popup

Report - Update.exe

Generic Malware Hide_EXE PDF Suspicious Link Malicious Library Malicious Packer UPX PE File ftp PE32 OS Processor Check DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.06.11 08:14 Machine s1_win7_x6403
Filename Update.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
4.0
ZERO API file : mailcious
VT API (file) 46 detected (Common, Malicious, score, Phonzy, GenericKD, Unsafe, Vtb2, Genus, moderate confidence, Artemis, MalwareX, Casdet, fivja, R002C0DFA24, Detected, ai score=87, Malware@#3qsev96ip4746, Zusy, ABRisk, ISCT, Chgt, PossibleThreat)
md5 99f4956e54717c033294558697b73fc6
sha256 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
ssdeep 196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C
imphash 806fc0b96bbb7d4a7bfec088168e0468
impfuzzy 192:xgQbAE/FNHtu+3OONkqF7FZS4hpMlt0cPkUER3:xgQbAiFN93OONkk7FY4hqg
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 46 AntiVirus engines on VirusTotal as malicious
warning Drops 206 unknown file mime types indicative of ransomware writing encrypted files back to disk
watch Connects to an IRC server
notice Drops an executable to the user AppData folder
notice Foreign language identified in PE resource
notice Performs some HTTP requests
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (18cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
warning hide_executable_file Hide executable file binaries (download)
warning PDF_Suspicious_Link_Z PDF Suspicious Link binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info ftp_command ftp command binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (267cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://update.cg100iii.com/cg70/data3/128.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-multibyte-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/112.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/cg70_submit.exe
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/156.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/186.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/234.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/203.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/168.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/208.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/227.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/246.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/253.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/193.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-heap-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/2.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/102.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/260.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/184.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/22.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/242.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/164.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/257.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/170.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/279.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/126.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/212.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/171.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/202.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/280.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/24.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/133.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/258.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/Qt5Sql.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/182.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/268.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/122.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/141.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/270.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/110.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/214.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/181.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/151.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/api-ms-win-core-string-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/272.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/211.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-namedpipe-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/259.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/183.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/269.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/105.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/231.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/18.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/12.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/273.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/160.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/188.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/111.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/262.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/163.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/19.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/119.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/281.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/152.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/Qt5Widgets.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/153.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/215.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/150.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/174.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/120.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-2-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/274.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/200.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/109.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-environment-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/277.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/146.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg100/update.ini
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/284.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/220.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/cryptopp.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/239.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/130.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/204.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-interlocked-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/209.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/244.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/14.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/25.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/132.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/api-ms-win-core-profile-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/115.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/224.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/13.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/Qt5Network.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/CG70.exe
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-string-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/100.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-private-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/114.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/11.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/26.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/Qt5Core.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/147.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/139.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/232.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/217.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/104.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/256.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/176.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/254.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/240.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/191.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/118.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/233.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/243.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/222.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/213.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/265.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/Qt5SerialPort.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/194.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-sysinfo-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/255.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/121.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/179.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/237.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/177.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/248.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/api-ms-win-core-processenvironment-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/226.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/201.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/Qt5Gui.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/140.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/205.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/16.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/207.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/106.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/247.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/124.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/252.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/131.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-convert-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/263.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/165.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/251.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/125.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/261.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-2-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/143.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-debug-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/283.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/23.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/219.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/276.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-heap-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/api-ms-win-core-timezone-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/185.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-conio-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/173.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/198.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/21.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/230.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/166.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/285.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/235.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/282.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/216.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/172.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/210.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/1.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/197.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/267.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/180.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/api-ms-win-core-rtlsupport-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/264.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/129.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-locale-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/278.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/10.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/196.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/266.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/225.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/20.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-memory-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/137.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-math-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/107.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/api-ms-win-core-util-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-filesystem-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/192.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/187.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/245.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/113.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/155.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-process-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/update.ini
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-libraryloader-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/161.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/api-ms-win-core-console-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/206.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/162.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/221.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/134.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/238.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/218.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/249.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/108.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/api-ms-win-core-datetime-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/103.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/241.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/275.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/236.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/169.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/27.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-errorhandling-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/189.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-utility-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/28.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/15.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/149.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/159.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/Qt5Xml.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-runtime-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/271.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/116.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/195.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/api-ms-win-core-handle-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/148.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/142.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/190.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/145.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/158.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/157.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/117.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.249 clean
http://update.cg100iii.com/cg70/data3/101.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/VMProtectSDK32.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/167.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/127.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/Update.exe
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/250.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/api-ms-win-core-file-l2-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/199.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-time-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-1.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/136.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/138.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/154.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/17.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/data3/123.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/api-ms-win-core-localization-l1-2-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.242 clean
http://update.cg100iii.com/cg70/data3/229.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/api-ms-win-crt-stdio-l1-1-0.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.206 clean
http://update.cg100iii.com/cg70/data3/228.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
http://update.cg100iii.com/cg70/data3/223.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/Qt5Svg.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 clean
http://update.cg100iii.com/cg70/data3/175.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/135.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean
http://update.cg100iii.com/cg70/data3/178.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 clean
http://update.cg100iii.com/cg70/data3/144.bin
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
http://update.cg100iii.com/cg70/cg100xcon.dll
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.244 clean
update.cg100iii.com
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.248 malware
163.181.22.243
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.243 clean
163.181.22.241
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.241 mailcious
163.181.22.250
whois
US Zhejiang Taobao Network Co.,Ltd 163.181.22.250 clean

Suricata ids

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET HUNTING Suspicious Windows Executable CreateRemoteThread
ET HUNTING Suspicious Windows Executable WriteProcessMemory

PE API

IAT(Import Address Table) Library

GDI32.dll
 0xb050ac ExtTextOutW
 0xb050b0 GetTextFaceW
 0xb050b4 GetObjectW
 0xb050b8 GetTextMetricsW
 0xb050bc RemoveFontMemResourceEx
 0xb050c0 AddFontMemResourceEx
 0xb050c4 RemoveFontResourceExW
 0xb050c8 AddFontResourceExW
 0xb050cc GetStockObject
 0xb050d0 GetFontData
 0xb050d4 CreateFontIndirectW
 0xb050d8 EnumFontFamiliesExW
 0xb050dc CreateDCW
 0xb050e0 CreateCompatibleBitmap
 0xb050e4 SetWorldTransform
 0xb050e8 SetTextAlign
 0xb050ec SetTextColor
 0xb050f0 SetGraphicsMode
 0xb050f4 SetBkMode
 0xb050f8 GetCharABCWidthsI
 0xb050fc GetTextExtentPoint32W
 0xb05100 GetOutlineTextMetricsW
 0xb05104 GetGlyphOutlineW
 0xb05108 GetCharABCWidthsFloatW
 0xb0510c GetCharABCWidthsW
 0xb05110 GetBitmapBits
 0xb05114 CombineRgn
 0xb05118 SwapBuffers
 0xb0511c SetPixelFormat
 0xb05120 GetPixelFormat
 0xb05124 DescribePixelFormat
 0xb05128 CreateBitmap
 0xb0512c GetDIBits
 0xb05130 GetDeviceCaps
 0xb05134 OffsetRgn
 0xb05138 BitBlt
 0xb0513c GdiFlush
 0xb05140 CreateDIBSection
 0xb05144 SelectObject
 0xb05148 SelectClipRgn
 0xb0514c GetRegionData
 0xb05150 DeleteObject
 0xb05154 DeleteDC
 0xb05158 CreateRectRgn
 0xb0515c CreateCompatibleDC
 0xb05160 ChoosePixelFormat
ole32.dll
 0xb05720 StringFromGUID2
 0xb05724 CoTaskMemAlloc
 0xb05728 CoGetMalloc
 0xb0572c ReleaseStgMedium
 0xb05730 CoTaskMemFree
 0xb05734 DoDragDrop
 0xb05738 CoCreateInstance
 0xb0573c OleIsCurrentClipboard
 0xb05740 OleFlushClipboard
 0xb05744 OleGetClipboard
 0xb05748 OleSetClipboard
 0xb0574c CoCreateGuid
 0xb05750 CoInitialize
 0xb05754 OleUninitialize
 0xb05758 OleInitialize
 0xb0575c RevokeDragDrop
 0xb05760 RegisterDragDrop
 0xb05764 CoLockObjectExternal
 0xb05768 CoUninitialize
IMM32.dll
 0xb05168 ImmGetCompositionStringW
 0xb0516c ImmGetDefaultIMEWnd
 0xb05170 ImmGetContext
 0xb05174 ImmReleaseContext
 0xb05178 ImmAssociateContext
 0xb0517c ImmSetCandidateWindow
 0xb05180 ImmNotifyIME
 0xb05184 ImmSetCompositionWindow
 0xb05188 ImmGetVirtualKey
WINMM.dll
 0xb0563c PlaySoundW
OLEAUT32.dll
 0xb05434 SysAllocString
 0xb05438 SysAllocStringLen
 0xb0543c SysFreeString
 0xb05440 SysStringLen
 0xb05444 VariantInit
 0xb05448 VariantChangeType
 0xb0544c SystemTimeToVariantTime
SHELL32.dll
 0xb05454 SHGetPathFromIDListW
 0xb05458 SHBrowseForFolderW
 0xb0545c CommandLineToArgvW
 0xb05460 SHGetSpecialFolderPathW
 0xb05464 SHGetMalloc
 0xb05468 ShellExecuteW
 0xb0546c SHGetFileInfoW
WS2_32.dll
 0xb05690 gethostname
 0xb05694 ioctlsocket
 0xb05698 setsockopt
 0xb0569c WSAAsyncSelect
 0xb056a0 socket
 0xb056a4 htons
 0xb056a8 WSACleanup
 0xb056ac WSAIoctl
 0xb056b0 WSASetLastError
 0xb056b4 ntohs
 0xb056b8 WSAGetLastError
 0xb056bc closesocket
 0xb056c0 WSAWaitForMultipleEvents
 0xb056c4 WSAResetEvent
 0xb056c8 WSAEventSelect
 0xb056cc WSAEnumNetworkEvents
 0xb056d0 WSACreateEvent
 0xb056d4 WSACloseEvent
 0xb056d8 send
 0xb056dc getsockopt
 0xb056e0 getpeername
 0xb056e4 sendto
 0xb056e8 recvfrom
 0xb056ec freeaddrinfo
 0xb056f0 getaddrinfo
 0xb056f4 recv
 0xb056f8 listen
 0xb056fc htonl
 0xb05700 getsockname
 0xb05704 connect
 0xb05708 ind
 0xb0570c accept
 0xb05710 select
 0xb05714 WSAStartup
 0xb05718 __WSAFDIsSet
ADVAPI32.dll
 0xb05000 RegQueryInfoKeyW
 0xb05004 RegFlushKey
 0xb05008 RegEnumValueW
 0xb0500c RegEnumKeyExW
 0xb05010 RegDeleteValueW
 0xb05014 RegDeleteKeyW
 0xb05018 RegCreateKeyExW
 0xb0501c GetTokenInformation
 0xb05020 GetLengthSid
 0xb05024 FreeSid
 0xb05028 CopySid
 0xb0502c OpenProcessToken
 0xb05030 CryptAcquireContextW
 0xb05034 CryptReleaseContext
 0xb05038 CryptGenRandom
 0xb0503c CryptGetHashParam
 0xb05040 CryptCreateHash
 0xb05044 CryptHashData
 0xb05048 CryptDestroyHash
 0xb0504c CryptDestroyKey
 0xb05050 CryptImportKey
 0xb05054 CryptEncrypt
 0xb05058 RegCloseKey
 0xb0505c RegOpenKeyExW
 0xb05060 RegQueryValueExW
 0xb05064 RegSetValueExW
KERNEL32.dll
 0xb05190 RaiseException
 0xb05194 RtlUnwind
 0xb05198 EncodePointer
 0xb0519c InitializeCriticalSectionAndSpinCount
 0xb051a0 LoadLibraryExW
 0xb051a4 ExitThread
 0xb051a8 FreeLibraryAndExitThread
 0xb051ac GetCommandLineA
 0xb051b0 GetConsoleMode
 0xb051b4 InitializeSListHead
 0xb051b8 GetSystemTimeAsFileTime
 0xb051bc IsDebuggerPresent
 0xb051c0 IsProcessorFeaturePresent
 0xb051c4 SetUnhandledExceptionFilter
 0xb051c8 UnhandledExceptionFilter
 0xb051cc ReleaseMutex
 0xb051d0 CreateMutexW
 0xb051d4 VirtualAlloc
 0xb051d8 ReadConsoleW
 0xb051dc GetConsoleOutputCP
 0xb051e0 SetFileAttributesW
 0xb051e4 SetStdHandle
 0xb051e8 HeapFree
 0xb051ec HeapAlloc
 0xb051f0 HeapReAlloc
 0xb051f4 EnumSystemLocalesW
 0xb051f8 DecodePointer
 0xb051fc GetCPInfo
 0xb05200 IsValidCodePage
 0xb05204 GetACP
 0xb05208 GetOEMCP
 0xb0520c SetEnvironmentVariableW
 0xb05210 GetProcessHeap
 0xb05214 GetStringTypeW
 0xb05218 WriteConsoleW
 0xb0521c VirtualFree
 0xb05220 GetLastError
 0xb05224 SetLastError
 0xb05228 FormatMessageW
 0xb0522c GetTickCount
 0xb05230 QueryPerformanceCounter
 0xb05234 InitializeCriticalSection
 0xb05238 EnterCriticalSection
 0xb0523c LeaveCriticalSection
 0xb05240 DeleteCriticalSection
 0xb05244 FreeLibrary
 0xb05248 GetProcAddress
 0xb0524c LoadLibraryW
 0xb05250 GetModuleHandleW
 0xb05254 GetSystemDirectoryW
 0xb05258 QueryPerformanceFrequency
 0xb0525c Sleep
 0xb05260 MultiByteToWideChar
 0xb05264 WideCharToMultiByte
 0xb05268 MoveFileExW
 0xb0526c WaitForSingleObject
 0xb05270 CloseHandle
 0xb05274 GetEnvironmentVariableA
 0xb05278 WaitForMultipleObjects
 0xb0527c GetFileType
 0xb05280 GetStdHandle
 0xb05284 ReadFile
 0xb05288 PeekNamedPipe
 0xb0528c GetCurrentProcessId
 0xb05290 SleepEx
 0xb05294 VerSetConditionMask
 0xb05298 GetModuleHandleA
 0xb0529c VerifyVersionInfoW
 0xb052a0 GetFileSizeEx
 0xb052a4 CreateFileW
 0xb052a8 GetVolumeInformationW
 0xb052ac lstrcmpW
 0xb052b0 GetLongPathNameW
 0xb052b4 GetDriveTypeW
 0xb052b8 GetCurrentThreadId
 0xb052bc LocalFree
 0xb052c0 IsValidLanguageGroup
 0xb052c4 IsValidLocale
 0xb052c8 SetErrorMode
 0xb052cc ExpandEnvironmentStringsW
 0xb052d0 CreateProcessW
 0xb052d4 GetUserDefaultLangID
 0xb052d8 CheckRemoteDebuggerPresent
 0xb052dc OpenProcess
 0xb052e0 GlobalAlloc
 0xb052e4 GlobalLock
 0xb052e8 GlobalUnlock
 0xb052ec GetLocaleInfoW
 0xb052f0 LoadLibraryA
 0xb052f4 GlobalSize
 0xb052f8 SetFilePointer
 0xb052fc WriteFile
 0xb05300 CreateFileMappingW
 0xb05304 MapViewOfFile
 0xb05308 UnmapViewOfFile
 0xb0530c GetConsoleWindow
 0xb05310 ExitProcess
 0xb05314 OutputDebugStringW
 0xb05318 CompareStringW
 0xb0531c GetUserDefaultLCID
 0xb05320 GetSystemTime
 0xb05324 GetLocalTime
 0xb05328 GetCommandLineW
 0xb0532c SetEvent
 0xb05330 WaitForSingleObjectEx
 0xb05334 CreateEventW
 0xb05338 DuplicateHandle
 0xb0533c GetCurrentProcess
 0xb05340 SwitchToThread
 0xb05344 CreateThread
 0xb05348 GetCurrentThread
 0xb0534c SetThreadPriority
 0xb05350 GetThreadPriority
 0xb05354 TerminateThread
 0xb05358 ResumeThread
 0xb0535c TlsAlloc
 0xb05360 TlsGetValue
 0xb05364 TlsSetValue
 0xb05368 TlsFree
 0xb0536c GetSystemInfo
 0xb05370 LCMapStringW
 0xb05374 ResetEvent
 0xb05378 GetDateFormatW
 0xb0537c GetTimeFormatW
 0xb05380 GetCurrencyFormatW
 0xb05384 GetUserDefaultUILanguage
 0xb05388 GetFileAttributesExW
 0xb0538c GetCurrentDirectoryW
 0xb05390 CreateDirectoryW
 0xb05394 DeleteFileW
 0xb05398 FindClose
 0xb0539c FindFirstFileW
 0xb053a0 GetFileAttributesW
 0xb053a4 GetFileInformationByHandle
 0xb053a8 GetFullPathNameW
 0xb053ac GetLogicalDrives
 0xb053b0 RemoveDirectoryW
 0xb053b4 GetTempPathW
 0xb053b8 DeviceIoControl
 0xb053bc CopyFileW
 0xb053c0 MoveFileW
 0xb053c4 SystemTimeToTzSpecificLocalTime
 0xb053c8 FileTimeToSystemTime
 0xb053cc FlushFileBuffers
 0xb053d0 SetEndOfFile
 0xb053d4 SetFilePointerEx
 0xb053d8 GetStartupInfoW
 0xb053dc GetModuleFileNameW
 0xb053e0 GetEnvironmentStringsW
 0xb053e4 FreeEnvironmentStringsW
 0xb053e8 ConnectNamedPipe
 0xb053ec CreateNamedPipeW
 0xb053f0 TerminateProcess
 0xb053f4 GetExitCodeProcess
 0xb053f8 GetProcessId
 0xb053fc FindCloseChangeNotification
 0xb05400 FindFirstChangeNotificationW
 0xb05404 FindNextChangeNotification
 0xb05408 FindFirstFileExW
 0xb0540c FindNextFileW
 0xb05410 GetModuleHandleExW
 0xb05414 GetTimeZoneInformation
 0xb05418 GetGeoInfoW
 0xb0541c GetUserGeoID
 0xb05420 ReadFileEx
 0xb05424 CancelIo
 0xb05428 WriteFileEx
 0xb0542c HeapSize
WLDAP32.dll
 0xb05644 None
 0xb05648 None
 0xb0564c None
 0xb05650 None
 0xb05654 None
 0xb05658 None
 0xb0565c None
 0xb05660 None
 0xb05664 None
 0xb05668 None
 0xb0566c None
 0xb05670 None
 0xb05674 None
 0xb05678 None
 0xb0567c None
 0xb05680 None
 0xb05684 None
 0xb05688 None
CRYPT32.dll
 0xb0506c CertFreeCertificateChain
 0xb05070 CertGetCertificateChain
 0xb05074 CertFreeCertificateChainEngine
 0xb05078 CertCreateCertificateChainEngine
 0xb0507c CryptQueryObject
 0xb05080 CertFindExtension
 0xb05084 CertAddCertificateContextToStore
 0xb05088 CryptDecodeObjectEx
 0xb0508c PFXImportCertStore
 0xb05090 CryptStringToBinaryW
 0xb05094 CertFreeCertificateContext
 0xb05098 CertFindCertificateInStore
 0xb0509c CertEnumCertificatesInStore
 0xb050a0 CertCloseStore
 0xb050a4 CertOpenStore
USER32.dll
 0xb05474 CharNextExA
 0xb05478 PostThreadMessageW
 0xb0547c CallNextHookEx
 0xb05480 UnhookWindowsHookEx
 0xb05484 SetWindowsHookExW
 0xb05488 KillTimer
 0xb0548c SetTimer
 0xb05490 MsgWaitForMultipleObjectsEx
 0xb05494 GetQueueStatus
 0xb05498 DispatchMessageW
 0xb0549c TranslateMessage
 0xb054a0 DrawIconEx
 0xb054a4 MessageBoxW
 0xb054a8 GetDC
 0xb054ac ReleaseDC
 0xb054b0 GetSystemMenu
 0xb054b4 EnableMenuItem
 0xb054b8 GetSystemMetrics
 0xb054bc GetSysColor
 0xb054c0 SystemParametersInfoW
 0xb054c4 DefWindowProcW
 0xb054c8 DestroyWindow
 0xb054cc SetWindowRgn
 0xb054d0 GetDoubleClickTime
 0xb054d4 IsWindow
 0xb054d8 MessageBeep
 0xb054dc GetCaretBlinkTime
 0xb054e0 GetDesktopWindow
 0xb054e4 SendMessageW
 0xb054e8 PostMessageW
 0xb054ec AttachThreadInput
 0xb054f0 CreateWindowExW
 0xb054f4 IsChild
 0xb054f8 ShowWindow
 0xb054fc FlashWindowEx
 0xb05500 MoveWindow
 0xb05504 SetWindowPos
 0xb05508 GetWindowPlacement
 0xb0550c SetWindowPlacement
 0xb05510 IsWindowVisible
 0xb05514 IsIconic
 0xb05518 SetFocus
 0xb0551c GetCapture
 0xb05520 SetCapture
 0xb05524 ReleaseCapture
 0xb05528 GetForegroundWindow
 0xb0552c SetForegroundWindow
 0xb05530 BeginPaint
 0xb05534 EndPaint
 0xb05538 GetUpdateRect
 0xb0553c InvalidateRect
 0xb05540 SetWindowTextW
 0xb05544 GetWindowRect
 0xb05548 AdjustWindowRectEx
 0xb0554c SetCursor
 0xb05550 ClientToScreen
 0xb05554 ScreenToClient
 0xb05558 GetWindowLongW
 0xb0555c SetWindowLongW
 0xb05560 GetParent
 0xb05564 SetParent
 0xb05568 GetWindowThreadProcessId
 0xb0556c DestroyCursor
 0xb05570 DestroyIcon
 0xb05574 GetAncestor
 0xb05578 GetKeyboardLayoutList
 0xb0557c UnregisterClassW
 0xb05580 GetClassInfoW
 0xb05584 RegisterClassExW
 0xb05588 GetFocus
 0xb0558c GetClientRect
 0xb05590 GetCursorPos
 0xb05594 ChildWindowFromPointEx
 0xb05598 GetSysColorBrush
 0xb0559c LoadImageW
 0xb055a0 GetMonitorInfoW
 0xb055a4 EnumDisplayMonitors
 0xb055a8 LoadIconW
 0xb055ac SetClipboardViewer
 0xb055b0 ChangeClipboardChain
 0xb055b4 RegisterClipboardFormatW
 0xb055b8 GetAsyncKeyState
 0xb055bc GetKeyboardLayout
 0xb055c0 RegisterWindowMessageW
 0xb055c4 CreateCaret
 0xb055c8 DestroyCaret
 0xb055cc HideCaret
 0xb055d0 SetCaretPos
 0xb055d4 PeekMessageW
 0xb055d8 IsZoomed
 0xb055dc GetKeyState
 0xb055e0 GetKeyboardState
 0xb055e4 ToAscii
 0xb055e8 ToUnicode
 0xb055ec MapVirtualKeyW
 0xb055f0 GetMenu
 0xb055f4 TrackPopupMenuEx
 0xb055f8 SetMenuItemInfoW
 0xb055fc NotifyWinEvent
 0xb05600 SetCursorPos
 0xb05604 GetCursor
 0xb05608 LoadCursorW
 0xb0560c CreateCursor
 0xb05610 CreateIconIndirect
 0xb05614 GetIconInfo
 0xb05618 GetCursorInfo
 0xb0561c RegisterClassW
 0xb05620 GetClipboardFormatNameW
 0xb05624 TrackMouseEvent
 0xb05628 GetMessageExtraInfo
 0xb0562c GetWindowTextW
 0xb05630 EnumWindows
 0xb05634 RealGetWindowClassW

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure