ScreenShot
| Created | 2022.12.11 15:34 | Machine | s1_win7_x6401 |
| Filename | notepads.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (malicious, high confidence, Coinminer, Miner, BitcoinMiner, Save, Eldorado, Attribute, HighConfidence, score, Miners, et5CjEw2LFL, XMRig Miner, AGEN, Static AI, Malicious PE, ai score=79, DisguisedXMRigMiner, RiskTool, BitMiner, Detected, Miner3, GenericRXAA, Unsafe, R002C0DL422, susgen, grayware, confidence) | ||
| md5 | 3ceae9e0773b63662aa06f792a016c47 | ||
| sha256 | baeff180565b7934335f535fbd4e42e5d8e0aec0f0b01284b7db418592ddd37e | ||
| ssdeep | 98304:aFJtUztP0qDrLSmT8F3tBpLTkw/AEnFUSFcBVPFgcwen:aFaPExtBpHkw/ASXFcBVHwen | ||
| imphash | 0e50a45b8906a656b41bbb30ad0bc88d | ||
| impfuzzy | 96:RA75P3GSX19j3cpejwguSTdkRSv9qCrYR6hFLXRDCLEOyobBgAMJUgqrbnshXJg:a5PbFRbw2dkMRy6hpBGt5frb2XW | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x1403328f0 shutdown
0x1403328f8 ntohs
0x140332900 recv
0x140332908 select
0x140332910 WSARecvFrom
0x140332918 WSASocketW
0x140332920 WSASend
0x140332928 WSARecv
0x140332930 WSAIoctl
0x140332938 WSADuplicateSocketW
0x140332940 htons
0x140332948 getpeername
0x140332950 FreeAddrInfoW
0x140332958 GetAddrInfoW
0x140332960 gethostname
0x140332968 htonl
0x140332970 socket
0x140332978 setsockopt
0x140332980 listen
0x140332988 closesocket
0x140332990 ind
0x140332998 WSACleanup
0x1403329a0 WSAStartup
0x1403329a8 getsockopt
0x1403329b0 getsockname
0x1403329b8 ioctlsocket
0x1403329c0 WSAGetLastError
0x1403329c8 WSASetLastError
0x1403329d0 send
IPHLPAPI.DLL
0x140332150 GetAdaptersAddresses
USERENV.dll
0x1403328e0 GetUserProfileDirectoryW
CRYPT32.dll
0x140332110 CertOpenStore
0x140332118 CertCloseStore
0x140332120 CertEnumCertificatesInStore
0x140332128 CertGetCertificateContextProperty
0x140332130 CertDuplicateCertificateContext
0x140332138 CertFreeCertificateContext
0x140332140 CertFindCertificateInStore
KERNEL32.dll
0x140332160 SetConsoleMode
0x140332168 GetConsoleMode
0x140332170 CreateMutexA
0x140332178 GetLastError
0x140332180 CloseHandle
0x140332188 ExitProcess
0x140332190 SizeofResource
0x140332198 LockResource
0x1403321a0 LoadResource
0x1403321a8 FindResourceW
0x1403321b0 ExpandEnvironmentStringsA
0x1403321b8 GetSystemFirmwareTable
0x1403321c0 HeapFree
0x1403321c8 HeapAlloc
0x1403321d0 GetProcessHeap
0x1403321d8 MultiByteToWideChar
0x1403321e0 SetPriorityClass
0x1403321e8 GetCurrentProcess
0x1403321f0 SetThreadPriority
0x1403321f8 GetSystemPowerStatus
0x140332200 GetCurrentThread
0x140332208 GetProcAddress
0x140332210 GetModuleHandleW
0x140332218 GetTickCount
0x140332220 FreeConsole
0x140332228 GetConsoleWindow
0x140332230 VirtualProtect
0x140332238 VirtualFree
0x140332240 VirtualAlloc
0x140332248 GetLargePageMinimum
0x140332250 LocalAlloc
0x140332258 LocalFree
0x140332260 FlushInstructionCache
0x140332268 GetCurrentThreadId
0x140332270 AddVectoredExceptionHandler
0x140332278 DeviceIoControl
0x140332280 GetModuleFileNameW
0x140332288 CreateFileW
0x140332290 SetLastError
0x140332298 GetSystemTime
0x1403322a0 SystemTimeToFileTime
0x1403322a8 GetModuleHandleExW
0x1403322b0 EnterCriticalSection
0x1403322b8 LeaveCriticalSection
0x1403322c0 InitializeCriticalSectionAndSpinCount
0x1403322c8 DeleteCriticalSection
0x1403322d0 TlsAlloc
0x1403322d8 TlsGetValue
0x1403322e0 TlsSetValue
0x1403322e8 TlsFree
0x1403322f0 SwitchToFiber
0x1403322f8 DeleteFiber
0x140332300 CreateFiber
0x140332308 FindClose
0x140332310 FindFirstFileW
0x140332318 FindNextFileW
0x140332320 WideCharToMultiByte
0x140332328 GetFileType
0x140332330 WriteFile
0x140332338 ConvertFiberToThread
0x140332340 ConvertThreadToFiber
0x140332348 QueryPerformanceCounter
0x140332350 GetCurrentProcessId
0x140332358 GetSystemTimeAsFileTime
0x140332360 FreeLibrary
0x140332368 LoadLibraryA
0x140332370 LoadLibraryW
0x140332378 GetEnvironmentVariableW
0x140332380 ReadConsoleA
0x140332388 ReadConsoleW
0x140332390 PostQueuedCompletionStatus
0x140332398 CreateFileA
0x1403323a0 DuplicateHandle
0x1403323a8 SetEvent
0x1403323b0 ResetEvent
0x1403323b8 WaitForSingleObject
0x1403323c0 CreateEventA
0x1403323c8 Sleep
0x1403323d0 QueueUserWorkItem
0x1403323d8 RegisterWaitForSingleObject
0x1403323e0 UnregisterWait
0x1403323e8 GetNumberOfConsoleInputEvents
0x1403323f0 ReadConsoleInputW
0x1403323f8 FillConsoleOutputCharacterW
0x140332400 FillConsoleOutputAttribute
0x140332408 GetConsoleCursorInfo
0x140332410 SetConsoleCursorInfo
0x140332418 GetConsoleScreenBufferInfo
0x140332420 SetConsoleCursorPosition
0x140332428 SetConsoleTextAttribute
0x140332430 WriteConsoleInputW
0x140332438 VerSetConditionMask
0x140332440 GetEnvironmentStringsW
0x140332448 ChangeTimerQueueTimer
0x140332450 SetEnvironmentVariableW
0x140332458 SetConsoleTitleA
0x140332460 GetCurrentDirectoryW
0x140332468 GetTempPathW
0x140332470 QueryPerformanceFrequency
0x140332478 InitializeCriticalSection
0x140332480 GlobalMemoryStatusEx
0x140332488 GetSystemInfo
0x140332490 GetVersionExW
0x140332498 VerifyVersionInfoA
0x1403324a0 FileTimeToSystemTime
0x1403324a8 K32GetProcessMemoryInfo
0x1403324b0 CreateDirectoryW
0x1403324b8 FlushFileBuffers
0x1403324c0 GetDiskFreeSpaceW
0x1403324c8 GetFileAttributesW
0x1403324d0 GetFileInformationByHandle
0x1403324d8 GetFileSizeEx
0x1403324e0 GetFinalPathNameByHandleW
0x1403324e8 GetFullPathNameW
0x1403324f0 ReadFile
0x1403324f8 RemoveDirectoryW
0x140332500 RtlUnwind
0x140332508 SetFileTime
0x140332510 MapViewOfFile
0x140332518 FlushViewOfFile
0x140332520 UnmapViewOfFile
0x140332528 CreateFileMappingA
0x140332530 ReOpenFile
0x140332538 CopyFileW
0x140332540 MoveFileExW
0x140332548 CreateHardLinkW
0x140332550 GetFileInformationByHandleEx
0x140332558 CreateSymbolicLinkW
0x140332560 SetConsoleCtrlHandler
0x140332568 GetLongPathNameW
0x140332570 GetShortPathNameW
0x140332578 CreateIoCompletionPort
0x140332580 ReadDirectoryChangesW
0x140332588 SetHandleInformation
0x140332590 CancelIo
0x140332598 SwitchToThread
0x1403325a0 SetFileCompletionNotificationModes
0x1403325a8 LoadLibraryExW
0x1403325b0 FormatMessageA
0x1403325b8 SetErrorMode
0x1403325c0 GetQueuedCompletionStatus
0x1403325c8 ConnectNamedPipe
0x1403325d0 PeekNamedPipe
0x1403325d8 CreateNamedPipeW
0x1403325e0 CancelIoEx
0x1403325e8 CancelSynchronousIo
0x1403325f0 TerminateProcess
0x1403325f8 GetExitCodeProcess
0x140332600 UnregisterWaitEx
0x140332608 LCMapStringW
0x140332610 DebugBreak
0x140332618 TryEnterCriticalSection
0x140332620 InitializeConditionVariable
0x140332628 WakeConditionVariable
0x140332630 SleepConditionVariableCS
0x140332638 ReleaseSemaphore
0x140332640 ResumeThread
0x140332648 GetNativeSystemInfo
0x140332650 CreateSemaphoreA
0x140332658 GetModuleHandleA
0x140332660 GetStartupInfoW
0x140332668 GetModuleFileNameA
0x140332670 GetVersionExA
0x140332678 GetProcessAffinityMask
0x140332680 SetProcessAffinityMask
0x140332688 SetThreadAffinityMask
0x140332690 GetComputerNameA
0x140332698 GetLogicalProcessorInformation
0x1403326a0 GetThreadPriority
0x1403326a8 CreateThread
0x1403326b0 SignalObjectAndWait
0x1403326b8 CreateTimerQueue
0x1403326c0 InitializeSListHead
0x1403326c8 IsDebuggerPresent
0x1403326d0 IsProcessorFeaturePresent
0x1403326d8 SetUnhandledExceptionFilter
0x1403326e0 UnhandledExceptionFilter
0x1403326e8 RtlVirtualUnwind
0x1403326f0 RtlLookupFunctionEntry
0x1403326f8 RtlCaptureContext
0x140332700 GetStringTypeW
0x140332708 GetStdHandle
0x140332710 WriteConsoleW
0x140332718 SetCurrentDirectoryW
0x140332720 CreateTimerQueueTimer
0x140332728 DeleteTimerQueueTimer
0x140332730 GetNumaHighestNodeNumber
0x140332738 GetThreadTimes
0x140332740 FreeLibraryAndExitThread
0x140332748 InterlockedPopEntrySList
0x140332750 InterlockedPushEntrySList
0x140332758 InterlockedFlushSList
0x140332760 QueryDepthSList
0x140332768 RtlUnwindEx
0x140332770 RtlPcToFileHeader
0x140332778 RaiseException
0x140332780 SetStdHandle
0x140332788 GetCommandLineA
0x140332790 GetCommandLineW
0x140332798 ExitThread
0x1403327a0 GetDriveTypeW
0x1403327a8 SystemTimeToTzSpecificLocalTime
0x1403327b0 GetFileAttributesExW
0x1403327b8 SetFileAttributesW
0x1403327c0 GetConsoleCP
0x1403327c8 IsValidLocale
0x1403327d0 GetUserDefaultLCID
0x1403327d8 EnumSystemLocalesW
0x1403327e0 HeapReAlloc
0x1403327e8 GetTimeZoneInformation
0x1403327f0 HeapSize
0x1403327f8 SetEndOfFile
0x140332800 FindFirstFileExW
0x140332808 IsValidCodePage
0x140332810 GetACP
0x140332818 GetOEMCP
0x140332820 FreeEnvironmentStringsW
0x140332828 SetFilePointerEx
0x140332830 GetLocaleInfoW
0x140332838 CompareStringW
0x140332840 WaitForSingleObjectEx
0x140332848 GetExitCodeThread
0x140332850 EncodePointer
0x140332858 DecodePointer
0x140332860 GetCPInfo
0x140332868 CreateEventW
USER32.dll
0x140332888 GetMessageA
0x140332890 ShowWindow
0x140332898 GetSystemMetrics
0x1403328a0 MapVirtualKeyW
0x1403328a8 DispatchMessageA
0x1403328b0 TranslateMessage
0x1403328b8 GetProcessWindowStation
0x1403328c0 MessageBoxW
0x1403328c8 GetUserObjectInformationW
0x1403328d0 GetLastInputInfo
SHELL32.dll
0x140332878 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140332000 SystemFunction036
0x140332008 GetUserNameW
0x140332010 CryptEnumProvidersW
0x140332018 CryptSignHashW
0x140332020 CryptDestroyHash
0x140332028 CryptCreateHash
0x140332030 CryptDecrypt
0x140332038 CryptExportKey
0x140332040 CryptGetUserKey
0x140332048 CryptGetProvParam
0x140332050 CryptSetHashParam
0x140332058 CryptDestroyKey
0x140332060 CryptReleaseContext
0x140332068 CryptAcquireContextW
0x140332070 ReportEventW
0x140332078 RegisterEventSourceW
0x140332080 DeregisterEventSource
0x140332088 CreateServiceW
0x140332090 QueryServiceStatus
0x140332098 CloseServiceHandle
0x1403320a0 OpenSCManagerW
0x1403320a8 QueryServiceConfigA
0x1403320b0 DeleteService
0x1403320b8 ControlService
0x1403320c0 StartServiceW
0x1403320c8 OpenServiceW
0x1403320d0 LookupPrivilegeValueW
0x1403320d8 AdjustTokenPrivileges
0x1403320e0 OpenProcessToken
0x1403320e8 LsaOpenPolicy
0x1403320f0 LsaAddAccountRights
0x1403320f8 LsaClose
0x140332100 GetTokenInformation
crypt.dll
0x1403329e0 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x1403328f0 shutdown
0x1403328f8 ntohs
0x140332900 recv
0x140332908 select
0x140332910 WSARecvFrom
0x140332918 WSASocketW
0x140332920 WSASend
0x140332928 WSARecv
0x140332930 WSAIoctl
0x140332938 WSADuplicateSocketW
0x140332940 htons
0x140332948 getpeername
0x140332950 FreeAddrInfoW
0x140332958 GetAddrInfoW
0x140332960 gethostname
0x140332968 htonl
0x140332970 socket
0x140332978 setsockopt
0x140332980 listen
0x140332988 closesocket
0x140332990 ind
0x140332998 WSACleanup
0x1403329a0 WSAStartup
0x1403329a8 getsockopt
0x1403329b0 getsockname
0x1403329b8 ioctlsocket
0x1403329c0 WSAGetLastError
0x1403329c8 WSASetLastError
0x1403329d0 send
IPHLPAPI.DLL
0x140332150 GetAdaptersAddresses
USERENV.dll
0x1403328e0 GetUserProfileDirectoryW
CRYPT32.dll
0x140332110 CertOpenStore
0x140332118 CertCloseStore
0x140332120 CertEnumCertificatesInStore
0x140332128 CertGetCertificateContextProperty
0x140332130 CertDuplicateCertificateContext
0x140332138 CertFreeCertificateContext
0x140332140 CertFindCertificateInStore
KERNEL32.dll
0x140332160 SetConsoleMode
0x140332168 GetConsoleMode
0x140332170 CreateMutexA
0x140332178 GetLastError
0x140332180 CloseHandle
0x140332188 ExitProcess
0x140332190 SizeofResource
0x140332198 LockResource
0x1403321a0 LoadResource
0x1403321a8 FindResourceW
0x1403321b0 ExpandEnvironmentStringsA
0x1403321b8 GetSystemFirmwareTable
0x1403321c0 HeapFree
0x1403321c8 HeapAlloc
0x1403321d0 GetProcessHeap
0x1403321d8 MultiByteToWideChar
0x1403321e0 SetPriorityClass
0x1403321e8 GetCurrentProcess
0x1403321f0 SetThreadPriority
0x1403321f8 GetSystemPowerStatus
0x140332200 GetCurrentThread
0x140332208 GetProcAddress
0x140332210 GetModuleHandleW
0x140332218 GetTickCount
0x140332220 FreeConsole
0x140332228 GetConsoleWindow
0x140332230 VirtualProtect
0x140332238 VirtualFree
0x140332240 VirtualAlloc
0x140332248 GetLargePageMinimum
0x140332250 LocalAlloc
0x140332258 LocalFree
0x140332260 FlushInstructionCache
0x140332268 GetCurrentThreadId
0x140332270 AddVectoredExceptionHandler
0x140332278 DeviceIoControl
0x140332280 GetModuleFileNameW
0x140332288 CreateFileW
0x140332290 SetLastError
0x140332298 GetSystemTime
0x1403322a0 SystemTimeToFileTime
0x1403322a8 GetModuleHandleExW
0x1403322b0 EnterCriticalSection
0x1403322b8 LeaveCriticalSection
0x1403322c0 InitializeCriticalSectionAndSpinCount
0x1403322c8 DeleteCriticalSection
0x1403322d0 TlsAlloc
0x1403322d8 TlsGetValue
0x1403322e0 TlsSetValue
0x1403322e8 TlsFree
0x1403322f0 SwitchToFiber
0x1403322f8 DeleteFiber
0x140332300 CreateFiber
0x140332308 FindClose
0x140332310 FindFirstFileW
0x140332318 FindNextFileW
0x140332320 WideCharToMultiByte
0x140332328 GetFileType
0x140332330 WriteFile
0x140332338 ConvertFiberToThread
0x140332340 ConvertThreadToFiber
0x140332348 QueryPerformanceCounter
0x140332350 GetCurrentProcessId
0x140332358 GetSystemTimeAsFileTime
0x140332360 FreeLibrary
0x140332368 LoadLibraryA
0x140332370 LoadLibraryW
0x140332378 GetEnvironmentVariableW
0x140332380 ReadConsoleA
0x140332388 ReadConsoleW
0x140332390 PostQueuedCompletionStatus
0x140332398 CreateFileA
0x1403323a0 DuplicateHandle
0x1403323a8 SetEvent
0x1403323b0 ResetEvent
0x1403323b8 WaitForSingleObject
0x1403323c0 CreateEventA
0x1403323c8 Sleep
0x1403323d0 QueueUserWorkItem
0x1403323d8 RegisterWaitForSingleObject
0x1403323e0 UnregisterWait
0x1403323e8 GetNumberOfConsoleInputEvents
0x1403323f0 ReadConsoleInputW
0x1403323f8 FillConsoleOutputCharacterW
0x140332400 FillConsoleOutputAttribute
0x140332408 GetConsoleCursorInfo
0x140332410 SetConsoleCursorInfo
0x140332418 GetConsoleScreenBufferInfo
0x140332420 SetConsoleCursorPosition
0x140332428 SetConsoleTextAttribute
0x140332430 WriteConsoleInputW
0x140332438 VerSetConditionMask
0x140332440 GetEnvironmentStringsW
0x140332448 ChangeTimerQueueTimer
0x140332450 SetEnvironmentVariableW
0x140332458 SetConsoleTitleA
0x140332460 GetCurrentDirectoryW
0x140332468 GetTempPathW
0x140332470 QueryPerformanceFrequency
0x140332478 InitializeCriticalSection
0x140332480 GlobalMemoryStatusEx
0x140332488 GetSystemInfo
0x140332490 GetVersionExW
0x140332498 VerifyVersionInfoA
0x1403324a0 FileTimeToSystemTime
0x1403324a8 K32GetProcessMemoryInfo
0x1403324b0 CreateDirectoryW
0x1403324b8 FlushFileBuffers
0x1403324c0 GetDiskFreeSpaceW
0x1403324c8 GetFileAttributesW
0x1403324d0 GetFileInformationByHandle
0x1403324d8 GetFileSizeEx
0x1403324e0 GetFinalPathNameByHandleW
0x1403324e8 GetFullPathNameW
0x1403324f0 ReadFile
0x1403324f8 RemoveDirectoryW
0x140332500 RtlUnwind
0x140332508 SetFileTime
0x140332510 MapViewOfFile
0x140332518 FlushViewOfFile
0x140332520 UnmapViewOfFile
0x140332528 CreateFileMappingA
0x140332530 ReOpenFile
0x140332538 CopyFileW
0x140332540 MoveFileExW
0x140332548 CreateHardLinkW
0x140332550 GetFileInformationByHandleEx
0x140332558 CreateSymbolicLinkW
0x140332560 SetConsoleCtrlHandler
0x140332568 GetLongPathNameW
0x140332570 GetShortPathNameW
0x140332578 CreateIoCompletionPort
0x140332580 ReadDirectoryChangesW
0x140332588 SetHandleInformation
0x140332590 CancelIo
0x140332598 SwitchToThread
0x1403325a0 SetFileCompletionNotificationModes
0x1403325a8 LoadLibraryExW
0x1403325b0 FormatMessageA
0x1403325b8 SetErrorMode
0x1403325c0 GetQueuedCompletionStatus
0x1403325c8 ConnectNamedPipe
0x1403325d0 PeekNamedPipe
0x1403325d8 CreateNamedPipeW
0x1403325e0 CancelIoEx
0x1403325e8 CancelSynchronousIo
0x1403325f0 TerminateProcess
0x1403325f8 GetExitCodeProcess
0x140332600 UnregisterWaitEx
0x140332608 LCMapStringW
0x140332610 DebugBreak
0x140332618 TryEnterCriticalSection
0x140332620 InitializeConditionVariable
0x140332628 WakeConditionVariable
0x140332630 SleepConditionVariableCS
0x140332638 ReleaseSemaphore
0x140332640 ResumeThread
0x140332648 GetNativeSystemInfo
0x140332650 CreateSemaphoreA
0x140332658 GetModuleHandleA
0x140332660 GetStartupInfoW
0x140332668 GetModuleFileNameA
0x140332670 GetVersionExA
0x140332678 GetProcessAffinityMask
0x140332680 SetProcessAffinityMask
0x140332688 SetThreadAffinityMask
0x140332690 GetComputerNameA
0x140332698 GetLogicalProcessorInformation
0x1403326a0 GetThreadPriority
0x1403326a8 CreateThread
0x1403326b0 SignalObjectAndWait
0x1403326b8 CreateTimerQueue
0x1403326c0 InitializeSListHead
0x1403326c8 IsDebuggerPresent
0x1403326d0 IsProcessorFeaturePresent
0x1403326d8 SetUnhandledExceptionFilter
0x1403326e0 UnhandledExceptionFilter
0x1403326e8 RtlVirtualUnwind
0x1403326f0 RtlLookupFunctionEntry
0x1403326f8 RtlCaptureContext
0x140332700 GetStringTypeW
0x140332708 GetStdHandle
0x140332710 WriteConsoleW
0x140332718 SetCurrentDirectoryW
0x140332720 CreateTimerQueueTimer
0x140332728 DeleteTimerQueueTimer
0x140332730 GetNumaHighestNodeNumber
0x140332738 GetThreadTimes
0x140332740 FreeLibraryAndExitThread
0x140332748 InterlockedPopEntrySList
0x140332750 InterlockedPushEntrySList
0x140332758 InterlockedFlushSList
0x140332760 QueryDepthSList
0x140332768 RtlUnwindEx
0x140332770 RtlPcToFileHeader
0x140332778 RaiseException
0x140332780 SetStdHandle
0x140332788 GetCommandLineA
0x140332790 GetCommandLineW
0x140332798 ExitThread
0x1403327a0 GetDriveTypeW
0x1403327a8 SystemTimeToTzSpecificLocalTime
0x1403327b0 GetFileAttributesExW
0x1403327b8 SetFileAttributesW
0x1403327c0 GetConsoleCP
0x1403327c8 IsValidLocale
0x1403327d0 GetUserDefaultLCID
0x1403327d8 EnumSystemLocalesW
0x1403327e0 HeapReAlloc
0x1403327e8 GetTimeZoneInformation
0x1403327f0 HeapSize
0x1403327f8 SetEndOfFile
0x140332800 FindFirstFileExW
0x140332808 IsValidCodePage
0x140332810 GetACP
0x140332818 GetOEMCP
0x140332820 FreeEnvironmentStringsW
0x140332828 SetFilePointerEx
0x140332830 GetLocaleInfoW
0x140332838 CompareStringW
0x140332840 WaitForSingleObjectEx
0x140332848 GetExitCodeThread
0x140332850 EncodePointer
0x140332858 DecodePointer
0x140332860 GetCPInfo
0x140332868 CreateEventW
USER32.dll
0x140332888 GetMessageA
0x140332890 ShowWindow
0x140332898 GetSystemMetrics
0x1403328a0 MapVirtualKeyW
0x1403328a8 DispatchMessageA
0x1403328b0 TranslateMessage
0x1403328b8 GetProcessWindowStation
0x1403328c0 MessageBoxW
0x1403328c8 GetUserObjectInformationW
0x1403328d0 GetLastInputInfo
SHELL32.dll
0x140332878 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140332000 SystemFunction036
0x140332008 GetUserNameW
0x140332010 CryptEnumProvidersW
0x140332018 CryptSignHashW
0x140332020 CryptDestroyHash
0x140332028 CryptCreateHash
0x140332030 CryptDecrypt
0x140332038 CryptExportKey
0x140332040 CryptGetUserKey
0x140332048 CryptGetProvParam
0x140332050 CryptSetHashParam
0x140332058 CryptDestroyKey
0x140332060 CryptReleaseContext
0x140332068 CryptAcquireContextW
0x140332070 ReportEventW
0x140332078 RegisterEventSourceW
0x140332080 DeregisterEventSource
0x140332088 CreateServiceW
0x140332090 QueryServiceStatus
0x140332098 CloseServiceHandle
0x1403320a0 OpenSCManagerW
0x1403320a8 QueryServiceConfigA
0x1403320b0 DeleteService
0x1403320b8 ControlService
0x1403320c0 StartServiceW
0x1403320c8 OpenServiceW
0x1403320d0 LookupPrivilegeValueW
0x1403320d8 AdjustTokenPrivileges
0x1403320e0 OpenProcessToken
0x1403320e8 LsaOpenPolicy
0x1403320f0 LsaAddAccountRights
0x1403320f8 LsaClose
0x140332100 GetTokenInformation
crypt.dll
0x1403329e0 BCryptGenRandom
EAT(Export Address Table) is none