popup

Report - vbc.exe

UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.19 09:49 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
 Behavior Score
10.4
ZERO API file : malware
VT API (file) 25 detected (AIDetect, malware2, malicious, high confidence, Artemis, Unsafe, Attribute, HighConfidence, EPUT, Noon, MalwareX, Fareit, Static AI, Suspicious PE, Sabsik, score, ZelphiCO, MGW@a4CkFWli, BScope, TrojanPSW, Panda, Generic@ML, RDML, GgrSZlvSkUNwJ7Ftz6eVgA, Delf, susgen, Kryptik, EPYG, confidence, 100%)
md5 f5dd75dff7af606ddb23acee9872b6b2
sha256 7f3f82532b326a3369f9c15b84620d40b835178cc46fab2dec9c5f2d2220099c
ssdeep 12288:TKM0u78KU0wzWwGj6ZXwz7ZucoqO55Pm6:TQeU04W8gz78+U
imphash 9d9efc27a44fcb7cf802b6cba10d2531
impfuzzy 192:f34fk1QDmdbuuSrSUvK9RqoaqEseSPOQXM:f3N1PSA9LdPOQ8
  Network IP location

Signature (23cnts)

Level Description
warning File has been identified by 25 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (38cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (59cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.threatprotection.net/6mam/
whois
DE AMAZON-02 52.58.78.16 clean
http://www.miamiqueensdress.com/6mam/?WbTDk=EBok50QODh/qmCP7J2xI5qJEvLCVP7z6QxySw5ZUrU5I7S6miF2cwhtfnH/LuNQ5P6YcYCdk&oXMx2h=yRnHMfEXqtjp
whois
US AMAZON-02 75.2.115.196 3582 mailcious
http://www.fuzhourexian.com/6mam/
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 3580 mailcious
http://www.blueline-productions.co.uk/6mam/
whois
GB Namesco Limited 85.233.160.23 clean
http://www.fuzhourexian.com/6mam/?WbTDk=qbpZFH7voKbXHHWLfMfEAiwyGaz4A1Dlq6aJ6MnbqPgDgfYDR2UnLoNROh/k48NFxcmn1xi3&oXMx2h=yRnHMfEXqtjp
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 3580 mailcious
http://www.kykyryky.art/6mam/?WbTDk=YhmCqIEbUGfuw5buP1ux4NwPyUbKdSmuBWvVd54Q/24mN/u1gMwH9i6nnbSMiSrA5lPx01TB&oXMx2h=yRnHMfEXqtjp
whois
Unknown 194.67.71.40 3577 mailcious
http://www.genesysshop.com/6mam/
whois
US GOOGLE 34.102.136.180 4000 mailcious
http://www.ilovemehoodie.com/6mam/?WbTDk=WcJFy0FDyb1eQp1HHEDezlfsnB+bgSZ9M5sCd3/XEWVbVLaHwBgyDt5AxetLVNVTX35rQb0V&oXMx2h=yRnHMfEXqtjp
whois
CA CLOUDFLARENET 23.227.38.74 4001 mailcious
http://www.mypursuitpodcast.com/6mam/?WbTDk=U4etKMGnApM4LPry/y2VHJ3U/bl1CG9Jeeehw1oO6+oHUhxigrqTTryZm0Ujj1iWyaAjlaMg&oXMx2h=yRnHMfEXqtjp
whois
US GOOGLE 34.102.136.180 clean
http://www.bagyat.com/6mam/?WbTDk=iV+++IZpql/PnhwiHoT5F+UEaK9f6TfC+P1mkxzUfgS/Y+pmMP73bpSijNJOr1JGqobxJRWc&oXMx2h=yRnHMfEXqtjp
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
http://www.genesysshop.com/6mam/?WbTDk=gbNVLwi1vO2ZsTKwdijolRE+nd+f4bOFGjLO6oLWdkpAXgcu19jDQ9iXEv77aHIk6xstCEEF&oXMx2h=yRnHMfEXqtjp
whois
US GOOGLE 34.102.136.180 4000 mailcious
http://www.ilovemehoodie.com/6mam/
whois
CA CLOUDFLARENET 23.227.38.74 4001 mailcious
http://www.mobiessence.com/6mam/
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.threatprotection.net/6mam/?WbTDk=5U63IG+8vBO93ME5ubhPJsaYeNu0pzfei2tMILncnfG3lfTZPYhqalgINgf11uesldX0DPY5&oXMx2h=yRnHMfEXqtjp
whois
DE AMAZON-02 52.58.78.16 clean
http://www.delhibudokankarate.com/6mam/?WbTDk=Dhv3NEq6R5NPQZs0dIik/SqBuvIY1/ydOcIgQc1Go12Tt/gNYl4yWQ2VA57WdGuU8YdfRGOR&oXMx2h=yRnHMfEXqtjp
whois
HK POWER LINE DATACENTER 154.215.87.120 4168 mailcious
http://www.amazebrowser.com/6mam/
whois
US LEASEWEB-USA-WDC 207.244.67.214 4002 mailcious
http://www.amazebrowser.com/6mam/?WbTDk=bdYiy4dFQ1FKdK0RHZb8AKGKI6CI94rlWbRWgupG1OIMQwt3tgAXT6Nv0jCitXCfOrToZzYc&oXMx2h=yRnHMfEXqtjp
whois
US LEASEWEB-USA-WDC 207.244.67.214 4002 mailcious
http://www.delhibudokankarate.com/6mam/
whois
HK POWER LINE DATACENTER 154.215.87.120 4168 mailcious
http://www.mobiessence.com/6mam/?WbTDk=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&oXMx2h=yRnHMfEXqtjp
whois
DE AMAZON-02 52.58.78.16 3578 mailcious
http://www.adenxsdesign.com/6mam/
whois
DE 1&1 Ionos Se 217.160.0.46 4003 mailcious
http://www.adenxsdesign.com/6mam/?WbTDk=tU44klL44EKqmodFv/jg5nrIY8m9SPufik0gg789I5xKoKlf2FGRw1yhbPhqQNhokqqERcg/&oXMx2h=yRnHMfEXqtjp
whois
DE 1&1 Ionos Se 217.160.0.46 4003 mailcious
http://www.kykyryky.art/6mam/
whois
Unknown 194.67.71.40 3577 mailcious
http://www.blueline-productions.co.uk/6mam/?WbTDk=DNrR1GaWXHlbTOpdMpUbF0coFsiHOlXFagQQYcV57R3aprlTATx9iTyvS/+hnA5kOUeynF9h&oXMx2h=yRnHMfEXqtjp
whois
GB Namesco Limited 85.233.160.23 clean
http://www.bagyat.com/6mam/
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
http://www.mypursuitpodcast.com/6mam/
whois
US GOOGLE 34.102.136.180 clean
http://www.miamiqueensdress.com/6mam/
whois
US AMAZON-02 75.2.115.196 3582 mailcious
https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21122&authkey=APxDcNiaNod5Ikk
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
https://dkyyda.sn.files.1drv.com/y4mrSimVfItmLHInNrSOJmhcu7jSN40x5ikR2n0jNVSGWcdC2tCdOiGTr4rigJL5sdDQ3GAZDSGjkFLKwcbPR2J-NBnZnhI8eC2Gkttmfb0hbRsQUXseigyCEA03KPHHw5YV_PP0de9LoaSk6O5SImU0jQhYk4bmDbERwII7h5Me9r9H0jwpYg-pfTPUVILyDYtxaM02eAiAksWwCQse3Pz4w/Cvie
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://dkyyda.sn.files.1drv.com/y4m97_S5N0dD1MsmWaq0eYG0Sb7_XlfGPp7W0ONc_xDzt_HblQFoIpUN4BloCEjg8c5mWj_pPLTdK3USNiULYn8KSFtBVDT5ZMMUxo9BEFVfSlNYC9ZvXK6cCn9X_Ea6X9Eud5mrCSEIKB6Z2D5F0-aYMIvpgMQrOPwfWQl11H4pZxOl5LJi78yhlQq8bDMvbt7DlLP3RdQUbpBJO2ZsjqwSg/Cvie
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.delhibudokankarate.com
whois
HK POWER LINE DATACENTER 154.215.87.120 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
dkyyda.sn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.fuzhourexian.com
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 clean
www.mobiessence.com
whois
DE AMAZON-02 52.58.78.16 clean
www.adenxsdesign.com
whois
DE 1&1 Ionos Se 217.160.0.46 clean
www.amazebrowser.com
whois
US LEASEWEB-USA-WDC 207.244.67.214 clean
www.miamiqueensdress.com
whois
US AMAZON-02 75.2.115.196 clean
www.bagyat.com
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
www.threatprotection.net
whois
DE AMAZON-02 52.58.78.16 clean
www.kilbyrnefarm.com
whois
Unknown clean
www.mypursuitpodcast.com
whois
US GOOGLE 34.102.136.180 clean
www.blueline-productions.co.uk
whois
GB Namesco Limited 85.233.160.23 clean
www.coicplat.com
whois
Unknown mailcious
www.genesysshop.com
whois
US GOOGLE 34.102.136.180 clean
www.ilovemehoodie.com
whois
CA CLOUDFLARENET 23.227.38.74 clean
www.kykyryky.art
whois
Unknown 194.67.71.40 clean
154.215.87.120
whois
HK POWER LINE DATACENTER 154.215.87.120 mailcious
52.58.78.16
whois
DE AMAZON-02 52.58.78.16 mailcious
47.245.33.84
whois
US Alibaba (US) Technology Co., Ltd. 47.245.33.84 mailcious
37.48.65.148
whois
NL LeaseWeb Netherlands B.V. 37.48.65.148 clean
194.67.71.40
whois
Unknown 194.67.71.40 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
209.99.40.222
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 mailcious
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
75.2.115.196
whois
US AMAZON-02 75.2.115.196 mailcious
217.160.0.46
whois
DE 1&1 Ionos Se 217.160.0.46 mailcious
85.233.160.22
whois
GB Namesco Limited 85.233.160.22 mailcious
23.227.38.74
whois
CA CLOUDFLARENET 23.227.38.74 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x487168 DeleteCriticalSection
 0x48716c LeaveCriticalSection
 0x487170 EnterCriticalSection
 0x487174 InitializeCriticalSection
 0x487178 VirtualFree
 0x48717c VirtualAlloc
 0x487180 LocalFree
 0x487184 LocalAlloc
 0x487188 GetVersion
 0x48718c GetCurrentThreadId
 0x487190 InterlockedDecrement
 0x487194 InterlockedIncrement
 0x487198 VirtualQuery
 0x48719c WideCharToMultiByte
 0x4871a0 MultiByteToWideChar
 0x4871a4 lstrlenA
 0x4871a8 lstrcpynA
 0x4871ac LoadLibraryExA
 0x4871b0 GetThreadLocale
 0x4871b4 GetStartupInfoA
 0x4871b8 GetProcAddress
 0x4871bc GetModuleHandleA
 0x4871c0 GetModuleFileNameA
 0x4871c4 GetLocaleInfoA
 0x4871c8 GetCommandLineA
 0x4871cc FreeLibrary
 0x4871d0 FindFirstFileA
 0x4871d4 FindClose
 0x4871d8 ExitProcess
 0x4871dc WriteFile
 0x4871e0 UnhandledExceptionFilter
 0x4871e4 RtlUnwind
 0x4871e8 RaiseException
 0x4871ec GetStdHandle
user32.dll
 0x4871f4 GetKeyboardType
 0x4871f8 LoadStringA
 0x4871fc MessageBoxA
 0x487200 CharNextA
advapi32.dll
 0x487208 RegQueryValueExA
 0x48720c RegOpenKeyExA
 0x487210 RegCloseKey
oleaut32.dll
 0x487218 SysFreeString
 0x48721c SysReAllocStringLen
 0x487220 SysAllocStringLen
kernel32.dll
 0x487228 TlsSetValue
 0x48722c TlsGetValue
 0x487230 LocalAlloc
 0x487234 GetModuleHandleA
advapi32.dll
 0x48723c RegQueryValueExA
 0x487240 RegOpenKeyExA
 0x487244 RegCloseKey
kernel32.dll
 0x48724c lstrcpyA
 0x487250 WriteFile
 0x487254 WaitForSingleObject
 0x487258 VirtualQuery
 0x48725c VirtualProtect
 0x487260 VirtualAlloc
 0x487264 Sleep
 0x487268 SizeofResource
 0x48726c SetThreadLocale
 0x487270 SetFilePointer
 0x487274 SetEvent
 0x487278 SetErrorMode
 0x48727c SetEndOfFile
 0x487280 ResetEvent
 0x487284 ReadFile
 0x487288 MultiByteToWideChar
 0x48728c MulDiv
 0x487290 LockResource
 0x487294 LoadResource
 0x487298 LoadLibraryA
 0x48729c LeaveCriticalSection
 0x4872a0 InitializeCriticalSection
 0x4872a4 GlobalUnlock
 0x4872a8 GlobalSize
 0x4872ac GlobalReAlloc
 0x4872b0 GlobalHandle
 0x4872b4 GlobalLock
 0x4872b8 GlobalFree
 0x4872bc GlobalFindAtomA
 0x4872c0 GlobalDeleteAtom
 0x4872c4 GlobalAlloc
 0x4872c8 GlobalAddAtomA
 0x4872cc GetVersionExA
 0x4872d0 GetVersion
 0x4872d4 GetUserDefaultLCID
 0x4872d8 GetTickCount
 0x4872dc GetThreadLocale
 0x4872e0 GetSystemInfo
 0x4872e4 GetStringTypeExA
 0x4872e8 GetStdHandle
 0x4872ec GetProcAddress
 0x4872f0 GetModuleHandleA
 0x4872f4 GetModuleFileNameA
 0x4872f8 GetLocaleInfoA
 0x4872fc GetLocalTime
 0x487300 GetLastError
 0x487304 GetFullPathNameA
 0x487308 GetFileAttributesA
 0x48730c GetDiskFreeSpaceA
 0x487310 GetDateFormatA
 0x487314 GetCurrentThreadId
 0x487318 GetCurrentProcessId
 0x48731c GetCPInfo
 0x487320 GetACP
 0x487324 FreeResource
 0x487328 InterlockedExchange
 0x48732c FreeLibrary
 0x487330 FormatMessageA
 0x487334 FindResourceA
 0x487338 EnumCalendarInfoA
 0x48733c EnterCriticalSection
 0x487340 DeleteCriticalSection
 0x487344 CreateThread
 0x487348 CreateFileA
 0x48734c CreateEventA
 0x487350 CompareStringA
 0x487354 CloseHandle
version.dll
 0x48735c VerQueryValueA
 0x487360 GetFileVersionInfoSizeA
 0x487364 GetFileVersionInfoA
gdi32.dll
 0x48736c UnrealizeObject
 0x487370 StretchBlt
 0x487374 SetWindowOrgEx
 0x487378 SetWinMetaFileBits
 0x48737c SetViewportOrgEx
 0x487380 SetTextColor
 0x487384 SetStretchBltMode
 0x487388 SetROP2
 0x48738c SetPixel
 0x487390 SetEnhMetaFileBits
 0x487394 SetDIBColorTable
 0x487398 SetBrushOrgEx
 0x48739c SetBkMode
 0x4873a0 SetBkColor
 0x4873a4 SelectPalette
 0x4873a8 SelectObject
 0x4873ac SaveDC
 0x4873b0 RestoreDC
 0x4873b4 RectVisible
 0x4873b8 RealizePalette
 0x4873bc PlayEnhMetaFile
 0x4873c0 PatBlt
 0x4873c4 MoveToEx
 0x4873c8 MaskBlt
 0x4873cc LineTo
 0x4873d0 IntersectClipRect
 0x4873d4 GetWindowOrgEx
 0x4873d8 GetWinMetaFileBits
 0x4873dc GetTextMetricsA
 0x4873e0 GetTextExtentPoint32A
 0x4873e4 GetSystemPaletteEntries
 0x4873e8 GetStockObject
 0x4873ec GetPixel
 0x4873f0 GetPaletteEntries
 0x4873f4 GetObjectA
 0x4873f8 GetEnhMetaFilePaletteEntries
 0x4873fc GetEnhMetaFileHeader
 0x487400 GetEnhMetaFileDescriptionA
 0x487404 GetEnhMetaFileBits
 0x487408 GetDeviceCaps
 0x48740c GetDIBits
 0x487410 GetDIBColorTable
 0x487414 GetDCOrgEx
 0x487418 GetCurrentPositionEx
 0x48741c GetClipBox
 0x487420 GetBrushOrgEx
 0x487424 GetBitmapBits
 0x487428 ExcludeClipRect
 0x48742c DeleteObject
 0x487430 DeleteEnhMetaFile
 0x487434 DeleteDC
 0x487438 CreateSolidBrush
 0x48743c CreatePenIndirect
 0x487440 CreatePalette
 0x487444 CreateHalftonePalette
 0x487448 CreateFontIndirectA
 0x48744c CreateEnhMetaFileA
 0x487450 CreateDIBitmap
 0x487454 CreateDIBSection
 0x487458 CreateCompatibleDC
 0x48745c CreateCompatibleBitmap
 0x487460 CreateBrushIndirect
 0x487464 CreateBitmap
 0x487468 CopyEnhMetaFileA
 0x48746c CloseEnhMetaFile
 0x487470 BitBlt
user32.dll
 0x487478 CreateWindowExA
 0x48747c WindowFromPoint
 0x487480 WinHelpA
 0x487484 WaitMessage
 0x487488 UpdateWindow
 0x48748c UnregisterClassA
 0x487490 UnhookWindowsHookEx
 0x487494 TranslateMessage
 0x487498 TranslateMDISysAccel
 0x48749c TrackPopupMenu
 0x4874a0 SystemParametersInfoA
 0x4874a4 ShowWindow
 0x4874a8 ShowScrollBar
 0x4874ac ShowOwnedPopups
 0x4874b0 ShowCursor
 0x4874b4 SetWindowsHookExA
 0x4874b8 SetWindowPos
 0x4874bc SetWindowPlacement
 0x4874c0 SetWindowLongA
 0x4874c4 SetTimer
 0x4874c8 SetScrollRange
 0x4874cc SetScrollPos
 0x4874d0 SetScrollInfo
 0x4874d4 SetRect
 0x4874d8 SetPropA
 0x4874dc SetParent
 0x4874e0 SetMenuItemInfoA
 0x4874e4 SetMenu
 0x4874e8 SetForegroundWindow
 0x4874ec SetFocus
 0x4874f0 SetCursor
 0x4874f4 SetClassLongA
 0x4874f8 SetCapture
 0x4874fc SetActiveWindow
 0x487500 SendMessageA
 0x487504 ScrollWindow
 0x487508 ScreenToClient
 0x48750c RemovePropA
 0x487510 RemoveMenu
 0x487514 ReleaseDC
 0x487518 ReleaseCapture
 0x48751c RegisterWindowMessageA
 0x487520 RegisterClipboardFormatA
 0x487524 RegisterClassA
 0x487528 RedrawWindow
 0x48752c PtInRect
 0x487530 PostQuitMessage
 0x487534 PostMessageA
 0x487538 PeekMessageA
 0x48753c OffsetRect
 0x487540 OemToCharA
 0x487544 MessageBoxA
 0x487548 MapWindowPoints
 0x48754c MapVirtualKeyA
 0x487550 LoadStringA
 0x487554 LoadKeyboardLayoutA
 0x487558 LoadIconA
 0x48755c LoadCursorA
 0x487560 LoadBitmapA
 0x487564 KillTimer
 0x487568 IsZoomed
 0x48756c IsWindowVisible
 0x487570 IsWindowEnabled
 0x487574 IsWindow
 0x487578 IsRectEmpty
 0x48757c IsIconic
 0x487580 IsDialogMessageA
 0x487584 IsChild
 0x487588 InvalidateRect
 0x48758c IntersectRect
 0x487590 InsertMenuItemA
 0x487594 InsertMenuA
 0x487598 InflateRect
 0x48759c GetWindowThreadProcessId
 0x4875a0 GetWindowTextA
 0x4875a4 GetWindowRect
 0x4875a8 GetWindowPlacement
 0x4875ac GetWindowLongA
 0x4875b0 GetWindowDC
 0x4875b4 GetTopWindow
 0x4875b8 GetSystemMetrics
 0x4875bc GetSystemMenu
 0x4875c0 GetSysColorBrush
 0x4875c4 GetSysColor
 0x4875c8 GetSubMenu
 0x4875cc GetScrollRange
 0x4875d0 GetScrollPos
 0x4875d4 GetScrollInfo
 0x4875d8 GetPropA
 0x4875dc GetParent
 0x4875e0 GetWindow
 0x4875e4 GetMessageTime
 0x4875e8 GetMenuStringA
 0x4875ec GetMenuState
 0x4875f0 GetMenuItemInfoA
 0x4875f4 GetMenuItemID
 0x4875f8 GetMenuItemCount
 0x4875fc GetMenu
 0x487600 GetLastActivePopup
 0x487604 GetKeyboardState
 0x487608 GetKeyboardLayoutList
 0x48760c GetKeyboardLayout
 0x487610 GetKeyState
 0x487614 GetKeyNameTextA
 0x487618 GetIconInfo
 0x48761c GetForegroundWindow
 0x487620 GetFocus
 0x487624 GetDesktopWindow
 0x487628 GetDCEx
 0x48762c GetDC
 0x487630 GetCursorPos
 0x487634 GetCursor
 0x487638 GetClipboardData
 0x48763c GetClientRect
 0x487640 GetClassNameA
 0x487644 GetClassInfoA
 0x487648 GetCapture
 0x48764c GetActiveWindow
 0x487650 FrameRect
 0x487654 FindWindowA
 0x487658 FillRect
 0x48765c EqualRect
 0x487660 EnumWindows
 0x487664 EnumThreadWindows
 0x487668 EndPaint
 0x48766c EnableWindow
 0x487670 EnableScrollBar
 0x487674 EnableMenuItem
 0x487678 DrawTextA
 0x48767c DrawMenuBar
 0x487680 DrawIconEx
 0x487684 DrawIcon
 0x487688 DrawFrameControl
 0x48768c DrawEdge
 0x487690 DispatchMessageA
 0x487694 DestroyWindow
 0x487698 DestroyMenu
 0x48769c DestroyIcon
 0x4876a0 DestroyCursor
 0x4876a4 DeleteMenu
 0x4876a8 DefWindowProcA
 0x4876ac DefMDIChildProcA
 0x4876b0 DefFrameProcA
 0x4876b4 CreatePopupMenu
 0x4876b8 CreateMenu
 0x4876bc CreateIcon
 0x4876c0 ClientToScreen
 0x4876c4 CheckMenuItem
 0x4876c8 CallWindowProcA
 0x4876cc CallNextHookEx
 0x4876d0 BeginPaint
 0x4876d4 CharNextA
 0x4876d8 CharLowerBuffA
 0x4876dc CharLowerA
 0x4876e0 CharToOemA
 0x4876e4 AdjustWindowRectEx
 0x4876e8 ActivateKeyboardLayout
kernel32.dll
 0x4876f0 Sleep
oleaut32.dll
 0x4876f8 SafeArrayPtrOfIndex
 0x4876fc SafeArrayGetUBound
 0x487700 SafeArrayGetLBound
 0x487704 SafeArrayCreate
 0x487708 VariantChangeType
 0x48770c VariantCopy
 0x487710 VariantClear
 0x487714 VariantInit
ole32.dll
 0x48771c CreateStreamOnHGlobal
 0x487720 IsAccelerator
 0x487724 OleDraw
 0x487728 OleSetMenuDescriptor
 0x48772c CoCreateInstance
 0x487730 CoGetClassObject
 0x487734 CoUninitialize
 0x487738 CoInitialize
 0x48773c IsEqualGUID
oleaut32.dll
 0x487744 GetErrorInfo
 0x487748 SysFreeString
comctl32.dll
 0x487750 ImageList_SetIconSize
 0x487754 ImageList_GetIconSize
 0x487758 ImageList_Write
 0x48775c ImageList_Read
 0x487760 ImageList_GetDragImage
 0x487764 ImageList_DragShowNolock
 0x487768 ImageList_SetDragCursorImage
 0x48776c ImageList_DragMove
 0x487770 ImageList_DragLeave
 0x487774 ImageList_DragEnter
 0x487778 ImageList_EndDrag
 0x48777c ImageList_BeginDrag
 0x487780 ImageList_Remove
 0x487784 ImageList_DrawEx
 0x487788 ImageList_Draw
 0x48778c ImageList_GetBkColor
 0x487790 ImageList_SetBkColor
 0x487794 ImageList_ReplaceIcon
 0x487798 ImageList_Add
 0x48779c ImageList_SetImageCount
 0x4877a0 ImageList_GetImageCount
 0x4877a4 ImageList_Destroy
 0x4877a8 ImageList_Create
shell32.dll
 0x4877b0 SHFileOperationA
shell32.dll
 0x4877b8 SHGetPathFromIDListA
 0x4877bc SHGetMalloc
 0x4877c0 SHGetDesktopFolder
 0x4877c4 SHBrowseForFolderA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure