ScreenShot
| Created | 2021.09.28 16:04 | Machine | s1_win7_x6401 |
| Filename | soft.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, @J0@a8Tq9imO, Attribute, HighConfidence, Raccoon, Generic ML PUA, Sabsik, Static AI, Malicious PE, Generic@ML, RDML, kTtX7Zdkgx89dASZ, T5Vig) | ||
| md5 | 82f7734fef8ee0789cf270f292651cbe | ||
| sha256 | 9d8f04bd64b81ed3367def9f74a8a98e9a868f30db9433a9ef37b481394c9046 | ||
| ssdeep | 98304:62RwWMe+Sml+unSwywZ+741ksvzTciQoS9BTdrlv9z/8nltrM0C:S6+t3SpjsvzTJrSvz9Uf6 | ||
| imphash | cd827b8586176b67403fab26f5e0d605 | ||
| impfuzzy | 96:WrznXQjOqeX23mGz8v0LVGxgcpVeceb4nlEHdkNAM6lY/1AXB+Zcp+qjOGXtpl94:wjX2eX2A9e8lAdkNeYeR+oEZcg | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x88a000 WaitForSingleObject
0x88a004 GetModuleHandleA
0x88a008 GetLocaleInfoA
0x88a00c Sleep
0x88a010 RemoveDirectoryTransactedA
0x88a014 GetUserDefaultLCID
0x88a018 CreateThread
0x88a01c GetLastError
0x88a020 DeleteFileA
0x88a024 HeapAlloc
0x88a028 lstrcpynA
0x88a02c lstrcmpiW
0x88a030 GetModuleFileNameA
0x88a034 GetCurrentProcess
0x88a038 GetSystemPowerStatus
0x88a03c CreateMutexA
0x88a040 OpenProcess
0x88a044 CreateToolhelp32Snapshot
0x88a048 MultiByteToWideChar
0x88a04c GetSystemWow64DirectoryW
0x88a050 GetTimeZoneInformation
0x88a054 OpenMutexA
0x88a058 Process32NextW
0x88a05c GlobalAlloc
0x88a060 GetEnvironmentVariableA
0x88a064 Process32FirstW
0x88a068 GlobalFree
0x88a06c GetSystemInfo
0x88a070 GetLogicalDriveStringsA
0x88a074 GlobalMemoryStatusEx
0x88a078 WideCharToMultiByte
0x88a07c CreateProcessA
0x88a080 GetComputerNameA
0x88a084 UnmapViewOfFile
0x88a088 GetFileInformationByHandle
0x88a08c CloseHandle
0x88a090 GetLocalTime
0x88a094 CreateFileMappingA
0x88a098 MapViewOfFile
0x88a09c GetTickCount
0x88a0a0 SetStdHandle
0x88a0a4 FreeEnvironmentStringsW
0x88a0a8 GetEnvironmentStringsW
0x88a0ac GetOEMCP
0x88a0b0 GetACP
0x88a0b4 IsValidCodePage
0x88a0b8 HeapReAlloc
0x88a0bc OutputDebugStringW
0x88a0c0 lstrlenA
0x88a0c4 GetFileSize
0x88a0c8 lstrcpyW
0x88a0cc lstrcatW
0x88a0d0 GetVersionExW
0x88a0d4 lstrlenW
0x88a0d8 CreateDirectoryA
0x88a0dc lstrcpyA
0x88a0e0 SystemTimeToFileTime
0x88a0e4 CreateFileA
0x88a0e8 GetFileAttributesA
0x88a0ec LocalFileTimeToFileTime
0x88a0f0 SetCurrentDirectoryA
0x88a0f4 GetCurrentDirectoryA
0x88a0f8 SetFilePointer
0x88a0fc SetFileTime
0x88a100 WriteFile
0x88a104 ReadFile
0x88a108 FindClose
0x88a10c GetDriveTypeA
0x88a110 CopyFileTransactedA
0x88a114 FreeLibrary
0x88a118 GetProcessHeap
0x88a11c LocalFree
0x88a120 GetProcAddress
0x88a124 LoadLibraryA
0x88a128 LocalAlloc
0x88a12c DeleteFileTransactedA
0x88a130 SetEnvironmentVariableW
0x88a134 ReadConsoleW
0x88a138 EnumSystemLocalesW
0x88a13c IsValidLocale
0x88a140 GetLocaleInfoW
0x88a144 LCMapStringW
0x88a148 CompareStringW
0x88a14c GetTimeFormatW
0x88a150 GetDateFormatW
0x88a154 GetConsoleMode
0x88a158 GetConsoleCP
0x88a15c FlushFileBuffers
0x88a160 GetFileSizeEx
0x88a164 HeapSize
0x88a168 GetCommandLineW
0x88a16c GetCommandLineA
0x88a170 WriteConsoleW
0x88a174 GetModuleFileNameW
0x88a178 GetFileType
0x88a17c GetStdHandle
0x88a180 GetModuleHandleExW
0x88a184 HeapFree
0x88a188 FileTimeToSystemTime
0x88a18c CreateDirectoryTransactedA
0x88a190 ExitProcess
0x88a194 LoadLibraryExW
0x88a198 TlsFree
0x88a19c TlsSetValue
0x88a1a0 TlsGetValue
0x88a1a4 TlsAlloc
0x88a1a8 InitializeCriticalSectionAndSpinCount
0x88a1ac SetLastError
0x88a1b0 RaiseException
0x88a1b4 RtlUnwind
0x88a1b8 TerminateProcess
0x88a1bc InitializeSListHead
0x88a1c0 GetSystemTimeAsFileTime
0x88a1c4 GetCurrentThreadId
0x88a1c8 GetCurrentProcessId
0x88a1cc QueryPerformanceCounter
0x88a1d0 GetModuleHandleW
0x88a1d4 GetStartupInfoW
0x88a1d8 SetUnhandledExceptionFilter
0x88a1dc UnhandledExceptionFilter
0x88a1e0 IsDebuggerPresent
0x88a1e4 IsProcessorFeaturePresent
0x88a1e8 GetCPInfo
0x88a1ec SetCurrentDirectoryW
0x88a1f0 CreateDirectoryW
0x88a1f4 CreateFileW
0x88a1f8 FindFirstFileExW
0x88a1fc FindNextFileW
0x88a200 GetFileAttributesExW
0x88a204 SetEndOfFile
0x88a208 SetFilePointerEx
0x88a20c AreFileApisANSI
0x88a210 DeviceIoControl
0x88a214 CopyFileW
0x88a218 CreateHardLinkW
0x88a21c GetFileInformationByHandleEx
0x88a220 CreateSymbolicLinkW
0x88a224 FormatMessageA
0x88a228 EnterCriticalSection
0x88a22c LeaveCriticalSection
0x88a230 InitializeCriticalSectionEx
0x88a234 DeleteCriticalSection
0x88a238 EncodePointer
0x88a23c DecodePointer
0x88a240 LCMapStringEx
0x88a244 GetStringTypeW
USER32.dll
0x88a24c wsprintfW
0x88a250 wsprintfA
0x88a254 GetWindowRect
0x88a258 GetSystemMetrics
0x88a25c GetWindowDC
0x88a260 EnumDisplayDevicesA
0x88a264 GetDesktopWindow
GDI32.dll
0x88a26c BitBlt
0x88a270 SaveDC
0x88a274 SelectObject
0x88a278 CreateDIBSection
0x88a27c CreateCompatibleDC
0x88a280 GetDeviceCaps
0x88a284 DeleteDC
0x88a288 RestoreDC
0x88a28c DeleteObject
ADVAPI32.dll
0x88a294 GetTokenInformation
0x88a298 CryptGetHashParam
0x88a29c CryptDestroyHash
0x88a2a0 RegQueryValueExA
0x88a2a4 GetUserNameA
0x88a2a8 CreateProcessWithTokenW
0x88a2ac OpenProcessToken
0x88a2b0 RegOpenKeyExA
0x88a2b4 ConvertSidToStringSidW
0x88a2b8 DuplicateTokenEx
0x88a2bc RegQueryValueExW
0x88a2c0 CryptReleaseContext
0x88a2c4 RegCloseKey
0x88a2c8 RegEnumKeyExW
0x88a2cc RegOpenKeyExW
0x88a2d0 CryptAcquireContextA
0x88a2d4 CredEnumerateW
0x88a2d8 CredFree
0x88a2dc CryptCreateHash
0x88a2e0 CryptHashData
SHELL32.dll
0x88a2e8 SHGetFolderPathA
0x88a2ec ShellExecuteA
0x88a2f0 SHGetSpecialFolderPathW
ole32.dll
0x88a2f8 CoInitialize
0x88a2fc CoUninitialize
0x88a300 CoTaskMemFree
0x88a304 CoCreateInstance
USERENV.dll
0x88a30c GetUserProfileDirectoryA
ktmw32.dll
0x88a314 CreateTransaction
0x88a318 RollbackTransaction
0x88a31c CommitTransaction
crypt.dll
0x88a324 BCryptDecrypt
0x88a328 BCryptDestroyKey
0x88a32c BCryptGenerateSymmetricKey
0x88a330 BCryptOpenAlgorithmProvider
0x88a334 BCryptCloseAlgorithmProvider
0x88a338 BCryptSetProperty
CRYPT32.dll
0x88a340 CryptStringToBinaryA
0x88a344 CryptUnprotectData
SHLWAPI.dll
0x88a34c StrCmpNW
0x88a350 StrToIntA
0x88a354 StrStrIW
WINHTTP.dll
0x88a35c WinHttpSendRequest
0x88a360 WinHttpConnect
0x88a364 WinHttpQueryDataAvailable
0x88a368 WinHttpOpenRequest
0x88a36c WinHttpCloseHandle
0x88a370 WinHttpOpen
0x88a374 WinHttpSetOption
0x88a378 WinHttpReceiveResponse
0x88a37c WinHttpReadData
gdiplus.dll
0x88a384 GdiplusStartup
0x88a388 GdipGetImageEncodersSize
0x88a38c GdipFree
0x88a390 GdipDisposeImage
0x88a394 GdipCreateBitmapFromHBITMAP
0x88a398 GdipAlloc
0x88a39c GdipCloneImage
0x88a3a0 GdipGetImageEncoders
0x88a3a4 GdiplusShutdown
0x88a3a8 GdipSaveImageToFile
WTSAPI32.dll
0x88a3b0 WTSSendMessageW
KERNEL32.dll
0x88a3b8 VirtualQuery
0x88a3bc GetSystemTimeAsFileTime
0x88a3c0 GetModuleHandleA
0x88a3c4 CreateEventA
0x88a3c8 GetModuleFileNameW
0x88a3cc LoadLibraryA
0x88a3d0 TerminateProcess
0x88a3d4 GetCurrentProcess
0x88a3d8 CreateToolhelp32Snapshot
0x88a3dc Thread32First
0x88a3e0 GetCurrentProcessId
0x88a3e4 GetCurrentThreadId
0x88a3e8 OpenThread
0x88a3ec Thread32Next
0x88a3f0 CloseHandle
0x88a3f4 SuspendThread
0x88a3f8 ResumeThread
0x88a3fc WriteProcessMemory
0x88a400 GetSystemInfo
0x88a404 VirtualAlloc
0x88a408 VirtualProtect
0x88a40c VirtualFree
0x88a410 GetProcessAffinityMask
0x88a414 SetProcessAffinityMask
0x88a418 GetCurrentThread
0x88a41c SetThreadAffinityMask
0x88a420 Sleep
0x88a424 FreeLibrary
0x88a428 GetTickCount
0x88a42c SystemTimeToFileTime
0x88a430 FileTimeToSystemTime
0x88a434 GlobalFree
0x88a438 LocalAlloc
0x88a43c LocalFree
0x88a440 GetProcAddress
0x88a444 ExitProcess
0x88a448 EnterCriticalSection
0x88a44c LeaveCriticalSection
0x88a450 InitializeCriticalSection
0x88a454 DeleteCriticalSection
0x88a458 GetModuleHandleW
0x88a45c LoadResource
0x88a460 MultiByteToWideChar
0x88a464 FindResourceExW
0x88a468 FindResourceExA
0x88a46c WideCharToMultiByte
0x88a470 GetThreadLocale
0x88a474 GetUserDefaultLCID
0x88a478 GetSystemDefaultLCID
0x88a47c EnumResourceNamesA
0x88a480 EnumResourceNamesW
0x88a484 EnumResourceLanguagesA
0x88a488 EnumResourceLanguagesW
0x88a48c EnumResourceTypesA
0x88a490 EnumResourceTypesW
0x88a494 CreateFileW
0x88a498 LoadLibraryW
0x88a49c GetLastError
0x88a4a0 FlushFileBuffers
0x88a4a4 CreateFileA
0x88a4a8 WriteConsoleW
0x88a4ac GetConsoleOutputCP
0x88a4b0 WriteConsoleA
0x88a4b4 GetCommandLineA
0x88a4b8 RaiseException
0x88a4bc RtlUnwind
0x88a4c0 HeapFree
0x88a4c4 GetCPInfo
0x88a4c8 InterlockedIncrement
0x88a4cc InterlockedDecrement
0x88a4d0 GetACP
0x88a4d4 GetOEMCP
0x88a4d8 IsValidCodePage
0x88a4dc TlsGetValue
0x88a4e0 TlsAlloc
0x88a4e4 TlsSetValue
0x88a4e8 TlsFree
0x88a4ec SetLastError
0x88a4f0 UnhandledExceptionFilter
0x88a4f4 SetUnhandledExceptionFilter
0x88a4f8 IsDebuggerPresent
0x88a4fc HeapAlloc
0x88a500 LCMapStringA
0x88a504 LCMapStringW
0x88a508 SetHandleCount
0x88a50c GetStdHandle
0x88a510 GetFileType
0x88a514 GetStartupInfoA
0x88a518 GetModuleFileNameA
0x88a51c FreeEnvironmentStringsA
0x88a520 GetEnvironmentStrings
0x88a524 FreeEnvironmentStringsW
0x88a528 GetEnvironmentStringsW
0x88a52c HeapCreate
0x88a530 HeapDestroy
0x88a534 QueryPerformanceCounter
0x88a538 HeapReAlloc
0x88a53c GetStringTypeA
0x88a540 GetStringTypeW
0x88a544 GetLocaleInfoA
0x88a548 HeapSize
0x88a54c WriteFile
0x88a550 SetFilePointer
0x88a554 GetConsoleCP
0x88a558 GetConsoleMode
0x88a55c InitializeCriticalSectionAndSpinCount
0x88a560 SetStdHandle
USER32.dll
0x88a568 GetProcessWindowStation
0x88a56c GetUserObjectInformationW
0x88a570 CharUpperBuffW
0x88a574 MessageBoxW
KERNEL32.dll
0x88a57c LocalAlloc
0x88a580 LocalFree
0x88a584 GetModuleFileNameW
0x88a588 GetProcessAffinityMask
0x88a58c SetProcessAffinityMask
0x88a590 SetThreadAffinityMask
0x88a594 Sleep
0x88a598 ExitProcess
0x88a59c FreeLibrary
0x88a5a0 LoadLibraryA
0x88a5a4 GetModuleHandleA
0x88a5a8 GetProcAddress
USER32.dll
0x88a5b0 GetProcessWindowStation
0x88a5b4 GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.dll
0x88a000 WaitForSingleObject
0x88a004 GetModuleHandleA
0x88a008 GetLocaleInfoA
0x88a00c Sleep
0x88a010 RemoveDirectoryTransactedA
0x88a014 GetUserDefaultLCID
0x88a018 CreateThread
0x88a01c GetLastError
0x88a020 DeleteFileA
0x88a024 HeapAlloc
0x88a028 lstrcpynA
0x88a02c lstrcmpiW
0x88a030 GetModuleFileNameA
0x88a034 GetCurrentProcess
0x88a038 GetSystemPowerStatus
0x88a03c CreateMutexA
0x88a040 OpenProcess
0x88a044 CreateToolhelp32Snapshot
0x88a048 MultiByteToWideChar
0x88a04c GetSystemWow64DirectoryW
0x88a050 GetTimeZoneInformation
0x88a054 OpenMutexA
0x88a058 Process32NextW
0x88a05c GlobalAlloc
0x88a060 GetEnvironmentVariableA
0x88a064 Process32FirstW
0x88a068 GlobalFree
0x88a06c GetSystemInfo
0x88a070 GetLogicalDriveStringsA
0x88a074 GlobalMemoryStatusEx
0x88a078 WideCharToMultiByte
0x88a07c CreateProcessA
0x88a080 GetComputerNameA
0x88a084 UnmapViewOfFile
0x88a088 GetFileInformationByHandle
0x88a08c CloseHandle
0x88a090 GetLocalTime
0x88a094 CreateFileMappingA
0x88a098 MapViewOfFile
0x88a09c GetTickCount
0x88a0a0 SetStdHandle
0x88a0a4 FreeEnvironmentStringsW
0x88a0a8 GetEnvironmentStringsW
0x88a0ac GetOEMCP
0x88a0b0 GetACP
0x88a0b4 IsValidCodePage
0x88a0b8 HeapReAlloc
0x88a0bc OutputDebugStringW
0x88a0c0 lstrlenA
0x88a0c4 GetFileSize
0x88a0c8 lstrcpyW
0x88a0cc lstrcatW
0x88a0d0 GetVersionExW
0x88a0d4 lstrlenW
0x88a0d8 CreateDirectoryA
0x88a0dc lstrcpyA
0x88a0e0 SystemTimeToFileTime
0x88a0e4 CreateFileA
0x88a0e8 GetFileAttributesA
0x88a0ec LocalFileTimeToFileTime
0x88a0f0 SetCurrentDirectoryA
0x88a0f4 GetCurrentDirectoryA
0x88a0f8 SetFilePointer
0x88a0fc SetFileTime
0x88a100 WriteFile
0x88a104 ReadFile
0x88a108 FindClose
0x88a10c GetDriveTypeA
0x88a110 CopyFileTransactedA
0x88a114 FreeLibrary
0x88a118 GetProcessHeap
0x88a11c LocalFree
0x88a120 GetProcAddress
0x88a124 LoadLibraryA
0x88a128 LocalAlloc
0x88a12c DeleteFileTransactedA
0x88a130 SetEnvironmentVariableW
0x88a134 ReadConsoleW
0x88a138 EnumSystemLocalesW
0x88a13c IsValidLocale
0x88a140 GetLocaleInfoW
0x88a144 LCMapStringW
0x88a148 CompareStringW
0x88a14c GetTimeFormatW
0x88a150 GetDateFormatW
0x88a154 GetConsoleMode
0x88a158 GetConsoleCP
0x88a15c FlushFileBuffers
0x88a160 GetFileSizeEx
0x88a164 HeapSize
0x88a168 GetCommandLineW
0x88a16c GetCommandLineA
0x88a170 WriteConsoleW
0x88a174 GetModuleFileNameW
0x88a178 GetFileType
0x88a17c GetStdHandle
0x88a180 GetModuleHandleExW
0x88a184 HeapFree
0x88a188 FileTimeToSystemTime
0x88a18c CreateDirectoryTransactedA
0x88a190 ExitProcess
0x88a194 LoadLibraryExW
0x88a198 TlsFree
0x88a19c TlsSetValue
0x88a1a0 TlsGetValue
0x88a1a4 TlsAlloc
0x88a1a8 InitializeCriticalSectionAndSpinCount
0x88a1ac SetLastError
0x88a1b0 RaiseException
0x88a1b4 RtlUnwind
0x88a1b8 TerminateProcess
0x88a1bc InitializeSListHead
0x88a1c0 GetSystemTimeAsFileTime
0x88a1c4 GetCurrentThreadId
0x88a1c8 GetCurrentProcessId
0x88a1cc QueryPerformanceCounter
0x88a1d0 GetModuleHandleW
0x88a1d4 GetStartupInfoW
0x88a1d8 SetUnhandledExceptionFilter
0x88a1dc UnhandledExceptionFilter
0x88a1e0 IsDebuggerPresent
0x88a1e4 IsProcessorFeaturePresent
0x88a1e8 GetCPInfo
0x88a1ec SetCurrentDirectoryW
0x88a1f0 CreateDirectoryW
0x88a1f4 CreateFileW
0x88a1f8 FindFirstFileExW
0x88a1fc FindNextFileW
0x88a200 GetFileAttributesExW
0x88a204 SetEndOfFile
0x88a208 SetFilePointerEx
0x88a20c AreFileApisANSI
0x88a210 DeviceIoControl
0x88a214 CopyFileW
0x88a218 CreateHardLinkW
0x88a21c GetFileInformationByHandleEx
0x88a220 CreateSymbolicLinkW
0x88a224 FormatMessageA
0x88a228 EnterCriticalSection
0x88a22c LeaveCriticalSection
0x88a230 InitializeCriticalSectionEx
0x88a234 DeleteCriticalSection
0x88a238 EncodePointer
0x88a23c DecodePointer
0x88a240 LCMapStringEx
0x88a244 GetStringTypeW
USER32.dll
0x88a24c wsprintfW
0x88a250 wsprintfA
0x88a254 GetWindowRect
0x88a258 GetSystemMetrics
0x88a25c GetWindowDC
0x88a260 EnumDisplayDevicesA
0x88a264 GetDesktopWindow
GDI32.dll
0x88a26c BitBlt
0x88a270 SaveDC
0x88a274 SelectObject
0x88a278 CreateDIBSection
0x88a27c CreateCompatibleDC
0x88a280 GetDeviceCaps
0x88a284 DeleteDC
0x88a288 RestoreDC
0x88a28c DeleteObject
ADVAPI32.dll
0x88a294 GetTokenInformation
0x88a298 CryptGetHashParam
0x88a29c CryptDestroyHash
0x88a2a0 RegQueryValueExA
0x88a2a4 GetUserNameA
0x88a2a8 CreateProcessWithTokenW
0x88a2ac OpenProcessToken
0x88a2b0 RegOpenKeyExA
0x88a2b4 ConvertSidToStringSidW
0x88a2b8 DuplicateTokenEx
0x88a2bc RegQueryValueExW
0x88a2c0 CryptReleaseContext
0x88a2c4 RegCloseKey
0x88a2c8 RegEnumKeyExW
0x88a2cc RegOpenKeyExW
0x88a2d0 CryptAcquireContextA
0x88a2d4 CredEnumerateW
0x88a2d8 CredFree
0x88a2dc CryptCreateHash
0x88a2e0 CryptHashData
SHELL32.dll
0x88a2e8 SHGetFolderPathA
0x88a2ec ShellExecuteA
0x88a2f0 SHGetSpecialFolderPathW
ole32.dll
0x88a2f8 CoInitialize
0x88a2fc CoUninitialize
0x88a300 CoTaskMemFree
0x88a304 CoCreateInstance
USERENV.dll
0x88a30c GetUserProfileDirectoryA
ktmw32.dll
0x88a314 CreateTransaction
0x88a318 RollbackTransaction
0x88a31c CommitTransaction
crypt.dll
0x88a324 BCryptDecrypt
0x88a328 BCryptDestroyKey
0x88a32c BCryptGenerateSymmetricKey
0x88a330 BCryptOpenAlgorithmProvider
0x88a334 BCryptCloseAlgorithmProvider
0x88a338 BCryptSetProperty
CRYPT32.dll
0x88a340 CryptStringToBinaryA
0x88a344 CryptUnprotectData
SHLWAPI.dll
0x88a34c StrCmpNW
0x88a350 StrToIntA
0x88a354 StrStrIW
WINHTTP.dll
0x88a35c WinHttpSendRequest
0x88a360 WinHttpConnect
0x88a364 WinHttpQueryDataAvailable
0x88a368 WinHttpOpenRequest
0x88a36c WinHttpCloseHandle
0x88a370 WinHttpOpen
0x88a374 WinHttpSetOption
0x88a378 WinHttpReceiveResponse
0x88a37c WinHttpReadData
gdiplus.dll
0x88a384 GdiplusStartup
0x88a388 GdipGetImageEncodersSize
0x88a38c GdipFree
0x88a390 GdipDisposeImage
0x88a394 GdipCreateBitmapFromHBITMAP
0x88a398 GdipAlloc
0x88a39c GdipCloneImage
0x88a3a0 GdipGetImageEncoders
0x88a3a4 GdiplusShutdown
0x88a3a8 GdipSaveImageToFile
WTSAPI32.dll
0x88a3b0 WTSSendMessageW
KERNEL32.dll
0x88a3b8 VirtualQuery
0x88a3bc GetSystemTimeAsFileTime
0x88a3c0 GetModuleHandleA
0x88a3c4 CreateEventA
0x88a3c8 GetModuleFileNameW
0x88a3cc LoadLibraryA
0x88a3d0 TerminateProcess
0x88a3d4 GetCurrentProcess
0x88a3d8 CreateToolhelp32Snapshot
0x88a3dc Thread32First
0x88a3e0 GetCurrentProcessId
0x88a3e4 GetCurrentThreadId
0x88a3e8 OpenThread
0x88a3ec Thread32Next
0x88a3f0 CloseHandle
0x88a3f4 SuspendThread
0x88a3f8 ResumeThread
0x88a3fc WriteProcessMemory
0x88a400 GetSystemInfo
0x88a404 VirtualAlloc
0x88a408 VirtualProtect
0x88a40c VirtualFree
0x88a410 GetProcessAffinityMask
0x88a414 SetProcessAffinityMask
0x88a418 GetCurrentThread
0x88a41c SetThreadAffinityMask
0x88a420 Sleep
0x88a424 FreeLibrary
0x88a428 GetTickCount
0x88a42c SystemTimeToFileTime
0x88a430 FileTimeToSystemTime
0x88a434 GlobalFree
0x88a438 LocalAlloc
0x88a43c LocalFree
0x88a440 GetProcAddress
0x88a444 ExitProcess
0x88a448 EnterCriticalSection
0x88a44c LeaveCriticalSection
0x88a450 InitializeCriticalSection
0x88a454 DeleteCriticalSection
0x88a458 GetModuleHandleW
0x88a45c LoadResource
0x88a460 MultiByteToWideChar
0x88a464 FindResourceExW
0x88a468 FindResourceExA
0x88a46c WideCharToMultiByte
0x88a470 GetThreadLocale
0x88a474 GetUserDefaultLCID
0x88a478 GetSystemDefaultLCID
0x88a47c EnumResourceNamesA
0x88a480 EnumResourceNamesW
0x88a484 EnumResourceLanguagesA
0x88a488 EnumResourceLanguagesW
0x88a48c EnumResourceTypesA
0x88a490 EnumResourceTypesW
0x88a494 CreateFileW
0x88a498 LoadLibraryW
0x88a49c GetLastError
0x88a4a0 FlushFileBuffers
0x88a4a4 CreateFileA
0x88a4a8 WriteConsoleW
0x88a4ac GetConsoleOutputCP
0x88a4b0 WriteConsoleA
0x88a4b4 GetCommandLineA
0x88a4b8 RaiseException
0x88a4bc RtlUnwind
0x88a4c0 HeapFree
0x88a4c4 GetCPInfo
0x88a4c8 InterlockedIncrement
0x88a4cc InterlockedDecrement
0x88a4d0 GetACP
0x88a4d4 GetOEMCP
0x88a4d8 IsValidCodePage
0x88a4dc TlsGetValue
0x88a4e0 TlsAlloc
0x88a4e4 TlsSetValue
0x88a4e8 TlsFree
0x88a4ec SetLastError
0x88a4f0 UnhandledExceptionFilter
0x88a4f4 SetUnhandledExceptionFilter
0x88a4f8 IsDebuggerPresent
0x88a4fc HeapAlloc
0x88a500 LCMapStringA
0x88a504 LCMapStringW
0x88a508 SetHandleCount
0x88a50c GetStdHandle
0x88a510 GetFileType
0x88a514 GetStartupInfoA
0x88a518 GetModuleFileNameA
0x88a51c FreeEnvironmentStringsA
0x88a520 GetEnvironmentStrings
0x88a524 FreeEnvironmentStringsW
0x88a528 GetEnvironmentStringsW
0x88a52c HeapCreate
0x88a530 HeapDestroy
0x88a534 QueryPerformanceCounter
0x88a538 HeapReAlloc
0x88a53c GetStringTypeA
0x88a540 GetStringTypeW
0x88a544 GetLocaleInfoA
0x88a548 HeapSize
0x88a54c WriteFile
0x88a550 SetFilePointer
0x88a554 GetConsoleCP
0x88a558 GetConsoleMode
0x88a55c InitializeCriticalSectionAndSpinCount
0x88a560 SetStdHandle
USER32.dll
0x88a568 GetProcessWindowStation
0x88a56c GetUserObjectInformationW
0x88a570 CharUpperBuffW
0x88a574 MessageBoxW
KERNEL32.dll
0x88a57c LocalAlloc
0x88a580 LocalFree
0x88a584 GetModuleFileNameW
0x88a588 GetProcessAffinityMask
0x88a58c SetProcessAffinityMask
0x88a590 SetThreadAffinityMask
0x88a594 Sleep
0x88a598 ExitProcess
0x88a59c FreeLibrary
0x88a5a0 LoadLibraryA
0x88a5a4 GetModuleHandleA
0x88a5a8 GetProcAddress
USER32.dll
0x88a5b0 GetProcessWindowStation
0x88a5b4 GetUserObjectInformationW
EAT(Export Address Table) is none