ScreenShot
| Created | 2021.09.07 19:20 | Machine | s1_win7_x6401 |
| Filename | stl.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (GucarsiRT, malicious, high confidence, score, Trojanpws, Greedy, Artemis, Unsafe, TrojanPSW, NHUY, Attribute, HighConfidence, GenericKD, tqpzt, R002C0WGA21, ai score=88, PSWTroj, kcloud, Glupteba, PasswordStealer, qqpass, Qqrob, Wpto, susgen, GdSda, confidence, 100%) | ||
| md5 | 66a8fb0b8be4768c062c24b7313a457a | ||
| sha256 | 1d447531015f2866dd25e5dca113d248c5249ab2aec84c522bfd63c946951539 | ||
| ssdeep | 49152:PR07qT3aGPs8xDvWBrS0tPTXYOLnAXLemMJFr:PR07WaGDpWBrR1XYOsX | ||
| imphash | ecff3c56f5c3c2fe543e8bd86a207bea | ||
| impfuzzy | 96:WaNbYl0LulzrZcGtpQttIe6eF1mZvCOgFAALYnEFNmT9yL9XuCNIOHJF5jNLU8Tp:WaSlPlzGGwttI4FEAOdEOcMeYWjvzHk4 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
CRYPT32.dll
0x5ea058 CryptDecodeObjectEx
0x5ea05c CertAddCertificateContextToStore
0x5ea060 CertFindExtension
0x5ea064 CertGetNameStringA
0x5ea068 CertGetCertificateContextProperty
0x5ea06c CertCreateCertificateChainEngine
0x5ea070 CertFreeCertificateChainEngine
0x5ea074 CertGetCertificateChain
0x5ea078 CertFreeCertificateChain
0x5ea07c CertEnumCertificatesInStore
0x5ea080 PFXImportCertStore
0x5ea084 CertFreeCertificateContext
0x5ea088 CryptQueryObject
0x5ea08c CertFindCertificateInStore
0x5ea090 CertCloseStore
0x5ea094 CryptUnprotectData
0x5ea098 CertDuplicateCertificateContext
0x5ea09c CryptStringToBinaryA
0x5ea0a0 CertOpenStore
ADVAPI32.dll
0x5ea000 CryptEncrypt
0x5ea004 CryptHashData
0x5ea008 CryptGenRandom
0x5ea00c DeregisterEventSource
0x5ea010 RegisterEventSourceW
0x5ea014 ReportEventW
0x5ea018 CryptAcquireContextW
0x5ea01c CryptReleaseContext
0x5ea020 CryptDestroyKey
0x5ea024 CryptSetHashParam
0x5ea028 CryptGetProvParam
0x5ea02c CryptGetUserKey
0x5ea030 CryptExportKey
0x5ea034 CryptDecrypt
0x5ea038 CryptCreateHash
0x5ea03c CryptDestroyHash
0x5ea040 CryptSignHashW
0x5ea044 CryptEnumProvidersW
0x5ea048 CryptGetHashParam
0x5ea04c CryptAcquireContextA
0x5ea050 CryptImportKey
KERNEL32.dll
0x5ea0cc AreFileApisANSI
0x5ea0d0 ReadFile
0x5ea0d4 HeapCreate
0x5ea0d8 HeapFree
0x5ea0dc EnterCriticalSection
0x5ea0e0 GetFullPathNameW
0x5ea0e4 GetDiskFreeSpaceW
0x5ea0e8 OutputDebugStringA
0x5ea0ec LockFile
0x5ea0f0 LeaveCriticalSection
0x5ea0f4 InitializeCriticalSection
0x5ea0f8 SetFilePointer
0x5ea0fc GetFullPathNameA
0x5ea100 SetEndOfFile
0x5ea104 UnlockFileEx
0x5ea108 GetTempPathW
0x5ea10c CreateMutexW
0x5ea110 WaitForSingleObject
0x5ea114 CreateFileW
0x5ea118 GetFileAttributesW
0x5ea11c UnmapViewOfFile
0x5ea120 HeapValidate
0x5ea124 HeapSize
0x5ea128 Sleep
0x5ea12c FormatMessageW
0x5ea130 GetDiskFreeSpaceA
0x5ea134 GetFileAttributesExW
0x5ea138 OutputDebugStringW
0x5ea13c LoadLibraryA
0x5ea140 DeleteFileW
0x5ea144 HeapReAlloc
0x5ea148 HeapAlloc
0x5ea14c HeapCompact
0x5ea150 HeapDestroy
0x5ea154 UnlockFile
0x5ea158 CreateFileMappingA
0x5ea15c LocalFree
0x5ea160 LockFileEx
0x5ea164 GetFileSize
0x5ea168 DeleteCriticalSection
0x5ea16c GetCurrentProcessId
0x5ea170 GetProcessHeap
0x5ea174 GetSystemInfo
0x5ea178 FreeLibrary
0x5ea17c WideCharToMultiByte
0x5ea180 GetSystemTimeAsFileTime
0x5ea184 GetSystemTime
0x5ea188 FormatMessageA
0x5ea18c CreateFileMappingW
0x5ea190 MapViewOfFile
0x5ea194 QueryPerformanceCounter
0x5ea198 GetTickCount
0x5ea19c K32EnumProcessModules
0x5ea1a0 GetStdHandle
0x5ea1a4 GetEnvironmentVariableW
0x5ea1a8 GetFileType
0x5ea1ac GetModuleHandleW
0x5ea1b0 SetLastError
0x5ea1b4 InitializeCriticalSectionAndSpinCount
0x5ea1b8 GetCurrentThreadId
0x5ea1bc TlsAlloc
0x5ea1c0 TlsGetValue
0x5ea1c4 TlsSetValue
0x5ea1c8 TlsFree
0x5ea1cc GetModuleHandleExW
0x5ea1d0 DeleteFiber
0x5ea1d4 ConvertFiberToThread
0x5ea1d8 FindFirstFileW
0x5ea1dc FindNextFileW
0x5ea1e0 GetConsoleMode
0x5ea1e4 SetConsoleMode
0x5ea1e8 ReadConsoleA
0x5ea1ec ReadConsoleW
0x5ea1f0 InitializeCriticalSectionEx
0x5ea1f4 SleepEx
0x5ea1f8 QueryPerformanceFrequency
0x5ea1fc GetSystemDirectoryA
0x5ea200 GetModuleHandleA
0x5ea204 MoveFileExA
0x5ea208 WaitForSingleObjectEx
0x5ea20c GetEnvironmentVariableA
0x5ea210 PeekNamedPipe
0x5ea214 WaitForMultipleObjects
0x5ea218 VerifyVersionInfoA
0x5ea21c GetFileSizeEx
0x5ea220 IsDebuggerPresent
0x5ea224 InitializeSListHead
0x5ea228 IsProcessorFeaturePresent
0x5ea22c TerminateProcess
0x5ea230 GetCurrentProcess
0x5ea234 SetUnhandledExceptionFilter
0x5ea238 UnhandledExceptionFilter
0x5ea23c LCMapStringW
0x5ea240 CompareStringW
0x5ea244 GetCPInfo
0x5ea248 DecodePointer
0x5ea24c EncodePointer
0x5ea250 CloseHandle
0x5ea254 GlobalFree
0x5ea258 VerifyVersionInfoW
0x5ea25c VerSetConditionMask
0x5ea260 GetProcAddress
0x5ea264 K32EnumProcesses
0x5ea268 GetUserGeoID
0x5ea26c GetLocalTime
0x5ea270 FlushFileBuffers
0x5ea274 GlobalAlloc
0x5ea278 DeleteFileA
0x5ea27c CreateFileA
0x5ea280 K32GetModuleBaseNameW
0x5ea284 GetFileAttributesA
0x5ea288 GetLastError
0x5ea28c CopyFileA
0x5ea290 GetTempPathA
0x5ea294 OpenProcess
0x5ea298 GetVersionExW
0x5ea29c lstrcmpA
0x5ea2a0 LocalAlloc
0x5ea2a4 FindClose
0x5ea2a8 lstrlenA
0x5ea2ac FindNextFileA
0x5ea2b0 K32GetModuleFileNameExW
0x5ea2b4 GetGeoInfoW
0x5ea2b8 WriteFile
0x5ea2bc GetGeoInfoA
0x5ea2c0 FindFirstFileA
0x5ea2c4 MultiByteToWideChar
0x5ea2c8 LoadLibraryW
0x5ea2cc SystemTimeToFileTime
USER32.dll
0x5ea2f4 GetDesktopWindow
0x5ea2f8 MessageBoxW
0x5ea2fc GetUserObjectInformationW
0x5ea300 GetProcessWindowStation
0x5ea304 GetWindowRect
0x5ea308 ReleaseDC
GDI32.dll
0x5ea0a8 CreateCompatibleBitmap
0x5ea0ac SelectObject
0x5ea0b0 CreateCompatibleDC
0x5ea0b4 StretchBlt
0x5ea0b8 GetDIBits
0x5ea0bc GetDeviceCaps
0x5ea0c0 GetObjectW
0x5ea0c4 CreateDCA
NETAPI32.dll
0x5ea2d4 NetWkstaGetInfo
0x5ea2d8 NetApiBufferFree
SHLWAPI.dll
0x5ea2e8 wnsprintfA
0x5ea2ec StrStrA
crypt.dll
0x5ea64c BCryptGenRandom
VCRUNTIME140.dll
0x5ea310 memmove
0x5ea314 memcpy
0x5ea318 strchr
0x5ea31c __std_terminate
0x5ea320 strrchr
0x5ea324 strstr
0x5ea328 _purecall
0x5ea32c __std_exception_copy
0x5ea330 memchr
0x5ea334 __current_exception_context
0x5ea338 __current_exception
0x5ea33c __CxxFrameHandler3
0x5ea340 wcsstr
0x5ea344 _except_handler4_common
0x5ea348 memcmp
0x5ea34c __uncaught_exception
0x5ea350 memset
0x5ea354 _CxxThrowException
0x5ea358 __std_exception_destroy
api-ms-win-crt-stdio-l1-1-0.dll
0x5ea538 _wfreopen_s
0x5ea53c _chsize_s
0x5ea540 __acrt_iob_func
0x5ea544 fflush
0x5ea548 _wfopen_s
0x5ea54c fgetpos
0x5ea550 __p__commode
0x5ea554 _set_fmode
0x5ea558 fclose
0x5ea55c setvbuf
0x5ea560 ungetc
0x5ea564 _fileno
0x5ea568 fwrite
0x5ea56c fopen_s
0x5ea570 _ftelli64
0x5ea574 fread
0x5ea578 getchar
0x5ea57c fsetpos
0x5ea580 _get_stream_buffer_pointers
0x5ea584 __stdio_common_vswprintf
0x5ea588 feof
0x5ea58c _fsopen
0x5ea590 _close
0x5ea594 _write
0x5ea598 _read
0x5ea59c ferror
0x5ea5a0 _fseeki64
0x5ea5a4 _lseeki64
0x5ea5a8 fputc
0x5ea5ac __stdio_common_vsprintf
0x5ea5b0 fgets
0x5ea5b4 _open
0x5ea5b8 fputs
0x5ea5bc fopen
0x5ea5c0 __stdio_common_vsscanf
0x5ea5c4 fseek
0x5ea5c8 ftell
0x5ea5cc _setmode
0x5ea5d0 _wfopen
0x5ea5d4 __stdio_common_vfprintf
0x5ea5d8 fgetc
api-ms-win-crt-heap-l1-1-0.dll
0x5ea474 _set_new_mode
0x5ea478 free
0x5ea47c realloc
0x5ea480 _msize
0x5ea484 _callnewh
0x5ea488 calloc
0x5ea48c malloc
api-ms-win-crt-time-l1-1-0.dll
0x5ea620 _gmtime64_s
0x5ea624 _gmtime64
0x5ea628 strftime
0x5ea62c _time64
0x5ea630 _localtime64_s
0x5ea634 _mktime64
api-ms-win-crt-string-l1-1-0.dll
0x5ea5e0 isspace
0x5ea5e4 _strdup
0x5ea5e8 _stricmp
0x5ea5ec strcmp
0x5ea5f0 strncpy
0x5ea5f4 strcspn
0x5ea5f8 strspn
0x5ea5fc tolower
0x5ea600 isupper
0x5ea604 _wcsdup
0x5ea608 islower
0x5ea60c strncmp
0x5ea610 __strncnt
0x5ea614 _strnicmp
0x5ea618 strpbrk
api-ms-win-crt-filesystem-l1-1-0.dll
0x5ea454 _unlink
0x5ea458 _access
0x5ea45c _unlock_file
0x5ea460 _lock_file
0x5ea464 _stat64i32
0x5ea468 _fstat64
0x5ea46c _stat64
api-ms-win-crt-runtime-l1-1-0.dll
0x5ea4c0 _c_exit
0x5ea4c4 terminate
0x5ea4c8 _cexit
0x5ea4cc _initialize_onexit_table
0x5ea4d0 _register_onexit_function
0x5ea4d4 _crt_atexit
0x5ea4d8 _controlfp_s
0x5ea4dc __p___argv
0x5ea4e0 __p___argc
0x5ea4e4 exit
0x5ea4e8 _initterm_e
0x5ea4ec _initterm
0x5ea4f0 _get_initial_narrow_environment
0x5ea4f4 _initialize_narrow_environment
0x5ea4f8 _configure_narrow_argv
0x5ea4fc _set_app_type
0x5ea500 _seh_filter_exe
0x5ea504 _register_thread_local_exe_atexit_callback
0x5ea508 abort
0x5ea50c _getpid
0x5ea510 _beginthreadex
0x5ea514 __sys_nerr
0x5ea518 _errno
0x5ea51c strerror
0x5ea520 signal
0x5ea524 strerror_s
0x5ea528 raise
0x5ea52c _exit
0x5ea530 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-utility-l1-1-0.dll
0x5ea63c rand
0x5ea640 qsort
0x5ea644 srand
api-ms-win-crt-environment-l1-1-0.dll
0x5ea44c getenv
api-ms-win-crt-convert-l1-1-0.dll
0x5ea434 strtoll
0x5ea438 strtol
0x5ea43c strtoul
0x5ea440 wcstombs
0x5ea444 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x5ea494 _configthreadlocale
0x5ea498 _unlock_locales
0x5ea49c setlocale
0x5ea4a0 ___lc_collate_cp_func
0x5ea4a4 ___lc_codepage_func
0x5ea4a8 _lock_locales
0x5ea4ac ___lc_locale_name_func
0x5ea4b0 __pctype_func
api-ms-win-crt-math-l1-1-0.dll
0x5ea4b8 __setusermatherr
WS2_32.dll
0x5ea3ac getsockopt
0x5ea3b0 ioctlsocket
0x5ea3b4 ntohs
0x5ea3b8 getsockname
0x5ea3bc WSAStartup
0x5ea3c0 ntohl
0x5ea3c4 gethostname
0x5ea3c8 sendto
0x5ea3cc recvfrom
0x5ea3d0 WSAEventSelect
0x5ea3d4 WSAEnumNetworkEvents
0x5ea3d8 WSACleanup
0x5ea3dc WSAGetLastError
0x5ea3e0 WSACreateEvent
0x5ea3e4 getaddrinfo
0x5ea3e8 WSACloseEvent
0x5ea3ec freeaddrinfo
0x5ea3f0 htonl
0x5ea3f4 recv
0x5ea3f8 send
0x5ea3fc select
0x5ea400 WSASetLastError
0x5ea404 __WSAFDIsSet
0x5ea408 accept
0x5ea40c ind
0x5ea410 WSAIoctl
0x5ea414 htons
0x5ea418 getpeername
0x5ea41c socket
0x5ea420 closesocket
0x5ea424 setsockopt
0x5ea428 connect
0x5ea42c listen
WLDAP32.dll
0x5ea360 None
0x5ea364 None
0x5ea368 None
0x5ea36c None
0x5ea370 None
0x5ea374 None
0x5ea378 None
0x5ea37c None
0x5ea380 None
0x5ea384 None
0x5ea388 None
0x5ea38c None
0x5ea390 None
0x5ea394 None
0x5ea398 None
0x5ea39c None
0x5ea3a0 None
0x5ea3a4 None
Normaliz.dll
0x5ea2e0 IdnToAscii
EAT(Export Address Table) is none
CRYPT32.dll
0x5ea058 CryptDecodeObjectEx
0x5ea05c CertAddCertificateContextToStore
0x5ea060 CertFindExtension
0x5ea064 CertGetNameStringA
0x5ea068 CertGetCertificateContextProperty
0x5ea06c CertCreateCertificateChainEngine
0x5ea070 CertFreeCertificateChainEngine
0x5ea074 CertGetCertificateChain
0x5ea078 CertFreeCertificateChain
0x5ea07c CertEnumCertificatesInStore
0x5ea080 PFXImportCertStore
0x5ea084 CertFreeCertificateContext
0x5ea088 CryptQueryObject
0x5ea08c CertFindCertificateInStore
0x5ea090 CertCloseStore
0x5ea094 CryptUnprotectData
0x5ea098 CertDuplicateCertificateContext
0x5ea09c CryptStringToBinaryA
0x5ea0a0 CertOpenStore
ADVAPI32.dll
0x5ea000 CryptEncrypt
0x5ea004 CryptHashData
0x5ea008 CryptGenRandom
0x5ea00c DeregisterEventSource
0x5ea010 RegisterEventSourceW
0x5ea014 ReportEventW
0x5ea018 CryptAcquireContextW
0x5ea01c CryptReleaseContext
0x5ea020 CryptDestroyKey
0x5ea024 CryptSetHashParam
0x5ea028 CryptGetProvParam
0x5ea02c CryptGetUserKey
0x5ea030 CryptExportKey
0x5ea034 CryptDecrypt
0x5ea038 CryptCreateHash
0x5ea03c CryptDestroyHash
0x5ea040 CryptSignHashW
0x5ea044 CryptEnumProvidersW
0x5ea048 CryptGetHashParam
0x5ea04c CryptAcquireContextA
0x5ea050 CryptImportKey
KERNEL32.dll
0x5ea0cc AreFileApisANSI
0x5ea0d0 ReadFile
0x5ea0d4 HeapCreate
0x5ea0d8 HeapFree
0x5ea0dc EnterCriticalSection
0x5ea0e0 GetFullPathNameW
0x5ea0e4 GetDiskFreeSpaceW
0x5ea0e8 OutputDebugStringA
0x5ea0ec LockFile
0x5ea0f0 LeaveCriticalSection
0x5ea0f4 InitializeCriticalSection
0x5ea0f8 SetFilePointer
0x5ea0fc GetFullPathNameA
0x5ea100 SetEndOfFile
0x5ea104 UnlockFileEx
0x5ea108 GetTempPathW
0x5ea10c CreateMutexW
0x5ea110 WaitForSingleObject
0x5ea114 CreateFileW
0x5ea118 GetFileAttributesW
0x5ea11c UnmapViewOfFile
0x5ea120 HeapValidate
0x5ea124 HeapSize
0x5ea128 Sleep
0x5ea12c FormatMessageW
0x5ea130 GetDiskFreeSpaceA
0x5ea134 GetFileAttributesExW
0x5ea138 OutputDebugStringW
0x5ea13c LoadLibraryA
0x5ea140 DeleteFileW
0x5ea144 HeapReAlloc
0x5ea148 HeapAlloc
0x5ea14c HeapCompact
0x5ea150 HeapDestroy
0x5ea154 UnlockFile
0x5ea158 CreateFileMappingA
0x5ea15c LocalFree
0x5ea160 LockFileEx
0x5ea164 GetFileSize
0x5ea168 DeleteCriticalSection
0x5ea16c GetCurrentProcessId
0x5ea170 GetProcessHeap
0x5ea174 GetSystemInfo
0x5ea178 FreeLibrary
0x5ea17c WideCharToMultiByte
0x5ea180 GetSystemTimeAsFileTime
0x5ea184 GetSystemTime
0x5ea188 FormatMessageA
0x5ea18c CreateFileMappingW
0x5ea190 MapViewOfFile
0x5ea194 QueryPerformanceCounter
0x5ea198 GetTickCount
0x5ea19c K32EnumProcessModules
0x5ea1a0 GetStdHandle
0x5ea1a4 GetEnvironmentVariableW
0x5ea1a8 GetFileType
0x5ea1ac GetModuleHandleW
0x5ea1b0 SetLastError
0x5ea1b4 InitializeCriticalSectionAndSpinCount
0x5ea1b8 GetCurrentThreadId
0x5ea1bc TlsAlloc
0x5ea1c0 TlsGetValue
0x5ea1c4 TlsSetValue
0x5ea1c8 TlsFree
0x5ea1cc GetModuleHandleExW
0x5ea1d0 DeleteFiber
0x5ea1d4 ConvertFiberToThread
0x5ea1d8 FindFirstFileW
0x5ea1dc FindNextFileW
0x5ea1e0 GetConsoleMode
0x5ea1e4 SetConsoleMode
0x5ea1e8 ReadConsoleA
0x5ea1ec ReadConsoleW
0x5ea1f0 InitializeCriticalSectionEx
0x5ea1f4 SleepEx
0x5ea1f8 QueryPerformanceFrequency
0x5ea1fc GetSystemDirectoryA
0x5ea200 GetModuleHandleA
0x5ea204 MoveFileExA
0x5ea208 WaitForSingleObjectEx
0x5ea20c GetEnvironmentVariableA
0x5ea210 PeekNamedPipe
0x5ea214 WaitForMultipleObjects
0x5ea218 VerifyVersionInfoA
0x5ea21c GetFileSizeEx
0x5ea220 IsDebuggerPresent
0x5ea224 InitializeSListHead
0x5ea228 IsProcessorFeaturePresent
0x5ea22c TerminateProcess
0x5ea230 GetCurrentProcess
0x5ea234 SetUnhandledExceptionFilter
0x5ea238 UnhandledExceptionFilter
0x5ea23c LCMapStringW
0x5ea240 CompareStringW
0x5ea244 GetCPInfo
0x5ea248 DecodePointer
0x5ea24c EncodePointer
0x5ea250 CloseHandle
0x5ea254 GlobalFree
0x5ea258 VerifyVersionInfoW
0x5ea25c VerSetConditionMask
0x5ea260 GetProcAddress
0x5ea264 K32EnumProcesses
0x5ea268 GetUserGeoID
0x5ea26c GetLocalTime
0x5ea270 FlushFileBuffers
0x5ea274 GlobalAlloc
0x5ea278 DeleteFileA
0x5ea27c CreateFileA
0x5ea280 K32GetModuleBaseNameW
0x5ea284 GetFileAttributesA
0x5ea288 GetLastError
0x5ea28c CopyFileA
0x5ea290 GetTempPathA
0x5ea294 OpenProcess
0x5ea298 GetVersionExW
0x5ea29c lstrcmpA
0x5ea2a0 LocalAlloc
0x5ea2a4 FindClose
0x5ea2a8 lstrlenA
0x5ea2ac FindNextFileA
0x5ea2b0 K32GetModuleFileNameExW
0x5ea2b4 GetGeoInfoW
0x5ea2b8 WriteFile
0x5ea2bc GetGeoInfoA
0x5ea2c0 FindFirstFileA
0x5ea2c4 MultiByteToWideChar
0x5ea2c8 LoadLibraryW
0x5ea2cc SystemTimeToFileTime
USER32.dll
0x5ea2f4 GetDesktopWindow
0x5ea2f8 MessageBoxW
0x5ea2fc GetUserObjectInformationW
0x5ea300 GetProcessWindowStation
0x5ea304 GetWindowRect
0x5ea308 ReleaseDC
GDI32.dll
0x5ea0a8 CreateCompatibleBitmap
0x5ea0ac SelectObject
0x5ea0b0 CreateCompatibleDC
0x5ea0b4 StretchBlt
0x5ea0b8 GetDIBits
0x5ea0bc GetDeviceCaps
0x5ea0c0 GetObjectW
0x5ea0c4 CreateDCA
NETAPI32.dll
0x5ea2d4 NetWkstaGetInfo
0x5ea2d8 NetApiBufferFree
SHLWAPI.dll
0x5ea2e8 wnsprintfA
0x5ea2ec StrStrA
crypt.dll
0x5ea64c BCryptGenRandom
VCRUNTIME140.dll
0x5ea310 memmove
0x5ea314 memcpy
0x5ea318 strchr
0x5ea31c __std_terminate
0x5ea320 strrchr
0x5ea324 strstr
0x5ea328 _purecall
0x5ea32c __std_exception_copy
0x5ea330 memchr
0x5ea334 __current_exception_context
0x5ea338 __current_exception
0x5ea33c __CxxFrameHandler3
0x5ea340 wcsstr
0x5ea344 _except_handler4_common
0x5ea348 memcmp
0x5ea34c __uncaught_exception
0x5ea350 memset
0x5ea354 _CxxThrowException
0x5ea358 __std_exception_destroy
api-ms-win-crt-stdio-l1-1-0.dll
0x5ea538 _wfreopen_s
0x5ea53c _chsize_s
0x5ea540 __acrt_iob_func
0x5ea544 fflush
0x5ea548 _wfopen_s
0x5ea54c fgetpos
0x5ea550 __p__commode
0x5ea554 _set_fmode
0x5ea558 fclose
0x5ea55c setvbuf
0x5ea560 ungetc
0x5ea564 _fileno
0x5ea568 fwrite
0x5ea56c fopen_s
0x5ea570 _ftelli64
0x5ea574 fread
0x5ea578 getchar
0x5ea57c fsetpos
0x5ea580 _get_stream_buffer_pointers
0x5ea584 __stdio_common_vswprintf
0x5ea588 feof
0x5ea58c _fsopen
0x5ea590 _close
0x5ea594 _write
0x5ea598 _read
0x5ea59c ferror
0x5ea5a0 _fseeki64
0x5ea5a4 _lseeki64
0x5ea5a8 fputc
0x5ea5ac __stdio_common_vsprintf
0x5ea5b0 fgets
0x5ea5b4 _open
0x5ea5b8 fputs
0x5ea5bc fopen
0x5ea5c0 __stdio_common_vsscanf
0x5ea5c4 fseek
0x5ea5c8 ftell
0x5ea5cc _setmode
0x5ea5d0 _wfopen
0x5ea5d4 __stdio_common_vfprintf
0x5ea5d8 fgetc
api-ms-win-crt-heap-l1-1-0.dll
0x5ea474 _set_new_mode
0x5ea478 free
0x5ea47c realloc
0x5ea480 _msize
0x5ea484 _callnewh
0x5ea488 calloc
0x5ea48c malloc
api-ms-win-crt-time-l1-1-0.dll
0x5ea620 _gmtime64_s
0x5ea624 _gmtime64
0x5ea628 strftime
0x5ea62c _time64
0x5ea630 _localtime64_s
0x5ea634 _mktime64
api-ms-win-crt-string-l1-1-0.dll
0x5ea5e0 isspace
0x5ea5e4 _strdup
0x5ea5e8 _stricmp
0x5ea5ec strcmp
0x5ea5f0 strncpy
0x5ea5f4 strcspn
0x5ea5f8 strspn
0x5ea5fc tolower
0x5ea600 isupper
0x5ea604 _wcsdup
0x5ea608 islower
0x5ea60c strncmp
0x5ea610 __strncnt
0x5ea614 _strnicmp
0x5ea618 strpbrk
api-ms-win-crt-filesystem-l1-1-0.dll
0x5ea454 _unlink
0x5ea458 _access
0x5ea45c _unlock_file
0x5ea460 _lock_file
0x5ea464 _stat64i32
0x5ea468 _fstat64
0x5ea46c _stat64
api-ms-win-crt-runtime-l1-1-0.dll
0x5ea4c0 _c_exit
0x5ea4c4 terminate
0x5ea4c8 _cexit
0x5ea4cc _initialize_onexit_table
0x5ea4d0 _register_onexit_function
0x5ea4d4 _crt_atexit
0x5ea4d8 _controlfp_s
0x5ea4dc __p___argv
0x5ea4e0 __p___argc
0x5ea4e4 exit
0x5ea4e8 _initterm_e
0x5ea4ec _initterm
0x5ea4f0 _get_initial_narrow_environment
0x5ea4f4 _initialize_narrow_environment
0x5ea4f8 _configure_narrow_argv
0x5ea4fc _set_app_type
0x5ea500 _seh_filter_exe
0x5ea504 _register_thread_local_exe_atexit_callback
0x5ea508 abort
0x5ea50c _getpid
0x5ea510 _beginthreadex
0x5ea514 __sys_nerr
0x5ea518 _errno
0x5ea51c strerror
0x5ea520 signal
0x5ea524 strerror_s
0x5ea528 raise
0x5ea52c _exit
0x5ea530 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-utility-l1-1-0.dll
0x5ea63c rand
0x5ea640 qsort
0x5ea644 srand
api-ms-win-crt-environment-l1-1-0.dll
0x5ea44c getenv
api-ms-win-crt-convert-l1-1-0.dll
0x5ea434 strtoll
0x5ea438 strtol
0x5ea43c strtoul
0x5ea440 wcstombs
0x5ea444 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x5ea494 _configthreadlocale
0x5ea498 _unlock_locales
0x5ea49c setlocale
0x5ea4a0 ___lc_collate_cp_func
0x5ea4a4 ___lc_codepage_func
0x5ea4a8 _lock_locales
0x5ea4ac ___lc_locale_name_func
0x5ea4b0 __pctype_func
api-ms-win-crt-math-l1-1-0.dll
0x5ea4b8 __setusermatherr
WS2_32.dll
0x5ea3ac getsockopt
0x5ea3b0 ioctlsocket
0x5ea3b4 ntohs
0x5ea3b8 getsockname
0x5ea3bc WSAStartup
0x5ea3c0 ntohl
0x5ea3c4 gethostname
0x5ea3c8 sendto
0x5ea3cc recvfrom
0x5ea3d0 WSAEventSelect
0x5ea3d4 WSAEnumNetworkEvents
0x5ea3d8 WSACleanup
0x5ea3dc WSAGetLastError
0x5ea3e0 WSACreateEvent
0x5ea3e4 getaddrinfo
0x5ea3e8 WSACloseEvent
0x5ea3ec freeaddrinfo
0x5ea3f0 htonl
0x5ea3f4 recv
0x5ea3f8 send
0x5ea3fc select
0x5ea400 WSASetLastError
0x5ea404 __WSAFDIsSet
0x5ea408 accept
0x5ea40c ind
0x5ea410 WSAIoctl
0x5ea414 htons
0x5ea418 getpeername
0x5ea41c socket
0x5ea420 closesocket
0x5ea424 setsockopt
0x5ea428 connect
0x5ea42c listen
WLDAP32.dll
0x5ea360 None
0x5ea364 None
0x5ea368 None
0x5ea36c None
0x5ea370 None
0x5ea374 None
0x5ea378 None
0x5ea37c None
0x5ea380 None
0x5ea384 None
0x5ea388 None
0x5ea38c None
0x5ea390 None
0x5ea394 None
0x5ea398 None
0x5ea39c None
0x5ea3a0 None
0x5ea3a4 None
Normaliz.dll
0x5ea2e0 IdnToAscii
EAT(Export Address Table) is none