ScreenShot
| Created | 2021.07.02 09:25 | Machine | s1_win7_x6402 |
| Filename | m1.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (malicious, high confidence, confidence, FileRepMalware, Woreflint) | ||
| md5 | 4185a656dd45d56626bc9ded66c3a7bd | ||
| sha256 | 9a0b3a21e8932b903f9d79b948c6abf8f735746d4f4c10934f57c34726af3f3d | ||
| ssdeep | 12288:eYUqByp7YKoM2/tDnJ6JKNcelTCs8ytO1AlYd8lVI1:DUqQB/2/tLJzl/rM1AY8Xm | ||
| imphash | 81a06e7356308d6f90f3bb9ae999e758 | ||
| impfuzzy | 96:KHytRET4Zbo14mPJDqDsTL4dGKGEnVZAcRcLhMFXQP6:kSZgisTL4dGKGEn/AcRc0QP6 | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1002d0b4 HeapAlloc
0x1002d0b8 GetSystemTimeAsFileTime
0x1002d0bc GetCommandLineA
0x1002d0c0 HeapFree
0x1002d0c4 RaiseException
0x1002d0c8 Sleep
0x1002d0cc ExitProcess
0x1002d0d0 HeapReAlloc
0x1002d0d4 VirtualAlloc
0x1002d0d8 HeapSize
0x1002d0dc TerminateProcess
0x1002d0e0 UnhandledExceptionFilter
0x1002d0e4 SetUnhandledExceptionFilter
0x1002d0e8 IsDebuggerPresent
0x1002d0ec VirtualFree
0x1002d0f0 HeapCreate
0x1002d0f4 HeapDestroy
0x1002d0f8 GetStdHandle
0x1002d0fc GetTimeZoneInformation
0x1002d100 GetACP
0x1002d104 IsValidCodePage
0x1002d108 RtlUnwind
0x1002d10c GetFileType
0x1002d110 GetStartupInfoA
0x1002d114 FreeEnvironmentStringsA
0x1002d118 GetEnvironmentStrings
0x1002d11c FreeEnvironmentStringsW
0x1002d120 GetEnvironmentStringsW
0x1002d124 QueryPerformanceCounter
0x1002d128 GetTickCount
0x1002d12c InitializeCriticalSectionAndSpinCount
0x1002d130 GetConsoleCP
0x1002d134 GetConsoleMode
0x1002d138 LCMapStringA
0x1002d13c LCMapStringW
0x1002d140 GetStringTypeA
0x1002d144 GetStringTypeW
0x1002d148 SetStdHandle
0x1002d14c WriteConsoleA
0x1002d150 GetConsoleOutputCP
0x1002d154 WriteConsoleW
0x1002d158 CompareStringW
0x1002d15c SetEnvironmentVariableA
0x1002d160 GetModuleHandleW
0x1002d164 CreateFileA
0x1002d168 FlushFileBuffers
0x1002d16c SetFilePointer
0x1002d170 WriteFile
0x1002d174 ReadFile
0x1002d178 WritePrivateProfileStringA
0x1002d17c GetOEMCP
0x1002d180 GetCPInfo
0x1002d184 InterlockedIncrement
0x1002d188 TlsFree
0x1002d18c DeleteCriticalSection
0x1002d190 LocalReAlloc
0x1002d194 TlsSetValue
0x1002d198 TlsAlloc
0x1002d19c InitializeCriticalSection
0x1002d1a0 GlobalHandle
0x1002d1a4 GlobalReAlloc
0x1002d1a8 EnterCriticalSection
0x1002d1ac TlsGetValue
0x1002d1b0 LeaveCriticalSection
0x1002d1b4 LocalAlloc
0x1002d1b8 GlobalFlags
0x1002d1bc InterlockedDecrement
0x1002d1c0 FormatMessageA
0x1002d1c4 LocalFree
0x1002d1c8 MulDiv
0x1002d1cc GetCurrentProcessId
0x1002d1d0 CloseHandle
0x1002d1d4 GetCurrentThread
0x1002d1d8 ConvertDefaultLocale
0x1002d1dc EnumResourceLanguagesA
0x1002d1e0 GetLocaleInfoA
0x1002d1e4 InterlockedExchange
0x1002d1e8 lstrcmpA
0x1002d1ec GlobalAlloc
0x1002d1f0 lstrlenA
0x1002d1f4 GetCurrentThreadId
0x1002d1f8 GlobalGetAtomNameA
0x1002d1fc GlobalAddAtomA
0x1002d200 GlobalFindAtomA
0x1002d204 GlobalDeleteAtom
0x1002d208 FreeLibrary
0x1002d20c CompareStringA
0x1002d210 GetLastError
0x1002d214 SetLastError
0x1002d218 lstrcmpW
0x1002d21c GetModuleHandleA
0x1002d220 GetProcAddress
0x1002d224 GetVersionExA
0x1002d228 GlobalLock
0x1002d22c GlobalUnlock
0x1002d230 GlobalFree
0x1002d234 FreeResource
0x1002d238 LoadLibraryA
0x1002d23c GetTimeFormatA
0x1002d240 GetModuleFileNameA
0x1002d244 MultiByteToWideChar
0x1002d248 GetCurrentProcess
0x1002d24c LoadResource
0x1002d250 LockResource
0x1002d254 SizeofResource
0x1002d258 FindResourceA
0x1002d25c SetHandleCount
0x1002d260 WideCharToMultiByte
USER32.dll
0x1002d284 DestroyMenu
0x1002d288 EndPaint
0x1002d28c BeginPaint
0x1002d290 GetWindowDC
0x1002d294 GrayStringA
0x1002d298 DrawTextExA
0x1002d29c DrawTextA
0x1002d2a0 TabbedTextOutA
0x1002d2a4 GetWindowThreadProcessId
0x1002d2a8 SetCursor
0x1002d2ac GetMessageA
0x1002d2b0 TranslateMessage
0x1002d2b4 ValidateRect
0x1002d2b8 IsZoomed
0x1002d2bc GetCursorPos
0x1002d2c0 WindowFromPoint
0x1002d2c4 ClientToScreen
0x1002d2c8 SetRect
0x1002d2cc InvalidateRect
0x1002d2d0 SetRectEmpty
0x1002d2d4 GetDC
0x1002d2d8 ReleaseDC
0x1002d2dc ShowWindow
0x1002d2e0 MoveWindow
0x1002d2e4 SetWindowTextA
0x1002d2e8 IsDialogMessageA
0x1002d2ec SetMenuItemBitmaps
0x1002d2f0 GetMenuCheckMarkDimensions
0x1002d2f4 LoadBitmapA
0x1002d2f8 GetMenuState
0x1002d2fc CheckMenuItem
0x1002d300 RegisterWindowMessageA
0x1002d304 SendDlgItemMessageA
0x1002d308 WinHelpA
0x1002d30c IsChild
0x1002d310 GetCapture
0x1002d314 SetWindowsHookExA
0x1002d318 CallNextHookEx
0x1002d31c GetClassLongA
0x1002d320 SetPropA
0x1002d324 GetPropA
0x1002d328 RemovePropA
0x1002d32c GetFocus
0x1002d330 SetFocus
0x1002d334 GetWindowTextLengthA
0x1002d338 GetForegroundWindow
0x1002d33c DispatchMessageA
0x1002d340 BeginDeferWindowPos
0x1002d344 EndDeferWindowPos
0x1002d348 GetTopWindow
0x1002d34c UnhookWindowsHookEx
0x1002d350 GetMessageTime
0x1002d354 GetMessagePos
0x1002d358 PeekMessageA
0x1002d35c MapWindowPoints
0x1002d360 SetMenu
0x1002d364 UpdateWindow
0x1002d368 PostMessageA
0x1002d36c MessageBoxA
0x1002d370 CreateWindowExA
0x1002d374 GetClassInfoExA
0x1002d378 GetClassInfoA
0x1002d37c RegisterClassA
0x1002d380 GetSysColor
0x1002d384 AdjustWindowRectEx
0x1002d388 EnableWindow
0x1002d38c GetParent
0x1002d390 IsWindowVisible
0x1002d394 IsIconic
0x1002d398 ScreenToClient
0x1002d39c EqualRect
0x1002d3a0 DeferWindowPos
0x1002d3a4 CopyRect
0x1002d3a8 PtInRect
0x1002d3ac DefWindowProcA
0x1002d3b0 CallWindowProcA
0x1002d3b4 GetMenu
0x1002d3b8 SetWindowLongA
0x1002d3bc LoadCursorA
0x1002d3c0 ModifyMenuA
0x1002d3c4 GetSysColorBrush
0x1002d3c8 SetForegroundWindow
0x1002d3cc GetLastActivePopup
0x1002d3d0 FindWindowA
0x1002d3d4 LoadIconA
0x1002d3d8 PostQuitMessage
0x1002d3dc SendMessageA
0x1002d3e0 OffsetRect
0x1002d3e4 GetWindowRect
0x1002d3e8 GetWindow
0x1002d3ec GetClientRect
0x1002d3f0 DrawIcon
0x1002d3f4 GetSystemMetrics
0x1002d3f8 GetSubMenu
0x1002d3fc GetMenuItemID
0x1002d400 GetMenuItemCount
0x1002d404 GetKeyState
0x1002d408 SetWindowPos
0x1002d40c GetDlgCtrlID
0x1002d410 SetTimer
0x1002d414 KillTimer
0x1002d418 SystemParametersInfoA
0x1002d41c GetWindowPlacement
0x1002d420 GetDesktopWindow
0x1002d424 GetActiveWindow
0x1002d428 SetActiveWindow
0x1002d42c CreateDialogIndirectParamA
0x1002d430 DestroyWindow
0x1002d434 GetDlgItem
0x1002d438 IsWindowEnabled
0x1002d43c GetNextDlgTabItem
0x1002d440 EndDialog
0x1002d444 IsWindow
0x1002d448 GetClassNameA
0x1002d44c GetWindowLongA
0x1002d450 EnumWindows
0x1002d454 GetWindowTextA
0x1002d458 EnableMenuItem
GDI32.dll
0x1002d028 OffsetViewportOrgEx
0x1002d02c SetViewportExtEx
0x1002d030 ScaleViewportExtEx
0x1002d034 SetWindowExtEx
0x1002d038 ScaleWindowExtEx
0x1002d03c GetStockObject
0x1002d040 SetViewportOrgEx
0x1002d044 ExtTextOutA
0x1002d048 Escape
0x1002d04c TextOutA
0x1002d050 RectVisible
0x1002d054 PtVisible
0x1002d058 IntersectClipRect
0x1002d05c ExcludeClipRect
0x1002d060 SetMapMode
0x1002d064 RestoreDC
0x1002d068 SaveDC
0x1002d06c GetDeviceCaps
0x1002d070 GetTextExtentPoint32A
0x1002d074 GetTextMetricsA
0x1002d078 GetBkColor
0x1002d07c CreateCompatibleBitmap
0x1002d080 CreateCompatibleDC
0x1002d084 StretchDIBits
0x1002d088 DeleteDC
0x1002d08c CreateFontA
0x1002d090 SelectObject
0x1002d094 GetCharWidthA
0x1002d098 DeleteObject
0x1002d09c CreateBitmap
0x1002d0a0 GetObjectA
0x1002d0a4 SetBkColor
0x1002d0a8 SetTextColor
0x1002d0ac GetClipBox
WINSPOOL.DRV
0x1002d460 DocumentPropertiesA
0x1002d464 OpenPrinterA
0x1002d468 ClosePrinter
ADVAPI32.dll
0x1002d000 RegSetValueExA
0x1002d004 RegCreateKeyExA
0x1002d008 RegQueryValueA
0x1002d00c RegOpenKeyA
0x1002d010 RegEnumKeyA
0x1002d014 RegDeleteKeyA
0x1002d018 RegOpenKeyExA
0x1002d01c RegQueryValueExA
0x1002d020 RegCloseKey
SHLWAPI.dll
0x1002d27c PathFindExtensionA
OLEAUT32.dll
0x1002d268 VariantClear
0x1002d26c VariantChangeType
0x1002d270 VariantInit
0x1002d274 SysAllocStringLen
EAT(Export Address Table) Library
0x100022e0 DllRegisterServer
KERNEL32.dll
0x1002d0b4 HeapAlloc
0x1002d0b8 GetSystemTimeAsFileTime
0x1002d0bc GetCommandLineA
0x1002d0c0 HeapFree
0x1002d0c4 RaiseException
0x1002d0c8 Sleep
0x1002d0cc ExitProcess
0x1002d0d0 HeapReAlloc
0x1002d0d4 VirtualAlloc
0x1002d0d8 HeapSize
0x1002d0dc TerminateProcess
0x1002d0e0 UnhandledExceptionFilter
0x1002d0e4 SetUnhandledExceptionFilter
0x1002d0e8 IsDebuggerPresent
0x1002d0ec VirtualFree
0x1002d0f0 HeapCreate
0x1002d0f4 HeapDestroy
0x1002d0f8 GetStdHandle
0x1002d0fc GetTimeZoneInformation
0x1002d100 GetACP
0x1002d104 IsValidCodePage
0x1002d108 RtlUnwind
0x1002d10c GetFileType
0x1002d110 GetStartupInfoA
0x1002d114 FreeEnvironmentStringsA
0x1002d118 GetEnvironmentStrings
0x1002d11c FreeEnvironmentStringsW
0x1002d120 GetEnvironmentStringsW
0x1002d124 QueryPerformanceCounter
0x1002d128 GetTickCount
0x1002d12c InitializeCriticalSectionAndSpinCount
0x1002d130 GetConsoleCP
0x1002d134 GetConsoleMode
0x1002d138 LCMapStringA
0x1002d13c LCMapStringW
0x1002d140 GetStringTypeA
0x1002d144 GetStringTypeW
0x1002d148 SetStdHandle
0x1002d14c WriteConsoleA
0x1002d150 GetConsoleOutputCP
0x1002d154 WriteConsoleW
0x1002d158 CompareStringW
0x1002d15c SetEnvironmentVariableA
0x1002d160 GetModuleHandleW
0x1002d164 CreateFileA
0x1002d168 FlushFileBuffers
0x1002d16c SetFilePointer
0x1002d170 WriteFile
0x1002d174 ReadFile
0x1002d178 WritePrivateProfileStringA
0x1002d17c GetOEMCP
0x1002d180 GetCPInfo
0x1002d184 InterlockedIncrement
0x1002d188 TlsFree
0x1002d18c DeleteCriticalSection
0x1002d190 LocalReAlloc
0x1002d194 TlsSetValue
0x1002d198 TlsAlloc
0x1002d19c InitializeCriticalSection
0x1002d1a0 GlobalHandle
0x1002d1a4 GlobalReAlloc
0x1002d1a8 EnterCriticalSection
0x1002d1ac TlsGetValue
0x1002d1b0 LeaveCriticalSection
0x1002d1b4 LocalAlloc
0x1002d1b8 GlobalFlags
0x1002d1bc InterlockedDecrement
0x1002d1c0 FormatMessageA
0x1002d1c4 LocalFree
0x1002d1c8 MulDiv
0x1002d1cc GetCurrentProcessId
0x1002d1d0 CloseHandle
0x1002d1d4 GetCurrentThread
0x1002d1d8 ConvertDefaultLocale
0x1002d1dc EnumResourceLanguagesA
0x1002d1e0 GetLocaleInfoA
0x1002d1e4 InterlockedExchange
0x1002d1e8 lstrcmpA
0x1002d1ec GlobalAlloc
0x1002d1f0 lstrlenA
0x1002d1f4 GetCurrentThreadId
0x1002d1f8 GlobalGetAtomNameA
0x1002d1fc GlobalAddAtomA
0x1002d200 GlobalFindAtomA
0x1002d204 GlobalDeleteAtom
0x1002d208 FreeLibrary
0x1002d20c CompareStringA
0x1002d210 GetLastError
0x1002d214 SetLastError
0x1002d218 lstrcmpW
0x1002d21c GetModuleHandleA
0x1002d220 GetProcAddress
0x1002d224 GetVersionExA
0x1002d228 GlobalLock
0x1002d22c GlobalUnlock
0x1002d230 GlobalFree
0x1002d234 FreeResource
0x1002d238 LoadLibraryA
0x1002d23c GetTimeFormatA
0x1002d240 GetModuleFileNameA
0x1002d244 MultiByteToWideChar
0x1002d248 GetCurrentProcess
0x1002d24c LoadResource
0x1002d250 LockResource
0x1002d254 SizeofResource
0x1002d258 FindResourceA
0x1002d25c SetHandleCount
0x1002d260 WideCharToMultiByte
USER32.dll
0x1002d284 DestroyMenu
0x1002d288 EndPaint
0x1002d28c BeginPaint
0x1002d290 GetWindowDC
0x1002d294 GrayStringA
0x1002d298 DrawTextExA
0x1002d29c DrawTextA
0x1002d2a0 TabbedTextOutA
0x1002d2a4 GetWindowThreadProcessId
0x1002d2a8 SetCursor
0x1002d2ac GetMessageA
0x1002d2b0 TranslateMessage
0x1002d2b4 ValidateRect
0x1002d2b8 IsZoomed
0x1002d2bc GetCursorPos
0x1002d2c0 WindowFromPoint
0x1002d2c4 ClientToScreen
0x1002d2c8 SetRect
0x1002d2cc InvalidateRect
0x1002d2d0 SetRectEmpty
0x1002d2d4 GetDC
0x1002d2d8 ReleaseDC
0x1002d2dc ShowWindow
0x1002d2e0 MoveWindow
0x1002d2e4 SetWindowTextA
0x1002d2e8 IsDialogMessageA
0x1002d2ec SetMenuItemBitmaps
0x1002d2f0 GetMenuCheckMarkDimensions
0x1002d2f4 LoadBitmapA
0x1002d2f8 GetMenuState
0x1002d2fc CheckMenuItem
0x1002d300 RegisterWindowMessageA
0x1002d304 SendDlgItemMessageA
0x1002d308 WinHelpA
0x1002d30c IsChild
0x1002d310 GetCapture
0x1002d314 SetWindowsHookExA
0x1002d318 CallNextHookEx
0x1002d31c GetClassLongA
0x1002d320 SetPropA
0x1002d324 GetPropA
0x1002d328 RemovePropA
0x1002d32c GetFocus
0x1002d330 SetFocus
0x1002d334 GetWindowTextLengthA
0x1002d338 GetForegroundWindow
0x1002d33c DispatchMessageA
0x1002d340 BeginDeferWindowPos
0x1002d344 EndDeferWindowPos
0x1002d348 GetTopWindow
0x1002d34c UnhookWindowsHookEx
0x1002d350 GetMessageTime
0x1002d354 GetMessagePos
0x1002d358 PeekMessageA
0x1002d35c MapWindowPoints
0x1002d360 SetMenu
0x1002d364 UpdateWindow
0x1002d368 PostMessageA
0x1002d36c MessageBoxA
0x1002d370 CreateWindowExA
0x1002d374 GetClassInfoExA
0x1002d378 GetClassInfoA
0x1002d37c RegisterClassA
0x1002d380 GetSysColor
0x1002d384 AdjustWindowRectEx
0x1002d388 EnableWindow
0x1002d38c GetParent
0x1002d390 IsWindowVisible
0x1002d394 IsIconic
0x1002d398 ScreenToClient
0x1002d39c EqualRect
0x1002d3a0 DeferWindowPos
0x1002d3a4 CopyRect
0x1002d3a8 PtInRect
0x1002d3ac DefWindowProcA
0x1002d3b0 CallWindowProcA
0x1002d3b4 GetMenu
0x1002d3b8 SetWindowLongA
0x1002d3bc LoadCursorA
0x1002d3c0 ModifyMenuA
0x1002d3c4 GetSysColorBrush
0x1002d3c8 SetForegroundWindow
0x1002d3cc GetLastActivePopup
0x1002d3d0 FindWindowA
0x1002d3d4 LoadIconA
0x1002d3d8 PostQuitMessage
0x1002d3dc SendMessageA
0x1002d3e0 OffsetRect
0x1002d3e4 GetWindowRect
0x1002d3e8 GetWindow
0x1002d3ec GetClientRect
0x1002d3f0 DrawIcon
0x1002d3f4 GetSystemMetrics
0x1002d3f8 GetSubMenu
0x1002d3fc GetMenuItemID
0x1002d400 GetMenuItemCount
0x1002d404 GetKeyState
0x1002d408 SetWindowPos
0x1002d40c GetDlgCtrlID
0x1002d410 SetTimer
0x1002d414 KillTimer
0x1002d418 SystemParametersInfoA
0x1002d41c GetWindowPlacement
0x1002d420 GetDesktopWindow
0x1002d424 GetActiveWindow
0x1002d428 SetActiveWindow
0x1002d42c CreateDialogIndirectParamA
0x1002d430 DestroyWindow
0x1002d434 GetDlgItem
0x1002d438 IsWindowEnabled
0x1002d43c GetNextDlgTabItem
0x1002d440 EndDialog
0x1002d444 IsWindow
0x1002d448 GetClassNameA
0x1002d44c GetWindowLongA
0x1002d450 EnumWindows
0x1002d454 GetWindowTextA
0x1002d458 EnableMenuItem
GDI32.dll
0x1002d028 OffsetViewportOrgEx
0x1002d02c SetViewportExtEx
0x1002d030 ScaleViewportExtEx
0x1002d034 SetWindowExtEx
0x1002d038 ScaleWindowExtEx
0x1002d03c GetStockObject
0x1002d040 SetViewportOrgEx
0x1002d044 ExtTextOutA
0x1002d048 Escape
0x1002d04c TextOutA
0x1002d050 RectVisible
0x1002d054 PtVisible
0x1002d058 IntersectClipRect
0x1002d05c ExcludeClipRect
0x1002d060 SetMapMode
0x1002d064 RestoreDC
0x1002d068 SaveDC
0x1002d06c GetDeviceCaps
0x1002d070 GetTextExtentPoint32A
0x1002d074 GetTextMetricsA
0x1002d078 GetBkColor
0x1002d07c CreateCompatibleBitmap
0x1002d080 CreateCompatibleDC
0x1002d084 StretchDIBits
0x1002d088 DeleteDC
0x1002d08c CreateFontA
0x1002d090 SelectObject
0x1002d094 GetCharWidthA
0x1002d098 DeleteObject
0x1002d09c CreateBitmap
0x1002d0a0 GetObjectA
0x1002d0a4 SetBkColor
0x1002d0a8 SetTextColor
0x1002d0ac GetClipBox
WINSPOOL.DRV
0x1002d460 DocumentPropertiesA
0x1002d464 OpenPrinterA
0x1002d468 ClosePrinter
ADVAPI32.dll
0x1002d000 RegSetValueExA
0x1002d004 RegCreateKeyExA
0x1002d008 RegQueryValueA
0x1002d00c RegOpenKeyA
0x1002d010 RegEnumKeyA
0x1002d014 RegDeleteKeyA
0x1002d018 RegOpenKeyExA
0x1002d01c RegQueryValueExA
0x1002d020 RegCloseKey
SHLWAPI.dll
0x1002d27c PathFindExtensionA
OLEAUT32.dll
0x1002d268 VariantClear
0x1002d26c VariantChangeType
0x1002d270 VariantInit
0x1002d274 SysAllocStringLen
EAT(Export Address Table) Library
0x100022e0 DllRegisterServer