popup

Report - vbc.exe

Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.09.03 08:53 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
5
 Behavior Score
11.8
ZERO API file : clean
VT API (file) 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Delf, Eldorado, EQAC, Sabsik, score, BScope, Noon, Static AI, Suspicious PE, confidence, susgen)
md5 dd5c7e917f28bbe04bb177571eadb4b6
sha256 27cad802a32ea893bce26ae89b2c77825d4ece889932addbcb922ff2c3d73425
ssdeep 12288:K1+UzwWLYx9/EISfjI3916W3WOsA0QLEkpwaGKqa/yv1pKQcj2VncY:+BfYx9tGjI39DmOs5KTGKqXv7cSc
imphash 1407e2d87d7efca6bd106fef3862efae
impfuzzy 192:o13MDbuuaxSUvK9kso1XEpehIPyG1hH+POQk:C3maq9um1hePOQk
  Network IP location

Signature (25cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
warning File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Command line console output was observed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (36cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Network_Downloader File Downloader memory
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (30cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.meo6.com/ecuu/
whois
US AMAZON-02 75.2.18.233 clean
http://www.poorwhitetrashlivesmatter.net/ecuu/
whois
US GOOGLE 34.102.136.180 4683 mailcious
http://www.tasteofourneighborhood.com/ecuu/
whois
US GOOGLE 34.102.136.180 4685 mailcious
http://www.tehridam.com/ecuu/
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 4593 mailcious
http://www.tehridam.com/ecuu/?KnbdJ0x8=52vxKUookbImOzTI7E+jd1wlXpyw0GfihJo0VkeqObbGxcjgEHmk7kL8PM63ES7BEXBsCGUk&QXNXP=uphTDjQ0dle
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 4593 mailcious
http://www.poorwhitetrashlivesmatter.net/ecuu/?KnbdJ0x8=Pl7Wo/Sc18YTVh4ZfRYn9GaIW3hmPNugWLqq+bwHPa7GGyOQcNaR6G/8c/+q5jU1tNJ+hTp8&QXNXP=uphTDjQ0dle
whois
US GOOGLE 34.102.136.180 4683 mailcious
http://www.keplersark.com/ecuu/
whois
US CONFLUENCE-NETWORK-INC 209.99.64.55 clean
http://www.keplersark.com/ecuu/?KnbdJ0x8=ErLy2cxkmBgc+vcby4/4OzScNwRwZNunoYkj9ouMgCM9dfa6mhMp1sEqnAK/47sh9WzSWDcB&QXNXP=uphTDjQ0dle
whois
US CONFLUENCE-NETWORK-INC 209.99.64.55 clean
http://www.tasteofourneighborhood.com/ecuu/?KnbdJ0x8=2bt83kpOuVtEIWyxUzi5DXhitRFjdhq2G+J/5YNEy7Qmu4jdCi+MNXaEKclGMLIx7+ZhZc0n&QXNXP=uphTDjQ0dle
whois
US GOOGLE 34.102.136.180 4685 mailcious
http://www.meo6.com/ecuu/?QXNXP=uphTDjQ0dle&KnbdJ0x8=YvsDOebvdn33iOC+v2Ok61M54opkfPvcWjQzCgbatYYSU9v1OQaSbdzIzzvoqR0JelM+izEt
whois
US AMAZON-02 75.2.18.233 clean
https://onedrive.live.com/download?cid=D020578D515FAC65&resid=D020578D515FAC65%21115&authkey=ALSj_v3qn6Sm-X0
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
https://acgxog.bn.files.1drv.com/y4msQ2m08EEz55CIox4ARzCARZSov_y6dCjL9KyqanqqW24yqFPyPmAgiFkMG2QbocQDtxoJAsMXRLcnBYdf8Vmf7dCAnr4ai6BcsbO0ode1OHkU4-B6Sxcc3qyHm0RZE5d-tYL-NoCSGPbNRA3cyLtIuCoQ-QdtoRv_MGoP5vP5pvjd4CsmpmBh0gXQQ5_PYLHYy5XUPfni0s7poAfWfxe5Q/Skxl
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://acgxog.bn.files.1drv.com/y4m7zPsFxg1v3fwqegpu63QQ7Fqy5_pkQlSDyodYXMkhDfs6Eqn0yvdAB_1nA0Mg0phAL6brhc-_wzn9DLIYxLRo85j16Plvt7WWn6XgOs8UGEv1lOweLvn8i3THvR44IPsolZ9HquJOzHeiCP5Qsolbxd7DhqPopNhWuDz6y0_Izi3L5QEZPtHC3V5xn34TUKOYuGoK6yyPWpMskHmo3fbLg/Skxl
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
acgxog.bn.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.tehridam.com
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
www.keplersark.com
whois
US CONFLUENCE-NETWORK-INC 209.99.64.55 clean
www.tasteofourneighborhood.com
whois
US GOOGLE 34.102.136.180 clean
www.meo6.com
whois
US AMAZON-02 75.2.18.233 clean
www.gyiblrjd.icu
whois
HK Alibaba (US) Technology Co., Ltd. 47.91.170.222 clean
www.blackhillsfarmtn.com
whois
Unknown clean
www.poorwhitetrashlivesmatter.net
whois
US GOOGLE 34.102.136.180 clean
www.donnaquerns.com
whois
Unknown clean
184.168.131.241
whois
US AS-26496-GO-DADDY-COM-LLC 184.168.131.241 mailcious
209.99.64.55
whois
US CONFLUENCE-NETWORK-INC 209.99.64.55 mailcious
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
47.91.170.222
whois
HK Alibaba (US) Technology Co., Ltd. 47.91.170.222 mailcious
75.2.18.233
whois
US AMAZON-02 75.2.18.233 mailcious

Suricata ids

ET INFO DNS Query for Suspicious .icu Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x4ab72c SysFreeString
 0x4ab730 SysReAllocStringLen
 0x4ab734 SysAllocStringLen
advapi32.dll
 0x4ab73c RegQueryValueExA
 0x4ab740 RegOpenKeyExA
 0x4ab744 RegCloseKey
user32.dll
 0x4ab74c GetKeyboardType
 0x4ab750 DestroyWindow
 0x4ab754 LoadStringA
 0x4ab758 MessageBoxA
 0x4ab75c CharNextA
kernel32.dll
 0x4ab764 GetACP
 0x4ab768 Sleep
 0x4ab76c VirtualFree
 0x4ab770 VirtualAlloc
 0x4ab774 GetCurrentThreadId
 0x4ab778 InterlockedDecrement
 0x4ab77c InterlockedIncrement
 0x4ab780 VirtualQuery
 0x4ab784 WideCharToMultiByte
 0x4ab788 MultiByteToWideChar
 0x4ab78c lstrlenA
 0x4ab790 lstrcpynA
 0x4ab794 LoadLibraryExA
 0x4ab798 GetThreadLocale
 0x4ab79c GetStartupInfoA
 0x4ab7a0 GetProcAddress
 0x4ab7a4 GetModuleHandleA
 0x4ab7a8 GetModuleFileNameA
 0x4ab7ac GetLocaleInfoA
 0x4ab7b0 GetCommandLineA
 0x4ab7b4 FreeLibrary
 0x4ab7b8 FindFirstFileA
 0x4ab7bc FindClose
 0x4ab7c0 ExitProcess
 0x4ab7c4 CompareStringA
 0x4ab7c8 WriteFile
 0x4ab7cc UnhandledExceptionFilter
 0x4ab7d0 RtlUnwind
 0x4ab7d4 RaiseException
 0x4ab7d8 GetStdHandle
kernel32.dll
 0x4ab7e0 TlsSetValue
 0x4ab7e4 TlsGetValue
 0x4ab7e8 LocalAlloc
 0x4ab7ec GetModuleHandleA
user32.dll
 0x4ab7f4 CreateWindowExA
 0x4ab7f8 WindowFromPoint
 0x4ab7fc WaitMessage
 0x4ab800 UpdateWindow
 0x4ab804 UnregisterClassA
 0x4ab808 UnhookWindowsHookEx
 0x4ab80c TranslateMessage
 0x4ab810 TranslateMDISysAccel
 0x4ab814 TrackPopupMenu
 0x4ab818 SystemParametersInfoA
 0x4ab81c ShowWindow
 0x4ab820 ShowScrollBar
 0x4ab824 ShowOwnedPopups
 0x4ab828 SetWindowsHookExA
 0x4ab82c SetWindowTextA
 0x4ab830 SetWindowPos
 0x4ab834 SetWindowPlacement
 0x4ab838 SetWindowLongW
 0x4ab83c SetWindowLongA
 0x4ab840 SetTimer
 0x4ab844 SetScrollRange
 0x4ab848 SetScrollPos
 0x4ab84c SetScrollInfo
 0x4ab850 SetRect
 0x4ab854 SetPropA
 0x4ab858 SetParent
 0x4ab85c SetMenuItemInfoA
 0x4ab860 SetMenu
 0x4ab864 SetForegroundWindow
 0x4ab868 SetFocus
 0x4ab86c SetCursor
 0x4ab870 SetClassLongA
 0x4ab874 SetCapture
 0x4ab878 SetActiveWindow
 0x4ab87c SendMessageW
 0x4ab880 SendMessageA
 0x4ab884 ScrollWindow
 0x4ab888 ScreenToClient
 0x4ab88c RemovePropA
 0x4ab890 RemoveMenu
 0x4ab894 ReleaseDC
 0x4ab898 ReleaseCapture
 0x4ab89c RegisterWindowMessageA
 0x4ab8a0 RegisterClipboardFormatA
 0x4ab8a4 RegisterClassA
 0x4ab8a8 RedrawWindow
 0x4ab8ac PtInRect
 0x4ab8b0 PostQuitMessage
 0x4ab8b4 PostMessageA
 0x4ab8b8 PeekMessageW
 0x4ab8bc PeekMessageA
 0x4ab8c0 OffsetRect
 0x4ab8c4 OemToCharA
 0x4ab8c8 MessageBoxA
 0x4ab8cc MapWindowPoints
 0x4ab8d0 MapVirtualKeyA
 0x4ab8d4 LoadStringA
 0x4ab8d8 LoadKeyboardLayoutA
 0x4ab8dc LoadIconA
 0x4ab8e0 LoadCursorA
 0x4ab8e4 LoadBitmapA
 0x4ab8e8 KillTimer
 0x4ab8ec IsZoomed
 0x4ab8f0 IsWindowVisible
 0x4ab8f4 IsWindowUnicode
 0x4ab8f8 IsWindowEnabled
 0x4ab8fc IsWindow
 0x4ab900 IsRectEmpty
 0x4ab904 IsIconic
 0x4ab908 IsDialogMessageW
 0x4ab90c IsDialogMessageA
 0x4ab910 IsChild
 0x4ab914 InvalidateRect
 0x4ab918 IntersectRect
 0x4ab91c InsertMenuItemA
 0x4ab920 InsertMenuA
 0x4ab924 InflateRect
 0x4ab928 GetWindowThreadProcessId
 0x4ab92c GetWindowTextA
 0x4ab930 GetWindowRect
 0x4ab934 GetWindowPlacement
 0x4ab938 GetWindowLongW
 0x4ab93c GetWindowLongA
 0x4ab940 GetWindowDC
 0x4ab944 GetTopWindow
 0x4ab948 GetSystemMetrics
 0x4ab94c GetSystemMenu
 0x4ab950 GetSysColorBrush
 0x4ab954 GetSysColor
 0x4ab958 GetSubMenu
 0x4ab95c GetScrollRange
 0x4ab960 GetScrollPos
 0x4ab964 GetScrollInfo
 0x4ab968 GetPropA
 0x4ab96c GetParent
 0x4ab970 GetWindow
 0x4ab974 GetMessagePos
 0x4ab978 GetMenuStringA
 0x4ab97c GetMenuState
 0x4ab980 GetMenuItemInfoA
 0x4ab984 GetMenuItemID
 0x4ab988 GetMenuItemCount
 0x4ab98c GetMenu
 0x4ab990 GetLastActivePopup
 0x4ab994 GetKeyboardState
 0x4ab998 GetKeyboardLayoutNameA
 0x4ab99c GetKeyboardLayoutList
 0x4ab9a0 GetKeyboardLayout
 0x4ab9a4 GetKeyState
 0x4ab9a8 GetKeyNameTextA
 0x4ab9ac GetIconInfo
 0x4ab9b0 GetForegroundWindow
 0x4ab9b4 GetFocus
 0x4ab9b8 GetDesktopWindow
 0x4ab9bc GetDCEx
 0x4ab9c0 GetDC
 0x4ab9c4 GetCursorPos
 0x4ab9c8 GetCursor
 0x4ab9cc GetClipboardData
 0x4ab9d0 GetClientRect
 0x4ab9d4 GetClassLongA
 0x4ab9d8 GetClassInfoA
 0x4ab9dc GetCapture
 0x4ab9e0 GetActiveWindow
 0x4ab9e4 FrameRect
 0x4ab9e8 FindWindowA
 0x4ab9ec FillRect
 0x4ab9f0 EqualRect
 0x4ab9f4 EnumWindows
 0x4ab9f8 EnumThreadWindows
 0x4ab9fc EnumChildWindows
 0x4aba00 EndPaint
 0x4aba04 EnableWindow
 0x4aba08 EnableScrollBar
 0x4aba0c EnableMenuItem
 0x4aba10 DrawTextA
 0x4aba14 DrawMenuBar
 0x4aba18 DrawIconEx
 0x4aba1c DrawIcon
 0x4aba20 DrawFrameControl
 0x4aba24 DrawEdge
 0x4aba28 DispatchMessageW
 0x4aba2c DispatchMessageA
 0x4aba30 DestroyWindow
 0x4aba34 DestroyMenu
 0x4aba38 DestroyIcon
 0x4aba3c DestroyCursor
 0x4aba40 DeleteMenu
 0x4aba44 DefWindowProcA
 0x4aba48 DefMDIChildProcA
 0x4aba4c DefFrameProcA
 0x4aba50 CreatePopupMenu
 0x4aba54 CreateMenu
 0x4aba58 CreateIcon
 0x4aba5c ClientToScreen
 0x4aba60 CheckMenuItem
 0x4aba64 CallWindowProcA
 0x4aba68 CallNextHookEx
 0x4aba6c BeginPaint
 0x4aba70 CharNextA
 0x4aba74 CharLowerBuffA
 0x4aba78 CharLowerA
 0x4aba7c CharToOemA
 0x4aba80 AdjustWindowRectEx
 0x4aba84 ActivateKeyboardLayout
gdi32.dll
 0x4aba8c UnrealizeObject
 0x4aba90 StretchBlt
 0x4aba94 SetWindowOrgEx
 0x4aba98 SetWinMetaFileBits
 0x4aba9c SetViewportOrgEx
 0x4abaa0 SetTextColor
 0x4abaa4 SetStretchBltMode
 0x4abaa8 SetROP2
 0x4abaac SetPixel
 0x4abab0 SetEnhMetaFileBits
 0x4abab4 SetDIBColorTable
 0x4abab8 SetBrushOrgEx
 0x4ababc SetBkMode
 0x4abac0 SetBkColor
 0x4abac4 SelectPalette
 0x4abac8 SelectObject
 0x4abacc SaveDC
 0x4abad0 RestoreDC
 0x4abad4 RectVisible
 0x4abad8 RealizePalette
 0x4abadc PlayEnhMetaFile
 0x4abae0 PatBlt
 0x4abae4 MoveToEx
 0x4abae8 MaskBlt
 0x4abaec LineTo
 0x4abaf0 IntersectClipRect
 0x4abaf4 GetWindowOrgEx
 0x4abaf8 GetWinMetaFileBits
 0x4abafc GetTextMetricsA
 0x4abb00 GetTextExtentPoint32A
 0x4abb04 GetTextAlign
 0x4abb08 GetSystemPaletteEntries
 0x4abb0c GetStockObject
 0x4abb10 GetRgnBox
 0x4abb14 GetROP2
 0x4abb18 GetPolyFillMode
 0x4abb1c GetPixelFormat
 0x4abb20 GetPixel
 0x4abb24 GetPaletteEntries
 0x4abb28 GetObjectA
 0x4abb2c GetMapMode
 0x4abb30 GetGraphicsMode
 0x4abb34 GetEnhMetaFilePaletteEntries
 0x4abb38 GetEnhMetaFileHeader
 0x4abb3c GetEnhMetaFileBits
 0x4abb40 GetDeviceCaps
 0x4abb44 GetDIBits
 0x4abb48 GetDIBColorTable
 0x4abb4c GetDCOrgEx
 0x4abb50 GetDCPenColor
 0x4abb54 GetDCBrushColor
 0x4abb58 GetCurrentPositionEx
 0x4abb5c GetClipBox
 0x4abb60 GetBrushOrgEx
 0x4abb64 GetBkMode
 0x4abb68 GetBkColor
 0x4abb6c GetBitmapBits
 0x4abb70 GdiFlush
 0x4abb74 ExcludeClipRect
 0x4abb78 DeleteObject
 0x4abb7c DeleteEnhMetaFile
 0x4abb80 DeleteDC
 0x4abb84 CreateSolidBrush
 0x4abb88 CreatePenIndirect
 0x4abb8c CreatePalette
 0x4abb90 CreateHalftonePalette
 0x4abb94 CreateFontIndirectA
 0x4abb98 CreateDIBitmap
 0x4abb9c CreateDIBSection
 0x4abba0 CreateCompatibleDC
 0x4abba4 CreateCompatibleBitmap
 0x4abba8 CreateBrushIndirect
 0x4abbac CreateBitmap
 0x4abbb0 CopyEnhMetaFileA
 0x4abbb4 BitBlt
version.dll
 0x4abbbc VerQueryValueA
 0x4abbc0 GetFileVersionInfoSizeA
 0x4abbc4 GetFileVersionInfoA
kernel32.dll
 0x4abbcc lstrcpyA
 0x4abbd0 lstrcmpiA
 0x4abbd4 WriteFile
 0x4abbd8 WaitForSingleObject
 0x4abbdc VirtualQuery
 0x4abbe0 VirtualProtect
 0x4abbe4 VirtualAlloc
 0x4abbe8 SizeofResource
 0x4abbec SetThreadLocale
 0x4abbf0 SetFilePointer
 0x4abbf4 SetEvent
 0x4abbf8 SetErrorMode
 0x4abbfc SetEndOfFile
 0x4abc00 ResetEvent
 0x4abc04 ReadFile
 0x4abc08 MulDiv
 0x4abc0c LockResource
 0x4abc10 LoadResource
 0x4abc14 LoadLibraryA
 0x4abc18 LeaveCriticalSection
 0x4abc1c InitializeCriticalSection
 0x4abc20 GlobalFindAtomA
 0x4abc24 GlobalDeleteAtom
 0x4abc28 GlobalAddAtomA
 0x4abc2c GetVersionExA
 0x4abc30 GetVersion
 0x4abc34 GetTickCount
 0x4abc38 GetThreadLocale
 0x4abc3c GetStdHandle
 0x4abc40 GetProcAddress
 0x4abc44 GetModuleHandleA
 0x4abc48 GetModuleFileNameA
 0x4abc4c GetLocaleInfoA
 0x4abc50 GetLocalTime
 0x4abc54 GetLastError
 0x4abc58 GetFullPathNameA
 0x4abc5c GetDiskFreeSpaceA
 0x4abc60 GetDateFormatA
 0x4abc64 GetCurrentThreadId
 0x4abc68 GetCurrentProcessId
 0x4abc6c GetCPInfo
 0x4abc70 FreeResource
 0x4abc74 InterlockedExchange
 0x4abc78 FreeLibrary
 0x4abc7c FormatMessageA
 0x4abc80 FindResourceA
 0x4abc84 ExitProcess
 0x4abc88 EnumCalendarInfoA
 0x4abc8c EnterCriticalSection
 0x4abc90 DeleteCriticalSection
 0x4abc94 CreateThread
 0x4abc98 CreateFileA
 0x4abc9c CreateEventA
 0x4abca0 CompareStringA
 0x4abca4 CloseHandle
advapi32.dll
 0x4abcac RegQueryValueExA
 0x4abcb0 RegOpenKeyExA
 0x4abcb4 RegFlushKey
 0x4abcb8 RegCloseKey
kernel32.dll
 0x4abcc0 Sleep
oleaut32.dll
 0x4abcc8 SafeArrayPtrOfIndex
 0x4abccc SafeArrayGetUBound
 0x4abcd0 SafeArrayGetLBound
 0x4abcd4 SafeArrayCreate
 0x4abcd8 VariantChangeType
 0x4abcdc VariantCopy
 0x4abce0 VariantClear
 0x4abce4 VariantInit
comctl32.dll
 0x4abcec _TrackMouseEvent
 0x4abcf0 ImageList_SetIconSize
 0x4abcf4 ImageList_GetIconSize
 0x4abcf8 ImageList_Write
 0x4abcfc ImageList_Read
 0x4abd00 ImageList_DragShowNolock
 0x4abd04 ImageList_DragMove
 0x4abd08 ImageList_DragLeave
 0x4abd0c ImageList_DragEnter
 0x4abd10 ImageList_EndDrag
 0x4abd14 ImageList_BeginDrag
 0x4abd18 ImageList_Remove
 0x4abd1c ImageList_DrawEx
 0x4abd20 ImageList_Draw
 0x4abd24 ImageList_GetBkColor
 0x4abd28 ImageList_SetBkColor
 0x4abd2c ImageList_Add
 0x4abd30 ImageList_GetImageCount
 0x4abd34 ImageList_Destroy
 0x4abd38 ImageList_Create

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure