ScreenShot
| Created | 2021.09.07 19:04 | Machine | s1_win7_x6401 |
| Filename | rig.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (Miner, malicious, high confidence, CoinMiner, GenericRXAA, Unsafe, Tool, BitMiner, confidence, Eldorado, CoinminerX, izdwzx, XMRig Miner, BtcMine, 0NA103G821, Bitcoinminer, AGEN, ai score=75, kcloud, score, Miner3, HackTool, XMRMiner, CLASSIC, fE2REGMDfnE, Static AI, Malicious PE, susgen) | ||
| md5 | 0b85eae86038116041ecc8d24ba2fadb | ||
| sha256 | cd0dcc3d3aab1dc613cd5b1ea4d3a066ab20768c60babb1a4e79df9da9144218 | ||
| ssdeep | 98304:XuiktN+QTXzrPsEpjmVVy64pAduk5PzF5OzJuSj9YHuu:X9nVVb4pAdHzF5Efj9YHf | ||
| imphash | c71fd4ac3dac447f8cc9080b64821506 | ||
| impfuzzy | 96:RA75PzSX1Dj3cpejwguSTdky3IvX2rG8R6hFpXu+GBgiM38dWXqohgqrbnshXJg:a52F3bw2dkr216hHeXE+Wrrb2XW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14030f8b8 shutdown
0x14030f8c0 ntohs
0x14030f8c8 recv
0x14030f8d0 select
0x14030f8d8 WSARecvFrom
0x14030f8e0 WSASocketW
0x14030f8e8 WSASend
0x14030f8f0 WSARecv
0x14030f8f8 WSAIoctl
0x14030f900 WSADuplicateSocketW
0x14030f908 htons
0x14030f910 getpeername
0x14030f918 FreeAddrInfoW
0x14030f920 GetAddrInfoW
0x14030f928 gethostname
0x14030f930 htonl
0x14030f938 socket
0x14030f940 setsockopt
0x14030f948 listen
0x14030f950 closesocket
0x14030f958 ind
0x14030f960 WSACleanup
0x14030f968 WSAStartup
0x14030f970 getsockopt
0x14030f978 getsockname
0x14030f980 ioctlsocket
0x14030f988 WSAGetLastError
0x14030f990 WSASetLastError
0x14030f998 send
IPHLPAPI.DLL
0x14030f150 GetAdaptersAddresses
USERENV.dll
0x14030f8a8 GetUserProfileDirectoryW
CRYPT32.dll
0x14030f110 CertOpenStore
0x14030f118 CertCloseStore
0x14030f120 CertEnumCertificatesInStore
0x14030f128 CertGetCertificateContextProperty
0x14030f130 CertDuplicateCertificateContext
0x14030f138 CertFreeCertificateContext
0x14030f140 CertFindCertificateInStore
KERNEL32.dll
0x14030f160 SetConsoleMode
0x14030f168 GetConsoleMode
0x14030f170 SizeofResource
0x14030f178 LockResource
0x14030f180 LoadResource
0x14030f188 FindResourceW
0x14030f190 ExpandEnvironmentStringsA
0x14030f198 GetSystemFirmwareTable
0x14030f1a0 HeapFree
0x14030f1a8 HeapAlloc
0x14030f1b0 GetProcessHeap
0x14030f1b8 MultiByteToWideChar
0x14030f1c0 SetPriorityClass
0x14030f1c8 GetCurrentProcess
0x14030f1d0 SetThreadPriority
0x14030f1d8 GetSystemPowerStatus
0x14030f1e0 GetCurrentThread
0x14030f1e8 GetProcAddress
0x14030f1f0 GetModuleHandleW
0x14030f1f8 GetTickCount
0x14030f200 CloseHandle
0x14030f208 FreeConsole
0x14030f210 GetConsoleWindow
0x14030f218 VirtualProtect
0x14030f220 VirtualFree
0x14030f228 VirtualAlloc
0x14030f230 GetLargePageMinimum
0x14030f238 LocalAlloc
0x14030f240 GetLastError
0x14030f248 LocalFree
0x14030f250 FlushInstructionCache
0x14030f258 GetCurrentThreadId
0x14030f260 AddVectoredExceptionHandler
0x14030f268 DeviceIoControl
0x14030f270 GetModuleFileNameW
0x14030f278 CreateFileW
0x14030f280 SetLastError
0x14030f288 GetSystemTime
0x14030f290 SystemTimeToFileTime
0x14030f298 GetModuleHandleExW
0x14030f2a0 EnterCriticalSection
0x14030f2a8 LeaveCriticalSection
0x14030f2b0 InitializeCriticalSectionAndSpinCount
0x14030f2b8 DeleteCriticalSection
0x14030f2c0 TlsAlloc
0x14030f2c8 TlsGetValue
0x14030f2d0 TlsSetValue
0x14030f2d8 TlsFree
0x14030f2e0 SwitchToFiber
0x14030f2e8 DeleteFiber
0x14030f2f0 CreateFiber
0x14030f2f8 FindClose
0x14030f300 FindFirstFileW
0x14030f308 FindNextFileW
0x14030f310 WideCharToMultiByte
0x14030f318 GetFileType
0x14030f320 WriteFile
0x14030f328 ConvertFiberToThread
0x14030f330 ConvertThreadToFiber
0x14030f338 QueryPerformanceCounter
0x14030f340 GetCurrentProcessId
0x14030f348 GetSystemTimeAsFileTime
0x14030f350 FreeLibrary
0x14030f358 LoadLibraryA
0x14030f360 LoadLibraryW
0x14030f368 GetEnvironmentVariableW
0x14030f370 ReadConsoleA
0x14030f378 ReadConsoleW
0x14030f380 PostQueuedCompletionStatus
0x14030f388 CreateFileA
0x14030f390 DuplicateHandle
0x14030f398 SetEvent
0x14030f3a0 ResetEvent
0x14030f3a8 WaitForSingleObject
0x14030f3b0 CreateEventA
0x14030f3b8 Sleep
0x14030f3c0 QueueUserWorkItem
0x14030f3c8 RegisterWaitForSingleObject
0x14030f3d0 UnregisterWait
0x14030f3d8 GetNumberOfConsoleInputEvents
0x14030f3e0 ReadConsoleInputW
0x14030f3e8 FillConsoleOutputCharacterW
0x14030f3f0 FillConsoleOutputAttribute
0x14030f3f8 GetConsoleCursorInfo
0x14030f400 SetConsoleCursorInfo
0x14030f408 GetConsoleScreenBufferInfo
0x14030f410 SetConsoleCursorPosition
0x14030f418 SetConsoleTextAttribute
0x14030f420 WriteConsoleInputW
0x14030f428 VerSetConditionMask
0x14030f430 GetEnvironmentStringsW
0x14030f438 FreeEnvironmentStringsW
0x14030f440 SetUnhandledExceptionFilter
0x14030f448 SetCurrentDirectoryW
0x14030f450 SetConsoleTitleA
0x14030f458 GetTempPathW
0x14030f460 QueryPerformanceFrequency
0x14030f468 InitializeCriticalSection
0x14030f470 GlobalMemoryStatusEx
0x14030f478 GetSystemInfo
0x14030f480 VerifyVersionInfoA
0x14030f488 FileTimeToSystemTime
0x14030f490 K32GetProcessMemoryInfo
0x14030f498 CreateDirectoryW
0x14030f4a0 FlushFileBuffers
0x14030f4a8 GetDiskFreeSpaceW
0x14030f4b0 GetFileAttributesW
0x14030f4b8 GetFileInformationByHandle
0x14030f4c0 GetFileSizeEx
0x14030f4c8 GetFinalPathNameByHandleW
0x14030f4d0 GetFullPathNameW
0x14030f4d8 ReadFile
0x14030f4e0 RemoveDirectoryW
0x14030f4e8 SetFilePointerEx
0x14030f4f0 SetFileTime
0x14030f4f8 MapViewOfFile
0x14030f500 FlushViewOfFile
0x14030f508 UnmapViewOfFile
0x14030f510 CreateFileMappingA
0x14030f518 ReOpenFile
0x14030f520 CopyFileW
0x14030f528 MoveFileExW
0x14030f530 CreateHardLinkW
0x14030f538 RtlUnwind
0x14030f540 CreateSymbolicLinkW
0x14030f548 SetConsoleCtrlHandler
0x14030f550 GetLongPathNameW
0x14030f558 GetShortPathNameW
0x14030f560 CreateIoCompletionPort
0x14030f568 ReadDirectoryChangesW
0x14030f570 SetHandleInformation
0x14030f578 CancelIo
0x14030f580 SwitchToThread
0x14030f588 SetFileCompletionNotificationModes
0x14030f590 LoadLibraryExW
0x14030f598 FormatMessageA
0x14030f5a0 SetErrorMode
0x14030f5a8 GetQueuedCompletionStatus
0x14030f5b0 ConnectNamedPipe
0x14030f5b8 PeekNamedPipe
0x14030f5c0 CreateNamedPipeW
0x14030f5c8 CancelIoEx
0x14030f5d0 CancelSynchronousIo
0x14030f5d8 TerminateProcess
0x14030f5e0 GetExitCodeProcess
0x14030f5e8 UnregisterWaitEx
0x14030f5f0 LCMapStringW
0x14030f5f8 DebugBreak
0x14030f600 TryEnterCriticalSection
0x14030f608 InitializeConditionVariable
0x14030f610 WakeConditionVariable
0x14030f618 WakeAllConditionVariable
0x14030f620 SleepConditionVariableCS
0x14030f628 ReleaseSemaphore
0x14030f630 ResumeThread
0x14030f638 GetNativeSystemInfo
0x14030f640 CreateSemaphoreA
0x14030f648 GetModuleHandleA
0x14030f650 GetStartupInfoW
0x14030f658 GetModuleFileNameA
0x14030f660 GetVersionExA
0x14030f668 GetProcessAffinityMask
0x14030f670 SetProcessAffinityMask
0x14030f678 SetThreadAffinityMask
0x14030f680 GetComputerNameA
0x14030f688 RtlVirtualUnwind
0x14030f690 RtlLookupFunctionEntry
0x14030f698 RtlCaptureContext
0x14030f6a0 CreateEventW
0x14030f6a8 GetStringTypeW
0x14030f6b0 GetStdHandle
0x14030f6b8 WriteConsoleW
0x14030f6c0 GetCurrentDirectoryW
0x14030f6c8 UnhandledExceptionFilter
0x14030f6d0 IsProcessorFeaturePresent
0x14030f6d8 IsDebuggerPresent
0x14030f6e0 InitializeSListHead
0x14030f6e8 RtlUnwindEx
0x14030f6f0 RtlPcToFileHeader
0x14030f6f8 RaiseException
0x14030f700 SetStdHandle
0x14030f708 GetCommandLineA
0x14030f710 GetCommandLineW
0x14030f718 CreateThread
0x14030f720 ExitThread
0x14030f728 FreeLibraryAndExitThread
0x14030f730 GetDriveTypeW
0x14030f738 SystemTimeToTzSpecificLocalTime
0x14030f740 ExitProcess
0x14030f748 GetFileAttributesExW
0x14030f750 SetFileAttributesW
0x14030f758 GetConsoleCP
0x14030f760 CompareStringW
0x14030f768 GetLocaleInfoW
0x14030f770 IsValidLocale
0x14030f778 GetUserDefaultLCID
0x14030f780 EnumSystemLocalesW
0x14030f788 HeapReAlloc
0x14030f790 GetTimeZoneInformation
0x14030f798 HeapSize
0x14030f7a0 SetEndOfFile
0x14030f7a8 FindFirstFileExW
0x14030f7b0 IsValidCodePage
0x14030f7b8 GetACP
0x14030f7c0 GetOEMCP
0x14030f7c8 SetEnvironmentVariableW
0x14030f7d0 GetFileInformationByHandleEx
0x14030f7d8 InitializeSRWLock
0x14030f7e0 ReleaseSRWLockExclusive
0x14030f7e8 AcquireSRWLockExclusive
0x14030f7f0 InitializeCriticalSectionEx
0x14030f7f8 WaitForSingleObjectEx
0x14030f800 GetExitCodeThread
0x14030f808 SleepConditionVariableSRW
0x14030f810 EncodePointer
0x14030f818 DecodePointer
0x14030f820 LCMapStringEx
0x14030f828 CompareStringEx
0x14030f830 GetCPInfo
USER32.dll
0x14030f850 GetMessageA
0x14030f858 ShowWindow
0x14030f860 GetSystemMetrics
0x14030f868 MapVirtualKeyW
0x14030f870 DispatchMessageA
0x14030f878 TranslateMessage
0x14030f880 GetProcessWindowStation
0x14030f888 MessageBoxW
0x14030f890 GetUserObjectInformationW
0x14030f898 GetLastInputInfo
SHELL32.dll
0x14030f840 SHGetSpecialFolderPathA
ADVAPI32.dll
0x14030f000 SystemFunction036
0x14030f008 GetUserNameW
0x14030f010 CryptEnumProvidersW
0x14030f018 CryptSignHashW
0x14030f020 CryptDestroyHash
0x14030f028 CryptCreateHash
0x14030f030 CryptDecrypt
0x14030f038 CryptExportKey
0x14030f040 CryptGetUserKey
0x14030f048 CryptGetProvParam
0x14030f050 CryptSetHashParam
0x14030f058 CryptDestroyKey
0x14030f060 CryptReleaseContext
0x14030f068 CryptAcquireContextW
0x14030f070 ReportEventW
0x14030f078 RegisterEventSourceW
0x14030f080 DeregisterEventSource
0x14030f088 CreateServiceW
0x14030f090 QueryServiceStatus
0x14030f098 CloseServiceHandle
0x14030f0a0 OpenSCManagerW
0x14030f0a8 QueryServiceConfigA
0x14030f0b0 DeleteService
0x14030f0b8 ControlService
0x14030f0c0 StartServiceW
0x14030f0c8 OpenServiceW
0x14030f0d0 LookupPrivilegeValueW
0x14030f0d8 AdjustTokenPrivileges
0x14030f0e0 OpenProcessToken
0x14030f0e8 LsaOpenPolicy
0x14030f0f0 LsaAddAccountRights
0x14030f0f8 LsaClose
0x14030f100 GetTokenInformation
crypt.dll
0x14030f9a8 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14030f8b8 shutdown
0x14030f8c0 ntohs
0x14030f8c8 recv
0x14030f8d0 select
0x14030f8d8 WSARecvFrom
0x14030f8e0 WSASocketW
0x14030f8e8 WSASend
0x14030f8f0 WSARecv
0x14030f8f8 WSAIoctl
0x14030f900 WSADuplicateSocketW
0x14030f908 htons
0x14030f910 getpeername
0x14030f918 FreeAddrInfoW
0x14030f920 GetAddrInfoW
0x14030f928 gethostname
0x14030f930 htonl
0x14030f938 socket
0x14030f940 setsockopt
0x14030f948 listen
0x14030f950 closesocket
0x14030f958 ind
0x14030f960 WSACleanup
0x14030f968 WSAStartup
0x14030f970 getsockopt
0x14030f978 getsockname
0x14030f980 ioctlsocket
0x14030f988 WSAGetLastError
0x14030f990 WSASetLastError
0x14030f998 send
IPHLPAPI.DLL
0x14030f150 GetAdaptersAddresses
USERENV.dll
0x14030f8a8 GetUserProfileDirectoryW
CRYPT32.dll
0x14030f110 CertOpenStore
0x14030f118 CertCloseStore
0x14030f120 CertEnumCertificatesInStore
0x14030f128 CertGetCertificateContextProperty
0x14030f130 CertDuplicateCertificateContext
0x14030f138 CertFreeCertificateContext
0x14030f140 CertFindCertificateInStore
KERNEL32.dll
0x14030f160 SetConsoleMode
0x14030f168 GetConsoleMode
0x14030f170 SizeofResource
0x14030f178 LockResource
0x14030f180 LoadResource
0x14030f188 FindResourceW
0x14030f190 ExpandEnvironmentStringsA
0x14030f198 GetSystemFirmwareTable
0x14030f1a0 HeapFree
0x14030f1a8 HeapAlloc
0x14030f1b0 GetProcessHeap
0x14030f1b8 MultiByteToWideChar
0x14030f1c0 SetPriorityClass
0x14030f1c8 GetCurrentProcess
0x14030f1d0 SetThreadPriority
0x14030f1d8 GetSystemPowerStatus
0x14030f1e0 GetCurrentThread
0x14030f1e8 GetProcAddress
0x14030f1f0 GetModuleHandleW
0x14030f1f8 GetTickCount
0x14030f200 CloseHandle
0x14030f208 FreeConsole
0x14030f210 GetConsoleWindow
0x14030f218 VirtualProtect
0x14030f220 VirtualFree
0x14030f228 VirtualAlloc
0x14030f230 GetLargePageMinimum
0x14030f238 LocalAlloc
0x14030f240 GetLastError
0x14030f248 LocalFree
0x14030f250 FlushInstructionCache
0x14030f258 GetCurrentThreadId
0x14030f260 AddVectoredExceptionHandler
0x14030f268 DeviceIoControl
0x14030f270 GetModuleFileNameW
0x14030f278 CreateFileW
0x14030f280 SetLastError
0x14030f288 GetSystemTime
0x14030f290 SystemTimeToFileTime
0x14030f298 GetModuleHandleExW
0x14030f2a0 EnterCriticalSection
0x14030f2a8 LeaveCriticalSection
0x14030f2b0 InitializeCriticalSectionAndSpinCount
0x14030f2b8 DeleteCriticalSection
0x14030f2c0 TlsAlloc
0x14030f2c8 TlsGetValue
0x14030f2d0 TlsSetValue
0x14030f2d8 TlsFree
0x14030f2e0 SwitchToFiber
0x14030f2e8 DeleteFiber
0x14030f2f0 CreateFiber
0x14030f2f8 FindClose
0x14030f300 FindFirstFileW
0x14030f308 FindNextFileW
0x14030f310 WideCharToMultiByte
0x14030f318 GetFileType
0x14030f320 WriteFile
0x14030f328 ConvertFiberToThread
0x14030f330 ConvertThreadToFiber
0x14030f338 QueryPerformanceCounter
0x14030f340 GetCurrentProcessId
0x14030f348 GetSystemTimeAsFileTime
0x14030f350 FreeLibrary
0x14030f358 LoadLibraryA
0x14030f360 LoadLibraryW
0x14030f368 GetEnvironmentVariableW
0x14030f370 ReadConsoleA
0x14030f378 ReadConsoleW
0x14030f380 PostQueuedCompletionStatus
0x14030f388 CreateFileA
0x14030f390 DuplicateHandle
0x14030f398 SetEvent
0x14030f3a0 ResetEvent
0x14030f3a8 WaitForSingleObject
0x14030f3b0 CreateEventA
0x14030f3b8 Sleep
0x14030f3c0 QueueUserWorkItem
0x14030f3c8 RegisterWaitForSingleObject
0x14030f3d0 UnregisterWait
0x14030f3d8 GetNumberOfConsoleInputEvents
0x14030f3e0 ReadConsoleInputW
0x14030f3e8 FillConsoleOutputCharacterW
0x14030f3f0 FillConsoleOutputAttribute
0x14030f3f8 GetConsoleCursorInfo
0x14030f400 SetConsoleCursorInfo
0x14030f408 GetConsoleScreenBufferInfo
0x14030f410 SetConsoleCursorPosition
0x14030f418 SetConsoleTextAttribute
0x14030f420 WriteConsoleInputW
0x14030f428 VerSetConditionMask
0x14030f430 GetEnvironmentStringsW
0x14030f438 FreeEnvironmentStringsW
0x14030f440 SetUnhandledExceptionFilter
0x14030f448 SetCurrentDirectoryW
0x14030f450 SetConsoleTitleA
0x14030f458 GetTempPathW
0x14030f460 QueryPerformanceFrequency
0x14030f468 InitializeCriticalSection
0x14030f470 GlobalMemoryStatusEx
0x14030f478 GetSystemInfo
0x14030f480 VerifyVersionInfoA
0x14030f488 FileTimeToSystemTime
0x14030f490 K32GetProcessMemoryInfo
0x14030f498 CreateDirectoryW
0x14030f4a0 FlushFileBuffers
0x14030f4a8 GetDiskFreeSpaceW
0x14030f4b0 GetFileAttributesW
0x14030f4b8 GetFileInformationByHandle
0x14030f4c0 GetFileSizeEx
0x14030f4c8 GetFinalPathNameByHandleW
0x14030f4d0 GetFullPathNameW
0x14030f4d8 ReadFile
0x14030f4e0 RemoveDirectoryW
0x14030f4e8 SetFilePointerEx
0x14030f4f0 SetFileTime
0x14030f4f8 MapViewOfFile
0x14030f500 FlushViewOfFile
0x14030f508 UnmapViewOfFile
0x14030f510 CreateFileMappingA
0x14030f518 ReOpenFile
0x14030f520 CopyFileW
0x14030f528 MoveFileExW
0x14030f530 CreateHardLinkW
0x14030f538 RtlUnwind
0x14030f540 CreateSymbolicLinkW
0x14030f548 SetConsoleCtrlHandler
0x14030f550 GetLongPathNameW
0x14030f558 GetShortPathNameW
0x14030f560 CreateIoCompletionPort
0x14030f568 ReadDirectoryChangesW
0x14030f570 SetHandleInformation
0x14030f578 CancelIo
0x14030f580 SwitchToThread
0x14030f588 SetFileCompletionNotificationModes
0x14030f590 LoadLibraryExW
0x14030f598 FormatMessageA
0x14030f5a0 SetErrorMode
0x14030f5a8 GetQueuedCompletionStatus
0x14030f5b0 ConnectNamedPipe
0x14030f5b8 PeekNamedPipe
0x14030f5c0 CreateNamedPipeW
0x14030f5c8 CancelIoEx
0x14030f5d0 CancelSynchronousIo
0x14030f5d8 TerminateProcess
0x14030f5e0 GetExitCodeProcess
0x14030f5e8 UnregisterWaitEx
0x14030f5f0 LCMapStringW
0x14030f5f8 DebugBreak
0x14030f600 TryEnterCriticalSection
0x14030f608 InitializeConditionVariable
0x14030f610 WakeConditionVariable
0x14030f618 WakeAllConditionVariable
0x14030f620 SleepConditionVariableCS
0x14030f628 ReleaseSemaphore
0x14030f630 ResumeThread
0x14030f638 GetNativeSystemInfo
0x14030f640 CreateSemaphoreA
0x14030f648 GetModuleHandleA
0x14030f650 GetStartupInfoW
0x14030f658 GetModuleFileNameA
0x14030f660 GetVersionExA
0x14030f668 GetProcessAffinityMask
0x14030f670 SetProcessAffinityMask
0x14030f678 SetThreadAffinityMask
0x14030f680 GetComputerNameA
0x14030f688 RtlVirtualUnwind
0x14030f690 RtlLookupFunctionEntry
0x14030f698 RtlCaptureContext
0x14030f6a0 CreateEventW
0x14030f6a8 GetStringTypeW
0x14030f6b0 GetStdHandle
0x14030f6b8 WriteConsoleW
0x14030f6c0 GetCurrentDirectoryW
0x14030f6c8 UnhandledExceptionFilter
0x14030f6d0 IsProcessorFeaturePresent
0x14030f6d8 IsDebuggerPresent
0x14030f6e0 InitializeSListHead
0x14030f6e8 RtlUnwindEx
0x14030f6f0 RtlPcToFileHeader
0x14030f6f8 RaiseException
0x14030f700 SetStdHandle
0x14030f708 GetCommandLineA
0x14030f710 GetCommandLineW
0x14030f718 CreateThread
0x14030f720 ExitThread
0x14030f728 FreeLibraryAndExitThread
0x14030f730 GetDriveTypeW
0x14030f738 SystemTimeToTzSpecificLocalTime
0x14030f740 ExitProcess
0x14030f748 GetFileAttributesExW
0x14030f750 SetFileAttributesW
0x14030f758 GetConsoleCP
0x14030f760 CompareStringW
0x14030f768 GetLocaleInfoW
0x14030f770 IsValidLocale
0x14030f778 GetUserDefaultLCID
0x14030f780 EnumSystemLocalesW
0x14030f788 HeapReAlloc
0x14030f790 GetTimeZoneInformation
0x14030f798 HeapSize
0x14030f7a0 SetEndOfFile
0x14030f7a8 FindFirstFileExW
0x14030f7b0 IsValidCodePage
0x14030f7b8 GetACP
0x14030f7c0 GetOEMCP
0x14030f7c8 SetEnvironmentVariableW
0x14030f7d0 GetFileInformationByHandleEx
0x14030f7d8 InitializeSRWLock
0x14030f7e0 ReleaseSRWLockExclusive
0x14030f7e8 AcquireSRWLockExclusive
0x14030f7f0 InitializeCriticalSectionEx
0x14030f7f8 WaitForSingleObjectEx
0x14030f800 GetExitCodeThread
0x14030f808 SleepConditionVariableSRW
0x14030f810 EncodePointer
0x14030f818 DecodePointer
0x14030f820 LCMapStringEx
0x14030f828 CompareStringEx
0x14030f830 GetCPInfo
USER32.dll
0x14030f850 GetMessageA
0x14030f858 ShowWindow
0x14030f860 GetSystemMetrics
0x14030f868 MapVirtualKeyW
0x14030f870 DispatchMessageA
0x14030f878 TranslateMessage
0x14030f880 GetProcessWindowStation
0x14030f888 MessageBoxW
0x14030f890 GetUserObjectInformationW
0x14030f898 GetLastInputInfo
SHELL32.dll
0x14030f840 SHGetSpecialFolderPathA
ADVAPI32.dll
0x14030f000 SystemFunction036
0x14030f008 GetUserNameW
0x14030f010 CryptEnumProvidersW
0x14030f018 CryptSignHashW
0x14030f020 CryptDestroyHash
0x14030f028 CryptCreateHash
0x14030f030 CryptDecrypt
0x14030f038 CryptExportKey
0x14030f040 CryptGetUserKey
0x14030f048 CryptGetProvParam
0x14030f050 CryptSetHashParam
0x14030f058 CryptDestroyKey
0x14030f060 CryptReleaseContext
0x14030f068 CryptAcquireContextW
0x14030f070 ReportEventW
0x14030f078 RegisterEventSourceW
0x14030f080 DeregisterEventSource
0x14030f088 CreateServiceW
0x14030f090 QueryServiceStatus
0x14030f098 CloseServiceHandle
0x14030f0a0 OpenSCManagerW
0x14030f0a8 QueryServiceConfigA
0x14030f0b0 DeleteService
0x14030f0b8 ControlService
0x14030f0c0 StartServiceW
0x14030f0c8 OpenServiceW
0x14030f0d0 LookupPrivilegeValueW
0x14030f0d8 AdjustTokenPrivileges
0x14030f0e0 OpenProcessToken
0x14030f0e8 LsaOpenPolicy
0x14030f0f0 LsaAddAccountRights
0x14030f0f8 LsaClose
0x14030f100 GetTokenInformation
crypt.dll
0x14030f9a8 BCryptGenRandom
EAT(Export Address Table) is none