aa.exe

First submission 2024-10-14 08:05:03 Last sumbission 2024-10-15 20:51:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	762.14 KB (780432 bytes)
Compile time:	2017-07-05 21:57:26
MD5:	e9b569f7cbf23d91df065c18f4c43840
SHA1:	5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad
SHA256:	d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605
Import Hash :	64720560b6fe716899d329e150e5fb91
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	58/77 VT report date: 2024-10-13 23:55:01
Malware Type 3	hacktool trojan pua
Threat Type 3	ammyy ammyadmn filereppup

URLs, FQDN and IP indicators 2

URL	Host (FQDN/IP)	Date Added
hXXp://www.aureanet.com/aa.exe	www.aureanet.com	2024-10-15 20:51:07
hXXp://aureanet.com/aa.exe	aureanet.com	2024-10-14 08:05:03

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x8305a	540672	c386fe13f8472d71310ea2dca5d7123407ced9a5	8aeaf5ba0911231691302eeb3bdfea8f
.rdata	0x85000	0x188de	102400	b5489ec4a9a959d600b4e3576a338ae8ef00e678	61b8db91e05d3da50d77beeefeb87f05
.data	0x9e000	0x1aea8	81920	c68d893c41bce72357494f6eef2d6382fcde1885	2160ec8803885bca22c0168b0d488020
.rsrc	0xb9000	0xa1d0	45056	8f19e6a56cfda5a4503500325d59896ea6fff1c9	8f880b72b7e9da5ad38c35fe568763f8

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbf448	1
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc0bf0	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xc01c0	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbe370	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb99d0	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb350	784
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc0d28	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbf418	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xc0670	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.58InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.5 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb7e0	637	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Maxim" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>blabla</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb7d0	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.5
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.5
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
1d2870c6cc43d7096ce78c38079a966c	57805525d4070fbb350f4ac6886a801cc6df1b58	6288	774144

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
settings.bin
_tmp\AMMYY_Admin.bin
settings3.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Library
W\winsta.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
WTSAPI32.dll
MSVCRT.dll
USER32.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
secur32.dll
WININET.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL
msvcp60.dll

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 15

http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://ocsp.comodoca.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://secure.comodo.net/CPS0C
http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.thawte.com0
http://www.ammyy.com/
http://www.ammyy.com
http://rl.ammyy.com
http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

MSVCP60.dll 4 SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 40 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 99 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 165 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
??1Init@ios_base@std@@QAE@XZ	0x48537c
??0_Winit@std@@QAE@XZ	0x485380
??1_Winit@std@@QAE@XZ	0x485384
??0Init@ios_base@std@@QAE@XZ	0x485388

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x485568

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4850a0
ImageList_Create	0x4850a4
ImageList_Draw	0x4850a8
ImageList_Destroy	0x4850ac
None	0x4850b0
ImageList_GetIconSize	0x4850b4
ImageList_ReplaceIcon	0x4850b8
ImageList_Add	0x4850bc
ImageList_Duplicate	0x4850c0
_TrackMouseEvent	0x4850c4
CreatePropertySheetPageW	0x4850c8
PropertySheetW	0x4850cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4858c4
GetSaveFileNameW	0x4858c8

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4858d0

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x485830
HttpQueryInfoA	0x485834
InternetConnectA	0x485838
InternetSetOptionA	0x48583c
InternetCloseHandle	0x485840
InternetReadFile	0x485844
InternetOpenA	0x485848
HttpOpenRequestA	0x48584c

Function	Address	Souspicious	Anti Debug
GetDIBits	0x4850e8
CreateCompatibleBitmap	0x4850ec
RealizePalette	0x4850f0
SelectPalette	0x4850f4
CreatePalette	0x4850f8
GetSystemPaletteEntries	0x4850fc
GdiFlush	0x485100
CombineRgn	0x485104
GetRegionData	0x485108
SetStretchBltMode	0x48510c
CreateDIBitmap	0x485110
DeleteDC	0x485114
SelectObject	0x485118
CreateCompatibleDC	0x48511c
BitBlt	0x485120
SetBkMode	0x485124
CreateFontIndirectA	0x485128
DPtoLP	0x48512c
GetDeviceCaps	0x485130
CreateFontA	0x485134
StretchBlt	0x485138
CreateRectRgn	0x48513c
ExtTextOutA	0x485140
GetBitmapBits	0x485144
GetObjectA	0x485148
CreateDIBSection	0x48514c
SetBitmapBits	0x485150
CreateRectRgnIndirect	0x485154
SelectClipRgn	0x485158
TextOutW	0x48515c
CreatePatternBrush	0x485160
SetTextAlign	0x485164
SetBrushOrgEx	0x485168
ExtTextOutW	0x48516c
SetTextColor	0x485170
SetBkColor	0x485174
GetTextExtentPoint32W	0x485178
CreateSolidBrush	0x48517c
DeleteObject	0x485180
GetStockObject	0x485184

Function	Address	Souspicious	Anti Debug
RegOpenKeyExA	0x485000
FreeSid	0x485004
SetFileSecurityW	0x485008
SetSecurityDescriptorDacl	0x48500c
InitializeSecurityDescriptor	0x485010
ConvertSidToStringSidA	0x485014
GetTokenInformation	0x485018
OpenProcessToken	0x48501c
RegCloseKey	0x485020
RegQueryValueExA	0x485024
ImpersonateLoggedOnUser	0x485028
RevertToSelf	0x48502c
GetUserNameA	0x485030
StartServiceCtrlDispatcherW	0x485034
RegisterServiceCtrlHandlerExA	0x485038
SetServiceStatus	0x48503c
SetTokenInformation	0x485040
DuplicateTokenEx	0x485044
CreateProcessAsUserW	0x485048
QueryServiceStatus	0x48504c
CloseServiceHandle	0x485050
OpenServiceA	0x485054
OpenSCManagerA	0x485058
CreateServiceW	0x48505c
DeleteService	0x485060
ControlService	0x485064
StartServiceA	0x485068
StartServiceW	0x48506c
RegCreateKeyExA	0x485070
RegQueryValueExW	0x485074
RegSetValueExW	0x485078
RegSetValueExA	0x48507c
RegDeleteKeyA	0x485080
RegDeleteValueW	0x485084
RegCreateKeyExW	0x485088
RegEnumKeyExW	0x48508c
RegOpenKeyExW	0x485090
SetEntriesInAclA	0x485094
AllocateAndInitializeSid	0x485098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48518c
LoadResource	0x485190
LockResource	0x485194
GetLocalTime	0x485198
TryEnterCriticalSection	0x48519c
LeaveCriticalSection	0x4851a0
EnterCriticalSection	0x4851a4
DeleteCriticalSection	0x4851a8
InitializeCriticalSection	0x4851ac
SetFileTime	0x4851b0
GetFileTime	0x4851b4
OpenMutexA	0x4851b8
CreateMutexA	0x4851bc
ResetEvent	0x4851c0
FindResourceExA	0x4851c4
OpenEventA	0x4851c8
CreateEventA	0x4851cc
ExitProcess	0x4851d0
SetUnhandledExceptionFilter	0x4851d4
GetSystemDirectoryA	0x4851d8
CompareFileTime	0x4851dc
GetSystemTimeAsFileTime	0x4851e0
GetSystemDirectoryW	0x4851e4
lstrcatW	0x4851e8
LoadLibraryW	0x4851ec
QueryPerformanceFrequency	0x4851f0
ReadFile	0x4851f4
QueryPerformanceCounter	0x4851f8
GetExitCodeProcess	0x4851fc
BeginUpdateResourceW	0x485200
EndUpdateResourceW	0x485204
UpdateResourceA	0x485208
OpenProcess	0x48520c
CreateToolhelp32Snapshot	0x485210
Process32First	0x485214
Process32Next	0x485218
LoadLibraryA	0x48521c
FreeLibrary	0x485220
GetFileSize	0x485224
SetFilePointer	0x485228
WriteFile	0x48522c
WaitForSingleObject	0x485230
CreateThread	0x485234
GetFileAttributesW	0x485238
GetStartupInfoW	0x48523c
CreateProcessW	0x485240
lstrcmpiW	0x485244
lstrcmpW	0x485248
MulDiv	0x48524c
FormatMessageW	0x485250
MultiByteToWideChar	0x485254
WideCharToMultiByte	0x485258
GetModuleFileNameW	0x48525c
GetComputerNameA	0x485260
LocalAlloc	0x485264
GetExitCodeThread	0x485268
SystemTimeToFileTime	0x48526c
MoveFileW	0x485270
DeleteFileW	0x485274
GetTempPathW	0x485278
CreateFileW	0x48527c
FindFirstFileW	0x485280
FindClose	0x485284
CreateFileA	0x485288
DeviceIoControl	0x48528c
GetUserDefaultUILanguage	0x485290
GetModuleHandleA	0x485294
GetProcAddress	0x485298
GetLocaleInfoA	0x48529c
CreateDirectoryW	0x4852a0
SetCurrentDirectoryW	0x4852a4
SetProcessShutdownParameters	0x4852a8
GetVersionExA	0x4852ac
GetCurrentProcess	0x4852b0
GetLastError	0x4852b4
CloseHandle	0x4852b8
LocalFree	0x4852bc
GetCurrentThreadId	0x4852c0
GetCurrentProcessId	0x4852c4
Sleep	0x4852c8
GetTickCount	0x4852cc
InterlockedIncrement	0x4852d0
InterlockedDecrement	0x4852d4
lstrlenA	0x4852d8
lstrlenW	0x4852dc
TerminateProcess	0x4852e0
GlobalUnlock	0x4852e4
GlobalLock	0x4852e8
SystemTimeToTzSpecificLocalTime	0x4852ec
FileTimeToSystemTime	0x4852f0
GetFileSizeEx	0x4852f4
SetEndOfFile	0x4852f8
SetFilePointerEx	0x4852fc
GlobalAlloc	0x485300
GetDriveTypeW	0x485304
RemoveDirectoryW	0x485308
FindNextFileW	0x48530c
SetFileAttributesW	0x485310
GetLogicalDrives	0x485314
ProcessIdToSessionId	0x485318
SleepEx	0x48531c
CreateDirectoryA	0x485320
DeleteFileA	0x485324
GlobalFree	0x485328
IsBadReadPtr	0x48532c
lstrcmpA	0x485330
LocalFileTimeToFileTime	0x485334
WaitNamedPipeW	0x485338
lstrcpyA	0x48533c
GetCurrentDirectoryA	0x485340
FindResourceA	0x485344
DuplicateHandle	0x485348
CreateSemaphoreA	0x48534c
SetThreadPriority	0x485350
TlsSetValue	0x485354
GetCurrentThread	0x485358
TlsAlloc	0x48535c
ResumeThread	0x485360
TlsGetValue	0x485364
InterlockedExchange	0x485368
GetStartupInfoA	0x48536c
SetEvent	0x485370
SetLastError	0x485374

Function	Address	Souspicious	Anti Debug
_strnicmp	0x485390
_strupr	0x485394
_strlwr	0x485398
_controlfp	0x48539c
_iob	0x4853a0
__set_app_type	0x4853a4
__p__fmode	0x4853a8
__p__commode	0x4853ac
_adjust_fdiv	0x4853b0
__setusermatherr	0x4853b4
_initterm	0x4853b8
__getmainargs	0x4853bc
_wcsicmp	0x4853c0
wcschr	0x4853c4
__CxxFrameHandler	0x4853c8
strlen	0x4853cc
isspace	0x4853d0
memchr	0x4853d4
_errno	0x4853d8
strtol	0x4853dc
isdigit	0x4853e0
strstr	0x4853e4
memcpy	0x4853e8
??2@YAPAXI@Z	0x4853ec
_purecall	0x4853f0
free	0x4853f4
memset	0x4853f8
malloc	0x4853fc
sprintf	0x485400
printf	0x485404
fwrite	0x485408
srand	0x48540c
time	0x485410
_CxxThrowException	0x485414
rand	0x485418
atol	0x48541c
_stricmp	0x485420
isprint	0x485424
tolower	0x485428
strncpy	0x48542c
wcslen	0x485430
atoi	0x485434
abs	0x485438
wcscpy	0x48543c
strcmp	0x485440
strcpy	0x485444
memcmp	0x485448
iswspace	0x48544c
wcsncmp	0x485450
_wtoi	0x485454
_ultow	0x485458
_stat	0x48545c
strchr	0x485460
_ftol	0x485464
swprintf	0x485468
strcat	0x48546c
strtoul	0x485470
calloc	0x485474
_rotl	0x485478
_rotr	0x48547c
fopen	0x485480
fread	0x485484
fclose	0x485488
fseek	0x48548c
ftell	0x485490
fflush	0x485494
wcsncpy	0x485498
wcsrchr	0x48549c
vsprintf	0x4854a0
vswprintf	0x4854a4
memmove	0x4854a8
strrchr	0x4854ac
strncmp	0x4854b0
mbstowcs	0x4854b4
wcscmp	0x4854b8
wcsstr	0x4854bc
iswdigit	0x4854c0
_beginthreadex	0x4854c4
_endthreadex	0x4854c8
atof	0x4854cc
_i64tow	0x4854d0
wcscat	0x4854d4
realloc	0x4854d8
exit	0x4854dc
fprintf	0x4854e0
sscanf	0x4854e4
getenv	0x4854e8
floor	0x4854ec
fputc	0x4854f0
_CIpow	0x4854f4
_CIacos	0x4854f8
??1type_info@@UAE@XZ	0x4854fc
__dllonexit	0x485500
_onexit	0x485504
_except_handler3	0x485508
?terminate@@YAXXZ	0x48550c
_exit	0x485510
_XcptFilter	0x485514
_acmdln	0x485518

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x485570
InitializeSecurityContextA	0x485574
FreeContextBuffer	0x485578
AcquireCredentialsHandleA	0x48557c
CompleteAuthToken	0x485580
QuerySecurityPackageInfoA	0x485584

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x485538
SHGetPathFromIDListW	0x48553c
ShellExecuteA	0x485540
SHGetMalloc	0x485544
ShellExecuteExW	0x485548
SHGetFolderPathA	0x48554c
SHGetFolderPathW	0x485550
SHGetFileInfoW	0x485554
ShellExecuteW	0x485558
SHGetSpecialFolderPathW	0x48555c
Shell_NotifyIconA	0x485560

Function	Address	Souspicious	Anti Debug
None	0x4850d4
None	0x4850d8
None	0x4850dc
None	0x4850e0

Function	Address	Souspicious	Anti Debug
SetupDiEnumDeviceInfo	0x485520
SetupDiGetClassDevsA	0x485524
SetupDiClassGuidsFromNameA	0x485528
SetupDiGetDeviceRegistryPropertyA	0x48552c
SetupDiDestroyDeviceInfoList	0x485530

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x485854
send	0x485858
recv	0x48585c
select	0x485860
WSAStartup	0x485864
getpeername	0x485868
getservbyport	0x48586c
ntohs	0x485870
gethostbyaddr	0x485874
gethostbyname	0x485878
getservbyname	0x48587c
htonl	0x485880
inet_ntoa	0x485884
inet_addr	0x485888
WSAIoctl	0x48588c
connect	0x485890
accept	0x485894
htons	0x485898
bind	0x48589c
listen	0x4858a0
socket	0x4858a4
__WSAFDIsSet	0x4858a8
shutdown	0x4858ac
setsockopt	0x4858b0
ioctlsocket	0x4858b4
WSACleanup	0x4858b8
closesocket	0x4858bc

Function	Address	Souspicious	Anti Debug
FindWindowA	0x48558c
OpenDesktopA	0x485590
VkKeyScanExA	0x485594
SendMessageTimeoutA	0x485598
LoadIconA	0x48559c
IntersectRect	0x4855a0
IsWindowVisible	0x4855a4
GetIconInfo	0x4855a8
GetCursorInfo	0x4855ac
EqualRect	0x4855b0
OpenInputDesktop	0x4855b4
CloseDesktop	0x4855b8
GetUserObjectInformationA	0x4855bc
LoadKeyboardLayoutA	0x4855c0
EmptyClipboard	0x4855c4
SetClipboardData	0x4855c8
RegisterClassExA	0x4855cc
GetDesktopWindow	0x4855d0
PeekMessageA	0x4855d4
MsgWaitForMultipleObjects	0x4855d8
mouse_event	0x4855dc
MapVirtualKeyA	0x4855e0
LockWorkStation	0x4855e4
SetThreadDesktop	0x4855e8
keybd_event	0x4855ec
SetDlgItemTextA	0x4855f0
SetDlgItemInt	0x4855f4
GetKeyboardState	0x4855f8
ToAsciiEx	0x4855fc
DestroyAcceleratorTable	0x485600
TranslateAcceleratorA	0x485604
CreateAcceleratorTableA	0x485608
SetWindowTextA	0x48560c
ReleaseCapture	0x485610
SetCapture	0x485614
GetAsyncKeyState	0x485618
GetThreadDesktop	0x48561c
SystemParametersInfoW	0x485620
SwitchToThisWindow	0x485624
SendMessageA	0x485628
FindWindowW	0x48562c
MessageBoxA	0x485630
ShowWindow	0x485634
wsprintfA	0x485638
RegisterClassExW	0x48563c
DestroyCursor	0x485640
MessageBeep	0x485644
wsprintfW	0x485648
SetCursorPos	0x48564c
GetClipboardOwner	0x485650
OpenClipboard	0x485654
GetClipboardData	0x485658
CloseClipboard	0x48565c
ShowWindowAsync	0x485660
SetScrollInfo	0x485664
GetWindow	0x485668
WindowFromPoint	0x48566c
ReleaseDC	0x485670
GetDC	0x485674
DestroyIcon	0x485678
DrawIconEx	0x48567c
LoadImageA	0x485680
EnableWindow	0x485684
SetDlgItemTextW	0x485688
DestroyWindow	0x48568c
SetWindowPos	0x485690
SetClassLongW	0x485694
InsertMenuItemW	0x485698
ChangeClipboardChain	0x48569c
MapWindowPoints	0x4856a0
InsertMenuItemA	0x4856a4
EnumWindows	0x4856a8
GetClassNameA	0x4856ac
GetWindowTextA	0x4856b0
KillTimer	0x4856b4
GetWindowLongW	0x4856b8
PostMessageA	0x4856bc
DrawTextW	0x4856c0
SetRect	0x4856c4
ShowScrollBar	0x4856c8
IsIconic	0x4856cc
ScrollWindowEx	0x4856d0
AdjustWindowRectEx	0x4856d4
GetMenuState	0x4856d8
GetWindowPlacement	0x4856dc
SetWindowPlacement	0x4856e0
GetSysColorBrush	0x4856e4
AppendMenuW	0x4856e8
SetClipboardViewer	0x4856ec
SetWindowsHookExA	0x4856f0
UnhookWindowsHookEx	0x4856f4
DrawTextA	0x4856f8
EndDialog	0x4856fc
CreateDialogParamW	0x485700
DialogBoxParamA	0x485704
CallWindowProcW	0x485708
CallWindowProcA	0x48570c
DefWindowProcA	0x485710
IsWindowUnicode	0x485714
GetSystemMenu	0x485718
RedrawWindow	0x48571c
InvalidateRect	0x485720
ScreenToClient	0x485724
DrawStateA	0x485728
DrawEdge	0x48572c
GetClientRect	0x485730
CreateWindowExA	0x485734
IsWindow	0x485738
GetParent	0x48573c
GetWindowLongA	0x485740
GetForegroundWindow	0x485744
GetWindowThreadProcessId	0x485748
AttachThreadInput	0x48574c
SetActiveWindow	0x485750
SetCursor	0x485754
SetTimer	0x485758
PostThreadMessageA	0x48575c
MoveWindow	0x485760
BeginPaint	0x485764
EndPaint	0x485768
GetDlgItemInt	0x48576c
SendDlgItemMessageA	0x485770
MapDialogRect	0x485774
SetWindowLongA	0x485778
ClientToScreen	0x48577c
LoadCursorA	0x485780
RegisterClassW	0x485784
CreateWindowExW	0x485788
SetWindowLongW	0x48578c
UpdateWindow	0x485790
GetMessageA	0x485794
IsDialogMessageA	0x485798
TranslateMessage	0x48579c
DispatchMessageA	0x4857a0
SetWindowTextW	0x4857a4
SetMenu	0x4857a8
LoadMenuA	0x4857ac
GetMenuItemInfoA	0x4857b0
SetMenuItemInfoA	0x4857b4
GetSubMenu	0x4857b8
SetMenuItemInfoW	0x4857bc
GetMenuItemID	0x4857c0
EnableMenuItem	0x4857c4
GetMenuItemCount	0x4857c8
CheckMenuItem	0x4857cc
GetKeyState	0x4857d0
SetForegroundWindow	0x4857d4
SetFocus	0x4857d8
GetFocus	0x4857dc
PostQuitMessage	0x4857e0
DefWindowProcW	0x4857e4
CreatePopupMenu	0x4857e8
GetCursorPos	0x4857ec
TrackPopupMenu	0x4857f0
GetSysColor	0x4857f4
GetSystemMetrics	0x4857f8
GetMenuItemInfoW	0x4857fc
DrawMenuBar	0x485800
AppendMenuA	0x485804
DestroyMenu	0x485808
GetDlgItem	0x48580c
MessageBoxW	0x485810
SendMessageW	0x485814
GetWindowRect	0x485818
SystemParametersInfoA	0x48581c

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x485824
UnloadUserProfile	0x485828