ScreenShot
| Created | 2023.03.06 09:46 | Machine | s1_win7_x6403 |
| Filename | nik0300.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (MarsvapRosJ, Mufila, GenericKD, Vvd1, malicious, ABRisk, UMFG, Attribute, HighConfidence, high confidence, VMProtect, score, SpywareX, FalseSign, Jajl, VMProtBad, R011C0RBS23, Artemis, high, zrgkz, Malware@#18ikzniv0m78a, Casdet, Detected, ai score=89, Private, RisePro, gnJOwaQzABC, +Ql8xVVUN5I, susgen, PossibleThreat, ZexaF, @F1@aWRH1jfi, Chgt, confidence, 100%) | ||
| md5 | 646f9a44ad9c8719b45951a29f8d3c6d | ||
| sha256 | 5e02b528b2cb0f1884c45c6dc3b095a8a6a8a9ae775aafa265d28a46af969c28 | ||
| ssdeep | 196608:58t40NmBV779xciWmIiIrHRmgi4EPP1EZ2RRT7/8:+y8SVDBOrHRmgTE37RT70 | ||
| imphash | 3ce373431b23a98306ac88d16ec3e778 | ||
| impfuzzy | 96:105yK6cGtp2tDE+1PssfPrXni5t3M8F+SVUdN1AXB+Zcp+qjOGXtpl9cbXpcu/:16yGGWtDBsF+XmR+oEZcg | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Looks up the external IP address |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (8cnts) ?
Suricata ids
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xebd000 FreeResource
0xebd004 CreateToolhelp32Snapshot
0xebd008 MultiByteToWideChar
0xebd00c Sleep
0xebd010 GetTempPathA
0xebd014 GetModuleHandleExA
0xebd018 GetTimeZoneInformation
0xebd01c CopyFileA
0xebd020 GetLastError
0xebd024 GetFileAttributesA
0xebd028 TzSpecificLocalTimeToSystemTime
0xebd02c CreateFileA
0xebd030 LoadLibraryA
0xebd034 GetVersionExA
0xebd038 LockResource
0xebd03c DeleteFileA
0xebd040 Process32Next
0xebd044 CloseHandle
0xebd048 GetSystemInfo
0xebd04c CreateThread
0xebd050 GetWindowsDirectoryA
0xebd054 LoadResource
0xebd058 SetFileAttributesA
0xebd05c GetLocalTime
0xebd060 GetProcAddress
0xebd064 LocalFree
0xebd068 RemoveDirectoryA
0xebd06c GetCurrentProcessId
0xebd070 GlobalMemoryStatusEx
0xebd074 FreeLibrary
0xebd078 WideCharToMultiByte
0xebd07c CreateDirectoryA
0xebd080 GetSystemTime
0xebd084 GetPrivateProfileStringA
0xebd088 IsWow64Process
0xebd08c GetComputerNameA
0xebd090 lstrcatA
0xebd094 lstrcpyA
0xebd098 HeapFree
0xebd09c HeapAlloc
0xebd0a0 lstrcpynA
0xebd0a4 GetProcessHeap
0xebd0a8 ReadFile
0xebd0ac SetFilePointer
0xebd0b0 CreateFileW
0xebd0b4 GetLocaleInfoA
0xebd0b8 TryEnterCriticalSection
0xebd0bc FindClose
0xebd0c0 EnterCriticalSection
0xebd0c4 GetFullPathNameW
0xebd0c8 GetDiskFreeSpaceW
0xebd0cc OutputDebugStringA
0xebd0d0 LockFile
0xebd0d4 LeaveCriticalSection
0xebd0d8 InitializeCriticalSection
0xebd0dc GetFullPathNameA
0xebd0e0 SetEndOfFile
0xebd0e4 UnlockFileEx
0xebd0e8 GetTempPathW
0xebd0ec CreateMutexW
0xebd0f0 GetFileAttributesW
0xebd0f4 UnmapViewOfFile
0xebd0f8 HeapValidate
0xebd0fc HeapSize
0xebd100 FormatMessageW
0xebd104 GetDiskFreeSpaceA
0xebd108 GetFileAttributesExW
0xebd10c OutputDebugStringW
0xebd110 FlushViewOfFile
0xebd114 WaitForSingleObjectEx
0xebd118 DeleteFileW
0xebd11c HeapReAlloc
0xebd120 LoadLibraryW
0xebd124 HeapCompact
0xebd128 HeapDestroy
0xebd12c UnlockFile
0xebd130 LockFileEx
0xebd134 GetFileSize
0xebd138 DeleteCriticalSection
0xebd13c SystemTimeToFileTime
0xebd140 GetSystemTimeAsFileTime
0xebd144 FormatMessageA
0xebd148 CreateFileMappingW
0xebd14c MapViewOfFile
0xebd150 QueryPerformanceCounter
0xebd154 GetTickCount
0xebd158 FlushFileBuffers
0xebd15c WriteConsoleW
0xebd160 SetEnvironmentVariableW
0xebd164 FreeEnvironmentStringsW
0xebd168 GetEnvironmentStringsW
0xebd16c GetCommandLineW
0xebd170 GetCommandLineA
0xebd174 GetOEMCP
0xebd178 GetACP
0xebd17c IsValidCodePage
0xebd180 GetModuleFileNameA
0xebd184 SetStdHandle
0xebd188 GetModuleHandleA
0xebd18c GetCurrentThreadId
0xebd190 LocalAlloc
0xebd194 WaitForSingleObject
0xebd198 AreFileApisANSI
0xebd19c GetVolumeInformationA
0xebd1a0 lstrlenA
0xebd1a4 FindResourceA
0xebd1a8 FindNextFileA
0xebd1ac GetUserDefaultLocaleName
0xebd1b0 TerminateProcess
0xebd1b4 WriteFile
0xebd1b8 GetCurrentProcess
0xebd1bc FindFirstFileA
0xebd1c0 Process32First
0xebd1c4 EnumSystemLocalesW
0xebd1c8 GetUserDefaultLCID
0xebd1cc IsValidLocale
0xebd1d0 GetPrivateProfileSectionNamesA
0xebd1d4 SizeofResource
0xebd1d8 HeapCreate
0xebd1dc GetLocaleInfoW
0xebd1e0 LCMapStringW
0xebd1e4 CompareStringW
0xebd1e8 GetFileSizeEx
0xebd1ec GetConsoleOutputCP
0xebd1f0 ReadConsoleW
0xebd1f4 GetConsoleMode
0xebd1f8 GetStdHandle
0xebd1fc GetModuleFileNameW
0xebd200 FreeLibraryAndExitThread
0xebd204 ExitThread
0xebd208 GetModuleHandleExW
0xebd20c FindFirstFileExW
0xebd210 FindNextFileW
0xebd214 GetFinalPathNameByHandleW
0xebd218 SetFilePointerEx
0xebd21c GetFileInformationByHandleEx
0xebd220 LCMapStringEx
0xebd224 InitializeCriticalSectionEx
0xebd228 EncodePointer
0xebd22c DecodePointer
0xebd230 CompareStringEx
0xebd234 GetCPInfo
0xebd238 GetStringTypeW
0xebd23c InitializeCriticalSectionAndSpinCount
0xebd240 SetEvent
0xebd244 ResetEvent
0xebd248 CreateEventW
0xebd24c GetModuleHandleW
0xebd250 IsProcessorFeaturePresent
0xebd254 IsDebuggerPresent
0xebd258 UnhandledExceptionFilter
0xebd25c SetUnhandledExceptionFilter
0xebd260 GetStartupInfoW
0xebd264 InitializeSListHead
0xebd268 RtlUnwind
0xebd26c RaiseException
0xebd270 SetLastError
0xebd274 TlsAlloc
0xebd278 TlsGetValue
0xebd27c TlsSetValue
0xebd280 TlsFree
0xebd284 LoadLibraryExW
0xebd288 GetFileType
0xebd28c ExitProcess
USER32.dll
0xebd294 GetDesktopWindow
0xebd298 wsprintfA
0xebd29c GetSystemMetrics
0xebd2a0 GetDC
0xebd2a4 GetWindowRect
0xebd2a8 EnumDisplayDevicesA
0xebd2ac CharNextA
0xebd2b0 ReleaseDC
0xebd2b4 GetKeyboardLayoutList
GDI32.dll
0xebd2bc CreateCompatibleBitmap
0xebd2c0 SelectObject
0xebd2c4 CreateCompatibleDC
0xebd2c8 DeleteObject
0xebd2cc BitBlt
ADVAPI32.dll
0xebd2d4 SystemFunction036
0xebd2d8 RegOpenKeyExA
0xebd2dc GetUserNameA
0xebd2e0 CredFree
0xebd2e4 RegCloseKey
0xebd2e8 GetCurrentHwProfileA
0xebd2ec RegQueryValueExA
0xebd2f0 CredEnumerateA
0xebd2f4 RegEnumKeyExA
SHELL32.dll
0xebd2fc SHGetFolderPathA
0xebd300 ShellExecuteA
CRYPT32.dll
0xebd308 CryptUnprotectData
0xebd30c CryptStringToBinaryA
gdiplus.dll
0xebd314 GdipGetImageEncodersSize
0xebd318 GdipFree
0xebd31c GdipDisposeImage
0xebd320 GdipCreateBitmapFromHBITMAP
0xebd324 GdipAlloc
0xebd328 GdipCloneImage
0xebd32c GdipGetImageEncoders
0xebd330 GdiplusShutdown
0xebd334 GdiplusStartup
0xebd338 GdipSaveImageToFile
SETUPAPI.dll
0xebd340 SetupDiGetDeviceInterfaceDetailA
0xebd344 SetupDiGetClassDevsA
0xebd348 SetupDiEnumDeviceInterfaces
0xebd34c SetupDiEnumDeviceInfo
WTSAPI32.dll
0xebd354 WTSSendMessageW
KERNEL32.dll
0xebd35c VirtualQuery
0xebd360 GetSystemTimeAsFileTime
0xebd364 GetModuleHandleA
0xebd368 CreateEventA
0xebd36c GetModuleFileNameW
0xebd370 LoadLibraryA
0xebd374 TerminateProcess
0xebd378 GetCurrentProcess
0xebd37c CreateToolhelp32Snapshot
0xebd380 Thread32First
0xebd384 GetCurrentProcessId
0xebd388 GetCurrentThreadId
0xebd38c OpenThread
0xebd390 Thread32Next
0xebd394 CloseHandle
0xebd398 SuspendThread
0xebd39c ResumeThread
0xebd3a0 WriteProcessMemory
0xebd3a4 GetSystemInfo
0xebd3a8 VirtualAlloc
0xebd3ac VirtualProtect
0xebd3b0 VirtualFree
0xebd3b4 GetProcessAffinityMask
0xebd3b8 SetProcessAffinityMask
0xebd3bc GetCurrentThread
0xebd3c0 SetThreadAffinityMask
0xebd3c4 Sleep
0xebd3c8 FreeLibrary
0xebd3cc GetTickCount
0xebd3d0 SystemTimeToFileTime
0xebd3d4 FileTimeToSystemTime
0xebd3d8 GlobalFree
0xebd3dc LocalAlloc
0xebd3e0 LocalFree
0xebd3e4 GetProcAddress
0xebd3e8 ExitProcess
0xebd3ec EnterCriticalSection
0xebd3f0 LeaveCriticalSection
0xebd3f4 InitializeCriticalSection
0xebd3f8 DeleteCriticalSection
0xebd3fc GetModuleHandleW
0xebd400 LoadResource
0xebd404 MultiByteToWideChar
0xebd408 FindResourceExW
0xebd40c FindResourceExA
0xebd410 WideCharToMultiByte
0xebd414 GetThreadLocale
0xebd418 GetUserDefaultLCID
0xebd41c GetSystemDefaultLCID
0xebd420 EnumResourceNamesA
0xebd424 EnumResourceNamesW
0xebd428 EnumResourceLanguagesA
0xebd42c EnumResourceLanguagesW
0xebd430 EnumResourceTypesA
0xebd434 EnumResourceTypesW
0xebd438 CreateFileW
0xebd43c LoadLibraryW
0xebd440 GetLastError
0xebd444 FlushFileBuffers
0xebd448 CreateFileA
0xebd44c WriteConsoleW
0xebd450 GetConsoleOutputCP
0xebd454 WriteConsoleA
0xebd458 GetCommandLineA
0xebd45c RaiseException
0xebd460 RtlUnwind
0xebd464 HeapFree
0xebd468 GetCPInfo
0xebd46c InterlockedIncrement
0xebd470 InterlockedDecrement
0xebd474 GetACP
0xebd478 GetOEMCP
0xebd47c IsValidCodePage
0xebd480 TlsGetValue
0xebd484 TlsAlloc
0xebd488 TlsSetValue
0xebd48c TlsFree
0xebd490 SetLastError
0xebd494 UnhandledExceptionFilter
0xebd498 SetUnhandledExceptionFilter
0xebd49c IsDebuggerPresent
0xebd4a0 HeapAlloc
0xebd4a4 LCMapStringA
0xebd4a8 LCMapStringW
0xebd4ac SetHandleCount
0xebd4b0 GetStdHandle
0xebd4b4 GetFileType
0xebd4b8 GetStartupInfoA
0xebd4bc GetModuleFileNameA
0xebd4c0 FreeEnvironmentStringsA
0xebd4c4 GetEnvironmentStrings
0xebd4c8 FreeEnvironmentStringsW
0xebd4cc GetEnvironmentStringsW
0xebd4d0 HeapCreate
0xebd4d4 HeapDestroy
0xebd4d8 QueryPerformanceCounter
0xebd4dc HeapReAlloc
0xebd4e0 GetStringTypeA
0xebd4e4 GetStringTypeW
0xebd4e8 GetLocaleInfoA
0xebd4ec HeapSize
0xebd4f0 WriteFile
0xebd4f4 SetFilePointer
0xebd4f8 GetConsoleCP
0xebd4fc GetConsoleMode
0xebd500 InitializeCriticalSectionAndSpinCount
0xebd504 SetStdHandle
USER32.dll
0xebd50c GetProcessWindowStation
0xebd510 GetUserObjectInformationW
0xebd514 CharUpperBuffW
0xebd518 MessageBoxW
KERNEL32.dll
0xebd520 LocalAlloc
0xebd524 LocalFree
0xebd528 GetModuleFileNameW
0xebd52c GetProcessAffinityMask
0xebd530 SetProcessAffinityMask
0xebd534 SetThreadAffinityMask
0xebd538 Sleep
0xebd53c ExitProcess
0xebd540 FreeLibrary
0xebd544 LoadLibraryA
0xebd548 GetModuleHandleA
0xebd54c GetProcAddress
USER32.dll
0xebd554 GetProcessWindowStation
0xebd558 GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.dll
0xebd000 FreeResource
0xebd004 CreateToolhelp32Snapshot
0xebd008 MultiByteToWideChar
0xebd00c Sleep
0xebd010 GetTempPathA
0xebd014 GetModuleHandleExA
0xebd018 GetTimeZoneInformation
0xebd01c CopyFileA
0xebd020 GetLastError
0xebd024 GetFileAttributesA
0xebd028 TzSpecificLocalTimeToSystemTime
0xebd02c CreateFileA
0xebd030 LoadLibraryA
0xebd034 GetVersionExA
0xebd038 LockResource
0xebd03c DeleteFileA
0xebd040 Process32Next
0xebd044 CloseHandle
0xebd048 GetSystemInfo
0xebd04c CreateThread
0xebd050 GetWindowsDirectoryA
0xebd054 LoadResource
0xebd058 SetFileAttributesA
0xebd05c GetLocalTime
0xebd060 GetProcAddress
0xebd064 LocalFree
0xebd068 RemoveDirectoryA
0xebd06c GetCurrentProcessId
0xebd070 GlobalMemoryStatusEx
0xebd074 FreeLibrary
0xebd078 WideCharToMultiByte
0xebd07c CreateDirectoryA
0xebd080 GetSystemTime
0xebd084 GetPrivateProfileStringA
0xebd088 IsWow64Process
0xebd08c GetComputerNameA
0xebd090 lstrcatA
0xebd094 lstrcpyA
0xebd098 HeapFree
0xebd09c HeapAlloc
0xebd0a0 lstrcpynA
0xebd0a4 GetProcessHeap
0xebd0a8 ReadFile
0xebd0ac SetFilePointer
0xebd0b0 CreateFileW
0xebd0b4 GetLocaleInfoA
0xebd0b8 TryEnterCriticalSection
0xebd0bc FindClose
0xebd0c0 EnterCriticalSection
0xebd0c4 GetFullPathNameW
0xebd0c8 GetDiskFreeSpaceW
0xebd0cc OutputDebugStringA
0xebd0d0 LockFile
0xebd0d4 LeaveCriticalSection
0xebd0d8 InitializeCriticalSection
0xebd0dc GetFullPathNameA
0xebd0e0 SetEndOfFile
0xebd0e4 UnlockFileEx
0xebd0e8 GetTempPathW
0xebd0ec CreateMutexW
0xebd0f0 GetFileAttributesW
0xebd0f4 UnmapViewOfFile
0xebd0f8 HeapValidate
0xebd0fc HeapSize
0xebd100 FormatMessageW
0xebd104 GetDiskFreeSpaceA
0xebd108 GetFileAttributesExW
0xebd10c OutputDebugStringW
0xebd110 FlushViewOfFile
0xebd114 WaitForSingleObjectEx
0xebd118 DeleteFileW
0xebd11c HeapReAlloc
0xebd120 LoadLibraryW
0xebd124 HeapCompact
0xebd128 HeapDestroy
0xebd12c UnlockFile
0xebd130 LockFileEx
0xebd134 GetFileSize
0xebd138 DeleteCriticalSection
0xebd13c SystemTimeToFileTime
0xebd140 GetSystemTimeAsFileTime
0xebd144 FormatMessageA
0xebd148 CreateFileMappingW
0xebd14c MapViewOfFile
0xebd150 QueryPerformanceCounter
0xebd154 GetTickCount
0xebd158 FlushFileBuffers
0xebd15c WriteConsoleW
0xebd160 SetEnvironmentVariableW
0xebd164 FreeEnvironmentStringsW
0xebd168 GetEnvironmentStringsW
0xebd16c GetCommandLineW
0xebd170 GetCommandLineA
0xebd174 GetOEMCP
0xebd178 GetACP
0xebd17c IsValidCodePage
0xebd180 GetModuleFileNameA
0xebd184 SetStdHandle
0xebd188 GetModuleHandleA
0xebd18c GetCurrentThreadId
0xebd190 LocalAlloc
0xebd194 WaitForSingleObject
0xebd198 AreFileApisANSI
0xebd19c GetVolumeInformationA
0xebd1a0 lstrlenA
0xebd1a4 FindResourceA
0xebd1a8 FindNextFileA
0xebd1ac GetUserDefaultLocaleName
0xebd1b0 TerminateProcess
0xebd1b4 WriteFile
0xebd1b8 GetCurrentProcess
0xebd1bc FindFirstFileA
0xebd1c0 Process32First
0xebd1c4 EnumSystemLocalesW
0xebd1c8 GetUserDefaultLCID
0xebd1cc IsValidLocale
0xebd1d0 GetPrivateProfileSectionNamesA
0xebd1d4 SizeofResource
0xebd1d8 HeapCreate
0xebd1dc GetLocaleInfoW
0xebd1e0 LCMapStringW
0xebd1e4 CompareStringW
0xebd1e8 GetFileSizeEx
0xebd1ec GetConsoleOutputCP
0xebd1f0 ReadConsoleW
0xebd1f4 GetConsoleMode
0xebd1f8 GetStdHandle
0xebd1fc GetModuleFileNameW
0xebd200 FreeLibraryAndExitThread
0xebd204 ExitThread
0xebd208 GetModuleHandleExW
0xebd20c FindFirstFileExW
0xebd210 FindNextFileW
0xebd214 GetFinalPathNameByHandleW
0xebd218 SetFilePointerEx
0xebd21c GetFileInformationByHandleEx
0xebd220 LCMapStringEx
0xebd224 InitializeCriticalSectionEx
0xebd228 EncodePointer
0xebd22c DecodePointer
0xebd230 CompareStringEx
0xebd234 GetCPInfo
0xebd238 GetStringTypeW
0xebd23c InitializeCriticalSectionAndSpinCount
0xebd240 SetEvent
0xebd244 ResetEvent
0xebd248 CreateEventW
0xebd24c GetModuleHandleW
0xebd250 IsProcessorFeaturePresent
0xebd254 IsDebuggerPresent
0xebd258 UnhandledExceptionFilter
0xebd25c SetUnhandledExceptionFilter
0xebd260 GetStartupInfoW
0xebd264 InitializeSListHead
0xebd268 RtlUnwind
0xebd26c RaiseException
0xebd270 SetLastError
0xebd274 TlsAlloc
0xebd278 TlsGetValue
0xebd27c TlsSetValue
0xebd280 TlsFree
0xebd284 LoadLibraryExW
0xebd288 GetFileType
0xebd28c ExitProcess
USER32.dll
0xebd294 GetDesktopWindow
0xebd298 wsprintfA
0xebd29c GetSystemMetrics
0xebd2a0 GetDC
0xebd2a4 GetWindowRect
0xebd2a8 EnumDisplayDevicesA
0xebd2ac CharNextA
0xebd2b0 ReleaseDC
0xebd2b4 GetKeyboardLayoutList
GDI32.dll
0xebd2bc CreateCompatibleBitmap
0xebd2c0 SelectObject
0xebd2c4 CreateCompatibleDC
0xebd2c8 DeleteObject
0xebd2cc BitBlt
ADVAPI32.dll
0xebd2d4 SystemFunction036
0xebd2d8 RegOpenKeyExA
0xebd2dc GetUserNameA
0xebd2e0 CredFree
0xebd2e4 RegCloseKey
0xebd2e8 GetCurrentHwProfileA
0xebd2ec RegQueryValueExA
0xebd2f0 CredEnumerateA
0xebd2f4 RegEnumKeyExA
SHELL32.dll
0xebd2fc SHGetFolderPathA
0xebd300 ShellExecuteA
CRYPT32.dll
0xebd308 CryptUnprotectData
0xebd30c CryptStringToBinaryA
gdiplus.dll
0xebd314 GdipGetImageEncodersSize
0xebd318 GdipFree
0xebd31c GdipDisposeImage
0xebd320 GdipCreateBitmapFromHBITMAP
0xebd324 GdipAlloc
0xebd328 GdipCloneImage
0xebd32c GdipGetImageEncoders
0xebd330 GdiplusShutdown
0xebd334 GdiplusStartup
0xebd338 GdipSaveImageToFile
SETUPAPI.dll
0xebd340 SetupDiGetDeviceInterfaceDetailA
0xebd344 SetupDiGetClassDevsA
0xebd348 SetupDiEnumDeviceInterfaces
0xebd34c SetupDiEnumDeviceInfo
WTSAPI32.dll
0xebd354 WTSSendMessageW
KERNEL32.dll
0xebd35c VirtualQuery
0xebd360 GetSystemTimeAsFileTime
0xebd364 GetModuleHandleA
0xebd368 CreateEventA
0xebd36c GetModuleFileNameW
0xebd370 LoadLibraryA
0xebd374 TerminateProcess
0xebd378 GetCurrentProcess
0xebd37c CreateToolhelp32Snapshot
0xebd380 Thread32First
0xebd384 GetCurrentProcessId
0xebd388 GetCurrentThreadId
0xebd38c OpenThread
0xebd390 Thread32Next
0xebd394 CloseHandle
0xebd398 SuspendThread
0xebd39c ResumeThread
0xebd3a0 WriteProcessMemory
0xebd3a4 GetSystemInfo
0xebd3a8 VirtualAlloc
0xebd3ac VirtualProtect
0xebd3b0 VirtualFree
0xebd3b4 GetProcessAffinityMask
0xebd3b8 SetProcessAffinityMask
0xebd3bc GetCurrentThread
0xebd3c0 SetThreadAffinityMask
0xebd3c4 Sleep
0xebd3c8 FreeLibrary
0xebd3cc GetTickCount
0xebd3d0 SystemTimeToFileTime
0xebd3d4 FileTimeToSystemTime
0xebd3d8 GlobalFree
0xebd3dc LocalAlloc
0xebd3e0 LocalFree
0xebd3e4 GetProcAddress
0xebd3e8 ExitProcess
0xebd3ec EnterCriticalSection
0xebd3f0 LeaveCriticalSection
0xebd3f4 InitializeCriticalSection
0xebd3f8 DeleteCriticalSection
0xebd3fc GetModuleHandleW
0xebd400 LoadResource
0xebd404 MultiByteToWideChar
0xebd408 FindResourceExW
0xebd40c FindResourceExA
0xebd410 WideCharToMultiByte
0xebd414 GetThreadLocale
0xebd418 GetUserDefaultLCID
0xebd41c GetSystemDefaultLCID
0xebd420 EnumResourceNamesA
0xebd424 EnumResourceNamesW
0xebd428 EnumResourceLanguagesA
0xebd42c EnumResourceLanguagesW
0xebd430 EnumResourceTypesA
0xebd434 EnumResourceTypesW
0xebd438 CreateFileW
0xebd43c LoadLibraryW
0xebd440 GetLastError
0xebd444 FlushFileBuffers
0xebd448 CreateFileA
0xebd44c WriteConsoleW
0xebd450 GetConsoleOutputCP
0xebd454 WriteConsoleA
0xebd458 GetCommandLineA
0xebd45c RaiseException
0xebd460 RtlUnwind
0xebd464 HeapFree
0xebd468 GetCPInfo
0xebd46c InterlockedIncrement
0xebd470 InterlockedDecrement
0xebd474 GetACP
0xebd478 GetOEMCP
0xebd47c IsValidCodePage
0xebd480 TlsGetValue
0xebd484 TlsAlloc
0xebd488 TlsSetValue
0xebd48c TlsFree
0xebd490 SetLastError
0xebd494 UnhandledExceptionFilter
0xebd498 SetUnhandledExceptionFilter
0xebd49c IsDebuggerPresent
0xebd4a0 HeapAlloc
0xebd4a4 LCMapStringA
0xebd4a8 LCMapStringW
0xebd4ac SetHandleCount
0xebd4b0 GetStdHandle
0xebd4b4 GetFileType
0xebd4b8 GetStartupInfoA
0xebd4bc GetModuleFileNameA
0xebd4c0 FreeEnvironmentStringsA
0xebd4c4 GetEnvironmentStrings
0xebd4c8 FreeEnvironmentStringsW
0xebd4cc GetEnvironmentStringsW
0xebd4d0 HeapCreate
0xebd4d4 HeapDestroy
0xebd4d8 QueryPerformanceCounter
0xebd4dc HeapReAlloc
0xebd4e0 GetStringTypeA
0xebd4e4 GetStringTypeW
0xebd4e8 GetLocaleInfoA
0xebd4ec HeapSize
0xebd4f0 WriteFile
0xebd4f4 SetFilePointer
0xebd4f8 GetConsoleCP
0xebd4fc GetConsoleMode
0xebd500 InitializeCriticalSectionAndSpinCount
0xebd504 SetStdHandle
USER32.dll
0xebd50c GetProcessWindowStation
0xebd510 GetUserObjectInformationW
0xebd514 CharUpperBuffW
0xebd518 MessageBoxW
KERNEL32.dll
0xebd520 LocalAlloc
0xebd524 LocalFree
0xebd528 GetModuleFileNameW
0xebd52c GetProcessAffinityMask
0xebd530 SetProcessAffinityMask
0xebd534 SetThreadAffinityMask
0xebd538 Sleep
0xebd53c ExitProcess
0xebd540 FreeLibrary
0xebd544 LoadLibraryA
0xebd548 GetModuleHandleA
0xebd54c GetProcAddress
USER32.dll
0xebd554 GetProcessWindowStation
0xebd558 GetUserObjectInformationW
EAT(Export Address Table) is none