soporte%5Csoporteperfect.exe

First submission 2024-10-16 17:53:02 Last sumbission 2024-10-18 06:37:06

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	746.27 KB (764184 bytes)
Compile time:	2014-07-03 00:56:03
MD5:	f8cd52b70a11a1fb3f29c6f89ff971ec
SHA1:	6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
SHA256:	6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
Import Hash :	59bc1054f3fb6d52d677cef7c12118a3
Sections 4	.text .rdata .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	46/77 VT report date: 2024-10-07 04:08:11
Malware Type 3	hacktool trojan pua
Threat Type 3	ammyy ammyyadmin flawedammyy

URLs, FQDN and IP indicators 2

URL	Host (FQDN/IP)	Date Added
hXXp://perfectperu.com/soporte%5Csoporteperfect.exe	perfectperu.com	2024-10-18 06:37:12
hXXp://ruterk.com/archive/prog/AA_v3.exe?amp	ruterk.com	2024-10-16 17:53:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x81ee2	532480	787263bf0d082043e11b8ad071e22ccaa3cbfd49	639aab0044ce02fd6911f8bac392ae21
.rdata	0x83000	0x178fc	98304	5dc4a3189665aa06156add1092dda90a15b1ab1d	ac6056676066c53d4ecc13dab6559d05
.data	0x9b000	0x1a7a0	77824	6d8c0f280c31da020f4ed8a5c0943fbcf40c9a69	53892c33ead40d36fa5b0d2d0610c304
.rsrc	0xb6000	0xa5e0	45056	49ad749bc3f1bf87cf1753deee179e42ebc13fa9	8613de162d33f736c2f72c2e22502a39

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
BINARY	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbc3e8	1
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbe000	308
RT_BITMAP	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbd160	1194	PE Resource: RT_BITMAP - Data (VJVJVJVJVJVJVJ!=B;g;g;g;g;g99=B=;g;g;g;g;g/%9F=/%;g;g;g;g;g5F9F/%/%;g;g;g;g;g;g;guNgsBF/%/%w6wF/%/%/%/%V{"u_F/%VVV"""CF/%\|o\|o\|o"""""""""&F/%VVV{+&&&&&&&&&&""F/%\|o\|o\|o"/+++++++++'C3F/%VVV733`/ +@+@/@/@/@+OF/%\|o\|o\|owb;`/7gF/%VVVVVVVVV{GK{F/%VVVVVVVVV[kowUJ!TJ!
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbb310	4264	PE Resource: RT_ICON - Data ( @ 1?LRdrxVMaekqvuI4y{npdhZ]IL[_aPSPRKNGJBE9=~\|F /{}!eca.1YWZ#!h97xXVg%!'!'"'"(#(#("'&,1RP%$rxFJ%(%($($(!{yc)'l&$kb20v#""(!'!'"'"'!&%),1XV/-yb_b%(%($($("uxd(n(o%#n/-u!39!(!'!'"(#().05XV/-{A%($($(#'$bee)'o(q'$o(&rrw!"&+'-(-.449XV/-}&%($($("' #X\bhige 'DJ"+1.4398=XV/-~$'$($("'"%CGq#FL(/$<A>CWW.-&)$'$($("'&&+5:KPQWW]]`af\`\bSY"+2%${~]b).38XW.-79 #$($(#("'!&$""""###'+3074;29$6<04ZX--{EG $($($)%)$)&+'-0+1-3/507193;4;6=8?;A>D18$^bPO.-e_a'+(,)-.487;495;4:5:5;6=7=7?9@;B=D?F?DCITYCH%KK.-=-0-1.304CF8==C9>280639;ACIGMELAGAGAGSXeiVZBGfjJI.-1526387;:?gj~_dFL/6AFU[glRW;AvzSR-, !$598;9=;@AEqtB?^\geusTXRWW\AGqvPS"'ZY-,/27:=@>B@DHLW[j rssnU^a(.DH-2UW^aYX-,EG7:BFDGEHNRMQ$!q)'x+)z+)\|vT>C.4OTdhru`cYX-,vWX79ILILILW[NS,v'%v(z({ux:@49VYimimhjtwcgYX-,Stu25OROQMQ`cRV:8~#!u(z({"!x76#\`koloknlompy}fjYX-,-UWTWSVadORVTp+)z({)}vlk=AqulpoqpsrurujlYX,+ORAD^`[]^aSUjmo%#v+)\|*)}xRP;?uxrusvuxxzx{moVU==-0UVdgachj<?86russvNR{}wzy\|{~}}rtON<E(+^`lnjlgi26tvxv:?xz}}tv[57WYuwwytvGJDFilpr_b>CqubdATV@Bfhxz~fh_bhjQTKvwSTSUUWrtJMlM~STQSX[npsvGHe%H~{}giVXWYYZde6/\M?
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb6a00	250
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb82f0	784
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbe138	20
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xbc3b8	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xbd610	736	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?@StringFileInfo040904b0Comments4 CompanyNameAmmyy LLC@FileDescriptionAmmyy Admin(FileVersion3.58InternalNameAmmyy Admin$LegalCopyright(LegalTrademarks(OriginalFilename PrivateBuild8ProductNameAmmyy Admin,ProductVersion3.5 SpecialBuildDVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb8780	637	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Maxim" processorArchitecture="x86" version="1.0.0.1" type="win32"/> <description>blabla</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xb8770	11

Meta infos 13

LegalCopyright:
InternalName:	Ammyy Admin
FileVersion:	3.5
FileDescription:	Ammyy Admin
SpecialBuild:
CompanyName:	Ammyy LLC
LegalTrademarks:
Comments:
ProductName:	Ammyy Admin
ProductVersion:	3.5
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 7

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

File signature

MD5	SHA1	Block size	Virtual Address
e3457b975080247605bb3b1fad3b98e1	d65b3672d2e8f9bd1f93dec40958d67d0891ede1	6424	757760

Strings analysis - File found

Binary
Ammyy_Contact_Book.bin
*.bin
contacts3.bin
_tmp\AMMYY_Admin.bin
settings3.bin
settings.bin
contacts.bin
sessions.bin
Log
eAMMYY_service.log
ammyy.log
ammyy_id.log
Temporary
%sAmmyy_%X.tmp
Object
hhctrl.ocx
Library
W\winsta.dll
ewmsgapi.dll
ADVAPI32.dll
SHLWAPI.dll
dwmapi.dll
MSVCRT.dll
USER32.dll
SHELL32.dll
WS2_32.dll
WTSAPI32.dll
COMCTL32.dll
secur32.dll
WININET.dll
USERENV.dll
SETUPAPI.dll
GDI32.dll
KERNEL32.dll
DSOUND.dll
COMDLG32.dll
IPHLPAPI.DLL
msvcp60.dll

Strings analysis - Possible IPs found 2

1.0.0.1
127.0.0.1

Strings analysis - Possible URLs found 18

https://www.verisign.com/cps0
http://www.ammyy.com/?lang=
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.verisign.com0
http://logo.verisign.com/vslogo.gif04
https://www.verisign.com/rpa
http://www.ammyy.com
http://crl.verisign.com/pca3-g5.crl04
https://www.verisign.com/rpa0
http://ocsp.thawte.com0
http://www.ammyy.com/
http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
http://rl.ammyy.com
http://ocsp.verisign.com0;
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

MSVCP60.dll 4 SHLWAPI.dll 1 COMCTL32.dll 12 comdlg32.dll 2 iphlpapi.dll 1 WININET.dll 8 GDI32.dll 40 ADVAPI32.dll 39 KERNEL32.dll 123 MSVCRT.dll 99 Secur32.dll 6 SHELL32.dll 11 DSOUND.dll 4 SETUPAPI.dll 5 WS2_32.dll 27 USER32.dll 165 USERENV.dll 2

Function	Address	Souspicious	Anti Debug
??1Init@ios_base@std@@QAE@XZ	0x48337c
??0_Winit@std@@QAE@XZ	0x483380
??1_Winit@std@@QAE@XZ	0x483384
??0Init@ios_base@std@@QAE@XZ	0x483388

Function	Address	Souspicious	Anti Debug
PathGetDriveNumberA	0x483568

Function	Address	Souspicious	Anti Debug
CreateToolbarEx	0x4830a0
ImageList_Add	0x4830a4
ImageList_Create	0x4830a8
ImageList_Draw	0x4830ac
None	0x4830b0
ImageList_GetIconSize	0x4830b4
ImageList_ReplaceIcon	0x4830b8
ImageList_Destroy	0x4830bc
ImageList_Duplicate	0x4830c0
_TrackMouseEvent	0x4830c4
CreatePropertySheetPageW	0x4830c8
PropertySheetW	0x4830cc

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x4838c4
GetSaveFileNameW	0x4838c8

Function	Address	Souspicious	Anti Debug
GetAdaptersInfo	0x4838d0

Function	Address	Souspicious	Anti Debug
HttpSendRequestA	0x483830
HttpQueryInfoA	0x483834
InternetConnectA	0x483838
InternetSetOptionA	0x48383c
InternetCloseHandle	0x483840
InternetReadFile	0x483844
InternetOpenA	0x483848
HttpOpenRequestA	0x48384c

Function	Address	Souspicious	Anti Debug
GetDIBits	0x4830e8
CreateCompatibleBitmap	0x4830ec
RealizePalette	0x4830f0
SelectPalette	0x4830f4
CreatePalette	0x4830f8
GetSystemPaletteEntries	0x4830fc
GdiFlush	0x483100
CombineRgn	0x483104
GetRegionData	0x483108
SetStretchBltMode	0x48310c
CreateDIBitmap	0x483110
GetBitmapBits	0x483114
GetObjectA	0x483118
DeleteDC	0x48311c
SelectObject	0x483120
CreateCompatibleDC	0x483124
BitBlt	0x483128
SetBkMode	0x48312c
CreateFontIndirectA	0x483130
DPtoLP	0x483134
StretchBlt	0x483138
CreateRectRgn	0x48313c
ExtTextOutA	0x483140
CreateDIBSection	0x483144
SetBitmapBits	0x483148
CreateRectRgnIndirect	0x48314c
SelectClipRgn	0x483150
TextOutW	0x483154
CreatePatternBrush	0x483158
SetTextAlign	0x48315c
SetBrushOrgEx	0x483160
ExtTextOutW	0x483164
SetTextColor	0x483168
SetBkColor	0x48316c
GetTextExtentPoint32W	0x483170
GetStockObject	0x483174
CreateSolidBrush	0x483178
GetDeviceCaps	0x48317c
DeleteObject	0x483180
CreateFontA	0x483184

Function	Address	Souspicious	Anti Debug
RegOpenKeyExA	0x483000
FreeSid	0x483004
SetFileSecurityW	0x483008
SetSecurityDescriptorDacl	0x48300c
InitializeSecurityDescriptor	0x483010
ConvertSidToStringSidA	0x483014
GetTokenInformation	0x483018
OpenProcessToken	0x48301c
RegCloseKey	0x483020
RegQueryValueExA	0x483024
ImpersonateLoggedOnUser	0x483028
RevertToSelf	0x48302c
GetUserNameA	0x483030
StartServiceCtrlDispatcherW	0x483034
RegisterServiceCtrlHandlerExA	0x483038
SetServiceStatus	0x48303c
SetTokenInformation	0x483040
DuplicateTokenEx	0x483044
CreateProcessAsUserW	0x483048
QueryServiceStatus	0x48304c
CloseServiceHandle	0x483050
OpenServiceA	0x483054
OpenSCManagerA	0x483058
CreateServiceW	0x48305c
DeleteService	0x483060
ControlService	0x483064
StartServiceA	0x483068
StartServiceW	0x48306c
RegCreateKeyExA	0x483070
RegQueryValueExW	0x483074
RegSetValueExW	0x483078
RegSetValueExA	0x48307c
RegDeleteKeyA	0x483080
RegDeleteValueW	0x483084
RegCreateKeyExW	0x483088
RegEnumKeyExW	0x48308c
RegOpenKeyExW	0x483090
SetEntriesInAclA	0x483094
AllocateAndInitializeSid	0x483098

Function	Address	Souspicious	Anti Debug
SizeofResource	0x48318c
LoadResource	0x483190
LockResource	0x483194
GetLocalTime	0x483198
TryEnterCriticalSection	0x48319c
LeaveCriticalSection	0x4831a0
EnterCriticalSection	0x4831a4
DeleteCriticalSection	0x4831a8
InitializeCriticalSection	0x4831ac
SetFileTime	0x4831b0
GetFileTime	0x4831b4
OpenMutexA	0x4831b8
CreateMutexA	0x4831bc
ResetEvent	0x4831c0
FindResourceExA	0x4831c4
OpenEventA	0x4831c8
CreateEventA	0x4831cc
ExitProcess	0x4831d0
SetUnhandledExceptionFilter	0x4831d4
GetSystemDirectoryA	0x4831d8
CompareFileTime	0x4831dc
GetSystemTimeAsFileTime	0x4831e0
GetSystemDirectoryW	0x4831e4
lstrcatW	0x4831e8
LoadLibraryW	0x4831ec
QueryPerformanceFrequency	0x4831f0
ReadFile	0x4831f4
QueryPerformanceCounter	0x4831f8
GetExitCodeProcess	0x4831fc
BeginUpdateResourceW	0x483200
EndUpdateResourceW	0x483204
UpdateResourceA	0x483208
OpenProcess	0x48320c
CreateToolhelp32Snapshot	0x483210
Process32First	0x483214
Process32Next	0x483218
LoadLibraryA	0x48321c
FreeLibrary	0x483220
GetFileSize	0x483224
SetFilePointer	0x483228
WriteFile	0x48322c
WaitForSingleObject	0x483230
CreateThread	0x483234
GetFileAttributesW	0x483238
GetStartupInfoW	0x48323c
CreateProcessW	0x483240
lstrcmpiW	0x483244
lstrcmpW	0x483248
MulDiv	0x48324c
FormatMessageW	0x483250
MultiByteToWideChar	0x483254
WideCharToMultiByte	0x483258
GetModuleFileNameW	0x48325c
GetComputerNameA	0x483260
LocalAlloc	0x483264
GetExitCodeThread	0x483268
SystemTimeToFileTime	0x48326c
MoveFileW	0x483270
DeleteFileW	0x483274
GetTempPathW	0x483278
CreateFileW	0x48327c
FindFirstFileW	0x483280
FindClose	0x483284
CreateFileA	0x483288
DeviceIoControl	0x48328c
GetUserDefaultUILanguage	0x483290
GetModuleHandleA	0x483294
GetProcAddress	0x483298
GetLocaleInfoA	0x48329c
CreateDirectoryW	0x4832a0
SetCurrentDirectoryW	0x4832a4
SetProcessShutdownParameters	0x4832a8
GetVersionExA	0x4832ac
GetCurrentProcess	0x4832b0
GetLastError	0x4832b4
CloseHandle	0x4832b8
LocalFree	0x4832bc
GetCurrentThreadId	0x4832c0
GetCurrentProcessId	0x4832c4
Sleep	0x4832c8
GetTickCount	0x4832cc
InterlockedIncrement	0x4832d0
InterlockedDecrement	0x4832d4
lstrlenA	0x4832d8
lstrlenW	0x4832dc
TerminateProcess	0x4832e0
GlobalUnlock	0x4832e4
GlobalLock	0x4832e8
SystemTimeToTzSpecificLocalTime	0x4832ec
FileTimeToSystemTime	0x4832f0
GetFileSizeEx	0x4832f4
SetEndOfFile	0x4832f8
SetFilePointerEx	0x4832fc
GlobalAlloc	0x483300
GetDriveTypeW	0x483304
RemoveDirectoryW	0x483308
FindNextFileW	0x48330c
SetFileAttributesW	0x483310
GetLogicalDrives	0x483314
ProcessIdToSessionId	0x483318
SleepEx	0x48331c
CreateDirectoryA	0x483320
DeleteFileA	0x483324
GlobalFree	0x483328
IsBadReadPtr	0x48332c
lstrcmpA	0x483330
LocalFileTimeToFileTime	0x483334
WaitNamedPipeW	0x483338
lstrcpyA	0x48333c
GetCurrentDirectoryA	0x483340
FindResourceA	0x483344
DuplicateHandle	0x483348
CreateSemaphoreA	0x48334c
SetThreadPriority	0x483350
TlsSetValue	0x483354
GetCurrentThread	0x483358
TlsAlloc	0x48335c
ResumeThread	0x483360
TlsGetValue	0x483364
InterlockedExchange	0x483368
GetStartupInfoA	0x48336c
SetEvent	0x483370
SetLastError	0x483374

Function	Address	Souspicious	Anti Debug
_strnicmp	0x483390
_strupr	0x483394
_strlwr	0x483398
_controlfp	0x48339c
_iob	0x4833a0
__set_app_type	0x4833a4
__p__fmode	0x4833a8
__p__commode	0x4833ac
_adjust_fdiv	0x4833b0
__setusermatherr	0x4833b4
_initterm	0x4833b8
__getmainargs	0x4833bc
_wcsicmp	0x4833c0
wcschr	0x4833c4
__CxxFrameHandler	0x4833c8
strlen	0x4833cc
isspace	0x4833d0
memchr	0x4833d4
_errno	0x4833d8
strtol	0x4833dc
isdigit	0x4833e0
strstr	0x4833e4
memcpy	0x4833e8
??2@YAPAXI@Z	0x4833ec
_purecall	0x4833f0
free	0x4833f4
memset	0x4833f8
malloc	0x4833fc
sprintf	0x483400
printf	0x483404
fwrite	0x483408
srand	0x48340c
time	0x483410
_CxxThrowException	0x483414
rand	0x483418
atol	0x48341c
_stricmp	0x483420
isprint	0x483424
tolower	0x483428
strncpy	0x48342c
atoi	0x483430
abs	0x483434
wcscpy	0x483438
strcmp	0x48343c
strcpy	0x483440
wcslen	0x483444
memcmp	0x483448
iswspace	0x48344c
wcsncmp	0x483450
_wtoi	0x483454
_ultow	0x483458
_stat	0x48345c
strchr	0x483460
_ftol	0x483464
swprintf	0x483468
strcat	0x48346c
strtoul	0x483470
calloc	0x483474
_rotl	0x483478
_rotr	0x48347c
fopen	0x483480
fread	0x483484
fclose	0x483488
fseek	0x48348c
ftell	0x483490
fflush	0x483494
wcsncpy	0x483498
wcsrchr	0x48349c
vsprintf	0x4834a0
vswprintf	0x4834a4
memmove	0x4834a8
strrchr	0x4834ac
strncmp	0x4834b0
mbstowcs	0x4834b4
wcscmp	0x4834b8
wcsstr	0x4834bc
iswdigit	0x4834c0
_beginthreadex	0x4834c4
_endthreadex	0x4834c8
atof	0x4834cc
_i64tow	0x4834d0
wcscat	0x4834d4
realloc	0x4834d8
exit	0x4834dc
fprintf	0x4834e0
sscanf	0x4834e4
getenv	0x4834e8
floor	0x4834ec
fputc	0x4834f0
_CIpow	0x4834f4
_CIacos	0x4834f8
??1type_info@@UAE@XZ	0x4834fc
__dllonexit	0x483500
_onexit	0x483504
_except_handler3	0x483508
?terminate@@YAXXZ	0x48350c
_exit	0x483510
_XcptFilter	0x483514
_acmdln	0x483518

Function	Address	Souspicious	Anti Debug
FreeCredentialsHandle	0x483570
InitializeSecurityContextA	0x483574
FreeContextBuffer	0x483578
AcquireCredentialsHandleA	0x48357c
CompleteAuthToken	0x483580
QuerySecurityPackageInfoA	0x483584

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x483538
SHGetPathFromIDListW	0x48353c
ShellExecuteA	0x483540
SHGetMalloc	0x483544
ShellExecuteExW	0x483548
SHGetFolderPathA	0x48354c
SHGetFolderPathW	0x483550
SHGetFileInfoW	0x483554
ShellExecuteW	0x483558
SHGetSpecialFolderPathW	0x48355c
Shell_NotifyIconA	0x483560

Function	Address	Souspicious	Anti Debug
None	0x4830d4
None	0x4830d8
None	0x4830dc
None	0x4830e0

Function	Address	Souspicious	Anti Debug
SetupDiEnumDeviceInfo	0x483520
SetupDiGetClassDevsA	0x483524
SetupDiClassGuidsFromNameA	0x483528
SetupDiGetDeviceRegistryPropertyA	0x48352c
SetupDiDestroyDeviceInfoList	0x483530

Function	Address	Souspicious	Anti Debug
WSAGetLastError	0x483854
send	0x483858
recv	0x48385c
select	0x483860
WSAStartup	0x483864
getpeername	0x483868
getservbyport	0x48386c
ntohs	0x483870
gethostbyaddr	0x483874
gethostbyname	0x483878
getservbyname	0x48387c
htonl	0x483880
inet_ntoa	0x483884
inet_addr	0x483888
WSAIoctl	0x48388c
connect	0x483890
accept	0x483894
htons	0x483898
bind	0x48389c
listen	0x4838a0
socket	0x4838a4
__WSAFDIsSet	0x4838a8
shutdown	0x4838ac
setsockopt	0x4838b0
ioctlsocket	0x4838b4
WSACleanup	0x4838b8
closesocket	0x4838bc

Function	Address	Souspicious	Anti Debug
FindWindowA	0x48358c
OpenDesktopA	0x483590
VkKeyScanExA	0x483594
SendMessageTimeoutA	0x483598
LoadIconA	0x48359c
IntersectRect	0x4835a0
IsWindowVisible	0x4835a4
GetIconInfo	0x4835a8
GetCursorInfo	0x4835ac
EqualRect	0x4835b0
OpenInputDesktop	0x4835b4
CloseDesktop	0x4835b8
GetUserObjectInformationA	0x4835bc
LoadKeyboardLayoutA	0x4835c0
EmptyClipboard	0x4835c4
SetClipboardData	0x4835c8
RegisterClassExA	0x4835cc
GetDesktopWindow	0x4835d0
PeekMessageA	0x4835d4
MsgWaitForMultipleObjects	0x4835d8
mouse_event	0x4835dc
MapVirtualKeyA	0x4835e0
LockWorkStation	0x4835e4
SetThreadDesktop	0x4835e8
keybd_event	0x4835ec
SetDlgItemTextA	0x4835f0
SetDlgItemInt	0x4835f4
GetKeyboardState	0x4835f8
ToAsciiEx	0x4835fc
DestroyAcceleratorTable	0x483600
TranslateAcceleratorA	0x483604
CreateAcceleratorTableA	0x483608
SetWindowTextA	0x48360c
ReleaseCapture	0x483610
SetCapture	0x483614
GetAsyncKeyState	0x483618
GetThreadDesktop	0x48361c
SystemParametersInfoW	0x483620
LoadBitmapA	0x483624
ReleaseDC	0x483628
GetDC	0x48362c
SwitchToThisWindow	0x483630
SendMessageA	0x483634
FindWindowW	0x483638
RegisterClassExW	0x48363c
DestroyCursor	0x483640
MessageBeep	0x483644
wsprintfW	0x483648
SetCursorPos	0x48364c
GetClipboardOwner	0x483650
OpenClipboard	0x483654
GetClipboardData	0x483658
CloseClipboard	0x48365c
ShowWindowAsync	0x483660
SetScrollInfo	0x483664
GetWindow	0x483668
WindowFromPoint	0x48366c
MessageBoxA	0x483670
ShowWindow	0x483674
wsprintfA	0x483678
DestroyIcon	0x48367c
DrawIconEx	0x483680
LoadImageA	0x483684
EnableWindow	0x483688
SetDlgItemTextW	0x48368c
DestroyWindow	0x483690
SetClassLongW	0x483694
InsertMenuItemW	0x483698
ChangeClipboardChain	0x48369c
MapWindowPoints	0x4836a0
InsertMenuItemA	0x4836a4
EnumWindows	0x4836a8
GetClassNameA	0x4836ac
GetWindowTextA	0x4836b0
KillTimer	0x4836b4
GetWindowLongW	0x4836b8
PostMessageA	0x4836bc
SetRect	0x4836c0
ShowScrollBar	0x4836c4
IsIconic	0x4836c8
ScrollWindowEx	0x4836cc
AdjustWindowRectEx	0x4836d0
GetMenuState	0x4836d4
GetWindowPlacement	0x4836d8
SetWindowPlacement	0x4836dc
GetSysColorBrush	0x4836e0
AppendMenuW	0x4836e4
SetClipboardViewer	0x4836e8
SetWindowsHookExA	0x4836ec
UnhookWindowsHookEx	0x4836f0
DrawTextA	0x4836f4
EndDialog	0x4836f8
CreateDialogParamW	0x4836fc
DialogBoxParamA	0x483700
CallWindowProcW	0x483704
CallWindowProcA	0x483708
DefWindowProcA	0x48370c
IsWindowUnicode	0x483710
GetSystemMenu	0x483714
RedrawWindow	0x483718
InvalidateRect	0x48371c
DrawStateA	0x483720
DrawEdge	0x483724
GetClientRect	0x483728
CreateWindowExA	0x48372c
IsWindow	0x483730
GetParent	0x483734
GetWindowLongA	0x483738
GetForegroundWindow	0x48373c
GetWindowThreadProcessId	0x483740
AttachThreadInput	0x483744
SetActiveWindow	0x483748
SetCursor	0x48374c
SetTimer	0x483750
PostThreadMessageA	0x483754
MoveWindow	0x483758
BeginPaint	0x48375c
EndPaint	0x483760
GetDlgItemInt	0x483764
SendDlgItemMessageA	0x483768
MapDialogRect	0x48376c
SetWindowLongA	0x483770
ClientToScreen	0x483774
LoadCursorA	0x483778
RegisterClassW	0x48377c
CreateWindowExW	0x483780
SetWindowLongW	0x483784
UpdateWindow	0x483788
GetMessageA	0x48378c
IsDialogMessageA	0x483790
TranslateMessage	0x483794
DispatchMessageA	0x483798
ScreenToClient	0x48379c
SetWindowTextW	0x4837a0
SetMenu	0x4837a4
LoadMenuA	0x4837a8
GetMenuItemInfoA	0x4837ac
SetMenuItemInfoA	0x4837b0
GetSubMenu	0x4837b4
SetMenuItemInfoW	0x4837b8
GetMenuItemID	0x4837bc
EnableMenuItem	0x4837c0
GetMenuItemCount	0x4837c4
CheckMenuItem	0x4837c8
GetKeyState	0x4837cc
SetForegroundWindow	0x4837d0
SetFocus	0x4837d4
GetFocus	0x4837d8
PostQuitMessage	0x4837dc
DefWindowProcW	0x4837e0
CreatePopupMenu	0x4837e4
GetCursorPos	0x4837e8
TrackPopupMenu	0x4837ec
GetSysColor	0x4837f0
GetSystemMetrics	0x4837f4
GetMenuItemInfoW	0x4837f8
DrawMenuBar	0x4837fc
AppendMenuA	0x483800
DestroyMenu	0x483804
MessageBoxW	0x483808
GetDlgItem	0x48380c
SendMessageW	0x483810
GetWindowRect	0x483814
SystemParametersInfoA	0x483818
SetWindowPos	0x48381c

Function	Address	Souspicious	Anti Debug
LoadUserProfileA	0x483824
UnloadUserProfile	0x483828