popup

Report - sdly_taskpop61.exe

Gen2 Gen1 Emotet Anti_VM PE File OS Processor Check PE32 DLL JPEG Format PNG Format MSOffice File PE64 GIF Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.14 20:42 Machine s1_win7_x6401
Filename sdly_taskpop61.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
10.4
ZERO API file : malware
VT API (file) 24 detected (Doina, Artemis, Unsafe, 1K4L0HE, Attribute, HighConfidence, Malicious, Fsysna, VSNTF521, score, CLASSIC, Johnnie, susgen, Genetic)
md5 bc7522c569863c07247effeed6adda85
sha256 1704f37b457e8947b989c130dc603c67d5d1d1166e2a3138698610d3f2d0bbfc
ssdeep 98304:l1wpL+zIIQn5PEdqRj0auF2QzjumyCzEpqS:Tw4d85PEuj0GQuZQzS
imphash d9c9b2207194e3b00f67e3fec7ad5f3e
impfuzzy 96:l4IFVfbQeryyXHXNZDeHcqSf3f77UIzRJ8YHWpnf9OgKt0YAio8gFHaxX2EFspwf:lrVke1NHfRJFHWpnf9O7+YAKNX21iOmp
  Network IP location

Signature (26cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch Attempts to modify browser security settings
watch Drops 60 unknown file mime types indicative of ransomware writing encrypted files back to disk
watch Network activity contains more than one unique useragent
watch Queries information on disks
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the process sdly_taskpop61.exe
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Checks for known Chinese AV sofware registry keys
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice Foreign language identified in PE resource
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice Sends data using the HTTP POST Method
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Collects information to fingerprint the system (MachineGuid
info Queries for the computername
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path
info Tries to locate where the browsers are installed

Rules (16cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_2_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (download)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info IsPE64 (no description) binaries (download)
info JPEG_Format_Zero JPEG Format binaries (download)
info Lnk_Format_Zero LNK Format binaries (download)
info Microsoft_Office_File_Zero Microsoft Office File binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info PNG_Format_Zero PNG Format binaries (download)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (download)

Network (68cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/log_btn_h.png
whois
CN Chinanet 58.218.203.248 clean
http://cdn-file-ssl-pc.ludashi.com/pc/cef/CefRes.dll?t=202106142055
whois
CN Chinanet 183.136.197.99 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/cir.png
whois
CN Chinanet 58.218.203.248 clean
http://cdn-file-ssl-wan.ludashi.com/pc/game/flash/pepflashplayer.7z?t=202106142055
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.240 clean
http://s.ludashi.com/wan?type=weiduan&action=install&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=8ffeb14d433dcc0c2b98a3cf2716c5f4&from=taskpop_sdly&forcetick=295
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_log_code.png?t=20191021
whois
CN Chinanet 58.218.203.248 clean
http://s.ludashi.com/wan?type=weiduan&action=inst_succ&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=9326e042414b37b0a465d68435568572&from=taskpop_sdly&forcetick=2
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://wan.ludashi.com/micro/sdly/index_lds.html?channel=taskpop&from=taskpop_wd_sdly
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.129.105.182 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/login_tit.png
whois
CN Chinanet 115.223.31.233 clean
http://s.ludashi.com/wan?type=weiduan&action=install_extra&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=bda3e2d3873bc6b8751a06ecfa64faa6&from=taskpop_sdly&forceti
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://s.ludashi.com/wan?type=accurate&action=t1&channel=taskpop&from=taskpop_wd_sdly&mid=fa7bb520099706f4d9615c3663eacc55&appver=3.2.5.61&uid=0&game=sdly×tamp=1623672829177&ex_ary[guid]=
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/log_btn.png
whois
CN Chinanet 115.223.31.227 clean
http://s.ludashi.com/wan?type=weiduan&action=run&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=bb1adc4f55a84cf7c0830a76e4cfec69&from=taskpop_sdly&forcetick=2978593
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://s.ludashi.com/wan?type=weiduan&action=7z_download_start&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=faf774bde5506632e0936450a2b05bac&from=taskpop_sdly&for
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_reg_act.png?t=20191021
whois
CN Chinanet 115.223.31.227 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/checkbox.png
whois
CN Chinanet 115.223.31.227 clean
http://s.ludashi.com/wan?type=weiduan&action=res_down_success&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=c8bafc2df3f18850e666c570733e30ee&from=taskpop_sdly&forc
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://s.ludashi.com/wan?type=weiduan&action=add_uninst_item&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=90fc48554d411fc4bdbd8c4cba5dcac7&from=taskpop_sdly&force
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://i.ludashi.com/ajax/gettoken?user_from=youxi&callback=jQuery18308462895474002294_1623672818022&_=1623672819545
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 120.27.82.56 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_log_pwd.png?t=20191021
whois
CN Chinanet 115.223.31.226 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_reg_code.png?t=20191021
whois
CN Chinanet 115.223.31.226 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/bg.jpg
whois
CN Chinanet 115.223.31.226 clean
http://wan.ludashi.com/api/CheckGameStatus?callback=jQuery18308462895474002294_1623672818021
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.129.105.182 clean
http://cdn-file.ludashi.com/assets/sea/sea.js
whois
CN Chinanet 115.223.31.229 clean
http://cdn-wan.ludashi.com/assets/superjs/config.js?v=20210527
whois
CN CT-HangZhou-IDC 122.225.67.190 clean
http://s.ludashi.com/wan?type=weiduan&action=main_show&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=5ecbfcbcece4eea0291ea4146880caf7&from=taskpop_sdly&forcetick=2
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/main.css
whois
CN Chinanet 115.223.31.229 clean
http://s.ludashi.com/wan?type=accurate&action=t3&channel=taskpop&from=taskpop_wd_sdly&mid=fa7bb520099706f4d9615c3663eacc55&appver=3.2.5.61&uid=0&game=sdly×tamp=1623672879174&ex_ary[guid]=
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://cdn-file.ludashi.com/assets/jquery/jquery183.js
whois
CN Chinanet 115.223.31.229 clean
http://s.ludashi.com/wan?type=weiduan&action=wd_install_success&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=9816a49d782b4cc6abf68cd3e4f25e57&from=taskpop_sdly&fo
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://wan.ludashi.com/announce/list?callback=jQuery18308462895474002294_1623672818022&type=2&gid=sdly&skip=0&num=5&_=1623672819146
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.129.105.182 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/nav.png
whois
CN Chinanet 115.223.31.229 clean
http://s.ludashi.com/wan?type=weiduan&action=add_desk_icon&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=29e0f6a694aea37940ed2c0d91f5f3c5&from=taskpop_sdly&forceti
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
http://s.ludashi.com/wan?type=weiduan&action=7z_download_success&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=222806ca1968aee2104845ac0bb1e961&from=taskpop_sdly&f
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/upload.jpg
whois
CN Chinanet 115.223.31.230 clean
http://cdn-file-ssl-wan.ludashi.com/wan/wan/7z.dll
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.239 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/third_qq.png
whois
CN Chinanet 115.223.31.229 clean
http://s.ludashi.com/wan?type=weiduan&action=7z_noexist&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=31673de8d494f02142e1edb517399942&from=taskpop_sdly&forcetick=
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://s.ludashi.com/wan?type=accurate&action=t0&channel=taskpop&from=taskpop_wd_sdly&mid=fa7bb520099706f4d9615c3663eacc55&appver=3.2.5.61&uid=0&game=sdly×tamp=1623672819149&ex_ary[guid]=
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://s.ludashi.com/wan?type=accurate&action=t2&channel=taskpop&from=taskpop_wd_sdly&mid=fa7bb520099706f4d9615c3663eacc55&appver=3.2.5.61&uid=0&game=sdly×tamp=1623672849175&ex_ary[guid]=
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://s.ludashi.com/wan?type=weiduan&action=inst_open&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=76d90940607a4e1fc8c4e780c107c434&from=taskpop_sdly&forcetick=2
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/news-bg.png
whois
CN Chinanet 115.223.31.229 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/reg.jpg?t=20200105
whois
CN Chinanet 115.223.31.229 clean
http://s.ludashi.com/wan?type=weiduan&action=wd_show_success&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=a77a4190d391498058b650400ce279b4&from=taskpop_sdly&force
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_log_act.png?t=20191021
whois
CN Chinanet 115.223.31.229 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/input_reg_pwd.png?t=20191021
whois
CN Chinanet 115.223.31.229 clean
http://cdn-file.ludashi.com/wan/micro/sdly/assets_lds/v1/third_weixin.png
whois
CN Chinanet 182.86.84.232 clean
http://s.ludashi.com/wan?type=weiduan&action=pepflash_down_success&channel=taskpop&mid=fa7bb520099706f4d9615c3663eacc55&mid2=c2a9b458c8eb84d52f3369329facb48b9ff9f7ac2b54&uid=d&appver=&modver=3.2.5.61&sign=1eb066f8aee684651bb6886e75ddddec&from=taskpop_sdly
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
https://cdn-ssl-wan.ludashi.com/assets/superjs/pageMicro.js?v=20210527
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.238 clean
https://cdn-ssl-wan.ludashi.com/assets/superjs/modules/commonTool.js?v=20210527
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.238 clean
https://cdn-ssl-wan.ludashi.com/assets/superjs/modules/commonLoginApi.js?v=20200810
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.238 clean
cdn-file-ssl-wan.ludashi.com
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.241 clean
i.ludashi.com
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 120.27.82.56 clean
cdn-wan.ludashi.com
whois
CN CT-HangZhou-IDC 122.225.67.192 clean
wan.ludashi.com
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.129.105.182 clean
s.ludashi.com
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.224.193.172 clean
cdn-ssl-wan.ludashi.com
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.242 clean
cdn-file.ludashi.com
whois
CN Chinanet 115.223.31.227 clean
cdn-file-ssl-pc.ludashi.com
whois
CN Chinanet 183.136.197.99 clean
139.129.105.182
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 139.129.105.182 clean
47.117.76.201
whois
Unknown 47.117.76.201 clean
115.238.192.244
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.244 malware
58.218.203.239
whois
CN Chinanet 58.218.203.239 clean
115.238.192.238
whois
CN JINHUA, ZHEJIANG Province, P.R.China. 115.238.192.238 clean
183.136.197.100
whois
CN Chinanet 183.136.197.100 clean
122.225.67.193
whois
CN CT-HangZhou-IDC 122.225.67.193 clean
106.15.139.117
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 106.15.139.117 clean
120.27.82.56
whois
CN Hangzhou Alibaba Advertising Co.,Ltd. 120.27.82.56 clean

Suricata ids

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Packed Executable Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) Library

SHELL32.dll
 0x4ed438 SHCreateDirectoryExW
 0x4ed43c SHBrowseForFolderW
 0x4ed440 SHGetPathFromIDListW
 0x4ed444 None
 0x4ed448 ShellExecuteExW
 0x4ed44c SHFileOperationW
 0x4ed450 ShellExecuteW
 0x4ed454 SHChangeNotify
 0x4ed458 SHGetSpecialFolderPathW
 0x4ed45c Shell_NotifyIconW
WININET.dll
 0x4ed65c InternetGetCookieExW
 0x4ed660 InternetCrackUrlW
IPHLPAPI.DLL
 0x4ed14c GetAdaptersInfo
KERNEL32.dll
 0x4ed154 GetSystemDirectoryW
 0x4ed158 GetTempPathW
 0x4ed15c GetTempFileNameW
 0x4ed160 CreateFileW
 0x4ed164 Process32FirstW
 0x4ed168 Process32NextW
 0x4ed16c SleepEx
 0x4ed170 OutputDebugStringA
 0x4ed174 LocalAlloc
 0x4ed178 LocalFree
 0x4ed17c WaitForMultipleObjects
 0x4ed180 GetStartupInfoW
 0x4ed184 Module32FirstW
 0x4ed188 Module32NextW
 0x4ed18c MapViewOfFile
 0x4ed190 UnmapViewOfFile
 0x4ed194 CreateFileMappingW
 0x4ed198 lstrcmpW
 0x4ed19c GetLocalTime
 0x4ed1a0 CreateThread
 0x4ed1a4 GetSystemWindowsDirectoryW
 0x4ed1a8 SetEvent
 0x4ed1ac CreateEventW
 0x4ed1b0 DeleteFileA
 0x4ed1b4 GetFileSize
 0x4ed1b8 GetLogicalDrives
 0x4ed1bc GetExitCodeThread
 0x4ed1c0 WriteConsoleW
 0x4ed1c4 SetEnvironmentVariableA
 0x4ed1c8 FreeEnvironmentStringsW
 0x4ed1cc GetEnvironmentStringsW
 0x4ed1d0 GetCommandLineW
 0x4ed1d4 GetCommandLineA
 0x4ed1d8 GetOEMCP
 0x4ed1dc IsValidCodePage
 0x4ed1e0 FindFirstFileExW
 0x4ed1e4 SetFilePointerEx
 0x4ed1e8 OutputDebugStringW
 0x4ed1ec GetConsoleMode
 0x4ed1f0 GetConsoleCP
 0x4ed1f4 GetTimeZoneInformation
 0x4ed1f8 EnumSystemLocalesW
 0x4ed1fc GetUserDefaultLCID
 0x4ed200 VirtualFree
 0x4ed204 GetFileType
 0x4ed208 SetStdHandle
 0x4ed20c GetModuleHandleExW
 0x4ed210 FreeLibraryAndExitThread
 0x4ed214 ExitThread
 0x4ed218 RtlUnwind
 0x4ed21c CreateFileA
 0x4ed220 lstrcmpiA
 0x4ed224 lstrcmpA
 0x4ed228 DeviceIoControl
 0x4ed22c DosDateTimeToFileTime
 0x4ed230 VirtualAlloc
 0x4ed234 Thread32Next
 0x4ed238 Thread32First
 0x4ed23c CreateToolhelp32Snapshot
 0x4ed240 FlushInstructionCache
 0x4ed244 ReadFile
 0x4ed248 SetThreadContext
 0x4ed24c GetThreadContext
 0x4ed250 ResumeThread
 0x4ed254 SuspendThread
 0x4ed258 OpenThread
 0x4ed25c Sleep
 0x4ed260 HeapCreate
 0x4ed264 CompareStringW
 0x4ed268 FreeResource
 0x4ed26c DebugBreak
 0x4ed270 VirtualQuery
 0x4ed274 MultiByteToWideChar
 0x4ed278 IsBadReadPtr
 0x4ed27c GetModuleFileNameW
 0x4ed280 LoadLibraryExW
 0x4ed284 lstrcmpiW
 0x4ed288 GetTickCount
 0x4ed28c WaitForSingleObject
 0x4ed290 SetErrorMode
 0x4ed294 SetUnhandledExceptionFilter
 0x4ed298 VirtualProtect
 0x4ed29c InterlockedDecrement
 0x4ed2a0 InterlockedIncrement
 0x4ed2a4 GetVersionExW
 0x4ed2a8 MoveFileExW
 0x4ed2ac FindNextFileW
 0x4ed2b0 FindFirstFileW
 0x4ed2b4 DeleteFileW
 0x4ed2b8 GetFileAttributesW
 0x4ed2bc SetFileAttributesW
 0x4ed2c0 GetFullPathNameW
 0x4ed2c4 RemoveDirectoryW
 0x4ed2c8 GetModuleHandleW
 0x4ed2cc LoadLibraryW
 0x4ed2d0 GetStringTypeW
 0x4ed2d4 FlushFileBuffers
 0x4ed2d8 LocalFileTimeToFileTime
 0x4ed2dc SetFilePointer
 0x4ed2e0 WriteFile
 0x4ed2e4 ReadConsoleW
 0x4ed2e8 GetStdHandle
 0x4ed2ec DecodePointer
 0x4ed2f0 LockResource
 0x4ed2f4 HeapDestroy
 0x4ed2f8 lstrlenW
 0x4ed2fc lstrcpynW
 0x4ed300 HeapAlloc
 0x4ed304 HeapReAlloc
 0x4ed308 HeapFree
 0x4ed30c HeapSize
 0x4ed310 GetProcessHeap
 0x4ed314 RaiseException
 0x4ed318 GetLastError
 0x4ed31c InitializeCriticalSectionAndSpinCount
 0x4ed320 DeleteCriticalSection
 0x4ed324 SetFileTime
 0x4ed328 LoadResource
 0x4ed32c InitializeSListHead
 0x4ed330 QueryPerformanceCounter
 0x4ed334 IsProcessorFeaturePresent
 0x4ed338 UnhandledExceptionFilter
 0x4ed33c SetEndOfFile
 0x4ed340 GlobalFree
 0x4ed344 GetVersion
 0x4ed348 ResetEvent
 0x4ed34c InterlockedCompareExchange
 0x4ed350 InterlockedExchange
 0x4ed354 MulDiv
 0x4ed358 GlobalUnlock
 0x4ed35c GlobalLock
 0x4ed360 ExitProcess
 0x4ed364 GlobalAlloc
 0x4ed368 CloseHandle
 0x4ed36c FindClose
 0x4ed370 SizeofResource
 0x4ed374 FindResourceW
 0x4ed378 FindResourceExW
 0x4ed37c GetCurrentThreadId
 0x4ed380 GetACP
 0x4ed384 IsDebuggerPresent
 0x4ed388 GetCPInfo
 0x4ed38c GetLocaleInfoW
 0x4ed390 LCMapStringW
 0x4ed394 GetSystemTimeAsFileTime
 0x4ed398 TlsFree
 0x4ed39c TlsSetValue
 0x4ed3a0 TlsGetValue
 0x4ed3a4 TlsAlloc
 0x4ed3a8 SwitchToThread
 0x4ed3ac InitializeCriticalSection
 0x4ed3b0 EnterCriticalSection
 0x4ed3b4 EncodePointer
 0x4ed3b8 LeaveCriticalSection
 0x4ed3bc CopyFileW
 0x4ed3c0 WideCharToMultiByte
 0x4ed3c4 FreeLibrary
 0x4ed3c8 GetProcAddress
 0x4ed3cc GetShortPathNameW
 0x4ed3d0 OpenProcess
 0x4ed3d4 SetLastError
 0x4ed3d8 GetProcessId
 0x4ed3dc GetCurrentThread
 0x4ed3e0 TerminateProcess
 0x4ed3e4 GetCurrentProcessId
 0x4ed3e8 GetCurrentProcess
 0x4ed3ec IsValidLocale
USER32.dll
 0x4ed4c0 EnableWindow
 0x4ed4c4 KillTimer
 0x4ed4c8 SetTimer
 0x4ed4cc IsZoomed
 0x4ed4d0 MoveWindow
 0x4ed4d4 DestroyWindow
 0x4ed4d8 GetMessageW
 0x4ed4dc PostThreadMessageW
 0x4ed4e0 PeekMessageW
 0x4ed4e4 GetIconInfo
 0x4ed4e8 GetWindow
 0x4ed4ec ReleaseDC
 0x4ed4f0 GetDC
 0x4ed4f4 RegisterWindowMessageW
 0x4ed4f8 SetForegroundWindow
 0x4ed4fc SetWindowTextW
 0x4ed500 UpdateWindow
 0x4ed504 GetSystemMetrics
 0x4ed508 SetFocus
 0x4ed50c IsWindowVisible
 0x4ed510 ShowWindow
 0x4ed514 SendMessageW
 0x4ed518 SetWindowsHookExW
 0x4ed51c MessageBoxW
 0x4ed520 CharNextW
 0x4ed524 DefWindowProcW
 0x4ed528 PostQuitMessage
 0x4ed52c LoadImageW
 0x4ed530 DestroyIcon
 0x4ed534 PostMessageW
 0x4ed538 MapWindowPoints
 0x4ed53c SetWindowPos
 0x4ed540 IsWindow
 0x4ed544 SystemParametersInfoW
 0x4ed548 FindWindowExW
 0x4ed54c GetParent
 0x4ed550 PtInRect
 0x4ed554 IsRectEmpty
 0x4ed558 GetCursorPos
 0x4ed55c GetWindowRect
 0x4ed560 SwitchToThisWindow
 0x4ed564 wvsprintfW
 0x4ed568 SetCursor
 0x4ed56c InflateRect
 0x4ed570 OffsetRect
 0x4ed574 LoadCursorW
 0x4ed578 TranslateMessage
 0x4ed57c DispatchMessageW
 0x4ed580 CreateWindowExW
 0x4ed584 IsChild
 0x4ed588 UpdateLayeredWindow
 0x4ed58c GetFocus
 0x4ed590 GetKeyState
 0x4ed594 SetCapture
 0x4ed598 ReleaseCapture
 0x4ed59c BeginPaint
 0x4ed5a0 EndPaint
 0x4ed5a4 GetUpdateRect
 0x4ed5a8 InvalidateRect
 0x4ed5ac GetClientRect
 0x4ed5b0 ScreenToClient
 0x4ed5b4 GetWindowLongW
 0x4ed5b8 SetWindowLongW
 0x4ed5bc GetClassNameW
 0x4ed5c0 CallWindowProcW
 0x4ed5c4 RegisterClassW
 0x4ed5c8 RegisterClassExW
 0x4ed5cc GetClassInfoExW
 0x4ed5d0 GetMenu
 0x4ed5d4 SetPropW
 0x4ed5d8 GetPropW
 0x4ed5dc AdjustWindowRectEx
 0x4ed5e0 IntersectRect
 0x4ed5e4 RemovePropW
 0x4ed5e8 IsIconic
 0x4ed5ec SetWindowRgn
 0x4ed5f0 MonitorFromWindow
 0x4ed5f4 GetMonitorInfoW
 0x4ed5f8 CopyRect
 0x4ed5fc CharPrevW
 0x4ed600 DrawTextW
 0x4ed604 SetRect
 0x4ed608 DrawIconEx
 0x4ed60c CreateCaret
 0x4ed610 HideCaret
 0x4ed614 ShowCaret
 0x4ed618 SetCaretPos
 0x4ed61c GetCaretPos
 0x4ed620 ClientToScreen
 0x4ed624 GetSysColor
 0x4ed628 CreateAcceleratorTableW
 0x4ed62c InvalidateRgn
 0x4ed630 FillRect
 0x4ed634 SetLayeredWindowAttributes
 0x4ed638 RedrawWindow
 0x4ed63c GetWindowTextW
 0x4ed640 GetWindowTextLengthW
 0x4ed644 GetWindowDC
GDI32.dll
 0x4ed09c CreateDCW
 0x4ed0a0 CreateSolidBrush
 0x4ed0a4 GetDeviceCaps
 0x4ed0a8 ExtTextOutW
 0x4ed0ac TextOutW
 0x4ed0b0 MoveToEx
 0x4ed0b4 CreateDIBSection
 0x4ed0b8 SetTextColor
 0x4ed0bc SetStretchBltMode
 0x4ed0c0 SetBkMode
 0x4ed0c4 SetBkColor
 0x4ed0c8 ExtSelectClipRgn
 0x4ed0cc SelectClipRgn
 0x4ed0d0 RestoreDC
 0x4ed0d4 RoundRect
 0x4ed0d8 SaveDC
 0x4ed0dc GetTextMetricsW
 0x4ed0e0 GetObjectW
 0x4ed0e4 LineTo
 0x4ed0e8 GetClipBox
 0x4ed0ec GetCharABCWidthsW
 0x4ed0f0 CreateRectRgnIndirect
 0x4ed0f4 CombineRgn
 0x4ed0f8 CreateRoundRectRgn
 0x4ed0fc SetDIBitsToDevice
 0x4ed100 StretchBlt
 0x4ed104 SelectObject
 0x4ed108 GetTextExtentPoint32W
 0x4ed10c GetStockObject
 0x4ed110 GetDIBits
 0x4ed114 DeleteObject
 0x4ed118 SetWindowOrgEx
 0x4ed11c BitBlt
 0x4ed120 CreateCompatibleBitmap
 0x4ed124 CreateCompatibleDC
 0x4ed128 CreateFontIndirectW
 0x4ed12c CreatePen
 0x4ed130 DeleteDC
 0x4ed134 Rectangle
ADVAPI32.dll
 0x4ed000 OpenThreadToken
 0x4ed004 GetTokenInformation
 0x4ed008 EqualSid
 0x4ed00c AllocateAndInitializeSid
 0x4ed010 FreeSid
 0x4ed014 RegCloseKey
 0x4ed018 RegOpenKeyExW
 0x4ed01c RegQueryValueExW
 0x4ed020 CloseServiceHandle
 0x4ed024 OpenSCManagerW
 0x4ed028 OpenServiceW
 0x4ed02c QueryServiceStatus
 0x4ed030 RegCreateKeyExW
 0x4ed034 RegDeleteKeyW
 0x4ed038 RegDeleteValueW
 0x4ed03c RegEnumKeyExW
 0x4ed040 RegQueryInfoKeyW
 0x4ed044 RegSetValueExW
 0x4ed048 AdjustTokenPrivileges
 0x4ed04c LookupPrivilegeValueW
 0x4ed050 RegCreateKeyW
 0x4ed054 GetUserNameW
 0x4ed058 SetTokenInformation
 0x4ed05c CreateWellKnownSid
 0x4ed060 GetLengthSid
 0x4ed064 DuplicateTokenEx
 0x4ed068 RegQueryValueExA
 0x4ed06c RegOpenKeyExA
 0x4ed070 RegEnumKeyExA
 0x4ed074 OpenProcessToken
ole32.dll
 0x4ed750 OleLockRunning
 0x4ed754 CreateStreamOnHGlobal
 0x4ed758 CoCreateInstance
 0x4ed75c CLSIDFromString
 0x4ed760 CLSIDFromProgID
 0x4ed764 CoInitialize
 0x4ed768 CoInitializeSecurity
 0x4ed76c CoCreateGuid
 0x4ed770 CoTaskMemFree
 0x4ed774 CoTaskMemRealloc
 0x4ed778 CoTaskMemAlloc
 0x4ed77c CoUninitialize
OLEAUT32.dll
 0x4ed400 SafeArrayPutElement
 0x4ed404 SysAllocString
 0x4ed408 SysFreeString
 0x4ed40c VariantChangeType
 0x4ed410 SysAllocStringLen
 0x4ed414 VariantInit
 0x4ed418 VarUI4FromStr
 0x4ed41c VariantClear
 0x4ed420 SafeArrayCreate
SHLWAPI.dll
 0x4ed464 PathFileExistsW
 0x4ed468 StrStrIW
 0x4ed46c wnsprintfW
 0x4ed470 PathCombineW
 0x4ed474 PathIsDirectoryW
 0x4ed478 PathRemoveFileSpecW
 0x4ed47c SHDeleteKeyW
 0x4ed480 PathFindExtensionW
 0x4ed484 PathFindFileNameW
 0x4ed488 PathAppendW
 0x4ed48c PathCanonicalizeW
 0x4ed490 SHGetValueW
 0x4ed494 StrStrIA
 0x4ed498 SHGetValueA
 0x4ed49c SHSetValueA
 0x4ed4a0 StrCmpNIW
 0x4ed4a4 StrTrimA
 0x4ed4a8 SHSetValueW
 0x4ed4ac StrCmpIW
 0x4ed4b0 AssocQueryStringW
COMCTL32.dll
 0x4ed07c None
 0x4ed080 InitCommonControlsEx
 0x4ed084 _TrackMouseEvent
PSAPI.DLL
 0x4ed428 EnumProcessModules
 0x4ed42c GetModuleFileNameExW
 0x4ed430 EnumProcesses
VERSION.dll
 0x4ed64c VerQueryValueW
 0x4ed650 GetFileVersionInfoW
 0x4ed654 GetFileVersionInfoSizeW
gdiplus.dll
 0x4ed684 GdipDrawPath
 0x4ed688 GdiplusStartup
 0x4ed68c GdiplusShutdown
 0x4ed690 GdipAlloc
 0x4ed694 GdipFree
 0x4ed698 GdipGetImageEncoders
 0x4ed69c GdipGetImageEncodersSize
 0x4ed6a0 GdipDrawImageRectRectI
 0x4ed6a4 GdipDrawImagePointsI
 0x4ed6a8 GdipFillPath
 0x4ed6ac GdipGraphicsClear
 0x4ed6b0 GdipSetInterpolationMode
 0x4ed6b4 GdipBitmapUnlockBits
 0x4ed6b8 GdipBitmapLockBits
 0x4ed6bc GdipCloneBitmapAreaI
 0x4ed6c0 GdipCreateHBITMAPFromBitmap
 0x4ed6c4 GdipCreateBitmapFromScan0
 0x4ed6c8 GdipCreateBitmapFromFile
 0x4ed6cc GdipCreateBitmapFromStream
 0x4ed6d0 GdipGetImageGraphicsContext
 0x4ed6d4 GdipSaveImageToFile
 0x4ed6d8 GdipCreateTexture
 0x4ed6dc GdipAddPathArcI
 0x4ed6e0 GdipClosePathFigure
 0x4ed6e4 GdipDrawImageRectI
 0x4ed6e8 GdipGetPropertyItem
 0x4ed6ec GdipGetPropertyItemSize
 0x4ed6f0 GdipImageSelectActiveFrame
 0x4ed6f4 GdipImageGetFrameCount
 0x4ed6f8 GdipImageGetFrameDimensionsList
 0x4ed6fc GdipImageGetFrameDimensionsCount
 0x4ed700 GdipGetImageHeight
 0x4ed704 GdipGetImageWidth
 0x4ed708 GdipDrawEllipseI
 0x4ed70c GdipCloneImage
 0x4ed710 GdipDeletePen
 0x4ed714 GdipCreatePen1
 0x4ed718 None
 0x4ed71c GdipCloneBrush
 0x4ed720 GdipDeleteBrush
 0x4ed724 GdipCreateSolidFill
 0x4ed728 GdipLoadImageFromStream
 0x4ed72c GdipDeletePath
 0x4ed730 GdipCreatePath
 0x4ed734 GdipFillEllipseI
 0x4ed738 GdipSetSmoothingMode
 0x4ed73c GdipDeleteGraphics
 0x4ed740 GdipCreateFromHDC
 0x4ed744 GdipDisposeImage
 0x4ed748 GdipLoadImageFromStreamICM
urlmon.dll
 0x4ed784 URLDownloadToCacheFileA
Secur32.dll
 0x4ed4b8 GetUserNameExW
WINMM.dll
 0x4ed668 timeGetTime
CRYPT32.dll
 0x4ed08c CryptBinaryToStringW
 0x4ed090 CryptStringToBinaryW
 0x4ed094 CertGetNameStringW
WINTRUST.dll
 0x4ed670 WTHelperProvDataFromStateData
 0x4ed674 WinVerifyTrust
MSIMG32.dll
 0x4ed3f4 GradientFill
 0x4ed3f8 AlphaBlend
IMM32.dll
 0x4ed13c ImmSetCompositionWindow
 0x4ed140 ImmGetContext
 0x4ed144 ImmReleaseContext
dbghelp.dll
 0x4ed67c MakeSureDirectoryPathExists

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure