popup

Report - SoftwareMeetup.exe

Raccoon Gen1 Suspicious_Script_Bin Downloader Malicious Library UPX Malicious Packer Http API ScreenShot Escalate priviledges PWS HTTP Code injection Internet API KeyLogger Create Service Socket DGA Steal credential Hijack Network Sniff Audio DNS persiste
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.12.11 19:52 Machine s1_win7_x6401
Filename SoftwareMeetup.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
1
 Behavior Score
14.6
ZERO API file : mailcious
VT API (file) 44 detected (TR/Drop.Agent.dnigo, unsafe, W32.Trojan.Gen, Detected, Trojan.Win32.Generic.sa, W32.AIDetectMalware, ML.Attribute.HighConfidence, Win32:DropperX-gen [Drp, malware (ai score=86), Malware.Win32.Gencirc.13f97c79, Malware@#1eoa146hwlljq, Trojan.GenericKD.70713958 (B), Trojan.TR/Drop.Agent.dnigo, TrojanDropper:Win32/DropperX.80a5554b, Spyware.RecordStealer, Trojan.Malware.9530778.susgen, malicious (moderate confidence), Trojan.Win32.Save.a, Trojan/Win.Generic.C5556692, Trojan.Generic@AI.81 (RDML:nhRodMOYdI0XXcPoMlYntg), MALICIOUS, Trj/Chgt.AD, Trojan:Win32/Znyonm, Trojan.Win32.Agent.Y!c, Trojan.GenericKD.70713958, a variant of Win32/TrojanDropper.Delf.ACJ, HEUR:Backdoor.Win32.Agent.gen, Mal/Generic-S, win/malicious_confidence_100% (W), TrojanSpy.Win32.RACCOONSTEALER.YXDLHZ, Malicious (score: 99), Trojan-Dropper.Win32.Delf, Trojan.Generic.D4370266, Trojan/Win32.Sabsik)
md5 cbf9b27a8f0e0694c727f4365776b745
sha256 345ff30f046fefaf38981f65238c022878d9ecab54437a88a7b5bddcba6ebc3d
ssdeep 24576:Gc9fr4kJAx1q/o/Ugge7p+XgwUXKXeaWptGyvNjl:G+py15bgeF+SlptGyvdl
imphash 1d276c0c01988ae6fe7ef53c6494f83f
impfuzzy 192:o13MDbuuaxSUvK93to1Xh7e628v1g+POQHSDt:C3maq9Wx1/POQyh
  Network IP location

Signature (35cnts)

Level Description
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Collects information about installed applications
watch Communicates with host for which no DNS query was performed
watch Expresses interest in specific running processes
watch Manipulates memory of a non-child process indicative of process injection
watch One or more of the buffers contains an embedded PE file
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the process lone.pif
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Potentially malicious URLs were found in the process memory dump
notice Queries for potentially installed applications
notice Repeatedly searches for a not-found process
notice Searches running processes potentially to identify processes for sandbox evasion
notice Sends data using the HTTP POST Method
notice Steals private information from local Internet browsers
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info Tries to locate where the browsers are installed

Rules (47cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Suspicious_Obfuscation_Script_2 Suspicious obfuscation script (e.g. executable files) binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch Network_Downloader File Downloader memory
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice Generic_PWS_Memory_Zero PWS Memory memory
notice Hijack_Network Hijack network configuration memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice Persistence Install itself for autorun at Windows startup memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info mzp_file_format MZP(Delphi) file format binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (11cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/eaf08ca3e93323672f845af593b238c0
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
http://5.42.64.45/
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 38686 mailcious
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 clean
OehFAoaJixIuGMFQDbBpv.OehFAoaJixIuGMFQDbBpv
whois
Unknown clean
5.42.64.45
whois
RU CJSC Kolomna-Sviaz TV 5.42.64.45 malware

Suricata ids

ET MALWARE Win32/RecordBreaker CnC Checkin M1
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING Possible Generic Stealer Sending System Information

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x47e780 SysFreeString
 0x47e784 SysReAllocStringLen
 0x47e788 SysAllocStringLen
advapi32.dll
 0x47e790 RegQueryValueExA
 0x47e794 RegOpenKeyExA
 0x47e798 RegCloseKey
user32.dll
 0x47e7a0 GetKeyboardType
 0x47e7a4 DestroyWindow
 0x47e7a8 LoadStringA
 0x47e7ac MessageBoxA
 0x47e7b0 CharNextA
kernel32.dll
 0x47e7b8 GetACP
 0x47e7bc Sleep
 0x47e7c0 VirtualFree
 0x47e7c4 VirtualAlloc
 0x47e7c8 GetCurrentThreadId
 0x47e7cc InterlockedDecrement
 0x47e7d0 InterlockedIncrement
 0x47e7d4 VirtualQuery
 0x47e7d8 WideCharToMultiByte
 0x47e7dc MultiByteToWideChar
 0x47e7e0 lstrlenA
 0x47e7e4 lstrcpynA
 0x47e7e8 LoadLibraryExA
 0x47e7ec GetThreadLocale
 0x47e7f0 GetStartupInfoA
 0x47e7f4 GetProcAddress
 0x47e7f8 GetModuleHandleA
 0x47e7fc GetModuleFileNameA
 0x47e800 GetLocaleInfoA
 0x47e804 GetCommandLineA
 0x47e808 FreeLibrary
 0x47e80c FindFirstFileA
 0x47e810 FindClose
 0x47e814 ExitProcess
 0x47e818 CompareStringA
 0x47e81c WriteFile
 0x47e820 UnhandledExceptionFilter
 0x47e824 RtlUnwind
 0x47e828 RaiseException
 0x47e82c GetStdHandle
kernel32.dll
 0x47e834 TlsSetValue
 0x47e838 TlsGetValue
 0x47e83c LocalAlloc
 0x47e840 GetModuleHandleA
user32.dll
 0x47e848 CreateWindowExA
 0x47e84c WindowFromPoint
 0x47e850 WaitMessage
 0x47e854 UpdateWindow
 0x47e858 UnregisterClassA
 0x47e85c UnhookWindowsHookEx
 0x47e860 TranslateMessage
 0x47e864 TranslateMDISysAccel
 0x47e868 TrackPopupMenu
 0x47e86c SystemParametersInfoA
 0x47e870 ShowWindow
 0x47e874 ShowScrollBar
 0x47e878 ShowOwnedPopups
 0x47e87c SetWindowsHookExA
 0x47e880 SetWindowTextA
 0x47e884 SetWindowPos
 0x47e888 SetWindowPlacement
 0x47e88c SetWindowLongW
 0x47e890 SetWindowLongA
 0x47e894 SetTimer
 0x47e898 SetScrollRange
 0x47e89c SetScrollPos
 0x47e8a0 SetScrollInfo
 0x47e8a4 SetRect
 0x47e8a8 SetPropA
 0x47e8ac SetParent
 0x47e8b0 SetMenuItemInfoA
 0x47e8b4 SetMenu
 0x47e8b8 SetForegroundWindow
 0x47e8bc SetFocus
 0x47e8c0 SetCursor
 0x47e8c4 SetClassLongA
 0x47e8c8 SetCapture
 0x47e8cc SetActiveWindow
 0x47e8d0 SendMessageW
 0x47e8d4 SendMessageA
 0x47e8d8 ScrollWindow
 0x47e8dc ScreenToClient
 0x47e8e0 RemovePropA
 0x47e8e4 RemoveMenu
 0x47e8e8 ReleaseDC
 0x47e8ec ReleaseCapture
 0x47e8f0 RegisterWindowMessageA
 0x47e8f4 RegisterClipboardFormatA
 0x47e8f8 RegisterClassA
 0x47e8fc RedrawWindow
 0x47e900 PtInRect
 0x47e904 PostQuitMessage
 0x47e908 PostMessageA
 0x47e90c PeekMessageW
 0x47e910 PeekMessageA
 0x47e914 OpenIcon
 0x47e918 OffsetRect
 0x47e91c OemToCharA
 0x47e920 MessageBoxA
 0x47e924 MapWindowPoints
 0x47e928 MapVirtualKeyA
 0x47e92c LoadStringA
 0x47e930 LoadKeyboardLayoutA
 0x47e934 LoadIconA
 0x47e938 LoadCursorA
 0x47e93c LoadBitmapA
 0x47e940 KillTimer
 0x47e944 IsZoomed
 0x47e948 IsWindowVisible
 0x47e94c IsWindowUnicode
 0x47e950 IsWindowEnabled
 0x47e954 IsWindow
 0x47e958 IsRectEmpty
 0x47e95c IsIconic
 0x47e960 IsDialogMessageW
 0x47e964 IsDialogMessageA
 0x47e968 IsChild
 0x47e96c InvalidateRect
 0x47e970 IntersectRect
 0x47e974 InsertMenuItemA
 0x47e978 InsertMenuA
 0x47e97c InflateRect
 0x47e980 GetWindowThreadProcessId
 0x47e984 GetWindowTextLengthA
 0x47e988 GetWindowTextA
 0x47e98c GetWindowRect
 0x47e990 GetWindowPlacement
 0x47e994 GetWindowLongW
 0x47e998 GetWindowLongA
 0x47e99c GetWindowDC
 0x47e9a0 GetUpdateRect
 0x47e9a4 GetTopWindow
 0x47e9a8 GetSystemMetrics
 0x47e9ac GetSystemMenu
 0x47e9b0 GetSysColorBrush
 0x47e9b4 GetSysColor
 0x47e9b8 GetSubMenu
 0x47e9bc GetScrollRange
 0x47e9c0 GetScrollPos
 0x47e9c4 GetScrollInfo
 0x47e9c8 GetPropA
 0x47e9cc GetParent
 0x47e9d0 GetWindow
 0x47e9d4 GetMessagePos
 0x47e9d8 GetMenuStringA
 0x47e9dc GetMenuState
 0x47e9e0 GetMenuItemInfoA
 0x47e9e4 GetMenuItemID
 0x47e9e8 GetMenuItemCount
 0x47e9ec GetMenu
 0x47e9f0 GetLastActivePopup
 0x47e9f4 GetKeyboardState
 0x47e9f8 GetKeyboardLayoutNameA
 0x47e9fc GetKeyboardLayoutList
 0x47ea00 GetKeyboardLayout
 0x47ea04 GetKeyState
 0x47ea08 GetKeyNameTextA
 0x47ea0c GetKBCodePage
 0x47ea10 GetIconInfo
 0x47ea14 GetForegroundWindow
 0x47ea18 GetFocus
 0x47ea1c GetDesktopWindow
 0x47ea20 GetDCEx
 0x47ea24 GetDC
 0x47ea28 GetCursorPos
 0x47ea2c GetCursor
 0x47ea30 GetClientRect
 0x47ea34 GetClassLongA
 0x47ea38 GetClassInfoA
 0x47ea3c GetCapture
 0x47ea40 GetActiveWindow
 0x47ea44 FrameRect
 0x47ea48 FindWindowA
 0x47ea4c FillRect
 0x47ea50 EqualRect
 0x47ea54 EnumWindows
 0x47ea58 EnumThreadWindows
 0x47ea5c EnumChildWindows
 0x47ea60 EndPaint
 0x47ea64 EnableWindow
 0x47ea68 EnableScrollBar
 0x47ea6c EnableMenuItem
 0x47ea70 DrawTextA
 0x47ea74 DrawMenuBar
 0x47ea78 DrawIconEx
 0x47ea7c DrawIcon
 0x47ea80 DrawFrameControl
 0x47ea84 DrawEdge
 0x47ea88 DispatchMessageW
 0x47ea8c DispatchMessageA
 0x47ea90 DestroyWindow
 0x47ea94 DestroyMenu
 0x47ea98 DestroyIcon
 0x47ea9c DestroyCursor
 0x47eaa0 DeleteMenu
 0x47eaa4 DefWindowProcA
 0x47eaa8 DefMDIChildProcA
 0x47eaac DefFrameProcA
 0x47eab0 CreatePopupMenu
 0x47eab4 CreateMenu
 0x47eab8 CreateIcon
 0x47eabc ClientToScreen
 0x47eac0 CheckMenuItem
 0x47eac4 CallWindowProcA
 0x47eac8 CallNextHookEx
 0x47eacc BeginPaint
 0x47ead0 CharNextA
 0x47ead4 CharLowerBuffA
 0x47ead8 CharLowerA
 0x47eadc CharToOemA
 0x47eae0 AdjustWindowRectEx
 0x47eae4 ActivateKeyboardLayout
gdi32.dll
 0x47eaec UnrealizeObject
 0x47eaf0 StretchBlt
 0x47eaf4 StartPage
 0x47eaf8 StartDocA
 0x47eafc SetWindowOrgEx
 0x47eb00 SetViewportOrgEx
 0x47eb04 SetTextColor
 0x47eb08 SetStretchBltMode
 0x47eb0c SetROP2
 0x47eb10 SetPixel
 0x47eb14 SetMapMode
 0x47eb18 SetDIBColorTable
 0x47eb1c SetBrushOrgEx
 0x47eb20 SetBkMode
 0x47eb24 SetBkColor
 0x47eb28 SetAbortProc
 0x47eb2c SelectPalette
 0x47eb30 SelectObject
 0x47eb34 SaveDC
 0x47eb38 RestoreDC
 0x47eb3c Rectangle
 0x47eb40 RectVisible
 0x47eb44 RealizePalette
 0x47eb48 Polyline
 0x47eb4c Polygon
 0x47eb50 PatBlt
 0x47eb54 MoveToEx
 0x47eb58 MaskBlt
 0x47eb5c LineTo
 0x47eb60 IntersectClipRect
 0x47eb64 GetWindowOrgEx
 0x47eb68 GetTextMetricsA
 0x47eb6c GetTextExtentPoint32A
 0x47eb70 GetSystemPaletteEntries
 0x47eb74 GetStockObject
 0x47eb78 GetRgnBox
 0x47eb7c GetPixel
 0x47eb80 GetPaletteEntries
 0x47eb84 GetObjectA
 0x47eb88 GetDeviceCaps
 0x47eb8c GetDIBits
 0x47eb90 GetDIBColorTable
 0x47eb94 GetDCOrgEx
 0x47eb98 GetCurrentPositionEx
 0x47eb9c GetClipBox
 0x47eba0 GetBrushOrgEx
 0x47eba4 GetBitmapBits
 0x47eba8 ExcludeClipRect
 0x47ebac EndPage
 0x47ebb0 EndDoc
 0x47ebb4 DeleteObject
 0x47ebb8 DeleteDC
 0x47ebbc CreateSolidBrush
 0x47ebc0 CreateRectRgn
 0x47ebc4 CreatePenIndirect
 0x47ebc8 CreatePalette
 0x47ebcc CreateICA
 0x47ebd0 CreateHalftonePalette
 0x47ebd4 CreateFontIndirectA
 0x47ebd8 CreateDIBitmap
 0x47ebdc CreateDIBSection
 0x47ebe0 CreateDCA
 0x47ebe4 CreateCompatibleDC
 0x47ebe8 CreateCompatibleBitmap
 0x47ebec CreateBrushIndirect
 0x47ebf0 CreateBitmap
 0x47ebf4 CombineRgn
 0x47ebf8 BitBlt
version.dll
 0x47ec00 VerQueryValueA
 0x47ec04 GetFileVersionInfoSizeA
 0x47ec08 GetFileVersionInfoA
kernel32.dll
 0x47ec10 lstrcpyA
 0x47ec14 lstrcmpA
 0x47ec18 WriteFile
 0x47ec1c WaitForSingleObject
 0x47ec20 VirtualQuery
 0x47ec24 VirtualAlloc
 0x47ec28 SizeofResource
 0x47ec2c SetThreadLocale
 0x47ec30 SetFilePointer
 0x47ec34 SetEvent
 0x47ec38 SetErrorMode
 0x47ec3c SetEndOfFile
 0x47ec40 ResetEvent
 0x47ec44 ReadFile
 0x47ec48 MulDiv
 0x47ec4c LockResource
 0x47ec50 LoadResource
 0x47ec54 LoadLibraryA
 0x47ec58 LeaveCriticalSection
 0x47ec5c InitializeCriticalSection
 0x47ec60 GlobalUnlock
 0x47ec64 GlobalLock
 0x47ec68 GlobalFree
 0x47ec6c GlobalFindAtomA
 0x47ec70 GlobalDeleteAtom
 0x47ec74 GlobalAlloc
 0x47ec78 GlobalAddAtomA
 0x47ec7c GetVersionExA
 0x47ec80 GetVersion
 0x47ec84 GetUserDefaultLCID
 0x47ec88 GetTickCount
 0x47ec8c GetThreadLocale
 0x47ec90 GetStdHandle
 0x47ec94 GetProfileStringA
 0x47ec98 GetProcAddress
 0x47ec9c GetModuleHandleA
 0x47eca0 GetModuleFileNameA
 0x47eca4 GetLocaleInfoA
 0x47eca8 GetLocalTime
 0x47ecac GetLastError
 0x47ecb0 GetFullPathNameA
 0x47ecb4 GetDiskFreeSpaceA
 0x47ecb8 GetDateFormatA
 0x47ecbc GetCurrentThreadId
 0x47ecc0 GetCurrentThread
 0x47ecc4 GetCurrentProcessId
 0x47ecc8 GetCPInfo
 0x47eccc FreeResource
 0x47ecd0 InterlockedExchange
 0x47ecd4 FreeLibrary
 0x47ecd8 FormatMessageA
 0x47ecdc FindResourceA
 0x47ece0 EnumCalendarInfoA
 0x47ece4 EnterCriticalSection
 0x47ece8 DeleteCriticalSection
 0x47ecec CreateThread
 0x47ecf0 CreateFileA
 0x47ecf4 CreateEventA
 0x47ecf8 CreateDirectoryA
 0x47ecfc CompareStringA
 0x47ed00 CloseHandle
advapi32.dll
 0x47ed08 RegQueryValueExA
 0x47ed0c RegOpenKeyExA
 0x47ed10 RegFlushKey
 0x47ed14 RegCloseKey
kernel32.dll
 0x47ed1c Sleep
oleaut32.dll
 0x47ed24 SafeArrayPtrOfIndex
 0x47ed28 SafeArrayGetUBound
 0x47ed2c SafeArrayGetLBound
 0x47ed30 SafeArrayCreate
 0x47ed34 VariantChangeType
 0x47ed38 VariantCopy
 0x47ed3c VariantClear
 0x47ed40 VariantInit
comctl32.dll
 0x47ed48 _TrackMouseEvent
 0x47ed4c ImageList_SetIconSize
 0x47ed50 ImageList_GetIconSize
 0x47ed54 ImageList_Write
 0x47ed58 ImageList_Read
 0x47ed5c ImageList_GetDragImage
 0x47ed60 ImageList_DragShowNolock
 0x47ed64 ImageList_DragMove
 0x47ed68 ImageList_DragLeave
 0x47ed6c ImageList_DragEnter
 0x47ed70 ImageList_EndDrag
 0x47ed74 ImageList_BeginDrag
 0x47ed78 ImageList_Remove
 0x47ed7c ImageList_DrawEx
 0x47ed80 ImageList_Draw
 0x47ed84 ImageList_GetBkColor
 0x47ed88 ImageList_SetBkColor
 0x47ed8c ImageList_Add
 0x47ed90 ImageList_GetImageCount
 0x47ed94 ImageList_Destroy
 0x47ed98 ImageList_Create
 0x47ed9c InitCommonControls
winspool.drv
 0x47eda4 OpenPrinterA
 0x47eda8 EnumPrintersA
 0x47edac DocumentPropertiesA
 0x47edb0 ClosePrinter
kernel32.dll
 0x47edb8 FreeConsole

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure