Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.05 09:54	Machine	s1_win7_x6402
Filename	ggi8w3183a1077e104d07a84291d0d5dcc1de
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	9.6
ZERO API	file : malware
VT API (file)	12 detected (AIDetect, malware2, malicious, confidence, Trickpak, Artemis, TrickBot, score)
md5	2ab4cc984ec0b93b82c0e4bf03aa8c5f
sha256	892a84154516ef80df5f1764f1629c5254795669277f5ca324a035861d774cb7
ssdeep	12288:P/0oFwB5C7k70pW2OS2QRT8hr+4gT4FpawCi0:EoFS5C6H2OSpK6wpaXi0
imphash	c1c817cc4859bdc7f1c0c1a9b8c92160
impfuzzy	192:W2PAFR8JSFoe+Lcvh/3r1gW+VnHhcRcVc71j:WBRdT+4hPghE4C

Network IP location

Signature (22cnts)

Level	Description
danger	Executed a process and injected code into it
watch	Allocates execute permission to another process indicative of possible code injection
watch	Communicates with host for which no DNS query was performed
watch	File has been identified by 12 AntiVirus engines on VirusTotal as malicious
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a suspicious process
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Terminates another process
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Yara rule detected in process memory
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	Queries for the computername
info	The executable uses a known packer

Rules (15cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_1_Zero	Win32 Trojan Emotet	binaries (upload)
danger	Win32_Trojan_Gen_1_0904B0_Zero	Win32 Trojan Emotet	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory

Network (29cnts) ?

Request	ASN Co	IP4	ZERO ?
http://api.ipify.org/?format=text whois	AMAZON-AES	23.21.224.49	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/10/62/OJLELJAKUDUGHFR/7/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://46.99.175.217/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/5tIdKd9BQcw97tDkWQXFcV8GHmRSS/ whois	IPKO Telecommunications LLC	46.99.175.217	clean
https://184.74.99.214/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/14/exc/E:%200xc0000005%20A:%200x0000000076F99A5A/0/ whois	TWC-11351-NORTHEAST	184.74.99.214	clean
https://184.74.99.214/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/NpdHNRhrX33vnXV5x9jz/ whois	TWC-11351-NORTHEAST	184.74.99.214	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/MDFwQcZzmEtnaC9hhuhJDWmvxuDF/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/10/62/KBIJKZGVIOLLRWL/7/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/10/62/TFOWOHKHTBS/7/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://46.99.175.217/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5Cwise-toolsPXDT3N%5Cpzggi8w3183a1077e104d07a84291d0d5dcc1dexl.grf/0/ whois	IPKO Telecommunications LLC	46.99.175.217	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/etAeSjeTCe4jkQuDOjlUTHW/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://184.74.99.214/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/14/user/test22/0/ whois	TWC-11351-NORTHEAST	184.74.99.214	clean
https://184.74.99.214/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/5/file/ whois	TWC-11351-NORTHEAST	184.74.99.214	clean
https://65.152.201.203/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/DerGZwL4ua1lDPww283xhhhGVTl48hJ/ whois	CENTURYLINK-US-LEGACY-QWEST	65.152.201.203	clean
https://105.27.205.34/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/5/pwgrabc64/ whois	SEACOM-AS	105.27.205.34	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/23/100019/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/14/NAT%20status/client%20is%20behind%20NAT/0/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://128.201.76.252/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/14/DNSBL/listed/0/ whois	Pedro F Arruda Junior ME	128.201.76.252	clean
https://105.27.205.34/rob120/TEST22-PC_W617601.F05D79F977FC6337D28BBA9BDB7DAFB2/5/pwgrabb64/ whois	SEACOM-AS	105.27.205.34	clean
150.134.208.175.b.barracudacentral.org whois		127.0.0.2	clean
api.ipify.org whois	AMAZON-AES	23.21.224.49	clean
150.134.208.175.cbl.abuseat.org whois			clean
150.134.208.175.zen.spamhaus.org whois			clean
105.27.205.34 whois	SEACOM-AS	105.27.205.34	clean
128.201.76.252 whois	Pedro F Arruda Junior ME	128.201.76.252	clean
179.189.229.254 whois	America-NET Ltda.	179.189.229.254	clean
184.74.99.214 whois	TWC-11351-NORTHEAST	184.74.99.214	mailcious
65.152.201.203 whois	CENTURYLINK-US-LEGACY-QWEST	65.152.201.203	clean
46.99.175.217 whois	IPKO Telecommunications LLC	46.99.175.217	mailcious
54.235.88.121 whois	AMAZON-AES	54.235.88.121	clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x10059c50 GetACP
0x10059c54 ExitProcess
0x10059c58 TerminateProcess
0x10059c5c CreateThread
0x10059c60 ExitThread
0x10059c64 GetTimeZoneInformation
0x10059c68 GetSystemTime
0x10059c6c GetLocalTime
0x10059c70 HeapReAlloc
0x10059c74 HeapSize
0x10059c78 FatalAppExitA
0x10059c7c Sleep
0x10059c80 HeapDestroy
0x10059c84 HeapCreate
0x10059c88 VirtualFree
0x10059c8c VirtualAlloc
0x10059c90 IsBadWritePtr
0x10059c94 SetHandleCount
0x10059c98 GetStdHandle
0x10059c9c GetFileType
0x10059ca0 GetStartupInfoA
0x10059ca4 FreeEnvironmentStringsA
0x10059ca8 FreeEnvironmentStringsW
0x10059cac HeapFree
0x10059cb0 GetEnvironmentStringsW
0x10059cb4 SetUnhandledExceptionFilter
0x10059cb8 LCMapStringA
0x10059cbc LCMapStringW
0x10059cc0 GetStringTypeA
0x10059cc4 GetStringTypeW
0x10059cc8 UnhandledExceptionFilter
0x10059ccc IsBadReadPtr
0x10059cd0 IsBadCodePtr
0x10059cd4 IsValidLocale
0x10059cd8 IsValidCodePage
0x10059cdc GetLocaleInfoA
0x10059ce0 EnumSystemLocalesA
0x10059ce4 GetUserDefaultLCID
0x10059ce8 GetVersionExA
0x10059cec SetConsoleCtrlHandler
0x10059cf0 SetStdHandle
0x10059cf4 GetLocaleInfoW
0x10059cf8 CompareStringA
0x10059cfc CompareStringW
0x10059d00 SetEnvironmentVariableA
0x10059d04 RaiseException
0x10059d08 GetCommandLineA
0x10059d0c HeapAlloc
0x10059d10 RtlUnwind
0x10059d14 GetProfileStringA
0x10059d18 FormatMessageA
0x10059d1c SetErrorMode
0x10059d20 GetCurrentDirectoryA
0x10059d24 SetFileAttributesA
0x10059d28 SystemTimeToFileTime
0x10059d2c LocalFileTimeToFileTime
0x10059d30 GetFileSize
0x10059d34 GetShortPathNameA
0x10059d38 GetThreadLocale
0x10059d3c GetStringTypeExA
0x10059d40 GetVolumeInformationA
0x10059d44 FindFirstFileA
0x10059d48 FindClose
0x10059d4c DeleteFileA
0x10059d50 MoveFileA
0x10059d54 SetEndOfFile
0x10059d58 UnlockFile
0x10059d5c LockFile
0x10059d60 FlushFileBuffers
0x10059d64 SetFilePointer
0x10059d68 WriteFile
0x10059d6c ReadFile
0x10059d70 CreateFileA
0x10059d74 DuplicateHandle
0x10059d78 GetOEMCP
0x10059d7c GetCPInfo
0x10059d80 GetProcessVersion
0x10059d84 TlsGetValue
0x10059d88 LocalReAlloc
0x10059d8c TlsSetValue
0x10059d90 EnterCriticalSection
0x10059d94 GlobalReAlloc
0x10059d98 LeaveCriticalSection
0x10059d9c TlsFree
0x10059da0 GlobalHandle
0x10059da4 DeleteCriticalSection
0x10059da8 TlsAlloc
0x10059dac InitializeCriticalSection
0x10059db0 SizeofResource
0x10059db4 SetLastError
0x10059db8 GlobalFlags
0x10059dbc FileTimeToLocalFileTime
0x10059dc0 FileTimeToSystemTime
0x10059dc4 WritePrivateProfileStringA
0x10059dc8 GetPrivateProfileStringA
0x10059dcc GetPrivateProfileIntA
0x10059dd0 CreateEventA
0x10059dd4 SuspendThread
0x10059dd8 SetThreadPriority
0x10059ddc ResumeThread
0x10059de0 SetEvent
0x10059de4 WaitForSingleObject
0x10059de8 CloseHandle
0x10059dec GetModuleFileNameA
0x10059df0 GlobalAlloc
0x10059df4 GetCurrentThread
0x10059df8 lstrcmpA
0x10059dfc MulDiv
0x10059e00 LocalAlloc
0x10059e04 LocalLock
0x10059e08 LocalUnlock
0x10059e0c LocalFree
0x10059e10 GetLastError
0x10059e14 GetDiskFreeSpaceA
0x10059e18 GetFileTime
0x10059e1c GetCurrentProcess
0x10059e20 SetFileTime
0x10059e24 GetFullPathNameA
0x10059e28 GetTempFileNameA
0x10059e2c lstrcpynA
0x10059e30 GetFileAttributesA
0x10059e34 MultiByteToWideChar
0x10059e38 WideCharToMultiByte
0x10059e3c lstrlenA
0x10059e40 InterlockedDecrement
0x10059e44 InterlockedIncrement
0x10059e48 FreeLibrary
0x10059e4c GetVersion
0x10059e50 lstrcatA
0x10059e54 GetCurrentThreadId
0x10059e58 GlobalGetAtomNameA
0x10059e5c lstrcmpiA
0x10059e60 GlobalAddAtomA
0x10059e64 GlobalFindAtomA
0x10059e68 GlobalDeleteAtom
0x10059e6c lstrcpyA
0x10059e70 GetModuleHandleA
0x10059e74 GetProcAddress
0x10059e78 GlobalLock
0x10059e7c GlobalUnlock
0x10059e80 GlobalFree
0x10059e84 LockResource
0x10059e88 FindResourceA
0x10059e8c LoadResource
0x10059e90 LoadLibraryA
0x10059e94 GetEnvironmentStrings
USER32.dll
0x10059f7c SetMenuItemBitmaps
0x10059f80 ModifyMenuA
0x10059f84 GetMenuState
0x10059f88 LoadBitmapA
0x10059f8c GetMenuCheckMarkDimensions
0x10059f90 CharToOemA
0x10059f94 OemToCharA
0x10059f98 wvsprintfA
0x10059f9c InvalidateRect
0x10059fa0 GetTabbedTextExtentA
0x10059fa4 ReleaseDC
0x10059fa8 GetDC
0x10059fac SetRect
0x10059fb0 IsClipboardFormatAvailable
0x10059fb4 MessageBeep
0x10059fb8 PostQuitMessage
0x10059fbc ShowOwnedPopups
0x10059fc0 SetCursor
0x10059fc4 GetCursorPos
0x10059fc8 ValidateRect
0x10059fcc TranslateMessage
0x10059fd0 GetMessageA
0x10059fd4 SetRectEmpty
0x10059fd8 LoadAcceleratorsA
0x10059fdc TranslateAcceleratorA
0x10059fe0 ReleaseCapture
0x10059fe4 GetDesktopWindow
0x10059fe8 DestroyMenu
0x10059fec LoadMenuA
0x10059ff0 SetMenu
0x10059ff4 ReuseDDElParam
0x10059ff8 UnpackDDElParam
0x10059ffc BringWindowToTop
0x1005a000 GetClassNameA
0x1005a004 PtInRect
0x1005a008 ClientToScreen
0x1005a00c GetDialogBaseUnits
0x1005a010 GetWindowDC
0x1005a014 BeginPaint
0x1005a018 EndPaint
0x1005a01c TabbedTextOutA
0x1005a020 DrawTextA
0x1005a024 GrayStringA
0x1005a028 LoadCursorA
0x1005a02c GetSysColorBrush
0x1005a030 LoadStringA
0x1005a034 CharUpperA
0x1005a038 InsertMenuA
0x1005a03c DeleteMenu
0x1005a040 GetMenuStringA
0x1005a044 DestroyIcon
0x1005a048 IsDlgButtonChecked
0x1005a04c SetDlgItemTextA
0x1005a050 SetDlgItemInt
0x1005a054 GetDlgItemTextA
0x1005a058 GetDlgItemInt
0x1005a05c CheckRadioButton
0x1005a060 CheckDlgButton
0x1005a064 LoadIconA
0x1005a068 PostMessageA
0x1005a06c SendDlgItemMessageA
0x1005a070 MapWindowPoints
0x1005a074 GetSysColor
0x1005a078 PeekMessageA
0x1005a07c DispatchMessageA
0x1005a080 GetFocus
0x1005a084 SetFocus
0x1005a088 AdjustWindowRectEx
0x1005a08c ScreenToClient
0x1005a090 EqualRect
0x1005a094 DeferWindowPos
0x1005a098 GetClientRect
0x1005a09c BeginDeferWindowPos
0x1005a0a0 CopyRect
0x1005a0a4 EndDeferWindowPos
0x1005a0a8 IsWindowVisible
0x1005a0ac ScrollWindow
0x1005a0b0 CheckMenuItem
0x1005a0b4 SetScrollInfo
0x1005a0b8 ShowScrollBar
0x1005a0bc GetScrollRange
0x1005a0c0 GetScrollPos
0x1005a0c4 SetScrollPos
0x1005a0c8 GetTopWindow
0x1005a0cc MessageBoxA
0x1005a0d0 IsChild
0x1005a0d4 GetCapture
0x1005a0d8 WinHelpA
0x1005a0dc wsprintfA
0x1005a0e0 GetClassInfoA
0x1005a0e4 RegisterClassA
0x1005a0e8 GetMenu
0x1005a0ec GetMenuItemCount
0x1005a0f0 GetSubMenu
0x1005a0f4 GetMenuItemID
0x1005a0f8 TrackPopupMenu
0x1005a0fc SetWindowPlacement
0x1005a100 GetWindowTextLengthA
0x1005a104 GetWindowTextA
0x1005a108 GetDlgCtrlID
0x1005a10c GetKeyState
0x1005a110 DefWindowProcA
0x1005a114 CreateWindowExA
0x1005a118 SetWindowsHookExA
0x1005a11c CallNextHookEx
0x1005a120 GetClassLongA
0x1005a124 SetPropA
0x1005a128 UnhookWindowsHookEx
0x1005a12c GetPropA
0x1005a130 CallWindowProcA
0x1005a134 RemovePropA
0x1005a138 GetMessageTime
0x1005a13c GetMessagePos
0x1005a140 GetLastActivePopup
0x1005a144 GetForegroundWindow
0x1005a148 SetForegroundWindow
0x1005a14c GetWindow
0x1005a150 SetWindowLongA
0x1005a154 SetWindowPos
0x1005a158 RegisterWindowMessageA
0x1005a15c OffsetRect
0x1005a160 IntersectRect
0x1005a164 SystemParametersInfoA
0x1005a168 IsIconic
0x1005a16c GetWindowPlacement
0x1005a170 GetWindowRect
0x1005a174 GetNextDlgTabItem
0x1005a178 EndDialog
0x1005a17c GetActiveWindow
0x1005a180 EnableWindow
0x1005a184 UpdateWindow
0x1005a188 ShowWindow
0x1005a18c DdeCreateDataHandle
0x1005a190 HideCaret
0x1005a194 ShowCaret
0x1005a198 ExcludeUpdateRgn
0x1005a19c DrawFocusRect
0x1005a1a0 DefDlgProcA
0x1005a1a4 InflateRect
0x1005a1a8 CharNextA
0x1005a1ac IsWindowUnicode
0x1005a1b0 DdeCmpStringHandles
0x1005a1b4 SetActiveWindow
0x1005a1b8 IsWindow
0x1005a1bc GetSystemMetrics
0x1005a1c0 CreateDialogIndirectParamA
0x1005a1c4 DestroyWindow
0x1005a1c8 GetParent
0x1005a1cc GetWindowLongA
0x1005a1d0 GetDlgItem
0x1005a1d4 IsWindowEnabled
0x1005a1d8 DdePostAdvise
0x1005a1dc DdeDisconnect
0x1005a1e0 SendMessageA
0x1005a1e4 DdeUninitialize
0x1005a1e8 DdeFreeStringHandle
0x1005a1ec DdeCreateStringHandleA
0x1005a1f0 EnableMenuItem
0x1005a1f4 MoveWindow
0x1005a1f8 SetWindowTextA
0x1005a1fc IsDialogMessageA
0x1005a200 GetScrollInfo
0x1005a204 ScrollWindowEx
0x1005a208 DdeInitializeA
0x1005a20c DdeNameService
0x1005a210 SetScrollRange
GDI32.dll
0x10059a9c SaveDC
0x10059aa0 RestoreDC
0x10059aa4 SelectPalette
0x10059aa8 SetBkMode
0x10059aac SetPolyFillMode
0x10059ab0 SetROP2
0x10059ab4 SetStretchBltMode
0x10059ab8 SetMapMode
0x10059abc SetViewportOrgEx
0x10059ac0 OffsetViewportOrgEx
0x10059ac4 SetViewportExtEx
0x10059ac8 ScaleViewportExtEx
0x10059acc SetWindowOrgEx
0x10059ad0 OffsetWindowOrgEx
0x10059ad4 SetWindowExtEx
0x10059ad8 ScaleWindowExtEx
0x10059adc SelectClipRgn
0x10059ae0 ExcludeClipRect
0x10059ae4 IntersectClipRect
0x10059ae8 OffsetClipRgn
0x10059aec MoveToEx
0x10059af0 LineTo
0x10059af4 SetTextAlign
0x10059af8 SetTextJustification
0x10059afc SetTextCharacterExtra
0x10059b00 SetMapperFlags
0x10059b04 GetCurrentPositionEx
0x10059b08 ArcTo
0x10059b0c SetArcDirection
0x10059b10 PolyDraw
0x10059b14 StartDocA
0x10059b18 SetColorAdjustment
0x10059b1c PolyBezierTo
0x10059b20 GetClipRgn
0x10059b24 CreateRectRgn
0x10059b28 SelectClipPath
0x10059b2c ExtSelectClipRgn
0x10059b30 PlayMetaFileRecord
0x10059b34 GetObjectType
0x10059b38 EnumMetaFile
0x10059b3c PlayMetaFile
0x10059b40 GetViewportExtEx
0x10059b44 GetWindowExtEx
0x10059b48 CreatePen
0x10059b4c ExtCreatePen
0x10059b50 CreateSolidBrush
0x10059b54 CreateHatchBrush
0x10059b58 CreatePatternBrush
0x10059b5c CreateDIBPatternBrushPt
0x10059b60 PtVisible
0x10059b64 RectVisible
0x10059b68 TextOutA
0x10059b6c ExtTextOutA
0x10059b70 Escape
0x10059b74 AbortDoc
0x10059b78 EndDoc
0x10059b7c EndPage
0x10059b80 StartPage
0x10059b84 SetAbortProc
0x10059b88 CreateDCA
0x10059b8c DeleteDC
0x10059b90 SelectObject
0x10059b94 GetTextExtentPoint32A
0x10059b98 DeleteObject
0x10059b9c GetCharWidthA
0x10059ba0 DPtoLP
0x10059ba4 GetStockObject
0x10059ba8 GetDeviceCaps
0x10059bac CreateFontIndirectA
0x10059bb0 GetTextMetricsA
0x10059bb4 CreateBitmap
0x10059bb8 GetObjectA
0x10059bbc SetBkColor
0x10059bc0 SetTextColor
0x10059bc4 GetClipBox
0x10059bc8 PolylineTo
0x10059bcc CreateDIBitmap
0x10059bd0 PatBlt
0x10059bd4 GetTextExtentPointA
0x10059bd8 BitBlt
0x10059bdc CreateCompatibleDC
0x10059be0 GetDCOrgEx
comdlg32.dll
0x1005a2fc GetOpenFileNameA
0x1005a300 GetSaveFileNameA
0x1005a304 PrintDlgA
0x1005a308 PageSetupDlgA
0x1005a30c FindTextA
0x1005a310 ReplaceTextA
0x1005a314 GetFileTitleA
0x1005a318 CommDlgExtendedError
WINSPOOL.DRV
0x1005a2c4 OpenPrinterA
0x1005a2c8 DocumentPropertiesA
0x1005a2cc ClosePrinter
ADVAPI32.dll
0x10059a00 RegCreateKeyExA
0x10059a04 RegSetValueA
0x10059a08 RegCreateKeyA
0x10059a0c RegDeleteValueA
0x10059a10 RegSetValueExA
0x10059a14 RegQueryValueExA
0x10059a18 RegOpenKeyExA
0x10059a1c SetFileSecurityA
0x10059a20 RegDeleteKeyA
0x10059a24 RegOpenKeyA
0x10059a28 RegEnumKeyA
0x10059a2c RegCloseKey
0x10059a30 RegQueryValueA
0x10059a34 GetFileSecurityA
SHELL32.dll
0x10059f38 SHGetFileInfoA
0x10059f3c DragQueryFileA
0x10059f40 DragFinish
0x10059f44 DragAcceptFiles
0x10059f48 ExtractIconA
COMCTL32.dll
0x10059a6c None

EAT(Export Address Table) Library

0x10001041 StartW

Report - ggi8w3183a1077e104d07a84291d0d5dcc1de

Signature (22cnts)

Rules (15cnts)

Network (29cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure