ScreenShot
| Created | 2021.06.14 15:42 | Machine | s1_win7_x6402 |
| Filename | gcc.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (malicious, high confidence, GenericKD, Artemis, CoinMiner, ali1004001, XNTM, CoinminerX, Miner, Sttk, Tool, BtcMine, Generic PUA AM, Static AI, Malicious PE, AGEN, ai score=87, score, R06CH0CF921, HackTool, CLASSIC, confidence) | ||
| md5 | c0142e34a4293c9468c70596bd8ebfdb | ||
| sha256 | 8abc209952e766af135062edb33e10efa722e83bc3f08cbae98b4750be87a5bd | ||
| ssdeep | 49152:xBzepSAvUCOVFqJ36d8qRf6A58XZJSsg:3zepSAcCOHqJhZJSsg | ||
| imphash | 3bc60f3e23c2c4d913679691994f1b31 | ||
| impfuzzy | 96:OE9+Ee9xKVlroc+nmebidIH4JxejY0bPczXTXiX1PRc4qZdJGVngdwa+eslMYLqA:x9+ESxNceb8T0cjSFC4QmVgdmMgGpXU | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Created a service where a service was also not started |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1405f6d04 AdjustTokenPrivileges
0x1405f6d0c AllocateAndInitializeSid
0x1405f6d14 CloseServiceHandle
0x1405f6d1c ControlService
0x1405f6d24 CreateServiceW
0x1405f6d2c DeleteService
0x1405f6d34 FreeSid
0x1405f6d3c GetSecurityInfo
0x1405f6d44 GetTokenInformation
0x1405f6d4c GetUserNameW
0x1405f6d54 LookupPrivilegeValueW
0x1405f6d5c LsaAddAccountRights
0x1405f6d64 LsaClose
0x1405f6d6c LsaOpenPolicy
0x1405f6d74 OpenProcessToken
0x1405f6d7c OpenSCManagerW
0x1405f6d84 OpenServiceW
0x1405f6d8c QueryServiceConfigA
0x1405f6d94 QueryServiceStatus
0x1405f6d9c RegCloseKey
0x1405f6da4 RegGetValueW
0x1405f6dac RegOpenKeyExW
0x1405f6db4 RegQueryValueExW
0x1405f6dbc SetEntriesInAclA
0x1405f6dc4 SetSecurityInfo
0x1405f6dcc StartServiceW
0x1405f6dd4 SystemFunction036
IPHLPAPI.DLL
0x1405f6de4 ConvertInterfaceIndexToLuid
0x1405f6dec ConvertInterfaceLuidToNameW
0x1405f6df4 GetAdaptersAddresses
KERNEL32.dll
0x1405f6e04 AddVectoredExceptionHandler
0x1405f6e0c AssignProcessToJobObject
0x1405f6e14 CancelIo
0x1405f6e1c CancelIoEx
0x1405f6e24 CancelSynchronousIo
0x1405f6e2c CloseHandle
0x1405f6e34 ConnectNamedPipe
0x1405f6e3c CopyFileW
0x1405f6e44 CreateDirectoryW
0x1405f6e4c CreateEventA
0x1405f6e54 CreateFileA
0x1405f6e5c CreateFileMappingA
0x1405f6e64 CreateFileW
0x1405f6e6c CreateHardLinkW
0x1405f6e74 CreateIoCompletionPort
0x1405f6e7c CreateJobObjectW
0x1405f6e84 CreateNamedPipeA
0x1405f6e8c CreateNamedPipeW
0x1405f6e94 CreateProcessW
0x1405f6e9c CreateSemaphoreA
0x1405f6ea4 CreateSemaphoreW
0x1405f6eac CreateSymbolicLinkW
0x1405f6eb4 CreateToolhelp32Snapshot
0x1405f6ebc DebugBreak
0x1405f6ec4 DeleteCriticalSection
0x1405f6ecc DeviceIoControl
0x1405f6ed4 DuplicateHandle
0x1405f6edc EnterCriticalSection
0x1405f6ee4 ExpandEnvironmentStringsA
0x1405f6eec FileTimeToSystemTime
0x1405f6ef4 FillConsoleOutputAttribute
0x1405f6efc FillConsoleOutputCharacterW
0x1405f6f04 FindClose
0x1405f6f0c FindFirstFileW
0x1405f6f14 FindNextFileW
0x1405f6f1c FlushFileBuffers
0x1405f6f24 FlushInstructionCache
0x1405f6f2c FlushViewOfFile
0x1405f6f34 FormatMessageA
0x1405f6f3c FreeConsole
0x1405f6f44 FreeEnvironmentStringsW
0x1405f6f4c FreeLibrary
0x1405f6f54 GetConsoleCursorInfo
0x1405f6f5c GetConsoleMode
0x1405f6f64 GetConsoleScreenBufferInfo
0x1405f6f6c GetConsoleTitleW
0x1405f6f74 GetConsoleWindow
0x1405f6f7c GetCurrentDirectoryW
0x1405f6f84 GetCurrentProcess
0x1405f6f8c GetCurrentProcessId
0x1405f6f94 GetCurrentThread
0x1405f6f9c GetCurrentThreadId
0x1405f6fa4 GetDiskFreeSpaceW
0x1405f6fac GetEnvironmentStringsW
0x1405f6fb4 GetEnvironmentVariableW
0x1405f6fbc GetExitCodeProcess
0x1405f6fc4 GetFileAttributesW
0x1405f6fcc GetFileInformationByHandle
0x1405f6fd4 GetFileInformationByHandleEx
0x1405f6fdc GetFileSizeEx
0x1405f6fe4 GetFileType
0x1405f6fec GetFinalPathNameByHandleW
0x1405f6ff4 GetFullPathNameW
0x1405f6ffc GetHandleInformation
0x1405f7004 GetLargePageMinimum
0x1405f700c GetLastError
0x1405f7014 GetLongPathNameW
0x1405f701c GetModuleFileNameW
0x1405f7024 GetModuleHandleA
0x1405f702c GetModuleHandleW
0x1405f7034 GetNamedPipeHandleStateA
0x1405f703c GetNativeSystemInfo
0x1405f7044 GetNumberOfConsoleInputEvents
0x1405f704c GetPriorityClass
0x1405f7054 GetProcAddress
0x1405f705c GetProcessAffinityMask
0x1405f7064 GetProcessHeap
0x1405f706c GetProcessIoCounters
0x1405f7074 GetProcessTimes
0x1405f707c GetQueuedCompletionStatus
0x1405f7084 GetShortPathNameW
0x1405f708c GetStartupInfoA
0x1405f7094 GetStartupInfoW
0x1405f709c GetStdHandle
0x1405f70a4 GetSystemFirmwareTable
0x1405f70ac GetSystemInfo
0x1405f70b4 GetSystemPowerStatus
0x1405f70bc GetSystemTimeAdjustment
0x1405f70c4 GetSystemTimeAsFileTime
0x1405f70cc GetTempPathW
0x1405f70d4 GetThreadContext
0x1405f70dc GetThreadPriority
0x1405f70e4 GetThreadTimes
0x1405f70ec GetTickCount
0x1405f70f4 GetTickCount64
0x1405f70fc GetVersionExW
0x1405f7104 GlobalMemoryStatusEx
0x1405f710c HeapAlloc
0x1405f7114 HeapFree
0x1405f711c InitializeConditionVariable
0x1405f7124 InitializeCriticalSection
0x1405f712c IsDBCSLeadByteEx
0x1405f7134 IsDebuggerPresent
0x1405f713c K32GetProcessMemoryInfo
0x1405f7144 LCMapStringW
0x1405f714c LeaveCriticalSection
0x1405f7154 LoadLibraryA
0x1405f715c LoadLibraryExW
0x1405f7164 LoadLibraryW
0x1405f716c LocalAlloc
0x1405f7174 LocalFree
0x1405f717c MapViewOfFile
0x1405f7184 MoveFileExW
0x1405f718c MultiByteToWideChar
0x1405f7194 OpenProcess
0x1405f719c OutputDebugStringA
0x1405f71a4 PeekNamedPipe
0x1405f71ac PostQueuedCompletionStatus
0x1405f71b4 Process32First
0x1405f71bc Process32Next
0x1405f71c4 QueryPerformanceCounter
0x1405f71cc QueryPerformanceFrequency
0x1405f71d4 QueueUserWorkItem
0x1405f71dc RaiseException
0x1405f71e4 ReOpenFile
0x1405f71ec ReadConsoleInputW
0x1405f71f4 ReadConsoleW
0x1405f71fc ReadDirectoryChangesW
0x1405f7204 ReadFile
0x1405f720c RegisterWaitForSingleObject
0x1405f7214 ReleaseSemaphore
0x1405f721c RemoveDirectoryW
0x1405f7224 RemoveVectoredExceptionHandler
0x1405f722c ResetEvent
0x1405f7234 ResumeThread
0x1405f723c RtlCaptureContext
0x1405f7244 RtlLookupFunctionEntry
0x1405f724c RtlUnwindEx
0x1405f7254 RtlVirtualUnwind
0x1405f725c SetConsoleCtrlHandler
0x1405f7264 SetConsoleCursorInfo
0x1405f726c SetConsoleCursorPosition
0x1405f7274 SetConsoleMode
0x1405f727c SetConsoleTextAttribute
0x1405f7284 SetConsoleTitleA
0x1405f728c SetConsoleTitleW
0x1405f7294 SetCurrentDirectoryW
0x1405f729c SetEnvironmentVariableW
0x1405f72a4 SetErrorMode
0x1405f72ac SetEvent
0x1405f72b4 SetFileCompletionNotificationModes
0x1405f72bc SetFilePointerEx
0x1405f72c4 SetFileTime
0x1405f72cc SetHandleInformation
0x1405f72d4 SetInformationJobObject
0x1405f72dc SetLastError
0x1405f72e4 SetNamedPipeHandleState
0x1405f72ec SetPriorityClass
0x1405f72f4 SetProcessAffinityMask
0x1405f72fc SetSystemTime
0x1405f7304 SetThreadAffinityMask
0x1405f730c SetThreadContext
0x1405f7314 SetThreadPriority
0x1405f731c SetUnhandledExceptionFilter
0x1405f7324 Sleep
0x1405f732c SleepConditionVariableCS
0x1405f7334 SuspendThread
0x1405f733c SwitchToThread
0x1405f7344 TerminateProcess
0x1405f734c TlsAlloc
0x1405f7354 TlsFree
0x1405f735c TlsGetValue
0x1405f7364 TlsSetValue
0x1405f736c TryEnterCriticalSection
0x1405f7374 UnmapViewOfFile
0x1405f737c UnregisterWait
0x1405f7384 UnregisterWaitEx
0x1405f738c VerSetConditionMask
0x1405f7394 VerifyVersionInfoA
0x1405f739c VirtualAlloc
0x1405f73a4 VirtualFree
0x1405f73ac VirtualProtect
0x1405f73b4 VirtualQuery
0x1405f73bc WaitForMultipleObjects
0x1405f73c4 WaitForSingleObject
0x1405f73cc WaitNamedPipeW
0x1405f73d4 WakeAllConditionVariable
0x1405f73dc WakeConditionVariable
0x1405f73e4 WideCharToMultiByte
0x1405f73ec WriteConsoleInputW
0x1405f73f4 WriteConsoleW
0x1405f73fc WriteFile
0x1405f7404 __C_specific_handler
msvcrt.dll
0x1405f7414 ___lc_codepage_func
0x1405f741c ___mb_cur_max_func
0x1405f7424 __argv
0x1405f742c __doserrno
0x1405f7434 __getmainargs
0x1405f743c __initenv
0x1405f7444 __iob_func
0x1405f744c __lconv_init
0x1405f7454 __set_app_type
0x1405f745c __setusermatherr
0x1405f7464 _acmdln
0x1405f746c _amsg_exit
0x1405f7474 _assert
0x1405f747c _beginthreadex
0x1405f7484 _cexit
0x1405f748c _close
0x1405f7494 _close
0x1405f749c _commode
0x1405f74a4 _endthreadex
0x1405f74ac _errno
0x1405f74b4 _fdopen
0x1405f74bc _filelengthi64
0x1405f74c4 _fileno
0x1405f74cc _fileno
0x1405f74d4 _fmode
0x1405f74dc _fstat64
0x1405f74e4 _get_osfhandle
0x1405f74ec _initterm
0x1405f74f4 _isatty
0x1405f74fc _localtime64
0x1405f7504 _lock
0x1405f750c _lseeki64
0x1405f7514 _mkdir
0x1405f751c _onexit
0x1405f7524 _open_osfhandle
0x1405f752c _read
0x1405f7534 _read
0x1405f753c _setjmp
0x1405f7544 _snwprintf
0x1405f754c _stricmp
0x1405f7554 _strdup
0x1405f755c _strnicmp
0x1405f7564 _ultoa
0x1405f756c _unlock
0x1405f7574 _umask
0x1405f757c _vscprintf
0x1405f7584 _vsnprintf
0x1405f758c _wchmod
0x1405f7594 _wcsdup
0x1405f759c _wcsnicmp
0x1405f75a4 _wcsrev
0x1405f75ac _wfopen
0x1405f75b4 _wopen
0x1405f75bc _write
0x1405f75c4 _wrmdir
0x1405f75cc abort
0x1405f75d4 atoi
0x1405f75dc calloc
0x1405f75e4 exit
0x1405f75ec fclose
0x1405f75f4 fflush
0x1405f75fc fgetpos
0x1405f7604 fopen
0x1405f760c fprintf
0x1405f7614 fputc
0x1405f761c fputs
0x1405f7624 fread
0x1405f762c free
0x1405f7634 fsetpos
0x1405f763c fwrite
0x1405f7644 getc
0x1405f764c getenv
0x1405f7654 getwc
0x1405f765c islower
0x1405f7664 isspace
0x1405f766c isupper
0x1405f7674 iswctype
0x1405f767c _write
0x1405f7684 localeconv
0x1405f768c longjmp
0x1405f7694 malloc
0x1405f769c memchr
0x1405f76a4 memcmp
0x1405f76ac memcpy
0x1405f76b4 memmove
0x1405f76bc memset
0x1405f76c4 printf
0x1405f76cc putc
0x1405f76d4 putwc
0x1405f76dc qsort
0x1405f76e4 realloc
0x1405f76ec rand
0x1405f76f4 setlocale
0x1405f76fc setvbuf
0x1405f7704 signal
0x1405f770c sprintf
0x1405f7714 srand
0x1405f771c strchr
0x1405f7724 strcmp
0x1405f772c strcoll
0x1405f7734 strerror
0x1405f773c strftime
0x1405f7744 strlen
0x1405f774c strncmp
0x1405f7754 strstr
0x1405f775c strtol
0x1405f7764 strtoul
0x1405f776c strxfrm
0x1405f7774 tolower
0x1405f777c toupper
0x1405f7784 towlower
0x1405f778c towupper
0x1405f7794 ungetc
0x1405f779c vfprintf
0x1405f77a4 ungetwc
0x1405f77ac wcschr
0x1405f77b4 wcscoll
0x1405f77bc wcscpy
0x1405f77c4 wcsftime
0x1405f77cc wcslen
0x1405f77d4 wcsncmp
0x1405f77dc wcsncpy
0x1405f77e4 wcspbrk
0x1405f77ec wcsrchr
0x1405f77f4 wcstombs
0x1405f77fc wcsxfrm
SHELL32.dll
0x1405f780c SHGetSpecialFolderPathA
USER32.dll
0x1405f781c DispatchMessageA
0x1405f7824 GetLastInputInfo
0x1405f782c GetMessageA
0x1405f7834 GetSystemMetrics
0x1405f783c MapVirtualKeyW
0x1405f7844 ShowWindow
0x1405f784c TranslateMessage
USERENV.dll
0x1405f785c GetUserProfileDirectoryW
WS2_32.dll
0x1405f786c FreeAddrInfoW
0x1405f7874 GetAddrInfoW
0x1405f787c WSADuplicateSocketW
0x1405f7884 WSAGetLastError
0x1405f788c WSAGetOverlappedResult
0x1405f7894 WSAIoctl
0x1405f789c WSARecv
0x1405f78a4 WSARecvFrom
0x1405f78ac WSASend
0x1405f78b4 WSASendTo
0x1405f78bc WSASetLastError
0x1405f78c4 WSASocketW
0x1405f78cc WSAStartup
0x1405f78d4 ind
0x1405f78dc closesocket
0x1405f78e4 connect
0x1405f78ec gethostname
0x1405f78f4 getpeername
0x1405f78fc getsockname
0x1405f7904 getsockopt
0x1405f790c htonl
0x1405f7914 htons
0x1405f791c ioctlsocket
0x1405f7924 listen
0x1405f792c select
0x1405f7934 setsockopt
0x1405f793c shutdown
0x1405f7944 socket
EAT(Export Address Table) is none
ADVAPI32.dll
0x1405f6d04 AdjustTokenPrivileges
0x1405f6d0c AllocateAndInitializeSid
0x1405f6d14 CloseServiceHandle
0x1405f6d1c ControlService
0x1405f6d24 CreateServiceW
0x1405f6d2c DeleteService
0x1405f6d34 FreeSid
0x1405f6d3c GetSecurityInfo
0x1405f6d44 GetTokenInformation
0x1405f6d4c GetUserNameW
0x1405f6d54 LookupPrivilegeValueW
0x1405f6d5c LsaAddAccountRights
0x1405f6d64 LsaClose
0x1405f6d6c LsaOpenPolicy
0x1405f6d74 OpenProcessToken
0x1405f6d7c OpenSCManagerW
0x1405f6d84 OpenServiceW
0x1405f6d8c QueryServiceConfigA
0x1405f6d94 QueryServiceStatus
0x1405f6d9c RegCloseKey
0x1405f6da4 RegGetValueW
0x1405f6dac RegOpenKeyExW
0x1405f6db4 RegQueryValueExW
0x1405f6dbc SetEntriesInAclA
0x1405f6dc4 SetSecurityInfo
0x1405f6dcc StartServiceW
0x1405f6dd4 SystemFunction036
IPHLPAPI.DLL
0x1405f6de4 ConvertInterfaceIndexToLuid
0x1405f6dec ConvertInterfaceLuidToNameW
0x1405f6df4 GetAdaptersAddresses
KERNEL32.dll
0x1405f6e04 AddVectoredExceptionHandler
0x1405f6e0c AssignProcessToJobObject
0x1405f6e14 CancelIo
0x1405f6e1c CancelIoEx
0x1405f6e24 CancelSynchronousIo
0x1405f6e2c CloseHandle
0x1405f6e34 ConnectNamedPipe
0x1405f6e3c CopyFileW
0x1405f6e44 CreateDirectoryW
0x1405f6e4c CreateEventA
0x1405f6e54 CreateFileA
0x1405f6e5c CreateFileMappingA
0x1405f6e64 CreateFileW
0x1405f6e6c CreateHardLinkW
0x1405f6e74 CreateIoCompletionPort
0x1405f6e7c CreateJobObjectW
0x1405f6e84 CreateNamedPipeA
0x1405f6e8c CreateNamedPipeW
0x1405f6e94 CreateProcessW
0x1405f6e9c CreateSemaphoreA
0x1405f6ea4 CreateSemaphoreW
0x1405f6eac CreateSymbolicLinkW
0x1405f6eb4 CreateToolhelp32Snapshot
0x1405f6ebc DebugBreak
0x1405f6ec4 DeleteCriticalSection
0x1405f6ecc DeviceIoControl
0x1405f6ed4 DuplicateHandle
0x1405f6edc EnterCriticalSection
0x1405f6ee4 ExpandEnvironmentStringsA
0x1405f6eec FileTimeToSystemTime
0x1405f6ef4 FillConsoleOutputAttribute
0x1405f6efc FillConsoleOutputCharacterW
0x1405f6f04 FindClose
0x1405f6f0c FindFirstFileW
0x1405f6f14 FindNextFileW
0x1405f6f1c FlushFileBuffers
0x1405f6f24 FlushInstructionCache
0x1405f6f2c FlushViewOfFile
0x1405f6f34 FormatMessageA
0x1405f6f3c FreeConsole
0x1405f6f44 FreeEnvironmentStringsW
0x1405f6f4c FreeLibrary
0x1405f6f54 GetConsoleCursorInfo
0x1405f6f5c GetConsoleMode
0x1405f6f64 GetConsoleScreenBufferInfo
0x1405f6f6c GetConsoleTitleW
0x1405f6f74 GetConsoleWindow
0x1405f6f7c GetCurrentDirectoryW
0x1405f6f84 GetCurrentProcess
0x1405f6f8c GetCurrentProcessId
0x1405f6f94 GetCurrentThread
0x1405f6f9c GetCurrentThreadId
0x1405f6fa4 GetDiskFreeSpaceW
0x1405f6fac GetEnvironmentStringsW
0x1405f6fb4 GetEnvironmentVariableW
0x1405f6fbc GetExitCodeProcess
0x1405f6fc4 GetFileAttributesW
0x1405f6fcc GetFileInformationByHandle
0x1405f6fd4 GetFileInformationByHandleEx
0x1405f6fdc GetFileSizeEx
0x1405f6fe4 GetFileType
0x1405f6fec GetFinalPathNameByHandleW
0x1405f6ff4 GetFullPathNameW
0x1405f6ffc GetHandleInformation
0x1405f7004 GetLargePageMinimum
0x1405f700c GetLastError
0x1405f7014 GetLongPathNameW
0x1405f701c GetModuleFileNameW
0x1405f7024 GetModuleHandleA
0x1405f702c GetModuleHandleW
0x1405f7034 GetNamedPipeHandleStateA
0x1405f703c GetNativeSystemInfo
0x1405f7044 GetNumberOfConsoleInputEvents
0x1405f704c GetPriorityClass
0x1405f7054 GetProcAddress
0x1405f705c GetProcessAffinityMask
0x1405f7064 GetProcessHeap
0x1405f706c GetProcessIoCounters
0x1405f7074 GetProcessTimes
0x1405f707c GetQueuedCompletionStatus
0x1405f7084 GetShortPathNameW
0x1405f708c GetStartupInfoA
0x1405f7094 GetStartupInfoW
0x1405f709c GetStdHandle
0x1405f70a4 GetSystemFirmwareTable
0x1405f70ac GetSystemInfo
0x1405f70b4 GetSystemPowerStatus
0x1405f70bc GetSystemTimeAdjustment
0x1405f70c4 GetSystemTimeAsFileTime
0x1405f70cc GetTempPathW
0x1405f70d4 GetThreadContext
0x1405f70dc GetThreadPriority
0x1405f70e4 GetThreadTimes
0x1405f70ec GetTickCount
0x1405f70f4 GetTickCount64
0x1405f70fc GetVersionExW
0x1405f7104 GlobalMemoryStatusEx
0x1405f710c HeapAlloc
0x1405f7114 HeapFree
0x1405f711c InitializeConditionVariable
0x1405f7124 InitializeCriticalSection
0x1405f712c IsDBCSLeadByteEx
0x1405f7134 IsDebuggerPresent
0x1405f713c K32GetProcessMemoryInfo
0x1405f7144 LCMapStringW
0x1405f714c LeaveCriticalSection
0x1405f7154 LoadLibraryA
0x1405f715c LoadLibraryExW
0x1405f7164 LoadLibraryW
0x1405f716c LocalAlloc
0x1405f7174 LocalFree
0x1405f717c MapViewOfFile
0x1405f7184 MoveFileExW
0x1405f718c MultiByteToWideChar
0x1405f7194 OpenProcess
0x1405f719c OutputDebugStringA
0x1405f71a4 PeekNamedPipe
0x1405f71ac PostQueuedCompletionStatus
0x1405f71b4 Process32First
0x1405f71bc Process32Next
0x1405f71c4 QueryPerformanceCounter
0x1405f71cc QueryPerformanceFrequency
0x1405f71d4 QueueUserWorkItem
0x1405f71dc RaiseException
0x1405f71e4 ReOpenFile
0x1405f71ec ReadConsoleInputW
0x1405f71f4 ReadConsoleW
0x1405f71fc ReadDirectoryChangesW
0x1405f7204 ReadFile
0x1405f720c RegisterWaitForSingleObject
0x1405f7214 ReleaseSemaphore
0x1405f721c RemoveDirectoryW
0x1405f7224 RemoveVectoredExceptionHandler
0x1405f722c ResetEvent
0x1405f7234 ResumeThread
0x1405f723c RtlCaptureContext
0x1405f7244 RtlLookupFunctionEntry
0x1405f724c RtlUnwindEx
0x1405f7254 RtlVirtualUnwind
0x1405f725c SetConsoleCtrlHandler
0x1405f7264 SetConsoleCursorInfo
0x1405f726c SetConsoleCursorPosition
0x1405f7274 SetConsoleMode
0x1405f727c SetConsoleTextAttribute
0x1405f7284 SetConsoleTitleA
0x1405f728c SetConsoleTitleW
0x1405f7294 SetCurrentDirectoryW
0x1405f729c SetEnvironmentVariableW
0x1405f72a4 SetErrorMode
0x1405f72ac SetEvent
0x1405f72b4 SetFileCompletionNotificationModes
0x1405f72bc SetFilePointerEx
0x1405f72c4 SetFileTime
0x1405f72cc SetHandleInformation
0x1405f72d4 SetInformationJobObject
0x1405f72dc SetLastError
0x1405f72e4 SetNamedPipeHandleState
0x1405f72ec SetPriorityClass
0x1405f72f4 SetProcessAffinityMask
0x1405f72fc SetSystemTime
0x1405f7304 SetThreadAffinityMask
0x1405f730c SetThreadContext
0x1405f7314 SetThreadPriority
0x1405f731c SetUnhandledExceptionFilter
0x1405f7324 Sleep
0x1405f732c SleepConditionVariableCS
0x1405f7334 SuspendThread
0x1405f733c SwitchToThread
0x1405f7344 TerminateProcess
0x1405f734c TlsAlloc
0x1405f7354 TlsFree
0x1405f735c TlsGetValue
0x1405f7364 TlsSetValue
0x1405f736c TryEnterCriticalSection
0x1405f7374 UnmapViewOfFile
0x1405f737c UnregisterWait
0x1405f7384 UnregisterWaitEx
0x1405f738c VerSetConditionMask
0x1405f7394 VerifyVersionInfoA
0x1405f739c VirtualAlloc
0x1405f73a4 VirtualFree
0x1405f73ac VirtualProtect
0x1405f73b4 VirtualQuery
0x1405f73bc WaitForMultipleObjects
0x1405f73c4 WaitForSingleObject
0x1405f73cc WaitNamedPipeW
0x1405f73d4 WakeAllConditionVariable
0x1405f73dc WakeConditionVariable
0x1405f73e4 WideCharToMultiByte
0x1405f73ec WriteConsoleInputW
0x1405f73f4 WriteConsoleW
0x1405f73fc WriteFile
0x1405f7404 __C_specific_handler
msvcrt.dll
0x1405f7414 ___lc_codepage_func
0x1405f741c ___mb_cur_max_func
0x1405f7424 __argv
0x1405f742c __doserrno
0x1405f7434 __getmainargs
0x1405f743c __initenv
0x1405f7444 __iob_func
0x1405f744c __lconv_init
0x1405f7454 __set_app_type
0x1405f745c __setusermatherr
0x1405f7464 _acmdln
0x1405f746c _amsg_exit
0x1405f7474 _assert
0x1405f747c _beginthreadex
0x1405f7484 _cexit
0x1405f748c _close
0x1405f7494 _close
0x1405f749c _commode
0x1405f74a4 _endthreadex
0x1405f74ac _errno
0x1405f74b4 _fdopen
0x1405f74bc _filelengthi64
0x1405f74c4 _fileno
0x1405f74cc _fileno
0x1405f74d4 _fmode
0x1405f74dc _fstat64
0x1405f74e4 _get_osfhandle
0x1405f74ec _initterm
0x1405f74f4 _isatty
0x1405f74fc _localtime64
0x1405f7504 _lock
0x1405f750c _lseeki64
0x1405f7514 _mkdir
0x1405f751c _onexit
0x1405f7524 _open_osfhandle
0x1405f752c _read
0x1405f7534 _read
0x1405f753c _setjmp
0x1405f7544 _snwprintf
0x1405f754c _stricmp
0x1405f7554 _strdup
0x1405f755c _strnicmp
0x1405f7564 _ultoa
0x1405f756c _unlock
0x1405f7574 _umask
0x1405f757c _vscprintf
0x1405f7584 _vsnprintf
0x1405f758c _wchmod
0x1405f7594 _wcsdup
0x1405f759c _wcsnicmp
0x1405f75a4 _wcsrev
0x1405f75ac _wfopen
0x1405f75b4 _wopen
0x1405f75bc _write
0x1405f75c4 _wrmdir
0x1405f75cc abort
0x1405f75d4 atoi
0x1405f75dc calloc
0x1405f75e4 exit
0x1405f75ec fclose
0x1405f75f4 fflush
0x1405f75fc fgetpos
0x1405f7604 fopen
0x1405f760c fprintf
0x1405f7614 fputc
0x1405f761c fputs
0x1405f7624 fread
0x1405f762c free
0x1405f7634 fsetpos
0x1405f763c fwrite
0x1405f7644 getc
0x1405f764c getenv
0x1405f7654 getwc
0x1405f765c islower
0x1405f7664 isspace
0x1405f766c isupper
0x1405f7674 iswctype
0x1405f767c _write
0x1405f7684 localeconv
0x1405f768c longjmp
0x1405f7694 malloc
0x1405f769c memchr
0x1405f76a4 memcmp
0x1405f76ac memcpy
0x1405f76b4 memmove
0x1405f76bc memset
0x1405f76c4 printf
0x1405f76cc putc
0x1405f76d4 putwc
0x1405f76dc qsort
0x1405f76e4 realloc
0x1405f76ec rand
0x1405f76f4 setlocale
0x1405f76fc setvbuf
0x1405f7704 signal
0x1405f770c sprintf
0x1405f7714 srand
0x1405f771c strchr
0x1405f7724 strcmp
0x1405f772c strcoll
0x1405f7734 strerror
0x1405f773c strftime
0x1405f7744 strlen
0x1405f774c strncmp
0x1405f7754 strstr
0x1405f775c strtol
0x1405f7764 strtoul
0x1405f776c strxfrm
0x1405f7774 tolower
0x1405f777c toupper
0x1405f7784 towlower
0x1405f778c towupper
0x1405f7794 ungetc
0x1405f779c vfprintf
0x1405f77a4 ungetwc
0x1405f77ac wcschr
0x1405f77b4 wcscoll
0x1405f77bc wcscpy
0x1405f77c4 wcsftime
0x1405f77cc wcslen
0x1405f77d4 wcsncmp
0x1405f77dc wcsncpy
0x1405f77e4 wcspbrk
0x1405f77ec wcsrchr
0x1405f77f4 wcstombs
0x1405f77fc wcsxfrm
SHELL32.dll
0x1405f780c SHGetSpecialFolderPathA
USER32.dll
0x1405f781c DispatchMessageA
0x1405f7824 GetLastInputInfo
0x1405f782c GetMessageA
0x1405f7834 GetSystemMetrics
0x1405f783c MapVirtualKeyW
0x1405f7844 ShowWindow
0x1405f784c TranslateMessage
USERENV.dll
0x1405f785c GetUserProfileDirectoryW
WS2_32.dll
0x1405f786c FreeAddrInfoW
0x1405f7874 GetAddrInfoW
0x1405f787c WSADuplicateSocketW
0x1405f7884 WSAGetLastError
0x1405f788c WSAGetOverlappedResult
0x1405f7894 WSAIoctl
0x1405f789c WSARecv
0x1405f78a4 WSARecvFrom
0x1405f78ac WSASend
0x1405f78b4 WSASendTo
0x1405f78bc WSASetLastError
0x1405f78c4 WSASocketW
0x1405f78cc WSAStartup
0x1405f78d4 ind
0x1405f78dc closesocket
0x1405f78e4 connect
0x1405f78ec gethostname
0x1405f78f4 getpeername
0x1405f78fc getsockname
0x1405f7904 getsockopt
0x1405f790c htonl
0x1405f7914 htons
0x1405f791c ioctlsocket
0x1405f7924 listen
0x1405f792c select
0x1405f7934 setsockopt
0x1405f793c shutdown
0x1405f7944 socket
EAT(Export Address Table) is none