Report - compan.exe

RAT Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM
ScreenShot
Created 2023.05.19 18:06 Machine s1_win7_x6403
Filename compan.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
4
Behavior Score
18.2
ZERO API file : malware
VT API (file) 42 detected (GenericKD, unsafe, V543, malicious, ABRisk, GBQF, Attribute, HighConfidence, moderate confidence, multiple detections, score, dxgz, FileRepMalware, Kcnw, AGEN, PRIVATELOADER, YXDESZ, GenKD, Detected, Artemis, ai score=85, NetWiredRC, AutoIt, CLASSIC, Obfuscated, confidence, 100%)
md5 55e23e1fe5c4051b85cc6aa7c1399ac8
sha256 cbf7a8e7775c9f7341819ffc7d2a2c2519bd87cd1884a527b249a60995f1fb5b
ssdeep 24576:5mJZW2wSdIHuiCyhuGaD0y13DrmmfVpd+c2ZAa7ZRaH1F+g4:5mJZW2FIOiCIuGaD0yh/zvd+c2ZAafa7
imphash fcc64241b6c54450be7b9c57ec0906c2
impfuzzy 192:SQtZJ57pYZI3OtZLx9JGOi8UCboIrwMSBUUhbbNQv:SGZJ5pYZIiXA14rwMObbNQv
  Network IP location

Signature (41cnts)

Level Description
danger File has been identified by 42 AntiVirus engines on VirusTotal as malicious
watch Attempts to create or modify system certificates
watch Checks for the presence of known devices from debuggers and forensic tools
watch Checks for the presence of known windows from debuggers and forensic tools
watch Checks the version of Bios
watch Collects information about installed applications
watch Detects the presence of Wine emulator
watch Detects VirtualBox through the presence of a registry key
watch Detects VMWare through the in instruction feature
watch Drops a binary and executes it
watch Executes one or more WMI queries
watch Harvests credentials from local FTP client softwares
watch Network activity contains more than one unique useragent
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the process compan.exe
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries which can be used to identify virtual machines
notice Expresses interest in specific running processes
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Steals private information from local Internet browsers
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info Tries to locate where the browsers are installed
info Uses Windows APIs to generate a cryptographic key

Rules (47cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
watch Antivirus Contains references to security software binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice Generic_PWS_Memory_Zero PWS Memory memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info Is_DotNET_EXE (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory
info Win_Backdoor_AsyncRAT_Zero Win Backdoor AsyncRAT binaries (download)

Network (19cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://ilonamaska.info/wp-content/uploads/2022/08 RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/function/v2tmp/path_int.php RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/wp-content/uploads/2021/10 RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/function/v2tmp/useruploadetfilesun.php RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/app/files/ap/id273150012.php RU 3W Infra B.V. 193.42.108.63 malware
http://ilonamaska.info/books/userpaths/birbik/harrypotter1.txt RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/stat_os.php RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/app/files/ap/id27315001.php RU 3W Infra B.V. 193.42.108.63 clean
http://ilonamaska.info/books/userpaths/birbik/harrypotter111.txt RU 3W Infra B.V. 193.42.108.63 clean
https://api.ip.sb/geoip US CLOUDFLARENET 104.26.12.31 clean
https://api.ip.sb/ip US CLOUDFLARENET 104.26.12.31 clean
api.ip.sb US CLOUDFLARENET 104.26.12.31 clean
operalan.info NL 3W Infra B.V. 193.42.110.84 clean
iplogger.com DE Hetzner Online GmbH 148.251.234.93 mailcious
ilonamaska.info RU 3W Infra B.V. 193.42.108.63 malware
104.26.12.31 US CLOUDFLARENET 104.26.12.31 clean
193.42.108.63 RU 3W Infra B.V. 193.42.108.63 malware
148.251.234.93 DE Hetzner Online GmbH 148.251.234.93 mailcious
193.42.110.84 NL 3W Infra B.V. 193.42.110.84 clean

Suricata ids

PE API

IAT(Import Address Table) Library

WSOCK32.dll
 0x1400b5fc0 gethostbyname
 0x1400b5fc8 recv
 0x1400b5fd0 send
 0x1400b5fd8 socket
 0x1400b5fe0 inet_ntoa
 0x1400b5fe8 setsockopt
 0x1400b5ff0 ntohs
 0x1400b5ff8 WSACleanup
 0x1400b6000 WSAStartup
 0x1400b6008 sendto
 0x1400b6010 htons
 0x1400b6018 __WSAFDIsSet
 0x1400b6020 select
 0x1400b6028 accept
 0x1400b6030 listen
 0x1400b6038 ind
 0x1400b6040 inet_addr
 0x1400b6048 ioctlsocket
 0x1400b6050 recvfrom
 0x1400b6058 WSAGetLastError
 0x1400b6060 closesocket
 0x1400b6068 gethostname
 0x1400b6070 connect
VERSION.dll
 0x1400b5f08 GetFileVersionInfoW
 0x1400b5f10 VerQueryValueW
 0x1400b5f18 GetFileVersionInfoSizeW
WINMM.dll
 0x1400b5fa0 timeGetTime
 0x1400b5fa8 waveOutSetVolume
 0x1400b5fb0 mciSendStringW
COMCTL32.dll
 0x1400b5110 ImageList_ReplaceIcon
 0x1400b5118 ImageList_Destroy
 0x1400b5120 ImageList_Remove
 0x1400b5128 ImageList_SetDragCursorImage
 0x1400b5130 ImageList_BeginDrag
 0x1400b5138 ImageList_DragEnter
 0x1400b5140 ImageList_DragLeave
 0x1400b5148 ImageList_EndDrag
 0x1400b5150 ImageList_DragMove
 0x1400b5158 InitCommonControlsEx
 0x1400b5160 ImageList_Create
MPR.dll
 0x1400b5810 WNetGetConnectionW
 0x1400b5818 WNetCancelConnection2W
 0x1400b5820 WNetUseConnectionW
 0x1400b5828 WNetAddConnection2W
WININET.dll
 0x1400b5f28 HttpOpenRequestW
 0x1400b5f30 InternetCloseHandle
 0x1400b5f38 InternetOpenW
 0x1400b5f40 InternetSetOptionW
 0x1400b5f48 InternetCrackUrlW
 0x1400b5f50 HttpQueryInfoW
 0x1400b5f58 InternetQueryOptionW
 0x1400b5f60 InternetConnectW
 0x1400b5f68 HttpSendRequestW
 0x1400b5f70 FtpOpenFileW
 0x1400b5f78 FtpGetFileSize
 0x1400b5f80 InternetOpenUrlW
 0x1400b5f88 InternetReadFile
 0x1400b5f90 InternetQueryDataAvailable
PSAPI.DLL
 0x1400b5928 GetProcessMemoryInfo
IPHLPAPI.DLL
 0x1400b52a8 IcmpSendEcho
 0x1400b52b0 IcmpCloseHandle
 0x1400b52b8 IcmpCreateFile
USERENV.dll
 0x1400b5ed0 DestroyEnvironmentBlock
 0x1400b5ed8 LoadUserProfileW
 0x1400b5ee0 CreateEnvironmentBlock
 0x1400b5ee8 UnloadUserProfile
UxTheme.dll
 0x1400b5ef8 IsThemeActive
KERNEL32.dll
 0x1400b52c8 WaitForSingleObject
 0x1400b52d0 HeapAlloc
 0x1400b52d8 GetProcessHeap
 0x1400b52e0 HeapFree
 0x1400b52e8 Sleep
 0x1400b52f0 GetCurrentThreadId
 0x1400b52f8 MultiByteToWideChar
 0x1400b5300 MulDiv
 0x1400b5308 GetVersionExW
 0x1400b5310 IsWow64Process
 0x1400b5318 GetSystemInfo
 0x1400b5320 FreeLibrary
 0x1400b5328 LoadLibraryA
 0x1400b5330 GetProcAddress
 0x1400b5338 SetErrorMode
 0x1400b5340 GetModuleFileNameW
 0x1400b5348 WideCharToMultiByte
 0x1400b5350 lstrcpyW
 0x1400b5358 lstrlenW
 0x1400b5360 GetModuleHandleW
 0x1400b5368 QueryPerformanceCounter
 0x1400b5370 VirtualFreeEx
 0x1400b5378 OpenProcess
 0x1400b5380 VirtualAllocEx
 0x1400b5388 WriteProcessMemory
 0x1400b5390 ReadProcessMemory
 0x1400b5398 CreateFileW
 0x1400b53a0 SetFilePointerEx
 0x1400b53a8 SetEndOfFile
 0x1400b53b0 ReadFile
 0x1400b53b8 WriteFile
 0x1400b53c0 FlushFileBuffers
 0x1400b53c8 TerminateProcess
 0x1400b53d0 CreateToolhelp32Snapshot
 0x1400b53d8 Process32FirstW
 0x1400b53e0 Process32NextW
 0x1400b53e8 SetFileTime
 0x1400b53f0 GetFileAttributesW
 0x1400b53f8 FindFirstFileW
 0x1400b5400 FindClose
 0x1400b5408 GetLongPathNameW
 0x1400b5410 GetShortPathNameW
 0x1400b5418 DeleteFileW
 0x1400b5420 FindNextFileW
 0x1400b5428 CopyFileExW
 0x1400b5430 GetFullPathNameW
 0x1400b5438 CreateDirectoryW
 0x1400b5440 RemoveDirectoryW
 0x1400b5448 SetSystemPowerState
 0x1400b5450 QueryPerformanceFrequency
 0x1400b5458 LoadResource
 0x1400b5460 LockResource
 0x1400b5468 SizeofResource
 0x1400b5470 OutputDebugStringW
 0x1400b5478 GetTempPathW
 0x1400b5480 GetTempFileNameW
 0x1400b5488 DeviceIoControl
 0x1400b5490 GetLocalTime
 0x1400b5498 CompareStringW
 0x1400b54a0 EnterCriticalSection
 0x1400b54a8 LeaveCriticalSection
 0x1400b54b0 DuplicateHandle
 0x1400b54b8 CreatePipe
 0x1400b54c0 TerminateThread
 0x1400b54c8 LoadLibraryExW
 0x1400b54d0 FindResourceExW
 0x1400b54d8 CopyFileW
 0x1400b54e0 VirtualFree
 0x1400b54e8 FormatMessageW
 0x1400b54f0 GetExitCodeProcess
 0x1400b54f8 GetPrivateProfileStringW
 0x1400b5500 WritePrivateProfileStringW
 0x1400b5508 GetPrivateProfileSectionW
 0x1400b5510 WritePrivateProfileSectionW
 0x1400b5518 GetPrivateProfileSectionNamesW
 0x1400b5520 FileTimeToLocalFileTime
 0x1400b5528 FileTimeToSystemTime
 0x1400b5530 SystemTimeToFileTime
 0x1400b5538 LocalFileTimeToFileTime
 0x1400b5540 GetDriveTypeW
 0x1400b5548 GetDiskFreeSpaceExW
 0x1400b5550 GetDiskFreeSpaceW
 0x1400b5558 GetVolumeInformationW
 0x1400b5560 SetVolumeLabelW
 0x1400b5568 CreateHardLinkW
 0x1400b5570 SetFileAttributesW
 0x1400b5578 CreateEventW
 0x1400b5580 SetEvent
 0x1400b5588 GetEnvironmentVariableW
 0x1400b5590 SetEnvironmentVariableW
 0x1400b5598 GlobalLock
 0x1400b55a0 GlobalUnlock
 0x1400b55a8 GlobalAlloc
 0x1400b55b0 GetFileSize
 0x1400b55b8 GlobalFree
 0x1400b55c0 GlobalMemoryStatusEx
 0x1400b55c8 Beep
 0x1400b55d0 GetSystemDirectoryW
 0x1400b55d8 HeapReAlloc
 0x1400b55e0 HeapSize
 0x1400b55e8 GetComputerNameW
 0x1400b55f0 GetWindowsDirectoryW
 0x1400b55f8 GetCurrentProcessId
 0x1400b5600 GetProcessIoCounters
 0x1400b5608 CreateProcessW
 0x1400b5610 GetProcessId
 0x1400b5618 SetPriorityClass
 0x1400b5620 LoadLibraryW
 0x1400b5628 VirtualAlloc
 0x1400b5630 SetCurrentDirectoryW
 0x1400b5638 IsDebuggerPresent
 0x1400b5640 GetCurrentDirectoryW
 0x1400b5648 lstrcmpiW
 0x1400b5650 GetLastError
 0x1400b5658 RaiseException
 0x1400b5660 InitializeCriticalSectionAndSpinCount
 0x1400b5668 DeleteCriticalSection
 0x1400b5670 RtlLookupFunctionEntry
 0x1400b5678 RtlVirtualUnwind
 0x1400b5680 UnhandledExceptionFilter
 0x1400b5688 SetUnhandledExceptionFilter
 0x1400b5690 GetStartupInfoW
 0x1400b5698 IsProcessorFeaturePresent
 0x1400b56a0 GetSystemTimeAsFileTime
 0x1400b56a8 CreateThread
 0x1400b56b0 GetCurrentProcess
 0x1400b56b8 GetCurrentThread
 0x1400b56c0 GetStdHandle
 0x1400b56c8 InitializeSListHead
 0x1400b56d0 RtlUnwindEx
 0x1400b56d8 RtlPcToFileHeader
 0x1400b56e0 SetLastError
 0x1400b56e8 TlsAlloc
 0x1400b56f0 ResetEvent
 0x1400b56f8 WaitForSingleObjectEx
 0x1400b5700 TlsGetValue
 0x1400b5708 TlsSetValue
 0x1400b5710 TlsFree
 0x1400b5718 EncodePointer
 0x1400b5720 ExitProcess
 0x1400b5728 GetModuleHandleExW
 0x1400b5730 ExitThread
 0x1400b5738 ResumeThread
 0x1400b5740 FreeLibraryAndExitThread
 0x1400b5748 GetACP
 0x1400b5750 GetDateFormatW
 0x1400b5758 GetTimeFormatW
 0x1400b5760 LCMapStringW
 0x1400b5768 GetStringTypeW
 0x1400b5770 GetFileType
 0x1400b5778 SetStdHandle
 0x1400b5780 GetConsoleCP
 0x1400b5788 GetConsoleMode
 0x1400b5790 ReadConsoleW
 0x1400b5798 GetTimeZoneInformation
 0x1400b57a0 FindFirstFileExW
 0x1400b57a8 IsValidCodePage
 0x1400b57b0 GetOEMCP
 0x1400b57b8 GetCPInfo
 0x1400b57c0 GetCommandLineA
 0x1400b57c8 GetCommandLineW
 0x1400b57d0 GetEnvironmentStringsW
 0x1400b57d8 FreeEnvironmentStringsW
 0x1400b57e0 SetEnvironmentVariableA
 0x1400b57e8 CloseHandle
 0x1400b57f0 WriteConsoleW
 0x1400b57f8 MoveFileW
 0x1400b5800 RtlCaptureContext
USER32.dll
 0x1400b59b8 GetSubMenu
 0x1400b59c0 GetCaretPos
 0x1400b59c8 IsZoomed
 0x1400b59d0 GetWindowLongW
 0x1400b59d8 MonitorFromPoint
 0x1400b59e0 GetMonitorInfoW
 0x1400b59e8 SetWindowLongW
 0x1400b59f0 SetLayeredWindowAttributes
 0x1400b59f8 FlashWindow
 0x1400b5a00 GetClassLongPtrW
 0x1400b5a08 TranslateAcceleratorW
 0x1400b5a10 IsDialogMessageW
 0x1400b5a18 GetSysColor
 0x1400b5a20 InflateRect
 0x1400b5a28 DrawFocusRect
 0x1400b5a30 DrawTextW
 0x1400b5a38 FrameRect
 0x1400b5a40 DrawFrameControl
 0x1400b5a48 FillRect
 0x1400b5a50 PtInRect
 0x1400b5a58 DestroyAcceleratorTable
 0x1400b5a60 CreateAcceleratorTableW
 0x1400b5a68 SetCursor
 0x1400b5a70 GetWindowDC
 0x1400b5a78 GetSystemMetrics
 0x1400b5a80 SetWindowLongPtrW
 0x1400b5a88 GetActiveWindow
 0x1400b5a90 CharNextW
 0x1400b5a98 wsprintfW
 0x1400b5aa0 RedrawWindow
 0x1400b5aa8 DrawMenuBar
 0x1400b5ab0 DestroyMenu
 0x1400b5ab8 SetMenu
 0x1400b5ac0 GetWindowTextLengthW
 0x1400b5ac8 CreateMenu
 0x1400b5ad0 IsDlgButtonChecked
 0x1400b5ad8 DefDlgProcW
 0x1400b5ae0 CallWindowProcW
 0x1400b5ae8 ReleaseCapture
 0x1400b5af0 SetCapture
 0x1400b5af8 OpenClipboard
 0x1400b5b00 BlockInput
 0x1400b5b08 GetMessageW
 0x1400b5b10 LockWindowUpdate
 0x1400b5b18 DispatchMessageW
 0x1400b5b20 TranslateMessage
 0x1400b5b28 PeekMessageW
 0x1400b5b30 GetInputState
 0x1400b5b38 UnregisterHotKey
 0x1400b5b40 CharLowerBuffW
 0x1400b5b48 MonitorFromRect
 0x1400b5b50 LoadImageW
 0x1400b5b58 mouse_event
 0x1400b5b60 ExitWindowsEx
 0x1400b5b68 SetActiveWindow
 0x1400b5b70 FindWindowExW
 0x1400b5b78 EnumThreadWindows
 0x1400b5b80 GetMenuStringW
 0x1400b5b88 InsertMenuItemW
 0x1400b5b90 IsMenu
 0x1400b5b98 TrackPopupMenuEx
 0x1400b5ba0 GetCursorPos
 0x1400b5ba8 DeleteMenu
 0x1400b5bb0 CheckMenuRadioItem
 0x1400b5bb8 GetMenuItemID
 0x1400b5bc0 GetMenuItemCount
 0x1400b5bc8 SetMenuItemInfoW
 0x1400b5bd0 GetMenuItemInfoW
 0x1400b5bd8 SetForegroundWindow
 0x1400b5be0 IsIconic
 0x1400b5be8 FindWindowW
 0x1400b5bf0 CloseClipboard
 0x1400b5bf8 keybd_event
 0x1400b5c00 SendInput
 0x1400b5c08 GetAsyncKeyState
 0x1400b5c10 SetKeyboardState
 0x1400b5c18 GetKeyboardState
 0x1400b5c20 GetKeyState
 0x1400b5c28 VkKeyScanW
 0x1400b5c30 LoadStringW
 0x1400b5c38 DialogBoxParamW
 0x1400b5c40 MessageBeep
 0x1400b5c48 EndDialog
 0x1400b5c50 SendDlgItemMessageW
 0x1400b5c58 GetDlgItem
 0x1400b5c60 SetWindowTextW
 0x1400b5c68 CopyRect
 0x1400b5c70 EndPaint
 0x1400b5c78 BeginPaint
 0x1400b5c80 GetClientRect
 0x1400b5c88 GetMenu
 0x1400b5c90 DestroyWindow
 0x1400b5c98 EnumWindows
 0x1400b5ca0 GetDesktopWindow
 0x1400b5ca8 IsWindow
 0x1400b5cb0 IsWindowEnabled
 0x1400b5cb8 IsWindowVisible
 0x1400b5cc0 EnableWindow
 0x1400b5cc8 InvalidateRect
 0x1400b5cd0 GetWindowLongPtrW
 0x1400b5cd8 ReleaseDC
 0x1400b5ce0 GetWindowThreadProcessId
 0x1400b5ce8 AttachThreadInput
 0x1400b5cf0 GetFocus
 0x1400b5cf8 GetWindowTextW
 0x1400b5d00 ScreenToClient
 0x1400b5d08 SendMessageTimeoutW
 0x1400b5d10 EnumChildWindows
 0x1400b5d18 CharUpperBuffW
 0x1400b5d20 GetClassNameW
 0x1400b5d28 GetParent
 0x1400b5d30 GetDlgCtrlID
 0x1400b5d38 SendMessageW
 0x1400b5d40 MapVirtualKeyW
 0x1400b5d48 PostMessageW
 0x1400b5d50 IsCharUpperW
 0x1400b5d58 IsCharLowerW
 0x1400b5d60 IsCharAlphaNumericW
 0x1400b5d68 IsCharAlphaW
 0x1400b5d70 GetKeyboardLayoutNameW
 0x1400b5d78 ClientToScreen
 0x1400b5d80 RegisterHotKey
 0x1400b5d88 GetCursorInfo
 0x1400b5d90 SetWindowPos
 0x1400b5d98 CopyImage
 0x1400b5da0 AdjustWindowRectEx
 0x1400b5da8 SetRect
 0x1400b5db0 SetClipboardData
 0x1400b5db8 EmptyClipboard
 0x1400b5dc0 SetMenuDefaultItem
 0x1400b5dc8 CountClipboardFormats
 0x1400b5dd0 GetWindowRect
 0x1400b5dd8 SetUserObjectSecurity
 0x1400b5de0 GetClipboardData
 0x1400b5de8 CloseDesktop
 0x1400b5df0 CloseWindowStation
 0x1400b5df8 OpenDesktopW
 0x1400b5e00 SetProcessWindowStation
 0x1400b5e08 GetProcessWindowStation
 0x1400b5e10 OpenWindowStationW
 0x1400b5e18 GetUserObjectSecurity
 0x1400b5e20 MessageBoxW
 0x1400b5e28 DefWindowProcW
 0x1400b5e30 MoveWindow
 0x1400b5e38 SetFocus
 0x1400b5e40 PostQuitMessage
 0x1400b5e48 KillTimer
 0x1400b5e50 CreatePopupMenu
 0x1400b5e58 RegisterWindowMessageW
 0x1400b5e60 SetTimer
 0x1400b5e68 ShowWindow
 0x1400b5e70 CreateWindowExW
 0x1400b5e78 RegisterClassExW
 0x1400b5e80 LoadIconW
 0x1400b5e88 LoadCursorW
 0x1400b5e90 GetSysColorBrush
 0x1400b5e98 GetForegroundWindow
 0x1400b5ea0 MessageBoxA
 0x1400b5ea8 DestroyIcon
 0x1400b5eb0 SystemParametersInfoW
 0x1400b5eb8 IsClipboardFormatAvailable
 0x1400b5ec0 GetDC
GDI32.dll
 0x1400b5188 EndPath
 0x1400b5190 DeleteObject
 0x1400b5198 GetDeviceCaps
 0x1400b51a0 ExtCreatePen
 0x1400b51a8 StrokePath
 0x1400b51b0 SetPixel
 0x1400b51b8 CloseFigure
 0x1400b51c0 LineTo
 0x1400b51c8 AngleArc
 0x1400b51d0 MoveToEx
 0x1400b51d8 Ellipse
 0x1400b51e0 PolyDraw
 0x1400b51e8 GetTextExtentPoint32W
 0x1400b51f0 CreateCompatibleBitmap
 0x1400b51f8 BeginPath
 0x1400b5200 Rectangle
 0x1400b5208 SetViewportOrgEx
 0x1400b5210 GetObjectW
 0x1400b5218 SetBkMode
 0x1400b5220 RoundRect
 0x1400b5228 SetBkColor
 0x1400b5230 CreatePen
 0x1400b5238 CreateSolidBrush
 0x1400b5240 SetTextColor
 0x1400b5248 CreateFontW
 0x1400b5250 GetTextFaceW
 0x1400b5258 GetStockObject
 0x1400b5260 CreateDCW
 0x1400b5268 GetPixel
 0x1400b5270 DeleteDC
 0x1400b5278 GetDIBits
 0x1400b5280 StretchBlt
 0x1400b5288 SelectObject
 0x1400b5290 CreateCompatibleDC
 0x1400b5298 StrokeAndFillPath
COMDLG32.dll
 0x1400b5170 GetSaveFileNameW
 0x1400b5178 GetOpenFileNameW
ADVAPI32.dll
 0x1400b5000 GetAce
 0x1400b5008 RegEnumValueW
 0x1400b5010 RegDeleteValueW
 0x1400b5018 RegDeleteKeyW
 0x1400b5020 RegEnumKeyExW
 0x1400b5028 RegOpenKeyExW
 0x1400b5030 RegCloseKey
 0x1400b5038 RegQueryValueExW
 0x1400b5040 RegConnectRegistryW
 0x1400b5048 InitializeSecurityDescriptor
 0x1400b5050 InitializeAcl
 0x1400b5058 AdjustTokenPrivileges
 0x1400b5060 OpenThreadToken
 0x1400b5068 OpenProcessToken
 0x1400b5070 LookupPrivilegeValueW
 0x1400b5078 DuplicateTokenEx
 0x1400b5080 CreateProcessAsUserW
 0x1400b5088 CreateProcessWithLogonW
 0x1400b5090 GetLengthSid
 0x1400b5098 CopySid
 0x1400b50a0 LogonUserW
 0x1400b50a8 AllocateAndInitializeSid
 0x1400b50b0 CheckTokenMembership
 0x1400b50b8 FreeSid
 0x1400b50c0 GetTokenInformation
 0x1400b50c8 RegSetValueExW
 0x1400b50d0 GetSecurityDescriptorDacl
 0x1400b50d8 GetAclInformation
 0x1400b50e0 RegCreateKeyExW
 0x1400b50e8 AddAce
 0x1400b50f0 SetSecurityDescriptorDacl
 0x1400b50f8 InitiateSystemShutdownExW
 0x1400b5100 GetUserNameW
SHELL32.dll
 0x1400b5938 DragFinish
 0x1400b5940 DragQueryPoint
 0x1400b5948 ShellExecuteExW
 0x1400b5950 DragQueryFileW
 0x1400b5958 SHEmptyRecycleBinW
 0x1400b5960 SHGetPathFromIDListW
 0x1400b5968 SHBrowseForFolderW
 0x1400b5970 SHCreateShellItem
 0x1400b5978 SHGetDesktopFolder
 0x1400b5980 SHGetSpecialFolderLocation
 0x1400b5988 SHGetFolderPathW
 0x1400b5990 SHFileOperationW
 0x1400b5998 ExtractIconExW
 0x1400b59a0 Shell_NotifyIconW
 0x1400b59a8 ShellExecuteW
ole32.dll
 0x1400b6080 CoTaskMemAlloc
 0x1400b6088 CoTaskMemFree
 0x1400b6090 CLSIDFromString
 0x1400b6098 ProgIDFromCLSID
 0x1400b60a0 CLSIDFromProgID
 0x1400b60a8 OleSetMenuDescriptor
 0x1400b60b0 MkParseDisplayName
 0x1400b60b8 OleSetContainedObject
 0x1400b60c0 CoCreateInstance
 0x1400b60c8 IIDFromString
 0x1400b60d0 StringFromGUID2
 0x1400b60d8 CreateStreamOnHGlobal
 0x1400b60e0 OleInitialize
 0x1400b60e8 OleUninitialize
 0x1400b60f0 CoInitialize
 0x1400b60f8 CoUninitialize
 0x1400b6100 GetRunningObjectTable
 0x1400b6108 CoGetInstanceFromFile
 0x1400b6110 CoGetObject
 0x1400b6118 CoInitializeSecurity
 0x1400b6120 CoCreateInstanceEx
 0x1400b6128 CoSetProxyBlanket
OLEAUT32.dll
 0x1400b5838 VariantChangeType
 0x1400b5840 DispCallFunc
 0x1400b5848 CreateStdDispatch
 0x1400b5850 CreateDispTypeInfo
 0x1400b5858 UnRegisterTypeLib
 0x1400b5860 UnRegisterTypeLibForUser
 0x1400b5868 RegisterTypeLibForUser
 0x1400b5870 RegisterTypeLib
 0x1400b5878 LoadTypeLibEx
 0x1400b5880 VariantCopyInd
 0x1400b5888 VariantTimeToSystemTime
 0x1400b5890 SysFreeString
 0x1400b5898 SafeArrayDestroyDescriptor
 0x1400b58a0 SafeArrayDestroyData
 0x1400b58a8 SafeArrayUnaccessData
 0x1400b58b0 VariantInit
 0x1400b58b8 VariantClear
 0x1400b58c0 VariantCopy
 0x1400b58c8 SysAllocString
 0x1400b58d0 SafeArrayCreateVector
 0x1400b58d8 VarR8FromDec
 0x1400b58e0 SafeArrayAllocDescriptorEx
 0x1400b58e8 SafeArrayAllocData
 0x1400b58f0 SysStringLen
 0x1400b58f8 SafeArrayGetVartype
 0x1400b5900 OleLoadPicture
 0x1400b5908 QueryPathOfRegTypeLib
 0x1400b5910 SysReAllocString
 0x1400b5918 SafeArrayAccessData

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure