popup

Report - vbc.exe

UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.18 11:03 Machine s1_win7_x6402
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
 Behavior Score
10.8
ZERO API file : malware
VT API (file) 30 detected (GenericKD, Artemis, Unsafe, Remcos, malicious, confidence, 100%, Delf, QPAO, Attribute, HighConfidence, EPYP, FileRepMalware, Emotet, kcloud, Sabsik, ai score=99, MachineLearning, Anomalous, R002H0DHH21, Generic@ML, RDML, h4KLYZqChENgA9kx71gIxA, HgIASagA)
md5 a9c17b30c3c8d1ab73368929ce6a9ccd
sha256 b9c410e6c86baf7f355d2045a0fd5e3080f3a2ca9afbd319bd1c42485c22b9a8
ssdeep 24576:0h4WI1DOj6P0hFORupCAzQUedKPIddHlen0F:8ej+XQUeET0
imphash 7b3d39f86bce9836a8fcdf7d5c6f7f87
impfuzzy 192:oN3MSbuuaxSUvK9kso1XEpeFLlyG1Q+POQk:O3Baq9uj1vPOQk
  Network IP location

Signature (23cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Deletes executed files from disk
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (38cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (43cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.delhibudokankarate.com/6mam/?P48tW=Dhv3NEq6R5NPQZs0dIik/SqBuvIY1/ydOcIgQc1Go12Tt/gNYl4yWQ2VA57WdGuU8YdfRGOR&KR-LRr=VTW8eX4xAtX
whois
HK POWER LINE DATACENTER 154.215.87.120 4168 mailcious
http://www.mobiessence.com/6mam/?P48tW=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&KR-LRr=VTW8eX4xAtX
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.lawmetricssolicitors.com/6mam/?P48tW=4Gj0yn3nr4YWFpZH4qn2bQ/Mf+Y/K54EnXCw/FRHgkyWUNrW3vdYTE+qdBaiGkNQ4kKGGQ8H&KR-LRr=VTW8eX4xAtX
whois
US IS-AS-1 173.214.172.82 3575 mailcious
http://www.kykyryky.art/6mam/?P48tW=YhmCqIEbUGfuw5buP1ux4NwPyUbKdSmuBWvVd54Q/24mN/u1gMwH9i6nnbSMiSrA5lPx01TB&KR-LRr=VTW8eX4xAtX
whois
Unknown 194.67.71.40 3577 mailcious
http://www.adenxsdesign.com/6mam/?P48tW=tU44klL44EKqmodFv/jg5nrIY8m9SPufik0gg789I5xKoKlf2FGRw1yhbPhqQNhokqqERcg/&KR-LRr=VTW8eX4xAtX
whois
DE 1&1 Ionos Se 217.160.0.46 4003 mailcious
http://www.cannamalism.com/6mam/?P48tW=kn71xoO9iU2mX4j71h7bz8HHhkUEjJyTF2/azklG2erytyCHrh0zJMDeYoghQinFk6RtaMTe&KR-LRr=VTW8eX4xAtX
whois
US GOOGLE 34.102.136.180 3576 mailcious
http://www.bransolute.com/6mam/?P48tW=3lOIhqUq6P+U3Pv+KiDZArCwgFDmfekdTy2Nm2rSf3PvYUYfwCDamY7ww9DFIoj1y02HC7Ks&KR-LRr=VTW8eX4xAtX
whois
US UNIFIEDLAYER-AS-1 192.185.236.169 3581 mailcious
http://www.riveraitc.com/6mam/?P48tW=SnhjisI499lOsf3YfO532EwcXneBDaw7KeLS1bDcRf/9DFIScc8FKAxpINBYBIfoUHjDmPpQ&KR-LRr=VTW8eX4xAtX
whois
CA CLOUDFLARENET 23.227.38.74 4005 mailcious
http://www.ilovemehoodie.com/6mam/?P48tW=WcJFy0FDyb1eQp1HHEDezlfsnB+bgSZ9M5sCd3/XEWVbVLaHwBgyDt5AxetLVNVTX35rQb0V&KR-LRr=VTW8eX4xAtX
whois
CA CLOUDFLARENET 23.227.38.74 4001 mailcious
http://www.fuzhourexian.com/6mam/?P48tW=qbpZFH7voKbXHHWLfMfEAiwyGaz4A1Dlq6aJ6MnbqPgDgfYDR2UnLoNROh/k48NFxcmn1xi3&KR-LRr=VTW8eX4xAtX
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 3580 mailcious
http://www.envirotechpropertiesltd.com/6mam/?P48tW=YBYrB5Ucm7S+XdfKOAf3sqA5fkKZ062k5RXT8xg/v1kRVTyEaAKCnyzwvrlUA7NS++0u+6AB&KR-LRr=VTW8eX4xAtX
whois
US SQUARESPACE 198.49.23.144 clean
https://dkbp0q.sn.files.1drv.com/y4mrMcJrhX3NS3j0HI9CmsynkzscYSv_j_iG0h1PkCA9fSFqb31FN3Rs9U3ozYt6s-bL6yaEBA40CFCVyBRNoGmZW36gpV5owlcwq84wnAx4ukteCnDJGxxxHu63HyYNZRKJcWZAwikI9GXq1HYzdM6wwnfUeQX2C2Y_qVBMmz8chgIp_VSAgovTegxBpZnAsqnKG78TUBNMSGY3aMVVAVSbw/Gvxb
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21121&authkey=AITqAZYmBhxHYRs
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
https://dkbp0q.sn.files.1drv.com/y4mk8x3V8lsTnH8fK4NVgwbdpZN0dVecv_1w63fnJBjVOBdbbs9xAIxConjlhOTx--JIrGvI4C6u6Dq1yELyHvd8es9OWD5BwXQFcph34vaRWCvKPVZdKsOO_drRSM8a4gUZ0nq7ZBEh2CPvo3VcDxQQx05VyisqlgR3EszThf8bYuIoASeUj90xT4LP-cDr0TrvDU43fyT7RZrqWuxq94B9w/Gvxb
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.opticatervisof.com
whois
Unknown mailcious
www.delhibudokankarate.com
whois
HK POWER LINE DATACENTER 154.215.87.120 clean
www.cannamalism.com
whois
US GOOGLE 34.102.136.180 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
www.fuzhourexian.com
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 clean
www.mobiessence.com
whois
DE AMAZON-02 52.58.78.16 clean
www.adenxsdesign.com
whois
DE 1&1 Ionos Se 217.160.0.46 clean
www.geekotronic.com
whois
Unknown clean
www.riveraitc.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
www.envirotechpropertiesltd.com
whois
US SQUARESPACE 198.49.23.144 clean
www.apacshift.support
whois
Unknown mailcious
www.bransolute.com
whois
US UNIFIEDLAYER-AS-1 192.185.236.169 clean
dkbp0q.sn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.candlewooddmc.com
whois
Unknown mailcious
www.ilovemehoodie.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
www.lawmetricssolicitors.com
whois
US IS-AS-1 173.214.172.82 clean
www.kykyryky.art
whois
Unknown 194.67.71.40 clean
154.215.87.120
whois
HK POWER LINE DATACENTER 154.215.87.120 mailcious
52.58.78.16
whois
DE AMAZON-02 52.58.78.16 mailcious
47.245.33.84
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 mailcious
173.214.172.82
whois
US IS-AS-1 173.214.172.82 clean
194.67.71.40
whois
Unknown 194.67.71.40 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
192.185.236.169
whois
US UNIFIEDLAYER-AS-1 192.185.236.169 mailcious
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
217.160.0.46
whois
DE 1&1 Ionos Se 217.160.0.46 mailcious
23.227.38.74
whois
CA CLOUDFLARENET 23.227.38.74 mailcious
198.185.159.144
whois
US SQUARESPACE 198.185.159.144 mailcious

Suricata ids

ET MALWARE FormBook CnC Checkin (GET)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x473720 SysFreeString
 0x473724 SysReAllocStringLen
 0x473728 SysAllocStringLen
advapi32.dll
 0x473730 RegQueryValueExA
 0x473734 RegOpenKeyExA
 0x473738 RegCloseKey
user32.dll
 0x473740 GetKeyboardType
 0x473744 DestroyWindow
 0x473748 LoadStringA
 0x47374c MessageBoxA
 0x473750 CharNextA
kernel32.dll
 0x473758 GetACP
 0x47375c Sleep
 0x473760 VirtualFree
 0x473764 VirtualAlloc
 0x473768 GetCurrentThreadId
 0x47376c InterlockedDecrement
 0x473770 InterlockedIncrement
 0x473774 VirtualQuery
 0x473778 WideCharToMultiByte
 0x47377c MultiByteToWideChar
 0x473780 lstrlenA
 0x473784 lstrcpynA
 0x473788 LoadLibraryExA
 0x47378c GetThreadLocale
 0x473790 GetStartupInfoA
 0x473794 GetProcAddress
 0x473798 GetModuleHandleA
 0x47379c GetModuleFileNameA
 0x4737a0 GetLocaleInfoA
 0x4737a4 GetLastError
 0x4737a8 GetCommandLineA
 0x4737ac FreeLibrary
 0x4737b0 FindFirstFileA
 0x4737b4 FindClose
 0x4737b8 ExitProcess
 0x4737bc CompareStringA
 0x4737c0 WriteFile
 0x4737c4 UnhandledExceptionFilter
 0x4737c8 SetFilePointer
 0x4737cc SetEndOfFile
 0x4737d0 RtlUnwind
 0x4737d4 ReadFile
 0x4737d8 RaiseException
 0x4737dc GetStdHandle
 0x4737e0 GetFileSize
 0x4737e4 GetFileType
 0x4737e8 CreateFileA
 0x4737ec CloseHandle
kernel32.dll
 0x4737f4 TlsSetValue
 0x4737f8 TlsGetValue
 0x4737fc LocalAlloc
 0x473800 GetModuleHandleA
user32.dll
 0x473808 CreateWindowExA
 0x47380c WindowFromPoint
 0x473810 WaitMessage
 0x473814 UpdateWindow
 0x473818 UnregisterClassA
 0x47381c UnhookWindowsHookEx
 0x473820 TranslateMessage
 0x473824 TranslateMDISysAccel
 0x473828 TrackPopupMenu
 0x47382c SystemParametersInfoA
 0x473830 ShowWindow
 0x473834 ShowScrollBar
 0x473838 ShowOwnedPopups
 0x47383c SetWindowsHookExA
 0x473840 SetWindowTextA
 0x473844 SetWindowPos
 0x473848 SetWindowPlacement
 0x47384c SetWindowLongW
 0x473850 SetWindowLongA
 0x473854 SetTimer
 0x473858 SetScrollRange
 0x47385c SetScrollPos
 0x473860 SetScrollInfo
 0x473864 SetRect
 0x473868 SetPropA
 0x47386c SetParent
 0x473870 SetMenuItemInfoA
 0x473874 SetMenu
 0x473878 SetForegroundWindow
 0x47387c SetFocus
 0x473880 SetCursor
 0x473884 SetClassLongA
 0x473888 SetCapture
 0x47388c SetActiveWindow
 0x473890 SendMessageW
 0x473894 SendMessageA
 0x473898 ScrollWindow
 0x47389c ScreenToClient
 0x4738a0 RemovePropA
 0x4738a4 RemoveMenu
 0x4738a8 ReleaseDC
 0x4738ac ReleaseCapture
 0x4738b0 RegisterWindowMessageA
 0x4738b4 RegisterClipboardFormatA
 0x4738b8 RegisterClassA
 0x4738bc RedrawWindow
 0x4738c0 PtInRect
 0x4738c4 PostQuitMessage
 0x4738c8 PostMessageA
 0x4738cc PeekMessageW
 0x4738d0 PeekMessageA
 0x4738d4 OffsetRect
 0x4738d8 OemToCharA
 0x4738dc MessageBoxA
 0x4738e0 MapWindowPoints
 0x4738e4 MapVirtualKeyA
 0x4738e8 LoadStringA
 0x4738ec LoadKeyboardLayoutA
 0x4738f0 LoadIconA
 0x4738f4 LoadCursorA
 0x4738f8 LoadBitmapA
 0x4738fc KillTimer
 0x473900 IsZoomed
 0x473904 IsWindowVisible
 0x473908 IsWindowUnicode
 0x47390c IsWindowEnabled
 0x473910 IsWindow
 0x473914 IsRectEmpty
 0x473918 IsIconic
 0x47391c IsDialogMessageW
 0x473920 IsDialogMessageA
 0x473924 IsChild
 0x473928 InvalidateRect
 0x47392c IntersectRect
 0x473930 InsertMenuItemA
 0x473934 InsertMenuA
 0x473938 InflateRect
 0x47393c GetWindowThreadProcessId
 0x473940 GetWindowTextA
 0x473944 GetWindowRect
 0x473948 GetWindowPlacement
 0x47394c GetWindowLongW
 0x473950 GetWindowLongA
 0x473954 GetWindowDC
 0x473958 GetTopWindow
 0x47395c GetSystemMetrics
 0x473960 GetSystemMenu
 0x473964 GetSysColorBrush
 0x473968 GetSysColor
 0x47396c GetSubMenu
 0x473970 GetScrollRange
 0x473974 GetScrollPos
 0x473978 GetScrollInfo
 0x47397c GetPropA
 0x473980 GetParent
 0x473984 GetWindow
 0x473988 GetMessagePos
 0x47398c GetMenuStringA
 0x473990 GetMenuState
 0x473994 GetMenuItemInfoA
 0x473998 GetMenuItemID
 0x47399c GetMenuItemCount
 0x4739a0 GetMenu
 0x4739a4 GetLastActivePopup
 0x4739a8 GetKeyboardState
 0x4739ac GetKeyboardLayoutNameA
 0x4739b0 GetKeyboardLayoutList
 0x4739b4 GetKeyboardLayout
 0x4739b8 GetKeyState
 0x4739bc GetKeyNameTextA
 0x4739c0 GetIconInfo
 0x4739c4 GetForegroundWindow
 0x4739c8 GetFocus
 0x4739cc GetDesktopWindow
 0x4739d0 GetDCEx
 0x4739d4 GetDC
 0x4739d8 GetCursorPos
 0x4739dc GetCursor
 0x4739e0 GetClipboardData
 0x4739e4 GetClientRect
 0x4739e8 GetClassLongA
 0x4739ec GetClassInfoA
 0x4739f0 GetCapture
 0x4739f4 GetActiveWindow
 0x4739f8 FrameRect
 0x4739fc FindWindowA
 0x473a00 FillRect
 0x473a04 EqualRect
 0x473a08 EnumWindows
 0x473a0c EnumThreadWindows
 0x473a10 EnumChildWindows
 0x473a14 EndPaint
 0x473a18 EnableWindow
 0x473a1c EnableScrollBar
 0x473a20 EnableMenuItem
 0x473a24 DrawTextA
 0x473a28 DrawMenuBar
 0x473a2c DrawIconEx
 0x473a30 DrawIcon
 0x473a34 DrawFrameControl
 0x473a38 DrawEdge
 0x473a3c DispatchMessageW
 0x473a40 DispatchMessageA
 0x473a44 DestroyWindow
 0x473a48 DestroyMenu
 0x473a4c DestroyIcon
 0x473a50 DestroyCursor
 0x473a54 DeleteMenu
 0x473a58 DefWindowProcA
 0x473a5c DefMDIChildProcA
 0x473a60 DefFrameProcA
 0x473a64 CreatePopupMenu
 0x473a68 CreateMenu
 0x473a6c CreateIcon
 0x473a70 ClientToScreen
 0x473a74 CheckMenuItem
 0x473a78 CallWindowProcA
 0x473a7c CallNextHookEx
 0x473a80 BeginPaint
 0x473a84 CharNextA
 0x473a88 CharLowerBuffA
 0x473a8c CharLowerA
 0x473a90 CharToOemA
 0x473a94 AdjustWindowRectEx
 0x473a98 ActivateKeyboardLayout
gdi32.dll
 0x473aa0 UnrealizeObject
 0x473aa4 StretchBlt
 0x473aa8 SetWindowOrgEx
 0x473aac SetWinMetaFileBits
 0x473ab0 SetViewportOrgEx
 0x473ab4 SetTextColor
 0x473ab8 SetStretchBltMode
 0x473abc SetROP2
 0x473ac0 SetPixel
 0x473ac4 SetEnhMetaFileBits
 0x473ac8 SetDIBColorTable
 0x473acc SetBrushOrgEx
 0x473ad0 SetBkMode
 0x473ad4 SetBkColor
 0x473ad8 SelectPalette
 0x473adc SelectObject
 0x473ae0 SaveDC
 0x473ae4 RestoreDC
 0x473ae8 Rectangle
 0x473aec RectVisible
 0x473af0 RealizePalette
 0x473af4 PlayEnhMetaFile
 0x473af8 PatBlt
 0x473afc MoveToEx
 0x473b00 MaskBlt
 0x473b04 LineTo
 0x473b08 IntersectClipRect
 0x473b0c GetWindowOrgEx
 0x473b10 GetWinMetaFileBits
 0x473b14 GetTextMetricsA
 0x473b18 GetTextExtentPoint32A
 0x473b1c GetSystemPaletteEntries
 0x473b20 GetStockObject
 0x473b24 GetRgnBox
 0x473b28 GetPixel
 0x473b2c GetPaletteEntries
 0x473b30 GetObjectA
 0x473b34 GetEnhMetaFilePaletteEntries
 0x473b38 GetEnhMetaFileHeader
 0x473b3c GetEnhMetaFileBits
 0x473b40 GetDeviceCaps
 0x473b44 GetDIBits
 0x473b48 GetDIBColorTable
 0x473b4c GetDCOrgEx
 0x473b50 GetCurrentPositionEx
 0x473b54 GetClipBox
 0x473b58 GetBrushOrgEx
 0x473b5c GetBitmapBits
 0x473b60 GdiFlush
 0x473b64 ExcludeClipRect
 0x473b68 DeleteObject
 0x473b6c DeleteEnhMetaFile
 0x473b70 DeleteDC
 0x473b74 CreateSolidBrush
 0x473b78 CreatePenIndirect
 0x473b7c CreatePalette
 0x473b80 CreateHalftonePalette
 0x473b84 CreateFontIndirectA
 0x473b88 CreateDIBitmap
 0x473b8c CreateDIBSection
 0x473b90 CreateCompatibleDC
 0x473b94 CreateCompatibleBitmap
 0x473b98 CreateBrushIndirect
 0x473b9c CreateBitmap
 0x473ba0 CopyEnhMetaFileA
 0x473ba4 BitBlt
version.dll
 0x473bac VerQueryValueA
 0x473bb0 GetFileVersionInfoSizeA
 0x473bb4 GetFileVersionInfoA
kernel32.dll
 0x473bbc lstrcpyA
 0x473bc0 WriteFile
 0x473bc4 WaitForSingleObject
 0x473bc8 VirtualQuery
 0x473bcc VirtualProtect
 0x473bd0 VirtualAlloc
 0x473bd4 SizeofResource
 0x473bd8 SetThreadLocale
 0x473bdc SetFilePointer
 0x473be0 SetEvent
 0x473be4 SetErrorMode
 0x473be8 SetEndOfFile
 0x473bec ResetEvent
 0x473bf0 ReadFile
 0x473bf4 MulDiv
 0x473bf8 LockResource
 0x473bfc LoadResource
 0x473c00 LoadLibraryA
 0x473c04 LeaveCriticalSection
 0x473c08 InitializeCriticalSection
 0x473c0c GlobalFindAtomA
 0x473c10 GlobalDeleteAtom
 0x473c14 GlobalAddAtomA
 0x473c18 GetVersionExA
 0x473c1c GetVersion
 0x473c20 GetTickCount
 0x473c24 GetThreadLocale
 0x473c28 GetStdHandle
 0x473c2c GetProcAddress
 0x473c30 GetModuleHandleA
 0x473c34 GetModuleFileNameA
 0x473c38 GetLocaleInfoA
 0x473c3c GetLocalTime
 0x473c40 GetLastError
 0x473c44 GetFullPathNameA
 0x473c48 GetDiskFreeSpaceA
 0x473c4c GetDateFormatA
 0x473c50 GetCurrentThreadId
 0x473c54 GetCurrentProcessId
 0x473c58 GetCPInfo
 0x473c5c FreeResource
 0x473c60 InterlockedExchange
 0x473c64 FreeLibrary
 0x473c68 FormatMessageA
 0x473c6c FindResourceA
 0x473c70 EnumCalendarInfoA
 0x473c74 EnterCriticalSection
 0x473c78 DeleteCriticalSection
 0x473c7c CreateThread
 0x473c80 CreateFileA
 0x473c84 CreateEventA
 0x473c88 CompareStringA
 0x473c8c CloseHandle
advapi32.dll
 0x473c94 RegQueryValueExA
 0x473c98 RegOpenKeyExA
 0x473c9c RegFlushKey
 0x473ca0 RegCloseKey
kernel32.dll
 0x473ca8 Sleep
oleaut32.dll
 0x473cb0 SafeArrayPtrOfIndex
 0x473cb4 SafeArrayGetUBound
 0x473cb8 SafeArrayGetLBound
 0x473cbc SafeArrayCreate
 0x473cc0 VariantChangeType
 0x473cc4 VariantCopy
 0x473cc8 VariantClear
 0x473ccc VariantInit
comctl32.dll
 0x473cd4 _TrackMouseEvent
 0x473cd8 ImageList_SetIconSize
 0x473cdc ImageList_GetIconSize
 0x473ce0 ImageList_Write
 0x473ce4 ImageList_Read
 0x473ce8 ImageList_DragShowNolock
 0x473cec ImageList_DragMove
 0x473cf0 ImageList_DragLeave
 0x473cf4 ImageList_DragEnter
 0x473cf8 ImageList_EndDrag
 0x473cfc ImageList_BeginDrag
 0x473d00 ImageList_Remove
 0x473d04 ImageList_DrawEx
 0x473d08 ImageList_Draw
 0x473d0c ImageList_GetBkColor
 0x473d10 ImageList_SetBkColor
 0x473d14 ImageList_Add
 0x473d18 ImageList_GetImageCount
 0x473d1c ImageList_Destroy
 0x473d20 ImageList_Create

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure