ScreenShot
| Created | 2022.08.26 08:02 | Machine | s1_win7_x6403 |
| Filename | mim.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (Mimikatz, GenericKD, HackTool, S13719266, Unsafe, Save, malicious, confidence, 100%, ZexaF, @u2@aiJ, Lsdi, Delpy, Eldorado, Windows, HKTL, ClipBanker, hxnzvn, Tool, HacktoolX, Gencirc, Malware@#3afv56ldzfowu, HTool, R + ATK, Apteryx, ASMalwS, PSWTroj, kcloud, score, R290617, ai score=94, BScope, TrojanPSW, CLASSIC, X3lLaFpRyMo, susgen, HackingTool) | ||
| md5 | 605d939941c5df2df5dbfb8ad84cfed4 | ||
| sha256 | 66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a | ||
| ssdeep | 24576:pACriKEO+AC//FSM4HO3+jMGlSKq0enXRxtP8B:91fc1dJ2SKEXk | ||
| imphash | ab42c8bd7175e5cbed6d5d942f376e7f | ||
| impfuzzy | 192:lUQG9i0nAYILmpdCuGIOF+WGrYGXTfZfWUQwFNS5BaGZ1QRZEvCdi66:l/mKLmv9HT5FNSd1QRZhdiX | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x49a000 CryptSetHashParam
0x49a004 CryptGetHashParam
0x49a008 CryptExportKey
0x49a00c CryptAcquireContextW
0x49a010 CryptSetKeyParam
0x49a014 CryptGetKeyParam
0x49a018 CryptReleaseContext
0x49a01c CryptDuplicateKey
0x49a020 CryptAcquireContextA
0x49a024 CryptGetProvParam
0x49a028 CryptImportKey
0x49a02c SystemFunction007
0x49a030 CryptEncrypt
0x49a034 CryptCreateHash
0x49a038 CryptGenKey
0x49a03c CryptDestroyKey
0x49a040 CryptDecrypt
0x49a044 CryptDestroyHash
0x49a048 CryptHashData
0x49a04c CopySid
0x49a050 GetLengthSid
0x49a054 LsaQueryInformationPolicy
0x49a058 LsaOpenPolicy
0x49a05c LsaClose
0x49a060 CreateWellKnownSid
0x49a064 CreateProcessWithLogonW
0x49a068 CreateProcessAsUserW
0x49a06c RegQueryValueExW
0x49a070 RegQueryInfoKeyW
0x49a074 RegEnumValueW
0x49a078 RegOpenKeyExW
0x49a07c RegEnumKeyExW
0x49a080 RegCloseKey
0x49a084 RegSetValueExW
0x49a088 SystemFunction032
0x49a08c ConvertSidToStringSidW
0x49a090 CreateServiceW
0x49a094 CloseServiceHandle
0x49a098 DeleteService
0x49a09c OpenSCManagerW
0x49a0a0 SetServiceObjectSecurity
0x49a0a4 OpenServiceW
0x49a0a8 BuildSecurityDescriptorW
0x49a0ac QueryServiceObjectSecurity
0x49a0b0 StartServiceW
0x49a0b4 AllocateAndInitializeSid
0x49a0b8 QueryServiceStatusEx
0x49a0bc FreeSid
0x49a0c0 ControlService
0x49a0c4 IsTextUnicode
0x49a0c8 OpenProcessToken
0x49a0cc GetTokenInformation
0x49a0d0 LookupAccountNameW
0x49a0d4 LookupAccountSidW
0x49a0d8 DuplicateTokenEx
0x49a0dc CheckTokenMembership
0x49a0e0 CryptSetProvParam
0x49a0e4 CryptEnumProvidersW
0x49a0e8 ConvertStringSidToSidW
0x49a0ec LsaFreeMemory
0x49a0f0 GetSidSubAuthority
0x49a0f4 GetSidSubAuthorityCount
0x49a0f8 IsValidSid
0x49a0fc SetThreadToken
0x49a100 CryptEnumProviderTypesW
0x49a104 SystemFunction006
0x49a108 CryptGetUserKey
0x49a10c OpenEventLogW
0x49a110 GetNumberOfEventLogRecords
0x49a114 ClearEventLogW
0x49a118 SystemFunction001
0x49a11c CryptDeriveKey
0x49a120 SystemFunction005
0x49a124 LsaQueryTrustedDomainInfoByName
0x49a128 CryptSignHashW
0x49a12c LsaSetSecret
0x49a130 LsaOpenSecret
0x49a134 LsaQuerySecret
0x49a138 SystemFunction013
0x49a13c LsaRetrievePrivateData
0x49a140 LsaEnumerateTrustedDomainsEx
0x49a144 LookupPrivilegeValueW
0x49a148 StartServiceCtrlDispatcherW
0x49a14c SetServiceStatus
0x49a150 RegisterServiceCtrlHandlerW
0x49a154 LookupPrivilegeNameW
0x49a158 OpenThreadToken
0x49a15c EqualSid
0x49a160 CredFree
0x49a164 CredEnumerateW
0x49a168 SystemFunction025
0x49a16c ConvertStringSecurityDescriptorToSecurityDescriptorW
0x49a170 SystemFunction024
0x49a174 CredIsMarshaledCredentialW
0x49a178 CredUnmarshalCredentialW
Cabinet.dll
0x49a1ec None
0x49a1f0 None
0x49a1f4 None
0x49a1f8 None
CRYPT32.dll
0x49a180 CertNameToStrW
0x49a184 CertEnumSystemStore
0x49a188 CertEnumCertificatesInStore
0x49a18c CertAddCertificateContextToStore
0x49a190 CryptDecodeObjectEx
0x49a194 CertAddEncodedCertificateToStore
0x49a198 CertOpenStore
0x49a19c CertFreeCertificateContext
0x49a1a0 CertCloseStore
0x49a1a4 CertSetCertificateContextProperty
0x49a1a8 PFXExportCertStoreEx
0x49a1ac CryptUnprotectData
0x49a1b0 CryptBinaryToStringW
0x49a1b4 CryptStringToBinaryA
0x49a1b8 CryptBinaryToStringA
0x49a1bc CryptStringToBinaryW
0x49a1c0 CryptExportPublicKeyInfo
0x49a1c4 CryptFindOIDInfo
0x49a1c8 CryptAcquireCertificatePrivateKey
0x49a1cc CertGetNameStringW
0x49a1d0 CertFindCertificateInStore
0x49a1d4 CertGetCertificateContextProperty
0x49a1d8 CryptSignAndEncodeCertificate
0x49a1dc CryptEncodeObject
0x49a1e0 CryptProtectData
0x49a1e4 CryptQueryObject
cryptdll.dll
0x49a76c MD5Update
0x49a770 MD5Final
0x49a774 CDGenerateRandomBits
0x49a778 CDLocateCSystem
0x49a77c MD5Init
0x49a780 CDLocateCheckSum
DNSAPI.dll
0x49a200 DnsFree
0x49a204 DnsQuery_A
FLTLIB.DLL
0x49a20c FilterFindFirst
0x49a210 FilterFindNext
NETAPI32.dll
0x49a478 NetServerGetInfo
0x49a47c NetStatisticsGet
0x49a480 NetShareEnum
0x49a484 DsEnumerateDomainTrustsW
0x49a488 DsGetDcNameW
0x49a48c NetApiBufferFree
0x49a490 NetRemoteTOD
0x49a494 NetSessionEnum
0x49a498 NetWkstaUserEnum
ole32.dll
0x49a974 CoTaskMemFree
0x49a978 CoInitializeEx
0x49a97c CoUninitialize
0x49a980 CoCreateInstance
OLEAUT32.dll
0x49a4a0 VariantInit
0x49a4a4 SysFreeString
0x49a4a8 SysAllocString
RPCRT4.dll
0x49a4b0 RpcMgmtEpEltInqNextW
0x49a4b4 RpcMgmtEpEltInqBegin
0x49a4b8 I_RpcGetCurrentCallHandle
0x49a4bc NdrClientCall2
0x49a4c0 RpcMgmtEpEltInqDone
0x49a4c4 RpcBindingFromStringBindingW
0x49a4c8 RpcStringBindingComposeW
0x49a4cc MesEncodeIncrementalHandleCreate
0x49a4d0 RpcBindingSetAuthInfoExW
0x49a4d4 RpcBindingInqAuthClientW
0x49a4d8 RpcBindingSetOption
0x49a4dc RpcImpersonateClient
0x49a4e0 RpcBindingFree
0x49a4e4 RpcStringFreeW
0x49a4e8 RpcRevertToSelf
0x49a4ec MesDecodeIncrementalHandleCreate
0x49a4f0 MesHandleFree
0x49a4f4 MesIncrementalHandleReset
0x49a4f8 NdrMesTypeDecode2
0x49a4fc NdrMesTypeAlignSize2
0x49a500 NdrMesTypeFree2
0x49a504 NdrMesTypeEncode2
0x49a508 RpcServerUnregisterIfEx
0x49a50c I_RpcBindingInqSecurityContext
0x49a510 RpcServerInqBindings
0x49a514 RpcServerListen
0x49a518 RpcMgmtWaitServerListen
0x49a51c RpcEpRegisterW
0x49a520 RpcMgmtStopServerListening
0x49a524 RpcBindingToStringBindingW
0x49a528 RpcServerRegisterIf2
0x49a52c RpcServerRegisterAuthInfoW
0x49a530 RpcBindingVectorFree
0x49a534 UuidToStringW
0x49a538 RpcServerUseProtseqEpW
0x49a53c RpcEpUnregister
0x49a540 NdrServerCall2
0x49a544 RpcBindingSetAuthInfoW
0x49a548 UuidCreate
0x49a54c RpcEpResolveBinding
SHLWAPI.dll
0x49a5cc PathIsDirectoryW
0x49a5d0 PathCanonicalizeW
0x49a5d4 PathCombineW
0x49a5d8 PathFindFileNameW
0x49a5dc PathIsRelativeW
SAMLIB.dll
0x49a554 SamiChangePasswordUser
0x49a558 SamSetInformationUser
0x49a55c SamConnect
0x49a560 SamEnumerateGroupsInDomain
0x49a564 SamOpenDomain
0x49a568 SamGetGroupsForUser
0x49a56c SamGetMembersInGroup
0x49a570 SamRidToSid
0x49a574 SamGetMembersInAlias
0x49a578 SamEnumerateAliasesInDomain
0x49a57c SamGetAliasMembership
0x49a580 SamQueryInformationUser
0x49a584 SamCloseHandle
0x49a588 SamEnumerateDomainsInSamServer
0x49a58c SamFreeMemory
0x49a590 SamEnumerateUsersInDomain
0x49a594 SamOpenUser
0x49a598 SamLookupDomainInSamServer
0x49a59c SamLookupNamesInDomain
0x49a5a0 SamLookupIdsInDomain
0x49a5a4 SamOpenGroup
0x49a5a8 SamOpenAlias
Secur32.dll
0x49a5e4 QueryContextAttributesW
0x49a5e8 LsaDeregisterLogonProcess
0x49a5ec FreeContextBuffer
0x49a5f0 LsaLookupAuthenticationPackage
0x49a5f4 LsaCallAuthenticationPackage
0x49a5f8 LsaConnectUntrusted
0x49a5fc DeleteSecurityContext
0x49a600 FreeCredentialsHandle
0x49a604 EnumerateSecurityPackagesW
0x49a608 AcquireCredentialsHandleW
0x49a60c InitializeSecurityContextW
0x49a610 LsaFreeReturnBuffer
SHELL32.dll
0x49a5c4 CommandLineToArgvW
USER32.dll
0x49a618 IsCharAlphaNumericW
0x49a61c GetKeyboardLayout
0x49a620 DispatchMessageW
0x49a624 DefWindowProcW
0x49a628 SetClipboardViewer
0x49a62c SendMessageW
0x49a630 GetClipboardSequenceNumber
0x49a634 OpenClipboard
0x49a638 CreateWindowExW
0x49a63c ChangeClipboardChain
0x49a640 GetClipboardData
0x49a644 RegisterClassExW
0x49a648 TranslateMessage
0x49a64c EnumClipboardFormats
0x49a650 PostMessageW
0x49a654 UnregisterClassW
0x49a658 GetMessageW
0x49a65c CloseClipboard
0x49a660 DestroyWindow
USERENV.dll
0x49a668 CreateEnvironmentBlock
0x49a66c DestroyEnvironmentBlock
VERSION.dll
0x49a674 GetFileVersionInfoSizeW
0x49a678 VerQueryValueW
0x49a67c GetFileVersionInfoW
HID.DLL
0x49a218 HidD_GetFeature
0x49a21c HidD_GetPreparsedData
0x49a220 HidD_GetHidGuid
0x49a224 HidD_GetAttributes
0x49a228 HidD_FreePreparsedData
0x49a22c HidP_GetCaps
0x49a230 HidD_SetFeature
SETUPAPI.dll
0x49a5b0 SetupDiGetDeviceInterfaceDetailW
0x49a5b4 SetupDiEnumDeviceInterfaces
0x49a5b8 SetupDiGetClassDevsW
0x49a5bc SetupDiDestroyDeviceInfoList
WinSCard.dll
0x49a72c SCardControl
0x49a730 SCardTransmit
0x49a734 SCardDisconnect
0x49a738 SCardGetAttrib
0x49a73c SCardEstablishContext
0x49a740 SCardFreeMemory
0x49a744 SCardListReadersW
0x49a748 SCardReleaseContext
0x49a74c SCardGetCardTypeProviderNameW
0x49a750 SCardListCardsW
0x49a754 SCardConnectW
WINSTA.dll
0x49a684 WinStationCloseServer
0x49a688 WinStationOpenServerW
0x49a68c WinStationFreeMemory
0x49a690 WinStationConnectW
0x49a694 WinStationQueryInformationW
0x49a698 WinStationEnumerateW
WLDAP32.dll
0x49a6a0 None
0x49a6a4 None
0x49a6a8 None
0x49a6ac None
0x49a6b0 None
0x49a6b4 None
0x49a6b8 None
0x49a6bc None
0x49a6c0 None
0x49a6c4 None
0x49a6c8 None
0x49a6cc None
0x49a6d0 None
0x49a6d4 None
0x49a6d8 None
0x49a6dc None
0x49a6e0 None
0x49a6e4 None
0x49a6e8 None
0x49a6ec None
0x49a6f0 None
0x49a6f4 None
0x49a6f8 None
0x49a6fc None
0x49a700 None
0x49a704 None
0x49a708 None
0x49a70c None
0x49a710 None
0x49a714 None
0x49a718 None
0x49a71c None
0x49a720 None
0x49a724 None
advapi32.dll
0x49a75c A_SHAFinal
0x49a760 A_SHAInit
0x49a764 A_SHAUpdate
msasn1.dll
0x49a788 ASN1_CreateModule
0x49a78c ASN1BERDotVal2Eoid
0x49a790 ASN1_CloseEncoder
0x49a794 ASN1_CreateDecoder
0x49a798 ASN1_FreeEncoded
0x49a79c ASN1_CloseModule
0x49a7a0 ASN1_CreateEncoder
0x49a7a4 ASN1_CloseDecoder
ntdll.dll
0x49a8f0 RtlUnicodeStringToAnsiString
0x49a8f4 RtlFreeAnsiString
0x49a8f8 RtlDowncaseUnicodeString
0x49a8fc RtlFreeUnicodeString
0x49a900 RtlInitUnicodeString
0x49a904 RtlEqualUnicodeString
0x49a908 NtQueryObject
0x49a90c RtlCompressBuffer
0x49a910 RtlGetCompressionWorkSpaceSize
0x49a914 NtQuerySystemInformation
0x49a918 RtlGetCurrentPeb
0x49a91c NtQueryInformationProcess
0x49a920 RtlCreateUserThread
0x49a924 RtlGUIDFromString
0x49a928 RtlStringFromGUID
0x49a92c NtCompareTokens
0x49a930 RtlGetNtVersionNumbers
0x49a934 RtlEqualString
0x49a938 RtlUpcaseUnicodeString
0x49a93c RtlAppendUnicodeStringToString
0x49a940 RtlAnsiStringToUnicodeString
0x49a944 RtlFreeOemString
0x49a948 RtlUpcaseUnicodeStringToOemString
0x49a94c NtResumeProcess
0x49a950 RtlAdjustPrivilege
0x49a954 NtSuspendProcess
0x49a958 NtTerminateProcess
0x49a95c NtQuerySystemEnvironmentValueEx
0x49a960 NtSetSystemEnvironmentValueEx
0x49a964 NtEnumerateSystemEnvironmentValuesEx
0x49a968 RtlIpv4AddressToStringW
0x49a96c RtlIpv6AddressToStringW
netapi32.dll
0x49a8e0 I_NetServerAuthenticate2
0x49a8e4 I_NetServerTrustPasswordsGet
0x49a8e8 I_NetServerReqChallenge
KERNEL32.dll
0x49a238 GetTimeFormatW
0x49a23c WideCharToMultiByte
0x49a240 GetSystemTimeAsFileTime
0x49a244 SystemTimeToFileTime
0x49a248 lstrlenA
0x49a24c GetDateFormatW
0x49a250 PurgeComm
0x49a254 ClearCommError
0x49a258 CreateRemoteThread
0x49a25c InterlockedExchange
0x49a260 SetFilePointerEx
0x49a264 GetProcessId
0x49a268 GetComputerNameW
0x49a26c WaitForSingleObject
0x49a270 SetLastError
0x49a274 CreateProcessW
0x49a278 SetConsoleOutputCP
0x49a27c GetConsoleOutputCP
0x49a280 CreateFileMappingW
0x49a284 UnmapViewOfFile
0x49a288 MapViewOfFile
0x49a28c WriteProcessMemory
0x49a290 VirtualProtect
0x49a294 VirtualAllocEx
0x49a298 VirtualProtectEx
0x49a29c VirtualAlloc
0x49a2a0 ReadProcessMemory
0x49a2a4 VirtualFreeEx
0x49a2a8 VirtualQueryEx
0x49a2ac VirtualFree
0x49a2b0 VirtualQuery
0x49a2b4 GetComputerNameExW
0x49a2b8 DeviceIoControl
0x49a2bc DuplicateHandle
0x49a2c0 OpenProcess
0x49a2c4 GetCurrentProcess
0x49a2c8 ExpandEnvironmentStringsW
0x49a2cc FindNextFileW
0x49a2d0 FindClose
0x49a2d4 GetCurrentDirectoryW
0x49a2d8 GetFileSizeEx
0x49a2dc FlushFileBuffers
0x49a2e0 GetFileAttributesW
0x49a2e4 FindFirstFileW
0x49a2e8 lstrlenW
0x49a2ec GetProcAddress
0x49a2f0 LoadLibraryW
0x49a2f4 GetModuleHandleW
0x49a2f8 FreeLibrary
0x49a2fc DeleteFileA
0x49a300 GetTempPathA
0x49a304 GetFileInformationByHandle
0x49a308 FileTimeToLocalFileTime
0x49a30c GetCurrentDirectoryA
0x49a310 GetTempFileNameA
0x49a314 SetFilePointer
0x49a318 CreateFileA
0x49a31c FileTimeToDosDateTime
0x49a320 GetFullPathNameW
0x49a324 LocalFree
0x49a328 CloseHandle
0x49a32c LocalAlloc
0x49a330 GetLastError
0x49a334 CreateFileW
0x49a338 ReadFile
0x49a33c Sleep
0x49a340 TerminateThread
0x49a344 WriteFile
0x49a348 FileTimeToSystemTime
0x49a34c HeapReAlloc
0x49a350 GetFileSize
0x49a354 CreateMutexW
0x49a358 HeapCompact
0x49a35c SetEndOfFile
0x49a360 HeapAlloc
0x49a364 QueryPerformanceCounter
0x49a368 HeapFree
0x49a36c InterlockedCompareExchange
0x49a370 UnlockFile
0x49a374 FlushViewOfFile
0x49a378 LockFile
0x49a37c WaitForSingleObjectEx
0x49a380 OutputDebugStringW
0x49a384 GetTickCount
0x49a388 GetFullPathNameA
0x49a38c UnlockFileEx
0x49a390 GetProcessHeap
0x49a394 FormatMessageA
0x49a398 FormatMessageW
0x49a39c GetVersionExW
0x49a3a0 HeapDestroy
0x49a3a4 GetFileAttributesA
0x49a3a8 HeapCreate
0x49a3ac HeapValidate
0x49a3b0 MultiByteToWideChar
0x49a3b4 GetTempPathW
0x49a3b8 HeapSize
0x49a3bc LockFileEx
0x49a3c0 GetDiskFreeSpaceW
0x49a3c4 LoadLibraryA
0x49a3c8 CreateFileMappingA
0x49a3cc GetDiskFreeSpaceA
0x49a3d0 GetSystemInfo
0x49a3d4 GetFileAttributesExW
0x49a3d8 OutputDebugStringA
0x49a3dc GetVersionExA
0x49a3e0 DeleteFileW
0x49a3e4 GetCurrentProcessId
0x49a3e8 GetSystemTime
0x49a3ec AreFileApisANSI
0x49a3f0 ExitProcess
0x49a3f4 ExitThread
0x49a3f8 RaiseException
0x49a3fc SetConsoleCtrlHandler
0x49a400 SetConsoleTitleW
0x49a404 SetFileAttributesW
0x49a408 GlobalSize
0x49a40c SetHandleInformation
0x49a410 CreatePipe
0x49a414 InitializeCriticalSection
0x49a418 LeaveCriticalSection
0x49a41c EnterCriticalSection
0x49a420 DeleteCriticalSection
0x49a424 SetEvent
0x49a428 GetCurrentThreadId
0x49a42c GetModuleHandleA
0x49a430 GetVersion
0x49a434 SetUnhandledExceptionFilter
0x49a438 UnhandledExceptionFilter
0x49a43c TerminateProcess
0x49a440 CreateThread
0x49a444 RtlUnwind
0x49a448 CreateEventW
0x49a44c GetSystemDirectoryW
0x49a450 SetConsoleCursorPosition
0x49a454 GetTimeZoneInformation
0x49a458 GetStdHandle
0x49a45c ProcessIdToSessionId
0x49a460 GetCurrentThread
0x49a464 SetCurrentDirectoryW
0x49a468 IsWow64Process
0x49a46c GetConsoleScreenBufferInfo
0x49a470 FillConsoleOutputCharacterW
msvcrt.dll
0x49a7ac calloc
0x49a7b0 __set_app_type
0x49a7b4 isdigit
0x49a7b8 _read
0x49a7bc _lseeki64
0x49a7c0 mbtowc
0x49a7c4 __mb_cur_max
0x49a7c8 isleadbyte
0x49a7cc isxdigit
0x49a7d0 localeconv
0x49a7d4 _snprintf
0x49a7d8 _itoa
0x49a7dc wctomb
0x49a7e0 ferror
0x49a7e4 iswctype
0x49a7e8 wcstombs
0x49a7ec _write
0x49a7f0 _isatty
0x49a7f4 ungetc
0x49a7f8 ?terminate@@YAXXZ
0x49a7fc _controlfp
0x49a800 __badioinfo
0x49a804 __pioinfo
0x49a808 __p__fmode
0x49a80c isspace
0x49a810 strrchr
0x49a814 __p__commode
0x49a818 __setusermatherr
0x49a81c _amsg_exit
0x49a820 _initterm
0x49a824 exit
0x49a828 _errno
0x49a82c free
0x49a830 _wcsdup
0x49a834 _vsnprintf
0x49a838 _except_handler3
0x49a83c _wcsicmp
0x49a840 vfwprintf
0x49a844 _vscwprintf
0x49a848 fflush
0x49a84c _wfopen
0x49a850 wprintf
0x49a854 _fileno
0x49a858 _iob
0x49a85c vwprintf
0x49a860 _setmode
0x49a864 fclose
0x49a868 _stricmp
0x49a86c wcsrchr
0x49a870 wcschr
0x49a874 strtoul
0x49a878 _wcsnicmp
0x49a87c wcsstr
0x49a880 _vscprintf
0x49a884 memmove
0x49a888 strncmp
0x49a88c malloc
0x49a890 _msize
0x49a894 strcspn
0x49a898 realloc
0x49a89c fgetws
0x49a8a0 wcstoul
0x49a8a4 strchr
0x49a8a8 wcstol
0x49a8ac wcsncmp
0x49a8b0 towupper
0x49a8b4 _wpgmptr
0x49a8b8 strstr
0x49a8bc _wcstoui64
0x49a8c0 getchar
0x49a8c4 memset
0x49a8c8 memcpy
0x49a8cc __wgetmainargs
0x49a8d0 _cexit
0x49a8d4 _exit
0x49a8d8 _XcptFilter
EAT(Export Address Table) is none
ADVAPI32.dll
0x49a000 CryptSetHashParam
0x49a004 CryptGetHashParam
0x49a008 CryptExportKey
0x49a00c CryptAcquireContextW
0x49a010 CryptSetKeyParam
0x49a014 CryptGetKeyParam
0x49a018 CryptReleaseContext
0x49a01c CryptDuplicateKey
0x49a020 CryptAcquireContextA
0x49a024 CryptGetProvParam
0x49a028 CryptImportKey
0x49a02c SystemFunction007
0x49a030 CryptEncrypt
0x49a034 CryptCreateHash
0x49a038 CryptGenKey
0x49a03c CryptDestroyKey
0x49a040 CryptDecrypt
0x49a044 CryptDestroyHash
0x49a048 CryptHashData
0x49a04c CopySid
0x49a050 GetLengthSid
0x49a054 LsaQueryInformationPolicy
0x49a058 LsaOpenPolicy
0x49a05c LsaClose
0x49a060 CreateWellKnownSid
0x49a064 CreateProcessWithLogonW
0x49a068 CreateProcessAsUserW
0x49a06c RegQueryValueExW
0x49a070 RegQueryInfoKeyW
0x49a074 RegEnumValueW
0x49a078 RegOpenKeyExW
0x49a07c RegEnumKeyExW
0x49a080 RegCloseKey
0x49a084 RegSetValueExW
0x49a088 SystemFunction032
0x49a08c ConvertSidToStringSidW
0x49a090 CreateServiceW
0x49a094 CloseServiceHandle
0x49a098 DeleteService
0x49a09c OpenSCManagerW
0x49a0a0 SetServiceObjectSecurity
0x49a0a4 OpenServiceW
0x49a0a8 BuildSecurityDescriptorW
0x49a0ac QueryServiceObjectSecurity
0x49a0b0 StartServiceW
0x49a0b4 AllocateAndInitializeSid
0x49a0b8 QueryServiceStatusEx
0x49a0bc FreeSid
0x49a0c0 ControlService
0x49a0c4 IsTextUnicode
0x49a0c8 OpenProcessToken
0x49a0cc GetTokenInformation
0x49a0d0 LookupAccountNameW
0x49a0d4 LookupAccountSidW
0x49a0d8 DuplicateTokenEx
0x49a0dc CheckTokenMembership
0x49a0e0 CryptSetProvParam
0x49a0e4 CryptEnumProvidersW
0x49a0e8 ConvertStringSidToSidW
0x49a0ec LsaFreeMemory
0x49a0f0 GetSidSubAuthority
0x49a0f4 GetSidSubAuthorityCount
0x49a0f8 IsValidSid
0x49a0fc SetThreadToken
0x49a100 CryptEnumProviderTypesW
0x49a104 SystemFunction006
0x49a108 CryptGetUserKey
0x49a10c OpenEventLogW
0x49a110 GetNumberOfEventLogRecords
0x49a114 ClearEventLogW
0x49a118 SystemFunction001
0x49a11c CryptDeriveKey
0x49a120 SystemFunction005
0x49a124 LsaQueryTrustedDomainInfoByName
0x49a128 CryptSignHashW
0x49a12c LsaSetSecret
0x49a130 LsaOpenSecret
0x49a134 LsaQuerySecret
0x49a138 SystemFunction013
0x49a13c LsaRetrievePrivateData
0x49a140 LsaEnumerateTrustedDomainsEx
0x49a144 LookupPrivilegeValueW
0x49a148 StartServiceCtrlDispatcherW
0x49a14c SetServiceStatus
0x49a150 RegisterServiceCtrlHandlerW
0x49a154 LookupPrivilegeNameW
0x49a158 OpenThreadToken
0x49a15c EqualSid
0x49a160 CredFree
0x49a164 CredEnumerateW
0x49a168 SystemFunction025
0x49a16c ConvertStringSecurityDescriptorToSecurityDescriptorW
0x49a170 SystemFunction024
0x49a174 CredIsMarshaledCredentialW
0x49a178 CredUnmarshalCredentialW
Cabinet.dll
0x49a1ec None
0x49a1f0 None
0x49a1f4 None
0x49a1f8 None
CRYPT32.dll
0x49a180 CertNameToStrW
0x49a184 CertEnumSystemStore
0x49a188 CertEnumCertificatesInStore
0x49a18c CertAddCertificateContextToStore
0x49a190 CryptDecodeObjectEx
0x49a194 CertAddEncodedCertificateToStore
0x49a198 CertOpenStore
0x49a19c CertFreeCertificateContext
0x49a1a0 CertCloseStore
0x49a1a4 CertSetCertificateContextProperty
0x49a1a8 PFXExportCertStoreEx
0x49a1ac CryptUnprotectData
0x49a1b0 CryptBinaryToStringW
0x49a1b4 CryptStringToBinaryA
0x49a1b8 CryptBinaryToStringA
0x49a1bc CryptStringToBinaryW
0x49a1c0 CryptExportPublicKeyInfo
0x49a1c4 CryptFindOIDInfo
0x49a1c8 CryptAcquireCertificatePrivateKey
0x49a1cc CertGetNameStringW
0x49a1d0 CertFindCertificateInStore
0x49a1d4 CertGetCertificateContextProperty
0x49a1d8 CryptSignAndEncodeCertificate
0x49a1dc CryptEncodeObject
0x49a1e0 CryptProtectData
0x49a1e4 CryptQueryObject
cryptdll.dll
0x49a76c MD5Update
0x49a770 MD5Final
0x49a774 CDGenerateRandomBits
0x49a778 CDLocateCSystem
0x49a77c MD5Init
0x49a780 CDLocateCheckSum
DNSAPI.dll
0x49a200 DnsFree
0x49a204 DnsQuery_A
FLTLIB.DLL
0x49a20c FilterFindFirst
0x49a210 FilterFindNext
NETAPI32.dll
0x49a478 NetServerGetInfo
0x49a47c NetStatisticsGet
0x49a480 NetShareEnum
0x49a484 DsEnumerateDomainTrustsW
0x49a488 DsGetDcNameW
0x49a48c NetApiBufferFree
0x49a490 NetRemoteTOD
0x49a494 NetSessionEnum
0x49a498 NetWkstaUserEnum
ole32.dll
0x49a974 CoTaskMemFree
0x49a978 CoInitializeEx
0x49a97c CoUninitialize
0x49a980 CoCreateInstance
OLEAUT32.dll
0x49a4a0 VariantInit
0x49a4a4 SysFreeString
0x49a4a8 SysAllocString
RPCRT4.dll
0x49a4b0 RpcMgmtEpEltInqNextW
0x49a4b4 RpcMgmtEpEltInqBegin
0x49a4b8 I_RpcGetCurrentCallHandle
0x49a4bc NdrClientCall2
0x49a4c0 RpcMgmtEpEltInqDone
0x49a4c4 RpcBindingFromStringBindingW
0x49a4c8 RpcStringBindingComposeW
0x49a4cc MesEncodeIncrementalHandleCreate
0x49a4d0 RpcBindingSetAuthInfoExW
0x49a4d4 RpcBindingInqAuthClientW
0x49a4d8 RpcBindingSetOption
0x49a4dc RpcImpersonateClient
0x49a4e0 RpcBindingFree
0x49a4e4 RpcStringFreeW
0x49a4e8 RpcRevertToSelf
0x49a4ec MesDecodeIncrementalHandleCreate
0x49a4f0 MesHandleFree
0x49a4f4 MesIncrementalHandleReset
0x49a4f8 NdrMesTypeDecode2
0x49a4fc NdrMesTypeAlignSize2
0x49a500 NdrMesTypeFree2
0x49a504 NdrMesTypeEncode2
0x49a508 RpcServerUnregisterIfEx
0x49a50c I_RpcBindingInqSecurityContext
0x49a510 RpcServerInqBindings
0x49a514 RpcServerListen
0x49a518 RpcMgmtWaitServerListen
0x49a51c RpcEpRegisterW
0x49a520 RpcMgmtStopServerListening
0x49a524 RpcBindingToStringBindingW
0x49a528 RpcServerRegisterIf2
0x49a52c RpcServerRegisterAuthInfoW
0x49a530 RpcBindingVectorFree
0x49a534 UuidToStringW
0x49a538 RpcServerUseProtseqEpW
0x49a53c RpcEpUnregister
0x49a540 NdrServerCall2
0x49a544 RpcBindingSetAuthInfoW
0x49a548 UuidCreate
0x49a54c RpcEpResolveBinding
SHLWAPI.dll
0x49a5cc PathIsDirectoryW
0x49a5d0 PathCanonicalizeW
0x49a5d4 PathCombineW
0x49a5d8 PathFindFileNameW
0x49a5dc PathIsRelativeW
SAMLIB.dll
0x49a554 SamiChangePasswordUser
0x49a558 SamSetInformationUser
0x49a55c SamConnect
0x49a560 SamEnumerateGroupsInDomain
0x49a564 SamOpenDomain
0x49a568 SamGetGroupsForUser
0x49a56c SamGetMembersInGroup
0x49a570 SamRidToSid
0x49a574 SamGetMembersInAlias
0x49a578 SamEnumerateAliasesInDomain
0x49a57c SamGetAliasMembership
0x49a580 SamQueryInformationUser
0x49a584 SamCloseHandle
0x49a588 SamEnumerateDomainsInSamServer
0x49a58c SamFreeMemory
0x49a590 SamEnumerateUsersInDomain
0x49a594 SamOpenUser
0x49a598 SamLookupDomainInSamServer
0x49a59c SamLookupNamesInDomain
0x49a5a0 SamLookupIdsInDomain
0x49a5a4 SamOpenGroup
0x49a5a8 SamOpenAlias
Secur32.dll
0x49a5e4 QueryContextAttributesW
0x49a5e8 LsaDeregisterLogonProcess
0x49a5ec FreeContextBuffer
0x49a5f0 LsaLookupAuthenticationPackage
0x49a5f4 LsaCallAuthenticationPackage
0x49a5f8 LsaConnectUntrusted
0x49a5fc DeleteSecurityContext
0x49a600 FreeCredentialsHandle
0x49a604 EnumerateSecurityPackagesW
0x49a608 AcquireCredentialsHandleW
0x49a60c InitializeSecurityContextW
0x49a610 LsaFreeReturnBuffer
SHELL32.dll
0x49a5c4 CommandLineToArgvW
USER32.dll
0x49a618 IsCharAlphaNumericW
0x49a61c GetKeyboardLayout
0x49a620 DispatchMessageW
0x49a624 DefWindowProcW
0x49a628 SetClipboardViewer
0x49a62c SendMessageW
0x49a630 GetClipboardSequenceNumber
0x49a634 OpenClipboard
0x49a638 CreateWindowExW
0x49a63c ChangeClipboardChain
0x49a640 GetClipboardData
0x49a644 RegisterClassExW
0x49a648 TranslateMessage
0x49a64c EnumClipboardFormats
0x49a650 PostMessageW
0x49a654 UnregisterClassW
0x49a658 GetMessageW
0x49a65c CloseClipboard
0x49a660 DestroyWindow
USERENV.dll
0x49a668 CreateEnvironmentBlock
0x49a66c DestroyEnvironmentBlock
VERSION.dll
0x49a674 GetFileVersionInfoSizeW
0x49a678 VerQueryValueW
0x49a67c GetFileVersionInfoW
HID.DLL
0x49a218 HidD_GetFeature
0x49a21c HidD_GetPreparsedData
0x49a220 HidD_GetHidGuid
0x49a224 HidD_GetAttributes
0x49a228 HidD_FreePreparsedData
0x49a22c HidP_GetCaps
0x49a230 HidD_SetFeature
SETUPAPI.dll
0x49a5b0 SetupDiGetDeviceInterfaceDetailW
0x49a5b4 SetupDiEnumDeviceInterfaces
0x49a5b8 SetupDiGetClassDevsW
0x49a5bc SetupDiDestroyDeviceInfoList
WinSCard.dll
0x49a72c SCardControl
0x49a730 SCardTransmit
0x49a734 SCardDisconnect
0x49a738 SCardGetAttrib
0x49a73c SCardEstablishContext
0x49a740 SCardFreeMemory
0x49a744 SCardListReadersW
0x49a748 SCardReleaseContext
0x49a74c SCardGetCardTypeProviderNameW
0x49a750 SCardListCardsW
0x49a754 SCardConnectW
WINSTA.dll
0x49a684 WinStationCloseServer
0x49a688 WinStationOpenServerW
0x49a68c WinStationFreeMemory
0x49a690 WinStationConnectW
0x49a694 WinStationQueryInformationW
0x49a698 WinStationEnumerateW
WLDAP32.dll
0x49a6a0 None
0x49a6a4 None
0x49a6a8 None
0x49a6ac None
0x49a6b0 None
0x49a6b4 None
0x49a6b8 None
0x49a6bc None
0x49a6c0 None
0x49a6c4 None
0x49a6c8 None
0x49a6cc None
0x49a6d0 None
0x49a6d4 None
0x49a6d8 None
0x49a6dc None
0x49a6e0 None
0x49a6e4 None
0x49a6e8 None
0x49a6ec None
0x49a6f0 None
0x49a6f4 None
0x49a6f8 None
0x49a6fc None
0x49a700 None
0x49a704 None
0x49a708 None
0x49a70c None
0x49a710 None
0x49a714 None
0x49a718 None
0x49a71c None
0x49a720 None
0x49a724 None
advapi32.dll
0x49a75c A_SHAFinal
0x49a760 A_SHAInit
0x49a764 A_SHAUpdate
msasn1.dll
0x49a788 ASN1_CreateModule
0x49a78c ASN1BERDotVal2Eoid
0x49a790 ASN1_CloseEncoder
0x49a794 ASN1_CreateDecoder
0x49a798 ASN1_FreeEncoded
0x49a79c ASN1_CloseModule
0x49a7a0 ASN1_CreateEncoder
0x49a7a4 ASN1_CloseDecoder
ntdll.dll
0x49a8f0 RtlUnicodeStringToAnsiString
0x49a8f4 RtlFreeAnsiString
0x49a8f8 RtlDowncaseUnicodeString
0x49a8fc RtlFreeUnicodeString
0x49a900 RtlInitUnicodeString
0x49a904 RtlEqualUnicodeString
0x49a908 NtQueryObject
0x49a90c RtlCompressBuffer
0x49a910 RtlGetCompressionWorkSpaceSize
0x49a914 NtQuerySystemInformation
0x49a918 RtlGetCurrentPeb
0x49a91c NtQueryInformationProcess
0x49a920 RtlCreateUserThread
0x49a924 RtlGUIDFromString
0x49a928 RtlStringFromGUID
0x49a92c NtCompareTokens
0x49a930 RtlGetNtVersionNumbers
0x49a934 RtlEqualString
0x49a938 RtlUpcaseUnicodeString
0x49a93c RtlAppendUnicodeStringToString
0x49a940 RtlAnsiStringToUnicodeString
0x49a944 RtlFreeOemString
0x49a948 RtlUpcaseUnicodeStringToOemString
0x49a94c NtResumeProcess
0x49a950 RtlAdjustPrivilege
0x49a954 NtSuspendProcess
0x49a958 NtTerminateProcess
0x49a95c NtQuerySystemEnvironmentValueEx
0x49a960 NtSetSystemEnvironmentValueEx
0x49a964 NtEnumerateSystemEnvironmentValuesEx
0x49a968 RtlIpv4AddressToStringW
0x49a96c RtlIpv6AddressToStringW
netapi32.dll
0x49a8e0 I_NetServerAuthenticate2
0x49a8e4 I_NetServerTrustPasswordsGet
0x49a8e8 I_NetServerReqChallenge
KERNEL32.dll
0x49a238 GetTimeFormatW
0x49a23c WideCharToMultiByte
0x49a240 GetSystemTimeAsFileTime
0x49a244 SystemTimeToFileTime
0x49a248 lstrlenA
0x49a24c GetDateFormatW
0x49a250 PurgeComm
0x49a254 ClearCommError
0x49a258 CreateRemoteThread
0x49a25c InterlockedExchange
0x49a260 SetFilePointerEx
0x49a264 GetProcessId
0x49a268 GetComputerNameW
0x49a26c WaitForSingleObject
0x49a270 SetLastError
0x49a274 CreateProcessW
0x49a278 SetConsoleOutputCP
0x49a27c GetConsoleOutputCP
0x49a280 CreateFileMappingW
0x49a284 UnmapViewOfFile
0x49a288 MapViewOfFile
0x49a28c WriteProcessMemory
0x49a290 VirtualProtect
0x49a294 VirtualAllocEx
0x49a298 VirtualProtectEx
0x49a29c VirtualAlloc
0x49a2a0 ReadProcessMemory
0x49a2a4 VirtualFreeEx
0x49a2a8 VirtualQueryEx
0x49a2ac VirtualFree
0x49a2b0 VirtualQuery
0x49a2b4 GetComputerNameExW
0x49a2b8 DeviceIoControl
0x49a2bc DuplicateHandle
0x49a2c0 OpenProcess
0x49a2c4 GetCurrentProcess
0x49a2c8 ExpandEnvironmentStringsW
0x49a2cc FindNextFileW
0x49a2d0 FindClose
0x49a2d4 GetCurrentDirectoryW
0x49a2d8 GetFileSizeEx
0x49a2dc FlushFileBuffers
0x49a2e0 GetFileAttributesW
0x49a2e4 FindFirstFileW
0x49a2e8 lstrlenW
0x49a2ec GetProcAddress
0x49a2f0 LoadLibraryW
0x49a2f4 GetModuleHandleW
0x49a2f8 FreeLibrary
0x49a2fc DeleteFileA
0x49a300 GetTempPathA
0x49a304 GetFileInformationByHandle
0x49a308 FileTimeToLocalFileTime
0x49a30c GetCurrentDirectoryA
0x49a310 GetTempFileNameA
0x49a314 SetFilePointer
0x49a318 CreateFileA
0x49a31c FileTimeToDosDateTime
0x49a320 GetFullPathNameW
0x49a324 LocalFree
0x49a328 CloseHandle
0x49a32c LocalAlloc
0x49a330 GetLastError
0x49a334 CreateFileW
0x49a338 ReadFile
0x49a33c Sleep
0x49a340 TerminateThread
0x49a344 WriteFile
0x49a348 FileTimeToSystemTime
0x49a34c HeapReAlloc
0x49a350 GetFileSize
0x49a354 CreateMutexW
0x49a358 HeapCompact
0x49a35c SetEndOfFile
0x49a360 HeapAlloc
0x49a364 QueryPerformanceCounter
0x49a368 HeapFree
0x49a36c InterlockedCompareExchange
0x49a370 UnlockFile
0x49a374 FlushViewOfFile
0x49a378 LockFile
0x49a37c WaitForSingleObjectEx
0x49a380 OutputDebugStringW
0x49a384 GetTickCount
0x49a388 GetFullPathNameA
0x49a38c UnlockFileEx
0x49a390 GetProcessHeap
0x49a394 FormatMessageA
0x49a398 FormatMessageW
0x49a39c GetVersionExW
0x49a3a0 HeapDestroy
0x49a3a4 GetFileAttributesA
0x49a3a8 HeapCreate
0x49a3ac HeapValidate
0x49a3b0 MultiByteToWideChar
0x49a3b4 GetTempPathW
0x49a3b8 HeapSize
0x49a3bc LockFileEx
0x49a3c0 GetDiskFreeSpaceW
0x49a3c4 LoadLibraryA
0x49a3c8 CreateFileMappingA
0x49a3cc GetDiskFreeSpaceA
0x49a3d0 GetSystemInfo
0x49a3d4 GetFileAttributesExW
0x49a3d8 OutputDebugStringA
0x49a3dc GetVersionExA
0x49a3e0 DeleteFileW
0x49a3e4 GetCurrentProcessId
0x49a3e8 GetSystemTime
0x49a3ec AreFileApisANSI
0x49a3f0 ExitProcess
0x49a3f4 ExitThread
0x49a3f8 RaiseException
0x49a3fc SetConsoleCtrlHandler
0x49a400 SetConsoleTitleW
0x49a404 SetFileAttributesW
0x49a408 GlobalSize
0x49a40c SetHandleInformation
0x49a410 CreatePipe
0x49a414 InitializeCriticalSection
0x49a418 LeaveCriticalSection
0x49a41c EnterCriticalSection
0x49a420 DeleteCriticalSection
0x49a424 SetEvent
0x49a428 GetCurrentThreadId
0x49a42c GetModuleHandleA
0x49a430 GetVersion
0x49a434 SetUnhandledExceptionFilter
0x49a438 UnhandledExceptionFilter
0x49a43c TerminateProcess
0x49a440 CreateThread
0x49a444 RtlUnwind
0x49a448 CreateEventW
0x49a44c GetSystemDirectoryW
0x49a450 SetConsoleCursorPosition
0x49a454 GetTimeZoneInformation
0x49a458 GetStdHandle
0x49a45c ProcessIdToSessionId
0x49a460 GetCurrentThread
0x49a464 SetCurrentDirectoryW
0x49a468 IsWow64Process
0x49a46c GetConsoleScreenBufferInfo
0x49a470 FillConsoleOutputCharacterW
msvcrt.dll
0x49a7ac calloc
0x49a7b0 __set_app_type
0x49a7b4 isdigit
0x49a7b8 _read
0x49a7bc _lseeki64
0x49a7c0 mbtowc
0x49a7c4 __mb_cur_max
0x49a7c8 isleadbyte
0x49a7cc isxdigit
0x49a7d0 localeconv
0x49a7d4 _snprintf
0x49a7d8 _itoa
0x49a7dc wctomb
0x49a7e0 ferror
0x49a7e4 iswctype
0x49a7e8 wcstombs
0x49a7ec _write
0x49a7f0 _isatty
0x49a7f4 ungetc
0x49a7f8 ?terminate@@YAXXZ
0x49a7fc _controlfp
0x49a800 __badioinfo
0x49a804 __pioinfo
0x49a808 __p__fmode
0x49a80c isspace
0x49a810 strrchr
0x49a814 __p__commode
0x49a818 __setusermatherr
0x49a81c _amsg_exit
0x49a820 _initterm
0x49a824 exit
0x49a828 _errno
0x49a82c free
0x49a830 _wcsdup
0x49a834 _vsnprintf
0x49a838 _except_handler3
0x49a83c _wcsicmp
0x49a840 vfwprintf
0x49a844 _vscwprintf
0x49a848 fflush
0x49a84c _wfopen
0x49a850 wprintf
0x49a854 _fileno
0x49a858 _iob
0x49a85c vwprintf
0x49a860 _setmode
0x49a864 fclose
0x49a868 _stricmp
0x49a86c wcsrchr
0x49a870 wcschr
0x49a874 strtoul
0x49a878 _wcsnicmp
0x49a87c wcsstr
0x49a880 _vscprintf
0x49a884 memmove
0x49a888 strncmp
0x49a88c malloc
0x49a890 _msize
0x49a894 strcspn
0x49a898 realloc
0x49a89c fgetws
0x49a8a0 wcstoul
0x49a8a4 strchr
0x49a8a8 wcstol
0x49a8ac wcsncmp
0x49a8b0 towupper
0x49a8b4 _wpgmptr
0x49a8b8 strstr
0x49a8bc _wcstoui64
0x49a8c0 getchar
0x49a8c4 memset
0x49a8c8 memcpy
0x49a8cc __wgetmainargs
0x49a8d0 _cexit
0x49a8d4 _exit
0x49a8d8 _XcptFilter
EAT(Export Address Table) is none