popup

Report - vbc.exe

Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.31 11:12 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
6.6
ZERO API file : malware
VT API (file) 26 detected (malicious, high confidence, Heur3, QGW@aK80jZiib, Unsafe, Save, Delf, Eldorado, DllInject, KF potentially unsafe, NetWiredRC, AGEN, Sabsik, score, ai score=80, BScope, Noon, Static AI, Suspicious PE, GenKryptik, FIVH, GdSda)
md5 aca08c69a22e6f4f07cb44a74e7b9dac
sha256 8a4f2595fd06f95e90671af95430b5473d27a50097eaf3d2719de076748e1d85
ssdeep 12288:9bSAuiSYEczIDyTFiPKu5mHNoMyqcLHazX:9bS78z7PuCqHqRD
imphash f781791341b79e2aa49e6187b296c562
impfuzzy 192:33iSk1hJ//pbuuSxSUvK9yqooqEXo72POQRN:33M1h7Sq9AUPOQH
  Network IP location

Signature (14cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Manipulates memory of a non-child process indicative of process injection
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (56cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.o-distribs.com/ecuu/
whois
FR Online S.a.s. 62.4.7.10 clean
http://www.listenstech.com/ecuu/?uTuD=kZQ2xSRRrPRSBp5jFhnjX1FSIADBjElgtC+7SfW5nxGr1YavPckfOpnPtRZoEBHlAahsqtq3&Kj9ht=AVPd7xKPhhkxdz5p
whois
US AMAZON-AES 3.223.115.185 4587 mailcious
http://www.805thaifood.com/ecuu/
whois
SG AS-26496-GO-DADDY-COM-LLC 182.50.132.242 clean
http://www.805thaifood.com/ecuu/?uTuD=hUTHBcYuod6wePbk0fg23NzqxmOoeRrbfmFgVJWVpfKHZh9llzJ0TA90NFAjaWRAYOQ0Eh2G&Kj9ht=AVPd7xKPhhkxdz5p
whois
SG AS-26496-GO-DADDY-COM-LLC 182.50.132.242 clean
http://www.tasteofourneighborhood.com/ecuu/?uTuD=2bt83kpOuVtEIWyxUzi5DXhitRFjdhq2G+J/5YNEy7Qmu4jdCi+MNXaEKclGMLIx7+ZhZc0n&Kj9ht=AVPd7xKPhhkxdz5p
whois
US GOOGLE 34.102.136.180 clean
http://www.poorwhitetrashlivesmatter.net/ecuu/
whois
US GOOGLE 34.102.136.180 clean
http://www.empirerack.com/ecuu/
whois
US DXTL Tseung Kwan O Service 156.237.251.107 clean
http://www.workabhaile.com/ecuu/
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
http://www.listenstech.com/ecuu/
whois
US AMAZON-AES 3.223.115.185 4587 mailcious
http://www.manufacturedinjapan.com/ecuu/?uTuD=cm4EhB+xSusT2ZEgdpayhNT4zIjmvrOEKqQy1IzKW+qeT4TFPzigSNFvZaza7qmlNOHW0cnS&Kj9ht=AVPd7xKPhhkxdz5p
whois
JP ARTERIA Networks Corporation 183.181.81.33 clean
http://www.empirerack.com/ecuu/?uTuD=GEQTnerqhYYOZeP3k5oh8uqumDp4pVGJvED355C55gboS73ReFUlDy35EJLcN622X6ywqSXw&Kj9ht=AVPd7xKPhhkxdz5p
whois
US DXTL Tseung Kwan O Service 156.237.251.107 clean
http://www.tasteofourneighborhood.com/ecuu/
whois
US GOOGLE 34.102.136.180 clean
http://www.polaritelibrairie.com/ecuu/
whois
US GOOGLE 34.102.136.180 4591 mailcious
http://www.o-distribs.com/ecuu/?uTuD=2fFFpbMyLUJzYlZhDT8vOGOwgFBPZS+/I9qabDuA36nCGLx7k9QeIlc/dOLT21aoTTouS1Gs&Kj9ht=AVPd7xKPhhkxdz5p
whois
FR Online S.a.s. 62.4.7.10 clean
http://www.aquarius-twins.com/ecuu/?uTuD=i70bI06xK+671wXcZeZFUnUbIG41m3pyCPaR/31xF3WgPXN1BCrK4K5oBTRoN80eF7TYmcNc&Kj9ht=AVPd7xKPhhkxdz5p
whois
CH Sunrise Communications AG 194.230.72.206 clean
http://www.workabhaile.com/ecuu/?uTuD=psKvWxiJggpO43FMpV003tzUv9VXMXoP5rDQMzIOVpzQQ6MlN6hUAQTlmRRdHO4IMuWhrhTy&Kj9ht=AVPd7xKPhhkxdz5p
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
http://www.manufacturedinjapan.com/ecuu/
whois
JP ARTERIA Networks Corporation 183.181.81.33 clean
http://www.safeandsoundyachtservices.com/ecuu/?uTuD=Ze9u3c+JrkZMLd1iq8wEeNDhA8GBJvow2hjXqHEmaYUNXZ6LBYmY4Z/ain7TyThB0L5b8kMi&Kj9ht=AVPd7xKPhhkxdz5p
whois
US GOOGLE 34.102.136.180 clean
http://www.redcountrypodcast.com/ecuu/
whois
US GOOGLE 34.102.136.180 clean
http://www.polaritelibrairie.com/ecuu/?uTuD=9V37CvjOwlD+G2cZgvNSMh0FDLzSpLIOzW7Ku/j/E3/FrLtCEhUpqK2rSLRqtlK3cTc9cFsZ&Kj9ht=AVPd7xKPhhkxdz5p
whois
US GOOGLE 34.102.136.180 4591 mailcious
http://www.aquarius-twins.com/ecuu/
whois
CH Sunrise Communications AG 194.230.72.206 clean
http://www.redcountrypodcast.com/ecuu/?uTuD=C0rihD2hGnnRrpjswzT7uhuHD8PfbnuKKC7ou16TN5COtT4jGgPjFjduvIv/h6aCIOoNM/lg&Kj9ht=AVPd7xKPhhkxdz5p
whois
US GOOGLE 34.102.136.180 clean
http://www.poorwhitetrashlivesmatter.net/ecuu/?uTuD=Pl7Wo/Sc18YTVh4ZfRYn9GaIW3hmPNugWLqq+bwHPa7GGyOQcNaR6G/8c/+q5jU1tNJ+hTp8&Kj9ht=AVPd7xKPhhkxdz5p
whois
US GOOGLE 34.102.136.180 clean
http://www.safeandsoundyachtservices.com/ecuu/
whois
US GOOGLE 34.102.136.180 clean
http://www.enovexcorp.com/ecuu/?uTuD=bpzCTk/qdCIwipMedq6J/wQgKeK6uVGVcgTnCs1o93acAvo7q59x5CsOod7vCsrr9woKgHPq&Kj9ht=AVPd7xKPhhkxdz5p
whois
US CLOUDFLARENET 172.67.134.229 4589 mailcious
http://www.enovexcorp.com/ecuu/
whois
US CLOUDFLARENET 172.67.134.229 4589 mailcious
https://aceddq.bn.files.1drv.com/y4mmFuLrAmiQhwfiUX_9q9QkYs5bdmG7KRDr6ypX2gbItT1YDleYPEezFf9YGdUc9RoGpprgEYOf1PWKbcCYE6yO6x-iBBL3_2wsh8Em8fejrqpmtT9AbJj_kB-ykvyAre0Oz-9t5XOgmvYDpSytJYC5F7yj1YPgkcRA_y1K7e8We0sXJIPUZjpuM3fHrJA4ZfsWuX2n5pd2KqRsrHirYt5qQ/Zbgp
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://aceddq.bn.files.1drv.com/y4mnpzWq6nzESCeTlyX6547ecopygeoPVjTDPAiQ9qtDwqKns_kP9pal2sQV_WuqgOO1zDsyHgp0sFy8YUdVjz71GDq104jzsUljyKtvmHCmfkbdVcy0zDBruyz9JD3tzOgvgfADgk_UjNKTo5sKr19jQOwO3cmSXkqy9mipCj5i6pi8Ku67RZxJ81TTfPg2Ot43h_6RY8Ap802urbBvPCs2w/Zbgp
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://onedrive.live.com/download?cid=D020578D515FAC65&resid=D020578D515FAC65%21111&authkey=AP6lzi_AotrWkq8
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
www.o-distribs.com
whois
FR Online S.a.s. 62.4.7.10 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
aceddq.bn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.tasteofourneighborhood.com
whois
US GOOGLE 34.102.136.180 clean
www.safeandsoundyachtservices.com
whois
US GOOGLE 34.102.136.180 clean
www.workabhaile.com
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 clean
www.empirerack.com
whois
US DXTL Tseung Kwan O Service 156.237.251.107 clean
www.polaritelibrairie.com
whois
US GOOGLE 34.102.136.180 clean
www.aquarius-twins.com
whois
CH Sunrise Communications AG 194.230.72.206 clean
www.betsysobiech.com
whois
Unknown clean
www.805thaifood.com
whois
SG AS-26496-GO-DADDY-COM-LLC 182.50.132.242 clean
www.redcountrypodcast.com
whois
US GOOGLE 34.102.136.180 clean
www.manufacturedinjapan.com
whois
JP ARTERIA Networks Corporation 183.181.81.33 clean
www.poorwhitetrashlivesmatter.net
whois
US GOOGLE 34.102.136.180 clean
www.enovexcorp.com
whois
US CLOUDFLARENET 104.21.6.147 clean
www.listenstech.com
whois
US AMAZON-AES 3.223.115.185 clean
183.181.81.33
whois
JP ARTERIA Networks Corporation 183.181.81.33 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
209.99.40.222
whois
US CONFLUENCE-NETWORK-INC 209.99.40.222 mailcious
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
172.67.134.229
whois
US CLOUDFLARENET 172.67.134.229 clean
156.237.251.107
whois
US DXTL Tseung Kwan O Service 156.237.251.107 clean
182.50.132.242
whois
SG AS-26496-GO-DADDY-COM-LLC 182.50.132.242 mailcious
194.230.72.206
whois
CH Sunrise Communications AG 194.230.72.206 clean
3.223.115.185
whois
US AMAZON-AES 3.223.115.185 mailcious
62.4.7.10
whois
FR Online S.a.s. 62.4.7.10 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x4c5118 DeleteCriticalSection
 0x4c511c LeaveCriticalSection
 0x4c5120 EnterCriticalSection
 0x4c5124 InitializeCriticalSection
 0x4c5128 VirtualFree
 0x4c512c VirtualAlloc
 0x4c5130 LocalFree
 0x4c5134 LocalAlloc
 0x4c5138 GetTickCount
 0x4c513c QueryPerformanceCounter
 0x4c5140 GetVersion
 0x4c5144 GetCurrentThreadId
 0x4c5148 InterlockedDecrement
 0x4c514c InterlockedIncrement
 0x4c5150 VirtualQuery
 0x4c5154 WideCharToMultiByte
 0x4c5158 MultiByteToWideChar
 0x4c515c lstrlenA
 0x4c5160 lstrcpynA
 0x4c5164 LoadLibraryExA
 0x4c5168 GetThreadLocale
 0x4c516c GetStartupInfoA
 0x4c5170 GetProcAddress
 0x4c5174 GetModuleHandleA
 0x4c5178 GetModuleFileNameA
 0x4c517c GetLocaleInfoA
 0x4c5180 GetCommandLineA
 0x4c5184 FreeLibrary
 0x4c5188 FindFirstFileA
 0x4c518c FindClose
 0x4c5190 ExitProcess
 0x4c5194 WriteFile
 0x4c5198 UnhandledExceptionFilter
 0x4c519c RtlUnwind
 0x4c51a0 RaiseException
 0x4c51a4 GetStdHandle
user32.dll
 0x4c51ac GetKeyboardType
 0x4c51b0 LoadStringA
 0x4c51b4 MessageBoxA
 0x4c51b8 CharNextA
advapi32.dll
 0x4c51c0 RegQueryValueExA
 0x4c51c4 RegOpenKeyExA
 0x4c51c8 RegCloseKey
oleaut32.dll
 0x4c51d0 SysFreeString
 0x4c51d4 SysReAllocStringLen
 0x4c51d8 SysAllocStringLen
kernel32.dll
 0x4c51e0 TlsSetValue
 0x4c51e4 TlsGetValue
 0x4c51e8 LocalAlloc
 0x4c51ec GetModuleHandleA
advapi32.dll
 0x4c51f4 RegQueryValueExA
 0x4c51f8 RegOpenKeyExA
 0x4c51fc RegCloseKey
kernel32.dll
 0x4c5204 lstrcpyA
 0x4c5208 lstrcmpiA
 0x4c520c WriteProcessMemory
 0x4c5210 WriteFile
 0x4c5214 WaitForSingleObject
 0x4c5218 VirtualQuery
 0x4c521c VirtualProtect
 0x4c5220 VirtualFree
 0x4c5224 VirtualAllocEx
 0x4c5228 VirtualAlloc
 0x4c522c Sleep
 0x4c5230 SizeofResource
 0x4c5234 SetThreadLocale
 0x4c5238 SetFilePointer
 0x4c523c SetEvent
 0x4c5240 SetErrorMode
 0x4c5244 SetEndOfFile
 0x4c5248 ResumeThread
 0x4c524c ResetEvent
 0x4c5250 ReadProcessMemory
 0x4c5254 ReadFile
 0x4c5258 MulDiv
 0x4c525c LockResource
 0x4c5260 LoadResource
 0x4c5264 LoadLibraryA
 0x4c5268 LeaveCriticalSection
 0x4c526c InitializeCriticalSection
 0x4c5270 GlobalUnlock
 0x4c5274 GlobalReAlloc
 0x4c5278 GlobalHandle
 0x4c527c GlobalLock
 0x4c5280 GlobalFree
 0x4c5284 GlobalFindAtomA
 0x4c5288 GlobalDeleteAtom
 0x4c528c GlobalAlloc
 0x4c5290 GlobalAddAtomA
 0x4c5294 GetVersionExA
 0x4c5298 GetVersion
 0x4c529c GetTickCount
 0x4c52a0 GetThreadLocale
 0x4c52a4 GetSystemInfo
 0x4c52a8 GetStringTypeExA
 0x4c52ac GetStdHandle
 0x4c52b0 GetProcAddress
 0x4c52b4 GetModuleHandleA
 0x4c52b8 GetModuleFileNameA
 0x4c52bc GetLocaleInfoA
 0x4c52c0 GetLocalTime
 0x4c52c4 GetLastError
 0x4c52c8 GetFullPathNameA
 0x4c52cc GetExitCodeThread
 0x4c52d0 GetDiskFreeSpaceA
 0x4c52d4 GetDateFormatA
 0x4c52d8 GetCurrentThreadId
 0x4c52dc GetCurrentProcessId
 0x4c52e0 GetCPInfo
 0x4c52e4 GetACP
 0x4c52e8 FreeResource
 0x4c52ec InterlockedExchange
 0x4c52f0 FreeLibrary
 0x4c52f4 FormatMessageA
 0x4c52f8 FindResourceA
 0x4c52fc ExitProcess
 0x4c5300 EnumCalendarInfoA
 0x4c5304 EnterCriticalSection
 0x4c5308 DeleteCriticalSection
 0x4c530c CreateThread
 0x4c5310 CreateRemoteThread
 0x4c5314 CreateProcessA
 0x4c5318 CreateFileA
 0x4c531c CreateEventA
 0x4c5320 CompareStringA
 0x4c5324 CloseHandle
version.dll
 0x4c532c VerQueryValueA
 0x4c5330 GetFileVersionInfoSizeA
 0x4c5334 GetFileVersionInfoA
gdi32.dll
 0x4c533c UnrealizeObject
 0x4c5340 StretchBlt
 0x4c5344 SetWindowOrgEx
 0x4c5348 SetWinMetaFileBits
 0x4c534c SetViewportOrgEx
 0x4c5350 SetTextColor
 0x4c5354 SetStretchBltMode
 0x4c5358 SetROP2
 0x4c535c SetPixel
 0x4c5360 SetEnhMetaFileBits
 0x4c5364 SetDIBColorTable
 0x4c5368 SetBrushOrgEx
 0x4c536c SetBkMode
 0x4c5370 SetBkColor
 0x4c5374 SelectPalette
 0x4c5378 SelectObject
 0x4c537c SaveDC
 0x4c5380 RestoreDC
 0x4c5384 Rectangle
 0x4c5388 RectVisible
 0x4c538c RealizePalette
 0x4c5390 PlayEnhMetaFile
 0x4c5394 PatBlt
 0x4c5398 MoveToEx
 0x4c539c MaskBlt
 0x4c53a0 LineTo
 0x4c53a4 IntersectClipRect
 0x4c53a8 GetWindowOrgEx
 0x4c53ac GetWinMetaFileBits
 0x4c53b0 GetTextMetricsA
 0x4c53b4 GetTextExtentPointA
 0x4c53b8 GetTextExtentPoint32A
 0x4c53bc GetSystemPaletteEntries
 0x4c53c0 GetStockObject
 0x4c53c4 GetPixel
 0x4c53c8 GetPaletteEntries
 0x4c53cc GetObjectA
 0x4c53d0 GetEnhMetaFilePaletteEntries
 0x4c53d4 GetEnhMetaFileHeader
 0x4c53d8 GetEnhMetaFileBits
 0x4c53dc GetDeviceCaps
 0x4c53e0 GetDIBits
 0x4c53e4 GetDIBColorTable
 0x4c53e8 GetDCOrgEx
 0x4c53ec GetCurrentPositionEx
 0x4c53f0 GetClipBox
 0x4c53f4 GetBrushOrgEx
 0x4c53f8 GetBitmapBits
 0x4c53fc GdiFlush
 0x4c5400 ExcludeClipRect
 0x4c5404 DeleteObject
 0x4c5408 DeleteEnhMetaFile
 0x4c540c DeleteDC
 0x4c5410 CreateSolidBrush
 0x4c5414 CreatePenIndirect
 0x4c5418 CreatePalette
 0x4c541c CreateHalftonePalette
 0x4c5420 CreateFontIndirectA
 0x4c5424 CreateDIBitmap
 0x4c5428 CreateDIBSection
 0x4c542c CreateCompatibleDC
 0x4c5430 CreateCompatibleBitmap
 0x4c5434 CreateBrushIndirect
 0x4c5438 CreateBitmap
 0x4c543c CopyEnhMetaFileA
 0x4c5440 BitBlt
user32.dll
 0x4c5448 CreateWindowExA
 0x4c544c WindowFromPoint
 0x4c5450 WinHelpA
 0x4c5454 WaitMessage
 0x4c5458 UpdateWindow
 0x4c545c UnregisterClassA
 0x4c5460 UnhookWindowsHookEx
 0x4c5464 TranslateMessage
 0x4c5468 TranslateMDISysAccel
 0x4c546c TrackPopupMenu
 0x4c5470 SystemParametersInfoA
 0x4c5474 ShowWindow
 0x4c5478 ShowScrollBar
 0x4c547c ShowOwnedPopups
 0x4c5480 ShowCursor
 0x4c5484 SetWindowsHookExA
 0x4c5488 SetWindowPos
 0x4c548c SetWindowPlacement
 0x4c5490 SetWindowLongA
 0x4c5494 SetTimer
 0x4c5498 SetScrollRange
 0x4c549c SetScrollPos
 0x4c54a0 SetScrollInfo
 0x4c54a4 SetRect
 0x4c54a8 SetPropA
 0x4c54ac SetParent
 0x4c54b0 SetMenuItemInfoA
 0x4c54b4 SetMenu
 0x4c54b8 SetForegroundWindow
 0x4c54bc SetFocus
 0x4c54c0 SetCursor
 0x4c54c4 SetClipboardData
 0x4c54c8 SetClassLongA
 0x4c54cc SetCapture
 0x4c54d0 SetActiveWindow
 0x4c54d4 SendMessageA
 0x4c54d8 ScrollWindow
 0x4c54dc ScreenToClient
 0x4c54e0 RemovePropA
 0x4c54e4 RemoveMenu
 0x4c54e8 ReleaseDC
 0x4c54ec ReleaseCapture
 0x4c54f0 RegisterWindowMessageA
 0x4c54f4 RegisterClipboardFormatA
 0x4c54f8 RegisterClassA
 0x4c54fc RedrawWindow
 0x4c5500 PtInRect
 0x4c5504 PostQuitMessage
 0x4c5508 PostMessageA
 0x4c550c PeekMessageA
 0x4c5510 OpenClipboard
 0x4c5514 OffsetRect
 0x4c5518 OemToCharA
 0x4c551c MessageBoxA
 0x4c5520 MessageBeep
 0x4c5524 MapWindowPoints
 0x4c5528 MapVirtualKeyA
 0x4c552c LoadStringA
 0x4c5530 LoadKeyboardLayoutA
 0x4c5534 LoadIconA
 0x4c5538 LoadCursorA
 0x4c553c LoadBitmapA
 0x4c5540 KillTimer
 0x4c5544 IsZoomed
 0x4c5548 IsWindowVisible
 0x4c554c IsWindowEnabled
 0x4c5550 IsWindow
 0x4c5554 IsRectEmpty
 0x4c5558 IsIconic
 0x4c555c IsDialogMessageA
 0x4c5560 IsChild
 0x4c5564 InvalidateRect
 0x4c5568 IntersectRect
 0x4c556c InsertMenuItemA
 0x4c5570 InsertMenuA
 0x4c5574 InflateRect
 0x4c5578 GetWindowThreadProcessId
 0x4c557c GetWindowTextA
 0x4c5580 GetWindowRect
 0x4c5584 GetWindowPlacement
 0x4c5588 GetWindowLongA
 0x4c558c GetWindowDC
 0x4c5590 GetTopWindow
 0x4c5594 GetSystemMetrics
 0x4c5598 GetSystemMenu
 0x4c559c GetSysColorBrush
 0x4c55a0 GetSysColor
 0x4c55a4 GetSubMenu
 0x4c55a8 GetScrollRange
 0x4c55ac GetScrollPos
 0x4c55b0 GetScrollInfo
 0x4c55b4 GetPropA
 0x4c55b8 GetParent
 0x4c55bc GetWindow
 0x4c55c0 GetMenuStringA
 0x4c55c4 GetMenuState
 0x4c55c8 GetMenuItemInfoA
 0x4c55cc GetMenuItemID
 0x4c55d0 GetMenuItemCount
 0x4c55d4 GetMenu
 0x4c55d8 GetLastActivePopup
 0x4c55dc GetKeyboardState
 0x4c55e0 GetKeyboardLayoutList
 0x4c55e4 GetKeyboardLayout
 0x4c55e8 GetKeyState
 0x4c55ec GetKeyNameTextA
 0x4c55f0 GetIconInfo
 0x4c55f4 GetForegroundWindow
 0x4c55f8 GetFocus
 0x4c55fc GetDesktopWindow
 0x4c5600 GetDCEx
 0x4c5604 GetDC
 0x4c5608 GetCursorPos
 0x4c560c GetCursor
 0x4c5610 GetClipboardData
 0x4c5614 GetClientRect
 0x4c5618 GetClassNameA
 0x4c561c GetClassInfoA
 0x4c5620 GetCapture
 0x4c5624 GetActiveWindow
 0x4c5628 FrameRect
 0x4c562c FindWindowA
 0x4c5630 FillRect
 0x4c5634 EqualRect
 0x4c5638 EnumWindows
 0x4c563c EnumThreadWindows
 0x4c5640 EndPaint
 0x4c5644 EnableWindow
 0x4c5648 EnableScrollBar
 0x4c564c EnableMenuItem
 0x4c5650 EmptyClipboard
 0x4c5654 DrawTextA
 0x4c5658 DrawMenuBar
 0x4c565c DrawIconEx
 0x4c5660 DrawIcon
 0x4c5664 DrawFrameControl
 0x4c5668 DrawEdge
 0x4c566c DispatchMessageA
 0x4c5670 DestroyWindow
 0x4c5674 DestroyMenu
 0x4c5678 DestroyIcon
 0x4c567c DestroyCursor
 0x4c5680 DeleteMenu
 0x4c5684 DefWindowProcA
 0x4c5688 DefMDIChildProcA
 0x4c568c DefFrameProcA
 0x4c5690 CreatePopupMenu
 0x4c5694 CreateMenu
 0x4c5698 CreateIcon
 0x4c569c CloseClipboard
 0x4c56a0 ClientToScreen
 0x4c56a4 CheckMenuItem
 0x4c56a8 CallWindowProcA
 0x4c56ac CallNextHookEx
 0x4c56b0 BeginPaint
 0x4c56b4 CharNextA
 0x4c56b8 CharLowerBuffA
 0x4c56bc CharLowerA
 0x4c56c0 CharUpperBuffA
 0x4c56c4 CharToOemA
 0x4c56c8 AdjustWindowRectEx
 0x4c56cc ActivateKeyboardLayout
kernel32.dll
 0x4c56d4 Sleep
oleaut32.dll
 0x4c56dc SafeArrayPtrOfIndex
 0x4c56e0 SafeArrayGetUBound
 0x4c56e4 SafeArrayGetLBound
 0x4c56e8 SafeArrayCreate
 0x4c56ec VariantChangeType
 0x4c56f0 VariantCopy
 0x4c56f4 VariantClear
 0x4c56f8 VariantInit
comctl32.dll
 0x4c5700 ImageList_SetIconSize
 0x4c5704 ImageList_GetIconSize
 0x4c5708 ImageList_Write
 0x4c570c ImageList_Read
 0x4c5710 ImageList_GetDragImage
 0x4c5714 ImageList_DragShowNolock
 0x4c5718 ImageList_SetDragCursorImage
 0x4c571c ImageList_DragMove
 0x4c5720 ImageList_DragLeave
 0x4c5724 ImageList_DragEnter
 0x4c5728 ImageList_EndDrag
 0x4c572c ImageList_BeginDrag
 0x4c5730 ImageList_Remove
 0x4c5734 ImageList_DrawEx
 0x4c5738 ImageList_Draw
 0x4c573c ImageList_GetBkColor
 0x4c5740 ImageList_SetBkColor
 0x4c5744 ImageList_ReplaceIcon
 0x4c5748 ImageList_Add
 0x4c574c ImageList_SetImageCount
 0x4c5750 ImageList_GetImageCount
 0x4c5754 ImageList_Destroy
 0x4c5758 ImageList_Create

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure