Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.18 18:59	Machine	s1_win7_x6402
Filename	bsnaw83e8cf2a243447619488f24e84d65eb5
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	12.2
ZERO API	file : malware
VT API (file)	22 detected (Trickster, malicious, high confidence, Artemis, Unsafe, confidence, 100%, Attribute, HighConfidence, GenKryptik, FJDI, FileRepMalware, kcloud, TrickBotCrypt, score, Hrpe, Static AI, Suspicious PE)
md5	296686ae5812e910d79d472f6db4f00d
sha256	56c0dbbb56ab9b63c997eb80beb6392b50d507e4dc08ce617d32b8563fbd54ce
ssdeep	12288:C+Ffmf1EHyvwS0quEuY4qNA2ub3qanS0bW2LuCbtOQniX6Fz:9SvwlquEB79ubaaSCvftfniX0z
imphash	0293ee5688b0a5f1cbe136d065e99917
impfuzzy	192:4LYlJfAqFeO5KuLMAkQPW+VOy/VPQUKcRcAc750rPXiQ4FpC:JAkeO57LFkOVmETPSQ4Fg

Network IP location

Signature (25cnts)

Level	Description
danger	Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
warning	File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Communicates with host for which no DNS query was performed
watch	Creates known RBot files
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process attempted to delay the analysis task.
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a suspicious process
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Terminates another process
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Yara rule detected in process memory
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	Queries for the computername
info	The executable uses a known packer

Rules (16cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_1_Zero	Win32 Trojan Emotet	binaries (upload)
danger	Win32_Trojan_Gen_1_0904B0_Zero	Win32 Trojan Emotet	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory

Network (38cnts) ?

Request	ASN Co	IP4	Rule ?	ZERO ?
http://api.ipify.org/?format=text whois	AMAZON-AES	50.16.238.218		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/pwgrabc/sTart%20Run%20D%20failed/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://179.189.229.254/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/zF5zHLV9nBzvVHjFPdZjvLx/ whois	America-NET Ltda.	179.189.229.254		clean
https://221.147.172.5/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/pwgrabc64/ whois	Korea Telecom	221.147.172.5		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/ZVNJTVDPHZFVJVT/7/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://24.162.214.166/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/h8zlsX8sa38PHhoy/ whois	TWC-11427-TEXAS	24.162.214.166		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/23/100019/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://179.189.229.254/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CArhCat73DPHX%5Cxbbsnaw83e8cf2a243447619488f24e84d65eb5nl.dmo/0/ whois	America-NET Ltda.	179.189.229.254		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/286902/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://46.99.175.217/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/LK2c37b09qxNBUkpLCrYdxdkz7tfut6M/ whois	IPKO Telecommunications LLC	46.99.175.217		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/file/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/CVMRSJRCBP/7/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/hl9JBBpXZ7jPlvflrH1hT/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://24.162.214.166/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/RYNKRQCNNCUY/7/ whois	TWC-11427-TEXAS	24.162.214.166		clean
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/1/7J3JXVPFjlzld5JHRlJjP3z/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/NAT%20status/client%20is%20behind%20NAT/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://105.27.205.34/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/pwgrabb64/ whois	SEACOM-AS	105.27.205.34	4162	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/DNSBL/listed/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/WByrVNYXwVS0xvipEFhPw6UY5D/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/networkDll64/reload1/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/1/YkrUQD7ewgKNrHyiATlvSD2usH/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/user/test22/0/ whois	TM Net, Internet Service Provider	60.51.47.65	4163	mailcious
https://221.147.172.5/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/networkDll64/ whois	Korea Telecom	221.147.172.5		clean
150.134.208.175.b.barracudacentral.org whois		127.0.0.2		clean
api.ipify.org whois	AMAZON-AES	50.16.238.218		clean
150.134.208.175.cbl.abuseat.org whois				clean
150.134.208.175.zen.spamhaus.org whois				clean
105.27.205.34 whois	SEACOM-AS	105.27.205.34		mailcious
46.99.175.217 whois	IPKO Telecommunications LLC	46.99.175.217		mailcious
179.189.229.254 whois	America-NET Ltda.	179.189.229.254		mailcious
50.16.238.218 whois	AMAZON-AES	50.16.238.218		clean
5.152.175.57 whois	Skylogic S.p.A.	5.152.175.57		mailcious
221.147.172.5 whois	Korea Telecom	221.147.172.5		clean
65.152.201.203 whois	CENTURYLINK-US-LEGACY-QWEST	65.152.201.203		mailcious
60.51.47.65 whois	TM Net, Internet Service Provider	60.51.47.65		mailcious
79.106.115.107 whois	Albtelecom Sh.a.	79.106.115.107		mailcious
24.162.214.166 whois	TWC-11427-TEXAS	24.162.214.166		mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x100451c8 HeapCreate
0x100451cc VirtualFree
0x100451d0 VirtualAlloc
0x100451d4 IsBadWritePtr
0x100451d8 SetHandleCount
0x100451dc GetStdHandle
0x100451e0 GetFileType
0x100451e4 GetStartupInfoA
0x100451e8 FreeEnvironmentStringsA
0x100451ec FreeEnvironmentStringsW
0x100451f0 GetEnvironmentStrings
0x100451f4 GetEnvironmentStringsW
0x100451f8 SetUnhandledExceptionFilter
0x100451fc LCMapStringA
0x10045200 LCMapStringW
0x10045204 UnhandledExceptionFilter
0x10045208 HeapDestroy
0x1004520c GetStringTypeW
0x10045210 IsBadReadPtr
0x10045214 IsBadCodePtr
0x10045218 IsValidLocale
0x1004521c IsValidCodePage
0x10045220 GetLocaleInfoA
0x10045224 EnumSystemLocalesA
0x10045228 GetUserDefaultLCID
0x1004522c GetVersionExA
0x10045230 SetConsoleCtrlHandler
0x10045234 SetStdHandle
0x10045238 GetLocaleInfoW
0x1004523c CompareStringA
0x10045240 CompareStringW
0x10045244 SetEnvironmentVariableA
0x10045248 Sleep
0x1004524c FatalAppExitA
0x10045250 GetACP
0x10045254 GetProfileStringA
0x10045258 HeapSize
0x1004525c HeapReAlloc
0x10045260 ExitThread
0x10045264 CreateThread
0x10045268 TerminateProcess
0x1004526c HeapFree
0x10045270 RaiseException
0x10045274 GetCommandLineA
0x10045278 GetLocalTime
0x1004527c GetSystemTime
0x10045280 GetTimeZoneInformation
0x10045284 HeapAlloc
0x10045288 RtlUnwind
0x1004528c FileTimeToLocalFileTime
0x10045290 FileTimeToSystemTime
0x10045294 lstrlenW
0x10045298 CopyFileA
0x1004529c GlobalSize
0x100452a0 SetErrorMode
0x100452a4 SetFileAttributesA
0x100452a8 SetFileTime
0x100452ac SystemTimeToFileTime
0x100452b0 LocalFileTimeToFileTime
0x100452b4 GetFileTime
0x100452b8 GetFileSize
0x100452bc GetFileAttributesA
0x100452c0 GetCurrentDirectoryA
0x100452c4 WritePrivateProfileStringA
0x100452c8 GetPrivateProfileStringA
0x100452cc GetPrivateProfileIntA
0x100452d0 GetOEMCP
0x100452d4 GetCPInfo
0x100452d8 GetProcessVersion
0x100452dc TlsGetValue
0x100452e0 LocalReAlloc
0x100452e4 TlsSetValue
0x100452e8 EnterCriticalSection
0x100452ec GlobalReAlloc
0x100452f0 LeaveCriticalSection
0x100452f4 TlsFree
0x100452f8 GlobalHandle
0x100452fc DeleteCriticalSection
0x10045300 TlsAlloc
0x10045304 InitializeCriticalSection
0x10045308 LocalAlloc
0x1004530c SizeofResource
0x10045310 GlobalFlags
0x10045314 GetShortPathNameA
0x10045318 GetThreadLocale
0x1004531c GetStringTypeExA
0x10045320 GetFullPathNameA
0x10045324 lstrcpynA
0x10045328 GetVolumeInformationA
0x1004532c FindFirstFileA
0x10045330 FindClose
0x10045334 DeleteFileA
0x10045338 MoveFileA
0x1004533c SetEndOfFile
0x10045340 UnlockFile
0x10045344 LockFile
0x10045348 FlushFileBuffers
0x1004534c SetFilePointer
0x10045350 WriteFile
0x10045354 ReadFile
0x10045358 CreateFileA
0x1004535c DuplicateHandle
0x10045360 GetLastError
0x10045364 MulDiv
0x10045368 SetLastError
0x1004536c FormatMessageA
0x10045370 LocalFree
0x10045374 GetTickCount
0x10045378 CreateEventA
0x1004537c SuspendThread
0x10045380 SetThreadPriority
0x10045384 ResumeThread
0x10045388 SetEvent
0x1004538c WaitForSingleObject
0x10045390 CloseHandle
0x10045394 GetModuleFileNameA
0x10045398 GlobalAlloc
0x1004539c lstrcmpA
0x100453a0 GetCurrentThread
0x100453a4 MultiByteToWideChar
0x100453a8 WideCharToMultiByte
0x100453ac lstrlenA
0x100453b0 InterlockedDecrement
0x100453b4 InterlockedIncrement
0x100453b8 LoadLibraryA
0x100453bc FreeLibrary
0x100453c0 GetVersion
0x100453c4 lstrcatA
0x100453c8 GetCurrentThreadId
0x100453cc GlobalGetAtomNameA
0x100453d0 lstrcmpiA
0x100453d4 GlobalAddAtomA
0x100453d8 GlobalFindAtomA
0x100453dc GlobalDeleteAtom
0x100453e0 lstrcpyA
0x100453e4 GetModuleHandleA
0x100453e8 GetProcAddress
0x100453ec GlobalLock
0x100453f0 GlobalUnlock
0x100453f4 GlobalFree
0x100453f8 LockResource
0x100453fc FindResourceA
0x10045400 LoadResource
0x10045404 LoadLibraryW
0x10045408 ExitProcess
0x1004540c GetStringTypeA
0x10045410 GetCurrentProcess
USER32.dll
0x100454c8 SetMenu
0x100454cc ReuseDDElParam
0x100454d0 UnpackDDElParam
0x100454d4 InvalidateRect
0x100454d8 BringWindowToTop
0x100454dc RemoveMenu
0x100454e0 SetCursor
0x100454e4 ShowOwnedPopups
0x100454e8 PostQuitMessage
0x100454ec wvsprintfA
0x100454f0 OemToCharA
0x100454f4 CharToOemA
0x100454f8 GetMenuCheckMarkDimensions
0x100454fc LoadBitmapA
0x10045500 GetMenuState
0x10045504 ModifyMenuA
0x10045508 SetMenuItemBitmaps
0x1004550c CheckMenuItem
0x10045510 EnableMenuItem
0x10045514 ShowWindow
0x10045518 MoveWindow
0x1004551c SetWindowTextA
0x10045520 IsDialogMessageA
0x10045524 ScrollWindowEx
0x10045528 IsDlgButtonChecked
0x1004552c SetDlgItemTextA
0x10045530 SetDlgItemInt
0x10045534 GetDlgItemTextA
0x10045538 GetDlgItemInt
0x1004553c CheckRadioButton
0x10045540 CheckDlgButton
0x10045544 PostMessageA
0x10045548 UpdateWindow
0x1004554c SendDlgItemMessageA
0x10045550 MapWindowPoints
0x10045554 GetSysColor
0x10045558 PeekMessageA
0x1004555c DispatchMessageA
0x10045560 GetFocus
0x10045564 SetFocus
0x10045568 AdjustWindowRectEx
0x1004556c ScreenToClient
0x10045570 EqualRect
0x10045574 DeferWindowPos
0x10045578 BeginDeferWindowPos
0x1004557c CopyRect
0x10045580 EndDeferWindowPos
0x10045584 IsWindowVisible
0x10045588 ScrollWindow
0x1004558c GetScrollInfo
0x10045590 SetScrollInfo
0x10045594 ShowScrollBar
0x10045598 GetScrollRange
0x1004559c SetScrollRange
0x100455a0 GetScrollPos
0x100455a4 SetScrollPos
0x100455a8 LoadMenuA
0x100455ac MessageBoxA
0x100455b0 IsChild
0x100455b4 GetCapture
0x100455b8 WinHelpA
0x100455bc wsprintfA
0x100455c0 SetRect
0x100455c4 RegisterClassA
0x100455c8 GetMenu
0x100455cc GetMenuItemCount
0x100455d0 GetSubMenu
0x100455d4 GetMenuItemID
0x100455d8 TrackPopupMenu
0x100455dc SetWindowPlacement
0x100455e0 GetWindowTextLengthA
0x100455e4 GetWindowTextA
0x100455e8 GetDlgCtrlID
0x100455ec GetKeyState
0x100455f0 DefWindowProcA
0x100455f4 CreateWindowExA
0x100455f8 SetWindowsHookExA
0x100455fc CallNextHookEx
0x10045600 GetClassLongA
0x10045604 SetPropA
0x10045608 UnhookWindowsHookEx
0x1004560c GetPropA
0x10045610 CallWindowProcA
0x10045614 RemovePropA
0x10045618 GetMessageTime
0x1004561c GetMessagePos
0x10045620 GetLastActivePopup
0x10045624 GetForegroundWindow
0x10045628 SetForegroundWindow
0x1004562c GetWindow
0x10045630 SetWindowLongA
0x10045634 SetWindowPos
0x10045638 EnableWindow
0x1004563c LoadIconA
0x10045640 SetTimer
0x10045644 HideCaret
0x10045648 ShowCaret
0x1004564c ExcludeUpdateRgn
0x10045650 DrawFocusRect
0x10045654 DefDlgProcA
0x10045658 IsWindowUnicode
0x1004565c SendMessageA
0x10045660 RegisterWindowMessageA
0x10045664 IntersectRect
0x10045668 SystemParametersInfoA
0x1004566c GetWindowPlacement
0x10045670 GetWindowRect
0x10045674 GetNextDlgTabItem
0x10045678 EndDialog
0x1004567c GetActiveWindow
0x10045680 SetActiveWindow
0x10045684 IsWindow
0x10045688 CreateDialogIndirectParamA
0x1004568c DestroyWindow
0x10045690 GetParent
0x10045694 TranslateAcceleratorA
0x10045698 LoadAcceleratorsA
0x1004569c SetRectEmpty
0x100456a0 MessageBeep
0x100456a4 GetTopWindow
0x100456a8 GetNextDlgGroupItem
0x100456ac GetWindowLongA
0x100456b0 GetDlgItem
0x100456b4 IsWindowEnabled
0x100456b8 OffsetRect
0x100456bc KillTimer
0x100456c0 IsIconic
0x100456c4 GetSystemMetrics
0x100456c8 GetClientRect
0x100456cc DrawIcon
0x100456d0 GetSystemMenu
0x100456d4 AppendMenuA
0x100456d8 CopyAcceleratorTableA
0x100456dc CharNextA
0x100456e0 PostThreadMessageA
0x100456e4 InflateRect
0x100456e8 DestroyIcon
0x100456ec GetMenuStringA
0x100456f0 DeleteMenu
0x100456f4 InsertMenuA
0x100456f8 WindowFromPoint
0x100456fc GetWindowThreadProcessId
0x10045700 WaitMessage
0x10045704 ReleaseCapture
0x10045708 SetCapture
0x1004570c GetSysColorBrush
0x10045710 LoadCursorA
0x10045714 GetDialogBaseUnits
0x10045718 GetDesktopWindow
0x1004571c PtInRect
0x10045720 GetClassNameA
0x10045724 CharUpperA
0x10045728 GrayStringA
0x1004572c DrawTextA
0x10045730 TabbedTextOutA
0x10045734 EndPaint
0x10045738 BeginPaint
0x1004573c GetWindowDC
0x10045740 ClientToScreen
0x10045744 DestroyMenu
0x10045748 LoadStringA
0x1004574c MapDialogRect
0x10045750 SetWindowContextHelpId
0x10045754 RegisterClipboardFormatA
0x10045758 GetDC
0x1004575c ReleaseDC
0x10045760 GetMessageA
0x10045764 TranslateMessage
0x10045768 GetClassInfoA
0x1004576c ValidateRect
0x10045770 GetCursorPos
GDI32.dll
0x10045060 SetMapMode
0x10045064 SetViewportOrgEx
0x10045068 OffsetViewportOrgEx
0x1004506c SetViewportExtEx
0x10045070 ScaleViewportExtEx
0x10045074 SetWindowOrgEx
0x10045078 OffsetWindowOrgEx
0x1004507c SetWindowExtEx
0x10045080 ScaleWindowExtEx
0x10045084 SelectClipRgn
0x10045088 ExcludeClipRect
0x1004508c IntersectClipRect
0x10045090 OffsetClipRgn
0x10045094 MoveToEx
0x10045098 LineTo
0x1004509c SetTextAlign
0x100450a0 SetTextJustification
0x100450a4 SetTextCharacterExtra
0x100450a8 SetMapperFlags
0x100450ac GetCurrentPositionEx
0x100450b0 ArcTo
0x100450b4 SetArcDirection
0x100450b8 PolyDraw
0x100450bc PolylineTo
0x100450c0 SetColorAdjustment
0x100450c4 PolyBezierTo
0x100450c8 DeleteObject
0x100450cc GetClipRgn
0x100450d0 CreateRectRgn
0x100450d4 SelectClipPath
0x100450d8 SetStretchBltMode
0x100450dc PlayMetaFileRecord
0x100450e0 GetObjectType
0x100450e4 EnumMetaFile
0x100450e8 PlayMetaFile
0x100450ec GetDeviceCaps
0x100450f0 GetViewportExtEx
0x100450f4 GetWindowExtEx
0x100450f8 CreatePen
0x100450fc ExtCreatePen
0x10045100 CreateSolidBrush
0x10045104 CreateHatchBrush
0x10045108 CreatePatternBrush
0x1004510c CreateDIBPatternBrushPt
0x10045110 PtVisible
0x10045114 RectVisible
0x10045118 TextOutA
0x1004511c ExtTextOutA
0x10045120 Escape
0x10045124 CreateDCA
0x10045128 GetTextExtentPoint32A
0x1004512c GetTextMetricsA
0x10045130 CreateFontIndirectA
0x10045134 GetMapMode
0x10045138 SetRectRgn
0x1004513c CombineRgn
0x10045140 DPtoLP
0x10045144 GetTextColor
0x10045148 GetBkColor
0x1004514c LPtoDP
0x10045150 CopyMetaFileA
0x10045154 SetROP2
0x10045158 SetPolyFillMode
0x1004515c SetBkMode
0x10045160 SelectPalette
0x10045164 GetStockObject
0x10045168 SelectObject
0x1004516c RestoreDC
0x10045170 SaveDC
0x10045174 DeleteDC
0x10045178 CreateRectRgnIndirect
0x1004517c PatBlt
0x10045180 CreateBitmap
0x10045184 GetObjectA
0x10045188 SetBkColor
0x1004518c SetTextColor
0x10045190 GetClipBox
0x10045194 GetDCOrgEx
0x10045198 Rectangle
0x1004519c StartDocA
0x100451a0 StartPage
0x100451a4 EndPage
0x100451a8 EndDoc
0x100451ac ExtSelectClipRgn
0x100451b0 CreateDIBitmap
0x100451b4 GetTextExtentPointA
0x100451b8 BitBlt
0x100451bc CreateCompatibleDC
0x100451c0 AbortDoc
comdlg32.dll
0x10045788 PrintDlgA
0x1004578c PageSetupDlgA
0x10045790 GetSaveFileNameA
0x10045794 GetFileTitleA
0x10045798 GetOpenFileNameA
WINSPOOL.DRV
0x10045778 OpenPrinterA
0x1004577c DocumentPropertiesA
0x10045780 ClosePrinter
ADVAPI32.dll
0x10045000 RegCreateKeyA
0x10045004 RegCloseKey
0x10045008 RegOpenKeyA
0x1004500c RegCreateKeyExA
0x10045010 RegOpenKeyExA
0x10045014 RegSetValueExA
0x10045018 RegDeleteValueA
0x1004501c RegDeleteKeyA
0x10045020 RegSetValueA
0x10045024 RegQueryValueA
0x10045028 RegQueryValueExA
0x1004502c RegEnumKeyA
SHELL32.dll
0x100454b0 ExtractIconA
0x100454b4 SHGetFileInfoA
0x100454b8 DragAcceptFiles
0x100454bc DragQueryFileA
0x100454c0 DragFinish
COMCTL32.dll
0x10045034 ImageList_ReplaceIcon
0x10045038 None
0x1004503c None
0x10045040 None
0x10045044 ImageList_Destroy
0x10045048 ImageList_Create
0x1004504c ImageList_LoadImageA
0x10045050 ImageList_Merge
0x10045054 ImageList_Read
0x10045058 ImageList_Write
oledlg.dll
0x10045824 None
ole32.dll
0x100457a0 CoCreateInstance
0x100457a4 OleRun
0x100457a8 CoTaskMemAlloc
0x100457ac CreateILockBytesOnHGlobal
0x100457b0 StgCreateDocfileOnILockBytes
0x100457b4 StgOpenStorageOnILockBytes
0x100457b8 OleIsCurrentClipboard
0x100457bc OleFlushClipboard
0x100457c0 OleSetClipboard
0x100457c4 ReleaseStgMedium
0x100457c8 OleDuplicateData
0x100457cc CoRegisterMessageFilter
0x100457d0 CoDisconnectObject
0x100457d4 StringFromCLSID
0x100457d8 CoTaskMemFree
0x100457dc CLSIDFromString
0x100457e0 CLSIDFromProgID
0x100457e4 CoFreeUnusedLibraries
0x100457e8 OleUninitialize
0x100457ec OleInitialize
0x100457f0 CoRevokeClassObject
0x100457f4 CoRegisterClassObject
0x100457f8 CreateBindCtx
0x100457fc SetConvertStg
0x10045800 WriteFmtUserTypeStg
0x10045804 WriteClassStg
0x10045808 OleRegGetUserType
0x1004580c ReadFmtUserTypeStg
0x10045810 ReadClassStg
0x10045814 CoTreatAsClass
0x10045818 CreateStreamOnHGlobal
0x1004581c CoGetClassObject
OLEPRO32.DLL
0x100454a8 None
OLEAUT32.dll
0x10045418 SysFreeString
0x1004541c LoadTypeLib
0x10045420 SysStringByteLen
0x10045424 SysAllocStringLen
0x10045428 VariantClear
0x1004542c VariantTimeToSystemTime
0x10045430 SysStringLen
0x10045434 SysAllocStringByteLen
0x10045438 VariantChangeType
0x1004543c SysAllocString
0x10045440 VariantCopy
0x10045444 SysReAllocStringLen
0x10045448 SafeArrayUnaccessData
0x1004544c SafeArrayAccessData
0x10045450 SafeArrayGetUBound
0x10045454 SafeArrayGetLBound
0x10045458 SafeArrayGetElemsize
0x1004545c SafeArrayGetDim
0x10045460 SafeArrayCreate
0x10045464 SafeArrayRedim
0x10045468 VarCyFromStr
0x1004546c VarBstrFromCy
0x10045470 VarDateFromStr
0x10045474 VarBstrFromDate
0x10045478 SafeArrayCopy
0x1004547c SafeArrayAllocData
0x10045480 SafeArrayAllocDescriptor
0x10045484 SafeArrayGetElement
0x10045488 SafeArrayPtrOfIndex
0x1004548c SafeArrayPutElement
0x10045490 SafeArrayLock
0x10045494 SafeArrayUnlock
0x10045498 SafeArrayDestroy
0x1004549c SafeArrayDestroyData
0x100454a0 SafeArrayDestroyDescriptor

EAT(Export Address Table) Library

0x100021f0 miktop

Report - bsnaw83e8cf2a243447619488f24e84d65eb5

Signature (25cnts)

Rules (16cnts)

Network (38cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure