popup

Report - vbc.exe

UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.07 13:58 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
11.8
ZERO API file : clean
VT API (file) 39 detected (AIDetect, malware2, malicious, high confidence, DownLoader41, FLJF, GenericRXAA, Unsafe, Save, Remcos, Delf, GQQM, GenKryptik, DPIE, FormBook, score, ai score=100, R06CH0CH621, Static AI, Suspicious PE, susgen, HwUBueAA)
md5 442d2d8a7820a1c0c0ba418476d67fb0
sha256 be6c146acab77dfb4116c0805a1244c79a5da7393ce8ee582f59ae8c1773e406
ssdeep 12288:NlyPhGe3nf8jHmf/3AwhgFn33DdzQwcApa56Q0uGPwNfXA:NAPbaHLwh2nBZ6ouRA
imphash a09d64195bff556eb90ba4781b170ac7
impfuzzy 192:P3Tkk1Q/L/buuArSUvK9Rco1qysmSPOQwF:P3T1qAA9tKPOQS
  Network IP location

Signature (25cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
warning Generates some ICMP traffic
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (38cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (44cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.mobiessence.com/6mam/?Sjo4=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&L6=VrM8zFVhsB3D
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.gxduoke.com/6mam/
whois
US Clayer Limited 164.88.214.172 clean
http://www.gxduoke.com/6mam/?Sjo4=XyExfHS1GLupBy3CQ8ZHaW0Gc0Et+RmWESSPg9i+4Yd9uJqL2u2pkEb3ToITDIyDz9UOIS1M&L6=VrM8zFVhsB3D
whois
US Clayer Limited 164.88.214.172 clean
http://www.besport24.com/6mam/?Sjo4=G66iPt+xvrTiSrnWMSNY3jIG1auw/RAx4P7alq3BxDAHCc2pRDbTwTzLPU1dODy6kKEhnUhc&L6=VrM8zFVhsB3D
whois
ES OVH SAS 51.83.52.226 clean
http://www.cannamalism.com/6mam/
whois
US GOOGLE 34.102.136.180 3576 mailcious
http://www.marcuslafond.com/6mam/?Sjo4=DiI3F0Ylam/cMh+wU0CjHhRfuntJ8nyjZcT4nMx9uSVUWqMW4wZqmzUPNc4P48XCZ8APIRdm&L6=VrM8zFVhsB3D
whois
US QUICKPACKET 104.247.218.105 clean
http://www.mobiessence.com/6mam/
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.aladinfarma.com/6mam/
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 clean
http://www.hibachiexpressnctogo.com/6mam/?Sjo4=0HG4+iy4HM9z+nt9884ETIsw7S4XNgMIsS4SVeWydW0ESnQUZ/hCKdKQ9SnakUxepzgcXLa3&L6=VrM8zFVhsB3D
whois
Unknown 54.230.169.119 3843 mailcious
http://www.hibachiexpressnctogo.com/6mam/
whois
Unknown 54.230.169.100 3843 mailcious
http://www.cannamalism.com/6mam/?Sjo4=kn71xoO9iU2mX4j71h7bz8HHhkUEjJyTF2/azklG2erytyCHrh0zJMDeYoghQinFk6RtaMTe&L6=VrM8zFVhsB3D
whois
US GOOGLE 34.102.136.180 3576 mailcious
http://www.marcuslafond.com/6mam/
whois
US QUICKPACKET 104.247.218.105 clean
http://www.lawmetricssolicitors.com/6mam/
whois
US IS-AS-1 66.45.250.213 3575 mailcious
http://www.lawmetricssolicitors.com/6mam/?Sjo4=4Gj0yn3nr4YWFpZH4qn2bQ/Mf+Y/K54EnXCw/FRHgkyWUNrW3vdYTE+qdBaiGkNQ4kKGGQ8H&L6=VrM8zFVhsB3D
whois
US IS-AS-1 66.45.250.213 3575 mailcious
http://www.aladinfarma.com/6mam/?Sjo4=udSG7fe6GY9zo7ZKy45gsyroZuOYrS4qDm5Wf1a6lEkS7UZsR2SStIdy4f3tNkj1uIyko7Uw&L6=VrM8zFVhsB3D
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 clean
http://www.besport24.com/6mam/
whois
ES OVH SAS 51.83.52.226 clean
https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21117&authkey=AJAdp78GUbL_5Hc
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
https://pxrvua.sn.files.1drv.com/y4m41792Y6UKDi_7UZp7ByRoAAjAR3fyuA5iLRNNt-n5jRyvXlNyKd14AGIRzIGMUxiuZSxy_OUQr16g9r2TgvRCrZoe_vEz_4NtvrBa8AX_jGkdUIjsjUoufdTv_3ia1afEYa4oWEqdjq6DFpOAnLJod7j1wVkCbTcpxNrKTwsZA9qF1vFtu4BHbu8JvVLPOMhES05MCgiLDLw6gCU58GCKQ/Fuva
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://pxrvua.sn.files.1drv.com/y4m0Ahy6qtakbVJqNkNH6tYmZTEgEOjoSykrWlGKvOTvKyPaFeFtDBSJ9KqSSx7Ma9SVbVmlwIzIpWm4cqZ_oMZAUDZH5hzP6ab5BDAv8wdLz72rIkyOQyxcORZOp8AXgfeMFKPfcv79_DixtsxFSclvxVXV9FeaDrM_C_iOhzor74KUzRaC2_cwlLloLena0QmneO1vv7FrWCnXxR6wZ_lTQ/Fuva
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.cannamalism.com
whois
US GOOGLE 34.102.136.180 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
www.besport24.com
whois
ES OVH SAS 51.83.52.226 clean
www.mobiessence.com
whois
DE AMAZON-02 52.58.78.16 clean
www.paypalticket5396173.info
whois
Unknown clean
www.aladinfarma.com
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 clean
www.marcuslafond.com
whois
US QUICKPACKET 104.247.218.105 clean
www.freehypnosisevent.com
whois
Unknown clean
pxrvua.sn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.gxduoke.com
whois
US Clayer Limited 164.88.214.172 clean
www.hibachiexpressnctogo.com
whois
Unknown 54.230.169.100 clean
www.coicplat.com
whois
Unknown clean
www.titanusedcarsworth.com
whois
Unknown mailcious
www.lawmetricssolicitors.com
whois
US IS-AS-1 66.45.250.213 clean
www.candlewooddmc.com
whois
Unknown mailcious
104.247.218.105
whois
US QUICKPACKET 104.247.218.105 clean
52.58.78.16
whois
DE AMAZON-02 52.58.78.16 mailcious
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
164.88.214.172
whois
US Clayer Limited 164.88.214.172 clean
66.45.250.213
whois
US IS-AS-1 66.45.250.213 mailcious
54.230.169.104
whois
Unknown 54.230.169.104 clean
81.95.96.29
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 suspicious
51.83.52.226
whois
ES OVH SAS 51.83.52.226 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x49d154 DeleteCriticalSection
 0x49d158 LeaveCriticalSection
 0x49d15c EnterCriticalSection
 0x49d160 InitializeCriticalSection
 0x49d164 VirtualFree
 0x49d168 VirtualAlloc
 0x49d16c LocalFree
 0x49d170 LocalAlloc
 0x49d174 GetVersion
 0x49d178 GetCurrentThreadId
 0x49d17c InterlockedDecrement
 0x49d180 InterlockedIncrement
 0x49d184 VirtualQuery
 0x49d188 WideCharToMultiByte
 0x49d18c MultiByteToWideChar
 0x49d190 lstrlenA
 0x49d194 lstrcpynA
 0x49d198 LoadLibraryExA
 0x49d19c GetThreadLocale
 0x49d1a0 GetStartupInfoA
 0x49d1a4 GetProcAddress
 0x49d1a8 GetModuleHandleA
 0x49d1ac GetModuleFileNameA
 0x49d1b0 GetLocaleInfoA
 0x49d1b4 GetLastError
 0x49d1b8 GetCommandLineA
 0x49d1bc FreeLibrary
 0x49d1c0 FindFirstFileA
 0x49d1c4 FindClose
 0x49d1c8 ExitProcess
 0x49d1cc WriteFile
 0x49d1d0 UnhandledExceptionFilter
 0x49d1d4 SetFilePointer
 0x49d1d8 SetEndOfFile
 0x49d1dc RtlUnwind
 0x49d1e0 ReadFile
 0x49d1e4 RaiseException
 0x49d1e8 GetStdHandle
 0x49d1ec GetFileSize
user32.dll
 0x49d1f4 GetKeyboardType
 0x49d1f8 LoadStringA
 0x49d1fc MessageBoxA
 0x49d200 CharNextA
advapi32.dll
 0x49d208 RegQueryValueExA
 0x49d20c RegOpenKeyExA
 0x49d210 RegCloseKey
oleaut32.dll
 0x49d218 SysFreeString
 0x49d21c SysReAllocStringLen
 0x49d220 SysAllocStringLen
kernel32.dll
 0x49d228 TlsSetValue
 0x49d22c TlsGetValue
 0x49d230 LocalAlloc
 0x49d234 GetModuleHandleA
advapi32.dll
 0x49d23c RegQueryValueExA
 0x49d240 RegOpenKeyExA
 0x49d244 RegCloseKey
kernel32.dll
 0x49d24c lstrcpyA
 0x49d250 lstrcmpiA
 0x49d254 lstrcmpA
 0x49d258 WriteFile
 0x49d25c WaitForSingleObject
 0x49d260 VirtualQuery
 0x49d264 VirtualProtect
 0x49d268 VirtualAlloc
 0x49d26c Sleep
 0x49d270 SizeofResource
 0x49d274 SetThreadLocale
 0x49d278 SetFilePointer
 0x49d27c SetEvent
 0x49d280 SetErrorMode
 0x49d284 SetEndOfFile
 0x49d288 ResetEvent
 0x49d28c ReadFile
 0x49d290 MulDiv
 0x49d294 LockResource
 0x49d298 LoadResource
 0x49d29c LoadLibraryA
 0x49d2a0 LeaveCriticalSection
 0x49d2a4 InitializeCriticalSection
 0x49d2a8 GlobalUnlock
 0x49d2ac GlobalReAlloc
 0x49d2b0 GlobalHandle
 0x49d2b4 GlobalLock
 0x49d2b8 GlobalFree
 0x49d2bc GlobalFindAtomA
 0x49d2c0 GlobalDeleteAtom
 0x49d2c4 GlobalAlloc
 0x49d2c8 GlobalAddAtomA
 0x49d2cc GetVersionExA
 0x49d2d0 GetVersion
 0x49d2d4 GetTickCount
 0x49d2d8 GetThreadLocale
 0x49d2dc GetSystemInfo
 0x49d2e0 GetStringTypeExA
 0x49d2e4 GetStdHandle
 0x49d2e8 GetProcAddress
 0x49d2ec GetModuleHandleA
 0x49d2f0 GetModuleFileNameA
 0x49d2f4 GetLocaleInfoA
 0x49d2f8 GetLocalTime
 0x49d2fc GetLastError
 0x49d300 GetFullPathNameA
 0x49d304 GetDiskFreeSpaceA
 0x49d308 GetDateFormatA
 0x49d30c GetCurrentThreadId
 0x49d310 GetCurrentProcessId
 0x49d314 GetCPInfo
 0x49d318 GetACP
 0x49d31c FreeResource
 0x49d320 InterlockedExchange
 0x49d324 FreeLibrary
 0x49d328 FormatMessageA
 0x49d32c FindResourceA
 0x49d330 EnumCalendarInfoA
 0x49d334 EnterCriticalSection
 0x49d338 DeleteCriticalSection
 0x49d33c CreateThread
 0x49d340 CreateFileA
 0x49d344 CreateEventA
 0x49d348 CompareStringA
 0x49d34c CloseHandle
version.dll
 0x49d354 VerQueryValueA
 0x49d358 GetFileVersionInfoSizeA
 0x49d35c GetFileVersionInfoA
gdi32.dll
 0x49d364 UnrealizeObject
 0x49d368 StretchBlt
 0x49d36c SetWindowOrgEx
 0x49d370 SetWinMetaFileBits
 0x49d374 SetViewportOrgEx
 0x49d378 SetTextColor
 0x49d37c SetStretchBltMode
 0x49d380 SetROP2
 0x49d384 SetPixel
 0x49d388 SetEnhMetaFileBits
 0x49d38c SetDIBColorTable
 0x49d390 SetBrushOrgEx
 0x49d394 SetBkMode
 0x49d398 SetBkColor
 0x49d39c SelectPalette
 0x49d3a0 SelectObject
 0x49d3a4 SaveDC
 0x49d3a8 RestoreDC
 0x49d3ac Rectangle
 0x49d3b0 RectVisible
 0x49d3b4 RealizePalette
 0x49d3b8 PlayEnhMetaFile
 0x49d3bc PatBlt
 0x49d3c0 MoveToEx
 0x49d3c4 MaskBlt
 0x49d3c8 LineTo
 0x49d3cc IntersectClipRect
 0x49d3d0 GetWindowOrgEx
 0x49d3d4 GetWinMetaFileBits
 0x49d3d8 GetTextMetricsA
 0x49d3dc GetTextExtentPoint32A
 0x49d3e0 GetSystemPaletteEntries
 0x49d3e4 GetStockObject
 0x49d3e8 GetRgnBox
 0x49d3ec GetPixel
 0x49d3f0 GetPaletteEntries
 0x49d3f4 GetObjectA
 0x49d3f8 GetEnhMetaFilePaletteEntries
 0x49d3fc GetEnhMetaFileHeader
 0x49d400 GetEnhMetaFileBits
 0x49d404 GetDeviceCaps
 0x49d408 GetDIBits
 0x49d40c GetDIBColorTable
 0x49d410 GetDCOrgEx
 0x49d414 GetCurrentPositionEx
 0x49d418 GetClipBox
 0x49d41c GetBrushOrgEx
 0x49d420 GetBitmapBits
 0x49d424 ExtTextOutA
 0x49d428 ExcludeClipRect
 0x49d42c DeleteObject
 0x49d430 DeleteEnhMetaFile
 0x49d434 DeleteDC
 0x49d438 CreateSolidBrush
 0x49d43c CreateRectRgn
 0x49d440 CreatePenIndirect
 0x49d444 CreatePalette
 0x49d448 CreateHalftonePalette
 0x49d44c CreateFontIndirectA
 0x49d450 CreateDIBitmap
 0x49d454 CreateDIBSection
 0x49d458 CreateCompatibleDC
 0x49d45c CreateCompatibleBitmap
 0x49d460 CreateBrushIndirect
 0x49d464 CreateBitmap
 0x49d468 CopyEnhMetaFileA
 0x49d46c CombineRgn
 0x49d470 BitBlt
user32.dll
 0x49d478 CreateWindowExA
 0x49d47c WindowFromPoint
 0x49d480 WinHelpA
 0x49d484 WaitMessage
 0x49d488 UpdateWindow
 0x49d48c UnregisterClassA
 0x49d490 UnhookWindowsHookEx
 0x49d494 TranslateMessage
 0x49d498 TranslateMDISysAccel
 0x49d49c TrackPopupMenu
 0x49d4a0 SystemParametersInfoA
 0x49d4a4 ShowWindow
 0x49d4a8 ShowScrollBar
 0x49d4ac ShowOwnedPopups
 0x49d4b0 ShowCursor
 0x49d4b4 SetWindowsHookExA
 0x49d4b8 SetWindowTextA
 0x49d4bc SetWindowPos
 0x49d4c0 SetWindowPlacement
 0x49d4c4 SetWindowLongA
 0x49d4c8 SetTimer
 0x49d4cc SetScrollRange
 0x49d4d0 SetScrollPos
 0x49d4d4 SetScrollInfo
 0x49d4d8 SetRect
 0x49d4dc SetPropA
 0x49d4e0 SetParent
 0x49d4e4 SetMenuItemInfoA
 0x49d4e8 SetMenu
 0x49d4ec SetForegroundWindow
 0x49d4f0 SetFocus
 0x49d4f4 SetCursor
 0x49d4f8 SetClassLongA
 0x49d4fc SetCapture
 0x49d500 SetActiveWindow
 0x49d504 SendMessageA
 0x49d508 ScrollWindow
 0x49d50c ScreenToClient
 0x49d510 RemovePropA
 0x49d514 RemoveMenu
 0x49d518 ReleaseDC
 0x49d51c ReleaseCapture
 0x49d520 RegisterWindowMessageA
 0x49d524 RegisterClipboardFormatA
 0x49d528 RegisterClassA
 0x49d52c RedrawWindow
 0x49d530 PtInRect
 0x49d534 PostQuitMessage
 0x49d538 PostMessageA
 0x49d53c PeekMessageA
 0x49d540 OffsetRect
 0x49d544 OemToCharA
 0x49d548 MessageBoxA
 0x49d54c MapWindowPoints
 0x49d550 MapVirtualKeyA
 0x49d554 LockWindowUpdate
 0x49d558 LoadStringA
 0x49d55c LoadKeyboardLayoutA
 0x49d560 LoadIconA
 0x49d564 LoadCursorA
 0x49d568 LoadBitmapA
 0x49d56c KillTimer
 0x49d570 IsZoomed
 0x49d574 IsWindowVisible
 0x49d578 IsWindowEnabled
 0x49d57c IsWindow
 0x49d580 IsRectEmpty
 0x49d584 IsIconic
 0x49d588 IsDialogMessageA
 0x49d58c IsChild
 0x49d590 InvalidateRect
 0x49d594 IntersectRect
 0x49d598 InsertMenuItemA
 0x49d59c InsertMenuA
 0x49d5a0 InflateRect
 0x49d5a4 GetWindowThreadProcessId
 0x49d5a8 GetWindowTextA
 0x49d5ac GetWindowRect
 0x49d5b0 GetWindowPlacement
 0x49d5b4 GetWindowLongA
 0x49d5b8 GetWindowDC
 0x49d5bc GetTopWindow
 0x49d5c0 GetSystemMetrics
 0x49d5c4 GetSystemMenu
 0x49d5c8 GetSysColorBrush
 0x49d5cc GetSysColor
 0x49d5d0 GetSubMenu
 0x49d5d4 GetScrollRange
 0x49d5d8 GetScrollPos
 0x49d5dc GetScrollInfo
 0x49d5e0 GetPropA
 0x49d5e4 GetParent
 0x49d5e8 GetWindow
 0x49d5ec GetMessagePos
 0x49d5f0 GetMenuStringA
 0x49d5f4 GetMenuState
 0x49d5f8 GetMenuItemInfoA
 0x49d5fc GetMenuItemID
 0x49d600 GetMenuItemCount
 0x49d604 GetMenu
 0x49d608 GetLastActivePopup
 0x49d60c GetKeyboardState
 0x49d610 GetKeyboardLayoutList
 0x49d614 GetKeyboardLayout
 0x49d618 GetKeyState
 0x49d61c GetKeyNameTextA
 0x49d620 GetIconInfo
 0x49d624 GetForegroundWindow
 0x49d628 GetFocus
 0x49d62c GetDlgItem
 0x49d630 GetDesktopWindow
 0x49d634 GetDCEx
 0x49d638 GetDC
 0x49d63c GetCursorPos
 0x49d640 GetCursor
 0x49d644 GetClipboardData
 0x49d648 GetClientRect
 0x49d64c GetClassNameA
 0x49d650 GetClassInfoA
 0x49d654 GetCapture
 0x49d658 GetActiveWindow
 0x49d65c FrameRect
 0x49d660 FindWindowA
 0x49d664 FillRect
 0x49d668 EqualRect
 0x49d66c EnumWindows
 0x49d670 EnumThreadWindows
 0x49d674 EndPaint
 0x49d678 EnableWindow
 0x49d67c EnableScrollBar
 0x49d680 EnableMenuItem
 0x49d684 DrawTextA
 0x49d688 DrawMenuBar
 0x49d68c DrawIconEx
 0x49d690 DrawIcon
 0x49d694 DrawFrameControl
 0x49d698 DrawEdge
 0x49d69c DispatchMessageA
 0x49d6a0 DestroyWindow
 0x49d6a4 DestroyMenu
 0x49d6a8 DestroyIcon
 0x49d6ac DestroyCursor
 0x49d6b0 DeleteMenu
 0x49d6b4 DefWindowProcA
 0x49d6b8 DefMDIChildProcA
 0x49d6bc DefFrameProcA
 0x49d6c0 CreatePopupMenu
 0x49d6c4 CreateMenu
 0x49d6c8 CreateIcon
 0x49d6cc ClientToScreen
 0x49d6d0 ChildWindowFromPoint
 0x49d6d4 CheckMenuItem
 0x49d6d8 CallWindowProcA
 0x49d6dc CallNextHookEx
 0x49d6e0 BeginPaint
 0x49d6e4 CharNextA
 0x49d6e8 CharLowerBuffA
 0x49d6ec CharLowerA
 0x49d6f0 CharToOemA
 0x49d6f4 AdjustWindowRectEx
 0x49d6f8 ActivateKeyboardLayout
kernel32.dll
 0x49d700 Sleep
oleaut32.dll
 0x49d708 SafeArrayPtrOfIndex
 0x49d70c SafeArrayGetUBound
 0x49d710 SafeArrayGetLBound
 0x49d714 SafeArrayCreate
 0x49d718 VariantChangeType
 0x49d71c VariantCopy
 0x49d720 VariantClear
 0x49d724 VariantInit
ole32.dll
 0x49d72c CoTaskMemAlloc
 0x49d730 CoCreateInstance
 0x49d734 CoUninitialize
 0x49d738 CoInitialize
comctl32.dll
 0x49d740 ImageList_SetIconSize
 0x49d744 ImageList_GetIconSize
 0x49d748 ImageList_Write
 0x49d74c ImageList_Read
 0x49d750 ImageList_GetDragImage
 0x49d754 ImageList_DragShowNolock
 0x49d758 ImageList_SetDragCursorImage
 0x49d75c ImageList_DragMove
 0x49d760 ImageList_DragLeave
 0x49d764 ImageList_DragEnter
 0x49d768 ImageList_EndDrag
 0x49d76c ImageList_BeginDrag
 0x49d770 ImageList_Remove
 0x49d774 ImageList_DrawEx
 0x49d778 ImageList_Draw
 0x49d77c ImageList_GetBkColor
 0x49d780 ImageList_SetBkColor
 0x49d784 ImageList_ReplaceIcon
 0x49d788 ImageList_Add
 0x49d78c ImageList_SetImageCount
 0x49d790 ImageList_GetImageCount
 0x49d794 ImageList_Destroy
 0x49d798 ImageList_Create
 0x49d79c InitCommonControls
shell32.dll
 0x49d7a4 ShellExecuteA
comdlg32.dll
 0x49d7ac GetOpenFileNameA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure