popup

Report - vbc.exe

UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.06 09:30 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
7
 Behavior Score
11.6
ZERO API file : malware
VT API (file) 24 detected (AIDetect, malware2, Fareit, FDBI, Unsafe, Delf, Eldorado, Attribute, HighConfidence, Malicious, Noon, RATX, Score, Phonzy, Generic@ML, RDML, b+KwncS8sWu2Fw5muWDZZA, Static AI, Suspicious PE, susgen, GenKryptik, EKLE, QVM05)
md5 aa4b9c043e923952fee38447b9dd0b43
sha256 7f7af3d03481bb68e11a68e958ce6d8e96701a053eaa458e7010a4a85643cad3
ssdeep 12288:cLJ8IaEF3CbhMemzpeVhpEj7c0DFtIGnu8:cLJRaElQMePyNtI
imphash f1f21c88e9cb261ec581191bb4c538e3
impfuzzy 192:f3Pkk1Q/mnbuu5rSUvK9RqooqEseSPOQRi:f3H1J5A9LrPOQ0
  Network IP location

Signature (25cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (38cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (34cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.hibachiexpressnctogo.com/6mam/
whois
Unknown 54.230.62.69 clean
http://www.trendyheld.com/6mam/?gf=E0pe+Y2v4UDt+w4IAz5H/oSd7jolrcEyLMhuwDlQLqgXY2i3h8ADuPLB2g4wdc2gmmszQyxl&WbJ=vFNt3
whois
CA CLOUDFLARENET 23.227.38.74 clean
http://www.kykyryky.art/6mam/
whois
RU Domain names registrar REG.RU, Ltd 194.58.112.174 3577 mailcious
http://www.bgpetty.com/6mam/
whois
US DIGITALOCEAN-ASN 142.93.181.240 clean
http://www.hanasugisaki.com/6mam/
whois
DE SEDO GmbH 91.195.240.94 clean
http://www.scientiaxliv.com/6mam/
whois
US GOOGLE 34.102.136.180 clean
http://www.bgpetty.com/6mam/?gf=DVd1UroJa56TibiaZjHEwxXkZ0tEKWvQ6wjwLM6s02wKD9/hiFlWC8bXo6c3n9F1pHO/GanB&WbJ=vFNt3
whois
US DIGITALOCEAN-ASN 142.93.181.240 clean
http://www.hanasugisaki.com/6mam/?gf=jkvtMSvddI2VYlq0mp5CmeoamuID3EfQPD4PCCzv2+e72zsfqy8mt6+jtGJRzfNUMKA78SWG&WbJ=vFNt3
whois
DE SEDO GmbH 91.195.240.94 clean
http://www.hibachiexpressnctogo.com/6mam/?gf=0HG4+iy4HM9z+nt9884ETIsw7S4XNgMIsS4SVeWydW0ESnQUZ/hCKdKQ9SnakUxepzgcXLa3&WbJ=vFNt3
whois
Unknown 54.230.62.69 clean
http://www.kykyryky.art/6mam/?gf=YhmCqIEbUGfuw5buP1ux4NwPyUbKdSmuBWvVd54Q/24mN/u1gMwH9i6nnbSMiSrA5lPx01TB&WbJ=vFNt3
whois
RU Domain names registrar REG.RU, Ltd 194.58.112.174 3577 mailcious
http://www.trendyheld.com/6mam/
whois
CA CLOUDFLARENET 23.227.38.74 clean
http://www.scientiaxliv.com/6mam/?gf=BjPyK/gh05BndaRlxx73WDfQM5Dt6PhPoAEuUgvv1xovO5wVmySbhw6hu25djVRDujkCPznz&WbJ=vFNt3
whois
US GOOGLE 34.102.136.180 clean
https://www.hanasugisaki.com/6mam/
whois
DE SEDO GmbH 91.195.240.94 clean
https://pxpura.sn.files.1drv.com/y4m8w-5fZ5LYe9NvVGuehLoV03XV3EjZKx4NG5hd09m24ST9gDlTm2Pa-Km4mTTC7Q7Beyz15BqxFhaTLmMe4oLSytmfOwepooZRHdsg484fbqDCfa2Y7LI5MFnkvBtX4hFVimoAiiwVVwYt1z0CaG3TepVkT1NCz34co9aNrbAg4vM0IdJjZKsHKKek2lcjZnWtot_ri4C5lKlxcM7drBzVQ/Ibbu
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://pxpura.sn.files.1drv.com/y4mTqQTnzr4pGog1oK2eUPWO2zTo_rsFVTPrpApe4AHExcxal8onplEHYAAHWZNuE9mQhEnNg9mAhgaH0pBJMGNkXeaGGjPLQpFd_j-WYlkCZkVMaTJvVVJjW_SKqjQMixM8CLUN84M--myYDNmTgV_V3qzQm-iqfWRzhMNFnAhWkZySZurqkZI9uWlpe74bVG0ncBzFZPMFBkPTrVXY5kkcw/Ibbu
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21116&authkey=AC5XLhzUJFsHZoI
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
www.bgpetty.com
whois
US DIGITALOCEAN-ASN 142.93.181.240 clean
www.trendyheld.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
pxpura.sn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.shkanghong.com
whois
US ESITED 104.221.198.133 clean
www.hibachiexpressnctogo.com
whois
Unknown 54.230.62.115 clean
www.scientiaxliv.com
whois
US GOOGLE 34.102.136.180 clean
www.hanasugisaki.com
whois
DE SEDO GmbH 91.195.240.94 clean
www.kykyryky.art
whois
RU Domain names registrar REG.RU, Ltd 194.58.112.174 clean
54.230.169.48
whois
Unknown 54.230.169.48 clean
104.221.198.133
whois
US ESITED 104.221.198.133 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
194.58.112.174
whois
RU Domain names registrar REG.RU, Ltd 194.58.112.174 mailcious
23.227.38.74
whois
CA CLOUDFLARENET 23.227.38.74 mailcious
142.93.181.240
whois
US DIGITALOCEAN-ASN 142.93.181.240 clean
91.195.240.94
whois
DE SEDO GmbH 91.195.240.94 phishing

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x462118 DeleteCriticalSection
 0x46211c LeaveCriticalSection
 0x462120 EnterCriticalSection
 0x462124 InitializeCriticalSection
 0x462128 VirtualFree
 0x46212c VirtualAlloc
 0x462130 LocalFree
 0x462134 LocalAlloc
 0x462138 GetVersion
 0x46213c GetCurrentThreadId
 0x462140 InterlockedDecrement
 0x462144 InterlockedIncrement
 0x462148 VirtualQuery
 0x46214c WideCharToMultiByte
 0x462150 MultiByteToWideChar
 0x462154 lstrlenA
 0x462158 lstrcpynA
 0x46215c LoadLibraryExA
 0x462160 GetThreadLocale
 0x462164 GetStartupInfoA
 0x462168 GetProcAddress
 0x46216c GetModuleHandleA
 0x462170 GetModuleFileNameA
 0x462174 GetLocaleInfoA
 0x462178 GetCommandLineA
 0x46217c FreeLibrary
 0x462180 FindFirstFileA
 0x462184 FindClose
 0x462188 ExitProcess
 0x46218c WriteFile
 0x462190 UnhandledExceptionFilter
 0x462194 RtlUnwind
 0x462198 RaiseException
 0x46219c GetStdHandle
user32.dll
 0x4621a4 GetKeyboardType
 0x4621a8 LoadStringA
 0x4621ac MessageBoxA
 0x4621b0 CharNextA
advapi32.dll
 0x4621b8 RegQueryValueExA
 0x4621bc RegOpenKeyExA
 0x4621c0 RegCloseKey
oleaut32.dll
 0x4621c8 SysFreeString
 0x4621cc SysReAllocStringLen
 0x4621d0 SysAllocStringLen
kernel32.dll
 0x4621d8 TlsSetValue
 0x4621dc TlsGetValue
 0x4621e0 LocalAlloc
 0x4621e4 GetModuleHandleA
advapi32.dll
 0x4621ec RegQueryValueExA
 0x4621f0 RegOpenKeyExA
 0x4621f4 RegCloseKey
kernel32.dll
 0x4621fc lstrcpyA
 0x462200 lstrcmpiA
 0x462204 WriteFile
 0x462208 WaitForSingleObject
 0x46220c VirtualQuery
 0x462210 VirtualProtect
 0x462214 VirtualAlloc
 0x462218 Sleep
 0x46221c SizeofResource
 0x462220 SetThreadLocale
 0x462224 SetFilePointer
 0x462228 SetEvent
 0x46222c SetErrorMode
 0x462230 SetEndOfFile
 0x462234 ResetEvent
 0x462238 ReadFile
 0x46223c MulDiv
 0x462240 LockResource
 0x462244 LoadResource
 0x462248 LoadLibraryA
 0x46224c LeaveCriticalSection
 0x462250 InitializeCriticalSection
 0x462254 GlobalUnlock
 0x462258 GlobalReAlloc
 0x46225c GlobalHandle
 0x462260 GlobalLock
 0x462264 GlobalFree
 0x462268 GlobalFindAtomA
 0x46226c GlobalDeleteAtom
 0x462270 GlobalAlloc
 0x462274 GlobalAddAtomA
 0x462278 GetVersionExA
 0x46227c GetVersion
 0x462280 GetTickCount
 0x462284 GetThreadLocale
 0x462288 GetSystemInfo
 0x46228c GetStringTypeExA
 0x462290 GetStdHandle
 0x462294 GetProcAddress
 0x462298 GetModuleHandleA
 0x46229c GetModuleFileNameA
 0x4622a0 GetLocaleInfoA
 0x4622a4 GetLocalTime
 0x4622a8 GetLastError
 0x4622ac GetFullPathNameA
 0x4622b0 GetDiskFreeSpaceA
 0x4622b4 GetDateFormatA
 0x4622b8 GetCurrentThreadId
 0x4622bc GetCurrentProcessId
 0x4622c0 GetCPInfo
 0x4622c4 GetACP
 0x4622c8 FreeResource
 0x4622cc InterlockedExchange
 0x4622d0 FreeLibrary
 0x4622d4 FormatMessageA
 0x4622d8 FindResourceA
 0x4622dc EnumCalendarInfoA
 0x4622e0 EnterCriticalSection
 0x4622e4 DeleteCriticalSection
 0x4622e8 CreateThread
 0x4622ec CreateFileA
 0x4622f0 CreateEventA
 0x4622f4 CompareStringA
 0x4622f8 CloseHandle
version.dll
 0x462300 VerQueryValueA
 0x462304 GetFileVersionInfoSizeA
 0x462308 GetFileVersionInfoA
gdi32.dll
 0x462310 UnrealizeObject
 0x462314 StretchBlt
 0x462318 SetWindowOrgEx
 0x46231c SetWinMetaFileBits
 0x462320 SetViewportOrgEx
 0x462324 SetTextColor
 0x462328 SetStretchBltMode
 0x46232c SetROP2
 0x462330 SetPixel
 0x462334 SetEnhMetaFileBits
 0x462338 SetDIBColorTable
 0x46233c SetBrushOrgEx
 0x462340 SetBkMode
 0x462344 SetBkColor
 0x462348 SelectPalette
 0x46234c SelectObject
 0x462350 SaveDC
 0x462354 RestoreDC
 0x462358 Rectangle
 0x46235c RectVisible
 0x462360 RealizePalette
 0x462364 PlayEnhMetaFile
 0x462368 PatBlt
 0x46236c MoveToEx
 0x462370 MaskBlt
 0x462374 LineTo
 0x462378 IntersectClipRect
 0x46237c GetWindowOrgEx
 0x462380 GetWinMetaFileBits
 0x462384 GetTextMetricsA
 0x462388 GetTextExtentPoint32A
 0x46238c GetSystemPaletteEntries
 0x462390 GetStockObject
 0x462394 GetPixel
 0x462398 GetPaletteEntries
 0x46239c GetObjectA
 0x4623a0 GetEnhMetaFilePaletteEntries
 0x4623a4 GetEnhMetaFileHeader
 0x4623a8 GetEnhMetaFileBits
 0x4623ac GetDeviceCaps
 0x4623b0 GetDIBits
 0x4623b4 GetDIBColorTable
 0x4623b8 GetDCOrgEx
 0x4623bc GetCurrentPositionEx
 0x4623c0 GetClipBox
 0x4623c4 GetBrushOrgEx
 0x4623c8 GetBitmapBits
 0x4623cc ExtTextOutA
 0x4623d0 ExcludeClipRect
 0x4623d4 Ellipse
 0x4623d8 DeleteObject
 0x4623dc DeleteEnhMetaFile
 0x4623e0 DeleteDC
 0x4623e4 CreateSolidBrush
 0x4623e8 CreatePenIndirect
 0x4623ec CreatePalette
 0x4623f0 CreateHalftonePalette
 0x4623f4 CreateFontIndirectA
 0x4623f8 CreateDIBitmap
 0x4623fc CreateDIBSection
 0x462400 CreateCompatibleDC
 0x462404 CreateCompatibleBitmap
 0x462408 CreateBrushIndirect
 0x46240c CreateBitmap
 0x462410 CopyEnhMetaFileA
 0x462414 BitBlt
user32.dll
 0x46241c CreateWindowExA
 0x462420 WindowFromPoint
 0x462424 WinHelpA
 0x462428 WaitMessage
 0x46242c UpdateWindow
 0x462430 UnregisterClassA
 0x462434 UnhookWindowsHookEx
 0x462438 TranslateMessage
 0x46243c TranslateMDISysAccel
 0x462440 TrackPopupMenu
 0x462444 SystemParametersInfoA
 0x462448 AnimateWindow
 0x46244c ShowWindow
 0x462450 ShowScrollBar
 0x462454 ShowOwnedPopups
 0x462458 ShowCursor
 0x46245c SetWindowsHookExA
 0x462460 SetWindowTextA
 0x462464 SetWindowPos
 0x462468 SetWindowPlacement
 0x46246c SetWindowLongA
 0x462470 SetTimer
 0x462474 SetScrollRange
 0x462478 SetScrollPos
 0x46247c SetScrollInfo
 0x462480 SetRect
 0x462484 SetPropA
 0x462488 SetParent
 0x46248c SetMenuItemInfoA
 0x462490 SetMenu
 0x462494 SetForegroundWindow
 0x462498 SetFocus
 0x46249c SetCursor
 0x4624a0 SetClassLongA
 0x4624a4 SetCapture
 0x4624a8 SetActiveWindow
 0x4624ac SendMessageA
 0x4624b0 ScrollWindow
 0x4624b4 ScreenToClient
 0x4624b8 RemovePropA
 0x4624bc RemoveMenu
 0x4624c0 ReleaseDC
 0x4624c4 ReleaseCapture
 0x4624c8 RegisterWindowMessageA
 0x4624cc RegisterClipboardFormatA
 0x4624d0 RegisterClassA
 0x4624d4 RedrawWindow
 0x4624d8 PtInRect
 0x4624dc PostQuitMessage
 0x4624e0 PostMessageA
 0x4624e4 PeekMessageA
 0x4624e8 OffsetRect
 0x4624ec OemToCharA
 0x4624f0 MessageBoxA
 0x4624f4 MapWindowPoints
 0x4624f8 MapVirtualKeyA
 0x4624fc LoadStringA
 0x462500 LoadKeyboardLayoutA
 0x462504 LoadIconA
 0x462508 LoadCursorA
 0x46250c LoadBitmapA
 0x462510 KillTimer
 0x462514 IsZoomed
 0x462518 IsWindowVisible
 0x46251c IsWindowEnabled
 0x462520 IsWindow
 0x462524 IsRectEmpty
 0x462528 IsIconic
 0x46252c IsDialogMessageA
 0x462530 IsChild
 0x462534 InvalidateRect
 0x462538 IntersectRect
 0x46253c InsertMenuItemA
 0x462540 InsertMenuA
 0x462544 InflateRect
 0x462548 GetWindowThreadProcessId
 0x46254c GetWindowTextA
 0x462550 GetWindowRect
 0x462554 GetWindowPlacement
 0x462558 GetWindowLongA
 0x46255c GetWindowDC
 0x462560 GetTopWindow
 0x462564 GetSystemMetrics
 0x462568 GetSystemMenu
 0x46256c GetSysColorBrush
 0x462570 GetSysColor
 0x462574 GetSubMenu
 0x462578 GetScrollRange
 0x46257c GetScrollPos
 0x462580 GetScrollInfo
 0x462584 GetPropA
 0x462588 GetParent
 0x46258c GetWindow
 0x462590 GetMenuStringA
 0x462594 GetMenuState
 0x462598 GetMenuItemInfoA
 0x46259c GetMenuItemID
 0x4625a0 GetMenuItemCount
 0x4625a4 GetMenu
 0x4625a8 GetLastActivePopup
 0x4625ac GetKeyboardState
 0x4625b0 GetKeyboardLayoutList
 0x4625b4 GetKeyboardLayout
 0x4625b8 GetKeyState
 0x4625bc GetKeyNameTextA
 0x4625c0 GetIconInfo
 0x4625c4 GetForegroundWindow
 0x4625c8 GetFocus
 0x4625cc GetDesktopWindow
 0x4625d0 GetDCEx
 0x4625d4 GetDC
 0x4625d8 GetCursorPos
 0x4625dc GetCursor
 0x4625e0 GetClipboardData
 0x4625e4 GetClientRect
 0x4625e8 GetClassNameA
 0x4625ec GetClassInfoA
 0x4625f0 GetCapture
 0x4625f4 GetActiveWindow
 0x4625f8 FrameRect
 0x4625fc FindWindowA
 0x462600 FillRect
 0x462604 EqualRect
 0x462608 EnumWindows
 0x46260c EnumThreadWindows
 0x462610 EndPaint
 0x462614 EnableWindow
 0x462618 EnableScrollBar
 0x46261c EnableMenuItem
 0x462620 DrawTextA
 0x462624 DrawMenuBar
 0x462628 DrawIconEx
 0x46262c DrawIcon
 0x462630 DrawFrameControl
 0x462634 DrawEdge
 0x462638 DispatchMessageA
 0x46263c DestroyWindow
 0x462640 DestroyMenu
 0x462644 DestroyIcon
 0x462648 DestroyCursor
 0x46264c DeleteMenu
 0x462650 DefWindowProcA
 0x462654 DefMDIChildProcA
 0x462658 DefFrameProcA
 0x46265c CreatePopupMenu
 0x462660 CreateMenu
 0x462664 CreateIcon
 0x462668 ClientToScreen
 0x46266c CheckMenuItem
 0x462670 CallWindowProcA
 0x462674 CallNextHookEx
 0x462678 BeginPaint
 0x46267c CharNextA
 0x462680 CharLowerBuffA
 0x462684 CharLowerA
 0x462688 CharToOemA
 0x46268c AdjustWindowRectEx
 0x462690 ActivateKeyboardLayout
kernel32.dll
 0x462698 Sleep
oleaut32.dll
 0x4626a0 SafeArrayPtrOfIndex
 0x4626a4 SafeArrayGetUBound
 0x4626a8 SafeArrayGetLBound
 0x4626ac SafeArrayCreate
 0x4626b0 VariantChangeType
 0x4626b4 VariantCopy
 0x4626b8 VariantClear
 0x4626bc VariantInit
comctl32.dll
 0x4626c4 ImageList_SetIconSize
 0x4626c8 ImageList_GetIconSize
 0x4626cc ImageList_Write
 0x4626d0 ImageList_Read
 0x4626d4 ImageList_GetDragImage
 0x4626d8 ImageList_DragShowNolock
 0x4626dc ImageList_SetDragCursorImage
 0x4626e0 ImageList_DragMove
 0x4626e4 ImageList_DragLeave
 0x4626e8 ImageList_DragEnter
 0x4626ec ImageList_EndDrag
 0x4626f0 ImageList_BeginDrag
 0x4626f4 ImageList_Remove
 0x4626f8 ImageList_DrawEx
 0x4626fc ImageList_Replace
 0x462700 ImageList_Draw
 0x462704 ImageList_GetBkColor
 0x462708 ImageList_SetBkColor
 0x46270c ImageList_ReplaceIcon
 0x462710 ImageList_Add
 0x462714 ImageList_SetImageCount
 0x462718 ImageList_GetImageCount
 0x46271c ImageList_Destroy
 0x462720 ImageList_Create

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure