sub_outside():
USER32.RedrawWindow
USER32.IsWindow
USER32.GetSysColor
USER32.GetWindowLongW
USER32.SetWindowLongW
USER32.SetWindowPos
KERNEL32.lstrlenW
KERNEL32.GlobalAlloc
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.GetDC
USER32.ReleaseDC
USER32.GetClientRect
USER32.CreateAcceleratorTableW
USER32.GetParent
USER32.SetCapture
USER32.ReleaseCapture
ADVAPI32.RegCloseKey
KERNEL32.CloseHandle
KERNEL32.SetEvent
USER32.TranslateMessage
USER32.SendMessageW
USER32.DispatchMessageW
USER32.PeekMessageW
KERNEL32.WaitForSingleObjectEx
USER32.ShowWindow
KERNEL32.Sleep
NTDLL.RtlDeleteCriticalSection
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
NTDLL.RtlReAllocateHeap
KERNEL32.GetStartupInfoA
KERNEL32.GetCommandLineA
NTDLL.RtlUnwind
USER32.GetMessageW
USER32.SetLayeredWindowAttributes
USER32.PostMessageW
USER32.SetWindowTextW
GDI32.GetDeviceCaps
|
sub_40A98C(04c3):
USER32.UnregisterClassA
NTDLL.RtlDeleteCriticalSection
|
sub_415CCD(08d2):
KERNEL32.CreateFileA
|
sub_40EF2A(09c2):
KERNEL32.Sleep
|
sub_408039(09fa):
KERNEL32.lstrcmpiW
"#32770"
|
sub_40968F(0bf6):
KERNEL32.CreateThread
KERNEL32.SetEvent
"scanStart"
"true"
|
sub_40747A(0ebb):
ADVAPI32.RegOpenKeyExW
ADVAPI32.RegCloseKey
ADVAPI32.RegEnumKeyExW
ADVAPI32.RegDeleteKeyW
|
sub_41709B(0fd5):
"email"
|
sub_40E0C8(10a7):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
|
sub_40E143(10a7):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
|
sub_406781(116c):
NTDLL.RtlEnterCriticalSection
KERNEL32.GetCurrentThreadId
USER32.SetWindowLongW
KERNEL32.MulDiv
|
sub_403C55(1331):
USER32.ClientToScreen
USER32.GetParent
USER32.ScreenToClient
|
sub_40366A(151c):
GDI32.GetStockObject
GDI32.GetObjectW
USER32.GetDC
GDI32.GetDeviceCaps
USER32.GetDesktopWindow
USER32.ReleaseDC
|
sub_4092D7(159b):
USER32.TranslateMessage
USER32.SendMessageW
USER32.DispatchMessageW
USER32.PeekMessageW
KERNEL32.WaitForSingleObjectEx
USER32.ShowWindow
KERNEL32.Sleep
|
sub_4053D6(15a0):
USER32.SendMessageW
|
sub_404C9D(15a0):
USER32.SendMessageW
|
sub_417692(1876):
ADVAPI32.RegCloseKey
KERNEL32.SetEvent
KERNEL32.Sleep
"Software\\AvScan"
|
sub_413600(18b8):
KERNEL32.InitializeCriticalSectionAndSpinCount
NTDLL.RtlSetLastWin32Error
|
sub_413E93(1b66):
"SystemRoot"
|
sub_40119F(1d65):
NTDLL.RtlGetLastWin32Error
|
sub_401E9F(1de9):
USER32.GetSysColor
|
sub_409FB8(1e61):
USER32.GetDC
GDI32.CreateCompatibleBitmap
GDI32.CreateBitmap
GDI32.SetDIBits
USER32.CreateIconIndirect
GDI32.DeleteObject
USER32.DestroyIcon
"SWP2009 demo"
|
sub_406DD8(2039):
NTDLL.RtlEnterCriticalSection
USER32.GetClassInfoExW
USER32.LoadCursorW
USER32.RegisterClassExW
"ATL:%p"
|
sub_415F36(21fc):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_407CD3(2430):
KERNEL32.lstrlenW
USER32.CharNextW
ADVAPI32.RegSetValueExW
|
sub_411A2E(251a):
NTDLL.RtlEnterCriticalSection
|
sub_41676F(254f):
KERNEL32.CompareStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.CompareStringA
|
sub_403F49(25b3):
USER32.CallWindowProcW
|
sub_407ACF(2745):
KERNEL32.lstrcmpiW
|
sub_407A4C(2b9c):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_417C15(2bd7):
USER32.GetClientRect
|
sub_40E665(2daa):
NTDLL.RtlSizeHeap
|
sub_40F3FA(2e92):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40F009(2f03):
KERNEL32.Sleep
|
sub_411B90(3125):
KERNEL32.GetCPInfo
|
sub_408D6F(32d5):
KERNEL32.CreateEventW
|
sub_407297(32fd):
NTDLL.RtlGetLastWin32Error
|
sub_40FCD1(3370):
KERNEL32.GetSystemTimeAsFileTime
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_4066D7(33fc):
NTDLL.RtlLeaveCriticalSection
|
sub_405CA8(34a6):
"map/set too long"
|
sub_408BAA(34e9):
KERNEL32.GetModuleFileNameW
KERNEL32.GetModuleHandleW
KERNEL32.lstrlenW
"Module"
"Module_Raw"
|
sub_40E3A9(3853):
KERNEL32.InterlockedDecrement
|
sub_407BAF(38ac):
USER32.CharNextW
|
sub_40DDD8(38ba):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_411E43(3a36):
KERNEL32.IsValidCodePage
KERNEL32.GetCPInfo
|
sub_4089CE(3ac1):
KERNEL32.GetModuleFileNameW
KERNEL32.GetModuleHandleW
KERNEL32.lstrlenW
"Module"
"Module_Raw"
|
sub_406819(3d75):
USER32.CallWindowProcW
USER32.GetWindowLongW
USER32.SetWindowLongW
|
sub_417C70(3e68):
USER32.SystemParametersInfoW
USER32.GetParent
USER32.IsWindow
USER32.GetDesktopWindow
USER32.GetWindowRect
USER32.SetWindowPos
USER32.GetCursorPos
USER32.MoveWindow
USER32.ShowWindow
"rightbottom"
"center"
"mouse"
|
sub_409F62(3e84):
USER32.GetWindowLongW
USER32.PostQuitMessage
|
sub_40983C(3eca):
KERNEL32.ResetEvent
KERNEL32.GetWindowsDirectoryW
"scanStop"
|
sub_417173(3ee3):
WS2_32.WSAStartup
WININET.InternetOpenW
WININET.InternetConnectW
WININET.HttpOpenRequestW
WININET.HttpSendRequestW
WININET.InternetQueryDataAvailable
WININET.InternetReadFile
WININET.InternetCloseHandle
"http://"
"Microsoft Internet Explorer"
"Microsoft Internet Explorer"
"anonymous"
|
sub_414749(3ef8):
KERNEL32.SetStdHandle
|
sub_40DAF9(402d):
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
"mscoree.dll"
"CorExitProcess"
|
sub_40CDFD(40c7):
KERNEL32.HeapCreate
|
sub_407A74(4139):
NTDLL.RtlEnterCriticalSection
KERNEL32.lstrcmpiW
NTDLL.RtlLeaveCriticalSection
|
sub_418186(4140):
USER32.IsWindowEnabled
USER32.EnableWindow
USER32.SendMessageW
USER32.SetWindowTextW
USER32.SetForegroundWindow
|
sub_401304(4242):
KERNEL32.lstrlenA
KERNEL32.MultiByteToWideChar
|
sub_404F86(43fe):
KERNEL32.InterlockedDecrement
|
sub_417588(4420):
USER32.GetDC
GDI32.CreateCompatibleBitmap
GDI32.CreateBitmap
GDI32.SetDIBits
USER32.CreateIconIndirect
GDI32.DeleteObject
USER32.DestroyWindow
USER32.DestroyIcon
"Purchase full version Spyware Protect 2"...
|
sub_4078AB(4470):
KERNEL32.LoadLibraryExW
KERNEL32.FindResourceW
KERNEL32.LoadResource
KERNEL32.SizeofResource
KERNEL32.MultiByteToWideChar
KERNEL32.FreeLibrary
|
sub_40A2BB(4504):
KERNEL32.CreateThread
|
sub_416FF1(450c):
ADVAPI32.RegSetValueExW
|
sub_4198AF(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_415664(470e):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_417072(4886):
ADVAPI32.RegCreateKeyExW
|
sub_401441(4acb):
KERNEL32.GetCurrentThreadId
NTDLL.RtlEnterCriticalSection
KERNEL32.RaiseException
|
sub_401931(4c5a):
KERNEL32.lstrlenW
|
sub_401652(4e6b):
NTDLL.RtlEnterCriticalSection
|
sub_409CAD(4ece):
KERNEL32.SetEvent
|
sub_40A94B(4f1c):
KERNEL32.RaiseException
|
sub_416374(5193):
KERNEL32.WideCharToMultiByte
|
sub_411A60(5610):
NTDLL.RtlLeaveCriticalSection
|
sub_414C04(56de):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
KERNEL32.LCMapStringA
|
sub_403DD3(5957):
USER32.GetDC
USER32.GetClientRect
GDI32.CreateCompatibleDC
GDI32.CreateCompatibleBitmap
GDI32.SelectObject
GDI32.DeleteObject
GDI32.DeleteDC
USER32.FillRect
|
sub_40FA31(595a):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.SetHandleCount
|
sub_4080FF(596b):
KERNEL32.lstrlenW
USER32.CharNextW
|
sub_4010AC(5b55):
KERNEL32.lstrlenW
|
sub_415CEC(5c6f):
KERNEL32.CloseHandle
|
sub_4170C1(5d2d):
"ready"
|
sub_416CC7(5d80):
KERNEL32.SetEnvironmentVariableA
|
sub_40D00C(5f11):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_414FEE(6001):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.GetStringTypeA
|
sub_4026BE(6025):
USER32.GetFocus
USER32.IsChild
USER32.GetWindow
USER32.SetFocus
|
sub_41105A(621f):
KERNEL32.GetConsoleMode
KERNEL32.GetConsoleCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_40C03B(621f):
KERNEL32.RaiseException
|
sub_40F8FA(65e0):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.FreeEnvironmentStringsA
|
sub_40A398(65eb):
KERNEL32.lstrlenW
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_4048CA(6606):
USER32.GetDC
GDI32.GetDeviceCaps
USER32.ReleaseDC
KERNEL32.MulDiv
|
sub_408FB6(660d):
KERNEL32.GetTempPathW
WININET.DeleteUrlCacheEntryW
USER32.MessageBoxW
"swp2009_full_version.exe"
"Can't download installer, please try la"...
"true"
|
sub_4148E6(666c):
NTDLL.RtlLeaveCriticalSection
|
sub_40B866(6696):
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
|
sub_40E316(6768):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
NTDLL.RtlSetLastWin32Error
|
sub_404D0B(6973):
"0"
"AXWIN Frame Window"
|
sub_40971E(69b8):
"setProgressBar"
|
sub_404C88(6ab2):
NTDLL.RtlDeleteCriticalSection
|
sub_40E1BE(6b52):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_413C84(7046):
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.GetExitCodeProcess
KERNEL32.CloseHandle
|
sub_409533(718b):
"htmlMain.htm"
"scanButtonClick"
"purchase"
|
sub_40DB24(749c):
KERNEL32.ExitProcess
|
sub_4119ED(74f1):
NTDLL.RtlEnterCriticalSection
|
sub_40C52F(7586):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_40A7A4(75f0):
KERNEL32.IsProcessorFeaturePresent
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.InterlockedCompareExchange
NTDLL.RtlFreeHeap
"kernel32.dll"
"InterlockedPushEntrySList"
"InterlockedPopEntrySList"
|
sub_40A246(767e):
KERNEL32.RaiseException
|
sub_418266(769b):
USER32.GetWindowLongW
USER32.SetWindowLongW
USER32.GetWindowTextLengthW
USER32.GetWindowTextW
USER32.SetWindowTextW
KERNEL32.GlobalAlloc
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.DefWindowProcW
|
sub_4173E1(793f):
KERNEL32.GetModuleFileNameW
USER32.CharLowerW
KERNEL32.GetWindowsDirectoryW
KERNEL32.CopyFileW
ADVAPI32.RegOpenKeyExW
ADVAPI32.RegSetValueExW
ADVAPI32.RegCloseKey
KERNEL32.CreateProcessW
KERNEL32.ExitProcess
"\\"
"sysguard.exe"
"sysguard.exe"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"sysguard"
"http://spywprotect2009.com/loads.php"
"?r="
"16.0"
|
sub_4126C3(7a52):
KERNEL32.MultiByteToWideChar
|
sub_4015BD(7df3):
USER32.CharNextW
|
sub_407328(808e):
KERNEL32.InterlockedIncrement
|
sub_407333(808e):
KERNEL32.InterlockedDecrement
|
sub_40A6B1(80a8):
KERNEL32.GetThreadLocale
KERNEL32.GetLocaleInfoA
KERNEL32.GetACP
|
sub_4075D2(80f3):
KERNEL32.lstrlenW
|
sub_404477(80fa):
USER32.SetWindowLongW
|
sub_415E0C(848b):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_40939B(84a9):
KERNEL32.CloseHandle
|
sub_4092A8(87cd):
USER32.ShowWindow
"true"
|
sub_4024D9(8c51):
USER32.DestroyAcceleratorTable
|
sub_4091FA(8d0b):
"alert.htm"
"fstButtonClick"
|
sub_4093B3(8d0b):
"netalert.htm"
"fstButtonClick"
|
sub_4184BE(8d10):
USER32.GetWindowLongW
USER32.SetWindowLongW
USER32.GetWindowTextLengthW
USER32.GetWindowTextW
USER32.SetWindowTextW
KERNEL32.GlobalAlloc
KERNEL32.GlobalLock
KERNEL32.GlobalUnlock
USER32.DefWindowProcW
|
sub_408D98(8e34):
"purchase.htm"
"first"
"handshake"
"setemail"
"installerurl"
|
sub_409CE5(911f):
USER32.CreateWindowExW
USER32.SetWindowLongW
KERNEL32.lstrcpynW
USER32.GetDC
GDI32.CreateCompatibleBitmap
GDI32.CreateBitmap
GDI32.SetDIBits
USER32.CreateIconIndirect
GDI32.DeleteObject
USER32.DestroyIcon
USER32.TranslateMessage
USER32.DispatchMessageW
USER32.PeekMessageW
KERNEL32.WaitForSingleObjectEx
USER32.DestroyWindow
"STATIC"
"Spyware Protect 2009"
|
sub_408E29(914b):
"http://spywprotect.com/orderint?prodid="...
"&r="
"16.0"
"&email="
"redir"
"true"
|
sub_40EF6F(92a1):
KERNEL32.Sleep
|
sub_401867(9433):
USER32.MoveWindow
|
sub_40F83F(94d3):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_401154(94f5):
KERNEL32.InitializeCriticalSection
|
sub_407B63(9542):
USER32.CharNextW
|
sub_40A2F3(95a5):
KERNEL32.lstrlenA
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_4076FC(967b):
KERNEL32.RaiseException
|
sub_413B6D(9951):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
|
sub_415EED(9a02):
KERNEL32.GetLocaleInfoA
|
sub_408065(9cf1):
ADVAPI32.RegQueryInfoKeyW
|
sub_41426C(9d03):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_40DAA0(a00b):
KERNEL32.Sleep
KERNEL32.GetModuleHandleW
|
sub_40E4D8(a049):
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.TlsFree
KERNEL32.GetCurrentThreadId
"FlsAlloc"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_401496(a082):
USER32.CharNextW
":"
|
sub_4149D2(a109):
NTDLL.RtlDeleteCriticalSection
|
sub_40D3D2(a26f):
KERNEL32.VirtualAlloc
|
sub_411DC7(a29c):
KERNEL32.GetOEMCP
KERNEL32.GetACP
|
sub_40BB3D(a437):
KERNEL32.GetSystemTimeAsFileTime
|
sub_417A85(a7ac):
KERNEL32.lstrlenW
|
sub_407430(a7cb):
KERNEL32.lstrlenW
ADVAPI32.RegSetValueExW
|
sub_403F10(a7f3):
USER32.InvalidateRect
|
sub_403F2A(a7f3):
USER32.InvalidateRgn
|
sub_4170DD(a8d6):
"actcode"
|
sub_40A71A(aaac):
KERNEL32.GetVersionExA
KERNEL32.InterlockedExchange
|
sub_40ABCE(ab09):
"invalid string position"
|
sub_407B8A(ac65):
USER32.CharNextW
|
sub_418A96(adfc):
"Show"
"Close"
"SetTitle"
"DragWindow"
"ResizeWindow"
"MinimizeWindow"
"ToggleMaximizeNormalWindow"
"SetOpacity"
|
sub_40ED0F(ae67):
".\\"
|
sub_401BB2(b55f):
NTDLL.RtlEnterCriticalSection
KERNEL32.GetModuleFileNameW
|
sub_404725(b642):
NTDLL.RtlEnterCriticalSection
USER32.RegisterWindowMessageW
USER32.GetClassInfoExW
USER32.LoadCursorW
USER32.RegisterClassExW
"WM_ATLGETCONTROL"
"AtlAxWin80"
"AtlAxWinLic80"
|
sub_41640B(b6a9):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_408297(b6e5):
KERNEL32.lstrcmpiW
|
sub_410EBC(bea7):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40AEA5(bfae):
NTDLL.RtlAllocateHeap
|
sub_4083DE(bfdb):
KERNEL32.lstrcmpiW
KERNEL32.lstrlenW
ADVAPI32.RegOpenKeyExW
ADVAPI32.RegDeleteValueW
ADVAPI32.RegCloseKey
ADVAPI32.RegCreateKeyExW
ADVAPI32.RegDeleteKeyW
"Delete"
"ForceRemove"
"NoRemove"
"Val"
|
sub_402032(c20b):
USER32.CallWindowProcW
|
sub_40A77E(c27e):
KERNEL32.GetProcessHeap
NTDLL.RtlFreeHeap
|
sub_4128E7(c2c4):
"Sat"
|
sub_40AA42(c2e2):
KERNEL32.GetVersionExA
|
sub_417023(c368):
ADVAPI32.RegSetValueExW
"email"
|
sub_40961F(c3ad):
KERNEL32.SetEvent
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
|
sub_40A0E8(c65e):
USER32.CreateWindowExW
"STATIC"
|
sub_40A147(c65e):
USER32.CreateWindowExW
"STATIC"
|
sub_402874(c67b):
USER32.BeginPaint
USER32.GetClientRect
GDI32.CreateSolidBrush
USER32.FillRect
GDI32.DeleteObject
USER32.EndPaint
GDI32.CreateCompatibleBitmap
GDI32.CreateCompatibleDC
GDI32.SelectObject
GDI32.BitBlt
GDI32.DeleteDC
|
sub_404F75(c6f7):
KERNEL32.InterlockedIncrement
|
sub_405039(c6f7):
KERNEL32.InterlockedIncrement
|
sub_404933(c847):
USER32.GetDC
GDI32.GetDeviceCaps
USER32.ReleaseDC
KERNEL32.MulDiv
|
sub_416FB1(c904):
ADVAPI32.RegQueryValueExW
|
sub_416F74(c9e0):
ADVAPI32.RegQueryValueExW
"ready"
|
sub_40504A(ca28):
KERNEL32.InterlockedDecrement
|
sub_40A866(cf32):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
|
sub_409EDC(cf82):
KERNEL32.lstrcpynW
"Windows Security alert"
"Windows reports that computer is infect"...
|
sub_41AF2B(cfc6):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_411D23(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_40188D(d232):
USER32.GetParent
USER32.GetClassNameW
KERNEL32.lstrcmpW
"#32770"
|
sub_40DC14(d2e6):
NTDLL.RtlAllocateHeap
|
sub_40EB78(d327):
NTDLL.RtlAllocateHeap
|
sub_414846(d382):
NTDLL.RtlEnterCriticalSection
|
sub_40977C(d441):
USER32.TranslateMessage
USER32.SendMessageW
USER32.DispatchMessageW
USER32.PeekMessageW
KERNEL32.WaitForSingleObjectEx
USER32.ShowWindow
USER32.SetForegroundWindow
KERNEL32.Sleep
|
sub_403EA4(d4b6):
USER32.GetClientRect
GDI32.BitBlt
GDI32.DeleteDC
USER32.ReleaseDC
|
sub_4072C1(d732):
KERNEL32.RaiseException
NTDLL.RtlDeleteCriticalSection
|
sub_40E1F2(d7e5):
KERNEL32.TlsFree
|
sub_4044BB(d811):
USER32.GetWindowLongW
USER32.SetWindowLongW
USER32.DestroyWindow
|
sub_412028(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_40D322(db51):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_40CECF(dbaf):
NTDLL.RtlLeaveCriticalSection
|
sub_404F2C(dbee):
USER32.DestroyWindow
|
sub_404EC4(dbee):
USER32.DestroyWindow
|
sub_41490D(e123):
KERNEL32.WriteConsoleW
NTDLL.RtlGetLastWin32Error
KERNEL32.GetConsoleOutputCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteConsoleA
|
sub_406130(e20b):
"invalid map/set iterator"
|
sub_40AF6F(e225):
KERNEL32.VirtualQuery
KERNEL32.GetSystemInfo
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
KERNEL32.VirtualAlloc
KERNEL32.VirtualProtect
"kernel32.dll"
"SetThreadStackGuarantee"
|
sub_4098E0(e2dc):
KERNEL32.FindFirstFileW
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
KERNEL32.FindNextFileW
KERNEL32.FindClose
"\\*"
"."
".."
"\\"
"setScanFile"
|
sub_40EFBB(e349):
KERNEL32.Sleep
|
sub_40B8A1(e37e):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_4123B8(e390):
KERNEL32.InterlockedDecrement
|
sub_40B12D(e400):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_413890(e631):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.InterlockedIncrement
USER32.MessageBoxA
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_40691F(e800):
NTDLL.RtlSetLastWin32Error
USER32.CreateWindowExW
|
sub_40970B(eb3e):
"true"
|
sub_40783F(ee78):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_404508(ef0a):
USER32.IsWindow
USER32.CallWindowProcW
USER32.GetDlgItem
USER32.SendMessageW
|
sub_40E1B5(ef17):
KERNEL32.TlsAlloc
|
sub_40E22F(efcb):
KERNEL32.GetModuleHandleW
KERNEL32.GetProcAddress
KERNEL32.InterlockedIncrement
|
sub_40CFA9(f2b5):
NTDLL.RtlEnterCriticalSection
|
sub_41002E(f36d):
NTDLL.RtlUnwind
|
sub_411A9C(f3e9):
NTDLL.RtlLeaveCriticalSection
|
sub_4077EF(f77f):
NTDLL.RtlDeleteCriticalSection
|
sub_412329(f7a4):
KERNEL32.InterlockedIncrement
|
sub_41889D(f83f):
USER32.GetClientRect
USER32.CreateWindowExW
KERNEL32.GetModuleFileNameW
KERNEL32.lstrlenW
USER32.SetFocus
"AtlAxWin80"
"res://"
"/"
|
sub_404083(fa7c):
USER32.GetClientRect
USER32.RedrawWindow
"AXWIN"
|
sub_4018DB(fac0):
KERNEL32.GetCurrentProcess
KERNEL32.FlushInstructionCache
|
sub_40C0C0(fce2):
NTDLL.RtlUnwind
|