ScreenShot
| Created | 2022.01.04 17:43 | Machine | s1_win7_x6401 |
| Filename | System_Settings.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 26 detected (malicious, high confidence, Miner, confidence, 100%, CoinMiner, score, CoinminerX, XMRig Miner, Tool, BitCoinMiner, RiskTool, arlu, AGEN, Miner3, HackTool, XMRMiner, CLASSIC, au9DzS, eIX4, Static AI, Malicious PE, susgen) | ||
| md5 | 20d99154c5080cfd356df4e37630182c | ||
| sha256 | a55ca2cee9eb393d411e306d51c3d4bbb43528eb80fefafa1bb898b85d3a4e5a | ||
| ssdeep | 98304:NRLRLj41OH4wAIOF+kmcIxJr+fx3k/sc37gz+li0pjY3l50XYarG:Bj417x3Msc8Kli0JUuXYaK | ||
| imphash | f582800aab9508d46a8a2582b5ab586d | ||
| impfuzzy | 96:GehI5LtLULX1oj3cpejwgfTdkIUr8DejyK6cFpXwtGBgiM38fWXqooirbnshXJg:m5GFWbwodkIUP6cHvXEyWvrb2XW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14037f8b8 recv
0x14037f8c0 ntohs
0x14037f8c8 htons
0x14037f8d0 send
0x14037f8d8 WSASetLastError
0x14037f8e0 WSAGetLastError
0x14037f8e8 select
0x14037f8f0 WSARecvFrom
0x14037f8f8 WSASocketW
0x14037f900 WSASend
0x14037f908 WSARecv
0x14037f910 WSAIoctl
0x14037f918 gethostname
0x14037f920 WSADuplicateSocketW
0x14037f928 shutdown
0x14037f930 getpeername
0x14037f938 FreeAddrInfoW
0x14037f940 GetAddrInfoW
0x14037f948 htonl
0x14037f950 socket
0x14037f958 setsockopt
0x14037f960 listen
0x14037f968 closesocket
0x14037f970 ind
0x14037f978 WSACleanup
0x14037f980 WSAStartup
0x14037f988 getsockopt
0x14037f990 getsockname
0x14037f998 ioctlsocket
IPHLPAPI.DLL
0x14037f150 GetAdaptersAddresses
USERENV.dll
0x14037f8a8 GetUserProfileDirectoryW
CRYPT32.dll
0x14037f110 CertGetCertificateContextProperty
0x14037f118 CertOpenStore
0x14037f120 CertCloseStore
0x14037f128 CertEnumCertificatesInStore
0x14037f130 CertFreeCertificateContext
0x14037f138 CertDuplicateCertificateContext
0x14037f140 CertFindCertificateInStore
KERNEL32.dll
0x14037f160 GetStdHandle
0x14037f168 SetConsoleMode
0x14037f170 GetConsoleMode
0x14037f178 QueryPerformanceFrequency
0x14037f180 QueryPerformanceCounter
0x14037f188 SizeofResource
0x14037f190 LockResource
0x14037f198 LoadResource
0x14037f1a0 FindResourceW
0x14037f1a8 ExpandEnvironmentStringsA
0x14037f1b0 GetConsoleWindow
0x14037f1b8 GetSystemFirmwareTable
0x14037f1c0 HeapFree
0x14037f1c8 HeapAlloc
0x14037f1d0 GetProcessHeap
0x14037f1d8 MultiByteToWideChar
0x14037f1e0 SetPriorityClass
0x14037f1e8 GetCurrentProcess
0x14037f1f0 SetThreadPriority
0x14037f1f8 GetSystemPowerStatus
0x14037f200 GetCurrentThread
0x14037f208 GetProcAddress
0x14037f210 GetModuleHandleW
0x14037f218 GetTickCount
0x14037f220 CloseHandle
0x14037f228 FreeConsole
0x14037f230 VirtualProtect
0x14037f238 VirtualFree
0x14037f240 VirtualAlloc
0x14037f248 GetLargePageMinimum
0x14037f250 LocalAlloc
0x14037f258 GetLastError
0x14037f260 LocalFree
0x14037f268 FlushInstructionCache
0x14037f270 GetCurrentThreadId
0x14037f278 AddVectoredExceptionHandler
0x14037f280 DeviceIoControl
0x14037f288 GetModuleFileNameW
0x14037f290 CreateFileW
0x14037f298 SetLastError
0x14037f2a0 GetSystemTime
0x14037f2a8 SystemTimeToFileTime
0x14037f2b0 GetModuleHandleExW
0x14037f2b8 EnterCriticalSection
0x14037f2c0 LeaveCriticalSection
0x14037f2c8 InitializeCriticalSectionAndSpinCount
0x14037f2d0 DeleteCriticalSection
0x14037f2d8 TlsAlloc
0x14037f2e0 TlsGetValue
0x14037f2e8 TlsSetValue
0x14037f2f0 TlsFree
0x14037f2f8 SwitchToFiber
0x14037f300 DeleteFiber
0x14037f308 CreateFiber
0x14037f310 FindClose
0x14037f318 FindFirstFileW
0x14037f320 FindNextFileW
0x14037f328 WideCharToMultiByte
0x14037f330 GetFileType
0x14037f338 WriteFile
0x14037f340 ConvertFiberToThread
0x14037f348 ConvertThreadToFiber
0x14037f350 GetCurrentProcessId
0x14037f358 GetSystemTimeAsFileTime
0x14037f360 FreeLibrary
0x14037f368 LoadLibraryA
0x14037f370 LoadLibraryW
0x14037f378 GetEnvironmentVariableW
0x14037f380 ReadConsoleA
0x14037f388 ReadConsoleW
0x14037f390 PostQueuedCompletionStatus
0x14037f398 CreateFileA
0x14037f3a0 DuplicateHandle
0x14037f3a8 SetEvent
0x14037f3b0 ResetEvent
0x14037f3b8 WaitForSingleObject
0x14037f3c0 CreateEventA
0x14037f3c8 Sleep
0x14037f3d0 QueueUserWorkItem
0x14037f3d8 RegisterWaitForSingleObject
0x14037f3e0 UnregisterWait
0x14037f3e8 GetNumberOfConsoleInputEvents
0x14037f3f0 ReadConsoleInputW
0x14037f3f8 FillConsoleOutputCharacterW
0x14037f400 FillConsoleOutputAttribute
0x14037f408 GetConsoleCursorInfo
0x14037f410 SetConsoleCursorInfo
0x14037f418 GetConsoleScreenBufferInfo
0x14037f420 SetConsoleCursorPosition
0x14037f428 SetConsoleTextAttribute
0x14037f430 WriteConsoleInputW
0x14037f438 CreateDirectoryW
0x14037f440 FlushFileBuffers
0x14037f448 GetDiskFreeSpaceW
0x14037f450 SetConsoleTitleA
0x14037f458 GetFileInformationByHandle
0x14037f460 WriteConsoleW
0x14037f468 GetFinalPathNameByHandleW
0x14037f470 GetFullPathNameW
0x14037f478 ReadFile
0x14037f480 RemoveDirectoryW
0x14037f488 SetFilePointerEx
0x14037f490 SetFileTime
0x14037f498 GetSystemInfo
0x14037f4a0 MapViewOfFile
0x14037f4a8 FlushViewOfFile
0x14037f4b0 UnmapViewOfFile
0x14037f4b8 CreateFileMappingA
0x14037f4c0 ReOpenFile
0x14037f4c8 CopyFileW
0x14037f4d0 MoveFileExW
0x14037f4d8 CreateHardLinkW
0x14037f4e0 GetFileInformationByHandleEx
0x14037f4e8 CreateSymbolicLinkW
0x14037f4f0 InitializeCriticalSection
0x14037f4f8 SetConsoleCtrlHandler
0x14037f500 GetCurrentDirectoryW
0x14037f508 GetLongPathNameW
0x14037f510 GetShortPathNameW
0x14037f518 CreateIoCompletionPort
0x14037f520 ReadDirectoryChangesW
0x14037f528 VerSetConditionMask
0x14037f530 GetEnvironmentStringsW
0x14037f538 FreeEnvironmentStringsW
0x14037f540 SetEnvironmentVariableW
0x14037f548 SetCurrentDirectoryW
0x14037f550 GetTempPathW
0x14037f558 GlobalMemoryStatusEx
0x14037f560 VerifyVersionInfoA
0x14037f568 FileTimeToSystemTime
0x14037f570 RtlUnwind
0x14037f578 K32GetProcessMemoryInfo
0x14037f580 SetHandleInformation
0x14037f588 CancelIoEx
0x14037f590 CancelIo
0x14037f598 SwitchToThread
0x14037f5a0 SetFileCompletionNotificationModes
0x14037f5a8 LoadLibraryExW
0x14037f5b0 FormatMessageA
0x14037f5b8 SetErrorMode
0x14037f5c0 GetQueuedCompletionStatus
0x14037f5c8 ConnectNamedPipe
0x14037f5d0 PeekNamedPipe
0x14037f5d8 CreateNamedPipeW
0x14037f5e0 CancelSynchronousIo
0x14037f5e8 TerminateProcess
0x14037f5f0 GetExitCodeProcess
0x14037f5f8 UnregisterWaitEx
0x14037f600 LCMapStringW
0x14037f608 DebugBreak
0x14037f610 TryEnterCriticalSection
0x14037f618 InitializeConditionVariable
0x14037f620 WakeConditionVariable
0x14037f628 WakeAllConditionVariable
0x14037f630 SleepConditionVariableCS
0x14037f638 ReleaseSemaphore
0x14037f640 ResumeThread
0x14037f648 GetNativeSystemInfo
0x14037f650 CreateSemaphoreA
0x14037f658 GetModuleHandleA
0x14037f660 GetStartupInfoW
0x14037f668 GetModuleFileNameA
0x14037f670 GetVersionExA
0x14037f678 GetProcessAffinityMask
0x14037f680 SetProcessAffinityMask
0x14037f688 SetThreadAffinityMask
0x14037f690 GetComputerNameA
0x14037f698 RtlLookupFunctionEntry
0x14037f6a0 RtlCaptureContext
0x14037f6a8 CreateEventW
0x14037f6b0 GetStringTypeW
0x14037f6b8 RtlVirtualUnwind
0x14037f6c0 GetFileSizeEx
0x14037f6c8 UnhandledExceptionFilter
0x14037f6d0 SetUnhandledExceptionFilter
0x14037f6d8 IsProcessorFeaturePresent
0x14037f6e0 IsDebuggerPresent
0x14037f6e8 InitializeSListHead
0x14037f6f0 RtlUnwindEx
0x14037f6f8 RtlPcToFileHeader
0x14037f700 RaiseException
0x14037f708 SetStdHandle
0x14037f710 GetCommandLineA
0x14037f718 GetCommandLineW
0x14037f720 CreateThread
0x14037f728 ExitThread
0x14037f730 FreeLibraryAndExitThread
0x14037f738 GetDriveTypeW
0x14037f740 SystemTimeToTzSpecificLocalTime
0x14037f748 ExitProcess
0x14037f750 GetFileAttributesExW
0x14037f758 SetFileAttributesW
0x14037f760 GetConsoleCP
0x14037f768 CompareStringW
0x14037f770 GetLocaleInfoW
0x14037f778 IsValidLocale
0x14037f780 GetUserDefaultLCID
0x14037f788 EnumSystemLocalesW
0x14037f790 HeapReAlloc
0x14037f798 GetTimeZoneInformation
0x14037f7a0 HeapSize
0x14037f7a8 SetEndOfFile
0x14037f7b0 FindFirstFileExW
0x14037f7b8 IsValidCodePage
0x14037f7c0 GetACP
0x14037f7c8 GetOEMCP
0x14037f7d0 GetFileAttributesW
0x14037f7d8 InitializeSRWLock
0x14037f7e0 ReleaseSRWLockExclusive
0x14037f7e8 AcquireSRWLockExclusive
0x14037f7f0 InitializeCriticalSectionEx
0x14037f7f8 WaitForSingleObjectEx
0x14037f800 GetExitCodeThread
0x14037f808 SleepConditionVariableSRW
0x14037f810 EncodePointer
0x14037f818 DecodePointer
0x14037f820 LCMapStringEx
0x14037f828 CompareStringEx
0x14037f830 GetCPInfo
USER32.dll
0x14037f850 GetProcessWindowStation
0x14037f858 GetUserObjectInformationW
0x14037f860 ShowWindow
0x14037f868 GetLastInputInfo
0x14037f870 DispatchMessageA
0x14037f878 GetMessageA
0x14037f880 GetSystemMetrics
0x14037f888 MapVirtualKeyW
0x14037f890 TranslateMessage
0x14037f898 MessageBoxW
SHELL32.dll
0x14037f840 SHGetSpecialFolderPathA
ole32.dll
0x14037f9b8 CoInitializeEx
0x14037f9c0 CoCreateInstance
0x14037f9c8 CoUninitialize
ADVAPI32.dll
0x14037f000 SystemFunction036
0x14037f008 GetUserNameW
0x14037f010 CryptEnumProvidersW
0x14037f018 CryptSignHashW
0x14037f020 CryptDestroyHash
0x14037f028 CryptCreateHash
0x14037f030 CryptDecrypt
0x14037f038 CryptExportKey
0x14037f040 CryptGetUserKey
0x14037f048 CryptGetProvParam
0x14037f050 CryptSetHashParam
0x14037f058 CryptDestroyKey
0x14037f060 CryptReleaseContext
0x14037f068 CryptAcquireContextW
0x14037f070 ReportEventW
0x14037f078 RegisterEventSourceW
0x14037f080 DeregisterEventSource
0x14037f088 CreateServiceW
0x14037f090 QueryServiceStatus
0x14037f098 CloseServiceHandle
0x14037f0a0 OpenSCManagerW
0x14037f0a8 QueryServiceConfigA
0x14037f0b0 DeleteService
0x14037f0b8 ControlService
0x14037f0c0 StartServiceW
0x14037f0c8 OpenServiceW
0x14037f0d0 LookupPrivilegeValueW
0x14037f0d8 AdjustTokenPrivileges
0x14037f0e0 OpenProcessToken
0x14037f0e8 LsaOpenPolicy
0x14037f0f0 LsaAddAccountRights
0x14037f0f8 LsaClose
0x14037f100 GetTokenInformation
crypt.dll
0x14037f9a8 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14037f8b8 recv
0x14037f8c0 ntohs
0x14037f8c8 htons
0x14037f8d0 send
0x14037f8d8 WSASetLastError
0x14037f8e0 WSAGetLastError
0x14037f8e8 select
0x14037f8f0 WSARecvFrom
0x14037f8f8 WSASocketW
0x14037f900 WSASend
0x14037f908 WSARecv
0x14037f910 WSAIoctl
0x14037f918 gethostname
0x14037f920 WSADuplicateSocketW
0x14037f928 shutdown
0x14037f930 getpeername
0x14037f938 FreeAddrInfoW
0x14037f940 GetAddrInfoW
0x14037f948 htonl
0x14037f950 socket
0x14037f958 setsockopt
0x14037f960 listen
0x14037f968 closesocket
0x14037f970 ind
0x14037f978 WSACleanup
0x14037f980 WSAStartup
0x14037f988 getsockopt
0x14037f990 getsockname
0x14037f998 ioctlsocket
IPHLPAPI.DLL
0x14037f150 GetAdaptersAddresses
USERENV.dll
0x14037f8a8 GetUserProfileDirectoryW
CRYPT32.dll
0x14037f110 CertGetCertificateContextProperty
0x14037f118 CertOpenStore
0x14037f120 CertCloseStore
0x14037f128 CertEnumCertificatesInStore
0x14037f130 CertFreeCertificateContext
0x14037f138 CertDuplicateCertificateContext
0x14037f140 CertFindCertificateInStore
KERNEL32.dll
0x14037f160 GetStdHandle
0x14037f168 SetConsoleMode
0x14037f170 GetConsoleMode
0x14037f178 QueryPerformanceFrequency
0x14037f180 QueryPerformanceCounter
0x14037f188 SizeofResource
0x14037f190 LockResource
0x14037f198 LoadResource
0x14037f1a0 FindResourceW
0x14037f1a8 ExpandEnvironmentStringsA
0x14037f1b0 GetConsoleWindow
0x14037f1b8 GetSystemFirmwareTable
0x14037f1c0 HeapFree
0x14037f1c8 HeapAlloc
0x14037f1d0 GetProcessHeap
0x14037f1d8 MultiByteToWideChar
0x14037f1e0 SetPriorityClass
0x14037f1e8 GetCurrentProcess
0x14037f1f0 SetThreadPriority
0x14037f1f8 GetSystemPowerStatus
0x14037f200 GetCurrentThread
0x14037f208 GetProcAddress
0x14037f210 GetModuleHandleW
0x14037f218 GetTickCount
0x14037f220 CloseHandle
0x14037f228 FreeConsole
0x14037f230 VirtualProtect
0x14037f238 VirtualFree
0x14037f240 VirtualAlloc
0x14037f248 GetLargePageMinimum
0x14037f250 LocalAlloc
0x14037f258 GetLastError
0x14037f260 LocalFree
0x14037f268 FlushInstructionCache
0x14037f270 GetCurrentThreadId
0x14037f278 AddVectoredExceptionHandler
0x14037f280 DeviceIoControl
0x14037f288 GetModuleFileNameW
0x14037f290 CreateFileW
0x14037f298 SetLastError
0x14037f2a0 GetSystemTime
0x14037f2a8 SystemTimeToFileTime
0x14037f2b0 GetModuleHandleExW
0x14037f2b8 EnterCriticalSection
0x14037f2c0 LeaveCriticalSection
0x14037f2c8 InitializeCriticalSectionAndSpinCount
0x14037f2d0 DeleteCriticalSection
0x14037f2d8 TlsAlloc
0x14037f2e0 TlsGetValue
0x14037f2e8 TlsSetValue
0x14037f2f0 TlsFree
0x14037f2f8 SwitchToFiber
0x14037f300 DeleteFiber
0x14037f308 CreateFiber
0x14037f310 FindClose
0x14037f318 FindFirstFileW
0x14037f320 FindNextFileW
0x14037f328 WideCharToMultiByte
0x14037f330 GetFileType
0x14037f338 WriteFile
0x14037f340 ConvertFiberToThread
0x14037f348 ConvertThreadToFiber
0x14037f350 GetCurrentProcessId
0x14037f358 GetSystemTimeAsFileTime
0x14037f360 FreeLibrary
0x14037f368 LoadLibraryA
0x14037f370 LoadLibraryW
0x14037f378 GetEnvironmentVariableW
0x14037f380 ReadConsoleA
0x14037f388 ReadConsoleW
0x14037f390 PostQueuedCompletionStatus
0x14037f398 CreateFileA
0x14037f3a0 DuplicateHandle
0x14037f3a8 SetEvent
0x14037f3b0 ResetEvent
0x14037f3b8 WaitForSingleObject
0x14037f3c0 CreateEventA
0x14037f3c8 Sleep
0x14037f3d0 QueueUserWorkItem
0x14037f3d8 RegisterWaitForSingleObject
0x14037f3e0 UnregisterWait
0x14037f3e8 GetNumberOfConsoleInputEvents
0x14037f3f0 ReadConsoleInputW
0x14037f3f8 FillConsoleOutputCharacterW
0x14037f400 FillConsoleOutputAttribute
0x14037f408 GetConsoleCursorInfo
0x14037f410 SetConsoleCursorInfo
0x14037f418 GetConsoleScreenBufferInfo
0x14037f420 SetConsoleCursorPosition
0x14037f428 SetConsoleTextAttribute
0x14037f430 WriteConsoleInputW
0x14037f438 CreateDirectoryW
0x14037f440 FlushFileBuffers
0x14037f448 GetDiskFreeSpaceW
0x14037f450 SetConsoleTitleA
0x14037f458 GetFileInformationByHandle
0x14037f460 WriteConsoleW
0x14037f468 GetFinalPathNameByHandleW
0x14037f470 GetFullPathNameW
0x14037f478 ReadFile
0x14037f480 RemoveDirectoryW
0x14037f488 SetFilePointerEx
0x14037f490 SetFileTime
0x14037f498 GetSystemInfo
0x14037f4a0 MapViewOfFile
0x14037f4a8 FlushViewOfFile
0x14037f4b0 UnmapViewOfFile
0x14037f4b8 CreateFileMappingA
0x14037f4c0 ReOpenFile
0x14037f4c8 CopyFileW
0x14037f4d0 MoveFileExW
0x14037f4d8 CreateHardLinkW
0x14037f4e0 GetFileInformationByHandleEx
0x14037f4e8 CreateSymbolicLinkW
0x14037f4f0 InitializeCriticalSection
0x14037f4f8 SetConsoleCtrlHandler
0x14037f500 GetCurrentDirectoryW
0x14037f508 GetLongPathNameW
0x14037f510 GetShortPathNameW
0x14037f518 CreateIoCompletionPort
0x14037f520 ReadDirectoryChangesW
0x14037f528 VerSetConditionMask
0x14037f530 GetEnvironmentStringsW
0x14037f538 FreeEnvironmentStringsW
0x14037f540 SetEnvironmentVariableW
0x14037f548 SetCurrentDirectoryW
0x14037f550 GetTempPathW
0x14037f558 GlobalMemoryStatusEx
0x14037f560 VerifyVersionInfoA
0x14037f568 FileTimeToSystemTime
0x14037f570 RtlUnwind
0x14037f578 K32GetProcessMemoryInfo
0x14037f580 SetHandleInformation
0x14037f588 CancelIoEx
0x14037f590 CancelIo
0x14037f598 SwitchToThread
0x14037f5a0 SetFileCompletionNotificationModes
0x14037f5a8 LoadLibraryExW
0x14037f5b0 FormatMessageA
0x14037f5b8 SetErrorMode
0x14037f5c0 GetQueuedCompletionStatus
0x14037f5c8 ConnectNamedPipe
0x14037f5d0 PeekNamedPipe
0x14037f5d8 CreateNamedPipeW
0x14037f5e0 CancelSynchronousIo
0x14037f5e8 TerminateProcess
0x14037f5f0 GetExitCodeProcess
0x14037f5f8 UnregisterWaitEx
0x14037f600 LCMapStringW
0x14037f608 DebugBreak
0x14037f610 TryEnterCriticalSection
0x14037f618 InitializeConditionVariable
0x14037f620 WakeConditionVariable
0x14037f628 WakeAllConditionVariable
0x14037f630 SleepConditionVariableCS
0x14037f638 ReleaseSemaphore
0x14037f640 ResumeThread
0x14037f648 GetNativeSystemInfo
0x14037f650 CreateSemaphoreA
0x14037f658 GetModuleHandleA
0x14037f660 GetStartupInfoW
0x14037f668 GetModuleFileNameA
0x14037f670 GetVersionExA
0x14037f678 GetProcessAffinityMask
0x14037f680 SetProcessAffinityMask
0x14037f688 SetThreadAffinityMask
0x14037f690 GetComputerNameA
0x14037f698 RtlLookupFunctionEntry
0x14037f6a0 RtlCaptureContext
0x14037f6a8 CreateEventW
0x14037f6b0 GetStringTypeW
0x14037f6b8 RtlVirtualUnwind
0x14037f6c0 GetFileSizeEx
0x14037f6c8 UnhandledExceptionFilter
0x14037f6d0 SetUnhandledExceptionFilter
0x14037f6d8 IsProcessorFeaturePresent
0x14037f6e0 IsDebuggerPresent
0x14037f6e8 InitializeSListHead
0x14037f6f0 RtlUnwindEx
0x14037f6f8 RtlPcToFileHeader
0x14037f700 RaiseException
0x14037f708 SetStdHandle
0x14037f710 GetCommandLineA
0x14037f718 GetCommandLineW
0x14037f720 CreateThread
0x14037f728 ExitThread
0x14037f730 FreeLibraryAndExitThread
0x14037f738 GetDriveTypeW
0x14037f740 SystemTimeToTzSpecificLocalTime
0x14037f748 ExitProcess
0x14037f750 GetFileAttributesExW
0x14037f758 SetFileAttributesW
0x14037f760 GetConsoleCP
0x14037f768 CompareStringW
0x14037f770 GetLocaleInfoW
0x14037f778 IsValidLocale
0x14037f780 GetUserDefaultLCID
0x14037f788 EnumSystemLocalesW
0x14037f790 HeapReAlloc
0x14037f798 GetTimeZoneInformation
0x14037f7a0 HeapSize
0x14037f7a8 SetEndOfFile
0x14037f7b0 FindFirstFileExW
0x14037f7b8 IsValidCodePage
0x14037f7c0 GetACP
0x14037f7c8 GetOEMCP
0x14037f7d0 GetFileAttributesW
0x14037f7d8 InitializeSRWLock
0x14037f7e0 ReleaseSRWLockExclusive
0x14037f7e8 AcquireSRWLockExclusive
0x14037f7f0 InitializeCriticalSectionEx
0x14037f7f8 WaitForSingleObjectEx
0x14037f800 GetExitCodeThread
0x14037f808 SleepConditionVariableSRW
0x14037f810 EncodePointer
0x14037f818 DecodePointer
0x14037f820 LCMapStringEx
0x14037f828 CompareStringEx
0x14037f830 GetCPInfo
USER32.dll
0x14037f850 GetProcessWindowStation
0x14037f858 GetUserObjectInformationW
0x14037f860 ShowWindow
0x14037f868 GetLastInputInfo
0x14037f870 DispatchMessageA
0x14037f878 GetMessageA
0x14037f880 GetSystemMetrics
0x14037f888 MapVirtualKeyW
0x14037f890 TranslateMessage
0x14037f898 MessageBoxW
SHELL32.dll
0x14037f840 SHGetSpecialFolderPathA
ole32.dll
0x14037f9b8 CoInitializeEx
0x14037f9c0 CoCreateInstance
0x14037f9c8 CoUninitialize
ADVAPI32.dll
0x14037f000 SystemFunction036
0x14037f008 GetUserNameW
0x14037f010 CryptEnumProvidersW
0x14037f018 CryptSignHashW
0x14037f020 CryptDestroyHash
0x14037f028 CryptCreateHash
0x14037f030 CryptDecrypt
0x14037f038 CryptExportKey
0x14037f040 CryptGetUserKey
0x14037f048 CryptGetProvParam
0x14037f050 CryptSetHashParam
0x14037f058 CryptDestroyKey
0x14037f060 CryptReleaseContext
0x14037f068 CryptAcquireContextW
0x14037f070 ReportEventW
0x14037f078 RegisterEventSourceW
0x14037f080 DeregisterEventSource
0x14037f088 CreateServiceW
0x14037f090 QueryServiceStatus
0x14037f098 CloseServiceHandle
0x14037f0a0 OpenSCManagerW
0x14037f0a8 QueryServiceConfigA
0x14037f0b0 DeleteService
0x14037f0b8 ControlService
0x14037f0c0 StartServiceW
0x14037f0c8 OpenServiceW
0x14037f0d0 LookupPrivilegeValueW
0x14037f0d8 AdjustTokenPrivileges
0x14037f0e0 OpenProcessToken
0x14037f0e8 LsaOpenPolicy
0x14037f0f0 LsaAddAccountRights
0x14037f0f8 LsaClose
0x14037f100 GetTokenInformation
crypt.dll
0x14037f9a8 BCryptGenRandom
EAT(Export Address Table) is none