ScreenShot
| Created | 2022.01.19 15:27 | Machine | s1_win7_x6403 |
| Filename | LogBack.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (malicious, high confidence, Coinminer, Miner, Unsafe, Save, confidence, 100%, VOMS, score, CoinminerX, Tool, BitMiner, Xmrig, XMRig Miner, RiskTool, ckat, AGEN, ASMalwS, DisguisedXMRigMiner, Miner3, ai score=76, BitCoinMiner, HackTool, XMRMiner, CLOUD, yPg2yRjM, Static AI, Malicious PE, susgen) | ||
| md5 | 72c6966aeb1678235e6dfc6f53bcf7fd | ||
| sha256 | 03803f106b25eea135918b4ff9e7f20ddf30b16cb3374dd430c6238db785963a | ||
| ssdeep | 98304:yGf/ct3gIqrvYcryT85K0SR8mHcExGWoSz6K2eo2kzzWhsTR:yH2K0SmmHcEF/z6K9SzzWhyR | ||
| imphash | b054774518283843c03c94c1e61d8be4 | ||
| impfuzzy | 96:RA75PzSX1Dj3cpejwguSTdkKIv9VHrYR6hFLXKDCL8+yobBgAM30KgqrbnshXJg:a52F3bw2dkHhy6hpaOt5Evrb2XW | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14034f8e8 shutdown
0x14034f8f0 ntohs
0x14034f8f8 recv
0x14034f900 select
0x14034f908 WSARecvFrom
0x14034f910 WSASocketW
0x14034f918 WSASend
0x14034f920 WSARecv
0x14034f928 WSAIoctl
0x14034f930 WSADuplicateSocketW
0x14034f938 htons
0x14034f940 getpeername
0x14034f948 FreeAddrInfoW
0x14034f950 GetAddrInfoW
0x14034f958 gethostname
0x14034f960 htonl
0x14034f968 socket
0x14034f970 setsockopt
0x14034f978 listen
0x14034f980 closesocket
0x14034f988 ind
0x14034f990 WSACleanup
0x14034f998 WSAStartup
0x14034f9a0 getsockopt
0x14034f9a8 getsockname
0x14034f9b0 ioctlsocket
0x14034f9b8 WSAGetLastError
0x14034f9c0 WSASetLastError
0x14034f9c8 send
IPHLPAPI.DLL
0x14034f150 GetAdaptersAddresses
USERENV.dll
0x14034f8d8 GetUserProfileDirectoryW
CRYPT32.dll
0x14034f110 CertOpenStore
0x14034f118 CertCloseStore
0x14034f120 CertEnumCertificatesInStore
0x14034f128 CertGetCertificateContextProperty
0x14034f130 CertDuplicateCertificateContext
0x14034f138 CertFreeCertificateContext
0x14034f140 CertFindCertificateInStore
KERNEL32.dll
0x14034f160 SetConsoleMode
0x14034f168 GetConsoleMode
0x14034f170 SizeofResource
0x14034f178 LockResource
0x14034f180 LoadResource
0x14034f188 FindResourceW
0x14034f190 ExpandEnvironmentStringsA
0x14034f198 GetSystemFirmwareTable
0x14034f1a0 HeapFree
0x14034f1a8 HeapAlloc
0x14034f1b0 GetProcessHeap
0x14034f1b8 MultiByteToWideChar
0x14034f1c0 SetPriorityClass
0x14034f1c8 GetCurrentProcess
0x14034f1d0 SetThreadPriority
0x14034f1d8 GetSystemPowerStatus
0x14034f1e0 GetCurrentThread
0x14034f1e8 GetProcAddress
0x14034f1f0 GetModuleHandleW
0x14034f1f8 GetTickCount
0x14034f200 CloseHandle
0x14034f208 FreeConsole
0x14034f210 GetConsoleWindow
0x14034f218 VirtualProtect
0x14034f220 VirtualFree
0x14034f228 VirtualAlloc
0x14034f230 GetLargePageMinimum
0x14034f238 LocalAlloc
0x14034f240 GetLastError
0x14034f248 LocalFree
0x14034f250 FlushInstructionCache
0x14034f258 GetCurrentThreadId
0x14034f260 AddVectoredExceptionHandler
0x14034f268 DeviceIoControl
0x14034f270 GetModuleFileNameW
0x14034f278 CreateFileW
0x14034f280 SetLastError
0x14034f288 GetSystemTime
0x14034f290 SystemTimeToFileTime
0x14034f298 GetModuleHandleExW
0x14034f2a0 EnterCriticalSection
0x14034f2a8 LeaveCriticalSection
0x14034f2b0 InitializeCriticalSectionAndSpinCount
0x14034f2b8 DeleteCriticalSection
0x14034f2c0 TlsAlloc
0x14034f2c8 TlsGetValue
0x14034f2d0 TlsSetValue
0x14034f2d8 TlsFree
0x14034f2e0 SwitchToFiber
0x14034f2e8 DeleteFiber
0x14034f2f0 CreateFiber
0x14034f2f8 FindClose
0x14034f300 FindFirstFileW
0x14034f308 FindNextFileW
0x14034f310 WideCharToMultiByte
0x14034f318 GetFileType
0x14034f320 WriteFile
0x14034f328 ConvertFiberToThread
0x14034f330 ConvertThreadToFiber
0x14034f338 QueryPerformanceCounter
0x14034f340 GetCurrentProcessId
0x14034f348 GetSystemTimeAsFileTime
0x14034f350 FreeLibrary
0x14034f358 LoadLibraryA
0x14034f360 LoadLibraryW
0x14034f368 GetEnvironmentVariableW
0x14034f370 ReadConsoleA
0x14034f378 ReadConsoleW
0x14034f380 PostQueuedCompletionStatus
0x14034f388 CreateFileA
0x14034f390 DuplicateHandle
0x14034f398 SetEvent
0x14034f3a0 ResetEvent
0x14034f3a8 WaitForSingleObject
0x14034f3b0 CreateEventA
0x14034f3b8 Sleep
0x14034f3c0 QueueUserWorkItem
0x14034f3c8 RegisterWaitForSingleObject
0x14034f3d0 UnregisterWait
0x14034f3d8 GetNumberOfConsoleInputEvents
0x14034f3e0 ReadConsoleInputW
0x14034f3e8 FillConsoleOutputCharacterW
0x14034f3f0 FillConsoleOutputAttribute
0x14034f3f8 GetConsoleCursorInfo
0x14034f400 SetConsoleCursorInfo
0x14034f408 GetConsoleScreenBufferInfo
0x14034f410 SetConsoleCursorPosition
0x14034f418 SetConsoleTextAttribute
0x14034f420 WriteConsoleInputW
0x14034f428 VerSetConditionMask
0x14034f430 GetEnvironmentStringsW
0x14034f438 FreeEnvironmentStringsW
0x14034f440 DeleteTimerQueueTimer
0x14034f448 SetCurrentDirectoryW
0x14034f450 SetConsoleTitleA
0x14034f458 GetTempPathW
0x14034f460 QueryPerformanceFrequency
0x14034f468 InitializeCriticalSection
0x14034f470 GlobalMemoryStatusEx
0x14034f478 GetSystemInfo
0x14034f480 GetVersionExW
0x14034f488 VerifyVersionInfoA
0x14034f490 FileTimeToSystemTime
0x14034f498 K32GetProcessMemoryInfo
0x14034f4a0 CreateDirectoryW
0x14034f4a8 FlushFileBuffers
0x14034f4b0 GetDiskFreeSpaceW
0x14034f4b8 GetFileAttributesW
0x14034f4c0 GetFileInformationByHandle
0x14034f4c8 GetFileSizeEx
0x14034f4d0 GetFinalPathNameByHandleW
0x14034f4d8 GetFullPathNameW
0x14034f4e0 ReadFile
0x14034f4e8 RemoveDirectoryW
0x14034f4f0 SetFilePointerEx
0x14034f4f8 SetFileTime
0x14034f500 RtlUnwind
0x14034f508 FlushViewOfFile
0x14034f510 UnmapViewOfFile
0x14034f518 CreateFileMappingA
0x14034f520 ReOpenFile
0x14034f528 CopyFileW
0x14034f530 MoveFileExW
0x14034f538 CreateHardLinkW
0x14034f540 GetFileInformationByHandleEx
0x14034f548 CreateSymbolicLinkW
0x14034f550 SetConsoleCtrlHandler
0x14034f558 GetLongPathNameW
0x14034f560 GetShortPathNameW
0x14034f568 CreateIoCompletionPort
0x14034f570 ReadDirectoryChangesW
0x14034f578 SetHandleInformation
0x14034f580 CancelIo
0x14034f588 SwitchToThread
0x14034f590 SetFileCompletionNotificationModes
0x14034f598 LoadLibraryExW
0x14034f5a0 FormatMessageA
0x14034f5a8 SetErrorMode
0x14034f5b0 GetQueuedCompletionStatus
0x14034f5b8 ConnectNamedPipe
0x14034f5c0 PeekNamedPipe
0x14034f5c8 CreateNamedPipeW
0x14034f5d0 CancelIoEx
0x14034f5d8 CancelSynchronousIo
0x14034f5e0 TerminateProcess
0x14034f5e8 GetExitCodeProcess
0x14034f5f0 UnregisterWaitEx
0x14034f5f8 LCMapStringW
0x14034f600 DebugBreak
0x14034f608 TryEnterCriticalSection
0x14034f610 InitializeConditionVariable
0x14034f618 WakeConditionVariable
0x14034f620 SleepConditionVariableCS
0x14034f628 ReleaseSemaphore
0x14034f630 ResumeThread
0x14034f638 GetNativeSystemInfo
0x14034f640 CreateSemaphoreA
0x14034f648 GetModuleHandleA
0x14034f650 GetStartupInfoW
0x14034f658 GetModuleFileNameA
0x14034f660 GetVersionExA
0x14034f668 GetProcessAffinityMask
0x14034f670 SetProcessAffinityMask
0x14034f678 SetThreadAffinityMask
0x14034f680 GetComputerNameA
0x14034f688 CreateTimerQueueTimer
0x14034f690 GetLogicalProcessorInformation
0x14034f698 GetThreadPriority
0x14034f6a0 CreateThread
0x14034f6a8 SignalObjectAndWait
0x14034f6b0 CreateTimerQueue
0x14034f6b8 InitializeSListHead
0x14034f6c0 IsDebuggerPresent
0x14034f6c8 IsProcessorFeaturePresent
0x14034f6d0 SetUnhandledExceptionFilter
0x14034f6d8 UnhandledExceptionFilter
0x14034f6e0 RtlVirtualUnwind
0x14034f6e8 RtlLookupFunctionEntry
0x14034f6f0 RtlCaptureContext
0x14034f6f8 GetStdHandle
0x14034f700 WriteConsoleW
0x14034f708 GetCurrentDirectoryW
0x14034f710 ChangeTimerQueueTimer
0x14034f718 GetNumaHighestNodeNumber
0x14034f720 GetThreadTimes
0x14034f728 FreeLibraryAndExitThread
0x14034f730 InterlockedPopEntrySList
0x14034f738 InterlockedPushEntrySList
0x14034f740 InterlockedFlushSList
0x14034f748 QueryDepthSList
0x14034f750 RtlUnwindEx
0x14034f758 RtlPcToFileHeader
0x14034f760 RaiseException
0x14034f768 SetStdHandle
0x14034f770 GetCommandLineA
0x14034f778 GetCommandLineW
0x14034f780 ExitThread
0x14034f788 GetDriveTypeW
0x14034f790 SystemTimeToTzSpecificLocalTime
0x14034f798 ExitProcess
0x14034f7a0 GetFileAttributesExW
0x14034f7a8 SetFileAttributesW
0x14034f7b0 GetConsoleCP
0x14034f7b8 IsValidLocale
0x14034f7c0 GetUserDefaultLCID
0x14034f7c8 EnumSystemLocalesW
0x14034f7d0 HeapReAlloc
0x14034f7d8 GetTimeZoneInformation
0x14034f7e0 HeapSize
0x14034f7e8 SetEndOfFile
0x14034f7f0 FindFirstFileExW
0x14034f7f8 IsValidCodePage
0x14034f800 GetACP
0x14034f808 GetOEMCP
0x14034f810 SetEnvironmentVariableW
0x14034f818 MapViewOfFile
0x14034f820 GetStringTypeW
0x14034f828 GetLocaleInfoW
0x14034f830 WaitForSingleObjectEx
0x14034f838 GetExitCodeThread
0x14034f840 EncodePointer
0x14034f848 DecodePointer
0x14034f850 GetCPInfo
0x14034f858 CreateEventW
0x14034f860 CompareStringW
USER32.dll
0x14034f880 GetMessageA
0x14034f888 ShowWindow
0x14034f890 GetSystemMetrics
0x14034f898 MapVirtualKeyW
0x14034f8a0 DispatchMessageA
0x14034f8a8 TranslateMessage
0x14034f8b0 GetProcessWindowStation
0x14034f8b8 MessageBoxW
0x14034f8c0 GetUserObjectInformationW
0x14034f8c8 GetLastInputInfo
SHELL32.dll
0x14034f870 SHGetSpecialFolderPathA
ADVAPI32.dll
0x14034f000 SystemFunction036
0x14034f008 GetUserNameW
0x14034f010 CryptEnumProvidersW
0x14034f018 CryptSignHashW
0x14034f020 CryptDestroyHash
0x14034f028 CryptCreateHash
0x14034f030 CryptDecrypt
0x14034f038 CryptExportKey
0x14034f040 CryptGetUserKey
0x14034f048 CryptGetProvParam
0x14034f050 CryptSetHashParam
0x14034f058 CryptDestroyKey
0x14034f060 CryptReleaseContext
0x14034f068 CryptAcquireContextW
0x14034f070 ReportEventW
0x14034f078 RegisterEventSourceW
0x14034f080 DeregisterEventSource
0x14034f088 CreateServiceW
0x14034f090 QueryServiceStatus
0x14034f098 CloseServiceHandle
0x14034f0a0 OpenSCManagerW
0x14034f0a8 QueryServiceConfigA
0x14034f0b0 DeleteService
0x14034f0b8 ControlService
0x14034f0c0 StartServiceW
0x14034f0c8 OpenServiceW
0x14034f0d0 LookupPrivilegeValueW
0x14034f0d8 AdjustTokenPrivileges
0x14034f0e0 OpenProcessToken
0x14034f0e8 LsaOpenPolicy
0x14034f0f0 LsaAddAccountRights
0x14034f0f8 LsaClose
0x14034f100 GetTokenInformation
crypt.dll
0x14034f9d8 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14034f8e8 shutdown
0x14034f8f0 ntohs
0x14034f8f8 recv
0x14034f900 select
0x14034f908 WSARecvFrom
0x14034f910 WSASocketW
0x14034f918 WSASend
0x14034f920 WSARecv
0x14034f928 WSAIoctl
0x14034f930 WSADuplicateSocketW
0x14034f938 htons
0x14034f940 getpeername
0x14034f948 FreeAddrInfoW
0x14034f950 GetAddrInfoW
0x14034f958 gethostname
0x14034f960 htonl
0x14034f968 socket
0x14034f970 setsockopt
0x14034f978 listen
0x14034f980 closesocket
0x14034f988 ind
0x14034f990 WSACleanup
0x14034f998 WSAStartup
0x14034f9a0 getsockopt
0x14034f9a8 getsockname
0x14034f9b0 ioctlsocket
0x14034f9b8 WSAGetLastError
0x14034f9c0 WSASetLastError
0x14034f9c8 send
IPHLPAPI.DLL
0x14034f150 GetAdaptersAddresses
USERENV.dll
0x14034f8d8 GetUserProfileDirectoryW
CRYPT32.dll
0x14034f110 CertOpenStore
0x14034f118 CertCloseStore
0x14034f120 CertEnumCertificatesInStore
0x14034f128 CertGetCertificateContextProperty
0x14034f130 CertDuplicateCertificateContext
0x14034f138 CertFreeCertificateContext
0x14034f140 CertFindCertificateInStore
KERNEL32.dll
0x14034f160 SetConsoleMode
0x14034f168 GetConsoleMode
0x14034f170 SizeofResource
0x14034f178 LockResource
0x14034f180 LoadResource
0x14034f188 FindResourceW
0x14034f190 ExpandEnvironmentStringsA
0x14034f198 GetSystemFirmwareTable
0x14034f1a0 HeapFree
0x14034f1a8 HeapAlloc
0x14034f1b0 GetProcessHeap
0x14034f1b8 MultiByteToWideChar
0x14034f1c0 SetPriorityClass
0x14034f1c8 GetCurrentProcess
0x14034f1d0 SetThreadPriority
0x14034f1d8 GetSystemPowerStatus
0x14034f1e0 GetCurrentThread
0x14034f1e8 GetProcAddress
0x14034f1f0 GetModuleHandleW
0x14034f1f8 GetTickCount
0x14034f200 CloseHandle
0x14034f208 FreeConsole
0x14034f210 GetConsoleWindow
0x14034f218 VirtualProtect
0x14034f220 VirtualFree
0x14034f228 VirtualAlloc
0x14034f230 GetLargePageMinimum
0x14034f238 LocalAlloc
0x14034f240 GetLastError
0x14034f248 LocalFree
0x14034f250 FlushInstructionCache
0x14034f258 GetCurrentThreadId
0x14034f260 AddVectoredExceptionHandler
0x14034f268 DeviceIoControl
0x14034f270 GetModuleFileNameW
0x14034f278 CreateFileW
0x14034f280 SetLastError
0x14034f288 GetSystemTime
0x14034f290 SystemTimeToFileTime
0x14034f298 GetModuleHandleExW
0x14034f2a0 EnterCriticalSection
0x14034f2a8 LeaveCriticalSection
0x14034f2b0 InitializeCriticalSectionAndSpinCount
0x14034f2b8 DeleteCriticalSection
0x14034f2c0 TlsAlloc
0x14034f2c8 TlsGetValue
0x14034f2d0 TlsSetValue
0x14034f2d8 TlsFree
0x14034f2e0 SwitchToFiber
0x14034f2e8 DeleteFiber
0x14034f2f0 CreateFiber
0x14034f2f8 FindClose
0x14034f300 FindFirstFileW
0x14034f308 FindNextFileW
0x14034f310 WideCharToMultiByte
0x14034f318 GetFileType
0x14034f320 WriteFile
0x14034f328 ConvertFiberToThread
0x14034f330 ConvertThreadToFiber
0x14034f338 QueryPerformanceCounter
0x14034f340 GetCurrentProcessId
0x14034f348 GetSystemTimeAsFileTime
0x14034f350 FreeLibrary
0x14034f358 LoadLibraryA
0x14034f360 LoadLibraryW
0x14034f368 GetEnvironmentVariableW
0x14034f370 ReadConsoleA
0x14034f378 ReadConsoleW
0x14034f380 PostQueuedCompletionStatus
0x14034f388 CreateFileA
0x14034f390 DuplicateHandle
0x14034f398 SetEvent
0x14034f3a0 ResetEvent
0x14034f3a8 WaitForSingleObject
0x14034f3b0 CreateEventA
0x14034f3b8 Sleep
0x14034f3c0 QueueUserWorkItem
0x14034f3c8 RegisterWaitForSingleObject
0x14034f3d0 UnregisterWait
0x14034f3d8 GetNumberOfConsoleInputEvents
0x14034f3e0 ReadConsoleInputW
0x14034f3e8 FillConsoleOutputCharacterW
0x14034f3f0 FillConsoleOutputAttribute
0x14034f3f8 GetConsoleCursorInfo
0x14034f400 SetConsoleCursorInfo
0x14034f408 GetConsoleScreenBufferInfo
0x14034f410 SetConsoleCursorPosition
0x14034f418 SetConsoleTextAttribute
0x14034f420 WriteConsoleInputW
0x14034f428 VerSetConditionMask
0x14034f430 GetEnvironmentStringsW
0x14034f438 FreeEnvironmentStringsW
0x14034f440 DeleteTimerQueueTimer
0x14034f448 SetCurrentDirectoryW
0x14034f450 SetConsoleTitleA
0x14034f458 GetTempPathW
0x14034f460 QueryPerformanceFrequency
0x14034f468 InitializeCriticalSection
0x14034f470 GlobalMemoryStatusEx
0x14034f478 GetSystemInfo
0x14034f480 GetVersionExW
0x14034f488 VerifyVersionInfoA
0x14034f490 FileTimeToSystemTime
0x14034f498 K32GetProcessMemoryInfo
0x14034f4a0 CreateDirectoryW
0x14034f4a8 FlushFileBuffers
0x14034f4b0 GetDiskFreeSpaceW
0x14034f4b8 GetFileAttributesW
0x14034f4c0 GetFileInformationByHandle
0x14034f4c8 GetFileSizeEx
0x14034f4d0 GetFinalPathNameByHandleW
0x14034f4d8 GetFullPathNameW
0x14034f4e0 ReadFile
0x14034f4e8 RemoveDirectoryW
0x14034f4f0 SetFilePointerEx
0x14034f4f8 SetFileTime
0x14034f500 RtlUnwind
0x14034f508 FlushViewOfFile
0x14034f510 UnmapViewOfFile
0x14034f518 CreateFileMappingA
0x14034f520 ReOpenFile
0x14034f528 CopyFileW
0x14034f530 MoveFileExW
0x14034f538 CreateHardLinkW
0x14034f540 GetFileInformationByHandleEx
0x14034f548 CreateSymbolicLinkW
0x14034f550 SetConsoleCtrlHandler
0x14034f558 GetLongPathNameW
0x14034f560 GetShortPathNameW
0x14034f568 CreateIoCompletionPort
0x14034f570 ReadDirectoryChangesW
0x14034f578 SetHandleInformation
0x14034f580 CancelIo
0x14034f588 SwitchToThread
0x14034f590 SetFileCompletionNotificationModes
0x14034f598 LoadLibraryExW
0x14034f5a0 FormatMessageA
0x14034f5a8 SetErrorMode
0x14034f5b0 GetQueuedCompletionStatus
0x14034f5b8 ConnectNamedPipe
0x14034f5c0 PeekNamedPipe
0x14034f5c8 CreateNamedPipeW
0x14034f5d0 CancelIoEx
0x14034f5d8 CancelSynchronousIo
0x14034f5e0 TerminateProcess
0x14034f5e8 GetExitCodeProcess
0x14034f5f0 UnregisterWaitEx
0x14034f5f8 LCMapStringW
0x14034f600 DebugBreak
0x14034f608 TryEnterCriticalSection
0x14034f610 InitializeConditionVariable
0x14034f618 WakeConditionVariable
0x14034f620 SleepConditionVariableCS
0x14034f628 ReleaseSemaphore
0x14034f630 ResumeThread
0x14034f638 GetNativeSystemInfo
0x14034f640 CreateSemaphoreA
0x14034f648 GetModuleHandleA
0x14034f650 GetStartupInfoW
0x14034f658 GetModuleFileNameA
0x14034f660 GetVersionExA
0x14034f668 GetProcessAffinityMask
0x14034f670 SetProcessAffinityMask
0x14034f678 SetThreadAffinityMask
0x14034f680 GetComputerNameA
0x14034f688 CreateTimerQueueTimer
0x14034f690 GetLogicalProcessorInformation
0x14034f698 GetThreadPriority
0x14034f6a0 CreateThread
0x14034f6a8 SignalObjectAndWait
0x14034f6b0 CreateTimerQueue
0x14034f6b8 InitializeSListHead
0x14034f6c0 IsDebuggerPresent
0x14034f6c8 IsProcessorFeaturePresent
0x14034f6d0 SetUnhandledExceptionFilter
0x14034f6d8 UnhandledExceptionFilter
0x14034f6e0 RtlVirtualUnwind
0x14034f6e8 RtlLookupFunctionEntry
0x14034f6f0 RtlCaptureContext
0x14034f6f8 GetStdHandle
0x14034f700 WriteConsoleW
0x14034f708 GetCurrentDirectoryW
0x14034f710 ChangeTimerQueueTimer
0x14034f718 GetNumaHighestNodeNumber
0x14034f720 GetThreadTimes
0x14034f728 FreeLibraryAndExitThread
0x14034f730 InterlockedPopEntrySList
0x14034f738 InterlockedPushEntrySList
0x14034f740 InterlockedFlushSList
0x14034f748 QueryDepthSList
0x14034f750 RtlUnwindEx
0x14034f758 RtlPcToFileHeader
0x14034f760 RaiseException
0x14034f768 SetStdHandle
0x14034f770 GetCommandLineA
0x14034f778 GetCommandLineW
0x14034f780 ExitThread
0x14034f788 GetDriveTypeW
0x14034f790 SystemTimeToTzSpecificLocalTime
0x14034f798 ExitProcess
0x14034f7a0 GetFileAttributesExW
0x14034f7a8 SetFileAttributesW
0x14034f7b0 GetConsoleCP
0x14034f7b8 IsValidLocale
0x14034f7c0 GetUserDefaultLCID
0x14034f7c8 EnumSystemLocalesW
0x14034f7d0 HeapReAlloc
0x14034f7d8 GetTimeZoneInformation
0x14034f7e0 HeapSize
0x14034f7e8 SetEndOfFile
0x14034f7f0 FindFirstFileExW
0x14034f7f8 IsValidCodePage
0x14034f800 GetACP
0x14034f808 GetOEMCP
0x14034f810 SetEnvironmentVariableW
0x14034f818 MapViewOfFile
0x14034f820 GetStringTypeW
0x14034f828 GetLocaleInfoW
0x14034f830 WaitForSingleObjectEx
0x14034f838 GetExitCodeThread
0x14034f840 EncodePointer
0x14034f848 DecodePointer
0x14034f850 GetCPInfo
0x14034f858 CreateEventW
0x14034f860 CompareStringW
USER32.dll
0x14034f880 GetMessageA
0x14034f888 ShowWindow
0x14034f890 GetSystemMetrics
0x14034f898 MapVirtualKeyW
0x14034f8a0 DispatchMessageA
0x14034f8a8 TranslateMessage
0x14034f8b0 GetProcessWindowStation
0x14034f8b8 MessageBoxW
0x14034f8c0 GetUserObjectInformationW
0x14034f8c8 GetLastInputInfo
SHELL32.dll
0x14034f870 SHGetSpecialFolderPathA
ADVAPI32.dll
0x14034f000 SystemFunction036
0x14034f008 GetUserNameW
0x14034f010 CryptEnumProvidersW
0x14034f018 CryptSignHashW
0x14034f020 CryptDestroyHash
0x14034f028 CryptCreateHash
0x14034f030 CryptDecrypt
0x14034f038 CryptExportKey
0x14034f040 CryptGetUserKey
0x14034f048 CryptGetProvParam
0x14034f050 CryptSetHashParam
0x14034f058 CryptDestroyKey
0x14034f060 CryptReleaseContext
0x14034f068 CryptAcquireContextW
0x14034f070 ReportEventW
0x14034f078 RegisterEventSourceW
0x14034f080 DeregisterEventSource
0x14034f088 CreateServiceW
0x14034f090 QueryServiceStatus
0x14034f098 CloseServiceHandle
0x14034f0a0 OpenSCManagerW
0x14034f0a8 QueryServiceConfigA
0x14034f0b0 DeleteService
0x14034f0b8 ControlService
0x14034f0c0 StartServiceW
0x14034f0c8 OpenServiceW
0x14034f0d0 LookupPrivilegeValueW
0x14034f0d8 AdjustTokenPrivileges
0x14034f0e0 OpenProcessToken
0x14034f0e8 LsaOpenPolicy
0x14034f0f0 LsaAddAccountRights
0x14034f0f8 LsaClose
0x14034f100 GetTokenInformation
crypt.dll
0x14034f9d8 BCryptGenRandom
EAT(Export Address Table) is none