ScreenShot
| Created | 2021.10.22 09:26 | Machine | s1_win7_x6401 |
| Filename | wxm.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (Miner, malicious, high confidence, Tool, BtcMine, Artemis, Unsafe, Coinminer, Eldorado, BitMiner, jbpnmf, XMRig Miner, ApplicUnwnt@#x8zpfpr4hf01, Xmrig, RiskTool, Convagent, susgen, AGEN, ASMalwS, score, Miner3, Misc, ai score=100, BitCoinMiner, HackTool, XMRMiner, CLASSIC, Static AI, Malicious PE, confidence) | ||
| md5 | f0cf1d3d9ed23166ff6c1f3deece19b4 | ||
| sha256 | 0663d70411a20340f184ae3b47138b33ac398c800920e4d976ae609b60522b01 | ||
| ssdeep | 98304:Hf8WSHqjQrScap+JvvW8vCeNDzml+UxHVP9kfYs:kprvvdvCeNe+Ux1qfYs | ||
| imphash | c71fd4ac3dac447f8cc9080b64821506 | ||
| impfuzzy | 96:RA75PzSX1Dj3cpejwguSTdky3IvX2rG8R6hFpXu+GBgiM38dWXqohgqrbnshXJg:a52F3bw2dkr216hHeXE+Wrrb2XW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x1403168b8 shutdown
0x1403168c0 ntohs
0x1403168c8 recv
0x1403168d0 select
0x1403168d8 WSARecvFrom
0x1403168e0 WSASocketW
0x1403168e8 WSASend
0x1403168f0 WSARecv
0x1403168f8 WSAIoctl
0x140316900 WSADuplicateSocketW
0x140316908 htons
0x140316910 getpeername
0x140316918 FreeAddrInfoW
0x140316920 GetAddrInfoW
0x140316928 gethostname
0x140316930 htonl
0x140316938 socket
0x140316940 setsockopt
0x140316948 listen
0x140316950 closesocket
0x140316958 ind
0x140316960 WSACleanup
0x140316968 WSAStartup
0x140316970 getsockopt
0x140316978 getsockname
0x140316980 ioctlsocket
0x140316988 WSAGetLastError
0x140316990 WSASetLastError
0x140316998 send
IPHLPAPI.DLL
0x140316150 GetAdaptersAddresses
USERENV.dll
0x1403168a8 GetUserProfileDirectoryW
CRYPT32.dll
0x140316110 CertOpenStore
0x140316118 CertCloseStore
0x140316120 CertEnumCertificatesInStore
0x140316128 CertGetCertificateContextProperty
0x140316130 CertDuplicateCertificateContext
0x140316138 CertFreeCertificateContext
0x140316140 CertFindCertificateInStore
KERNEL32.dll
0x140316160 SetConsoleMode
0x140316168 GetConsoleMode
0x140316170 SizeofResource
0x140316178 LockResource
0x140316180 LoadResource
0x140316188 FindResourceW
0x140316190 ExpandEnvironmentStringsA
0x140316198 GetSystemFirmwareTable
0x1403161a0 HeapFree
0x1403161a8 HeapAlloc
0x1403161b0 GetProcessHeap
0x1403161b8 MultiByteToWideChar
0x1403161c0 SetPriorityClass
0x1403161c8 GetCurrentProcess
0x1403161d0 SetThreadPriority
0x1403161d8 GetSystemPowerStatus
0x1403161e0 GetCurrentThread
0x1403161e8 GetProcAddress
0x1403161f0 GetModuleHandleW
0x1403161f8 GetTickCount
0x140316200 CloseHandle
0x140316208 FreeConsole
0x140316210 GetConsoleWindow
0x140316218 VirtualProtect
0x140316220 VirtualFree
0x140316228 VirtualAlloc
0x140316230 GetLargePageMinimum
0x140316238 LocalAlloc
0x140316240 GetLastError
0x140316248 LocalFree
0x140316250 FlushInstructionCache
0x140316258 GetCurrentThreadId
0x140316260 AddVectoredExceptionHandler
0x140316268 DeviceIoControl
0x140316270 GetModuleFileNameW
0x140316278 CreateFileW
0x140316280 SetLastError
0x140316288 GetSystemTime
0x140316290 SystemTimeToFileTime
0x140316298 GetModuleHandleExW
0x1403162a0 EnterCriticalSection
0x1403162a8 LeaveCriticalSection
0x1403162b0 InitializeCriticalSectionAndSpinCount
0x1403162b8 DeleteCriticalSection
0x1403162c0 TlsAlloc
0x1403162c8 TlsGetValue
0x1403162d0 TlsSetValue
0x1403162d8 TlsFree
0x1403162e0 SwitchToFiber
0x1403162e8 DeleteFiber
0x1403162f0 CreateFiber
0x1403162f8 FindClose
0x140316300 FindFirstFileW
0x140316308 FindNextFileW
0x140316310 WideCharToMultiByte
0x140316318 GetFileType
0x140316320 WriteFile
0x140316328 ConvertFiberToThread
0x140316330 ConvertThreadToFiber
0x140316338 QueryPerformanceCounter
0x140316340 GetCurrentProcessId
0x140316348 GetSystemTimeAsFileTime
0x140316350 FreeLibrary
0x140316358 LoadLibraryA
0x140316360 LoadLibraryW
0x140316368 GetEnvironmentVariableW
0x140316370 ReadConsoleA
0x140316378 ReadConsoleW
0x140316380 PostQueuedCompletionStatus
0x140316388 CreateFileA
0x140316390 DuplicateHandle
0x140316398 SetEvent
0x1403163a0 ResetEvent
0x1403163a8 WaitForSingleObject
0x1403163b0 CreateEventA
0x1403163b8 Sleep
0x1403163c0 QueueUserWorkItem
0x1403163c8 RegisterWaitForSingleObject
0x1403163d0 UnregisterWait
0x1403163d8 GetNumberOfConsoleInputEvents
0x1403163e0 ReadConsoleInputW
0x1403163e8 FillConsoleOutputCharacterW
0x1403163f0 FillConsoleOutputAttribute
0x1403163f8 GetConsoleCursorInfo
0x140316400 SetConsoleCursorInfo
0x140316408 GetConsoleScreenBufferInfo
0x140316410 SetConsoleCursorPosition
0x140316418 SetConsoleTextAttribute
0x140316420 WriteConsoleInputW
0x140316428 VerSetConditionMask
0x140316430 GetEnvironmentStringsW
0x140316438 FreeEnvironmentStringsW
0x140316440 SetUnhandledExceptionFilter
0x140316448 SetCurrentDirectoryW
0x140316450 SetConsoleTitleA
0x140316458 GetTempPathW
0x140316460 QueryPerformanceFrequency
0x140316468 InitializeCriticalSection
0x140316470 GlobalMemoryStatusEx
0x140316478 GetSystemInfo
0x140316480 VerifyVersionInfoA
0x140316488 FileTimeToSystemTime
0x140316490 K32GetProcessMemoryInfo
0x140316498 CreateDirectoryW
0x1403164a0 FlushFileBuffers
0x1403164a8 GetDiskFreeSpaceW
0x1403164b0 GetFileAttributesW
0x1403164b8 GetFileInformationByHandle
0x1403164c0 GetFileSizeEx
0x1403164c8 GetFinalPathNameByHandleW
0x1403164d0 GetFullPathNameW
0x1403164d8 ReadFile
0x1403164e0 RemoveDirectoryW
0x1403164e8 SetFilePointerEx
0x1403164f0 SetFileTime
0x1403164f8 MapViewOfFile
0x140316500 FlushViewOfFile
0x140316508 UnmapViewOfFile
0x140316510 CreateFileMappingA
0x140316518 ReOpenFile
0x140316520 CopyFileW
0x140316528 MoveFileExW
0x140316530 CreateHardLinkW
0x140316538 RtlUnwind
0x140316540 CreateSymbolicLinkW
0x140316548 SetConsoleCtrlHandler
0x140316550 GetLongPathNameW
0x140316558 GetShortPathNameW
0x140316560 CreateIoCompletionPort
0x140316568 ReadDirectoryChangesW
0x140316570 SetHandleInformation
0x140316578 CancelIo
0x140316580 SwitchToThread
0x140316588 SetFileCompletionNotificationModes
0x140316590 LoadLibraryExW
0x140316598 FormatMessageA
0x1403165a0 SetErrorMode
0x1403165a8 GetQueuedCompletionStatus
0x1403165b0 ConnectNamedPipe
0x1403165b8 PeekNamedPipe
0x1403165c0 CreateNamedPipeW
0x1403165c8 CancelIoEx
0x1403165d0 CancelSynchronousIo
0x1403165d8 TerminateProcess
0x1403165e0 GetExitCodeProcess
0x1403165e8 UnregisterWaitEx
0x1403165f0 LCMapStringW
0x1403165f8 DebugBreak
0x140316600 TryEnterCriticalSection
0x140316608 InitializeConditionVariable
0x140316610 WakeConditionVariable
0x140316618 WakeAllConditionVariable
0x140316620 SleepConditionVariableCS
0x140316628 ReleaseSemaphore
0x140316630 ResumeThread
0x140316638 GetNativeSystemInfo
0x140316640 CreateSemaphoreA
0x140316648 GetModuleHandleA
0x140316650 GetStartupInfoW
0x140316658 GetModuleFileNameA
0x140316660 GetVersionExA
0x140316668 GetProcessAffinityMask
0x140316670 SetProcessAffinityMask
0x140316678 SetThreadAffinityMask
0x140316680 GetComputerNameA
0x140316688 RtlVirtualUnwind
0x140316690 RtlLookupFunctionEntry
0x140316698 RtlCaptureContext
0x1403166a0 CreateEventW
0x1403166a8 GetStringTypeW
0x1403166b0 GetStdHandle
0x1403166b8 WriteConsoleW
0x1403166c0 GetCurrentDirectoryW
0x1403166c8 UnhandledExceptionFilter
0x1403166d0 IsProcessorFeaturePresent
0x1403166d8 IsDebuggerPresent
0x1403166e0 InitializeSListHead
0x1403166e8 RtlUnwindEx
0x1403166f0 RtlPcToFileHeader
0x1403166f8 RaiseException
0x140316700 SetStdHandle
0x140316708 GetCommandLineA
0x140316710 GetCommandLineW
0x140316718 CreateThread
0x140316720 ExitThread
0x140316728 FreeLibraryAndExitThread
0x140316730 GetDriveTypeW
0x140316738 SystemTimeToTzSpecificLocalTime
0x140316740 ExitProcess
0x140316748 GetFileAttributesExW
0x140316750 SetFileAttributesW
0x140316758 GetConsoleCP
0x140316760 CompareStringW
0x140316768 GetLocaleInfoW
0x140316770 IsValidLocale
0x140316778 GetUserDefaultLCID
0x140316780 EnumSystemLocalesW
0x140316788 HeapReAlloc
0x140316790 GetTimeZoneInformation
0x140316798 HeapSize
0x1403167a0 SetEndOfFile
0x1403167a8 FindFirstFileExW
0x1403167b0 IsValidCodePage
0x1403167b8 GetACP
0x1403167c0 GetOEMCP
0x1403167c8 SetEnvironmentVariableW
0x1403167d0 GetFileInformationByHandleEx
0x1403167d8 InitializeSRWLock
0x1403167e0 ReleaseSRWLockExclusive
0x1403167e8 AcquireSRWLockExclusive
0x1403167f0 InitializeCriticalSectionEx
0x1403167f8 WaitForSingleObjectEx
0x140316800 GetExitCodeThread
0x140316808 SleepConditionVariableSRW
0x140316810 EncodePointer
0x140316818 DecodePointer
0x140316820 LCMapStringEx
0x140316828 CompareStringEx
0x140316830 GetCPInfo
USER32.dll
0x140316850 GetMessageA
0x140316858 ShowWindow
0x140316860 GetSystemMetrics
0x140316868 MapVirtualKeyW
0x140316870 DispatchMessageA
0x140316878 TranslateMessage
0x140316880 GetProcessWindowStation
0x140316888 MessageBoxW
0x140316890 GetUserObjectInformationW
0x140316898 GetLastInputInfo
SHELL32.dll
0x140316840 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140316000 SystemFunction036
0x140316008 GetUserNameW
0x140316010 CryptEnumProvidersW
0x140316018 CryptSignHashW
0x140316020 CryptDestroyHash
0x140316028 CryptCreateHash
0x140316030 CryptDecrypt
0x140316038 CryptExportKey
0x140316040 CryptGetUserKey
0x140316048 CryptGetProvParam
0x140316050 CryptSetHashParam
0x140316058 CryptDestroyKey
0x140316060 CryptReleaseContext
0x140316068 CryptAcquireContextW
0x140316070 ReportEventW
0x140316078 RegisterEventSourceW
0x140316080 DeregisterEventSource
0x140316088 CreateServiceW
0x140316090 QueryServiceStatus
0x140316098 CloseServiceHandle
0x1403160a0 OpenSCManagerW
0x1403160a8 QueryServiceConfigA
0x1403160b0 DeleteService
0x1403160b8 ControlService
0x1403160c0 StartServiceW
0x1403160c8 OpenServiceW
0x1403160d0 LookupPrivilegeValueW
0x1403160d8 AdjustTokenPrivileges
0x1403160e0 OpenProcessToken
0x1403160e8 LsaOpenPolicy
0x1403160f0 LsaAddAccountRights
0x1403160f8 LsaClose
0x140316100 GetTokenInformation
crypt.dll
0x1403169a8 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x1403168b8 shutdown
0x1403168c0 ntohs
0x1403168c8 recv
0x1403168d0 select
0x1403168d8 WSARecvFrom
0x1403168e0 WSASocketW
0x1403168e8 WSASend
0x1403168f0 WSARecv
0x1403168f8 WSAIoctl
0x140316900 WSADuplicateSocketW
0x140316908 htons
0x140316910 getpeername
0x140316918 FreeAddrInfoW
0x140316920 GetAddrInfoW
0x140316928 gethostname
0x140316930 htonl
0x140316938 socket
0x140316940 setsockopt
0x140316948 listen
0x140316950 closesocket
0x140316958 ind
0x140316960 WSACleanup
0x140316968 WSAStartup
0x140316970 getsockopt
0x140316978 getsockname
0x140316980 ioctlsocket
0x140316988 WSAGetLastError
0x140316990 WSASetLastError
0x140316998 send
IPHLPAPI.DLL
0x140316150 GetAdaptersAddresses
USERENV.dll
0x1403168a8 GetUserProfileDirectoryW
CRYPT32.dll
0x140316110 CertOpenStore
0x140316118 CertCloseStore
0x140316120 CertEnumCertificatesInStore
0x140316128 CertGetCertificateContextProperty
0x140316130 CertDuplicateCertificateContext
0x140316138 CertFreeCertificateContext
0x140316140 CertFindCertificateInStore
KERNEL32.dll
0x140316160 SetConsoleMode
0x140316168 GetConsoleMode
0x140316170 SizeofResource
0x140316178 LockResource
0x140316180 LoadResource
0x140316188 FindResourceW
0x140316190 ExpandEnvironmentStringsA
0x140316198 GetSystemFirmwareTable
0x1403161a0 HeapFree
0x1403161a8 HeapAlloc
0x1403161b0 GetProcessHeap
0x1403161b8 MultiByteToWideChar
0x1403161c0 SetPriorityClass
0x1403161c8 GetCurrentProcess
0x1403161d0 SetThreadPriority
0x1403161d8 GetSystemPowerStatus
0x1403161e0 GetCurrentThread
0x1403161e8 GetProcAddress
0x1403161f0 GetModuleHandleW
0x1403161f8 GetTickCount
0x140316200 CloseHandle
0x140316208 FreeConsole
0x140316210 GetConsoleWindow
0x140316218 VirtualProtect
0x140316220 VirtualFree
0x140316228 VirtualAlloc
0x140316230 GetLargePageMinimum
0x140316238 LocalAlloc
0x140316240 GetLastError
0x140316248 LocalFree
0x140316250 FlushInstructionCache
0x140316258 GetCurrentThreadId
0x140316260 AddVectoredExceptionHandler
0x140316268 DeviceIoControl
0x140316270 GetModuleFileNameW
0x140316278 CreateFileW
0x140316280 SetLastError
0x140316288 GetSystemTime
0x140316290 SystemTimeToFileTime
0x140316298 GetModuleHandleExW
0x1403162a0 EnterCriticalSection
0x1403162a8 LeaveCriticalSection
0x1403162b0 InitializeCriticalSectionAndSpinCount
0x1403162b8 DeleteCriticalSection
0x1403162c0 TlsAlloc
0x1403162c8 TlsGetValue
0x1403162d0 TlsSetValue
0x1403162d8 TlsFree
0x1403162e0 SwitchToFiber
0x1403162e8 DeleteFiber
0x1403162f0 CreateFiber
0x1403162f8 FindClose
0x140316300 FindFirstFileW
0x140316308 FindNextFileW
0x140316310 WideCharToMultiByte
0x140316318 GetFileType
0x140316320 WriteFile
0x140316328 ConvertFiberToThread
0x140316330 ConvertThreadToFiber
0x140316338 QueryPerformanceCounter
0x140316340 GetCurrentProcessId
0x140316348 GetSystemTimeAsFileTime
0x140316350 FreeLibrary
0x140316358 LoadLibraryA
0x140316360 LoadLibraryW
0x140316368 GetEnvironmentVariableW
0x140316370 ReadConsoleA
0x140316378 ReadConsoleW
0x140316380 PostQueuedCompletionStatus
0x140316388 CreateFileA
0x140316390 DuplicateHandle
0x140316398 SetEvent
0x1403163a0 ResetEvent
0x1403163a8 WaitForSingleObject
0x1403163b0 CreateEventA
0x1403163b8 Sleep
0x1403163c0 QueueUserWorkItem
0x1403163c8 RegisterWaitForSingleObject
0x1403163d0 UnregisterWait
0x1403163d8 GetNumberOfConsoleInputEvents
0x1403163e0 ReadConsoleInputW
0x1403163e8 FillConsoleOutputCharacterW
0x1403163f0 FillConsoleOutputAttribute
0x1403163f8 GetConsoleCursorInfo
0x140316400 SetConsoleCursorInfo
0x140316408 GetConsoleScreenBufferInfo
0x140316410 SetConsoleCursorPosition
0x140316418 SetConsoleTextAttribute
0x140316420 WriteConsoleInputW
0x140316428 VerSetConditionMask
0x140316430 GetEnvironmentStringsW
0x140316438 FreeEnvironmentStringsW
0x140316440 SetUnhandledExceptionFilter
0x140316448 SetCurrentDirectoryW
0x140316450 SetConsoleTitleA
0x140316458 GetTempPathW
0x140316460 QueryPerformanceFrequency
0x140316468 InitializeCriticalSection
0x140316470 GlobalMemoryStatusEx
0x140316478 GetSystemInfo
0x140316480 VerifyVersionInfoA
0x140316488 FileTimeToSystemTime
0x140316490 K32GetProcessMemoryInfo
0x140316498 CreateDirectoryW
0x1403164a0 FlushFileBuffers
0x1403164a8 GetDiskFreeSpaceW
0x1403164b0 GetFileAttributesW
0x1403164b8 GetFileInformationByHandle
0x1403164c0 GetFileSizeEx
0x1403164c8 GetFinalPathNameByHandleW
0x1403164d0 GetFullPathNameW
0x1403164d8 ReadFile
0x1403164e0 RemoveDirectoryW
0x1403164e8 SetFilePointerEx
0x1403164f0 SetFileTime
0x1403164f8 MapViewOfFile
0x140316500 FlushViewOfFile
0x140316508 UnmapViewOfFile
0x140316510 CreateFileMappingA
0x140316518 ReOpenFile
0x140316520 CopyFileW
0x140316528 MoveFileExW
0x140316530 CreateHardLinkW
0x140316538 RtlUnwind
0x140316540 CreateSymbolicLinkW
0x140316548 SetConsoleCtrlHandler
0x140316550 GetLongPathNameW
0x140316558 GetShortPathNameW
0x140316560 CreateIoCompletionPort
0x140316568 ReadDirectoryChangesW
0x140316570 SetHandleInformation
0x140316578 CancelIo
0x140316580 SwitchToThread
0x140316588 SetFileCompletionNotificationModes
0x140316590 LoadLibraryExW
0x140316598 FormatMessageA
0x1403165a0 SetErrorMode
0x1403165a8 GetQueuedCompletionStatus
0x1403165b0 ConnectNamedPipe
0x1403165b8 PeekNamedPipe
0x1403165c0 CreateNamedPipeW
0x1403165c8 CancelIoEx
0x1403165d0 CancelSynchronousIo
0x1403165d8 TerminateProcess
0x1403165e0 GetExitCodeProcess
0x1403165e8 UnregisterWaitEx
0x1403165f0 LCMapStringW
0x1403165f8 DebugBreak
0x140316600 TryEnterCriticalSection
0x140316608 InitializeConditionVariable
0x140316610 WakeConditionVariable
0x140316618 WakeAllConditionVariable
0x140316620 SleepConditionVariableCS
0x140316628 ReleaseSemaphore
0x140316630 ResumeThread
0x140316638 GetNativeSystemInfo
0x140316640 CreateSemaphoreA
0x140316648 GetModuleHandleA
0x140316650 GetStartupInfoW
0x140316658 GetModuleFileNameA
0x140316660 GetVersionExA
0x140316668 GetProcessAffinityMask
0x140316670 SetProcessAffinityMask
0x140316678 SetThreadAffinityMask
0x140316680 GetComputerNameA
0x140316688 RtlVirtualUnwind
0x140316690 RtlLookupFunctionEntry
0x140316698 RtlCaptureContext
0x1403166a0 CreateEventW
0x1403166a8 GetStringTypeW
0x1403166b0 GetStdHandle
0x1403166b8 WriteConsoleW
0x1403166c0 GetCurrentDirectoryW
0x1403166c8 UnhandledExceptionFilter
0x1403166d0 IsProcessorFeaturePresent
0x1403166d8 IsDebuggerPresent
0x1403166e0 InitializeSListHead
0x1403166e8 RtlUnwindEx
0x1403166f0 RtlPcToFileHeader
0x1403166f8 RaiseException
0x140316700 SetStdHandle
0x140316708 GetCommandLineA
0x140316710 GetCommandLineW
0x140316718 CreateThread
0x140316720 ExitThread
0x140316728 FreeLibraryAndExitThread
0x140316730 GetDriveTypeW
0x140316738 SystemTimeToTzSpecificLocalTime
0x140316740 ExitProcess
0x140316748 GetFileAttributesExW
0x140316750 SetFileAttributesW
0x140316758 GetConsoleCP
0x140316760 CompareStringW
0x140316768 GetLocaleInfoW
0x140316770 IsValidLocale
0x140316778 GetUserDefaultLCID
0x140316780 EnumSystemLocalesW
0x140316788 HeapReAlloc
0x140316790 GetTimeZoneInformation
0x140316798 HeapSize
0x1403167a0 SetEndOfFile
0x1403167a8 FindFirstFileExW
0x1403167b0 IsValidCodePage
0x1403167b8 GetACP
0x1403167c0 GetOEMCP
0x1403167c8 SetEnvironmentVariableW
0x1403167d0 GetFileInformationByHandleEx
0x1403167d8 InitializeSRWLock
0x1403167e0 ReleaseSRWLockExclusive
0x1403167e8 AcquireSRWLockExclusive
0x1403167f0 InitializeCriticalSectionEx
0x1403167f8 WaitForSingleObjectEx
0x140316800 GetExitCodeThread
0x140316808 SleepConditionVariableSRW
0x140316810 EncodePointer
0x140316818 DecodePointer
0x140316820 LCMapStringEx
0x140316828 CompareStringEx
0x140316830 GetCPInfo
USER32.dll
0x140316850 GetMessageA
0x140316858 ShowWindow
0x140316860 GetSystemMetrics
0x140316868 MapVirtualKeyW
0x140316870 DispatchMessageA
0x140316878 TranslateMessage
0x140316880 GetProcessWindowStation
0x140316888 MessageBoxW
0x140316890 GetUserObjectInformationW
0x140316898 GetLastInputInfo
SHELL32.dll
0x140316840 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140316000 SystemFunction036
0x140316008 GetUserNameW
0x140316010 CryptEnumProvidersW
0x140316018 CryptSignHashW
0x140316020 CryptDestroyHash
0x140316028 CryptCreateHash
0x140316030 CryptDecrypt
0x140316038 CryptExportKey
0x140316040 CryptGetUserKey
0x140316048 CryptGetProvParam
0x140316050 CryptSetHashParam
0x140316058 CryptDestroyKey
0x140316060 CryptReleaseContext
0x140316068 CryptAcquireContextW
0x140316070 ReportEventW
0x140316078 RegisterEventSourceW
0x140316080 DeregisterEventSource
0x140316088 CreateServiceW
0x140316090 QueryServiceStatus
0x140316098 CloseServiceHandle
0x1403160a0 OpenSCManagerW
0x1403160a8 QueryServiceConfigA
0x1403160b0 DeleteService
0x1403160b8 ControlService
0x1403160c0 StartServiceW
0x1403160c8 OpenServiceW
0x1403160d0 LookupPrivilegeValueW
0x1403160d8 AdjustTokenPrivileges
0x1403160e0 OpenProcessToken
0x1403160e8 LsaOpenPolicy
0x1403160f0 LsaAddAccountRights
0x1403160f8 LsaClose
0x140316100 GetTokenInformation
crypt.dll
0x1403169a8 BCryptGenRandom
EAT(Export Address Table) is none