popup

Report - vbc.exe

UPX Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.07 11:10 Machine s1_win7_x6402
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
9.4
ZERO API file : malware
VT API (file) 21 detected (malicious, high confidence, GenericRXAA, Unsafe, Save, ZelphiF, 6KW@a4TTdIii, Rescoms, Eldorado, GenKryptik, EVCG, Remcos, FileRepMalware, ai score=99, Sabsik, score, BScope, Noon, EQAC)
md5 96bd7548ea9c202bf6add33886f45ddb
sha256 3f127801208a3596f363b8c7eaf33edd21e1f74ac2fca102d927dc784811c8f4
ssdeep 24576:nWv+QwSKgQ0qgQDKqOTLDE4b+JlzNgojDGBav:WmWKgNxLQ4ERNRG0
imphash a75c37244e3bdfe1f2052f7c93d03b4e
impfuzzy 192:ot3MDbuuCDSUvK9EPo1XEAo77wb1G1uTAYPbOQHf:E3mCI9no1usYPbOQ/
  Network IP location

Signature (20cnts)

Level Description
warning File has been identified by 21 AntiVirus engines on VirusTotal as malicious
warning Generates some ICMP traffic
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates executable files on the filesystem
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (8cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (37cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.moyue27.com/rqan/?ATRlddq=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA&DxoTK=VDKTtFOxV2WL8tH
whois
US GOOGLE 34.102.136.180 clean
http://www.haferssippe.quest/rqan/?ATRlddq=nFD+tckPtQIgQGQeciUNqkCJ8CDb8RQ3Hc2bC2BXacngwVvSVsoOUWgxvZcvhlu4kTcNykfE&DxoTK=VDKTtFOxV2WL8tH
whois
GB UK-2 Limited 37.123.118.150 clean
http://www.15dgj.xyz/rqan/?ATRlddq=L/JXrSYEbYVz+Zr+hdnNufTLXvurW4Cign4jUf9qCp/G8GoUAf71AaygvLGg/JPSI1lXLouM&DxoTK=VDKTtFOxV2WL8tH
whois
US CNSERVERS 23.224.235.100 clean
http://www.thelocksmithtradeshow.com/rqan/?ATRlddq=l024+3ZD/MMtYAimPvceCx2mX2pxaBq1zlsxSU83YzhgdyxMZckScAoxySy9Gng2X/4IOs9V&DxoTK=VDKTtFOxV2WL8tH
whois
US GOOGLE 34.102.136.180 clean
http://www.claggs.com/rqan/?ATRlddq=8qJ/WnfN2Dsdt3vQdCIYENwUXvQ2fP0y4NNfqJHjhObiKvv0YjB/Xn2+M1Rdb7LfvORaQTC7&DxoTK=VDKTtFOxV2WL8tH
whois
US GOOGLE 34.102.136.180 clean
http://www.buratacoin.com/rqan/?ATRlddq=Jt/jULqvuHmFHTQHoInL/hgvG9NOCzgC+ifeqw8dEamPSAWqFa2LRIXLynF/lbhL2qE+xTiF&DxoTK=VDKTtFOxV2WL8tH
whois
CA OVH SAS 54.39.107.28 clean
http://www.abasketofwords.com/rqan/?ATRlddq=+S1kQ2PT5fjUCuwrbY1xCKK84VEzmjTIH4aw6YwLG0KBcWdxm+CFKoDK+Dq48ZQ8nc9VjOLV&DxoTK=VDKTtFOxV2WL8tH
whois
JP GMO Internet,Inc 118.27.122.216 clean
http://www.tokofebri.store/rqan/?ATRlddq=bkTXLZuWQMSQcwGJ7R0aOlt20uLYpPHtJJJLiW4usy6BqC1mRs4efAWLwAB/Z2acqV9T3m6J&DxoTK=VDKTtFOxV2WL8tH
whois
US GOOGLE 216.58.220.115 clean
http://www.comercialjyv.com/rqan/?ATRlddq=Rtey7j6o/6NPBerA7EpwrG4H/co8GZ/3Plt045JmCspN4s9ulysKZ35pRYVs1dFdUUjH8mSJ&DxoTK=VDKTtFOxV2WL8tH
whois
US AS-26496-GO-DADDY-COM-LLC 166.62.110.60 clean
http://www.marionkgregory.store/rqan/?ATRlddq=VNXAiSIfyRM8OhL2EWzAO1fi5NRrcw8msq2SrTaCNLqA/2hjQ8/reY1ha2pEjv6UWdZEd9WI&DxoTK=VDKTtFOxV2WL8tH
whois
US CLOUDFLARENET 104.21.88.208 clean
https://5wzqug.am.files.1drv.com/y4mTZZw0eJpvhrmvXl_fo8anex-VNAuRJCgRkrJiCNfKEseve3BiEFE0eVrSult2T8e-jsKcLLJgywa69qFWouFk89DWCXtzQt_ietEzDP5cA6NBC0v5YeBT1NjCuh6NQ1_d9TqoU13RPK4oy5WmF4pXBJK8fbVWmuW-QNz1cF84zYNnJ_wsTCUdwUwDqhVuYLppy7o583rgdrZxaPalaGakA/Vout
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://5wzqug.am.files.1drv.com/y4m6VJMWw0J61zJl2alhe5XVS_0tMm5H1tpXUlMZ-KmfdjLNElLVJVahAIukV4I4W4pwo_Rbp9D91qN0jJu0fvZ0sklmnqovdV8ZXHIlovbK-aiBqeWkmenc-W5xgmvS1o9U_Bf1dUERlx2YbjpXTQx2qX4xLeVpcbuSiwnXqbTfZ8_rwlXMjEXBWEnFCMHQy1h01hEg4bo48fz9HjCTfV7zA/Vout
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://onedrive.live.com/download?cid=4697057C65B5346F&resid=4697057C65B5346F%21536&authkey=AASDOjncAUJWfks
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 clean
www.15dgj.xyz
whois
US CNSERVERS 23.224.235.100 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
5wzqug.am.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
www.haferssippe.quest
whois
GB UK-2 Limited 37.123.118.150 clean
www.claggs.com
whois
US GOOGLE 34.102.136.180 clean
www.cambabez.xyz
whois
Unknown clean
www.tokofebri.store
whois
US GOOGLE 216.58.220.115 clean
www.thelocksmithtradeshow.com
whois
US GOOGLE 34.102.136.180 clean
www.marionkgregory.store
whois
US CLOUDFLARENET 172.67.153.94 clean
www.sergomosta.com
whois
Unknown clean
www.moyue27.com
whois
US GOOGLE 34.102.136.180 clean
www.comercialjyv.com
whois
US AS-26496-GO-DADDY-COM-LLC 166.62.110.60 clean
www.abasketofwords.com
whois
JP GMO Internet,Inc 118.27.122.216 clean
www.buratacoin.com
whois
CA OVH SAS 54.39.107.28 clean
54.39.107.28
whois
CA OVH SAS 54.39.107.28 clean
37.123.118.150
whois
GB UK-2 Limited 37.123.118.150 mailcious
142.250.157.121
whois
US GOOGLE 142.250.157.121 clean
13.107.42.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
104.21.88.208
whois
US CLOUDFLARENET 104.21.88.208 clean
34.102.136.180
whois
US GOOGLE 34.102.136.180 mailcious
118.27.122.216
whois
JP GMO Internet,Inc 118.27.122.216 clean
23.224.235.100
whois
US CNSERVERS 23.224.235.100 clean
166.62.110.60
whois
US AS-26496-GO-DADDY-COM-LLC 166.62.110.60 phishing

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x48381c SysFreeString
 0x483820 SysReAllocStringLen
 0x483824 SysAllocStringLen
advapi32.dll
 0x48382c RegQueryValueExA
 0x483830 RegOpenKeyExA
 0x483834 RegCloseKey
user32.dll
 0x48383c GetKeyboardType
 0x483840 DestroyWindow
 0x483844 LoadStringA
 0x483848 MessageBoxA
 0x48384c CharNextA
kernel32.dll
 0x483854 GetACP
 0x483858 Sleep
 0x48385c VirtualFree
 0x483860 VirtualAlloc
 0x483864 GetTickCount
 0x483868 QueryPerformanceCounter
 0x48386c GetCurrentThreadId
 0x483870 InterlockedDecrement
 0x483874 InterlockedIncrement
 0x483878 VirtualQuery
 0x48387c WideCharToMultiByte
 0x483880 MultiByteToWideChar
 0x483884 lstrlenA
 0x483888 lstrcpynA
 0x48388c LoadLibraryExA
 0x483890 GetThreadLocale
 0x483894 GetStartupInfoA
 0x483898 GetProcAddress
 0x48389c GetModuleHandleA
 0x4838a0 GetModuleFileNameA
 0x4838a4 GetLocaleInfoA
 0x4838a8 GetCommandLineA
 0x4838ac FreeLibrary
 0x4838b0 FindFirstFileA
 0x4838b4 FindClose
 0x4838b8 ExitProcess
 0x4838bc CompareStringA
 0x4838c0 WriteFile
 0x4838c4 UnhandledExceptionFilter
 0x4838c8 RtlUnwind
 0x4838cc RaiseException
 0x4838d0 GetStdHandle
kernel32.dll
 0x4838d8 TlsSetValue
 0x4838dc TlsGetValue
 0x4838e0 LocalAlloc
 0x4838e4 GetModuleHandleA
user32.dll
 0x4838ec CreateWindowExA
 0x4838f0 WindowFromPoint
 0x4838f4 WaitMessage
 0x4838f8 UpdateWindow
 0x4838fc UnregisterClassA
 0x483900 UnhookWindowsHookEx
 0x483904 TranslateMessage
 0x483908 TranslateMDISysAccel
 0x48390c TrackPopupMenu
 0x483910 SystemParametersInfoA
 0x483914 ShowWindow
 0x483918 ShowScrollBar
 0x48391c ShowOwnedPopups
 0x483920 ShowCaret
 0x483924 SetWindowsHookExA
 0x483928 SetWindowTextA
 0x48392c SetWindowPos
 0x483930 SetWindowPlacement
 0x483934 SetWindowLongW
 0x483938 SetWindowLongA
 0x48393c SetTimer
 0x483940 SetScrollRange
 0x483944 SetScrollPos
 0x483948 SetScrollInfo
 0x48394c SetRect
 0x483950 SetPropA
 0x483954 SetParent
 0x483958 SetMenuItemInfoA
 0x48395c SetMenu
 0x483960 SetForegroundWindow
 0x483964 SetFocus
 0x483968 SetCursor
 0x48396c SetClipboardData
 0x483970 SetClassLongA
 0x483974 SetCapture
 0x483978 SetActiveWindow
 0x48397c SendMessageW
 0x483980 SendMessageA
 0x483984 ScrollWindow
 0x483988 ScreenToClient
 0x48398c RemovePropA
 0x483990 RemoveMenu
 0x483994 ReleaseDC
 0x483998 ReleaseCapture
 0x48399c RegisterWindowMessageA
 0x4839a0 RegisterClipboardFormatA
 0x4839a4 RegisterClassA
 0x4839a8 RedrawWindow
 0x4839ac PtInRect
 0x4839b0 PostQuitMessage
 0x4839b4 PostMessageA
 0x4839b8 PeekMessageW
 0x4839bc PeekMessageA
 0x4839c0 OpenClipboard
 0x4839c4 OffsetRect
 0x4839c8 OemToCharA
 0x4839cc NotifyWinEvent
 0x4839d0 MessageBoxA
 0x4839d4 MessageBeep
 0x4839d8 MapWindowPoints
 0x4839dc MapVirtualKeyA
 0x4839e0 LoadStringA
 0x4839e4 LoadKeyboardLayoutA
 0x4839e8 LoadIconA
 0x4839ec LoadCursorA
 0x4839f0 LoadBitmapA
 0x4839f4 KillTimer
 0x4839f8 IsZoomed
 0x4839fc IsWindowVisible
 0x483a00 IsWindowUnicode
 0x483a04 IsWindowEnabled
 0x483a08 IsWindow
 0x483a0c IsRectEmpty
 0x483a10 IsIconic
 0x483a14 IsDialogMessageW
 0x483a18 IsDialogMessageA
 0x483a1c IsChild
 0x483a20 InvalidateRect
 0x483a24 IntersectRect
 0x483a28 InsertMenuItemA
 0x483a2c InsertMenuA
 0x483a30 InflateRect
 0x483a34 HideCaret
 0x483a38 GetWindowThreadProcessId
 0x483a3c GetWindowTextA
 0x483a40 GetWindowRect
 0x483a44 GetWindowPlacement
 0x483a48 GetWindowLongW
 0x483a4c GetWindowLongA
 0x483a50 GetWindowDC
 0x483a54 GetTopWindow
 0x483a58 GetSystemMetrics
 0x483a5c GetSystemMenu
 0x483a60 GetSysColorBrush
 0x483a64 GetSysColor
 0x483a68 GetSubMenu
 0x483a6c GetScrollRange
 0x483a70 GetScrollPos
 0x483a74 GetScrollInfo
 0x483a78 GetPropA
 0x483a7c GetParent
 0x483a80 GetWindow
 0x483a84 GetMessagePos
 0x483a88 GetMenuStringA
 0x483a8c GetMenuState
 0x483a90 GetMenuItemInfoA
 0x483a94 GetMenuItemID
 0x483a98 GetMenuItemCount
 0x483a9c GetMenu
 0x483aa0 GetLastActivePopup
 0x483aa4 GetKeyboardState
 0x483aa8 GetKeyboardLayoutNameA
 0x483aac GetKeyboardLayoutList
 0x483ab0 GetKeyboardLayout
 0x483ab4 GetKeyState
 0x483ab8 GetKeyNameTextA
 0x483abc GetIconInfo
 0x483ac0 GetForegroundWindow
 0x483ac4 GetFocus
 0x483ac8 GetDesktopWindow
 0x483acc GetDCEx
 0x483ad0 GetDC
 0x483ad4 GetCursorPos
 0x483ad8 GetCursor
 0x483adc GetClipboardData
 0x483ae0 GetClientRect
 0x483ae4 GetClassLongA
 0x483ae8 GetClassInfoA
 0x483aec GetCapture
 0x483af0 GetActiveWindow
 0x483af4 FrameRect
 0x483af8 FindWindowA
 0x483afc FillRect
 0x483b00 EqualRect
 0x483b04 EnumWindows
 0x483b08 EnumThreadWindows
 0x483b0c EnumChildWindows
 0x483b10 EndPaint
 0x483b14 EnableWindow
 0x483b18 EnableScrollBar
 0x483b1c EnableMenuItem
 0x483b20 EmptyClipboard
 0x483b24 DrawTextA
 0x483b28 DrawStateA
 0x483b2c DrawMenuBar
 0x483b30 DrawIconEx
 0x483b34 DrawIcon
 0x483b38 DrawFrameControl
 0x483b3c DrawEdge
 0x483b40 DispatchMessageW
 0x483b44 DispatchMessageA
 0x483b48 DestroyWindow
 0x483b4c DestroyMenu
 0x483b50 DestroyIcon
 0x483b54 DestroyCursor
 0x483b58 DeleteMenu
 0x483b5c DefWindowProcA
 0x483b60 DefMDIChildProcA
 0x483b64 DefFrameProcA
 0x483b68 CreatePopupMenu
 0x483b6c CreateMenu
 0x483b70 CreateIcon
 0x483b74 CloseClipboard
 0x483b78 ClientToScreen
 0x483b7c CheckMenuItem
 0x483b80 CallWindowProcA
 0x483b84 CallNextHookEx
 0x483b88 BeginPaint
 0x483b8c CharNextA
 0x483b90 CharLowerBuffA
 0x483b94 CharLowerA
 0x483b98 CharUpperBuffA
 0x483b9c CharToOemA
 0x483ba0 AdjustWindowRectEx
 0x483ba4 ActivateKeyboardLayout
gdi32.dll
 0x483bac UnrealizeObject
 0x483bb0 StretchBlt
 0x483bb4 SetWindowOrgEx
 0x483bb8 SetWinMetaFileBits
 0x483bbc SetViewportOrgEx
 0x483bc0 SetTextColor
 0x483bc4 SetStretchBltMode
 0x483bc8 SetROP2
 0x483bcc SetPixel
 0x483bd0 SetEnhMetaFileBits
 0x483bd4 SetDIBColorTable
 0x483bd8 SetBrushOrgEx
 0x483bdc SetBkMode
 0x483be0 SetBkColor
 0x483be4 SelectPalette
 0x483be8 SelectObject
 0x483bec SaveDC
 0x483bf0 RestoreDC
 0x483bf4 Rectangle
 0x483bf8 RectVisible
 0x483bfc RealizePalette
 0x483c00 Polyline
 0x483c04 Polygon
 0x483c08 PlayEnhMetaFile
 0x483c0c PatBlt
 0x483c10 MoveToEx
 0x483c14 MaskBlt
 0x483c18 LineTo
 0x483c1c IntersectClipRect
 0x483c20 GetWindowOrgEx
 0x483c24 GetWinMetaFileBits
 0x483c28 GetTextMetricsA
 0x483c2c GetTextExtentPointA
 0x483c30 GetTextExtentPoint32A
 0x483c34 GetTextAlign
 0x483c38 GetSystemPaletteEntries
 0x483c3c GetStockObject
 0x483c40 GetRgnBox
 0x483c44 GetROP2
 0x483c48 GetPolyFillMode
 0x483c4c GetPixelFormat
 0x483c50 GetPixel
 0x483c54 GetPaletteEntries
 0x483c58 GetObjectA
 0x483c5c GetMapMode
 0x483c60 GetEnhMetaFilePaletteEntries
 0x483c64 GetEnhMetaFileHeader
 0x483c68 GetEnhMetaFileBits
 0x483c6c GetDeviceCaps
 0x483c70 GetDIBits
 0x483c74 GetDIBColorTable
 0x483c78 GetDCOrgEx
 0x483c7c GetDCPenColor
 0x483c80 GetDCBrushColor
 0x483c84 GetCurrentPositionEx
 0x483c88 GetClipBox
 0x483c8c GetBrushOrgEx
 0x483c90 GetBkColor
 0x483c94 GetBitmapBits
 0x483c98 GdiFlush
 0x483c9c ExcludeClipRect
 0x483ca0 DeleteObject
 0x483ca4 DeleteEnhMetaFile
 0x483ca8 DeleteDC
 0x483cac CreateSolidBrush
 0x483cb0 CreatePenIndirect
 0x483cb4 CreatePalette
 0x483cb8 CreateHalftonePalette
 0x483cbc CreateFontIndirectA
 0x483cc0 CreateDIBitmap
 0x483cc4 CreateDIBSection
 0x483cc8 CreateCompatibleDC
 0x483ccc CreateCompatibleBitmap
 0x483cd0 CreateBrushIndirect
 0x483cd4 CreateBitmap
 0x483cd8 CopyEnhMetaFileA
 0x483cdc BitBlt
version.dll
 0x483ce4 VerQueryValueA
 0x483ce8 GetFileVersionInfoSizeA
 0x483cec GetFileVersionInfoA
kernel32.dll
 0x483cf4 lstrcpyA
 0x483cf8 WriteFile
 0x483cfc WaitForSingleObject
 0x483d00 VirtualQuery
 0x483d04 VirtualProtect
 0x483d08 VirtualAlloc
 0x483d0c SizeofResource
 0x483d10 SetThreadLocale
 0x483d14 SetFilePointer
 0x483d18 SetEvent
 0x483d1c SetErrorMode
 0x483d20 SetEndOfFile
 0x483d24 ResetEvent
 0x483d28 ReadFile
 0x483d2c MultiByteToWideChar
 0x483d30 MulDiv
 0x483d34 LockResource
 0x483d38 LoadResource
 0x483d3c LoadLibraryA
 0x483d40 LeaveCriticalSection
 0x483d44 InitializeCriticalSection
 0x483d48 GlobalUnlock
 0x483d4c GlobalLock
 0x483d50 GlobalFree
 0x483d54 GlobalFindAtomA
 0x483d58 GlobalDeleteAtom
 0x483d5c GlobalAlloc
 0x483d60 GlobalAddAtomA
 0x483d64 GetVersionExA
 0x483d68 GetVersion
 0x483d6c GetTickCount
 0x483d70 GetThreadLocale
 0x483d74 GetStdHandle
 0x483d78 GetProcAddress
 0x483d7c GetModuleHandleA
 0x483d80 GetModuleFileNameA
 0x483d84 GetLocaleInfoA
 0x483d88 GetLocalTime
 0x483d8c GetLastError
 0x483d90 GetFullPathNameA
 0x483d94 GetFileAttributesA
 0x483d98 GetDiskFreeSpaceA
 0x483d9c GetDateFormatA
 0x483da0 GetCurrentThreadId
 0x483da4 GetCurrentProcessId
 0x483da8 GetCPInfo
 0x483dac FreeResource
 0x483db0 InterlockedExchange
 0x483db4 FreeLibrary
 0x483db8 FormatMessageA
 0x483dbc FindResourceA
 0x483dc0 EnumCalendarInfoA
 0x483dc4 EnterCriticalSection
 0x483dc8 DeleteFileA
 0x483dcc DeleteCriticalSection
 0x483dd0 CreateThread
 0x483dd4 CreateFileA
 0x483dd8 CreateEventA
 0x483ddc CompareStringA
 0x483de0 CloseHandle
advapi32.dll
 0x483de8 RegQueryValueExA
 0x483dec RegOpenKeyExA
 0x483df0 RegFlushKey
 0x483df4 RegCloseKey
oleaut32.dll
 0x483dfc GetErrorInfo
 0x483e00 VariantInit
 0x483e04 SysFreeString
ole32.dll
 0x483e0c CoUninitialize
 0x483e10 CoInitialize
kernel32.dll
 0x483e18 Sleep
oleaut32.dll
 0x483e20 SafeArrayPtrOfIndex
 0x483e24 SafeArrayGetUBound
 0x483e28 SafeArrayGetLBound
 0x483e2c SafeArrayCreate
 0x483e30 VariantChangeType
 0x483e34 VariantCopyInd
 0x483e38 VariantCopy
 0x483e3c VariantClear
 0x483e40 VariantInit
comctl32.dll
 0x483e48 _TrackMouseEvent
 0x483e4c ImageList_SetIconSize
 0x483e50 ImageList_GetIconSize
 0x483e54 ImageList_Write
 0x483e58 ImageList_Read
 0x483e5c ImageList_GetDragImage
 0x483e60 ImageList_DragShowNolock
 0x483e64 ImageList_DragMove
 0x483e68 ImageList_DragLeave
 0x483e6c ImageList_DragEnter
 0x483e70 ImageList_EndDrag
 0x483e74 ImageList_BeginDrag
 0x483e78 ImageList_Remove
 0x483e7c ImageList_DrawEx
 0x483e80 ImageList_Replace
 0x483e84 ImageList_Draw
 0x483e88 ImageList_GetBkColor
 0x483e8c ImageList_SetBkColor
 0x483e90 ImageList_Add
 0x483e94 ImageList_GetImageCount
 0x483e98 ImageList_Destroy
 0x483e9c ImageList_Create
oleacc.dll
 0x483ea4 LresultFromObject
winmm.dll
 0x483eac sndPlaySoundA
URL
 0x483eb4 InetIsOffline

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure