ScreenShot
| Created | 2021.08.06 16:03 | Machine | s1_win7_x6402 |
| Filename | xmrig_win32 | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (FamVT, SilrionA, Miner, malicious, high confidence, Tool, BtcMine, CoinMiner, Unsafe, BitMiner, Miners, Eldorado, Bitcoinminer, hpchda, Malware@#vj7xzemj0ff1, MALXMR, SMFCD01, XMRig Miner, Static AI, Malicious PE, RiskTool, caby, AGEN, ai score=100, ASMalwS, score, R226842, Misc, HackTool, XMRMiner, CLASSIC, aioZI2aG3I4, susgen, CryptoMiner, confidence, H8oANSkA) | ||
| md5 | 6d28a08caf2d90f5d02a2bf8794c7de9 | ||
| sha256 | bc88a661f0dff0ca800b52e58e78f989455dd257606a9793d6ee9304c3dc76d0 | ||
| ssdeep | 98304:MZJzJNRDYMYYoYMYYYYYoYjiYiYiEJzdJzKOebyHNw3eLEdR9PZ55zsIHUQ+gZ1H:MsAL4RtHXoXkBnsPsa | ||
| imphash | 42db5b8977028f8e1b24e1848433288b | ||
| impfuzzy | 192:5mShLr/+EScwA9SiewuJ0NjSFf4QmK4ZdITg0MYK:bp+Bch9SiFCKK2dITg0MX | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xd4bfac AdjustTokenPrivileges
0xd4bfb4 AllocateAndInitializeSid
0xd4bfbc CloseServiceHandle
0xd4bfc4 ControlService
0xd4bfcc CreateServiceW
0xd4bfd4 CryptAcquireContextW
0xd4bfdc CryptCreateHash
0xd4bfe4 CryptDecrypt
0xd4bfec CryptDestroyHash
0xd4bff4 CryptDestroyKey
0xd4bffc CryptEnumProvidersW
0xd4c004 CryptExportKey
0xd4c00c CryptGenRandom
0xd4c014 CryptGetProvParam
0xd4c01c CryptGetUserKey
0xd4c024 CryptReleaseContext
0xd4c02c CryptSetHashParam
0xd4c034 CryptSignHashW
0xd4c03c DeleteService
0xd4c044 DeregisterEventSource
0xd4c04c FreeSid
0xd4c054 GetSecurityInfo
0xd4c05c GetTokenInformation
0xd4c064 GetUserNameW
0xd4c06c LookupPrivilegeValueW
0xd4c074 LsaAddAccountRights
0xd4c07c LsaClose
0xd4c084 LsaOpenPolicy
0xd4c08c OpenProcessToken
0xd4c094 OpenSCManagerW
0xd4c09c OpenServiceW
0xd4c0a4 QueryServiceConfigA
0xd4c0ac QueryServiceStatus
0xd4c0b4 RegCloseKey
0xd4c0bc RegGetValueW
0xd4c0c4 RegOpenKeyExW
0xd4c0cc RegQueryValueExW
0xd4c0d4 RegisterEventSourceW
0xd4c0dc ReportEventW
0xd4c0e4 SetEntriesInAclA
0xd4c0ec SetSecurityInfo
0xd4c0f4 StartServiceW
CRYPT32.dll
0xd4c104 CertCloseStore
0xd4c10c CertDuplicateCertificateContext
0xd4c114 CertEnumCertificatesInStore
0xd4c11c CertFindCertificateInStore
0xd4c124 CertFreeCertificateContext
0xd4c12c CertGetCertificateContextProperty
0xd4c134 CertOpenStore
IPHLPAPI.DLL
0xd4c144 ConvertInterfaceIndexToLuid
0xd4c14c ConvertInterfaceLuidToNameW
0xd4c154 GetAdaptersAddresses
KERNEL32.dll
0xd4c164 AddVectoredExceptionHandler
0xd4c16c AssignProcessToJobObject
0xd4c174 CancelIo
0xd4c17c CancelIoEx
0xd4c184 CancelSynchronousIo
0xd4c18c CloseHandle
0xd4c194 ConnectNamedPipe
0xd4c19c ConvertFiberToThread
0xd4c1a4 ConvertThreadToFiber
0xd4c1ac CopyFileW
0xd4c1b4 CreateDirectoryW
0xd4c1bc CreateEventA
0xd4c1c4 CreateFiber
0xd4c1cc CreateFileA
0xd4c1d4 CreateFileMappingA
0xd4c1dc CreateFileW
0xd4c1e4 CreateHardLinkW
0xd4c1ec CreateIoCompletionPort
0xd4c1f4 CreateJobObjectW
0xd4c1fc CreateNamedPipeA
0xd4c204 CreateNamedPipeW
0xd4c20c CreateProcessW
0xd4c214 CreateSemaphoreA
0xd4c21c CreateSemaphoreW
0xd4c224 CreateSymbolicLinkW
0xd4c22c CreateToolhelp32Snapshot
0xd4c234 DebugBreak
0xd4c23c DeleteCriticalSection
0xd4c244 DeleteFiber
0xd4c24c DeviceIoControl
0xd4c254 DuplicateHandle
0xd4c25c EnterCriticalSection
0xd4c264 ExpandEnvironmentStringsA
0xd4c26c FileTimeToSystemTime
0xd4c274 FillConsoleOutputAttribute
0xd4c27c FillConsoleOutputCharacterW
0xd4c284 FindClose
0xd4c28c FindFirstFileW
0xd4c294 FindNextFileW
0xd4c29c FindResourceW
0xd4c2a4 FlushFileBuffers
0xd4c2ac FlushInstructionCache
0xd4c2b4 FlushViewOfFile
0xd4c2bc FormatMessageA
0xd4c2c4 FormatMessageW
0xd4c2cc FreeConsole
0xd4c2d4 FreeEnvironmentStringsW
0xd4c2dc FreeLibrary
0xd4c2e4 GetConsoleCursorInfo
0xd4c2ec GetConsoleMode
0xd4c2f4 GetConsoleScreenBufferInfo
0xd4c2fc GetConsoleTitleW
0xd4c304 GetConsoleWindow
0xd4c30c GetCurrentDirectoryW
0xd4c314 GetCurrentProcess
0xd4c31c GetCurrentProcessId
0xd4c324 GetCurrentThread
0xd4c32c GetCurrentThreadId
0xd4c334 GetDiskFreeSpaceW
0xd4c33c GetEnvironmentStringsW
0xd4c344 GetEnvironmentVariableW
0xd4c34c GetExitCodeProcess
0xd4c354 GetFileAttributesA
0xd4c35c GetFileAttributesW
0xd4c364 GetFileInformationByHandle
0xd4c36c GetFileInformationByHandleEx
0xd4c374 GetFileSizeEx
0xd4c37c GetFileType
0xd4c384 GetFinalPathNameByHandleW
0xd4c38c GetHandleInformation
0xd4c394 GetLargePageMinimum
0xd4c39c GetLastError
0xd4c3a4 GetLongPathNameW
0xd4c3ac GetModuleFileNameA
0xd4c3b4 GetModuleFileNameW
0xd4c3bc GetModuleHandleA
0xd4c3c4 GetModuleHandleExW
0xd4c3cc GetModuleHandleW
0xd4c3d4 GetNamedPipeHandleStateA
0xd4c3dc GetNativeSystemInfo
0xd4c3e4 GetNumberOfConsoleInputEvents
0xd4c3ec GetPriorityClass
0xd4c3f4 GetProcAddress
0xd4c3fc GetProcessAffinityMask
0xd4c404 GetProcessIoCounters
0xd4c40c GetProcessTimes
0xd4c414 GetQueuedCompletionStatus
0xd4c41c GetQueuedCompletionStatusEx
0xd4c424 GetShortPathNameW
0xd4c42c GetStartupInfoA
0xd4c434 GetStartupInfoW
0xd4c43c GetStdHandle
0xd4c444 GetSystemInfo
0xd4c44c GetSystemTime
0xd4c454 GetSystemTimeAdjustment
0xd4c45c GetSystemTimeAsFileTime
0xd4c464 GetTempPathW
0xd4c46c GetThreadContext
0xd4c474 GetThreadPriority
0xd4c47c GetThreadTimes
0xd4c484 GetTickCount
0xd4c48c GetTickCount64
0xd4c494 GetVersion
0xd4c49c GetVersionExW
0xd4c4a4 GlobalMemoryStatusEx
0xd4c4ac InitializeConditionVariable
0xd4c4b4 InitializeCriticalSection
0xd4c4bc InitializeCriticalSectionAndSpinCount
0xd4c4c4 IsDBCSLeadByteEx
0xd4c4cc IsDebuggerPresent
0xd4c4d4 LCMapStringW
0xd4c4dc LeaveCriticalSection
0xd4c4e4 LoadLibraryA
0xd4c4ec LoadLibraryExW
0xd4c4f4 LoadLibraryW
0xd4c4fc LoadResource
0xd4c504 LocalAlloc
0xd4c50c LocalFree
0xd4c514 LockResource
0xd4c51c MapViewOfFile
0xd4c524 MoveFileExW
0xd4c52c MultiByteToWideChar
0xd4c534 OpenProcess
0xd4c53c OutputDebugStringA
0xd4c544 PeekNamedPipe
0xd4c54c PostQueuedCompletionStatus
0xd4c554 Process32First
0xd4c55c Process32Next
0xd4c564 QueryPerformanceCounter
0xd4c56c QueryPerformanceFrequency
0xd4c574 QueueUserWorkItem
0xd4c57c RaiseException
0xd4c584 ReOpenFile
0xd4c58c ReadConsoleA
0xd4c594 ReadConsoleInputW
0xd4c59c ReadConsoleW
0xd4c5a4 ReadDirectoryChangesW
0xd4c5ac ReadFile
0xd4c5b4 RegisterWaitForSingleObject
0xd4c5bc ReleaseSemaphore
0xd4c5c4 RemoveDirectoryW
0xd4c5cc RemoveVectoredExceptionHandler
0xd4c5d4 ResetEvent
0xd4c5dc ResumeThread
0xd4c5e4 RtlAddFunctionTable
0xd4c5ec RtlCaptureContext
0xd4c5f4 RtlLookupFunctionEntry
0xd4c5fc RtlUnwindEx
0xd4c604 RtlVirtualUnwind
0xd4c60c SetConsoleCtrlHandler
0xd4c614 SetConsoleCursorInfo
0xd4c61c SetConsoleCursorPosition
0xd4c624 SetConsoleMode
0xd4c62c SetConsoleTextAttribute
0xd4c634 SetConsoleTitleA
0xd4c63c SetConsoleTitleW
0xd4c644 SetCurrentDirectoryW
0xd4c64c SetEnvironmentVariableW
0xd4c654 SetErrorMode
0xd4c65c SetEvent
0xd4c664 SetFileCompletionNotificationModes
0xd4c66c SetFilePointerEx
0xd4c674 SetFileTime
0xd4c67c SetHandleInformation
0xd4c684 SetInformationJobObject
0xd4c68c SetLastError
0xd4c694 SetNamedPipeHandleState
0xd4c69c SetPriorityClass
0xd4c6a4 SetProcessAffinityMask
0xd4c6ac SetSystemTime
0xd4c6b4 SetThreadAffinityMask
0xd4c6bc SetThreadContext
0xd4c6c4 SetThreadPriority
0xd4c6cc SetUnhandledExceptionFilter
0xd4c6d4 SizeofResource
0xd4c6dc Sleep
0xd4c6e4 SleepConditionVariableCS
0xd4c6ec SuspendThread
0xd4c6f4 SwitchToFiber
0xd4c6fc SwitchToThread
0xd4c704 SystemTimeToFileTime
0xd4c70c TerminateProcess
0xd4c714 TlsAlloc
0xd4c71c TlsFree
0xd4c724 TlsGetValue
0xd4c72c TlsSetValue
0xd4c734 TryEnterCriticalSection
0xd4c73c UnhandledExceptionFilter
0xd4c744 UnmapViewOfFile
0xd4c74c UnregisterWait
0xd4c754 UnregisterWaitEx
0xd4c75c VerSetConditionMask
0xd4c764 VerifyVersionInfoA
0xd4c76c VirtualAlloc
0xd4c774 VirtualFree
0xd4c77c VirtualProtect
0xd4c784 VirtualQuery
0xd4c78c WaitForMultipleObjects
0xd4c794 WaitForSingleObject
0xd4c79c WaitNamedPipeW
0xd4c7a4 WakeAllConditionVariable
0xd4c7ac WakeConditionVariable
0xd4c7b4 WideCharToMultiByte
0xd4c7bc WriteConsoleInputW
0xd4c7c4 WriteConsoleW
0xd4c7cc WriteFile
0xd4c7d4 __C_specific_handler
msvcrt.dll
0xd4c7e4 ___lc_codepage_func
0xd4c7ec ___mb_cur_max_func
0xd4c7f4 __argv
0xd4c7fc __doserrno
0xd4c804 __getmainargs
0xd4c80c __initenv
0xd4c814 __iob_func
0xd4c81c __lconv_init
0xd4c824 __set_app_type
0xd4c82c __setusermatherr
0xd4c834 _acmdln
0xd4c83c _aligned_free
0xd4c844 _aligned_malloc
0xd4c84c _amsg_exit
0xd4c854 _assert
0xd4c85c _beginthreadex
0xd4c864 _cexit
0xd4c86c _close
0xd4c874 _close
0xd4c87c _endthreadex
0xd4c884 _errno
0xd4c88c _exit
0xd4c894 _filelengthi64
0xd4c89c _fileno
0xd4c8a4 _fileno
0xd4c8ac _findclose
0xd4c8b4 _findfirst64
0xd4c8bc _findnext64
0xd4c8c4 _fmode
0xd4c8cc _fstat64
0xd4c8d4 _fdopen
0xd4c8dc _fullpath
0xd4c8e4 _get_osfhandle
0xd4c8ec _gmtime64
0xd4c8f4 _initterm
0xd4c8fc _localtime64
0xd4c904 _lock
0xd4c90c _lseeki64
0xd4c914 _mkdir
0xd4c91c _onexit
0xd4c924 _open
0xd4c92c _open_osfhandle
0xd4c934 _read
0xd4c93c _read
0xd4c944 _setjmp
0xd4c94c _setmode
0xd4c954 _snwprintf
0xd4c95c _stat64
0xd4c964 _strdup
0xd4c96c _strdup
0xd4c974 _stricmp
0xd4c97c _strnicmp
0xd4c984 _time64
0xd4c98c _ultoa
0xd4c994 _umask
0xd4c99c _unlock
0xd4c9a4 _vsnprintf
0xd4c9ac _vsnwprintf
0xd4c9b4 _wchmod
0xd4c9bc _wcsdup
0xd4c9c4 _wcsnicmp
0xd4c9cc _wcsrev
0xd4c9d4 _wfopen
0xd4c9dc _wmkdir
0xd4c9e4 _wopen
0xd4c9ec _write
0xd4c9f4 _write
0xd4c9fc _wrmdir
0xd4ca04 abort
0xd4ca0c atof
0xd4ca14 atoi
0xd4ca1c calloc
0xd4ca24 clock
0xd4ca2c exit
0xd4ca34 fclose
0xd4ca3c feof
0xd4ca44 ferror
0xd4ca4c fflush
0xd4ca54 fgetpos
0xd4ca5c fgets
0xd4ca64 fopen
0xd4ca6c fprintf
0xd4ca74 fputc
0xd4ca7c fputs
0xd4ca84 fread
0xd4ca8c free
0xd4ca94 fseek
0xd4ca9c fsetpos
0xd4caa4 ftell
0xd4caac fwrite
0xd4cab4 getc
0xd4cabc getenv
0xd4cac4 getwc
0xd4cacc islower
0xd4cad4 isspace
0xd4cadc isupper
0xd4cae4 iswctype
0xd4caec localeconv
0xd4caf4 longjmp
0xd4cafc malloc
0xd4cb04 memchr
0xd4cb0c memcmp
0xd4cb14 memcpy
0xd4cb1c memmove
0xd4cb24 memset
0xd4cb2c printf
0xd4cb34 putc
0xd4cb3c putchar
0xd4cb44 puts
0xd4cb4c putwc
0xd4cb54 qsort
0xd4cb5c raise
0xd4cb64 rand
0xd4cb6c realloc
0xd4cb74 setlocale
0xd4cb7c setvbuf
0xd4cb84 signal
0xd4cb8c sprintf
0xd4cb94 srand
0xd4cb9c sscanf
0xd4cba4 strcat
0xd4cbac strchr
0xd4cbb4 strcmp
0xd4cbbc strcoll
0xd4cbc4 strcpy
0xd4cbcc strcspn
0xd4cbd4 strerror
0xd4cbdc strftime
0xd4cbe4 strlen
0xd4cbec strncmp
0xd4cbf4 strncpy
0xd4cbfc strrchr
0xd4cc04 strspn
0xd4cc0c strstr
0xd4cc14 strtol
0xd4cc1c strtoul
0xd4cc24 strxfrm
0xd4cc2c tolower
0xd4cc34 toupper
0xd4cc3c towlower
0xd4cc44 towupper
0xd4cc4c ungetc
0xd4cc54 ungetwc
0xd4cc5c vfprintf
0xd4cc64 wcschr
0xd4cc6c wcscmp
0xd4cc74 wcscoll
0xd4cc7c wcscpy
0xd4cc84 wcsftime
0xd4cc8c wcslen
0xd4cc94 wcsncmp
0xd4cc9c wcsncpy
0xd4cca4 wcspbrk
0xd4ccac wcsrchr
0xd4ccb4 wcsstr
0xd4ccbc wcstombs
0xd4ccc4 wcsxfrm
PSAPI.DLL
0xd4ccd4 GetProcessMemoryInfo
SHELL32.dll
0xd4cce4 SHGetSpecialFolderPathA
USER32.dll
0xd4ccf4 DispatchMessageA
0xd4ccfc GetMessageA
0xd4cd04 GetProcessWindowStation
0xd4cd0c GetSystemMetrics
0xd4cd14 GetUserObjectInformationW
0xd4cd1c MapVirtualKeyW
0xd4cd24 MessageBoxW
0xd4cd2c ShowWindow
0xd4cd34 TranslateMessage
USERENV.dll
0xd4cd44 GetUserProfileDirectoryW
WS2_32.dll
0xd4cd54 FreeAddrInfoW
0xd4cd5c GetAddrInfoW
0xd4cd64 WSACleanup
0xd4cd6c WSADuplicateSocketW
0xd4cd74 WSAGetLastError
0xd4cd7c WSAIoctl
0xd4cd84 WSARecv
0xd4cd8c WSARecvFrom
0xd4cd94 WSASend
0xd4cd9c WSASendTo
0xd4cda4 WSASetLastError
0xd4cdac WSASocketW
0xd4cdb4 WSAStartup
0xd4cdbc accept
0xd4cdc4 ind
0xd4cdcc closesocket
0xd4cdd4 connect
0xd4cddc freeaddrinfo
0xd4cde4 getaddrinfo
0xd4cdec gethostbyname
0xd4cdf4 gethostname
0xd4cdfc getnameinfo
0xd4ce04 getpeername
0xd4ce0c getsockname
0xd4ce14 getsockopt
0xd4ce1c htonl
0xd4ce24 htons
0xd4ce2c ioctlsocket
0xd4ce34 listen
0xd4ce3c ntohs
0xd4ce44 recv
0xd4ce4c select
0xd4ce54 send
0xd4ce5c setsockopt
0xd4ce64 shutdown
0xd4ce6c socket
EAT(Export Address Table) is none
ADVAPI32.dll
0xd4bfac AdjustTokenPrivileges
0xd4bfb4 AllocateAndInitializeSid
0xd4bfbc CloseServiceHandle
0xd4bfc4 ControlService
0xd4bfcc CreateServiceW
0xd4bfd4 CryptAcquireContextW
0xd4bfdc CryptCreateHash
0xd4bfe4 CryptDecrypt
0xd4bfec CryptDestroyHash
0xd4bff4 CryptDestroyKey
0xd4bffc CryptEnumProvidersW
0xd4c004 CryptExportKey
0xd4c00c CryptGenRandom
0xd4c014 CryptGetProvParam
0xd4c01c CryptGetUserKey
0xd4c024 CryptReleaseContext
0xd4c02c CryptSetHashParam
0xd4c034 CryptSignHashW
0xd4c03c DeleteService
0xd4c044 DeregisterEventSource
0xd4c04c FreeSid
0xd4c054 GetSecurityInfo
0xd4c05c GetTokenInformation
0xd4c064 GetUserNameW
0xd4c06c LookupPrivilegeValueW
0xd4c074 LsaAddAccountRights
0xd4c07c LsaClose
0xd4c084 LsaOpenPolicy
0xd4c08c OpenProcessToken
0xd4c094 OpenSCManagerW
0xd4c09c OpenServiceW
0xd4c0a4 QueryServiceConfigA
0xd4c0ac QueryServiceStatus
0xd4c0b4 RegCloseKey
0xd4c0bc RegGetValueW
0xd4c0c4 RegOpenKeyExW
0xd4c0cc RegQueryValueExW
0xd4c0d4 RegisterEventSourceW
0xd4c0dc ReportEventW
0xd4c0e4 SetEntriesInAclA
0xd4c0ec SetSecurityInfo
0xd4c0f4 StartServiceW
CRYPT32.dll
0xd4c104 CertCloseStore
0xd4c10c CertDuplicateCertificateContext
0xd4c114 CertEnumCertificatesInStore
0xd4c11c CertFindCertificateInStore
0xd4c124 CertFreeCertificateContext
0xd4c12c CertGetCertificateContextProperty
0xd4c134 CertOpenStore
IPHLPAPI.DLL
0xd4c144 ConvertInterfaceIndexToLuid
0xd4c14c ConvertInterfaceLuidToNameW
0xd4c154 GetAdaptersAddresses
KERNEL32.dll
0xd4c164 AddVectoredExceptionHandler
0xd4c16c AssignProcessToJobObject
0xd4c174 CancelIo
0xd4c17c CancelIoEx
0xd4c184 CancelSynchronousIo
0xd4c18c CloseHandle
0xd4c194 ConnectNamedPipe
0xd4c19c ConvertFiberToThread
0xd4c1a4 ConvertThreadToFiber
0xd4c1ac CopyFileW
0xd4c1b4 CreateDirectoryW
0xd4c1bc CreateEventA
0xd4c1c4 CreateFiber
0xd4c1cc CreateFileA
0xd4c1d4 CreateFileMappingA
0xd4c1dc CreateFileW
0xd4c1e4 CreateHardLinkW
0xd4c1ec CreateIoCompletionPort
0xd4c1f4 CreateJobObjectW
0xd4c1fc CreateNamedPipeA
0xd4c204 CreateNamedPipeW
0xd4c20c CreateProcessW
0xd4c214 CreateSemaphoreA
0xd4c21c CreateSemaphoreW
0xd4c224 CreateSymbolicLinkW
0xd4c22c CreateToolhelp32Snapshot
0xd4c234 DebugBreak
0xd4c23c DeleteCriticalSection
0xd4c244 DeleteFiber
0xd4c24c DeviceIoControl
0xd4c254 DuplicateHandle
0xd4c25c EnterCriticalSection
0xd4c264 ExpandEnvironmentStringsA
0xd4c26c FileTimeToSystemTime
0xd4c274 FillConsoleOutputAttribute
0xd4c27c FillConsoleOutputCharacterW
0xd4c284 FindClose
0xd4c28c FindFirstFileW
0xd4c294 FindNextFileW
0xd4c29c FindResourceW
0xd4c2a4 FlushFileBuffers
0xd4c2ac FlushInstructionCache
0xd4c2b4 FlushViewOfFile
0xd4c2bc FormatMessageA
0xd4c2c4 FormatMessageW
0xd4c2cc FreeConsole
0xd4c2d4 FreeEnvironmentStringsW
0xd4c2dc FreeLibrary
0xd4c2e4 GetConsoleCursorInfo
0xd4c2ec GetConsoleMode
0xd4c2f4 GetConsoleScreenBufferInfo
0xd4c2fc GetConsoleTitleW
0xd4c304 GetConsoleWindow
0xd4c30c GetCurrentDirectoryW
0xd4c314 GetCurrentProcess
0xd4c31c GetCurrentProcessId
0xd4c324 GetCurrentThread
0xd4c32c GetCurrentThreadId
0xd4c334 GetDiskFreeSpaceW
0xd4c33c GetEnvironmentStringsW
0xd4c344 GetEnvironmentVariableW
0xd4c34c GetExitCodeProcess
0xd4c354 GetFileAttributesA
0xd4c35c GetFileAttributesW
0xd4c364 GetFileInformationByHandle
0xd4c36c GetFileInformationByHandleEx
0xd4c374 GetFileSizeEx
0xd4c37c GetFileType
0xd4c384 GetFinalPathNameByHandleW
0xd4c38c GetHandleInformation
0xd4c394 GetLargePageMinimum
0xd4c39c GetLastError
0xd4c3a4 GetLongPathNameW
0xd4c3ac GetModuleFileNameA
0xd4c3b4 GetModuleFileNameW
0xd4c3bc GetModuleHandleA
0xd4c3c4 GetModuleHandleExW
0xd4c3cc GetModuleHandleW
0xd4c3d4 GetNamedPipeHandleStateA
0xd4c3dc GetNativeSystemInfo
0xd4c3e4 GetNumberOfConsoleInputEvents
0xd4c3ec GetPriorityClass
0xd4c3f4 GetProcAddress
0xd4c3fc GetProcessAffinityMask
0xd4c404 GetProcessIoCounters
0xd4c40c GetProcessTimes
0xd4c414 GetQueuedCompletionStatus
0xd4c41c GetQueuedCompletionStatusEx
0xd4c424 GetShortPathNameW
0xd4c42c GetStartupInfoA
0xd4c434 GetStartupInfoW
0xd4c43c GetStdHandle
0xd4c444 GetSystemInfo
0xd4c44c GetSystemTime
0xd4c454 GetSystemTimeAdjustment
0xd4c45c GetSystemTimeAsFileTime
0xd4c464 GetTempPathW
0xd4c46c GetThreadContext
0xd4c474 GetThreadPriority
0xd4c47c GetThreadTimes
0xd4c484 GetTickCount
0xd4c48c GetTickCount64
0xd4c494 GetVersion
0xd4c49c GetVersionExW
0xd4c4a4 GlobalMemoryStatusEx
0xd4c4ac InitializeConditionVariable
0xd4c4b4 InitializeCriticalSection
0xd4c4bc InitializeCriticalSectionAndSpinCount
0xd4c4c4 IsDBCSLeadByteEx
0xd4c4cc IsDebuggerPresent
0xd4c4d4 LCMapStringW
0xd4c4dc LeaveCriticalSection
0xd4c4e4 LoadLibraryA
0xd4c4ec LoadLibraryExW
0xd4c4f4 LoadLibraryW
0xd4c4fc LoadResource
0xd4c504 LocalAlloc
0xd4c50c LocalFree
0xd4c514 LockResource
0xd4c51c MapViewOfFile
0xd4c524 MoveFileExW
0xd4c52c MultiByteToWideChar
0xd4c534 OpenProcess
0xd4c53c OutputDebugStringA
0xd4c544 PeekNamedPipe
0xd4c54c PostQueuedCompletionStatus
0xd4c554 Process32First
0xd4c55c Process32Next
0xd4c564 QueryPerformanceCounter
0xd4c56c QueryPerformanceFrequency
0xd4c574 QueueUserWorkItem
0xd4c57c RaiseException
0xd4c584 ReOpenFile
0xd4c58c ReadConsoleA
0xd4c594 ReadConsoleInputW
0xd4c59c ReadConsoleW
0xd4c5a4 ReadDirectoryChangesW
0xd4c5ac ReadFile
0xd4c5b4 RegisterWaitForSingleObject
0xd4c5bc ReleaseSemaphore
0xd4c5c4 RemoveDirectoryW
0xd4c5cc RemoveVectoredExceptionHandler
0xd4c5d4 ResetEvent
0xd4c5dc ResumeThread
0xd4c5e4 RtlAddFunctionTable
0xd4c5ec RtlCaptureContext
0xd4c5f4 RtlLookupFunctionEntry
0xd4c5fc RtlUnwindEx
0xd4c604 RtlVirtualUnwind
0xd4c60c SetConsoleCtrlHandler
0xd4c614 SetConsoleCursorInfo
0xd4c61c SetConsoleCursorPosition
0xd4c624 SetConsoleMode
0xd4c62c SetConsoleTextAttribute
0xd4c634 SetConsoleTitleA
0xd4c63c SetConsoleTitleW
0xd4c644 SetCurrentDirectoryW
0xd4c64c SetEnvironmentVariableW
0xd4c654 SetErrorMode
0xd4c65c SetEvent
0xd4c664 SetFileCompletionNotificationModes
0xd4c66c SetFilePointerEx
0xd4c674 SetFileTime
0xd4c67c SetHandleInformation
0xd4c684 SetInformationJobObject
0xd4c68c SetLastError
0xd4c694 SetNamedPipeHandleState
0xd4c69c SetPriorityClass
0xd4c6a4 SetProcessAffinityMask
0xd4c6ac SetSystemTime
0xd4c6b4 SetThreadAffinityMask
0xd4c6bc SetThreadContext
0xd4c6c4 SetThreadPriority
0xd4c6cc SetUnhandledExceptionFilter
0xd4c6d4 SizeofResource
0xd4c6dc Sleep
0xd4c6e4 SleepConditionVariableCS
0xd4c6ec SuspendThread
0xd4c6f4 SwitchToFiber
0xd4c6fc SwitchToThread
0xd4c704 SystemTimeToFileTime
0xd4c70c TerminateProcess
0xd4c714 TlsAlloc
0xd4c71c TlsFree
0xd4c724 TlsGetValue
0xd4c72c TlsSetValue
0xd4c734 TryEnterCriticalSection
0xd4c73c UnhandledExceptionFilter
0xd4c744 UnmapViewOfFile
0xd4c74c UnregisterWait
0xd4c754 UnregisterWaitEx
0xd4c75c VerSetConditionMask
0xd4c764 VerifyVersionInfoA
0xd4c76c VirtualAlloc
0xd4c774 VirtualFree
0xd4c77c VirtualProtect
0xd4c784 VirtualQuery
0xd4c78c WaitForMultipleObjects
0xd4c794 WaitForSingleObject
0xd4c79c WaitNamedPipeW
0xd4c7a4 WakeAllConditionVariable
0xd4c7ac WakeConditionVariable
0xd4c7b4 WideCharToMultiByte
0xd4c7bc WriteConsoleInputW
0xd4c7c4 WriteConsoleW
0xd4c7cc WriteFile
0xd4c7d4 __C_specific_handler
msvcrt.dll
0xd4c7e4 ___lc_codepage_func
0xd4c7ec ___mb_cur_max_func
0xd4c7f4 __argv
0xd4c7fc __doserrno
0xd4c804 __getmainargs
0xd4c80c __initenv
0xd4c814 __iob_func
0xd4c81c __lconv_init
0xd4c824 __set_app_type
0xd4c82c __setusermatherr
0xd4c834 _acmdln
0xd4c83c _aligned_free
0xd4c844 _aligned_malloc
0xd4c84c _amsg_exit
0xd4c854 _assert
0xd4c85c _beginthreadex
0xd4c864 _cexit
0xd4c86c _close
0xd4c874 _close
0xd4c87c _endthreadex
0xd4c884 _errno
0xd4c88c _exit
0xd4c894 _filelengthi64
0xd4c89c _fileno
0xd4c8a4 _fileno
0xd4c8ac _findclose
0xd4c8b4 _findfirst64
0xd4c8bc _findnext64
0xd4c8c4 _fmode
0xd4c8cc _fstat64
0xd4c8d4 _fdopen
0xd4c8dc _fullpath
0xd4c8e4 _get_osfhandle
0xd4c8ec _gmtime64
0xd4c8f4 _initterm
0xd4c8fc _localtime64
0xd4c904 _lock
0xd4c90c _lseeki64
0xd4c914 _mkdir
0xd4c91c _onexit
0xd4c924 _open
0xd4c92c _open_osfhandle
0xd4c934 _read
0xd4c93c _read
0xd4c944 _setjmp
0xd4c94c _setmode
0xd4c954 _snwprintf
0xd4c95c _stat64
0xd4c964 _strdup
0xd4c96c _strdup
0xd4c974 _stricmp
0xd4c97c _strnicmp
0xd4c984 _time64
0xd4c98c _ultoa
0xd4c994 _umask
0xd4c99c _unlock
0xd4c9a4 _vsnprintf
0xd4c9ac _vsnwprintf
0xd4c9b4 _wchmod
0xd4c9bc _wcsdup
0xd4c9c4 _wcsnicmp
0xd4c9cc _wcsrev
0xd4c9d4 _wfopen
0xd4c9dc _wmkdir
0xd4c9e4 _wopen
0xd4c9ec _write
0xd4c9f4 _write
0xd4c9fc _wrmdir
0xd4ca04 abort
0xd4ca0c atof
0xd4ca14 atoi
0xd4ca1c calloc
0xd4ca24 clock
0xd4ca2c exit
0xd4ca34 fclose
0xd4ca3c feof
0xd4ca44 ferror
0xd4ca4c fflush
0xd4ca54 fgetpos
0xd4ca5c fgets
0xd4ca64 fopen
0xd4ca6c fprintf
0xd4ca74 fputc
0xd4ca7c fputs
0xd4ca84 fread
0xd4ca8c free
0xd4ca94 fseek
0xd4ca9c fsetpos
0xd4caa4 ftell
0xd4caac fwrite
0xd4cab4 getc
0xd4cabc getenv
0xd4cac4 getwc
0xd4cacc islower
0xd4cad4 isspace
0xd4cadc isupper
0xd4cae4 iswctype
0xd4caec localeconv
0xd4caf4 longjmp
0xd4cafc malloc
0xd4cb04 memchr
0xd4cb0c memcmp
0xd4cb14 memcpy
0xd4cb1c memmove
0xd4cb24 memset
0xd4cb2c printf
0xd4cb34 putc
0xd4cb3c putchar
0xd4cb44 puts
0xd4cb4c putwc
0xd4cb54 qsort
0xd4cb5c raise
0xd4cb64 rand
0xd4cb6c realloc
0xd4cb74 setlocale
0xd4cb7c setvbuf
0xd4cb84 signal
0xd4cb8c sprintf
0xd4cb94 srand
0xd4cb9c sscanf
0xd4cba4 strcat
0xd4cbac strchr
0xd4cbb4 strcmp
0xd4cbbc strcoll
0xd4cbc4 strcpy
0xd4cbcc strcspn
0xd4cbd4 strerror
0xd4cbdc strftime
0xd4cbe4 strlen
0xd4cbec strncmp
0xd4cbf4 strncpy
0xd4cbfc strrchr
0xd4cc04 strspn
0xd4cc0c strstr
0xd4cc14 strtol
0xd4cc1c strtoul
0xd4cc24 strxfrm
0xd4cc2c tolower
0xd4cc34 toupper
0xd4cc3c towlower
0xd4cc44 towupper
0xd4cc4c ungetc
0xd4cc54 ungetwc
0xd4cc5c vfprintf
0xd4cc64 wcschr
0xd4cc6c wcscmp
0xd4cc74 wcscoll
0xd4cc7c wcscpy
0xd4cc84 wcsftime
0xd4cc8c wcslen
0xd4cc94 wcsncmp
0xd4cc9c wcsncpy
0xd4cca4 wcspbrk
0xd4ccac wcsrchr
0xd4ccb4 wcsstr
0xd4ccbc wcstombs
0xd4ccc4 wcsxfrm
PSAPI.DLL
0xd4ccd4 GetProcessMemoryInfo
SHELL32.dll
0xd4cce4 SHGetSpecialFolderPathA
USER32.dll
0xd4ccf4 DispatchMessageA
0xd4ccfc GetMessageA
0xd4cd04 GetProcessWindowStation
0xd4cd0c GetSystemMetrics
0xd4cd14 GetUserObjectInformationW
0xd4cd1c MapVirtualKeyW
0xd4cd24 MessageBoxW
0xd4cd2c ShowWindow
0xd4cd34 TranslateMessage
USERENV.dll
0xd4cd44 GetUserProfileDirectoryW
WS2_32.dll
0xd4cd54 FreeAddrInfoW
0xd4cd5c GetAddrInfoW
0xd4cd64 WSACleanup
0xd4cd6c WSADuplicateSocketW
0xd4cd74 WSAGetLastError
0xd4cd7c WSAIoctl
0xd4cd84 WSARecv
0xd4cd8c WSARecvFrom
0xd4cd94 WSASend
0xd4cd9c WSASendTo
0xd4cda4 WSASetLastError
0xd4cdac WSASocketW
0xd4cdb4 WSAStartup
0xd4cdbc accept
0xd4cdc4 ind
0xd4cdcc closesocket
0xd4cdd4 connect
0xd4cddc freeaddrinfo
0xd4cde4 getaddrinfo
0xd4cdec gethostbyname
0xd4cdf4 gethostname
0xd4cdfc getnameinfo
0xd4ce04 getpeername
0xd4ce0c getsockname
0xd4ce14 getsockopt
0xd4ce1c htonl
0xd4ce24 htons
0xd4ce2c ioctlsocket
0xd4ce34 listen
0xd4ce3c ntohs
0xd4ce44 recv
0xd4ce4c select
0xd4ce54 send
0xd4ce5c setsockopt
0xd4ce64 shutdown
0xd4ce6c socket
EAT(Export Address Table) is none