popup

Report - vbc.exe

UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.11 09:35 Machine s1_win7_x6402
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
5
 Behavior Score
12.0
ZERO API file : malware
VT API (file) 31 detected (AIDetect, malware1, Fareit, FDBI, Unsafe, Kryptik, Eldorado, Attribute, HighConfidence, EPXQ, Malicious, Remcos, Jacard, DownLoader41, R06CC0PHA21, PUPXBX, Phonzy, score, ai score=82, Static AI, Suspicious PE, susgen, confidence, 100%)
md5 100c39652e8851d14fdb2a4996fa1341
sha256 6b1c4ecf03e71ee2c00deb9b82e805b16adaf5e01691f7d3fd1a972087c7481a
ssdeep 12288:dImxz1vULk5s9OY9oWKD6eoOLV2CH3eVgT4N:iwJULk29OYRKDHvp2U3e84N
imphash 6d1eb0ae82f87b168237eafad920be75
impfuzzy 192:o13MDbuu0xSUvK9kso1XEcenkn5xG1Q+POQHq:C3m0q9ux01vPOQK
  Network IP location

Signature (25cnts)

Level Description
danger File has been identified by 31 AntiVirus engines on VirusTotal as malicious
warning Generates some ICMP traffic
watch Allocates execute permission to another process indicative of possible code injection
watch Communicates with host for which no DNS query was performed
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (38cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (44cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.besport24.com/6mam/?rN=G66iPt+xvrTiSrnWMSNY3jIG1auw/RAx4P7alq3BxDAHCc2pRDbTwTzLPU1dODy6kKEhnUhc&Tx=XXaL1
whois
ES OVH SAS 51.83.52.226 3890 mailcious
http://www.adenxsdesign.com/6mam/?rN=tU44klL44EKqmodFv/jg5nrIY8m9SPufik0gg789I5xKoKlf2FGRw1yhbPhqQNhokqqERcg/&Tx=XXaL1
whois
DE 1&1 Ionos Se 217.160.0.46 clean
http://www.riveraitc.com/6mam/?rN=SnhjisI499lOsf3YfO532EwcXneBDaw7KeLS1bDcRf/9DFIScc8FKAxpINBYBIfoUHjDmPpQ&Tx=XXaL1
whois
CA CLOUDFLARENET 23.227.38.74 clean
http://www.amazebrowser.com/6mam/?rN=bdYiy4dFQ1FKdK0RHZb8AKGKI6CI94rlWbRWgupG1OIMQwt3tgAXT6Nv0jCitXCfOrToZzYc&Tx=XXaL1
whois
US LEASEWEB-USA-WDC 199.115.115.118 clean
http://www.aladinfarma.com/6mam/?rN=udSG7fe6GY9zo7ZKy45gsyroZuOYrS4qDm5Wf1a6lEkS7UZsR2SStIdy4f3tNkj1uIyko7Uw&Tx=XXaL1
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 3892 mailcious
http://www.mylifeinpark.com/6mam/?rN=djxA7LmKh1Tu4y37ItMqg4jKcWhO49sHA3kvexLhBIUDaV9dSBVXhkalQfoX2m3vAXrXaW3C&Tx=XXaL1
whois
US GOOGLE 35.186.238.101 clean
http://www.ilovemehoodie.com/6mam/?rN=WcJFy0FDyb1eQp1HHEDezlfsnB+bgSZ9M5sCd3/XEWVbVLaHwBgyDt5AxetLVNVTX35rQb0V&Tx=XXaL1
whois
CA CLOUDFLARENET 23.227.38.74 clean
http://www.mobiessence.com/6mam/?rN=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&Tx=XXaL1
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.elglink99.com/6mam/?rN=SLcUjScG5RnOVZMPBoDDz2hKjpXj+iqBcro/vPi5ifNBMfCnXfAsQjLgCQAIbn3ZI+l2ZT4E&Tx=XXaL1
whois
US BODIS-NJ 199.59.242.153 clean
http://www.microwgreens.com/6mam/?rN=spZCZghFvseg75dRXNIXCw7EhslI35bACWKDdbchv3V0SWgn9001kbyKAZoOQB4eJhmoZDU8&Tx=XXaL1
whois
Unknown 78.135.107.25 clean
http://www.genesysshop.com/6mam/?rN=gbNVLwi1vO2ZsTKwdijolRE+nd+f4bOFGjLO6oLWdkpAXgcu19jDQ9iXEv77aHIk6xstCEEF&Tx=XXaL1
whois
US GOOGLE 34.102.136.180 clean
http://www.hangrylocal.com/6mam/?rN=36qA+yJVADGSjIyrRZyWBcFzu3O8ymRgUV+yI2TLFgVmL4h8KOdnmVSSS6y/UW1rmq4ZtmEu&Tx=XXaL1
whois
DE AMAZON-02 52.58.78.16 clean
https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21119&authkey=AHwDCm0rHA_Fdq0
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
https://pxq5zw.sn.files.1drv.com/y4myzjDL3Z-3YxdLKyKcGO-zUi33HcVwHpWr51jFLOPEYUTb9L0MeV0Q57O01geu8Y4UdFYfK507PGXsVnoxLf8UugUWnThmtUDbATUqz_CMUCzrkNL9zh4F9yrvRfCSP3jInFCjf3azhDWQ9Qo6wPJqr8pZZ6fijXRUPyE-fC-Z2AlLUb_6LO_TW14Ae7dwaS-QceiWUVgtNTphkg30A4OIA/Dxpd
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://pxq5zw.sn.files.1drv.com/y4mcZwEs0Fkycahq9lyprkiGjz1qGCE-GcaPdlOrH38LMa-5PibJkjvGEh-ONPJYG0qLMLL1X07PhjqnFtLNDsO9zIJxpCDz7OgzTiNDP3W77yb6ShN2X4khXphOq41piagMu1AmGUQDMn7oUZQYZVkJ4s1RQdT4WCd0cpzqqvsxM4w6UGw6RRtOx_8qrTZPyUfC4GnP_sSq0bX8uXprvPkyQ/Dxpd
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.opticatervisof.com
whois
Unknown clean
www.elglink99.com
whois
US BODIS-NJ 199.59.242.153 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
www.mobiessence.com
whois
DE AMAZON-02 52.58.78.16 clean
www.adenxsdesign.com
whois
DE 1&1 Ionos Se 217.160.0.46 clean
www.mylifeinpark.com
whois
US GOOGLE 35.186.238.101 clean
www.uniamaa.com
whois
Unknown clean
www.amazebrowser.com
whois
US LEASEWEB-USA-WDC 199.115.115.118 clean
www.hangrylocal.com
whois
DE AMAZON-02 52.58.78.16 clean
www.aladinfarma.com
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 clean
www.riveraitc.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
pxq5zw.sn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.besport24.com
whois
ES OVH SAS 51.83.52.226 clean
www.microwgreens.com
whois
Unknown 78.135.107.25 clean
www.ilovemehoodie.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
www.genesysshop.com
whois
US GOOGLE 34.102.136.180 clean
35.186.238.101
whois
US GOOGLE 35.186.238.101 mailcious
52.58.78.16
whois
DE AMAZON-02 52.58.78.16 mailcious
37.48.65.150
whois
NL LeaseWeb Netherlands B.V. 37.48.65.150 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
199.59.242.153
whois
US BODIS-NJ 199.59.242.153 mailcious
217.160.0.46
whois
DE 1&1 Ionos Se 217.160.0.46 mailcious
81.95.96.29
whois
CZ ACTIVE 24, s.r.o. 81.95.96.29 mailcious
23.227.38.74
whois
CA CLOUDFLARENET 23.227.38.74 mailcious
78.135.107.25
whois
Unknown 78.135.107.25 clean
172.67.188.154
whois
US CLOUDFLARENET 172.67.188.154 clean
51.83.52.226
whois
ES OVH SAS 51.83.52.226 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x494748 SysFreeString
 0x49474c SysReAllocStringLen
 0x494750 SysAllocStringLen
advapi32.dll
 0x494758 RegQueryValueExA
 0x49475c RegOpenKeyExA
 0x494760 RegCloseKey
user32.dll
 0x494768 GetKeyboardType
 0x49476c DestroyWindow
 0x494770 LoadStringA
 0x494774 MessageBoxA
 0x494778 CharNextA
kernel32.dll
 0x494780 GetACP
 0x494784 Sleep
 0x494788 VirtualFree
 0x49478c VirtualAlloc
 0x494790 GetCurrentThreadId
 0x494794 InterlockedDecrement
 0x494798 InterlockedIncrement
 0x49479c VirtualQuery
 0x4947a0 WideCharToMultiByte
 0x4947a4 MultiByteToWideChar
 0x4947a8 lstrlenA
 0x4947ac lstrcpynA
 0x4947b0 LoadLibraryExA
 0x4947b4 GetThreadLocale
 0x4947b8 GetStartupInfoA
 0x4947bc GetProcAddress
 0x4947c0 GetModuleHandleA
 0x4947c4 GetModuleFileNameA
 0x4947c8 GetLocaleInfoA
 0x4947cc GetCommandLineA
 0x4947d0 FreeLibrary
 0x4947d4 FindFirstFileA
 0x4947d8 FindClose
 0x4947dc ExitProcess
 0x4947e0 CompareStringA
 0x4947e4 WriteFile
 0x4947e8 UnhandledExceptionFilter
 0x4947ec RtlUnwind
 0x4947f0 RaiseException
 0x4947f4 GetStdHandle
kernel32.dll
 0x4947fc TlsSetValue
 0x494800 TlsGetValue
 0x494804 LocalAlloc
 0x494808 GetModuleHandleA
user32.dll
 0x494810 CreateWindowExA
 0x494814 WindowFromPoint
 0x494818 WaitMessage
 0x49481c UpdateWindow
 0x494820 UnregisterClassA
 0x494824 UnhookWindowsHookEx
 0x494828 TranslateMessage
 0x49482c TranslateMDISysAccel
 0x494830 TrackPopupMenu
 0x494834 SystemParametersInfoA
 0x494838 ShowWindow
 0x49483c ShowScrollBar
 0x494840 ShowOwnedPopups
 0x494844 SetWindowsHookExA
 0x494848 SetWindowPos
 0x49484c SetWindowPlacement
 0x494850 SetWindowLongW
 0x494854 SetWindowLongA
 0x494858 SetTimer
 0x49485c SetScrollRange
 0x494860 SetScrollPos
 0x494864 SetScrollInfo
 0x494868 SetRect
 0x49486c SetPropA
 0x494870 SetParent
 0x494874 SetMenuItemInfoA
 0x494878 SetMenu
 0x49487c SetForegroundWindow
 0x494880 SetFocus
 0x494884 SetCursor
 0x494888 SetClassLongA
 0x49488c SetCapture
 0x494890 SetActiveWindow
 0x494894 SendMessageW
 0x494898 SendMessageA
 0x49489c ScrollWindow
 0x4948a0 ScreenToClient
 0x4948a4 RemovePropA
 0x4948a8 RemoveMenu
 0x4948ac ReleaseDC
 0x4948b0 ReleaseCapture
 0x4948b4 RegisterWindowMessageA
 0x4948b8 RegisterClipboardFormatA
 0x4948bc RegisterClassA
 0x4948c0 RedrawWindow
 0x4948c4 PtInRect
 0x4948c8 PostQuitMessage
 0x4948cc PostMessageA
 0x4948d0 PeekMessageW
 0x4948d4 PeekMessageA
 0x4948d8 OffsetRect
 0x4948dc OemToCharA
 0x4948e0 MessageBoxA
 0x4948e4 MapWindowPoints
 0x4948e8 MapVirtualKeyA
 0x4948ec LoadStringA
 0x4948f0 LoadKeyboardLayoutA
 0x4948f4 LoadIconA
 0x4948f8 LoadCursorA
 0x4948fc LoadBitmapA
 0x494900 KillTimer
 0x494904 IsZoomed
 0x494908 IsWindowVisible
 0x49490c IsWindowUnicode
 0x494910 IsWindowEnabled
 0x494914 IsWindow
 0x494918 IsRectEmpty
 0x49491c IsIconic
 0x494920 IsDialogMessageW
 0x494924 IsDialogMessageA
 0x494928 IsChild
 0x49492c InvalidateRect
 0x494930 IntersectRect
 0x494934 InsertMenuItemA
 0x494938 InsertMenuA
 0x49493c InflateRect
 0x494940 GetWindowThreadProcessId
 0x494944 GetWindowTextA
 0x494948 GetWindowRect
 0x49494c GetWindowPlacement
 0x494950 GetWindowLongW
 0x494954 GetWindowLongA
 0x494958 GetWindowDC
 0x49495c GetTopWindow
 0x494960 GetSystemMetrics
 0x494964 GetSystemMenu
 0x494968 GetSysColorBrush
 0x49496c GetSysColor
 0x494970 GetSubMenu
 0x494974 GetScrollRange
 0x494978 GetScrollPos
 0x49497c GetScrollInfo
 0x494980 GetPropA
 0x494984 GetParent
 0x494988 GetWindow
 0x49498c GetMessagePos
 0x494990 GetMenuStringA
 0x494994 GetMenuState
 0x494998 GetMenuItemInfoA
 0x49499c GetMenuItemID
 0x4949a0 GetMenuItemCount
 0x4949a4 GetMenu
 0x4949a8 GetLastActivePopup
 0x4949ac GetKeyboardState
 0x4949b0 GetKeyboardLayoutNameA
 0x4949b4 GetKeyboardLayoutList
 0x4949b8 GetKeyboardLayout
 0x4949bc GetKeyState
 0x4949c0 GetKeyNameTextA
 0x4949c4 GetIconInfo
 0x4949c8 GetForegroundWindow
 0x4949cc GetFocus
 0x4949d0 GetDesktopWindow
 0x4949d4 GetDCEx
 0x4949d8 GetDC
 0x4949dc GetCursorPos
 0x4949e0 GetCursor
 0x4949e4 GetClipboardData
 0x4949e8 GetClientRect
 0x4949ec GetClassLongA
 0x4949f0 GetClassInfoA
 0x4949f4 GetCapture
 0x4949f8 GetActiveWindow
 0x4949fc FrameRect
 0x494a00 FindWindowA
 0x494a04 FillRect
 0x494a08 EqualRect
 0x494a0c EnumWindows
 0x494a10 EnumThreadWindows
 0x494a14 EnumChildWindows
 0x494a18 EndPaint
 0x494a1c EnableWindow
 0x494a20 EnableScrollBar
 0x494a24 EnableMenuItem
 0x494a28 DrawTextExA
 0x494a2c DrawTextA
 0x494a30 DrawMenuBar
 0x494a34 DrawIconEx
 0x494a38 DrawIcon
 0x494a3c DrawFrameControl
 0x494a40 DrawFocusRect
 0x494a44 DrawEdge
 0x494a48 DispatchMessageW
 0x494a4c DispatchMessageA
 0x494a50 DestroyWindow
 0x494a54 DestroyMenu
 0x494a58 DestroyIcon
 0x494a5c DestroyCursor
 0x494a60 DeleteMenu
 0x494a64 DefWindowProcA
 0x494a68 DefMDIChildProcA
 0x494a6c DefFrameProcA
 0x494a70 CreatePopupMenu
 0x494a74 CreateMenu
 0x494a78 CreateIcon
 0x494a7c ClientToScreen
 0x494a80 CheckMenuItem
 0x494a84 CallWindowProcA
 0x494a88 CallNextHookEx
 0x494a8c BeginPaint
 0x494a90 CharNextA
 0x494a94 CharLowerBuffA
 0x494a98 CharLowerA
 0x494a9c CharToOemA
 0x494aa0 AdjustWindowRectEx
 0x494aa4 ActivateKeyboardLayout
gdi32.dll
 0x494aac UnrealizeObject
 0x494ab0 StretchBlt
 0x494ab4 SetWindowOrgEx
 0x494ab8 SetWinMetaFileBits
 0x494abc SetViewportOrgEx
 0x494ac0 SetTextColor
 0x494ac4 SetStretchBltMode
 0x494ac8 SetROP2
 0x494acc SetPixel
 0x494ad0 SetEnhMetaFileBits
 0x494ad4 SetDIBColorTable
 0x494ad8 SetBrushOrgEx
 0x494adc SetBkMode
 0x494ae0 SetBkColor
 0x494ae4 SetArcDirection
 0x494ae8 SelectPalette
 0x494aec SelectObject
 0x494af0 SelectClipRgn
 0x494af4 SaveDC
 0x494af8 RoundRect
 0x494afc RestoreDC
 0x494b00 Rectangle
 0x494b04 RectVisible
 0x494b08 RealizePalette
 0x494b0c Polyline
 0x494b10 PlayEnhMetaFile
 0x494b14 Pie
 0x494b18 PatBlt
 0x494b1c MoveToEx
 0x494b20 MaskBlt
 0x494b24 LineTo
 0x494b28 IntersectClipRect
 0x494b2c GetWindowOrgEx
 0x494b30 GetWinMetaFileBits
 0x494b34 GetTextMetricsA
 0x494b38 GetTextExtentPoint32A
 0x494b3c GetSystemPaletteEntries
 0x494b40 GetStockObject
 0x494b44 GetRgnBox
 0x494b48 GetPixel
 0x494b4c GetPaletteEntries
 0x494b50 GetObjectA
 0x494b54 GetEnhMetaFilePaletteEntries
 0x494b58 GetEnhMetaFileHeader
 0x494b5c GetEnhMetaFileBits
 0x494b60 GetDeviceCaps
 0x494b64 GetDIBits
 0x494b68 GetDIBColorTable
 0x494b6c GetDCOrgEx
 0x494b70 GetCurrentPositionEx
 0x494b74 GetClipBox
 0x494b78 GetBrushOrgEx
 0x494b7c GetBitmapBits
 0x494b80 FrameRgn
 0x494b84 FillRgn
 0x494b88 ExcludeClipRect
 0x494b8c Ellipse
 0x494b90 DeleteObject
 0x494b94 DeleteEnhMetaFile
 0x494b98 DeleteDC
 0x494b9c CreateSolidBrush
 0x494ba0 CreateRectRgnIndirect
 0x494ba4 CreateRectRgn
 0x494ba8 CreatePenIndirect
 0x494bac CreatePalette
 0x494bb0 CreateHalftonePalette
 0x494bb4 CreateFontIndirectA
 0x494bb8 CreateEllipticRgnIndirect
 0x494bbc CreateDIBitmap
 0x494bc0 CreateDIBSection
 0x494bc4 CreateCompatibleDC
 0x494bc8 CreateCompatibleBitmap
 0x494bcc CreateBrushIndirect
 0x494bd0 CreateBitmap
 0x494bd4 CopyEnhMetaFileA
 0x494bd8 CombineRgn
 0x494bdc BitBlt
version.dll
 0x494be4 VerQueryValueA
 0x494be8 GetFileVersionInfoSizeA
 0x494bec GetFileVersionInfoA
kernel32.dll
 0x494bf4 lstrcpyA
 0x494bf8 lstrcmpiA
 0x494bfc WriteFile
 0x494c00 WaitForSingleObject
 0x494c04 VirtualQuery
 0x494c08 VirtualProtect
 0x494c0c VirtualAlloc
 0x494c10 SizeofResource
 0x494c14 SetThreadLocale
 0x494c18 SetFilePointer
 0x494c1c SetEvent
 0x494c20 SetErrorMode
 0x494c24 SetEndOfFile
 0x494c28 ResetEvent
 0x494c2c ReadFile
 0x494c30 QueryDosDeviceA
 0x494c34 MulDiv
 0x494c38 LockResource
 0x494c3c LoadResource
 0x494c40 LoadLibraryA
 0x494c44 LeaveCriticalSection
 0x494c48 InitializeCriticalSection
 0x494c4c GlobalFindAtomA
 0x494c50 GlobalDeleteAtom
 0x494c54 GlobalAddAtomA
 0x494c58 GetVolumeInformationA
 0x494c5c GetVersionExA
 0x494c60 GetVersion
 0x494c64 GetTickCount
 0x494c68 GetThreadLocale
 0x494c6c GetStdHandle
 0x494c70 GetProcAddress
 0x494c74 GetModuleHandleA
 0x494c78 GetModuleFileNameA
 0x494c7c GetLocaleInfoA
 0x494c80 GetLocalTime
 0x494c84 GetLastError
 0x494c88 GetFullPathNameA
 0x494c8c GetDriveTypeA
 0x494c90 GetDiskFreeSpaceA
 0x494c94 GetDateFormatA
 0x494c98 GetCurrentThreadId
 0x494c9c GetCurrentProcessId
 0x494ca0 GetCPInfo
 0x494ca4 FreeResource
 0x494ca8 InterlockedExchange
 0x494cac FreeLibrary
 0x494cb0 FormatMessageA
 0x494cb4 FindResourceA
 0x494cb8 EnumCalendarInfoA
 0x494cbc EnterCriticalSection
 0x494cc0 DeleteCriticalSection
 0x494cc4 CreateThread
 0x494cc8 CreateFileA
 0x494ccc CreateEventA
 0x494cd0 CompareStringA
 0x494cd4 CloseHandle
advapi32.dll
 0x494cdc RegQueryValueExA
 0x494ce0 RegOpenKeyExA
 0x494ce4 RegFlushKey
 0x494ce8 RegCloseKey
kernel32.dll
 0x494cf0 Sleep
oleaut32.dll
 0x494cf8 SafeArrayPtrOfIndex
 0x494cfc SafeArrayGetUBound
 0x494d00 SafeArrayGetLBound
 0x494d04 SafeArrayCreate
 0x494d08 VariantChangeType
 0x494d0c VariantCopy
 0x494d10 VariantClear
 0x494d14 VariantInit
comctl32.dll
 0x494d1c _TrackMouseEvent
 0x494d20 ImageList_SetIconSize
 0x494d24 ImageList_GetIconSize
 0x494d28 ImageList_Write
 0x494d2c ImageList_Read
 0x494d30 ImageList_GetDragImage
 0x494d34 ImageList_DragShowNolock
 0x494d38 ImageList_DragMove
 0x494d3c ImageList_DragLeave
 0x494d40 ImageList_DragEnter
 0x494d44 ImageList_EndDrag
 0x494d48 ImageList_BeginDrag
 0x494d4c ImageList_GetIcon
 0x494d50 ImageList_Remove
 0x494d54 ImageList_DrawEx
 0x494d58 ImageList_Draw
 0x494d5c ImageList_GetBkColor
 0x494d60 ImageList_SetBkColor
 0x494d64 ImageList_Add
 0x494d68 ImageList_GetImageCount
 0x494d6c ImageList_Destroy
 0x494d70 ImageList_Create

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure