Report - rqvufRfLLN.dll

Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Malicious Library UPX PE File OS Processor Check PE32 DLL
ScreenShot
Created 2021.10.25 17:28 Machine s1_win7_x6403
Filename rqvufRfLLN.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
6
Behavior Score
2.4
ZERO API file : clean
VT API (file) 30 detected (Malicious, high confidence, GenericKD, Unsafe, Save, confidence, Attribute, HighConfidence, Mekotio, Zusy, FileRepMalware, score, Artemis, ai score=88, Generic@ML, RDML, 6kPpXUz8E, BPa2yXguHX9g, Static AI, Malicious PE, susgen)
md5 419e0fb814d614d491fe487ef29ea77e
sha256 2f8b16754738ee4c6bbc63da55e8162f75906b62991081b81e8ca24552123025
ssdeep 49152:vJrYmVXt58SfHI5OcBFiZ5Gnvkd6SKKYCwNGFSHnsHSsd3SfFEBrVX9S2THTQIHk:vJVh4s5Gcd6zK3wNNQSsd3SsrVX
imphash 5635b0933774ada04c0cb469937a7e29
impfuzzy 192:YcLqZZKsrxc6ywIIuGUoctj6PoQLO7JDjvhxTDUcFFrhD8qaCwhhQy6:YcGKj6y5B6PoQLOxvhxTDD31AqaCwYy6
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (9cnts)

Level Name Description Collection
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

winmm.dll
 0x8b1ba4 PlaySoundW
wininet.dll
 0x8b1bac FindFirstUrlCacheEntryW
 0x8b1bb0 FindNextUrlCacheEntryW
 0x8b1bb4 InternetCloseHandle
 0x8b1bb8 InternetReadFile
 0x8b1bbc FindCloseUrlCache
 0x8b1bc0 InternetOpenW
 0x8b1bc4 InternetOpenUrlW
 0x8b1bc8 DeleteUrlCacheEntryW
winspool.drv
 0x8b1bd0 DocumentPropertiesW
 0x8b1bd4 ClosePrinter
 0x8b1bd8 OpenPrinterW
 0x8b1bdc GetDefaultPrinterW
 0x8b1be0 EnumPrintersW
comctl32.dll
 0x8b1be8 ImageList_GetImageInfo
 0x8b1bec FlatSB_SetScrollInfo
 0x8b1bf0 InitCommonControls
 0x8b1bf4 ImageList_DragMove
 0x8b1bf8 ImageList_Destroy
 0x8b1bfc _TrackMouseEvent
 0x8b1c00 ImageList_DragShowNolock
 0x8b1c04 ImageList_Add
 0x8b1c08 FlatSB_SetScrollProp
 0x8b1c0c ImageList_GetDragImage
 0x8b1c10 ImageList_Create
 0x8b1c14 ImageList_EndDrag
 0x8b1c18 ImageList_DrawEx
 0x8b1c1c ImageList_SetImageCount
 0x8b1c20 FlatSB_GetScrollPos
 0x8b1c24 FlatSB_SetScrollPos
 0x8b1c28 InitializeFlatSB
 0x8b1c2c ImageList_Copy
 0x8b1c30 FlatSB_GetScrollInfo
 0x8b1c34 ImageList_Write
 0x8b1c38 ImageList_SetBkColor
 0x8b1c3c ImageList_GetBkColor
 0x8b1c40 ImageList_BeginDrag
 0x8b1c44 ImageList_GetIcon
 0x8b1c48 ImageList_Replace
 0x8b1c4c ImageList_GetImageCount
 0x8b1c50 ImageList_DragEnter
 0x8b1c54 ImageList_GetIconSize
 0x8b1c58 ImageList_SetIconSize
 0x8b1c5c ImageList_Read
 0x8b1c60 ImageList_DragLeave
 0x8b1c64 ImageList_LoadImageW
 0x8b1c68 ImageList_Draw
 0x8b1c6c ImageList_Remove
 0x8b1c70 ImageList_ReplaceIcon
 0x8b1c74 ImageList_SetOverlayImage
shell32.dll
 0x8b1c7c SHGetSpecialFolderLocation
 0x8b1c80 Shell_NotifyIconW
 0x8b1c84 SHGetSpecialFolderPathW
 0x8b1c88 ShellExecuteW
 0x8b1c8c SHGetPathFromIDListW
user32.dll
 0x8b1c94 DdeSetUserHandle
 0x8b1c98 MoveWindow
 0x8b1c9c CopyImage
 0x8b1ca0 SetMenuItemInfoW
 0x8b1ca4 GetMenuItemInfoW
 0x8b1ca8 DefFrameProcW
 0x8b1cac GetDlgCtrlID
 0x8b1cb0 FrameRect
 0x8b1cb4 RegisterWindowMessageW
 0x8b1cb8 GetMenuStringW
 0x8b1cbc FillRect
 0x8b1cc0 DdeCmpStringHandles
 0x8b1cc4 SendMessageA
 0x8b1cc8 IsClipboardFormatAvailable
 0x8b1ccc EnumWindows
 0x8b1cd0 ShowOwnedPopups
 0x8b1cd4 GetClassInfoW
 0x8b1cd8 GetScrollRange
 0x8b1cdc SetActiveWindow
 0x8b1ce0 GetActiveWindow
 0x8b1ce4 DrawEdge
 0x8b1ce8 GetKeyboardLayoutList
 0x8b1cec LoadBitmapW
 0x8b1cf0 EnumChildWindows
 0x8b1cf4 GetScrollBarInfo
 0x8b1cf8 UnhookWindowsHookEx
 0x8b1cfc SetCapture
 0x8b1d00 GetCapture
 0x8b1d04 ShowCaret
 0x8b1d08 CreatePopupMenu
 0x8b1d0c GetMenuItemID
 0x8b1d10 CharLowerBuffW
 0x8b1d14 PostMessageW
 0x8b1d18 SetWindowLongW
 0x8b1d1c IsZoomed
 0x8b1d20 SetParent
 0x8b1d24 DrawMenuBar
 0x8b1d28 SetSystemCursor
 0x8b1d2c GetClientRect
 0x8b1d30 IsChild
 0x8b1d34 IsIconic
 0x8b1d38 CallNextHookEx
 0x8b1d3c DdeDisconnect
 0x8b1d40 ShowWindow
 0x8b1d44 GetWindowTextW
 0x8b1d48 SetForegroundWindow
 0x8b1d4c GetAsyncKeyState
 0x8b1d50 IsDialogMessageW
 0x8b1d54 DestroyWindow
 0x8b1d58 RegisterClassW
 0x8b1d5c EndMenu
 0x8b1d60 CharNextW
 0x8b1d64 GetFocus
 0x8b1d68 GetDC
 0x8b1d6c SetFocus
 0x8b1d70 ReleaseDC
 0x8b1d74 mouse_event
 0x8b1d78 ExitWindowsEx
 0x8b1d7c GetClassLongW
 0x8b1d80 SetScrollRange
 0x8b1d84 DrawTextW
 0x8b1d88 PeekMessageA
 0x8b1d8c MessageBeep
 0x8b1d90 SetClassLongW
 0x8b1d94 RemovePropW
 0x8b1d98 GetSubMenu
 0x8b1d9c DestroyIcon
 0x8b1da0 IsWindowVisible
 0x8b1da4 DispatchMessageA
 0x8b1da8 UnregisterClassW
 0x8b1dac GetTopWindow
 0x8b1db0 SendMessageW
 0x8b1db4 GetMessageTime
 0x8b1db8 DdeNameService
 0x8b1dbc DdeAccessData
 0x8b1dc0 LoadStringW
 0x8b1dc4 CreateMenu
 0x8b1dc8 CharLowerW
 0x8b1dcc SetWindowRgn
 0x8b1dd0 SetWindowPos
 0x8b1dd4 GetMenuItemCount
 0x8b1dd8 GetSysColorBrush
 0x8b1ddc GetWindowDC
 0x8b1de0 DdeQueryConvInfo
 0x8b1de4 DrawTextExW
 0x8b1de8 EnumClipboardFormats
 0x8b1dec GetScrollInfo
 0x8b1df0 SetWindowTextW
 0x8b1df4 GetMessageExtraInfo
 0x8b1df8 GetSysColor
 0x8b1dfc EnableScrollBar
 0x8b1e00 TrackPopupMenu
 0x8b1e04 DrawIconEx
 0x8b1e08 DdePostAdvise
 0x8b1e0c GetClassNameW
 0x8b1e10 DdeCreateDataHandle
 0x8b1e14 GetMessagePos
 0x8b1e18 GetIconInfo
 0x8b1e1c SetScrollInfo
 0x8b1e20 GetKeyNameTextW
 0x8b1e24 GetDesktopWindow
 0x8b1e28 SetCursorPos
 0x8b1e2c GetCursorPos
 0x8b1e30 SetMenu
 0x8b1e34 GetMenuState
 0x8b1e38 GetMenu
 0x8b1e3c SetRect
 0x8b1e40 GetKeyState
 0x8b1e44 GetCursor
 0x8b1e48 KillTimer
 0x8b1e4c WaitMessage
 0x8b1e50 TranslateMDISysAccel
 0x8b1e54 GetWindowPlacement
 0x8b1e58 CreateWindowExW
 0x8b1e5c GetMessageW
 0x8b1e60 GetDCEx
 0x8b1e64 PeekMessageW
 0x8b1e68 MonitorFromWindow
 0x8b1e6c SetTimer
 0x8b1e70 WindowFromPoint
 0x8b1e74 BeginPaint
 0x8b1e78 RegisterClipboardFormatW
 0x8b1e7c DdeUnaccessData
 0x8b1e80 MapVirtualKeyW
 0x8b1e84 IsWindowUnicode
 0x8b1e88 DispatchMessageW
 0x8b1e8c CreateAcceleratorTableW
 0x8b1e90 DefMDIChildProcW
 0x8b1e94 GetSystemMenu
 0x8b1e98 SetScrollPos
 0x8b1e9c GetScrollPos
 0x8b1ea0 DdeClientTransaction
 0x8b1ea4 DrawFocusRect
 0x8b1ea8 SendInput
 0x8b1eac ReleaseCapture
 0x8b1eb0 LoadCursorW
 0x8b1eb4 DdeConnect
 0x8b1eb8 ScrollWindow
 0x8b1ebc GetLastActivePopup
 0x8b1ec0 DdeUninitialize
 0x8b1ec4 GetSystemMetrics
 0x8b1ec8 CharUpperBuffW
 0x8b1ecc SetClipboardData
 0x8b1ed0 GetClipboardData
 0x8b1ed4 ClientToScreen
 0x8b1ed8 SetWindowPlacement
 0x8b1edc DdeFreeStringHandle
 0x8b1ee0 GetMonitorInfoW
 0x8b1ee4 CheckMenuItem
 0x8b1ee8 CharUpperW
 0x8b1eec DefWindowProcW
 0x8b1ef0 GetForegroundWindow
 0x8b1ef4 EnableWindow
 0x8b1ef8 GetWindowThreadProcessId
 0x8b1efc RedrawWindow
 0x8b1f00 EndPaint
 0x8b1f04 MsgWaitForMultipleObjectsEx
 0x8b1f08 LoadKeyboardLayoutW
 0x8b1f0c ActivateKeyboardLayout
 0x8b1f10 GetParent
 0x8b1f14 MonitorFromRect
 0x8b1f18 InsertMenuItemW
 0x8b1f1c DdeQueryStringA
 0x8b1f20 GetPropW
 0x8b1f24 MessageBoxW
 0x8b1f28 SetPropW
 0x8b1f2c UpdateWindow
 0x8b1f30 MsgWaitForMultipleObjects
 0x8b1f34 VkKeyScanW
 0x8b1f38 DestroyMenu
 0x8b1f3c SetWindowsHookExW
 0x8b1f40 EmptyClipboard
 0x8b1f44 AdjustWindowRectEx
 0x8b1f48 IsWindow
 0x8b1f4c DrawIcon
 0x8b1f50 EnumThreadWindows
 0x8b1f54 InvalidateRect
 0x8b1f58 GetKeyboardState
 0x8b1f5c ScreenToClient
 0x8b1f60 DrawFrameControl
 0x8b1f64 DdeFreeDataHandle
 0x8b1f68 SetCursor
 0x8b1f6c CreateIcon
 0x8b1f70 DdeInitializeA
 0x8b1f74 RemoveMenu
 0x8b1f78 DdeCreateStringHandleA
 0x8b1f7c GetKeyboardLayoutNameW
 0x8b1f80 OpenClipboard
 0x8b1f84 TranslateMessage
 0x8b1f88 MapWindowPoints
 0x8b1f8c EnumDisplayMonitors
 0x8b1f90 CountClipboardFormats
 0x8b1f94 CallWindowProcW
 0x8b1f98 CloseClipboard
 0x8b1f9c DestroyCursor
 0x8b1fa0 PostMessageA
 0x8b1fa4 CopyIcon
 0x8b1fa8 PostQuitMessage
 0x8b1fac DdeGetLastError
 0x8b1fb0 ShowScrollBar
 0x8b1fb4 EnableMenuItem
 0x8b1fb8 HideCaret
 0x8b1fbc FindWindowExW
 0x8b1fc0 MonitorFromPoint
 0x8b1fc4 LoadIconW
 0x8b1fc8 SystemParametersInfoW
 0x8b1fcc GetWindow
 0x8b1fd0 GetWindowRect
 0x8b1fd4 GetWindowLongW
 0x8b1fd8 InsertMenuW
 0x8b1fdc IsWindowEnabled
 0x8b1fe0 IsDialogMessageA
 0x8b1fe4 FindWindowW
 0x8b1fe8 GetKeyboardLayout
 0x8b1fec DeleteMenu
version.dll
 0x8b1ff4 GetFileVersionInfoSizeW
 0x8b1ff8 VerQueryValueW
 0x8b1ffc GetFileVersionInfoW
oleaut32.dll
 0x8b2004 GetErrorInfo
 0x8b2008 SysFreeString
 0x8b200c VariantClear
 0x8b2010 VariantInit
 0x8b2014 SysReAllocStringLen
 0x8b2018 SafeArrayCreate
 0x8b201c SafeArrayGetElement
 0x8b2020 GetActiveObject
 0x8b2024 SysAllocStringLen
 0x8b2028 SafeArrayPtrOfIndex
 0x8b202c SafeArrayGetUBound
 0x8b2030 SafeArrayGetLBound
 0x8b2034 VariantCopy
 0x8b2038 VariantChangeType
advapi32.dll
 0x8b2040 RegSetValueExW
 0x8b2044 RegConnectRegistryW
 0x8b2048 GetUserNameW
 0x8b204c RegQueryInfoKeyW
 0x8b2050 CryptGenRandom
 0x8b2054 RegUnLoadKeyW
 0x8b2058 IsValidAcl
 0x8b205c CryptReleaseContext
 0x8b2060 RegSaveKeyW
 0x8b2064 RegReplaceKeyW
 0x8b2068 RegCreateKeyExW
 0x8b206c CryptAcquireContextW
 0x8b2070 InitializeAcl
 0x8b2074 RegLoadKeyW
 0x8b2078 RegEnumKeyExW
 0x8b207c AdjustTokenPrivileges
 0x8b2080 RegDeleteKeyW
 0x8b2084 SetSecurityInfo
 0x8b2088 LookupPrivilegeValueW
 0x8b208c RegOpenKeyExW
 0x8b2090 OpenProcessToken
 0x8b2094 RegDeleteValueW
 0x8b2098 RegFlushKey
 0x8b209c RegEnumValueW
 0x8b20a0 RegQueryValueExW
 0x8b20a4 RegCloseKey
 0x8b20a8 RegRestoreKeyW
netapi32.dll
 0x8b20b0 NetWkstaGetInfo
 0x8b20b4 NetApiBufferFree
msvcrt.dll
 0x8b20bc memcpy
 0x8b20c0 memset
winhttp.dll
 0x8b20c8 WinHttpGetIEProxyConfigForCurrentUser
 0x8b20cc WinHttpSetTimeouts
 0x8b20d0 WinHttpSetStatusCallback
 0x8b20d4 WinHttpConnect
 0x8b20d8 WinHttpReceiveResponse
 0x8b20dc WinHttpQueryAuthSchemes
 0x8b20e0 WinHttpGetProxyForUrl
 0x8b20e4 WinHttpReadData
 0x8b20e8 WinHttpCloseHandle
 0x8b20ec WinHttpQueryHeaders
 0x8b20f0 WinHttpOpenRequest
 0x8b20f4 WinHttpAddRequestHeaders
 0x8b20f8 WinHttpOpen
 0x8b20fc WinHttpWriteData
 0x8b2100 WinHttpSetCredentials
 0x8b2104 WinHttpQueryDataAvailable
 0x8b2108 WinHttpSetOption
 0x8b210c WinHttpSendRequest
 0x8b2110 WinHttpQueryOption
kernel32.dll
 0x8b2118 SetFileAttributesW
 0x8b211c GetFileType
 0x8b2120 SetFileTime
 0x8b2124 QueryDosDeviceW
 0x8b2128 GetACP
 0x8b212c CloseHandle
 0x8b2130 LocalFree
 0x8b2134 GetCurrentProcessId
 0x8b2138 SizeofResource
 0x8b213c VirtualProtect
 0x8b2140 TlsAlloc
 0x8b2144 TerminateThread
 0x8b2148 QueryPerformanceFrequency
 0x8b214c SetProcessWorkingSetSize
 0x8b2150 IsDebuggerPresent
 0x8b2154 FindNextFileW
 0x8b2158 GetFullPathNameW
 0x8b215c VirtualFree
 0x8b2160 HeapAlloc
 0x8b2164 ExitProcess
 0x8b2168 GetCPInfoExW
 0x8b216c GlobalSize
 0x8b2170 RtlUnwind
 0x8b2174 GetCPInfo
 0x8b2178 EnumSystemLocalesW
 0x8b217c GetStdHandle
 0x8b2180 GetTimeZoneInformation
 0x8b2184 FileTimeToLocalFileTime
 0x8b2188 SystemTimeToTzSpecificLocalTime
 0x8b218c GetModuleHandleW
 0x8b2190 FreeLibrary
 0x8b2194 TryEnterCriticalSection
 0x8b2198 HeapDestroy
 0x8b219c FileTimeToDosDateTime
 0x8b21a0 ReadFile
 0x8b21a4 GetUserDefaultLCID
 0x8b21a8 CreateProcessW
 0x8b21ac HeapSize
 0x8b21b0 GetLastError
 0x8b21b4 GetModuleFileNameW
 0x8b21b8 SetLastError
 0x8b21bc GlobalAlloc
 0x8b21c0 GlobalUnlock
 0x8b21c4 FindResourceW
 0x8b21c8 CreateThread
 0x8b21cc CompareStringW
 0x8b21d0 CopyFileW
 0x8b21d4 MapViewOfFile
 0x8b21d8 CreateMutexW
 0x8b21dc LoadLibraryA
 0x8b21e0 GetVolumeInformationW
 0x8b21e4 ResetEvent
 0x8b21e8 MulDiv
 0x8b21ec FreeResource
 0x8b21f0 GetDriveTypeW
 0x8b21f4 GetVersion
 0x8b21f8 RaiseException
 0x8b21fc GlobalAddAtomW
 0x8b2200 FormatMessageW
 0x8b2204 OpenProcess
 0x8b2208 SwitchToThread
 0x8b220c GetExitCodeThread
 0x8b2210 OutputDebugStringW
 0x8b2214 GetCurrentThread
 0x8b2218 GetLogicalDrives
 0x8b221c GetFileAttributesExW
 0x8b2220 LoadLibraryExW
 0x8b2224 TerminateProcess
 0x8b2228 LockResource
 0x8b222c FileTimeToSystemTime
 0x8b2230 GetCurrentThreadId
 0x8b2234 UnhandledExceptionFilter
 0x8b2238 GlobalFindAtomW
 0x8b223c VirtualQuery
 0x8b2240 GlobalFree
 0x8b2244 VirtualQueryEx
 0x8b2248 Sleep
 0x8b224c EnterCriticalSection
 0x8b2250 SetFilePointer
 0x8b2254 ReleaseMutex
 0x8b2258 LoadResource
 0x8b225c SuspendThread
 0x8b2260 GetTickCount
 0x8b2264 GetFileSize
 0x8b2268 GlobalDeleteAtom
 0x8b226c GetStartupInfoW
 0x8b2270 GetFileAttributesW
 0x8b2274 InitializeCriticalSection
 0x8b2278 GetThreadPriority
 0x8b227c GetCurrentProcess
 0x8b2280 GlobalLock
 0x8b2284 SetThreadPriority
 0x8b2288 VirtualAlloc
 0x8b228c GetTempPathW
 0x8b2290 GetCommandLineW
 0x8b2294 GetSystemInfo
 0x8b2298 LeaveCriticalSection
 0x8b229c GetProcAddress
 0x8b22a0 ResumeThread
 0x8b22a4 GetLogicalDriveStringsW
 0x8b22a8 WinExec
 0x8b22ac GetVersionExW
 0x8b22b0 VerifyVersionInfoW
 0x8b22b4 HeapCreate
 0x8b22b8 LCMapStringW
 0x8b22bc GetDiskFreeSpaceW
 0x8b22c0 VerSetConditionMask
 0x8b22c4 FindFirstFileW
 0x8b22c8 GetUserDefaultUILanguage
 0x8b22cc TlsFree
 0x8b22d0 GetConsoleOutputCP
 0x8b22d4 UnmapViewOfFile
 0x8b22d8 GetConsoleCP
 0x8b22dc GetModuleHandleExA
 0x8b22e0 lstrlenW
 0x8b22e4 SetEndOfFile
 0x8b22e8 QueryPerformanceCounter
 0x8b22ec HeapFree
 0x8b22f0 WideCharToMultiByte
 0x8b22f4 FindClose
 0x8b22f8 MultiByteToWideChar
 0x8b22fc LoadLibraryW
 0x8b2300 SetEvent
 0x8b2304 GetLocaleInfoW
 0x8b2308 CreateFileW
 0x8b230c SystemTimeToFileTime
 0x8b2310 EnumResourceNamesW
 0x8b2314 DeleteFileW
 0x8b2318 IsDBCSLeadByteEx
 0x8b231c GetEnvironmentVariableW
 0x8b2320 GetLocalTime
 0x8b2324 WaitForSingleObject
 0x8b2328 WriteFile
 0x8b232c CreateFileMappingW
 0x8b2330 ExitThread
 0x8b2334 DeleteCriticalSection
 0x8b2338 GetDateFormatW
 0x8b233c TlsGetValue
 0x8b2340 SetErrorMode
 0x8b2344 GetComputerNameW
 0x8b2348 TzSpecificLocalTimeToSystemTime
 0x8b234c IsValidLocale
 0x8b2350 TlsSetValue
 0x8b2354 CreateDirectoryW
 0x8b2358 GetSystemDefaultUILanguage
 0x8b235c EnumCalendarInfoW
 0x8b2360 LocalAlloc
 0x8b2364 RemoveDirectoryW
 0x8b2368 CreateEventW
 0x8b236c WaitForMultipleObjectsEx
 0x8b2370 GetThreadLocale
 0x8b2374 SetThreadLocale
crypt32.dll
 0x8b237c CryptUnprotectData
wsock32.dll
 0x8b2384 gethostbyaddr
 0x8b2388 WSACleanup
 0x8b238c gethostbyname
 0x8b2390 ind
 0x8b2394 gethostname
 0x8b2398 closesocket
 0x8b239c WSAGetLastError
 0x8b23a0 connect
 0x8b23a4 inet_addr
 0x8b23a8 getpeername
 0x8b23ac WSAAsyncSelect
 0x8b23b0 WSAAsyncGetServByName
 0x8b23b4 WSACancelAsyncRequest
 0x8b23b8 send
 0x8b23bc ntohs
 0x8b23c0 htons
 0x8b23c4 WSAStartup
 0x8b23c8 getservbyname
 0x8b23cc getsockname
 0x8b23d0 listen
 0x8b23d4 socket
 0x8b23d8 recv
 0x8b23dc inet_ntoa
 0x8b23e0 ioctlsocket
 0x8b23e4 WSAAsyncGetHostByName
ole32.dll
 0x8b23ec OleRegEnumVerbs
 0x8b23f0 IsAccelerator
 0x8b23f4 CreateBindCtx
 0x8b23f8 MkParseDisplayName
 0x8b23fc CoCreateInstance
 0x8b2400 CoUninitialize
 0x8b2404 IsEqualGUID
 0x8b2408 ProgIDFromCLSID
 0x8b240c CreateStreamOnHGlobal
 0x8b2410 OleInitialize
 0x8b2414 CLSIDFromProgID
 0x8b2418 OleUninitialize
 0x8b241c CoGetClassObject
 0x8b2420 CoInitialize
 0x8b2424 CoTaskMemFree
 0x8b2428 OleDraw
 0x8b242c CoTaskMemAlloc
 0x8b2430 StringFromCLSID
 0x8b2434 OleSetMenuDescriptor
gdi32.dll
 0x8b243c Pie
 0x8b2440 SetBkMode
 0x8b2444 CreateCompatibleBitmap
 0x8b2448 GetEnhMetaFileHeader
 0x8b244c CloseEnhMetaFile
 0x8b2450 RectVisible
 0x8b2454 AngleArc
 0x8b2458 ResizePalette
 0x8b245c SetAbortProc
 0x8b2460 SetTextColor
 0x8b2464 StretchBlt
 0x8b2468 RoundRect
 0x8b246c RestoreDC
 0x8b2470 SetRectRgn
 0x8b2474 GetTextMetricsW
 0x8b2478 GetWindowOrgEx
 0x8b247c CreatePalette
 0x8b2480 PolyBezierTo
 0x8b2484 CreateICW
 0x8b2488 CreateDCW
 0x8b248c GetStockObject
 0x8b2490 CreateSolidBrush
 0x8b2494 Polygon
 0x8b2498 MoveToEx
 0x8b249c PlayEnhMetaFile
 0x8b24a0 Ellipse
 0x8b24a4 StartPage
 0x8b24a8 GetBitmapBits
 0x8b24ac StartDocW
 0x8b24b0 AbortDoc
 0x8b24b4 GetSystemPaletteEntries
 0x8b24b8 GetEnhMetaFileBits
 0x8b24bc GetEnhMetaFilePaletteEntries
 0x8b24c0 CreatePenIndirect
 0x8b24c4 SetMapMode
 0x8b24c8 CreateFontIndirectW
 0x8b24cc PolyBezier
 0x8b24d0 LPtoDP
 0x8b24d4 EndDoc
 0x8b24d8 GetObjectW
 0x8b24dc GetWinMetaFileBits
 0x8b24e0 SetROP2
 0x8b24e4 GetEnhMetaFileDescriptionW
 0x8b24e8 ArcTo
 0x8b24ec CreateEnhMetaFileW
 0x8b24f0 Arc
 0x8b24f4 SelectPalette
 0x8b24f8 ExcludeClipRect
 0x8b24fc MaskBlt
 0x8b2500 SetWindowOrgEx
 0x8b2504 EndPage
 0x8b2508 DeleteEnhMetaFile
 0x8b250c Chord
 0x8b2510 SetDIBits
 0x8b2514 SetViewportOrgEx
 0x8b2518 CreateRectRgn
 0x8b251c RealizePalette
 0x8b2520 SetDIBColorTable
 0x8b2524 GetDIBColorTable
 0x8b2528 CreateBrushIndirect
 0x8b252c PatBlt
 0x8b2530 SetEnhMetaFileBits
 0x8b2534 CreateEllipticRgn
 0x8b2538 Rectangle
 0x8b253c SaveDC
 0x8b2540 DeleteDC
 0x8b2544 BitBlt
 0x8b2548 FrameRgn
 0x8b254c GetDeviceCaps
 0x8b2550 GetTextExtentPoint32W
 0x8b2554 GetClipBox
 0x8b2558 IntersectClipRect
 0x8b255c Polyline
 0x8b2560 CreateBitmap
 0x8b2564 CombineRgn
 0x8b2568 SetWinMetaFileBits
 0x8b256c GetStretchBltMode
 0x8b2570 CreateDIBitmap
 0x8b2574 SetStretchBltMode
 0x8b2578 GetDIBits
 0x8b257c CreateDIBSection
 0x8b2580 LineTo
 0x8b2584 GetRgnBox
 0x8b2588 EnumFontsW
 0x8b258c CreateHalftonePalette
 0x8b2590 SelectObject
 0x8b2594 DeleteObject
 0x8b2598 ExtFloodFill
 0x8b259c UnrealizeObject
 0x8b25a0 CopyEnhMetaFileW
 0x8b25a4 SetBkColor
 0x8b25a8 CreateCompatibleDC
 0x8b25ac GetBrushOrgEx
 0x8b25b0 GetCurrentPositionEx
 0x8b25b4 GetNearestPaletteIndex
 0x8b25b8 GetTextExtentPointW
 0x8b25bc ExtTextOutW
 0x8b25c0 SetBrushOrgEx
 0x8b25c4 GetPixel
 0x8b25c8 GdiFlush
 0x8b25cc SetPixel
 0x8b25d0 EnumFontFamiliesExW
 0x8b25d4 StretchDIBits
 0x8b25d8 GetPaletteEntries

EAT(Export Address Table) Library

0x46d4b0 TMethodImplementationIntercept
0x412f50 __dbk_fcall_wrapper
0x8aa640 dbkFCallWrapperAddr
0x881750 yQ0BvR5F0Qn58wVmjt0qsx2


Similarity measure (PE file only) - Checking for service failure