ScreenShot
| Created | 2021.06.25 09:01 | Machine | s1_win7_x6402 |
| Filename | xmrig.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 61 detected (CoinMinerABXTTc, CoinMiner, S1914589, BitCoinMiner, Miner, Tool, malicious, confidence, 100%, Miners, Eldorado, XMRig, gen1, RiskTool, BitMiner, eyxdvb, CryptoMiner, CLOUD, XMRig Miner, ApplicUnwnt@#2x56osth7wg0a, AGEN, Starter, MALXMR, SMBM4, high, score, Malicious PE, ai score=99, high confidence, R213290, BScope, Unsafe, Gencirc, CZ8M2f2st74, Genetic) | ||
| md5 | 11029e2a2f75c2b8612c197e3636e37d | ||
| sha256 | 6149ffed21e740cac12aa61b2fdd17248cbd3e51bab2289d2766aad1d29df910 | ||
| ssdeep | 24576:W06jX7e+lMosIzw5igcbhTlRRgJ9lmDgoAEb45JiqRSr44n5/:W06pzsIzwxcbhJRRgJ9lmJs5Jiqg | ||
| imphash | 37fddefb9813a6996e5b90d338358064 | ||
| impfuzzy | 96:qVQEe9H+lWA+nmFidpsQ4Jxef023zXTXiX1PRjb4xDzJGq2gow85amdwl+KqgUoL:fESpAFfc0QjSFF4xDgKoheEgULm | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 61 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | Command line console output was observed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x4fc5b0 AdjustTokenPrivileges
0x4fc5b4 CryptAcquireContextA
0x4fc5b8 CryptGenRandom
0x4fc5bc CryptReleaseContext
0x4fc5c0 GetTokenInformation
0x4fc5c4 GetUserNameW
0x4fc5c8 LookupPrivilegeValueW
0x4fc5cc LsaAddAccountRights
0x4fc5d0 LsaClose
0x4fc5d4 LsaOpenPolicy
0x4fc5d8 OpenProcessToken
0x4fc5dc RegCloseKey
0x4fc5e0 RegOpenKeyExW
0x4fc5e4 RegQueryValueExW
IPHLPAPI.DLL
0x4fc5ec GetAdaptersAddresses
KERNEL32.dll
0x4fc5f4 AddVectoredExceptionHandler
0x4fc5f8 AssignProcessToJobObject
0x4fc5fc CancelIo
0x4fc600 CloseHandle
0x4fc604 ConnectNamedPipe
0x4fc608 CopyFileW
0x4fc60c CreateDirectoryW
0x4fc610 CreateEventA
0x4fc614 CreateFileA
0x4fc618 CreateFileW
0x4fc61c CreateHardLinkW
0x4fc620 CreateIoCompletionPort
0x4fc624 CreateJobObjectW
0x4fc628 CreateNamedPipeA
0x4fc62c CreateNamedPipeW
0x4fc630 CreateProcessW
0x4fc634 CreateSemaphoreA
0x4fc638 CreateSemaphoreW
0x4fc63c CreateToolhelp32Snapshot
0x4fc640 DebugBreak
0x4fc644 DeleteCriticalSection
0x4fc648 DeviceIoControl
0x4fc64c DuplicateHandle
0x4fc650 EnterCriticalSection
0x4fc654 FileTimeToSystemTime
0x4fc658 FillConsoleOutputAttribute
0x4fc65c FillConsoleOutputCharacterW
0x4fc660 FlushFileBuffers
0x4fc664 FormatMessageA
0x4fc668 FreeConsole
0x4fc66c FreeLibrary
0x4fc670 GetConsoleCursorInfo
0x4fc674 GetConsoleMode
0x4fc678 GetConsoleScreenBufferInfo
0x4fc67c GetConsoleTitleW
0x4fc680 GetConsoleWindow
0x4fc684 GetCurrentDirectoryW
0x4fc688 GetCurrentProcess
0x4fc68c GetCurrentProcessId
0x4fc690 GetCurrentThread
0x4fc694 GetCurrentThreadId
0x4fc698 GetEnvironmentVariableW
0x4fc69c GetExitCodeProcess
0x4fc6a0 GetFileAttributesW
0x4fc6a4 GetFileInformationByHandle
0x4fc6a8 GetFileType
0x4fc6ac GetHandleInformation
0x4fc6b0 GetLastError
0x4fc6b4 GetLongPathNameW
0x4fc6b8 GetModuleFileNameW
0x4fc6bc GetModuleHandleA
0x4fc6c0 GetModuleHandleW
0x4fc6c4 GetNamedPipeHandleStateA
0x4fc6c8 GetNumberOfConsoleInputEvents
0x4fc6cc GetProcAddress
0x4fc6d0 GetProcessAffinityMask
0x4fc6d4 GetProcessIoCounters
0x4fc6d8 GetProcessTimes
0x4fc6dc GetQueuedCompletionStatus
0x4fc6e0 GetShortPathNameW
0x4fc6e4 GetStartupInfoA
0x4fc6e8 GetStartupInfoW
0x4fc6ec GetStdHandle
0x4fc6f0 GetSystemInfo
0x4fc6f4 GetSystemTimeAdjustment
0x4fc6f8 GetSystemTimeAsFileTime
0x4fc6fc GetTempPathW
0x4fc700 GetThreadContext
0x4fc704 GetThreadPriority
0x4fc708 GetThreadTimes
0x4fc70c GetTickCount
0x4fc710 GlobalMemoryStatusEx
0x4fc714 InitializeCriticalSection
0x4fc718 InitializeCriticalSectionAndSpinCount
0x4fc71c IsDBCSLeadByteEx
0x4fc720 IsDebuggerPresent
0x4fc724 LCMapStringW
0x4fc728 LeaveCriticalSection
0x4fc72c LoadLibraryA
0x4fc730 LocalAlloc
0x4fc734 LocalFree
0x4fc738 MoveFileExW
0x4fc73c MultiByteToWideChar
0x4fc740 OpenProcess
0x4fc744 OutputDebugStringA
0x4fc748 PeekNamedPipe
0x4fc74c PostQueuedCompletionStatus
0x4fc750 Process32First
0x4fc754 Process32Next
0x4fc758 QueryPerformanceCounter
0x4fc75c QueryPerformanceFrequency
0x4fc760 QueueUserWorkItem
0x4fc764 RaiseException
0x4fc768 ReadConsoleInputW
0x4fc76c ReadConsoleW
0x4fc770 ReadDirectoryChangesW
0x4fc774 ReadFile
0x4fc778 RegisterWaitForSingleObject
0x4fc77c ReleaseSemaphore
0x4fc780 RemoveDirectoryW
0x4fc784 RemoveVectoredExceptionHandler
0x4fc788 ResetEvent
0x4fc78c ResumeThread
0x4fc790 SetConsoleCtrlHandler
0x4fc794 SetConsoleCursorInfo
0x4fc798 SetConsoleCursorPosition
0x4fc79c SetConsoleMode
0x4fc7a0 SetConsoleTextAttribute
0x4fc7a4 SetConsoleTitleW
0x4fc7a8 SetCurrentDirectoryW
0x4fc7ac SetEnvironmentVariableW
0x4fc7b0 SetErrorMode
0x4fc7b4 SetEvent
0x4fc7b8 SetFilePointerEx
0x4fc7bc SetFileTime
0x4fc7c0 SetHandleInformation
0x4fc7c4 SetInformationJobObject
0x4fc7c8 SetLastError
0x4fc7cc SetNamedPipeHandleState
0x4fc7d0 SetPriorityClass
0x4fc7d4 SetProcessAffinityMask
0x4fc7d8 SetSystemTime
0x4fc7dc SetThreadAffinityMask
0x4fc7e0 SetThreadContext
0x4fc7e4 SetThreadPriority
0x4fc7e8 SetUnhandledExceptionFilter
0x4fc7ec Sleep
0x4fc7f0 SuspendThread
0x4fc7f4 SwitchToThread
0x4fc7f8 TerminateProcess
0x4fc7fc TlsAlloc
0x4fc800 TlsFree
0x4fc804 TlsGetValue
0x4fc808 TlsSetValue
0x4fc80c TryEnterCriticalSection
0x4fc810 UnhandledExceptionFilter
0x4fc814 UnregisterWait
0x4fc818 UnregisterWaitEx
0x4fc81c VerSetConditionMask
0x4fc820 VerifyVersionInfoA
0x4fc824 VirtualAlloc
0x4fc828 VirtualFree
0x4fc82c VirtualProtect
0x4fc830 VirtualQuery
0x4fc834 WaitForMultipleObjects
0x4fc838 WaitForSingleObject
0x4fc83c WaitNamedPipeW
0x4fc840 WideCharToMultiByte
0x4fc844 WriteConsoleInputW
0x4fc848 WriteConsoleW
0x4fc84c WriteFile
msvcrt.dll
0x4fc854 __argv
0x4fc858 __dllonexit
0x4fc85c __doserrno
0x4fc860 __getmainargs
0x4fc864 __initenv
0x4fc868 __lconv_init
0x4fc86c __mb_cur_max
0x4fc870 __set_app_type
0x4fc874 __setusermatherr
0x4fc878 _acmdln
0x4fc87c _aligned_free
0x4fc880 _aligned_malloc
0x4fc884 _amsg_exit
0x4fc888 _beginthreadex
0x4fc88c _cexit
0x4fc890 _close
0x4fc894 _endthreadex
0x4fc898 _errno
0x4fc89c _close
0x4fc8a0 _exit
0x4fc8a4 _fdopen
0x4fc8a8 _fmode
0x4fc8ac _get_osfhandle
0x4fc8b0 _initterm
0x4fc8b4 _iob
0x4fc8b8 _lock
0x4fc8bc _lseeki64
0x4fc8c0 _onexit
0x4fc8c4 _open_osfhandle
0x4fc8c8 _read
0x4fc8cc _setjmp3
0x4fc8d0 _snwprintf
0x4fc8d4 _strdup
0x4fc8d8 _strnicmp
0x4fc8dc _ultoa
0x4fc8e0 _umask
0x4fc8e4 _unlock
0x4fc8e8 _vsnprintf
0x4fc8ec _wchmod
0x4fc8f0 _wcsdup
0x4fc8f4 _wcsnicmp
0x4fc8f8 _wcsrev
0x4fc8fc _wmkdir
0x4fc900 _write
0x4fc904 _write
0x4fc908 _wrmdir
0x4fc90c abort
0x4fc910 atoi
0x4fc914 calloc
0x4fc918 exit
0x4fc91c fflush
0x4fc920 fopen
0x4fc924 fprintf
0x4fc928 fputc
0x4fc92c fputs
0x4fc930 fread
0x4fc934 free
0x4fc938 fwprintf
0x4fc93c fwrite
0x4fc940 getenv
0x4fc944 gmtime
0x4fc948 islower
0x4fc94c isspace
0x4fc950 isupper
0x4fc954 localeconv
0x4fc958 localtime
0x4fc95c longjmp
0x4fc960 malloc
0x4fc964 memchr
0x4fc968 memcmp
0x4fc96c memcpy
0x4fc970 memmove
0x4fc974 memset
0x4fc978 printf
0x4fc97c qsort
0x4fc980 raise
0x4fc984 rand
0x4fc988 realloc
0x4fc98c setlocale
0x4fc990 signal
0x4fc994 sprintf
0x4fc998 srand
0x4fc99c strchr
0x4fc9a0 strcmp
0x4fc9a4 strcpy
0x4fc9a8 strerror
0x4fc9ac strlen
0x4fc9b0 strncmp
0x4fc9b4 strncpy
0x4fc9b8 strrchr
0x4fc9bc strstr
0x4fc9c0 strtol
0x4fc9c4 strtoul
0x4fc9c8 time
0x4fc9cc vfprintf
0x4fc9d0 wcschr
0x4fc9d4 wcscpy
0x4fc9d8 wcslen
0x4fc9dc wcsncmp
0x4fc9e0 wcsncpy
0x4fc9e4 wcspbrk
0x4fc9e8 wcsrchr
0x4fc9ec wcstombs
PSAPI.DLL
0x4fc9f4 GetProcessMemoryInfo
USER32.dll
0x4fc9fc DispatchMessageA
0x4fca00 GetMessageA
0x4fca04 MapVirtualKeyW
0x4fca08 MessageBoxW
0x4fca0c SetWinEventHook
0x4fca10 ShowWindow
0x4fca14 TranslateMessage
USERENV.dll
0x4fca1c GetUserProfileDirectoryW
WS2_32.dll
0x4fca24 FreeAddrInfoW
0x4fca28 GetAddrInfoW
0x4fca2c WSACleanup
0x4fca30 WSADuplicateSocketW
0x4fca34 WSAGetLastError
0x4fca38 WSAIoctl
0x4fca3c WSARecv
0x4fca40 WSARecvFrom
0x4fca44 WSASend
0x4fca48 WSASendTo
0x4fca4c WSASetLastError
0x4fca50 WSASocketW
0x4fca54 WSAStartup
0x4fca58 __WSAFDIsSet
0x4fca5c accept
0x4fca60 ind
0x4fca64 closesocket
0x4fca68 connect
0x4fca6c gethostname
0x4fca70 getpeername
0x4fca74 getsockname
0x4fca78 getsockopt
0x4fca7c htonl
0x4fca80 htons
0x4fca84 ioctlsocket
0x4fca88 listen
0x4fca8c ntohs
0x4fca90 recv
0x4fca94 select
0x4fca98 send
0x4fca9c setsockopt
0x4fcaa0 shutdown
0x4fcaa4 socket
EAT(Export Address Table) Library
0x482a30 MHD_add_connection
0x487be0 MHD_add_response_footer
0x487ac0 MHD_add_response_header
0x488610 MHD_create_response_for_upgrade
0x4883e0 MHD_create_response_from_buffer
0x487ef0 MHD_create_response_from_callback
0x4882f0 MHD_create_response_from_data
0x488190 MHD_create_response_from_fd
0x488230 MHD_create_response_from_fd64
0x487fd0 MHD_create_response_from_fd_at_offset
0x4880b0 MHD_create_response_from_fd_at_offset64
0x487d00 MHD_del_response_header
0x488780 MHD_destroy_response
0x486120 MHD_free
0x47c760 MHD_get_connection_info
0x47b880 MHD_get_connection_values
0x485b10 MHD_get_daemon_info
0x482590 MHD_get_fdset
0x482600 MHD_get_fdset2
0x47fa30 MHD_get_reason_phrase_for
0x487e20 MHD_get_response_header
0x487db0 MHD_get_response_headers
0x483360 MHD_get_timeout
0x485be0 MHD_get_version
0x485d70 MHD_http_unescape
0x485bf0 MHD_is_feature_supported
0x47b970 MHD_lookup_connection_value
0x47c950 MHD_queue_response
0x483b60 MHD_quiesce_daemon
0x482960 MHD_resume_connection
0x483b10 MHD_run
0x483a50 MHD_run_from_select
0x47c7e0 MHD_set_connection_option
0x47b900 MHD_set_connection_value
0x485bc0 MHD_set_panic_func
0x487fa0 MHD_set_response_options
0x484d90 MHD_start_daemon
0x484000 MHD_start_daemon_va
0x483cd0 MHD_stop_daemon
0x4827c0 MHD_suspend_connection
0x4884d0 MHD_upgrade_action
ADVAPI32.dll
0x4fc5b0 AdjustTokenPrivileges
0x4fc5b4 CryptAcquireContextA
0x4fc5b8 CryptGenRandom
0x4fc5bc CryptReleaseContext
0x4fc5c0 GetTokenInformation
0x4fc5c4 GetUserNameW
0x4fc5c8 LookupPrivilegeValueW
0x4fc5cc LsaAddAccountRights
0x4fc5d0 LsaClose
0x4fc5d4 LsaOpenPolicy
0x4fc5d8 OpenProcessToken
0x4fc5dc RegCloseKey
0x4fc5e0 RegOpenKeyExW
0x4fc5e4 RegQueryValueExW
IPHLPAPI.DLL
0x4fc5ec GetAdaptersAddresses
KERNEL32.dll
0x4fc5f4 AddVectoredExceptionHandler
0x4fc5f8 AssignProcessToJobObject
0x4fc5fc CancelIo
0x4fc600 CloseHandle
0x4fc604 ConnectNamedPipe
0x4fc608 CopyFileW
0x4fc60c CreateDirectoryW
0x4fc610 CreateEventA
0x4fc614 CreateFileA
0x4fc618 CreateFileW
0x4fc61c CreateHardLinkW
0x4fc620 CreateIoCompletionPort
0x4fc624 CreateJobObjectW
0x4fc628 CreateNamedPipeA
0x4fc62c CreateNamedPipeW
0x4fc630 CreateProcessW
0x4fc634 CreateSemaphoreA
0x4fc638 CreateSemaphoreW
0x4fc63c CreateToolhelp32Snapshot
0x4fc640 DebugBreak
0x4fc644 DeleteCriticalSection
0x4fc648 DeviceIoControl
0x4fc64c DuplicateHandle
0x4fc650 EnterCriticalSection
0x4fc654 FileTimeToSystemTime
0x4fc658 FillConsoleOutputAttribute
0x4fc65c FillConsoleOutputCharacterW
0x4fc660 FlushFileBuffers
0x4fc664 FormatMessageA
0x4fc668 FreeConsole
0x4fc66c FreeLibrary
0x4fc670 GetConsoleCursorInfo
0x4fc674 GetConsoleMode
0x4fc678 GetConsoleScreenBufferInfo
0x4fc67c GetConsoleTitleW
0x4fc680 GetConsoleWindow
0x4fc684 GetCurrentDirectoryW
0x4fc688 GetCurrentProcess
0x4fc68c GetCurrentProcessId
0x4fc690 GetCurrentThread
0x4fc694 GetCurrentThreadId
0x4fc698 GetEnvironmentVariableW
0x4fc69c GetExitCodeProcess
0x4fc6a0 GetFileAttributesW
0x4fc6a4 GetFileInformationByHandle
0x4fc6a8 GetFileType
0x4fc6ac GetHandleInformation
0x4fc6b0 GetLastError
0x4fc6b4 GetLongPathNameW
0x4fc6b8 GetModuleFileNameW
0x4fc6bc GetModuleHandleA
0x4fc6c0 GetModuleHandleW
0x4fc6c4 GetNamedPipeHandleStateA
0x4fc6c8 GetNumberOfConsoleInputEvents
0x4fc6cc GetProcAddress
0x4fc6d0 GetProcessAffinityMask
0x4fc6d4 GetProcessIoCounters
0x4fc6d8 GetProcessTimes
0x4fc6dc GetQueuedCompletionStatus
0x4fc6e0 GetShortPathNameW
0x4fc6e4 GetStartupInfoA
0x4fc6e8 GetStartupInfoW
0x4fc6ec GetStdHandle
0x4fc6f0 GetSystemInfo
0x4fc6f4 GetSystemTimeAdjustment
0x4fc6f8 GetSystemTimeAsFileTime
0x4fc6fc GetTempPathW
0x4fc700 GetThreadContext
0x4fc704 GetThreadPriority
0x4fc708 GetThreadTimes
0x4fc70c GetTickCount
0x4fc710 GlobalMemoryStatusEx
0x4fc714 InitializeCriticalSection
0x4fc718 InitializeCriticalSectionAndSpinCount
0x4fc71c IsDBCSLeadByteEx
0x4fc720 IsDebuggerPresent
0x4fc724 LCMapStringW
0x4fc728 LeaveCriticalSection
0x4fc72c LoadLibraryA
0x4fc730 LocalAlloc
0x4fc734 LocalFree
0x4fc738 MoveFileExW
0x4fc73c MultiByteToWideChar
0x4fc740 OpenProcess
0x4fc744 OutputDebugStringA
0x4fc748 PeekNamedPipe
0x4fc74c PostQueuedCompletionStatus
0x4fc750 Process32First
0x4fc754 Process32Next
0x4fc758 QueryPerformanceCounter
0x4fc75c QueryPerformanceFrequency
0x4fc760 QueueUserWorkItem
0x4fc764 RaiseException
0x4fc768 ReadConsoleInputW
0x4fc76c ReadConsoleW
0x4fc770 ReadDirectoryChangesW
0x4fc774 ReadFile
0x4fc778 RegisterWaitForSingleObject
0x4fc77c ReleaseSemaphore
0x4fc780 RemoveDirectoryW
0x4fc784 RemoveVectoredExceptionHandler
0x4fc788 ResetEvent
0x4fc78c ResumeThread
0x4fc790 SetConsoleCtrlHandler
0x4fc794 SetConsoleCursorInfo
0x4fc798 SetConsoleCursorPosition
0x4fc79c SetConsoleMode
0x4fc7a0 SetConsoleTextAttribute
0x4fc7a4 SetConsoleTitleW
0x4fc7a8 SetCurrentDirectoryW
0x4fc7ac SetEnvironmentVariableW
0x4fc7b0 SetErrorMode
0x4fc7b4 SetEvent
0x4fc7b8 SetFilePointerEx
0x4fc7bc SetFileTime
0x4fc7c0 SetHandleInformation
0x4fc7c4 SetInformationJobObject
0x4fc7c8 SetLastError
0x4fc7cc SetNamedPipeHandleState
0x4fc7d0 SetPriorityClass
0x4fc7d4 SetProcessAffinityMask
0x4fc7d8 SetSystemTime
0x4fc7dc SetThreadAffinityMask
0x4fc7e0 SetThreadContext
0x4fc7e4 SetThreadPriority
0x4fc7e8 SetUnhandledExceptionFilter
0x4fc7ec Sleep
0x4fc7f0 SuspendThread
0x4fc7f4 SwitchToThread
0x4fc7f8 TerminateProcess
0x4fc7fc TlsAlloc
0x4fc800 TlsFree
0x4fc804 TlsGetValue
0x4fc808 TlsSetValue
0x4fc80c TryEnterCriticalSection
0x4fc810 UnhandledExceptionFilter
0x4fc814 UnregisterWait
0x4fc818 UnregisterWaitEx
0x4fc81c VerSetConditionMask
0x4fc820 VerifyVersionInfoA
0x4fc824 VirtualAlloc
0x4fc828 VirtualFree
0x4fc82c VirtualProtect
0x4fc830 VirtualQuery
0x4fc834 WaitForMultipleObjects
0x4fc838 WaitForSingleObject
0x4fc83c WaitNamedPipeW
0x4fc840 WideCharToMultiByte
0x4fc844 WriteConsoleInputW
0x4fc848 WriteConsoleW
0x4fc84c WriteFile
msvcrt.dll
0x4fc854 __argv
0x4fc858 __dllonexit
0x4fc85c __doserrno
0x4fc860 __getmainargs
0x4fc864 __initenv
0x4fc868 __lconv_init
0x4fc86c __mb_cur_max
0x4fc870 __set_app_type
0x4fc874 __setusermatherr
0x4fc878 _acmdln
0x4fc87c _aligned_free
0x4fc880 _aligned_malloc
0x4fc884 _amsg_exit
0x4fc888 _beginthreadex
0x4fc88c _cexit
0x4fc890 _close
0x4fc894 _endthreadex
0x4fc898 _errno
0x4fc89c _close
0x4fc8a0 _exit
0x4fc8a4 _fdopen
0x4fc8a8 _fmode
0x4fc8ac _get_osfhandle
0x4fc8b0 _initterm
0x4fc8b4 _iob
0x4fc8b8 _lock
0x4fc8bc _lseeki64
0x4fc8c0 _onexit
0x4fc8c4 _open_osfhandle
0x4fc8c8 _read
0x4fc8cc _setjmp3
0x4fc8d0 _snwprintf
0x4fc8d4 _strdup
0x4fc8d8 _strnicmp
0x4fc8dc _ultoa
0x4fc8e0 _umask
0x4fc8e4 _unlock
0x4fc8e8 _vsnprintf
0x4fc8ec _wchmod
0x4fc8f0 _wcsdup
0x4fc8f4 _wcsnicmp
0x4fc8f8 _wcsrev
0x4fc8fc _wmkdir
0x4fc900 _write
0x4fc904 _write
0x4fc908 _wrmdir
0x4fc90c abort
0x4fc910 atoi
0x4fc914 calloc
0x4fc918 exit
0x4fc91c fflush
0x4fc920 fopen
0x4fc924 fprintf
0x4fc928 fputc
0x4fc92c fputs
0x4fc930 fread
0x4fc934 free
0x4fc938 fwprintf
0x4fc93c fwrite
0x4fc940 getenv
0x4fc944 gmtime
0x4fc948 islower
0x4fc94c isspace
0x4fc950 isupper
0x4fc954 localeconv
0x4fc958 localtime
0x4fc95c longjmp
0x4fc960 malloc
0x4fc964 memchr
0x4fc968 memcmp
0x4fc96c memcpy
0x4fc970 memmove
0x4fc974 memset
0x4fc978 printf
0x4fc97c qsort
0x4fc980 raise
0x4fc984 rand
0x4fc988 realloc
0x4fc98c setlocale
0x4fc990 signal
0x4fc994 sprintf
0x4fc998 srand
0x4fc99c strchr
0x4fc9a0 strcmp
0x4fc9a4 strcpy
0x4fc9a8 strerror
0x4fc9ac strlen
0x4fc9b0 strncmp
0x4fc9b4 strncpy
0x4fc9b8 strrchr
0x4fc9bc strstr
0x4fc9c0 strtol
0x4fc9c4 strtoul
0x4fc9c8 time
0x4fc9cc vfprintf
0x4fc9d0 wcschr
0x4fc9d4 wcscpy
0x4fc9d8 wcslen
0x4fc9dc wcsncmp
0x4fc9e0 wcsncpy
0x4fc9e4 wcspbrk
0x4fc9e8 wcsrchr
0x4fc9ec wcstombs
PSAPI.DLL
0x4fc9f4 GetProcessMemoryInfo
USER32.dll
0x4fc9fc DispatchMessageA
0x4fca00 GetMessageA
0x4fca04 MapVirtualKeyW
0x4fca08 MessageBoxW
0x4fca0c SetWinEventHook
0x4fca10 ShowWindow
0x4fca14 TranslateMessage
USERENV.dll
0x4fca1c GetUserProfileDirectoryW
WS2_32.dll
0x4fca24 FreeAddrInfoW
0x4fca28 GetAddrInfoW
0x4fca2c WSACleanup
0x4fca30 WSADuplicateSocketW
0x4fca34 WSAGetLastError
0x4fca38 WSAIoctl
0x4fca3c WSARecv
0x4fca40 WSARecvFrom
0x4fca44 WSASend
0x4fca48 WSASendTo
0x4fca4c WSASetLastError
0x4fca50 WSASocketW
0x4fca54 WSAStartup
0x4fca58 __WSAFDIsSet
0x4fca5c accept
0x4fca60 ind
0x4fca64 closesocket
0x4fca68 connect
0x4fca6c gethostname
0x4fca70 getpeername
0x4fca74 getsockname
0x4fca78 getsockopt
0x4fca7c htonl
0x4fca80 htons
0x4fca84 ioctlsocket
0x4fca88 listen
0x4fca8c ntohs
0x4fca90 recv
0x4fca94 select
0x4fca98 send
0x4fca9c setsockopt
0x4fcaa0 shutdown
0x4fcaa4 socket
EAT(Export Address Table) Library
0x482a30 MHD_add_connection
0x487be0 MHD_add_response_footer
0x487ac0 MHD_add_response_header
0x488610 MHD_create_response_for_upgrade
0x4883e0 MHD_create_response_from_buffer
0x487ef0 MHD_create_response_from_callback
0x4882f0 MHD_create_response_from_data
0x488190 MHD_create_response_from_fd
0x488230 MHD_create_response_from_fd64
0x487fd0 MHD_create_response_from_fd_at_offset
0x4880b0 MHD_create_response_from_fd_at_offset64
0x487d00 MHD_del_response_header
0x488780 MHD_destroy_response
0x486120 MHD_free
0x47c760 MHD_get_connection_info
0x47b880 MHD_get_connection_values
0x485b10 MHD_get_daemon_info
0x482590 MHD_get_fdset
0x482600 MHD_get_fdset2
0x47fa30 MHD_get_reason_phrase_for
0x487e20 MHD_get_response_header
0x487db0 MHD_get_response_headers
0x483360 MHD_get_timeout
0x485be0 MHD_get_version
0x485d70 MHD_http_unescape
0x485bf0 MHD_is_feature_supported
0x47b970 MHD_lookup_connection_value
0x47c950 MHD_queue_response
0x483b60 MHD_quiesce_daemon
0x482960 MHD_resume_connection
0x483b10 MHD_run
0x483a50 MHD_run_from_select
0x47c7e0 MHD_set_connection_option
0x47b900 MHD_set_connection_value
0x485bc0 MHD_set_panic_func
0x487fa0 MHD_set_response_options
0x484d90 MHD_start_daemon
0x484000 MHD_start_daemon_va
0x483cd0 MHD_stop_daemon
0x4827c0 MHD_suspend_connection
0x4884d0 MHD_upgrade_action