When we look at the import section of the PE Bear output, based on IAT information, we can see that there are several different Window DLL is loading; ; kernel32.dll, user32.dll, gdi32.dll, advapi32.dll, shell32.dll and shlwapi.dll. We can also take a look at our malicious file on IDA Pro before