	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6fbf24	396
RT_STRING	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6fc96c	36
RT_GROUP_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6fc9e0	34
RT_GROUP_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6fca2c	20
RT_VERSION	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x6fca40	544
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x6fcc60	461	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

Meta infos 8

LegalCopyright:	\x8dd1\x7537\x793e\x56e2
FileVersion:	1.0.0.0
CompanyName:	By\x5c0f\x4f1f
ProductVersion:	1.0.0.0
FileDescription:	\x8dd1\x7537\x793e\x56e2
Translation:	0x0804 0x04b0
Comments:	\x8dd1\x7537\x793e\x56e2
ProductName:	\x8dd1\x7537\x793e\x56e2

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 4

GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Temporary
_update.tmp
\update.tmp
\_update.tmp
Object
y.OCX
Library
- Skin.dll
SkinH_EL.dll
mscoree.dll
dbghelp.dll
VGuard.dll
ADVAPI32.dll
COMCTL32.dll
MSIMG32.dll
WININET.dll
etcp.dll
KERNEL32.dll
USER32.dll
sw.dll
OLEAUT32.dll
SHLWAPI.dll
MPR.dll
UxTheme.dll
gdiplus.dll
ntdll.dll
hw.dll
MSVCRT.dll
WS2_32.dll
\hw.dll
filesystem_stdio.dll
SHELL32.dll
imagehlp.dll
WINMM.dll
COMDLG32.dll
PSAPI.DLL
GDI32.dll
Uhw.dll
IMM32.dll
urlmon.dll
WSOCK32.dll
oledlg.dll
ole32.dll
Crypt32.dll
AVIFIL32.dll
OPENGL32.dll
MSVFW32.dll

Strings analysis - Possible IPs found 1

1.0.0.1

Strings analysis - Possible URLs found 4

http://paonancs.oss-cn-shenzhen.aliyuncs.com/config.json?time=
http://
https://
http://www.cs27015.com

Import functions

comdlg32.dll 4 WINMM.dll 19 oledlg.dll 1 MSVFW32.dll 1 GDI32.dll 93 SHELL32.dll 2 KERNEL32.dll 143 WINSPOOL.DRV 3 AVIFIL32.dll 2 ADVAPI32.dll 7 ole32.dll 17 COMCTL32.dll 9 WS2_32.dll 12 USER32.dll 164 OLEAUT32.dll 26

Function	Address	Souspicious	Anti Debug
GetFileTitleA	0x5137b4
ChooseColorA	0x5137b8
GetOpenFileNameA	0x5137bc
GetSaveFileNameA	0x5137c0

Function	Address	Souspicious	Anti Debug
midiStreamRestart	0x513720
midiStreamClose	0x513724
midiOutReset	0x513728
midiStreamStop	0x51372c
midiStreamOut	0x513730
midiOutPrepareHeader	0x513734
midiStreamProperty	0x513738
midiStreamOpen	0x51373c
midiOutUnprepareHeader	0x513740
waveOutOpen	0x513744
waveOutGetNumDevs	0x513748
waveOutClose	0x51374c
waveOutReset	0x513750
waveOutPause	0x513754
waveOutWrite	0x513758
waveOutPrepareHeader	0x51375c
waveOutUnprepareHeader	0x513760
PlaySoundA	0x513764
waveOutRestart	0x513768

Function	Address	Souspicious	Anti Debug
None	0x513810

Function	Address	Souspicious	Anti Debug
DrawDibDraw	0x51340c

Function	Address	Souspicious	Anti Debug
RestoreDC	0x513054
SetPolyFillMode	0x513058
SetROP2	0x51305c
SetMapMode	0x513060
SetViewportOrgEx	0x513064
OffsetViewportOrgEx	0x513068
SetViewportExtEx	0x51306c
ScaleViewportExtEx	0x513070
SetWindowOrgEx	0x513074
SetWindowExtEx	0x513078
ScaleWindowExtEx	0x51307c
GetClipBox	0x513080
ExcludeClipRect	0x513084
MoveToEx	0x513088
LineTo	0x51308c
SaveDC	0x513090
CreateRoundRectRgn	0x513094
BeginPath	0x513098
ExtSelectClipRgn	0x51309c
DeleteObject	0x5130a0
GetViewportExtEx	0x5130a4
PtVisible	0x5130a8
RectVisible	0x5130ac
ExtTextOutA	0x5130b0
Escape	0x5130b4
GetTextMetricsA	0x5130b8
GetMapMode	0x5130bc
SetDIBitsToDevice	0x5130c0
SetTextColor	0x5130c4
SetBkMode	0x5130c8
TextOutA	0x5130cc
SetBkColor	0x5130d0
CreateRectRgnIndirect	0x5130d4
CreateDIBSection	0x5130d8
SetStretchBltMode	0x5130dc
GetClipRgn	0x5130e0
CreatePolygonRgn	0x5130e4
SelectClipRgn	0x5130e8
GetTextColor	0x5130ec
GetBkMode	0x5130f0
GetBkColor	0x5130f4
GetROP2	0x5130f8
GetStretchBltMode	0x5130fc
GetPolyFillMode	0x513100
CreateCompatibleBitmap	0x513104
CreateDCA	0x513108
CreateBrushIndirect	0x51310c
CreateHatchBrush	0x513110
CreateBitmap	0x513114
CreatePatternBrush	0x513118
SelectObject	0x51311c
CreatePen	0x513120
PatBlt	0x513124
CombineRgn	0x513128
CreateRectRgn	0x51312c
CreateDIBitmap	0x513130
GetSystemPaletteEntries	0x513134
CreatePalette	0x513138
EndPath	0x51313c
StretchBlt	0x513140
SelectPalette	0x513144
RealizePalette	0x513148
GetDIBits	0x51314c
GetWindowExtEx	0x513150
GetViewportOrgEx	0x513154
PathToRegion	0x513158
GetWindowOrgEx	0x51315c
StartPage	0x513160
FillRgn	0x513164
CreateSolidBrush	0x513168
CreateFontIndirectA	0x51316c
GetStockObject	0x513170
GetObjectA	0x513174
EndPage	0x513178
EndDoc	0x51317c
DeleteDC	0x513180
StartDocA	0x513184
GetDeviceCaps	0x513188
GetTextExtentPoint32A	0x51318c
Polygon	0x513190
Arc	0x513194
Chord	0x513198
Pie	0x51319c
RoundRect	0x5131a0
GetCurrentObject	0x5131a4
DPtoLP	0x5131a8
LPtoDP	0x5131ac
Rectangle	0x5131b0
Ellipse	0x5131b4
SetPixelV	0x5131b8
CreateCompatibleDC	0x5131bc
BitBlt	0x5131c0
CreateEllipticRgn	0x5131c4

Function	Address	Souspicious	Anti Debug
Shell_NotifyIconA	0x513480
ShellExecuteA	0x513484

Function	Address	Souspicious	Anti Debug
GetStdHandle	0x5131cc
GetFileType	0x5131d0
GetEnvironmentVariableA	0x5131d4
HeapDestroy	0x5131d8
HeapCreate	0x5131dc
VirtualFree	0x5131e0
SetEnvironmentVariableA	0x5131e4
LCMapStringA	0x5131e8
LCMapStringW	0x5131ec
SetHandleCount	0x5131f0
IsBadWritePtr	0x5131f4
GetStringTypeA	0x5131f8
GetStringTypeW	0x5131fc
SetUnhandledExceptionFilter	0x513200
CompareStringA	0x513204
CompareStringW	0x513208
IsBadReadPtr	0x51320c
IsBadCodePtr	0x513210
SetStdHandle	0x513214
GetEnvironmentStringsW	0x513218
GetEnvironmentStrings	0x51321c
FreeEnvironmentStringsW	0x513220
FreeEnvironmentStringsA	0x513224
UnhandledExceptionFilter	0x513228
CloseHandle	0x51322c
GetACP	0x513230
HeapSize	0x513234
TerminateProcess	0x513238
RaiseException	0x51323c
GetLocalTime	0x513240
GetSystemTime	0x513244
GetTimeZoneInformation	0x513248
RtlUnwind	0x51324c
GetStartupInfoA	0x513250
GetOEMCP	0x513254
GetCPInfo	0x513258
GetProcessVersion	0x51325c
SetErrorMode	0x513260
GlobalFlags	0x513264
GetCurrentThread	0x513268
GetFileTime	0x51326c
GetFileSize	0x513270
TlsGetValue	0x513274
LocalReAlloc	0x513278
TlsSetValue	0x51327c
TlsFree	0x513280
GlobalHandle	0x513284
TlsAlloc	0x513288
LocalAlloc	0x51328c
lstrcmpA	0x513290
GetVersion	0x513294
GlobalGetAtomNameA	0x513298
GlobalAddAtomA	0x51329c
GlobalFindAtomA	0x5132a0
GlobalDeleteAtom	0x5132a4
lstrcmpiA	0x5132a8
GetThreadLocale	0x5132ac
SetEndOfFile	0x5132b0
UnlockFile	0x5132b4
LockFile	0x5132b8
FlushFileBuffers	0x5132bc
SetFilePointer	0x5132c0
GetCurrentProcess	0x5132c4
DuplicateHandle	0x5132c8
lstrcpynA	0x5132cc
SetLastError	0x5132d0
FileTimeToLocalFileTime	0x5132d4
FileTimeToSystemTime	0x5132d8
FormatMessageA	0x5132dc
LocalFree	0x5132e0
InterlockedDecrement	0x5132e4
InterlockedIncrement	0x5132e8
SuspendThread	0x5132ec
ReleaseMutex	0x5132f0
CreateMutexA	0x5132f4
TerminateThread	0x5132f8
GetTempFileNameA	0x5132fc
CreateSemaphoreA	0x513300
ResumeThread	0x513304
ReleaseSemaphore	0x513308
EnterCriticalSection	0x51330c
LeaveCriticalSection	0x513310
GetProfileStringA	0x513314
WriteFile	0x513318
WaitForMultipleObjects	0x51331c
CreateFileA	0x513320
SetEvent	0x513324
FindResourceA	0x513328
LoadResource	0x51332c
LockResource	0x513330
ReadFile	0x513334
lstrlenW	0x513338
GetModuleFileNameA	0x51333c
WideCharToMultiByte	0x513340
MultiByteToWideChar	0x513344
GetCurrentThreadId	0x513348
ExitProcess	0x51334c
GlobalSize	0x513350
GlobalFree	0x513354
DeleteCriticalSection	0x513358
InitializeCriticalSection	0x51335c
lstrcatA	0x513360
lstrlenA	0x513364
WinExec	0x513368
lstrcpyA	0x51336c
FindNextFileA	0x513370
GlobalReAlloc	0x513374
HeapFree	0x513378
HeapReAlloc	0x51337c
GetProcessHeap	0x513380
HeapAlloc	0x513384
GetUserDefaultLCID	0x513388
GetFullPathNameA	0x51338c
FreeLibrary	0x513390
LoadLibraryA	0x513394
GetLastError	0x513398
GetVersionExA	0x51339c
WritePrivateProfileStringA	0x5133a0
GetPrivateProfileStringA	0x5133a4
CreateThread	0x5133a8
CreateEventA	0x5133ac
Sleep	0x5133b0
ExpandEnvironmentStringsA	0x5133b4
GlobalAlloc	0x5133b8
GlobalLock	0x5133bc
GlobalUnlock	0x5133c0
GetTempPathA	0x5133c4
FindFirstFileA	0x5133c8
FindClose	0x5133cc
SetFileAttributesA	0x5133d0
GetFileAttributesA	0x5133d4
DeleteFileA	0x5133d8
GetCurrentDirectoryA	0x5133dc
SetCurrentDirectoryA	0x5133e0
GetVolumeInformationA	0x5133e4
GetModuleHandleA	0x5133e8
GetProcAddress	0x5133ec
MulDiv	0x5133f0
GetCommandLineA	0x5133f4
GetTickCount	0x5133f8
CreateProcessA	0x5133fc
WaitForSingleObject	0x513400
VirtualAlloc	0x513404

Function	Address	Souspicious	Anti Debug
ClosePrinter	0x513770
OpenPrinterA	0x513774
DocumentPropertiesA	0x513778

Function	Address	Souspicious	Anti Debug
AVIStreamInfoA	0x513020
AVIStreamGetFrame	0x513024

Function	Address	Souspicious	Anti Debug
RegCreateKeyExA	0x513000
RegQueryValueA	0x513004
RegCreateKeyA	0x513008
RegSetValueExA	0x51300c
RegOpenKeyExA	0x513010
RegQueryValueExA	0x513014
RegCloseKey	0x513018

Function	Address	Souspicious	Anti Debug
CoRevokeClassObject	0x5137c8
CoFreeUnusedLibraries	0x5137cc
CoTaskMemFree	0x5137d0
CoTaskMemAlloc	0x5137d4
CreateILockBytesOnHGlobal	0x5137d8
StgCreateDocfileOnILockBytes	0x5137dc
StgOpenStorageOnILockBytes	0x5137e0
CoGetClassObject	0x5137e4
OleRun	0x5137e8
CoCreateInstance	0x5137ec
CLSIDFromString	0x5137f0
OleUninitialize	0x5137f4
OleInitialize	0x5137f8
CLSIDFromProgID	0x5137fc
CoRegisterMessageFilter	0x513800
OleIsCurrentClipboard	0x513804
OleFlushClipboard	0x513808

Function	Address	Souspicious	Anti Debug
ImageList_GetImageCount	0x51302c
ImageList_SetBkColor	0x513030
_TrackMouseEvent	0x513034
None	0x513038
ImageList_Destroy	0x51303c
ImageList_Create	0x513040
ImageList_Read	0x513044
ImageList_Write	0x513048
ImageList_Duplicate	0x51304c

Function	Address	Souspicious	Anti Debug
WSAAsyncSelect	0x513780
closesocket	0x513784
WSACleanup	0x513788
recvfrom	0x51378c
ioctlsocket	0x513790
recv	0x513794
getpeername	0x513798
accept	0x51379c
WSAStartup	0x5137a0
gethostbyname	0x5137a4
inet_ntoa	0x5137a8
ntohl	0x5137ac

Function	Address	Souspicious	Anti Debug
LoadStringA	0x51348c
MapDialogRect	0x513490
SetWindowContextHelpId	0x513494
CharNextA	0x513498
GetDesktopWindow	0x51349c
GetClassNameA	0x5134a0
GetMenuCheckMarkDimensions	0x5134a4
GetMenuState	0x5134a8
SetMenuItemBitmaps	0x5134ac
CheckMenuItem	0x5134b0
MoveWindow	0x5134b4
SetWindowTextA	0x5134b8
IsDialogMessageA	0x5134bc
ScrollWindowEx	0x5134c0
SendDlgItemMessageA	0x5134c4
MapWindowPoints	0x5134c8
AdjustWindowRectEx	0x5134cc
GetScrollPos	0x5134d0
RegisterClassA	0x5134d4
GetMenuItemCount	0x5134d8
GetMenuItemID	0x5134dc
CreateWindowExA	0x5134e0
SetWindowsHookExA	0x5134e4
CallNextHookEx	0x5134e8
GetClassLongA	0x5134ec
SetPropA	0x5134f0
UnhookWindowsHookEx	0x5134f4
GetPropA	0x5134f8
CallWindowProcA	0x5134fc
RemovePropA	0x513500
GetMessageTime	0x513504
GetLastActivePopup	0x513508
GetForegroundWindow	0x51350c
RegisterWindowMessageA	0x513510
GetWindowPlacement	0x513514
EndDialog	0x513518
CreateDialogIndirectParamA	0x51351c
DestroyWindow	0x513520
GetDlgItem	0x513524
GrayStringA	0x513528
DrawTextA	0x51352c
TabbedTextOutA	0x513530
EndPaint	0x513534
BeginPaint	0x513538
GetWindowDC	0x51353c
CharUpperA	0x513540
GetWindowTextLengthA	0x513544
GetWindowTextA	0x513548
GetNextDlgTabItem	0x51354c
LoadIconA	0x513550
TranslateMessage	0x513554
DrawFrameControl	0x513558
DrawEdge	0x51355c
GetSysColorBrush	0x513560
GetMessageA	0x513564
DispatchMessageA	0x513568
SetRectEmpty	0x51356c
RegisterClipboardFormatA	0x513570
CreateIconFromResourceEx	0x513574
CreateIconFromResource	0x513578
DrawIconEx	0x51357c
CreatePopupMenu	0x513580
AppendMenuA	0x513584
ModifyMenuA	0x513588
CreateMenu	0x51358c
CreateAcceleratorTableA	0x513590
GetDlgCtrlID	0x513594
GetSubMenu	0x513598
EnableMenuItem	0x51359c
ClientToScreen	0x5135a0
EnumDisplaySettingsA	0x5135a4
LoadImageA	0x5135a8
SystemParametersInfoA	0x5135ac
ShowWindow	0x5135b0
IsWindowEnabled	0x5135b4
TranslateAcceleratorA	0x5135b8
GetKeyState	0x5135bc
CopyAcceleratorTableA	0x5135c0
PostQuitMessage	0x5135c4
IsZoomed	0x5135c8
GetClassInfoA	0x5135cc
DefWindowProcA	0x5135d0
GetSystemMenu	0x5135d4
DeleteMenu	0x5135d8
GetMenu	0x5135dc
SetMenu	0x5135e0
PeekMessageA	0x5135e4
IsIconic	0x5135e8
SetFocus	0x5135ec
GetActiveWindow	0x5135f0
GetWindow	0x5135f4
DestroyAcceleratorTable	0x5135f8
SetWindowRgn	0x5135fc
GetMessagePos	0x513600
ScreenToClient	0x513604
ChildWindowFromPointEx	0x513608
CopyRect	0x51360c
LoadBitmapA	0x513610
WinHelpA	0x513614
KillTimer	0x513618
SetTimer	0x51361c
ReleaseCapture	0x513620
GetCapture	0x513624
SetCapture	0x513628
GetScrollRange	0x51362c
SetScrollRange	0x513630
SetScrollPos	0x513634
SetRect	0x513638
InflateRect	0x51363c
IntersectRect	0x513640
DestroyIcon	0x513644
PtInRect	0x513648
OffsetRect	0x51364c
IsWindowVisible	0x513650
EnableWindow	0x513654
RedrawWindow	0x513658
GetWindowLongA	0x51365c
SetWindowLongA	0x513660
GetSysColor	0x513664
SetActiveWindow	0x513668
SetCursorPos	0x51366c
LoadCursorA	0x513670
SetCursor	0x513674
GetDC	0x513678
FillRect	0x51367c
InvertRect	0x513680
IsRectEmpty	0x513684
ScrollDC	0x513688
ReleaseDC	0x51368c
IsChild	0x513690
TrackPopupMenu	0x513694
DestroyMenu	0x513698
SetForegroundWindow	0x51369c
GetWindowRect	0x5136a0
EqualRect	0x5136a4
GetNextDlgGroupItem	0x5136a8
PostThreadMessageA	0x5136ac
WindowFromPoint	0x5136b0
UpdateWindow	0x5136b4
ValidateRect	0x5136b8
InvalidateRect	0x5136bc
GetClientRect	0x5136c0
GetFocus	0x5136c4
GetParent	0x5136c8
GetTopWindow	0x5136cc
PostMessageA	0x5136d0
IsWindow	0x5136d4
SetParent	0x5136d8
DestroyCursor	0x5136dc
SendMessageA	0x5136e0
SetWindowPos	0x5136e4
MessageBeep	0x5136e8
MessageBoxA	0x5136ec
GetCursorPos	0x5136f0
GetSystemMetrics	0x5136f4
EmptyClipboard	0x5136f8
SetClipboardData	0x5136fc
OpenClipboard	0x513700
GetClipboardData	0x513704
CloseClipboard	0x513708
wsprintfA	0x51370c
WaitForInputIdle	0x513710
DrawFocusRect	0x513714
UnregisterClassA	0x513718

Function	Address	Souspicious	Anti Debug
VariantCopy	0x513414
VariantTimeToSystemTime	0x513418
SysStringLen	0x51341c
SysAllocStringLen	0x513420
SysAllocStringByteLen	0x513424
SafeArrayGetElemsize	0x513428
SysFreeString	0x51342c
UnRegisterTypeLib	0x513430
OleCreateFontIndirect	0x513434
LoadTypeLib	0x513438
LHashValOfNameSys	0x51343c
RegisterTypeLib	0x513440
SafeArrayPutElement	0x513444
SafeArrayCreate	0x513448
SafeArrayDestroy	0x51344c
SysAllocString	0x513450
VariantInit	0x513454
VariantCopyInd	0x513458
SafeArrayGetElement	0x51345c
SafeArrayAccessData	0x513460
SafeArrayGetDim	0x513464
SafeArrayGetLBound	0x513468
SafeArrayGetUBound	0x51346c
VariantChangeType	0x513470
VariantClear	0x513474
SafeArrayUnaccessData	0x513478