ScreenShot
| Created | 2021.04.10 09:22 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (malicious, high confidence, Miner, CoinMiner, BitMiner, H8oAwk0A, Unsafe, Miners, confidence, Eldorado, CoinminerX, RiskTool, iowycx, ApplicUnwnt@#27bqim17uj78e, MALXMR, Static AI, Suspicious PE, ccsa, score, R226842, GenericRXAA, ai score=70, BitCoinMiner, R002H0CC821, HackTool, XMRMiner, CLASSIC, DBYU07VOjQ0, susgen) | ||
| md5 | aa318a599fee3d322d6b5fa6d4b568de | ||
| sha256 | 9b324b9905c4e32ccf5cba0249ab82262173486f6382e170cbf2fafab1846fd9 | ||
| ssdeep | 98304:A8mbRhIPA7LGtp8c0GgM7hdcMmF2YH09lIyr8Libh8jzacrUfN+yeLEE7iO7pQkS:IGhQL0PKiO9ksDoYdRI | ||
| imphash | a0a4be492eab39394d440335c7029fc5 | ||
| impfuzzy | 192:5mShLrx+EScwA9Si9pdJ0cjSFz4QmK0Td3wg0MR6:bz+Bch9SiHu+KGd3wg0MQ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | bitcoin | Perform crypto currency mining | binaries (upload) |
| info | create_service | Create a windows service | binaries (upload) |
| info | escalate_priv | Escalade priviledges | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsConsole | (no description) | binaries (upload) |
| info | keylogger | Run a keylogger | binaries (upload) |
| info | network_dns | Communications use DNS | binaries (upload) |
| info | network_tcp_listen | Listen for incoming communication | binaries (upload) |
| info | network_tcp_socket | Communications over RAW socket | binaries (upload) |
| info | network_udp_sock | Communications over UDP network | binaries (upload) |
| info | Str_Win32_Winsock2_Library | Match Winsock 2 API library declaration | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
| info | win_token | Affect system token | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xe16fd8 AdjustTokenPrivileges
0xe16fe0 AllocateAndInitializeSid
0xe16fe8 CloseServiceHandle
0xe16ff0 ControlService
0xe16ff8 CreateServiceW
0xe17000 CryptAcquireContextW
0xe17008 CryptCreateHash
0xe17010 CryptDecrypt
0xe17018 CryptDestroyHash
0xe17020 CryptDestroyKey
0xe17028 CryptEnumProvidersW
0xe17030 CryptExportKey
0xe17038 CryptGenRandom
0xe17040 CryptGetProvParam
0xe17048 CryptGetUserKey
0xe17050 CryptReleaseContext
0xe17058 CryptSetHashParam
0xe17060 CryptSignHashW
0xe17068 DeleteService
0xe17070 DeregisterEventSource
0xe17078 FreeSid
0xe17080 GetSecurityInfo
0xe17088 GetTokenInformation
0xe17090 GetUserNameW
0xe17098 LookupPrivilegeValueW
0xe170a0 LsaAddAccountRights
0xe170a8 LsaClose
0xe170b0 LsaOpenPolicy
0xe170b8 OpenProcessToken
0xe170c0 OpenSCManagerW
0xe170c8 OpenServiceW
0xe170d0 QueryServiceConfigA
0xe170d8 QueryServiceStatus
0xe170e0 RegCloseKey
0xe170e8 RegGetValueW
0xe170f0 RegOpenKeyExW
0xe170f8 RegQueryValueExW
0xe17100 RegisterEventSourceW
0xe17108 ReportEventW
0xe17110 SetEntriesInAclA
0xe17118 SetSecurityInfo
0xe17120 StartServiceW
0xe17128 SystemFunction036
CRYPT32.dll
0xe17138 CertCloseStore
0xe17140 CertDuplicateCertificateContext
0xe17148 CertEnumCertificatesInStore
0xe17150 CertFindCertificateInStore
0xe17158 CertFreeCertificateContext
0xe17160 CertGetCertificateContextProperty
0xe17168 CertOpenStore
IPHLPAPI.DLL
0xe17178 ConvertInterfaceIndexToLuid
0xe17180 ConvertInterfaceLuidToNameW
0xe17188 GetAdaptersAddresses
KERNEL32.dll
0xe17198 AddVectoredExceptionHandler
0xe171a0 AssignProcessToJobObject
0xe171a8 CancelIo
0xe171b0 CancelIoEx
0xe171b8 CancelSynchronousIo
0xe171c0 CloseHandle
0xe171c8 ConnectNamedPipe
0xe171d0 ConvertFiberToThread
0xe171d8 ConvertThreadToFiber
0xe171e0 CopyFileW
0xe171e8 CreateDirectoryW
0xe171f0 CreateEventA
0xe171f8 CreateFiber
0xe17200 CreateFileA
0xe17208 CreateFileMappingA
0xe17210 CreateFileW
0xe17218 CreateHardLinkW
0xe17220 CreateIoCompletionPort
0xe17228 CreateJobObjectW
0xe17230 CreateNamedPipeA
0xe17238 CreateNamedPipeW
0xe17240 CreateProcessW
0xe17248 CreateSemaphoreA
0xe17250 CreateSemaphoreW
0xe17258 CreateSymbolicLinkW
0xe17260 CreateToolhelp32Snapshot
0xe17268 DebugBreak
0xe17270 DeleteCriticalSection
0xe17278 DeleteFiber
0xe17280 DeviceIoControl
0xe17288 DuplicateHandle
0xe17290 EnterCriticalSection
0xe17298 ExpandEnvironmentStringsA
0xe172a0 FileTimeToSystemTime
0xe172a8 FillConsoleOutputAttribute
0xe172b0 FillConsoleOutputCharacterW
0xe172b8 FindClose
0xe172c0 FindFirstFileW
0xe172c8 FindNextFileW
0xe172d0 FindResourceW
0xe172d8 FlushFileBuffers
0xe172e0 FlushInstructionCache
0xe172e8 FlushViewOfFile
0xe172f0 FormatMessageA
0xe172f8 FormatMessageW
0xe17300 FreeConsole
0xe17308 FreeEnvironmentStringsW
0xe17310 FreeLibrary
0xe17318 GetComputerNameA
0xe17320 GetConsoleCursorInfo
0xe17328 GetConsoleMode
0xe17330 GetConsoleScreenBufferInfo
0xe17338 GetConsoleTitleW
0xe17340 GetConsoleWindow
0xe17348 GetCurrentDirectoryW
0xe17350 GetCurrentProcess
0xe17358 GetCurrentProcessId
0xe17360 GetCurrentThread
0xe17368 GetCurrentThreadId
0xe17370 GetDiskFreeSpaceW
0xe17378 GetEnvironmentStringsW
0xe17380 GetEnvironmentVariableW
0xe17388 GetExitCodeProcess
0xe17390 GetFileAttributesA
0xe17398 GetFileAttributesW
0xe173a0 GetFileInformationByHandle
0xe173a8 GetFileInformationByHandleEx
0xe173b0 GetFileSizeEx
0xe173b8 GetFileType
0xe173c0 GetFinalPathNameByHandleW
0xe173c8 GetFullPathNameW
0xe173d0 GetHandleInformation
0xe173d8 GetLargePageMinimum
0xe173e0 GetLastError
0xe173e8 GetLongPathNameW
0xe173f0 GetModuleFileNameA
0xe173f8 GetModuleFileNameW
0xe17400 GetModuleHandleA
0xe17408 GetModuleHandleExW
0xe17410 GetModuleHandleW
0xe17418 GetNamedPipeHandleStateA
0xe17420 GetNativeSystemInfo
0xe17428 GetNumberOfConsoleInputEvents
0xe17430 GetPriorityClass
0xe17438 GetProcAddress
0xe17440 GetProcessAffinityMask
0xe17448 GetProcessHeap
0xe17450 GetProcessIoCounters
0xe17458 GetProcessTimes
0xe17460 GetQueuedCompletionStatus
0xe17468 GetShortPathNameW
0xe17470 GetStartupInfoA
0xe17478 GetStartupInfoW
0xe17480 GetStdHandle
0xe17488 GetSystemFirmwareTable
0xe17490 GetSystemInfo
0xe17498 GetSystemPowerStatus
0xe174a0 GetSystemTime
0xe174a8 GetSystemTimeAdjustment
0xe174b0 GetSystemTimeAsFileTime
0xe174b8 GetTempPathW
0xe174c0 GetThreadContext
0xe174c8 GetThreadPriority
0xe174d0 GetThreadTimes
0xe174d8 GetTickCount
0xe174e0 GetTickCount64
0xe174e8 GetVersion
0xe174f0 GetVersionExA
0xe174f8 GetVersionExW
0xe17500 GlobalMemoryStatusEx
0xe17508 HeapAlloc
0xe17510 HeapFree
0xe17518 InitializeConditionVariable
0xe17520 InitializeCriticalSection
0xe17528 InitializeCriticalSectionAndSpinCount
0xe17530 IsDBCSLeadByteEx
0xe17538 IsDebuggerPresent
0xe17540 K32GetProcessMemoryInfo
0xe17548 LCMapStringW
0xe17550 LeaveCriticalSection
0xe17558 LoadLibraryA
0xe17560 LoadLibraryExW
0xe17568 LoadLibraryW
0xe17570 LoadResource
0xe17578 LocalAlloc
0xe17580 LocalFree
0xe17588 LockResource
0xe17590 MapViewOfFile
0xe17598 MoveFileExW
0xe175a0 MultiByteToWideChar
0xe175a8 OpenProcess
0xe175b0 OutputDebugStringA
0xe175b8 PeekNamedPipe
0xe175c0 PostQueuedCompletionStatus
0xe175c8 Process32First
0xe175d0 Process32Next
0xe175d8 QueryPerformanceCounter
0xe175e0 QueryPerformanceFrequency
0xe175e8 QueueUserWorkItem
0xe175f0 RaiseException
0xe175f8 ReOpenFile
0xe17600 ReadConsoleA
0xe17608 ReadConsoleInputW
0xe17610 ReadConsoleW
0xe17618 ReadDirectoryChangesW
0xe17620 ReadFile
0xe17628 RegisterWaitForSingleObject
0xe17630 ReleaseSemaphore
0xe17638 RemoveDirectoryW
0xe17640 RemoveVectoredExceptionHandler
0xe17648 ResetEvent
0xe17650 ResumeThread
0xe17658 RtlCaptureContext
0xe17660 RtlLookupFunctionEntry
0xe17668 RtlUnwindEx
0xe17670 RtlVirtualUnwind
0xe17678 SetConsoleCtrlHandler
0xe17680 SetConsoleCursorInfo
0xe17688 SetConsoleCursorPosition
0xe17690 SetConsoleMode
0xe17698 SetConsoleTextAttribute
0xe176a0 SetConsoleTitleA
0xe176a8 SetConsoleTitleW
0xe176b0 SetCurrentDirectoryW
0xe176b8 SetEnvironmentVariableW
0xe176c0 SetErrorMode
0xe176c8 SetEvent
0xe176d0 SetFileCompletionNotificationModes
0xe176d8 SetFilePointerEx
0xe176e0 SetFileTime
0xe176e8 SetHandleInformation
0xe176f0 SetInformationJobObject
0xe176f8 SetLastError
0xe17700 SetNamedPipeHandleState
0xe17708 SetPriorityClass
0xe17710 SetProcessAffinityMask
0xe17718 SetSystemTime
0xe17720 SetThreadAffinityMask
0xe17728 SetThreadContext
0xe17730 SetThreadPriority
0xe17738 SetUnhandledExceptionFilter
0xe17740 SizeofResource
0xe17748 Sleep
0xe17750 SleepConditionVariableCS
0xe17758 SuspendThread
0xe17760 SwitchToFiber
0xe17768 SwitchToThread
0xe17770 SystemTimeToFileTime
0xe17778 TerminateProcess
0xe17780 TlsAlloc
0xe17788 TlsFree
0xe17790 TlsGetValue
0xe17798 TlsSetValue
0xe177a0 TryEnterCriticalSection
0xe177a8 UnmapViewOfFile
0xe177b0 UnregisterWait
0xe177b8 UnregisterWaitEx
0xe177c0 VerSetConditionMask
0xe177c8 VerifyVersionInfoA
0xe177d0 VirtualAlloc
0xe177d8 VirtualFree
0xe177e0 VirtualProtect
0xe177e8 VirtualQuery
0xe177f0 WaitForMultipleObjects
0xe177f8 WaitForSingleObject
0xe17800 WaitNamedPipeW
0xe17808 WakeAllConditionVariable
0xe17810 WakeConditionVariable
0xe17818 WideCharToMultiByte
0xe17820 WriteConsoleInputW
0xe17828 WriteConsoleW
0xe17830 WriteFile
0xe17838 __C_specific_handler
msvcrt.dll
0xe17848 ___lc_codepage_func
0xe17850 ___mb_cur_max_func
0xe17858 __argv
0xe17860 __doserrno
0xe17868 __getmainargs
0xe17870 __initenv
0xe17878 __iob_func
0xe17880 __lconv_init
0xe17888 __set_app_type
0xe17890 __setusermatherr
0xe17898 _acmdln
0xe178a0 _aligned_free
0xe178a8 _aligned_malloc
0xe178b0 _amsg_exit
0xe178b8 _assert
0xe178c0 _beginthreadex
0xe178c8 _cexit
0xe178d0 _close
0xe178d8 _commode
0xe178e0 _close
0xe178e8 _endthreadex
0xe178f0 _errno
0xe178f8 _exit
0xe17900 _fdopen
0xe17908 _filelengthi64
0xe17910 _fileno
0xe17918 _findclose
0xe17920 _findfirst64
0xe17928 _fileno
0xe17930 _findnext64
0xe17938 _fmode
0xe17940 _fstat64
0xe17948 _fullpath
0xe17950 _get_osfhandle
0xe17958 _gmtime64
0xe17960 _initterm
0xe17968 _isatty
0xe17970 _localtime64
0xe17978 _lock
0xe17980 _lseeki64
0xe17988 _mkdir
0xe17990 _onexit
0xe17998 _open
0xe179a0 _open_osfhandle
0xe179a8 _read
0xe179b0 _read
0xe179b8 _setjmp
0xe179c0 _setmode
0xe179c8 _snwprintf
0xe179d0 _stat64
0xe179d8 _strdup
0xe179e0 _strdup
0xe179e8 _stricmp
0xe179f0 _strnicmp
0xe179f8 _time64
0xe17a00 _ultoa
0xe17a08 _umask
0xe17a10 _unlock
0xe17a18 _vscprintf
0xe17a20 _vsnprintf
0xe17a28 _vsnwprintf
0xe17a30 _wchmod
0xe17a38 _wcsdup
0xe17a40 _wcsnicmp
0xe17a48 _wcsrev
0xe17a50 _wfopen
0xe17a58 _wopen
0xe17a60 _write
0xe17a68 _write
0xe17a70 _wrmdir
0xe17a78 abort
0xe17a80 atof
0xe17a88 atoi
0xe17a90 calloc
0xe17a98 exit
0xe17aa0 fclose
0xe17aa8 feof
0xe17ab0 ferror
0xe17ab8 fflush
0xe17ac0 fgetpos
0xe17ac8 fgets
0xe17ad0 fopen
0xe17ad8 fprintf
0xe17ae0 fputc
0xe17ae8 fputs
0xe17af0 fread
0xe17af8 free
0xe17b00 fseek
0xe17b08 fsetpos
0xe17b10 ftell
0xe17b18 fwrite
0xe17b20 getc
0xe17b28 getenv
0xe17b30 getwc
0xe17b38 islower
0xe17b40 isspace
0xe17b48 isupper
0xe17b50 iswctype
0xe17b58 localeconv
0xe17b60 longjmp
0xe17b68 malloc
0xe17b70 memchr
0xe17b78 memcmp
0xe17b80 memcpy
0xe17b88 memmove
0xe17b90 memset
0xe17b98 printf
0xe17ba0 putc
0xe17ba8 putchar
0xe17bb0 puts
0xe17bb8 putwc
0xe17bc0 qsort
0xe17bc8 raise
0xe17bd0 rand
0xe17bd8 realloc
0xe17be0 setlocale
0xe17be8 setvbuf
0xe17bf0 signal
0xe17bf8 sprintf
0xe17c00 srand
0xe17c08 sscanf
0xe17c10 strcat
0xe17c18 strchr
0xe17c20 strcmp
0xe17c28 strcoll
0xe17c30 strcpy
0xe17c38 strcspn
0xe17c40 strerror
0xe17c48 strftime
0xe17c50 strlen
0xe17c58 strncmp
0xe17c60 strncpy
0xe17c68 strrchr
0xe17c70 strspn
0xe17c78 strstr
0xe17c80 strtol
0xe17c88 strtoul
0xe17c90 strxfrm
0xe17c98 tolower
0xe17ca0 toupper
0xe17ca8 towlower
0xe17cb0 towupper
0xe17cb8 ungetc
0xe17cc0 ungetwc
0xe17cc8 vfprintf
0xe17cd0 wcschr
0xe17cd8 wcscmp
0xe17ce0 wcscoll
0xe17ce8 wcscpy
0xe17cf0 wcsftime
0xe17cf8 wcslen
0xe17d00 wcsncmp
0xe17d08 wcsncpy
0xe17d10 wcspbrk
0xe17d18 wcsrchr
0xe17d20 wcsstr
0xe17d28 wcstombs
0xe17d30 wcsxfrm
SHELL32.dll
0xe17d40 SHGetSpecialFolderPathA
USER32.dll
0xe17d50 DispatchMessageA
0xe17d58 GetLastInputInfo
0xe17d60 GetMessageA
0xe17d68 GetProcessWindowStation
0xe17d70 GetSystemMetrics
0xe17d78 GetUserObjectInformationW
0xe17d80 MapVirtualKeyW
0xe17d88 MessageBoxW
0xe17d90 ShowWindow
0xe17d98 TranslateMessage
USERENV.dll
0xe17da8 GetUserProfileDirectoryW
WS2_32.dll
0xe17db8 FreeAddrInfoW
0xe17dc0 GetAddrInfoW
0xe17dc8 WSACleanup
0xe17dd0 WSADuplicateSocketW
0xe17dd8 WSAGetLastError
0xe17de0 WSAGetOverlappedResult
0xe17de8 WSAIoctl
0xe17df0 WSARecv
0xe17df8 WSARecvFrom
0xe17e00 WSASend
0xe17e08 WSASendTo
0xe17e10 WSASetLastError
0xe17e18 WSASocketW
0xe17e20 WSAStartup
0xe17e28 accept
0xe17e30 ind
0xe17e38 closesocket
0xe17e40 connect
0xe17e48 freeaddrinfo
0xe17e50 getaddrinfo
0xe17e58 gethostbyname
0xe17e60 gethostname
0xe17e68 getnameinfo
0xe17e70 getpeername
0xe17e78 getsockname
0xe17e80 getsockopt
0xe17e88 htonl
0xe17e90 htons
0xe17e98 ioctlsocket
0xe17ea0 listen
0xe17ea8 ntohs
0xe17eb0 recv
0xe17eb8 select
0xe17ec0 send
0xe17ec8 setsockopt
0xe17ed0 shutdown
0xe17ed8 socket
EAT(Export Address Table) is none
ADVAPI32.dll
0xe16fd8 AdjustTokenPrivileges
0xe16fe0 AllocateAndInitializeSid
0xe16fe8 CloseServiceHandle
0xe16ff0 ControlService
0xe16ff8 CreateServiceW
0xe17000 CryptAcquireContextW
0xe17008 CryptCreateHash
0xe17010 CryptDecrypt
0xe17018 CryptDestroyHash
0xe17020 CryptDestroyKey
0xe17028 CryptEnumProvidersW
0xe17030 CryptExportKey
0xe17038 CryptGenRandom
0xe17040 CryptGetProvParam
0xe17048 CryptGetUserKey
0xe17050 CryptReleaseContext
0xe17058 CryptSetHashParam
0xe17060 CryptSignHashW
0xe17068 DeleteService
0xe17070 DeregisterEventSource
0xe17078 FreeSid
0xe17080 GetSecurityInfo
0xe17088 GetTokenInformation
0xe17090 GetUserNameW
0xe17098 LookupPrivilegeValueW
0xe170a0 LsaAddAccountRights
0xe170a8 LsaClose
0xe170b0 LsaOpenPolicy
0xe170b8 OpenProcessToken
0xe170c0 OpenSCManagerW
0xe170c8 OpenServiceW
0xe170d0 QueryServiceConfigA
0xe170d8 QueryServiceStatus
0xe170e0 RegCloseKey
0xe170e8 RegGetValueW
0xe170f0 RegOpenKeyExW
0xe170f8 RegQueryValueExW
0xe17100 RegisterEventSourceW
0xe17108 ReportEventW
0xe17110 SetEntriesInAclA
0xe17118 SetSecurityInfo
0xe17120 StartServiceW
0xe17128 SystemFunction036
CRYPT32.dll
0xe17138 CertCloseStore
0xe17140 CertDuplicateCertificateContext
0xe17148 CertEnumCertificatesInStore
0xe17150 CertFindCertificateInStore
0xe17158 CertFreeCertificateContext
0xe17160 CertGetCertificateContextProperty
0xe17168 CertOpenStore
IPHLPAPI.DLL
0xe17178 ConvertInterfaceIndexToLuid
0xe17180 ConvertInterfaceLuidToNameW
0xe17188 GetAdaptersAddresses
KERNEL32.dll
0xe17198 AddVectoredExceptionHandler
0xe171a0 AssignProcessToJobObject
0xe171a8 CancelIo
0xe171b0 CancelIoEx
0xe171b8 CancelSynchronousIo
0xe171c0 CloseHandle
0xe171c8 ConnectNamedPipe
0xe171d0 ConvertFiberToThread
0xe171d8 ConvertThreadToFiber
0xe171e0 CopyFileW
0xe171e8 CreateDirectoryW
0xe171f0 CreateEventA
0xe171f8 CreateFiber
0xe17200 CreateFileA
0xe17208 CreateFileMappingA
0xe17210 CreateFileW
0xe17218 CreateHardLinkW
0xe17220 CreateIoCompletionPort
0xe17228 CreateJobObjectW
0xe17230 CreateNamedPipeA
0xe17238 CreateNamedPipeW
0xe17240 CreateProcessW
0xe17248 CreateSemaphoreA
0xe17250 CreateSemaphoreW
0xe17258 CreateSymbolicLinkW
0xe17260 CreateToolhelp32Snapshot
0xe17268 DebugBreak
0xe17270 DeleteCriticalSection
0xe17278 DeleteFiber
0xe17280 DeviceIoControl
0xe17288 DuplicateHandle
0xe17290 EnterCriticalSection
0xe17298 ExpandEnvironmentStringsA
0xe172a0 FileTimeToSystemTime
0xe172a8 FillConsoleOutputAttribute
0xe172b0 FillConsoleOutputCharacterW
0xe172b8 FindClose
0xe172c0 FindFirstFileW
0xe172c8 FindNextFileW
0xe172d0 FindResourceW
0xe172d8 FlushFileBuffers
0xe172e0 FlushInstructionCache
0xe172e8 FlushViewOfFile
0xe172f0 FormatMessageA
0xe172f8 FormatMessageW
0xe17300 FreeConsole
0xe17308 FreeEnvironmentStringsW
0xe17310 FreeLibrary
0xe17318 GetComputerNameA
0xe17320 GetConsoleCursorInfo
0xe17328 GetConsoleMode
0xe17330 GetConsoleScreenBufferInfo
0xe17338 GetConsoleTitleW
0xe17340 GetConsoleWindow
0xe17348 GetCurrentDirectoryW
0xe17350 GetCurrentProcess
0xe17358 GetCurrentProcessId
0xe17360 GetCurrentThread
0xe17368 GetCurrentThreadId
0xe17370 GetDiskFreeSpaceW
0xe17378 GetEnvironmentStringsW
0xe17380 GetEnvironmentVariableW
0xe17388 GetExitCodeProcess
0xe17390 GetFileAttributesA
0xe17398 GetFileAttributesW
0xe173a0 GetFileInformationByHandle
0xe173a8 GetFileInformationByHandleEx
0xe173b0 GetFileSizeEx
0xe173b8 GetFileType
0xe173c0 GetFinalPathNameByHandleW
0xe173c8 GetFullPathNameW
0xe173d0 GetHandleInformation
0xe173d8 GetLargePageMinimum
0xe173e0 GetLastError
0xe173e8 GetLongPathNameW
0xe173f0 GetModuleFileNameA
0xe173f8 GetModuleFileNameW
0xe17400 GetModuleHandleA
0xe17408 GetModuleHandleExW
0xe17410 GetModuleHandleW
0xe17418 GetNamedPipeHandleStateA
0xe17420 GetNativeSystemInfo
0xe17428 GetNumberOfConsoleInputEvents
0xe17430 GetPriorityClass
0xe17438 GetProcAddress
0xe17440 GetProcessAffinityMask
0xe17448 GetProcessHeap
0xe17450 GetProcessIoCounters
0xe17458 GetProcessTimes
0xe17460 GetQueuedCompletionStatus
0xe17468 GetShortPathNameW
0xe17470 GetStartupInfoA
0xe17478 GetStartupInfoW
0xe17480 GetStdHandle
0xe17488 GetSystemFirmwareTable
0xe17490 GetSystemInfo
0xe17498 GetSystemPowerStatus
0xe174a0 GetSystemTime
0xe174a8 GetSystemTimeAdjustment
0xe174b0 GetSystemTimeAsFileTime
0xe174b8 GetTempPathW
0xe174c0 GetThreadContext
0xe174c8 GetThreadPriority
0xe174d0 GetThreadTimes
0xe174d8 GetTickCount
0xe174e0 GetTickCount64
0xe174e8 GetVersion
0xe174f0 GetVersionExA
0xe174f8 GetVersionExW
0xe17500 GlobalMemoryStatusEx
0xe17508 HeapAlloc
0xe17510 HeapFree
0xe17518 InitializeConditionVariable
0xe17520 InitializeCriticalSection
0xe17528 InitializeCriticalSectionAndSpinCount
0xe17530 IsDBCSLeadByteEx
0xe17538 IsDebuggerPresent
0xe17540 K32GetProcessMemoryInfo
0xe17548 LCMapStringW
0xe17550 LeaveCriticalSection
0xe17558 LoadLibraryA
0xe17560 LoadLibraryExW
0xe17568 LoadLibraryW
0xe17570 LoadResource
0xe17578 LocalAlloc
0xe17580 LocalFree
0xe17588 LockResource
0xe17590 MapViewOfFile
0xe17598 MoveFileExW
0xe175a0 MultiByteToWideChar
0xe175a8 OpenProcess
0xe175b0 OutputDebugStringA
0xe175b8 PeekNamedPipe
0xe175c0 PostQueuedCompletionStatus
0xe175c8 Process32First
0xe175d0 Process32Next
0xe175d8 QueryPerformanceCounter
0xe175e0 QueryPerformanceFrequency
0xe175e8 QueueUserWorkItem
0xe175f0 RaiseException
0xe175f8 ReOpenFile
0xe17600 ReadConsoleA
0xe17608 ReadConsoleInputW
0xe17610 ReadConsoleW
0xe17618 ReadDirectoryChangesW
0xe17620 ReadFile
0xe17628 RegisterWaitForSingleObject
0xe17630 ReleaseSemaphore
0xe17638 RemoveDirectoryW
0xe17640 RemoveVectoredExceptionHandler
0xe17648 ResetEvent
0xe17650 ResumeThread
0xe17658 RtlCaptureContext
0xe17660 RtlLookupFunctionEntry
0xe17668 RtlUnwindEx
0xe17670 RtlVirtualUnwind
0xe17678 SetConsoleCtrlHandler
0xe17680 SetConsoleCursorInfo
0xe17688 SetConsoleCursorPosition
0xe17690 SetConsoleMode
0xe17698 SetConsoleTextAttribute
0xe176a0 SetConsoleTitleA
0xe176a8 SetConsoleTitleW
0xe176b0 SetCurrentDirectoryW
0xe176b8 SetEnvironmentVariableW
0xe176c0 SetErrorMode
0xe176c8 SetEvent
0xe176d0 SetFileCompletionNotificationModes
0xe176d8 SetFilePointerEx
0xe176e0 SetFileTime
0xe176e8 SetHandleInformation
0xe176f0 SetInformationJobObject
0xe176f8 SetLastError
0xe17700 SetNamedPipeHandleState
0xe17708 SetPriorityClass
0xe17710 SetProcessAffinityMask
0xe17718 SetSystemTime
0xe17720 SetThreadAffinityMask
0xe17728 SetThreadContext
0xe17730 SetThreadPriority
0xe17738 SetUnhandledExceptionFilter
0xe17740 SizeofResource
0xe17748 Sleep
0xe17750 SleepConditionVariableCS
0xe17758 SuspendThread
0xe17760 SwitchToFiber
0xe17768 SwitchToThread
0xe17770 SystemTimeToFileTime
0xe17778 TerminateProcess
0xe17780 TlsAlloc
0xe17788 TlsFree
0xe17790 TlsGetValue
0xe17798 TlsSetValue
0xe177a0 TryEnterCriticalSection
0xe177a8 UnmapViewOfFile
0xe177b0 UnregisterWait
0xe177b8 UnregisterWaitEx
0xe177c0 VerSetConditionMask
0xe177c8 VerifyVersionInfoA
0xe177d0 VirtualAlloc
0xe177d8 VirtualFree
0xe177e0 VirtualProtect
0xe177e8 VirtualQuery
0xe177f0 WaitForMultipleObjects
0xe177f8 WaitForSingleObject
0xe17800 WaitNamedPipeW
0xe17808 WakeAllConditionVariable
0xe17810 WakeConditionVariable
0xe17818 WideCharToMultiByte
0xe17820 WriteConsoleInputW
0xe17828 WriteConsoleW
0xe17830 WriteFile
0xe17838 __C_specific_handler
msvcrt.dll
0xe17848 ___lc_codepage_func
0xe17850 ___mb_cur_max_func
0xe17858 __argv
0xe17860 __doserrno
0xe17868 __getmainargs
0xe17870 __initenv
0xe17878 __iob_func
0xe17880 __lconv_init
0xe17888 __set_app_type
0xe17890 __setusermatherr
0xe17898 _acmdln
0xe178a0 _aligned_free
0xe178a8 _aligned_malloc
0xe178b0 _amsg_exit
0xe178b8 _assert
0xe178c0 _beginthreadex
0xe178c8 _cexit
0xe178d0 _close
0xe178d8 _commode
0xe178e0 _close
0xe178e8 _endthreadex
0xe178f0 _errno
0xe178f8 _exit
0xe17900 _fdopen
0xe17908 _filelengthi64
0xe17910 _fileno
0xe17918 _findclose
0xe17920 _findfirst64
0xe17928 _fileno
0xe17930 _findnext64
0xe17938 _fmode
0xe17940 _fstat64
0xe17948 _fullpath
0xe17950 _get_osfhandle
0xe17958 _gmtime64
0xe17960 _initterm
0xe17968 _isatty
0xe17970 _localtime64
0xe17978 _lock
0xe17980 _lseeki64
0xe17988 _mkdir
0xe17990 _onexit
0xe17998 _open
0xe179a0 _open_osfhandle
0xe179a8 _read
0xe179b0 _read
0xe179b8 _setjmp
0xe179c0 _setmode
0xe179c8 _snwprintf
0xe179d0 _stat64
0xe179d8 _strdup
0xe179e0 _strdup
0xe179e8 _stricmp
0xe179f0 _strnicmp
0xe179f8 _time64
0xe17a00 _ultoa
0xe17a08 _umask
0xe17a10 _unlock
0xe17a18 _vscprintf
0xe17a20 _vsnprintf
0xe17a28 _vsnwprintf
0xe17a30 _wchmod
0xe17a38 _wcsdup
0xe17a40 _wcsnicmp
0xe17a48 _wcsrev
0xe17a50 _wfopen
0xe17a58 _wopen
0xe17a60 _write
0xe17a68 _write
0xe17a70 _wrmdir
0xe17a78 abort
0xe17a80 atof
0xe17a88 atoi
0xe17a90 calloc
0xe17a98 exit
0xe17aa0 fclose
0xe17aa8 feof
0xe17ab0 ferror
0xe17ab8 fflush
0xe17ac0 fgetpos
0xe17ac8 fgets
0xe17ad0 fopen
0xe17ad8 fprintf
0xe17ae0 fputc
0xe17ae8 fputs
0xe17af0 fread
0xe17af8 free
0xe17b00 fseek
0xe17b08 fsetpos
0xe17b10 ftell
0xe17b18 fwrite
0xe17b20 getc
0xe17b28 getenv
0xe17b30 getwc
0xe17b38 islower
0xe17b40 isspace
0xe17b48 isupper
0xe17b50 iswctype
0xe17b58 localeconv
0xe17b60 longjmp
0xe17b68 malloc
0xe17b70 memchr
0xe17b78 memcmp
0xe17b80 memcpy
0xe17b88 memmove
0xe17b90 memset
0xe17b98 printf
0xe17ba0 putc
0xe17ba8 putchar
0xe17bb0 puts
0xe17bb8 putwc
0xe17bc0 qsort
0xe17bc8 raise
0xe17bd0 rand
0xe17bd8 realloc
0xe17be0 setlocale
0xe17be8 setvbuf
0xe17bf0 signal
0xe17bf8 sprintf
0xe17c00 srand
0xe17c08 sscanf
0xe17c10 strcat
0xe17c18 strchr
0xe17c20 strcmp
0xe17c28 strcoll
0xe17c30 strcpy
0xe17c38 strcspn
0xe17c40 strerror
0xe17c48 strftime
0xe17c50 strlen
0xe17c58 strncmp
0xe17c60 strncpy
0xe17c68 strrchr
0xe17c70 strspn
0xe17c78 strstr
0xe17c80 strtol
0xe17c88 strtoul
0xe17c90 strxfrm
0xe17c98 tolower
0xe17ca0 toupper
0xe17ca8 towlower
0xe17cb0 towupper
0xe17cb8 ungetc
0xe17cc0 ungetwc
0xe17cc8 vfprintf
0xe17cd0 wcschr
0xe17cd8 wcscmp
0xe17ce0 wcscoll
0xe17ce8 wcscpy
0xe17cf0 wcsftime
0xe17cf8 wcslen
0xe17d00 wcsncmp
0xe17d08 wcsncpy
0xe17d10 wcspbrk
0xe17d18 wcsrchr
0xe17d20 wcsstr
0xe17d28 wcstombs
0xe17d30 wcsxfrm
SHELL32.dll
0xe17d40 SHGetSpecialFolderPathA
USER32.dll
0xe17d50 DispatchMessageA
0xe17d58 GetLastInputInfo
0xe17d60 GetMessageA
0xe17d68 GetProcessWindowStation
0xe17d70 GetSystemMetrics
0xe17d78 GetUserObjectInformationW
0xe17d80 MapVirtualKeyW
0xe17d88 MessageBoxW
0xe17d90 ShowWindow
0xe17d98 TranslateMessage
USERENV.dll
0xe17da8 GetUserProfileDirectoryW
WS2_32.dll
0xe17db8 FreeAddrInfoW
0xe17dc0 GetAddrInfoW
0xe17dc8 WSACleanup
0xe17dd0 WSADuplicateSocketW
0xe17dd8 WSAGetLastError
0xe17de0 WSAGetOverlappedResult
0xe17de8 WSAIoctl
0xe17df0 WSARecv
0xe17df8 WSARecvFrom
0xe17e00 WSASend
0xe17e08 WSASendTo
0xe17e10 WSASetLastError
0xe17e18 WSASocketW
0xe17e20 WSAStartup
0xe17e28 accept
0xe17e30 ind
0xe17e38 closesocket
0xe17e40 connect
0xe17e48 freeaddrinfo
0xe17e50 getaddrinfo
0xe17e58 gethostbyname
0xe17e60 gethostname
0xe17e68 getnameinfo
0xe17e70 getpeername
0xe17e78 getsockname
0xe17e80 getsockopt
0xe17e88 htonl
0xe17e90 htons
0xe17e98 ioctlsocket
0xe17ea0 listen
0xe17ea8 ntohs
0xe17eb0 recv
0xe17eb8 select
0xe17ec0 send
0xe17ec8 setsockopt
0xe17ed0 shutdown
0xe17ed8 socket
EAT(Export Address Table) is none