popup

Report - rob122DzjsdFA.dll

UPX Malicious Library Malicious Packer AntiDebug AntiVM PE File OS Processor Check DLL PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.19 19:15 Machine s1_win7_x6402
Filename rob122DzjsdFA.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
8
 Behavior Score
11.4
ZERO API file : clean
VT API (file) 16 detected (malicious, high confidence, Artemis, Save, confidence, 100%, a variant of Generik, ILZIDPF, score, Trickpak, Emotet, Static AI, Suspicious PE, kcloud)
md5 1ad0ef26e95163677b3dc9cc45a707c1
sha256 6c55126eb5ebfbf3bcdac310a44fe3debeabec192689e4706a377f0fcbb26d97
ssdeep 6144:V36DZgMzpJiY3X0uv10eqya+Ibi1vEu5OhVVIfbgfaadGvJANrINK7uEgVM1E7Iz:VgZhriY3XzdaukGKT7uE+B7Irv9Ojx4
imphash dd87c42e675b8d5a08fe41f9191329b9
impfuzzy 192:UFwKzu8fu2lvomZ0QkIAkRsGIUYFImcnczcUNxNR:ca8mMvoAAk2asHxNR
  Network IP location

Signature (24cnts)

Level Description
danger Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Communicates with host for which no DNS query was performed
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Looks up the external IP address
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Terminates another process
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info One or more processes crashed
info Queries for the computername
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (15cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info anti_dbg Checks if being debugged memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory

Network (33cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://icanhazip.com/
whois
US CLOUDFLARENET 104.18.7.156 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/14/user/test22/0/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://46.99.175.217/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CArh-CatZZJZJ1%5Cpbrob122DzjsdFAjl.dmo/0/
whois
AL IPKO Telecommunications LLC 46.99.175.217 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/LCK2ejUfmsC9jBPIK/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://182.253.210.130/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/5/networkDll64/
whois
ID BIZNET NETWORKS 182.253.210.130 3682 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/5/file/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/10/62/NLRTJPZNNBPFNPJ/7/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://46.99.175.149/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/1H1RppdDhXfj7PjNJdPR9J/
whois
AL IPKO Telecommunications LLC 46.99.175.149 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/14/DNSBL/listed/0/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://221.147.172.5/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/5/pwgrabb64/
whois
KR Korea Telecom 221.147.172.5 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/10/62/PFDXLJBFTVVVN/7/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://181.129.167.82/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/FWOIp5kh3DLMcjCKxTuunRF9rlqyeE/
whois
CO EPM Telecomunicaciones S.A. E.S.P. 181.129.167.82 clean
https://5.152.175.57/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/5/pwgrabc64/
whois
ES Skylogic S.p.A. 5.152.175.57 clean
https://46.99.175.217/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/VBrxbxVtzflnZFntVrvDrbhh9DpxNP91/
whois
AL IPKO Telecommunications LLC 46.99.175.217 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/23/100019/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://181.129.167.82/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/10/62/WPBOZJHPCMRBXGGRBGT/7/
whois
CO EPM Telecomunicaciones S.A. E.S.P. 181.129.167.82 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/14/NAT%20status/client%20is%20behind%20NAT/0/
whois
BR America-NET Ltda. 179.189.229.254 clean
https://179.189.229.254/rob122/TEST22-PC_W617601.3C3E558CBB3B7297799633BDCDF191BB/1/Mjbaz7MK73OqbffW9ilztlcg/
whois
BR America-NET Ltda. 179.189.229.254 clean
icanhazip.com
whois
US CLOUDFLARENET 104.18.6.156 clean
150.134.208.175.cbl.abuseat.org
whois
Unknown clean
150.134.208.175.zen.spamhaus.org
whois
Unknown clean
150.134.208.175.b.barracudacentral.org
whois
Unknown 127.0.0.2 clean
46.99.175.217
whois
AL IPKO Telecommunications LLC 46.99.175.217 mailcious
104.18.7.156
whois
US CLOUDFLARENET 104.18.7.156 clean
46.99.175.149
whois
AL IPKO Telecommunications LLC 46.99.175.149 mailcious
179.189.229.254
whois
BR America-NET Ltda. 179.189.229.254 mailcious
5.152.175.57
whois
ES Skylogic S.p.A. 5.152.175.57 mailcious
221.147.172.5
whois
KR Korea Telecom 221.147.172.5 clean
216.166.148.187
whois
US CYBERNET1 216.166.148.187 mailcious
182.253.210.130
whois
ID BIZNET NETWORKS 182.253.210.130 mailcious
181.129.167.82
whois
CO EPM Telecomunicaciones S.A. E.S.P. 181.129.167.82 mailcious
62.99.79.77
whois
ES Euskaltel S.A. 62.99.79.77 clean

Suricata ids

ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET POLICY curl User-Agent Outbound
ET POLICY IP Check Domain (icanhazip. com in HTTP Host)

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1003d190 VirtualFree
 0x1003d194 IsBadWritePtr
 0x1003d198 SetHandleCount
 0x1003d19c GetStdHandle
 0x1003d1a0 GetFileType
 0x1003d1a4 GetStartupInfoA
 0x1003d1a8 FreeEnvironmentStringsA
 0x1003d1ac GetEnvironmentStrings
 0x1003d1b0 FreeEnvironmentStringsW
 0x1003d1b4 GetEnvironmentStringsW
 0x1003d1b8 UnhandledExceptionFilter
 0x1003d1bc QueryPerformanceCounter
 0x1003d1c0 GetCurrentProcessId
 0x1003d1c4 GetSystemTimeAsFileTime
 0x1003d1c8 SetUnhandledExceptionFilter
 0x1003d1cc LCMapStringA
 0x1003d1d0 HeapCreate
 0x1003d1d4 GetStringTypeA
 0x1003d1d8 GetStringTypeW
 0x1003d1dc GetTimeZoneInformation
 0x1003d1e0 IsBadReadPtr
 0x1003d1e4 IsBadCodePtr
 0x1003d1e8 SetStdHandle
 0x1003d1ec SetEnvironmentVariableA
 0x1003d1f0 HeapDestroy
 0x1003d1f4 HeapSize
 0x1003d1f8 InterlockedExchange
 0x1003d1fc TerminateProcess
 0x1003d200 HeapReAlloc
 0x1003d204 GetCommandLineA
 0x1003d208 RtlUnwind
 0x1003d20c VirtualQuery
 0x1003d210 GetSystemInfo
 0x1003d214 VirtualAlloc
 0x1003d218 VirtualProtect
 0x1003d21c HeapFree
 0x1003d220 HeapAlloc
 0x1003d224 GetTickCount
 0x1003d228 GetCurrentDirectoryA
 0x1003d22c GetPrivateProfileStringA
 0x1003d230 WritePrivateProfileStringA
 0x1003d234 GetPrivateProfileIntA
 0x1003d238 LocalFileTimeToFileTime
 0x1003d23c FileTimeToLocalFileTime
 0x1003d240 SystemTimeToFileTime
 0x1003d244 FileTimeToSystemTime
 0x1003d248 GetOEMCP
 0x1003d24c GetCPInfo
 0x1003d250 GlobalFlags
 0x1003d254 GetShortPathNameA
 0x1003d258 GetVolumeInformationA
 0x1003d25c FindFirstFileA
 0x1003d260 FindClose
 0x1003d264 DuplicateHandle
 0x1003d268 SetEndOfFile
 0x1003d26c UnlockFile
 0x1003d270 LockFile
 0x1003d274 FlushFileBuffers
 0x1003d278 SetFilePointer
 0x1003d27c WriteFile
 0x1003d280 ReadFile
 0x1003d284 DeleteFileA
 0x1003d288 MoveFileA
 0x1003d28c TlsFree
 0x1003d290 LocalReAlloc
 0x1003d294 TlsSetValue
 0x1003d298 TlsAlloc
 0x1003d29c TlsGetValue
 0x1003d2a0 EnterCriticalSection
 0x1003d2a4 GlobalHandle
 0x1003d2a8 GlobalReAlloc
 0x1003d2ac LeaveCriticalSection
 0x1003d2b0 LocalAlloc
 0x1003d2b4 DeleteCriticalSection
 0x1003d2b8 InitializeCriticalSection
 0x1003d2bc RaiseException
 0x1003d2c0 InterlockedIncrement
 0x1003d2c4 InterlockedDecrement
 0x1003d2c8 GetCurrentThread
 0x1003d2cc GetModuleFileNameA
 0x1003d2d0 ConvertDefaultLocale
 0x1003d2d4 EnumResourceLanguagesA
 0x1003d2d8 lstrcmpA
 0x1003d2dc lstrcpyA
 0x1003d2e0 GetDiskFreeSpaceA
 0x1003d2e4 GetFullPathNameA
 0x1003d2e8 GetTempFileNameA
 0x1003d2ec GetFileTime
 0x1003d2f0 SetFileTime
 0x1003d2f4 GetFileAttributesA
 0x1003d2f8 FreeResource
 0x1003d2fc GetCurrentThreadId
 0x1003d300 GlobalGetAtomNameA
 0x1003d304 GlobalAddAtomA
 0x1003d308 GlobalFindAtomA
 0x1003d30c GlobalDeleteAtom
 0x1003d310 FreeLibrary
 0x1003d314 lstrcatA
 0x1003d318 lstrcmpW
 0x1003d31c GetModuleHandleA
 0x1003d320 GetProcAddress
 0x1003d324 SetLastError
 0x1003d328 GlobalFree
 0x1003d32c GlobalAlloc
 0x1003d330 GlobalLock
 0x1003d334 GlobalUnlock
 0x1003d338 FormatMessageA
 0x1003d33c lstrcpynA
 0x1003d340 LocalFree
 0x1003d344 MulDiv
 0x1003d348 FindResourceA
 0x1003d34c LoadResource
 0x1003d350 LockResource
 0x1003d354 SizeofResource
 0x1003d358 CreateFileA
 0x1003d35c CreateFileMappingA
 0x1003d360 MapViewOfFile
 0x1003d364 GetFileSize
 0x1003d368 UnmapViewOfFile
 0x1003d36c CloseHandle
 0x1003d370 LoadLibraryA
 0x1003d374 ExitProcess
 0x1003d378 GetCurrentProcess
 0x1003d37c GetStringTypeExA
 0x1003d380 CompareStringW
 0x1003d384 CompareStringA
 0x1003d388 lstrlenA
 0x1003d38c lstrcmpiA
 0x1003d390 GetVersion
 0x1003d394 GetLastError
 0x1003d398 WideCharToMultiByte
 0x1003d39c MultiByteToWideChar
 0x1003d3a0 GetVersionExA
 0x1003d3a4 GetThreadLocale
 0x1003d3a8 GetLocaleInfoA
 0x1003d3ac GetACP
 0x1003d3b0 LCMapStringW
USER32.dll
 0x1003d3f4 GetMenuItemInfoA
 0x1003d3f8 InflateRect
 0x1003d3fc GetSysColorBrush
 0x1003d400 GetTabbedTextExtentA
 0x1003d404 PostThreadMessageA
 0x1003d408 CreateMenu
 0x1003d40c CopyAcceleratorTableA
 0x1003d410 ShowOwnedPopups
 0x1003d414 PostQuitMessage
 0x1003d418 WindowFromPoint
 0x1003d41c SetParent
 0x1003d420 GetSystemMenu
 0x1003d424 DeleteMenu
 0x1003d428 IsZoomed
 0x1003d42c CreateDialogIndirectParamA
 0x1003d430 GetNextDlgTabItem
 0x1003d434 EndDialog
 0x1003d438 GetMessageA
 0x1003d43c TranslateMessage
 0x1003d440 ValidateRect
 0x1003d444 LoadMenuA
 0x1003d448 DestroyMenu
 0x1003d44c GetActiveWindow
 0x1003d450 UnpackDDElParam
 0x1003d454 ReuseDDElParam
 0x1003d458 LoadAcceleratorsA
 0x1003d45c InsertMenuItemA
 0x1003d460 CreatePopupMenu
 0x1003d464 SetRectEmpty
 0x1003d468 BringWindowToTop
 0x1003d46c SetMenu
 0x1003d470 GetDesktopWindow
 0x1003d474 TranslateAcceleratorA
 0x1003d478 EndPaint
 0x1003d47c BeginPaint
 0x1003d480 GetWindowDC
 0x1003d484 GrayStringA
 0x1003d488 DrawTextExA
 0x1003d48c DrawTextA
 0x1003d490 TabbedTextOutA
 0x1003d494 SetMenuItemBitmaps
 0x1003d498 ModifyMenuA
 0x1003d49c EnableMenuItem
 0x1003d4a0 CheckMenuItem
 0x1003d4a4 GetMenuCheckMarkDimensions
 0x1003d4a8 LoadBitmapA
 0x1003d4ac IsWindowEnabled
 0x1003d4b0 ShowWindow
 0x1003d4b4 SetWindowTextA
 0x1003d4b8 IsDialogMessageA
 0x1003d4bc SetDlgItemTextA
 0x1003d4c0 WinHelpA
 0x1003d4c4 GetCapture
 0x1003d4c8 CreateWindowExA
 0x1003d4cc SetWindowsHookExA
 0x1003d4d0 CallNextHookEx
 0x1003d4d4 GetClassLongA
 0x1003d4d8 GetClassInfoExA
 0x1003d4dc GetClassNameA
 0x1003d4e0 SetPropA
 0x1003d4e4 RemovePropA
 0x1003d4e8 SendDlgItemMessageA
 0x1003d4ec GetWindowTextLengthA
 0x1003d4f0 GetWindowTextA
 0x1003d4f4 GetForegroundWindow
 0x1003d4f8 GetLastActivePopup
 0x1003d4fc SetActiveWindow
 0x1003d500 DispatchMessageA
 0x1003d504 BeginDeferWindowPos
 0x1003d508 EndDeferWindowPos
 0x1003d50c GetDlgItem
 0x1003d510 GetTopWindow
 0x1003d514 DestroyWindow
 0x1003d518 UnhookWindowsHookEx
 0x1003d51c GetMessageTime
 0x1003d520 GetMessagePos
 0x1003d524 LoadIconA
 0x1003d528 MapWindowPoints
 0x1003d52c ScrollWindow
 0x1003d530 MessageBoxA
 0x1003d534 TrackPopupMenu
 0x1003d538 GetKeyState
 0x1003d53c SetScrollRange
 0x1003d540 GetScrollRange
 0x1003d544 SetScrollPos
 0x1003d548 GetScrollPos
 0x1003d54c SetForegroundWindow
 0x1003d550 IsWindowVisible
 0x1003d554 GetMenu
 0x1003d558 PostMessageA
 0x1003d55c EqualRect
 0x1003d560 DeferWindowPos
 0x1003d564 GetScrollInfo
 0x1003d568 SetScrollInfo
 0x1003d56c GetClassInfoA
 0x1003d570 RegisterClassA
 0x1003d574 UnregisterClassA
 0x1003d578 DefWindowProcA
 0x1003d57c CallWindowProcA
 0x1003d580 GetWindowLongA
 0x1003d584 SetWindowPos
 0x1003d588 IntersectRect
 0x1003d58c GetWindowPlacement
 0x1003d590 CopyRect
 0x1003d594 GetWindow
 0x1003d598 GetDlgCtrlID
 0x1003d59c IsIconic
 0x1003d5a0 GetMenuState
 0x1003d5a4 GetMenuStringA
 0x1003d5a8 AppendMenuA
 0x1003d5ac GetMenuItemID
 0x1003d5b0 InsertMenuA
 0x1003d5b4 GetMenuItemCount
 0x1003d5b8 GetSubMenu
 0x1003d5bc RemoveMenu
 0x1003d5c0 ReleaseCapture
 0x1003d5c4 AdjustWindowRectEx
 0x1003d5c8 GetSystemMetrics
 0x1003d5cc GetParent
 0x1003d5d0 SetCapture
 0x1003d5d4 KillTimer
 0x1003d5d8 SetTimer
 0x1003d5dc ClientToScreen
 0x1003d5e0 RegisterClipboardFormatA
 0x1003d5e4 GetWindowRect
 0x1003d5e8 SetWindowRgn
 0x1003d5ec DrawIcon
 0x1003d5f0 IsRectEmpty
 0x1003d5f4 RegisterWindowMessageA
 0x1003d5f8 FindWindowA
 0x1003d5fc SystemParametersInfoA
 0x1003d600 PeekMessageA
 0x1003d604 FillRect
 0x1003d608 GetDC
 0x1003d60c ReleaseDC
 0x1003d610 GetCursorPos
 0x1003d614 DestroyIcon
 0x1003d618 LockWindowUpdate
 0x1003d61c GetDCEx
 0x1003d620 SetFocus
 0x1003d624 GetSysColor
 0x1003d628 IsWindow
 0x1003d62c LoadCursorA
 0x1003d630 SetCursor
 0x1003d634 DestroyCursor
 0x1003d638 IsChild
 0x1003d63c ShowScrollBar
 0x1003d640 GetFocus
 0x1003d644 UpdateWindow
 0x1003d648 ScreenToClient
 0x1003d64c GetClientRect
 0x1003d650 OffsetRect
 0x1003d654 SetRect
 0x1003d658 PtInRect
 0x1003d65c SendMessageA
 0x1003d660 SetWindowLongA
 0x1003d664 IsCharAlphaNumericA
 0x1003d668 wsprintfA
 0x1003d66c EnableWindow
 0x1003d670 InvalidateRect
 0x1003d674 CharUpperA
 0x1003d678 GetPropA
GDI32.dll
 0x1003d050 SetWindowExtEx
 0x1003d054 ScaleWindowExtEx
 0x1003d058 GetCurrentPositionEx
 0x1003d05c LineTo
 0x1003d060 CreatePatternBrush
 0x1003d064 CreateCompatibleDC
 0x1003d068 CreateSolidBrush
 0x1003d06c CreateCompatibleBitmap
 0x1003d070 StretchDIBits
 0x1003d074 GetCharWidthA
 0x1003d078 GetBkColor
 0x1003d07c GetNearestColor
 0x1003d080 GetBkMode
 0x1003d084 GetPolyFillMode
 0x1003d088 SetWindowOrgEx
 0x1003d08c GetStretchBltMode
 0x1003d090 GetTextColor
 0x1003d094 GetTextAlign
 0x1003d098 GetTextFaceA
 0x1003d09c GetWindowOrgEx
 0x1003d0a0 CreateRectRgnIndirect
 0x1003d0a4 SetRectRgn
 0x1003d0a8 CombineRgn
 0x1003d0ac IntersectClipRect
 0x1003d0b0 ExcludeClipRect
 0x1003d0b4 SetMapMode
 0x1003d0b8 SetStretchBltMode
 0x1003d0bc SetROP2
 0x1003d0c0 SetPolyFillMode
 0x1003d0c4 SetBkMode
 0x1003d0c8 RestoreDC
 0x1003d0cc SaveDC
 0x1003d0d0 CreateBitmap
 0x1003d0d4 SetBkColor
 0x1003d0d8 SetTextColor
 0x1003d0dc GetClipBox
 0x1003d0e0 ScaleViewportExtEx
 0x1003d0e4 SetViewportExtEx
 0x1003d0e8 OffsetViewportOrgEx
 0x1003d0ec SetViewportOrgEx
 0x1003d0f0 SelectObject
 0x1003d0f4 Escape
 0x1003d0f8 ExtTextOutA
 0x1003d0fc TextOutA
 0x1003d100 RectVisible
 0x1003d104 PtVisible
 0x1003d108 GetPixel
 0x1003d10c BitBlt
 0x1003d110 GetWindowExtEx
 0x1003d114 GetViewportExtEx
 0x1003d118 CreateRectRgn
 0x1003d11c SelectClipRgn
 0x1003d120 DeleteObject
 0x1003d124 SetTextAlign
 0x1003d128 GetROP2
 0x1003d12c GetDeviceCaps
 0x1003d130 Ellipse
 0x1003d134 LPtoDP
 0x1003d138 CreateEllipticRgn
 0x1003d13c CreateDCA
 0x1003d140 DeleteDC
 0x1003d144 EndDoc
 0x1003d148 AbortDoc
 0x1003d14c SetAbortProc
 0x1003d150 EndPage
 0x1003d154 StartPage
 0x1003d158 StartDocA
 0x1003d15c GetStockObject
 0x1003d160 PatBlt
 0x1003d164 Rectangle
 0x1003d168 DPtoLP
 0x1003d16c GetViewportOrgEx
 0x1003d170 CreatePen
 0x1003d174 CreateFontIndirectA
 0x1003d178 CreateFontA
 0x1003d17c GetObjectA
 0x1003d180 GetTextMetricsA
 0x1003d184 GetTextExtentPoint32A
 0x1003d188 MoveToEx
comdlg32.dll
 0x1003d694 GetSaveFileNameA
 0x1003d698 GetFileTitleA
 0x1003d69c CommDlgExtendedError
 0x1003d6a0 PrintDlgA
 0x1003d6a4 GetOpenFileNameA
 0x1003d6a8 ChooseFontA
WINSPOOL.DRV
 0x1003d680 ClosePrinter
 0x1003d684 OpenPrinterA
 0x1003d688 GetJobA
 0x1003d68c DocumentPropertiesA
ADVAPI32.dll
 0x1003d000 RegDeleteValueA
 0x1003d004 RegSetValueA
 0x1003d008 RegOpenKeyA
 0x1003d00c SetFileSecurityA
 0x1003d010 GetFileSecurityA
 0x1003d014 RegQueryValueExA
 0x1003d018 RegOpenKeyExA
 0x1003d01c RegDeleteKeyA
 0x1003d020 RegEnumKeyA
 0x1003d024 RegQueryValueA
 0x1003d028 RegCreateKeyExA
 0x1003d02c RegCreateKeyA
 0x1003d030 RegCloseKey
 0x1003d034 RegSetValueExA
SHELL32.dll
 0x1003d3cc DragQueryFileA
 0x1003d3d0 SHGetFileInfoA
 0x1003d3d4 ExtractIconA
 0x1003d3d8 DragFinish
COMCTL32.dll
 0x1003d03c None
 0x1003d040 ImageList_Draw
 0x1003d044 ImageList_GetImageInfo
 0x1003d048 ImageList_Destroy
SHLWAPI.dll
 0x1003d3e0 PathFindFileNameA
 0x1003d3e4 PathStripToRootA
 0x1003d3e8 PathFindExtensionA
 0x1003d3ec PathIsUNCA
ole32.dll
 0x1003d6b0 OleDestroyMenuDescriptor
 0x1003d6b4 OleCreateMenuDescriptor
 0x1003d6b8 IsAccelerator
 0x1003d6bc OleTranslateAccelerator
OLEAUT32.dll
 0x1003d3b8 VariantClear
 0x1003d3bc SysAllocStringLen
 0x1003d3c0 VariantInit
 0x1003d3c4 VariantChangeType

EAT(Export Address Table) Library

0x10008a50 hgfhgdhgdh
0x10008a50 hgfhgdhgdh1
0x10008a50 hgfhgdhgdh2
0x10008a50 hgfhgdhgdh3
0x10008a60 klust

Similarity measure (PE file only) - Checking for service failure