popup

Report - vbc.exe

Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.27 16:08 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
13.4
ZERO API file : malware
VT API (file) 39 detected (AIDetect, malware2, malicious, high confidence, Siggen14, Zusy, Unsafe, Save, Remcos, ZelphiF, RGW@amy5IIni, Delf, Eldorado, Attribute, HighConfidence, EPZR, FileRepMalware, DealPly, Score, ai score=84, KVM007, kcloud, DelfInject, Fareit, FDBI, PasswordStealer, Pgdm, Static AI, Suspicious PE, susgen, GenKryptik, FIVH, GdSda)
md5 47fa27443cb1abe987ca9f653754b6d0
sha256 a9010421ea97c10ab6147e6c5077fab296030b13c26b6645502b6165e2e9d4db
ssdeep 12288:OlaDZ6+Eis2xF7S3/6nYpH5hQVsqjGhH/LGE9jhbO:OsD8GxF4FpHPYj+HTGEVVO
imphash 34279dc80317d1d92e4cc4f07cdb3a94
impfuzzy 192:P34ok1aomrbuuArSUvK9RqooqyKeSPOQRFd:P301uAA9LdPOQbd
  Network IP location

Signature (27cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Communicates with host for which no DNS query was performed
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Deletes executed files from disk
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Uses Sysinternals tools in order to add additional command line functionality
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (36cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (38cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.listenstech.com/ecuu/?iRIxln_=kZQ2xSRRrPRSBp5jFhnjX1FSIADBjElgtC+7SfW5nxGr1YavPckfOpnPtRZoEBHlAahsqtq3&Ixl0i=Xj0TQ4BXAfy
whois
US AMAZON-AES 3.223.115.185 clean
http://www.stathotshots.com/ecuu/
whois
US GOOGLE 34.98.99.30 clean
http://www.polaritelibrairie.com/ecuu/
whois
US GOOGLE 34.102.136.180 clean
http://www.tehridam.com/ecuu/
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 clean
http://www.tehridam.com/ecuu/?iRIxln_=52vxKUookbImOzTI7E+jd1wlXpyw0GfihJo0VkeqObbGxcjgEHmk7kL8PM63ES7BEXBsCGUk&Ixl0i=Xj0TQ4BXAfy
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 clean
http://www.stathotshots.com/ecuu/?iRIxln_=+WjnV65xNgr8mdfi2OB5TPoJ/nBIB301k5X/uFoN60o83tEWRpQDVejEJi6ZuHqfRkIXe4Q7&Ixl0i=Xj0TQ4BXAfy
whois
US GOOGLE 34.98.99.30 clean
http://www.castro-online.run/ecuu/
whois
US CLOUDFLARENET 172.67.221.31 clean
http://www.listenstech.com/ecuu/
whois
US AMAZON-AES 3.223.115.185 clean
http://www.polaritelibrairie.com/ecuu/?iRIxln_=9V37CvjOwlD+G2cZgvNSMh0FDLzSpLIOzW7Ku/j/E3/FrLtCEhUpqK2rSLRqtlK3cTc9cFsZ&Ixl0i=Xj0TQ4BXAfy
whois
US GOOGLE 34.102.136.180 clean
http://www.krsfpjuoekcd.info/ecuu/
whois
IE AMAZON-02 34.254.1.203 clean
http://www.castro-online.run/ecuu/?iRIxln_=d5lYEYpKw3U/V2Wa/g5CCF1s2ENwrat2UG5ZDi9BawppgyBx4RRR6Es6l3SZtkKIjt1O6P3x&Ixl0i=Xj0TQ4BXAfy
whois
US CLOUDFLARENET 172.67.221.31 clean
http://www.krsfpjuoekcd.info/ecuu/?iRIxln_=LU0+1QwVd10+6BiuHNRq5ZogeeHr3Gc/xefg/mY8SYFPV5dsCw2+/zWBWjZ/RXmecVxmw1+U&Ixl0i=Xj0TQ4BXAfy
whois
IE AMAZON-02 34.254.1.203 clean
http://www.enovexcorp.com/ecuu/?iRIxln_=bpzCTk/qdCIwipMedq6J/wQgKeK6uVGVcgTnCs1o93acAvo7q59x5CsOod7vCsrr9woKgHPq&Ixl0i=Xj0TQ4BXAfy
whois
US CLOUDFLARENET 104.21.6.147 clean
http://www.enovexcorp.com/ecuu/
whois
US CLOUDFLARENET 104.21.6.147 clean
https://onedrive.live.com/download?cid=D020578D515FAC65&resid=D020578D515FAC65%21104&authkey=AMOx_K_UwyxYKo0
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
https://zaxuiw.bn.files.1drv.com/y4mczKrLDnsQEz11TssVLlJ_EmHP8NPIFvgyL9dMyO-_CRvwOF5ixEQUv5HOlguGr7JySkb4RSPdx0TUbwZidmY4JHXL6BFGpm62eW74qM9ev7lC2Y7_cT_dNov11bYggFneIywQyWK4S0kFV0qYaVxVtlb0ZGhKDczVwssjyv1iPbs9BtMQGvpyBz8fRWjVDzs9EupG4eoQcaRta3snZLbjQ/Zpxt
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://zaxuiw.bn.files.1drv.com/y4m1dOkFsGdv3_-vkq6uf-FuEQulLm5iYLjC3IAeR48S35ZBNv-16V26ZiLJUxqd6lnWtUqaBGD7PzxmSIu64bV3anJq8QtH2aGM6taCMrBo-tRYOZWwoBeEi9Ms7H_rdBYMZPyE6vnif-XyMcf80UxWX3R6c5sRMn2UrqqfeZBejBG2pdPA6W31zw4kW1lUYVAO-Gsf-3iYbj2Mi-vOokf2Q/Zpxt
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.krsfpjuoekcd.info
whois
IE AMAZON-02 34.254.1.203 clean
www.castro-online.run
whois
US CLOUDFLARENET 104.21.53.248 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
zaxuiw.bn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.tehridam.com
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 clean
www.polaritelibrairie.com
whois
US GOOGLE 34.102.136.180 clean
www.gyiblrjd.icu
whois
HK Alibaba (US) Technology Co., Ltd. 47.91.170.222 clean
www.listenstech.com
whois
US AMAZON-AES 3.223.115.185 clean
www.stathotshots.com
whois
US GOOGLE 34.98.99.30 clean
www.enovexcorp.com
whois
US CLOUDFLARENET 172.67.134.229 clean
172.67.221.31
whois
US CLOUDFLARENET 172.67.221.31 clean
194.61.0.8
whois
RU Smartsystems LLC 194.61.0.8 malware
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
172.67.134.229
whois
US CLOUDFLARENET 172.67.134.229 clean
184.168.131.241
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 mailcious
47.91.170.222
whois
HK Alibaba (US) Technology Co., Ltd. 47.91.170.222 mailcious
34.98.99.30
whois
US GOOGLE 34.98.99.30 phishing
3.223.115.185
whois
US AMAZON-AES 3.223.115.185 mailcious
34.254.1.203
whois
IE AMAZON-02 34.254.1.203 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DNS Query for Suspicious .icu Domain
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x4a112c DeleteCriticalSection
 0x4a1130 LeaveCriticalSection
 0x4a1134 EnterCriticalSection
 0x4a1138 InitializeCriticalSection
 0x4a113c VirtualFree
 0x4a1140 VirtualAlloc
 0x4a1144 LocalFree
 0x4a1148 LocalAlloc
 0x4a114c GetVersion
 0x4a1150 GetCurrentThreadId
 0x4a1154 InterlockedDecrement
 0x4a1158 InterlockedIncrement
 0x4a115c VirtualQuery
 0x4a1160 WideCharToMultiByte
 0x4a1164 MultiByteToWideChar
 0x4a1168 lstrlenA
 0x4a116c lstrcpynA
 0x4a1170 LoadLibraryExA
 0x4a1174 GetThreadLocale
 0x4a1178 GetStartupInfoA
 0x4a117c GetProcAddress
 0x4a1180 GetModuleHandleA
 0x4a1184 GetModuleFileNameA
 0x4a1188 GetLocaleInfoA
 0x4a118c GetLastError
 0x4a1190 GetCommandLineA
 0x4a1194 FreeLibrary
 0x4a1198 FindFirstFileA
 0x4a119c FindClose
 0x4a11a0 ExitProcess
 0x4a11a4 WriteFile
 0x4a11a8 UnhandledExceptionFilter
 0x4a11ac SetFilePointer
 0x4a11b0 SetEndOfFile
 0x4a11b4 RtlUnwind
 0x4a11b8 ReadFile
 0x4a11bc RaiseException
 0x4a11c0 GetStdHandle
 0x4a11c4 GetFileSize
 0x4a11c8 GetFileType
 0x4a11cc CreateFileA
 0x4a11d0 CloseHandle
user32.dll
 0x4a11d8 GetKeyboardType
 0x4a11dc LoadStringA
 0x4a11e0 MessageBoxA
 0x4a11e4 CharNextA
advapi32.dll
 0x4a11ec RegQueryValueExA
 0x4a11f0 RegOpenKeyExA
 0x4a11f4 RegCloseKey
oleaut32.dll
 0x4a11fc SysFreeString
 0x4a1200 SysReAllocStringLen
 0x4a1204 SysAllocStringLen
kernel32.dll
 0x4a120c TlsSetValue
 0x4a1210 TlsGetValue
 0x4a1214 LocalAlloc
 0x4a1218 GetModuleHandleA
advapi32.dll
 0x4a1220 RegQueryValueExA
 0x4a1224 RegOpenKeyExA
 0x4a1228 RegCloseKey
kernel32.dll
 0x4a1230 lstrcpyA
 0x4a1234 lstrcmpiA
 0x4a1238 WriteFile
 0x4a123c WaitForSingleObject
 0x4a1240 VirtualQuery
 0x4a1244 VirtualProtect
 0x4a1248 VirtualAlloc
 0x4a124c Sleep
 0x4a1250 SizeofResource
 0x4a1254 SetThreadLocale
 0x4a1258 SetFilePointer
 0x4a125c SetEvent
 0x4a1260 SetErrorMode
 0x4a1264 SetEndOfFile
 0x4a1268 ResetEvent
 0x4a126c ReadFile
 0x4a1270 MulDiv
 0x4a1274 LockResource
 0x4a1278 LoadResource
 0x4a127c LoadLibraryA
 0x4a1280 LeaveCriticalSection
 0x4a1284 InitializeCriticalSection
 0x4a1288 GlobalUnlock
 0x4a128c GlobalReAlloc
 0x4a1290 GlobalHandle
 0x4a1294 GlobalLock
 0x4a1298 GlobalFree
 0x4a129c GlobalFindAtomA
 0x4a12a0 GlobalDeleteAtom
 0x4a12a4 GlobalAlloc
 0x4a12a8 GlobalAddAtomA
 0x4a12ac GetVersionExA
 0x4a12b0 GetVersion
 0x4a12b4 GetTickCount
 0x4a12b8 GetThreadLocale
 0x4a12bc GetSystemInfo
 0x4a12c0 GetStringTypeExA
 0x4a12c4 GetStdHandle
 0x4a12c8 GetProcAddress
 0x4a12cc GetModuleHandleA
 0x4a12d0 GetModuleFileNameA
 0x4a12d4 GetLocaleInfoA
 0x4a12d8 GetLocalTime
 0x4a12dc GetLastError
 0x4a12e0 GetFullPathNameA
 0x4a12e4 GetFileAttributesA
 0x4a12e8 GetDiskFreeSpaceA
 0x4a12ec GetDateFormatA
 0x4a12f0 GetCurrentThreadId
 0x4a12f4 GetCurrentProcessId
 0x4a12f8 GetCPInfo
 0x4a12fc GetACP
 0x4a1300 FreeResource
 0x4a1304 InterlockedExchange
 0x4a1308 FreeLibrary
 0x4a130c FormatMessageA
 0x4a1310 FindResourceA
 0x4a1314 FindFirstFileA
 0x4a1318 FindClose
 0x4a131c FileTimeToLocalFileTime
 0x4a1320 FileTimeToDosDateTime
 0x4a1324 EnumCalendarInfoA
 0x4a1328 EnterCriticalSection
 0x4a132c DeleteCriticalSection
 0x4a1330 CreateThread
 0x4a1334 CreateFileA
 0x4a1338 CreateEventA
 0x4a133c CompareStringA
 0x4a1340 CloseHandle
version.dll
 0x4a1348 VerQueryValueA
 0x4a134c GetFileVersionInfoSizeA
 0x4a1350 GetFileVersionInfoA
gdi32.dll
 0x4a1358 UnrealizeObject
 0x4a135c StretchBlt
 0x4a1360 SetWindowOrgEx
 0x4a1364 SetWinMetaFileBits
 0x4a1368 SetViewportOrgEx
 0x4a136c SetTextColor
 0x4a1370 SetStretchBltMode
 0x4a1374 SetROP2
 0x4a1378 SetPixel
 0x4a137c SetEnhMetaFileBits
 0x4a1380 SetDIBColorTable
 0x4a1384 SetBrushOrgEx
 0x4a1388 SetBkMode
 0x4a138c SetBkColor
 0x4a1390 SelectPalette
 0x4a1394 SelectObject
 0x4a1398 SaveDC
 0x4a139c RestoreDC
 0x4a13a0 Rectangle
 0x4a13a4 RectVisible
 0x4a13a8 RealizePalette
 0x4a13ac Polyline
 0x4a13b0 PlayEnhMetaFile
 0x4a13b4 PatBlt
 0x4a13b8 MoveToEx
 0x4a13bc MaskBlt
 0x4a13c0 LineTo
 0x4a13c4 IntersectClipRect
 0x4a13c8 GetWindowOrgEx
 0x4a13cc GetWinMetaFileBits
 0x4a13d0 GetTextMetricsA
 0x4a13d4 GetTextExtentPoint32A
 0x4a13d8 GetSystemPaletteEntries
 0x4a13dc GetStockObject
 0x4a13e0 GetPixel
 0x4a13e4 GetPaletteEntries
 0x4a13e8 GetObjectA
 0x4a13ec GetEnhMetaFilePaletteEntries
 0x4a13f0 GetEnhMetaFileHeader
 0x4a13f4 GetEnhMetaFileBits
 0x4a13f8 GetDeviceCaps
 0x4a13fc GetDIBits
 0x4a1400 GetDIBColorTable
 0x4a1404 GetDCOrgEx
 0x4a1408 GetCurrentPositionEx
 0x4a140c GetClipBox
 0x4a1410 GetBrushOrgEx
 0x4a1414 GetBitmapBits
 0x4a1418 GdiFlush
 0x4a141c ExtTextOutA
 0x4a1420 ExcludeClipRect
 0x4a1424 DeleteObject
 0x4a1428 DeleteEnhMetaFile
 0x4a142c DeleteDC
 0x4a1430 CreateSolidBrush
 0x4a1434 CreatePenIndirect
 0x4a1438 CreatePalette
 0x4a143c CreateHalftonePalette
 0x4a1440 CreateFontIndirectA
 0x4a1444 CreateDIBitmap
 0x4a1448 CreateDIBSection
 0x4a144c CreateCompatibleDC
 0x4a1450 CreateCompatibleBitmap
 0x4a1454 CreateBrushIndirect
 0x4a1458 CreateBitmap
 0x4a145c CopyEnhMetaFileA
 0x4a1460 BitBlt
user32.dll
 0x4a1468 CreateWindowExA
 0x4a146c WindowFromPoint
 0x4a1470 WinHelpA
 0x4a1474 WaitMessage
 0x4a1478 UpdateWindow
 0x4a147c UnregisterClassA
 0x4a1480 UnhookWindowsHookEx
 0x4a1484 TranslateMessage
 0x4a1488 TranslateMDISysAccel
 0x4a148c TrackPopupMenu
 0x4a1490 SystemParametersInfoA
 0x4a1494 ShowWindow
 0x4a1498 ShowScrollBar
 0x4a149c ShowOwnedPopups
 0x4a14a0 ShowCursor
 0x4a14a4 SetWindowsHookExA
 0x4a14a8 SetWindowTextA
 0x4a14ac SetWindowPos
 0x4a14b0 SetWindowPlacement
 0x4a14b4 SetWindowLongA
 0x4a14b8 SetTimer
 0x4a14bc SetScrollRange
 0x4a14c0 SetScrollPos
 0x4a14c4 SetScrollInfo
 0x4a14c8 SetRect
 0x4a14cc SetPropA
 0x4a14d0 SetParent
 0x4a14d4 SetMenuItemInfoA
 0x4a14d8 SetMenu
 0x4a14dc SetForegroundWindow
 0x4a14e0 SetFocus
 0x4a14e4 SetCursor
 0x4a14e8 SetClassLongA
 0x4a14ec SetCapture
 0x4a14f0 SetActiveWindow
 0x4a14f4 SendMessageA
 0x4a14f8 ScrollWindow
 0x4a14fc ScreenToClient
 0x4a1500 RemovePropA
 0x4a1504 RemoveMenu
 0x4a1508 ReleaseDC
 0x4a150c ReleaseCapture
 0x4a1510 RegisterWindowMessageA
 0x4a1514 RegisterClipboardFormatA
 0x4a1518 RegisterClassA
 0x4a151c RedrawWindow
 0x4a1520 PtInRect
 0x4a1524 PostQuitMessage
 0x4a1528 PostMessageA
 0x4a152c PeekMessageA
 0x4a1530 OffsetRect
 0x4a1534 OemToCharA
 0x4a1538 MessageBoxA
 0x4a153c MapWindowPoints
 0x4a1540 MapVirtualKeyA
 0x4a1544 LoadStringA
 0x4a1548 LoadKeyboardLayoutA
 0x4a154c LoadIconA
 0x4a1550 LoadCursorA
 0x4a1554 LoadBitmapA
 0x4a1558 KillTimer
 0x4a155c IsZoomed
 0x4a1560 IsWindowVisible
 0x4a1564 IsWindowEnabled
 0x4a1568 IsWindow
 0x4a156c IsRectEmpty
 0x4a1570 IsIconic
 0x4a1574 IsDialogMessageA
 0x4a1578 IsChild
 0x4a157c InvalidateRect
 0x4a1580 IntersectRect
 0x4a1584 InsertMenuItemA
 0x4a1588 InsertMenuA
 0x4a158c InflateRect
 0x4a1590 GetWindowThreadProcessId
 0x4a1594 GetWindowTextA
 0x4a1598 GetWindowRect
 0x4a159c GetWindowPlacement
 0x4a15a0 GetWindowLongA
 0x4a15a4 GetWindowDC
 0x4a15a8 GetTopWindow
 0x4a15ac GetSystemMetrics
 0x4a15b0 GetSystemMenu
 0x4a15b4 GetSysColorBrush
 0x4a15b8 GetSysColor
 0x4a15bc GetSubMenu
 0x4a15c0 GetScrollRange
 0x4a15c4 GetScrollPos
 0x4a15c8 GetScrollInfo
 0x4a15cc GetPropA
 0x4a15d0 GetParent
 0x4a15d4 GetWindow
 0x4a15d8 GetMenuStringA
 0x4a15dc GetMenuState
 0x4a15e0 GetMenuItemInfoA
 0x4a15e4 GetMenuItemID
 0x4a15e8 GetMenuItemCount
 0x4a15ec GetMenu
 0x4a15f0 GetLastActivePopup
 0x4a15f4 GetKeyboardState
 0x4a15f8 GetKeyboardLayoutList
 0x4a15fc GetKeyboardLayout
 0x4a1600 GetKeyState
 0x4a1604 GetKeyNameTextA
 0x4a1608 GetIconInfo
 0x4a160c GetForegroundWindow
 0x4a1610 GetFocus
 0x4a1614 GetDlgItem
 0x4a1618 GetDesktopWindow
 0x4a161c GetDCEx
 0x4a1620 GetDC
 0x4a1624 GetCursorPos
 0x4a1628 GetCursor
 0x4a162c GetClipboardData
 0x4a1630 GetClientRect
 0x4a1634 GetClassNameA
 0x4a1638 GetClassInfoA
 0x4a163c GetCapture
 0x4a1640 GetActiveWindow
 0x4a1644 FrameRect
 0x4a1648 FindWindowA
 0x4a164c FillRect
 0x4a1650 EqualRect
 0x4a1654 EnumWindows
 0x4a1658 EnumThreadWindows
 0x4a165c EndPaint
 0x4a1660 EnableWindow
 0x4a1664 EnableScrollBar
 0x4a1668 EnableMenuItem
 0x4a166c DrawTextA
 0x4a1670 DrawMenuBar
 0x4a1674 DrawIconEx
 0x4a1678 DrawIcon
 0x4a167c DrawFrameControl
 0x4a1680 DrawFocusRect
 0x4a1684 DrawEdge
 0x4a1688 DispatchMessageA
 0x4a168c DestroyWindow
 0x4a1690 DestroyMenu
 0x4a1694 DestroyIcon
 0x4a1698 DestroyCursor
 0x4a169c DeleteMenu
 0x4a16a0 DefWindowProcA
 0x4a16a4 DefMDIChildProcA
 0x4a16a8 DefFrameProcA
 0x4a16ac CreatePopupMenu
 0x4a16b0 CreateMenu
 0x4a16b4 CreateIcon
 0x4a16b8 ClientToScreen
 0x4a16bc CheckMenuItem
 0x4a16c0 CallWindowProcA
 0x4a16c4 CallNextHookEx
 0x4a16c8 BeginPaint
 0x4a16cc CharNextA
 0x4a16d0 CharLowerBuffA
 0x4a16d4 CharLowerA
 0x4a16d8 CharToOemA
 0x4a16dc AdjustWindowRectEx
 0x4a16e0 ActivateKeyboardLayout
kernel32.dll
 0x4a16e8 Sleep
oleaut32.dll
 0x4a16f0 SafeArrayPtrOfIndex
 0x4a16f4 SafeArrayGetUBound
 0x4a16f8 SafeArrayGetLBound
 0x4a16fc SafeArrayCreate
 0x4a1700 VariantChangeType
 0x4a1704 VariantCopy
 0x4a1708 VariantClear
 0x4a170c VariantInit
comctl32.dll
 0x4a1714 ImageList_SetIconSize
 0x4a1718 ImageList_GetIconSize
 0x4a171c ImageList_Write
 0x4a1720 ImageList_Read
 0x4a1724 ImageList_GetDragImage
 0x4a1728 ImageList_DragShowNolock
 0x4a172c ImageList_SetDragCursorImage
 0x4a1730 ImageList_DragMove
 0x4a1734 ImageList_DragLeave
 0x4a1738 ImageList_DragEnter
 0x4a173c ImageList_EndDrag
 0x4a1740 ImageList_BeginDrag
 0x4a1744 ImageList_Remove
 0x4a1748 ImageList_DrawEx
 0x4a174c ImageList_Replace
 0x4a1750 ImageList_Draw
 0x4a1754 ImageList_GetBkColor
 0x4a1758 ImageList_SetBkColor
 0x4a175c ImageList_ReplaceIcon
 0x4a1760 ImageList_Add
 0x4a1764 ImageList_SetImageCount
 0x4a1768 ImageList_GetImageCount
 0x4a176c ImageList_Destroy
 0x4a1770 ImageList_Create
comdlg32.dll
 0x4a1778 ChooseColorA
 0x4a177c GetOpenFileNameA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure