popup

Report - downloaddocument.do

Emotet Gen1 Malicious Packer UPX Malicious Library AntiDebug AntiVM PE File OS Processor Check DLL PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.03 07:48 Machine s1_win7_x6401
Filename downloaddocument.do
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
5
 Behavior Score
11.2
ZERO API file : clean
VT API (file) 4 detected (malicious, confidence, Trickpak)
md5 4667f2ac85f21d40d87302b19415acef
sha256 9744b85a140693e44849652f471ba7a53c213349f85e8055ae5e4233c75d1dad
ssdeep 12288:jqaXVtfjXiMnRi5fRP0+yRSB0yYWAk+UI+nbVrSvIo5wm+t30lWF6QvNnIKckHR:jnbfj65fRUSGRZUI+nbBFdnIp4
imphash 99d9a584957572a810c8e33fd35a9f9a
impfuzzy 192:AaGKSOwvFl4LQoi4kT11kNoL4j3n+UeqkcScRc8Lsr5PcIAN1J9gcn:ALKyCkvkdj3nMqkjEOBWN1J/n
  Network IP location

Signature (25cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to create or modify system certificates
watch Communicates with host for which no DNS query was performed
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice File has been identified by 4 AntiVirus engines on VirusTotal as malicious
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Terminates another process
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info One or more processes crashed
info Queries for the computername
info This executable has a PDB path

Rules (17cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_1_Zero Win32 Trojan Emotet binaries (upload)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info anti_dbg Checks if being debugged memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory

Network (29cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/14/NAT%20status/client%20is%20behind%20NAT/0/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://46.99.175.217/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/vrvjnLXDTHh7rxb7xb/
whois
AL IPKO Telecommunications LLC 46.99.175.217 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/14/user/test22/0/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://105.27.205.34/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/5/pwgrabc64/
whois
ZA SEACOM-AS 105.27.205.34 clean
https://216.166.148.187/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/SPYVhO46b0DEThQMydS2Zfd4e8/
whois
US CYBERNET1 216.166.148.187 clean
https://www.myexternalip.com/raw
whois
US GOOGLE 34.117.59.81 clean
https://46.99.175.217/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/10/62/VVFTRPXNNPLIHFMHFQF/7/
whois
AL IPKO Telecommunications LLC 46.99.175.217 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/hzJfcDAclgRsE45qcKUZSccHLZoSl/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/5/file/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/10/62/BPPXFPXZDBXTTXN/7/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://182.253.210.130/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/5/pwgrabb64/
whois
ID BIZNET NETWORKS 182.253.210.130 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/10/62/THBJBHXZZHFTFFNVJ/7/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/23/100019/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://216.166.148.187/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5Cwise-toolsHN1H3H%5Cftdownloaddocumenthn.grf/0/
whois
US CYBERNET1 216.166.148.187 clean
https://184.74.99.214/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/
whois
US TWC-11351-NORTHEAST 184.74.99.214 clean
https://185.56.175.122/rob118/TEST22-PC_W617601.3C7F39ECB3B6699FD2D3B4D4F19A2BBF/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/RguEiTZB8CRul1FpJkUlRGDdx8/
whois
PL Virtuaoperator Sp. z o.o. 185.56.175.122 clean
www.myexternalip.com
whois
US GOOGLE 34.117.59.81 clean
150.134.208.175.b.barracudacentral.org
whois
Unknown 127.0.0.2 clean
150.134.208.175.cbl.abuseat.org
whois
Unknown clean
150.134.208.175.zen.spamhaus.org
whois
Unknown clean
105.27.205.34
whois
ZA SEACOM-AS 105.27.205.34 clean
46.99.175.217
whois
AL IPKO Telecommunications LLC 46.99.175.217 clean
194.146.249.137
whois
PL Virtuaoperator Sp. z o.o. 194.146.249.137 clean
184.74.99.214
whois
US TWC-11351-NORTHEAST 184.74.99.214 mailcious
185.56.175.122
whois
PL Virtuaoperator Sp. z o.o. 185.56.175.122 clean
182.253.210.130
whois
ID BIZNET NETWORKS 182.253.210.130 clean
216.166.148.187
whois
US CYBERNET1 216.166.148.187 clean
34.117.59.81
whois
US GOOGLE 34.117.59.81 clean
5.152.175.57
whois
ES Skylogic S.p.A. 5.152.175.57 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 10

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1007f1c0 ExitThread
 0x1007f1c4 CreateThread
 0x1007f1c8 RaiseException
 0x1007f1cc VirtualProtect
 0x1007f1d0 VirtualAlloc
 0x1007f1d4 GetSystemInfo
 0x1007f1d8 VirtualQuery
 0x1007f1dc HeapSize
 0x1007f1e0 HeapReAlloc
 0x1007f1e4 TerminateProcess
 0x1007f1e8 UnhandledExceptionFilter
 0x1007f1ec SetUnhandledExceptionFilter
 0x1007f1f0 IsDebuggerPresent
 0x1007f1f4 GetACP
 0x1007f1f8 IsValidCodePage
 0x1007f1fc FatalAppExitA
 0x1007f200 VirtualFree
 0x1007f204 HeapCreate
 0x1007f208 HeapDestroy
 0x1007f20c GetStdHandle
 0x1007f210 SetHandleCount
 0x1007f214 GetFileType
 0x1007f218 GetStartupInfoA
 0x1007f21c FreeEnvironmentStringsA
 0x1007f220 GetEnvironmentStrings
 0x1007f224 ExitProcess
 0x1007f228 GetEnvironmentStringsW
 0x1007f22c QueryPerformanceCounter
 0x1007f230 GetSystemTimeAsFileTime
 0x1007f234 SetConsoleCtrlHandler
 0x1007f238 InitializeCriticalSectionAndSpinCount
 0x1007f23c GetStringTypeA
 0x1007f240 GetStringTypeW
 0x1007f244 GetTimeZoneInformation
 0x1007f248 LCMapStringA
 0x1007f24c LCMapStringW
 0x1007f250 GetTimeFormatA
 0x1007f254 GetDateFormatA
 0x1007f258 GetUserDefaultLCID
 0x1007f25c EnumSystemLocalesA
 0x1007f260 IsValidLocale
 0x1007f264 GetLocaleInfoW
 0x1007f268 GetConsoleCP
 0x1007f26c GetConsoleMode
 0x1007f270 SetStdHandle
 0x1007f274 WriteConsoleA
 0x1007f278 GetConsoleOutputCP
 0x1007f27c WriteConsoleW
 0x1007f280 CompareStringW
 0x1007f284 SetEnvironmentVariableA
 0x1007f288 Sleep
 0x1007f28c HeapFree
 0x1007f290 GetCommandLineA
 0x1007f294 HeapAlloc
 0x1007f298 RtlUnwind
 0x1007f29c SetErrorMode
 0x1007f2a0 GetModuleHandleW
 0x1007f2a4 GetFileSizeEx
 0x1007f2a8 SetFileAttributesA
 0x1007f2ac LocalFileTimeToFileTime
 0x1007f2b0 FileTimeToLocalFileTime
 0x1007f2b4 SystemTimeToFileTime
 0x1007f2b8 FileTimeToSystemTime
 0x1007f2bc GetAtomNameA
 0x1007f2c0 GetOEMCP
 0x1007f2c4 GetCPInfo
 0x1007f2c8 CreateFileA
 0x1007f2cc GetShortPathNameA
 0x1007f2d0 GetVolumeInformationA
 0x1007f2d4 FindFirstFileA
 0x1007f2d8 FindClose
 0x1007f2dc DuplicateHandle
 0x1007f2e0 GetFileSize
 0x1007f2e4 SetEndOfFile
 0x1007f2e8 UnlockFile
 0x1007f2ec LockFile
 0x1007f2f0 FlushFileBuffers
 0x1007f2f4 SetFilePointer
 0x1007f2f8 WriteFile
 0x1007f2fc ReadFile
 0x1007f300 lstrcmpiA
 0x1007f304 GetThreadLocale
 0x1007f308 GetStringTypeExA
 0x1007f30c DeleteFileA
 0x1007f310 MoveFileA
 0x1007f314 InterlockedIncrement
 0x1007f318 TlsFree
 0x1007f31c DeleteCriticalSection
 0x1007f320 LocalReAlloc
 0x1007f324 TlsSetValue
 0x1007f328 TlsAlloc
 0x1007f32c InitializeCriticalSection
 0x1007f330 GlobalHandle
 0x1007f334 GlobalReAlloc
 0x1007f338 EnterCriticalSection
 0x1007f33c TlsGetValue
 0x1007f340 LeaveCriticalSection
 0x1007f344 LocalAlloc
 0x1007f348 GlobalFlags
 0x1007f34c InterlockedDecrement
 0x1007f350 GetModuleFileNameW
 0x1007f354 GetCurrentDirectoryA
 0x1007f358 CopyFileA
 0x1007f35c GlobalSize
 0x1007f360 FormatMessageA
 0x1007f364 LocalFree
 0x1007f368 lstrlenW
 0x1007f36c MulDiv
 0x1007f370 GetDiskFreeSpaceA
 0x1007f374 GetFullPathNameA
 0x1007f378 GetTempFileNameA
 0x1007f37c GetFileTime
 0x1007f380 SetFileTime
 0x1007f384 GetFileAttributesA
 0x1007f388 GetTickCount
 0x1007f38c GetPrivateProfileStringA
 0x1007f390 WritePrivateProfileStringA
 0x1007f394 GetPrivateProfileIntA
 0x1007f398 lstrlenA
 0x1007f39c GlobalGetAtomNameA
 0x1007f3a0 GlobalFindAtomA
 0x1007f3a4 MultiByteToWideChar
 0x1007f3a8 lstrcmpW
 0x1007f3ac GetVersionExA
 0x1007f3b0 GlobalUnlock
 0x1007f3b4 GlobalFree
 0x1007f3b8 FreeResource
 0x1007f3bc GetCurrentProcessId
 0x1007f3c0 GetLastError
 0x1007f3c4 SetLastError
 0x1007f3c8 GlobalAddAtomA
 0x1007f3cc CreateEventA
 0x1007f3d0 SuspendThread
 0x1007f3d4 SetEvent
 0x1007f3d8 WaitForSingleObject
 0x1007f3dc ResumeThread
 0x1007f3e0 SetThreadPriority
 0x1007f3e4 CloseHandle
 0x1007f3e8 GlobalDeleteAtom
 0x1007f3ec GetCurrentThread
 0x1007f3f0 GetCurrentThreadId
 0x1007f3f4 ConvertDefaultLocale
 0x1007f3f8 EnumResourceLanguagesA
 0x1007f3fc GetModuleFileNameA
 0x1007f400 GetLocaleInfoA
 0x1007f404 LoadLibraryA
 0x1007f408 WideCharToMultiByte
 0x1007f40c CompareStringA
 0x1007f410 FindResourceA
 0x1007f414 LoadResource
 0x1007f418 LockResource
 0x1007f41c SizeofResource
 0x1007f420 InterlockedExchange
 0x1007f424 GlobalLock
 0x1007f428 lstrcmpA
 0x1007f42c GlobalAlloc
 0x1007f430 FreeLibrary
 0x1007f434 GetModuleHandleA
 0x1007f438 GetProcAddress
 0x1007f43c LoadLibraryW
 0x1007f440 FreeEnvironmentStringsW
 0x1007f444 GetCurrentProcess
USER32.dll
 0x1007f53c MapVirtualKeyA
 0x1007f540 GetSystemMenu
 0x1007f544 SetParent
 0x1007f548 UnregisterClassA
 0x1007f54c GetDCEx
 0x1007f550 LockWindowUpdate
 0x1007f554 ShowWindow
 0x1007f558 MoveWindow
 0x1007f55c SetWindowTextA
 0x1007f560 IsDialogMessageA
 0x1007f564 IsDlgButtonChecked
 0x1007f568 SetDlgItemTextA
 0x1007f56c SetDlgItemInt
 0x1007f570 GetDlgItemTextA
 0x1007f574 GetDlgItemInt
 0x1007f578 CheckRadioButton
 0x1007f57c CheckDlgButton
 0x1007f580 RegisterWindowMessageA
 0x1007f584 LoadIconA
 0x1007f588 SendDlgItemMessageA
 0x1007f58c WinHelpA
 0x1007f590 IsChild
 0x1007f594 GetCapture
 0x1007f598 GetClassLongA
 0x1007f59c GetClassNameA
 0x1007f5a0 SetPropA
 0x1007f5a4 GetPropA
 0x1007f5a8 RemovePropA
 0x1007f5ac SetFocus
 0x1007f5b0 GetWindowTextLengthA
 0x1007f5b4 GetWindowTextA
 0x1007f5b8 GetForegroundWindow
 0x1007f5bc BeginDeferWindowPos
 0x1007f5c0 EndDeferWindowPos
 0x1007f5c4 GetTopWindow
 0x1007f5c8 UnhookWindowsHookEx
 0x1007f5cc GetMessageTime
 0x1007f5d0 GetMessagePos
 0x1007f5d4 MapWindowPoints
 0x1007f5d8 ScrollWindow
 0x1007f5dc TrackPopupMenuEx
 0x1007f5e0 TrackPopupMenu
 0x1007f5e4 SetMenu
 0x1007f5e8 SetScrollRange
 0x1007f5ec GetScrollRange
 0x1007f5f0 SetScrollPos
 0x1007f5f4 GetScrollPos
 0x1007f5f8 SetForegroundWindow
 0x1007f5fc ShowScrollBar
 0x1007f600 GetClientRect
 0x1007f604 GetSubMenu
 0x1007f608 GetMenuItemID
 0x1007f60c GetMenuItemCount
 0x1007f610 CreateWindowExA
 0x1007f614 GetClassInfoExA
 0x1007f618 GetClassInfoA
 0x1007f61c RegisterClassA
 0x1007f620 GetSysColor
 0x1007f624 AdjustWindowRectEx
 0x1007f628 GetSysColorBrush
 0x1007f62c GetKeyNameTextA
 0x1007f630 DeferWindowPos
 0x1007f634 GetScrollInfo
 0x1007f638 SetScrollInfo
 0x1007f63c CopyRect
 0x1007f640 PtInRect
 0x1007f644 SetWindowPlacement
 0x1007f648 GetDlgCtrlID
 0x1007f64c DefWindowProcA
 0x1007f650 CallWindowProcA
 0x1007f654 GetMenu
 0x1007f658 SetWindowLongA
 0x1007f65c SetWindowPos
 0x1007f660 OffsetRect
 0x1007f664 IntersectRect
 0x1007f668 SystemParametersInfoA
 0x1007f66c IsIconic
 0x1007f670 GetWindowPlacement
 0x1007f674 GetWindowRect
 0x1007f678 GetSystemMetrics
 0x1007f67c GetWindow
 0x1007f680 GetDesktopWindow
 0x1007f684 SetActiveWindow
 0x1007f688 CreateDialogIndirectParamA
 0x1007f68c DestroyWindow
 0x1007f690 IsWindow
 0x1007f694 GetDlgItem
 0x1007f698 GetNextDlgTabItem
 0x1007f69c EndDialog
 0x1007f6a0 GetWindowThreadProcessId
 0x1007f6a4 GetWindowLongA
 0x1007f6a8 GetLastActivePopup
 0x1007f6ac IsWindowEnabled
 0x1007f6b0 MessageBoxA
 0x1007f6b4 ShowOwnedPopups
 0x1007f6b8 SetCursor
 0x1007f6bc SetWindowsHookExA
 0x1007f6c0 CallNextHookEx
 0x1007f6c4 GetMessageA
 0x1007f6c8 TranslateMessage
 0x1007f6cc DispatchMessageA
 0x1007f6d0 GetActiveWindow
 0x1007f6d4 UpdateWindow
 0x1007f6d8 EnableWindow
 0x1007f6dc PostQuitMessage
 0x1007f6e0 EndPaint
 0x1007f6e4 IsWindowVisible
 0x1007f6e8 GetKeyState
 0x1007f6ec PeekMessageA
 0x1007f6f0 GetCursorPos
 0x1007f6f4 ValidateRect
 0x1007f6f8 SetMenuItemBitmaps
 0x1007f6fc GetMenuCheckMarkDimensions
 0x1007f700 LoadBitmapA
 0x1007f704 GetFocus
 0x1007f708 GetParent
 0x1007f70c SendMessageA
 0x1007f710 ModifyMenuA
 0x1007f714 GetMenuState
 0x1007f718 EnableMenuItem
 0x1007f71c CheckMenuItem
 0x1007f720 PostMessageA
 0x1007f724 PostThreadMessageA
 0x1007f728 MessageBeep
 0x1007f72c GetNextDlgGroupItem
 0x1007f730 InvalidateRgn
 0x1007f734 CopyAcceleratorTableA
 0x1007f738 CharNextA
 0x1007f73c GetMenuItemInfoA
 0x1007f740 InflateRect
 0x1007f744 GetDialogBaseUnits
 0x1007f748 CharUpperA
 0x1007f74c EqualRect
 0x1007f750 DestroyIcon
 0x1007f754 BeginPaint
 0x1007f758 GetWindowDC
 0x1007f75c GrayStringA
 0x1007f760 DrawTextExA
 0x1007f764 DrawTextA
 0x1007f768 TabbedTextOutA
 0x1007f76c DeleteMenu
 0x1007f770 UnionRect
 0x1007f774 GetDC
 0x1007f778 ReleaseDC
 0x1007f77c IsZoomed
 0x1007f780 WindowFromPoint
 0x1007f784 SetRect
 0x1007f788 UnpackDDElParam
 0x1007f78c ReuseDDElParam
 0x1007f790 LoadMenuA
 0x1007f794 DestroyMenu
 0x1007f798 GetMenuBarInfo
 0x1007f79c LoadAcceleratorsA
 0x1007f7a0 InsertMenuItemA
 0x1007f7a4 CreatePopupMenu
 0x1007f7a8 SetRectEmpty
 0x1007f7ac BringWindowToTop
 0x1007f7b0 TranslateAcceleratorA
 0x1007f7b4 GetMenuStringA
 0x1007f7b8 AppendMenuA
 0x1007f7bc InsertMenuA
 0x1007f7c0 RemoveMenu
 0x1007f7c4 ReleaseCapture
 0x1007f7c8 LoadCursorA
 0x1007f7cc SetCapture
 0x1007f7d0 KillTimer
 0x1007f7d4 SetTimer
 0x1007f7d8 InvalidateRect
 0x1007f7dc ClientToScreen
 0x1007f7e0 SetWindowRgn
 0x1007f7e4 DrawIcon
 0x1007f7e8 FillRect
 0x1007f7ec IsRectEmpty
 0x1007f7f0 RegisterClipboardFormatA
 0x1007f7f4 SetWindowContextHelpId
 0x1007f7f8 ScreenToClient
 0x1007f7fc MapDialogRect
 0x1007f800 ScrollWindowEx
GDI32.dll
 0x1007f048 DeleteDC
 0x1007f04c StretchDIBits
 0x1007f050 SaveDC
 0x1007f054 RestoreDC
 0x1007f058 SetBkMode
 0x1007f05c SetPolyFillMode
 0x1007f060 SetROP2
 0x1007f064 SetStretchBltMode
 0x1007f068 SetGraphicsMode
 0x1007f06c SetWorldTransform
 0x1007f070 ModifyWorldTransform
 0x1007f074 SetMapMode
 0x1007f078 ExcludeClipRect
 0x1007f07c IntersectClipRect
 0x1007f080 OffsetClipRgn
 0x1007f084 LineTo
 0x1007f088 MoveToEx
 0x1007f08c SetTextAlign
 0x1007f090 SetTextJustification
 0x1007f094 SetTextCharacterExtra
 0x1007f098 SetMapperFlags
 0x1007f09c SetArcDirection
 0x1007f0a0 SetColorAdjustment
 0x1007f0a4 SelectClipRgn
 0x1007f0a8 GetClipRgn
 0x1007f0ac CreateRectRgn
 0x1007f0b0 SelectClipPath
 0x1007f0b4 GetViewportExtEx
 0x1007f0b8 GetWindowExtEx
 0x1007f0bc BitBlt
 0x1007f0c0 GetPixel
 0x1007f0c4 StartDocA
 0x1007f0c8 PtVisible
 0x1007f0cc RectVisible
 0x1007f0d0 TextOutA
 0x1007f0d4 CreateFontA
 0x1007f0d8 Escape
 0x1007f0dc SetViewportOrgEx
 0x1007f0e0 OffsetViewportOrgEx
 0x1007f0e4 SetViewportExtEx
 0x1007f0e8 ScaleViewportExtEx
 0x1007f0ec SetWindowOrgEx
 0x1007f0f0 OffsetWindowOrgEx
 0x1007f0f4 SetWindowExtEx
 0x1007f0f8 ScaleWindowExtEx
 0x1007f0fc GetCurrentPositionEx
 0x1007f100 ArcTo
 0x1007f104 PolyDraw
 0x1007f108 PolylineTo
 0x1007f10c PolyBezierTo
 0x1007f110 ExtSelectClipRgn
 0x1007f114 CreateDIBPatternBrushPt
 0x1007f118 CreatePatternBrush
 0x1007f11c GetStockObject
 0x1007f120 SelectPalette
 0x1007f124 PlayMetaFileRecord
 0x1007f128 GetObjectType
 0x1007f12c EnumMetaFile
 0x1007f130 PlayMetaFile
 0x1007f134 CreatePen
 0x1007f138 ExtCreatePen
 0x1007f13c CreateSolidBrush
 0x1007f140 CreateHatchBrush
 0x1007f144 CreateFontIndirectA
 0x1007f148 GetTextColor
 0x1007f14c CreateRectRgnIndirect
 0x1007f150 GetRgnBox
 0x1007f154 PatBlt
 0x1007f158 SetRectRgn
 0x1007f15c CombineRgn
 0x1007f160 GetMapMode
 0x1007f164 DeleteObject
 0x1007f168 GetCharWidthA
 0x1007f16c GetTextExtentPoint32A
 0x1007f170 GetTextMetricsA
 0x1007f174 SelectObject
 0x1007f178 GetBkColor
 0x1007f17c CreateCompatibleDC
 0x1007f180 CreateCompatibleBitmap
 0x1007f184 CreateDCA
 0x1007f188 CopyMetaFileA
 0x1007f18c GetDeviceCaps
 0x1007f190 Ellipse
 0x1007f194 LPtoDP
 0x1007f198 DPtoLP
 0x1007f19c CreateEllipticRgn
 0x1007f1a0 GetObjectA
 0x1007f1a4 ExtTextOutA
 0x1007f1a8 CreateBitmap
 0x1007f1ac SetTextColor
 0x1007f1b0 GetClipBox
 0x1007f1b4 GetDCOrgEx
 0x1007f1b8 SetBkColor
COMDLG32.dll
 0x1007f040 GetFileTitleA
WINSPOOL.DRV
 0x1007f808 DocumentPropertiesA
 0x1007f80c ClosePrinter
 0x1007f810 OpenPrinterA
ADVAPI32.dll
 0x1007f000 RegSetValueA
 0x1007f004 GetFileSecurityA
 0x1007f008 SetFileSecurityA
 0x1007f00c IsTextUnicode
 0x1007f010 RegDeleteValueA
 0x1007f014 RegSetValueExA
 0x1007f018 RegCreateKeyExA
 0x1007f01c RegQueryValueA
 0x1007f020 RegOpenKeyA
 0x1007f024 RegEnumKeyA
 0x1007f028 RegDeleteKeyA
 0x1007f02c RegOpenKeyExA
 0x1007f030 RegQueryValueExA
 0x1007f034 RegCloseKey
 0x1007f038 RegCreateKeyA
SHELL32.dll
 0x1007f50c DragFinish
 0x1007f510 ExtractIconA
 0x1007f514 SHGetFileInfoA
 0x1007f518 DragQueryFileA
SHLWAPI.dll
 0x1007f520 PathFindFileNameA
 0x1007f524 PathStripToRootA
 0x1007f528 PathIsUNCA
 0x1007f52c PathFindExtensionA
 0x1007f530 PathRemoveExtensionA
 0x1007f534 PathRemoveFileSpecW
oledlg.dll
 0x1007f8a8 None
ole32.dll
 0x1007f818 CoCreateInstance
 0x1007f81c CoRegisterMessageFilter
 0x1007f820 OleFlushClipboard
 0x1007f824 OleIsCurrentClipboard
 0x1007f828 OleSetClipboard
 0x1007f82c CoRevokeClassObject
 0x1007f830 CoRegisterClassObject
 0x1007f834 CreateILockBytesOnHGlobal
 0x1007f838 StgCreateDocfileOnILockBytes
 0x1007f83c StgOpenStorageOnILockBytes
 0x1007f840 CoGetClassObject
 0x1007f844 CoDisconnectObject
 0x1007f848 OleDuplicateData
 0x1007f84c CoTaskMemAlloc
 0x1007f850 ReleaseStgMedium
 0x1007f854 StringFromGUID2
 0x1007f858 CoTreatAsClass
 0x1007f85c StringFromCLSID
 0x1007f860 ReadClassStg
 0x1007f864 ReadFmtUserTypeStg
 0x1007f868 OleRegGetUserType
 0x1007f86c WriteClassStg
 0x1007f870 WriteFmtUserTypeStg
 0x1007f874 SetConvertStg
 0x1007f878 CoTaskMemFree
 0x1007f87c CreateStreamOnHGlobal
 0x1007f880 OleInitialize
 0x1007f884 CoFreeUnusedLibraries
 0x1007f888 OleUninitialize
 0x1007f88c CLSIDFromString
 0x1007f890 CLSIDFromProgID
 0x1007f894 CoUninitialize
 0x1007f898 CoInitializeEx
 0x1007f89c OleRun
 0x1007f8a0 CreateBindCtx
OLEAUT32.dll
 0x1007f45c VariantInit
 0x1007f460 VariantClear
 0x1007f464 SysAllocString
 0x1007f468 SysFreeString
 0x1007f46c SysAllocStringLen
 0x1007f470 SysStringLen
 0x1007f474 SysAllocStringByteLen
 0x1007f478 SysStringByteLen
 0x1007f47c OleCreateFontIndirect
 0x1007f480 VariantTimeToSystemTime
 0x1007f484 SystemTimeToVariantTime
 0x1007f488 SafeArrayDestroy
 0x1007f48c SafeArrayUnaccessData
 0x1007f490 SafeArrayAccessData
 0x1007f494 SafeArrayGetUBound
 0x1007f498 SafeArrayGetLBound
 0x1007f49c SafeArrayGetElemsize
 0x1007f4a0 SafeArrayGetDim
 0x1007f4a4 SafeArrayCreate
 0x1007f4a8 SafeArrayRedim
 0x1007f4ac VariantCopy
 0x1007f4b0 SafeArrayAllocData
 0x1007f4b4 SafeArrayAllocDescriptor
 0x1007f4b8 SafeArrayCopy
 0x1007f4bc SafeArrayGetElement
 0x1007f4c0 SafeArrayPtrOfIndex
 0x1007f4c4 SafeArrayPutElement
 0x1007f4c8 SafeArrayLock
 0x1007f4cc SafeArrayUnlock
 0x1007f4d0 SafeArrayDestroyData
 0x1007f4d4 SafeArrayDestroyDescriptor
 0x1007f4d8 SysReAllocStringLen
 0x1007f4dc VarDateFromStr
 0x1007f4e0 VarBstrFromCy
 0x1007f4e4 VarBstrFromDec
 0x1007f4e8 VarDecFromStr
 0x1007f4ec VarCyFromStr
 0x1007f4f0 VarBstrFromDate
 0x1007f4f4 SafeArrayCreateVector
 0x1007f4f8 RegisterTypeLib
 0x1007f4fc LoadTypeLib
 0x1007f500 LoadRegTypeLib
 0x1007f504 VariantChangeType
OLEACC.dll
 0x1007f44c LresultFromObject
 0x1007f450 AccessibleObjectFromWindow
 0x1007f454 CreateStdAccessibleObject

EAT(Export Address Table) Library

0x10001b20 StartW

Similarity measure (PE file only) - Checking for service failure