ScreenShot
| Created | 2023.04.25 08:08 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (BitCoinMiner, malicious, high confidence, GenericKD, Coinminer, Miner, Miners, Eldorado, Attribute, HighConfidence, score, RiskTool, CoinminerX, Bitminer, XMRig Miner, R002C0PD323, Static AI, Suspicious PE, Xmrig, Malware@#2ahi7jg1unuh2, Detected, ai score=80, unsafe, HackTool, XMRMiner, CLASSIC, ZOVmQo6, susgen) | ||
| md5 | c0ed4f906576c06d861302e8cf924309 | ||
| sha256 | 8e1c569508baacd7803f80728c03ed1d6ab098a1576c6470420e7a3af84c489c | ||
| ssdeep | 98304:aSsvsg5c2f0ghoi/OVShca+XZ9FfdZwUtbpvsXMcOGR0tFC8JiMig5RbLJitOkL4:FY0gqbjViicOF5eAeEPHRs81GeJ7 | ||
| imphash | 16bb67d62ee484974f9392fc52c45722 | ||
| impfuzzy | 192:5mShLrx+GW5W6ScwT9Si9pHJpcjSFW4Q8VhdUjgLnH6:bz+GuucK9SiHdlfdUjgLna | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140aeb01c AdjustTokenPrivileges
0x140aeb024 AllocateAndInitializeSid
0x140aeb02c CloseServiceHandle
0x140aeb034 ControlService
0x140aeb03c CreateServiceW
0x140aeb044 CryptAcquireContextW
0x140aeb04c CryptCreateHash
0x140aeb054 CryptDecrypt
0x140aeb05c CryptDestroyHash
0x140aeb064 CryptDestroyKey
0x140aeb06c CryptEnumProvidersW
0x140aeb074 CryptExportKey
0x140aeb07c CryptGenRandom
0x140aeb084 CryptGetProvParam
0x140aeb08c CryptGetUserKey
0x140aeb094 CryptReleaseContext
0x140aeb09c CryptSetHashParam
0x140aeb0a4 CryptSignHashW
0x140aeb0ac DeleteService
0x140aeb0b4 DeregisterEventSource
0x140aeb0bc FreeSid
0x140aeb0c4 GetSecurityInfo
0x140aeb0cc GetTokenInformation
0x140aeb0d4 GetUserNameW
0x140aeb0dc LookupPrivilegeValueW
0x140aeb0e4 LsaAddAccountRights
0x140aeb0ec LsaClose
0x140aeb0f4 LsaOpenPolicy
0x140aeb0fc OpenProcessToken
0x140aeb104 OpenSCManagerW
0x140aeb10c OpenServiceW
0x140aeb114 QueryServiceConfigA
0x140aeb11c QueryServiceStatus
0x140aeb124 RegCloseKey
0x140aeb12c RegGetValueW
0x140aeb134 RegOpenKeyExW
0x140aeb13c RegQueryValueExW
0x140aeb144 RegisterEventSourceW
0x140aeb14c ReportEventW
0x140aeb154 SetEntriesInAclA
0x140aeb15c SetSecurityInfo
0x140aeb164 StartServiceW
0x140aeb16c SystemFunction036
CRYPT32.dll
0x140aeb17c CertCloseStore
0x140aeb184 CertDuplicateCertificateContext
0x140aeb18c CertEnumCertificatesInStore
0x140aeb194 CertFindCertificateInStore
0x140aeb19c CertFreeCertificateContext
0x140aeb1a4 CertGetCertificateContextProperty
0x140aeb1ac CertOpenStore
IPHLPAPI.DLL
0x140aeb1bc ConvertInterfaceIndexToLuid
0x140aeb1c4 ConvertInterfaceLuidToNameW
0x140aeb1cc GetAdaptersAddresses
KERNEL32.dll
0x140aeb1dc AcquireSRWLockExclusive
0x140aeb1e4 AcquireSRWLockShared
0x140aeb1ec AddVectoredExceptionHandler
0x140aeb1f4 AssignProcessToJobObject
0x140aeb1fc CancelIo
0x140aeb204 CancelIoEx
0x140aeb20c CancelSynchronousIo
0x140aeb214 CloseHandle
0x140aeb21c ConnectNamedPipe
0x140aeb224 ConvertFiberToThread
0x140aeb22c ConvertThreadToFiber
0x140aeb234 CopyFileW
0x140aeb23c CreateDirectoryW
0x140aeb244 CreateEventA
0x140aeb24c CreateFiber
0x140aeb254 CreateFileA
0x140aeb25c CreateFileMappingA
0x140aeb264 CreateFileW
0x140aeb26c CreateHardLinkW
0x140aeb274 CreateIoCompletionPort
0x140aeb27c CreateJobObjectW
0x140aeb284 CreateNamedPipeA
0x140aeb28c CreateNamedPipeW
0x140aeb294 CreateProcessW
0x140aeb29c CreateSemaphoreA
0x140aeb2a4 CreateSymbolicLinkW
0x140aeb2ac CreateToolhelp32Snapshot
0x140aeb2b4 DebugBreak
0x140aeb2bc DeleteCriticalSection
0x140aeb2c4 DeleteFiber
0x140aeb2cc DeviceIoControl
0x140aeb2d4 DuplicateHandle
0x140aeb2dc EnterCriticalSection
0x140aeb2e4 ExpandEnvironmentStringsA
0x140aeb2ec FileTimeToSystemTime
0x140aeb2f4 FillConsoleOutputAttribute
0x140aeb2fc FillConsoleOutputCharacterW
0x140aeb304 FindClose
0x140aeb30c FindFirstFileW
0x140aeb314 FindNextFileW
0x140aeb31c FindResourceW
0x140aeb324 FlushFileBuffers
0x140aeb32c FlushInstructionCache
0x140aeb334 FlushViewOfFile
0x140aeb33c FormatMessageA
0x140aeb344 FormatMessageW
0x140aeb34c FreeConsole
0x140aeb354 FreeEnvironmentStringsW
0x140aeb35c FreeLibrary
0x140aeb364 GetComputerNameA
0x140aeb36c GetConsoleCursorInfo
0x140aeb374 GetConsoleMode
0x140aeb37c GetConsoleScreenBufferInfo
0x140aeb384 GetConsoleTitleW
0x140aeb38c GetConsoleWindow
0x140aeb394 GetCurrentDirectoryW
0x140aeb39c GetCurrentProcess
0x140aeb3a4 GetCurrentProcessId
0x140aeb3ac GetCurrentThread
0x140aeb3b4 GetCurrentThreadId
0x140aeb3bc GetDiskFreeSpaceW
0x140aeb3c4 GetEnvironmentStringsW
0x140aeb3cc GetEnvironmentVariableW
0x140aeb3d4 GetExitCodeProcess
0x140aeb3dc GetFileAttributesA
0x140aeb3e4 GetFileAttributesW
0x140aeb3ec GetFileInformationByHandle
0x140aeb3f4 GetFileInformationByHandleEx
0x140aeb3fc GetFileSizeEx
0x140aeb404 GetFileType
0x140aeb40c GetFinalPathNameByHandleW
0x140aeb414 GetFullPathNameW
0x140aeb41c GetHandleInformation
0x140aeb424 GetLargePageMinimum
0x140aeb42c GetLastError
0x140aeb434 GetLongPathNameW
0x140aeb43c GetModuleFileNameA
0x140aeb444 GetModuleFileNameW
0x140aeb44c GetModuleHandleA
0x140aeb454 GetModuleHandleExW
0x140aeb45c GetModuleHandleW
0x140aeb464 GetNamedPipeHandleStateA
0x140aeb46c GetNativeSystemInfo
0x140aeb474 GetNumberOfConsoleInputEvents
0x140aeb47c GetPriorityClass
0x140aeb484 GetProcAddress
0x140aeb48c GetProcessAffinityMask
0x140aeb494 GetProcessHeap
0x140aeb49c GetProcessIoCounters
0x140aeb4a4 GetProcessTimes
0x140aeb4ac GetQueuedCompletionStatus
0x140aeb4b4 GetShortPathNameW
0x140aeb4bc GetStartupInfoA
0x140aeb4c4 GetStartupInfoW
0x140aeb4cc GetStdHandle
0x140aeb4d4 GetSystemFirmwareTable
0x140aeb4dc GetSystemInfo
0x140aeb4e4 GetSystemPowerStatus
0x140aeb4ec GetSystemTime
0x140aeb4f4 GetSystemTimeAdjustment
0x140aeb4fc GetSystemTimeAsFileTime
0x140aeb504 GetTempPathW
0x140aeb50c GetThreadContext
0x140aeb514 GetThreadPriority
0x140aeb51c GetThreadTimes
0x140aeb524 GetTickCount
0x140aeb52c GetTickCount64
0x140aeb534 GetVersion
0x140aeb53c GetVersionExA
0x140aeb544 GetVersionExW
0x140aeb54c GlobalMemoryStatusEx
0x140aeb554 HeapAlloc
0x140aeb55c HeapFree
0x140aeb564 InitializeConditionVariable
0x140aeb56c InitializeCriticalSection
0x140aeb574 InitializeCriticalSectionAndSpinCount
0x140aeb57c InitializeSRWLock
0x140aeb584 IsDBCSLeadByteEx
0x140aeb58c IsDebuggerPresent
0x140aeb594 K32GetProcessMemoryInfo
0x140aeb59c LCMapStringW
0x140aeb5a4 LeaveCriticalSection
0x140aeb5ac LoadLibraryA
0x140aeb5b4 LoadLibraryExA
0x140aeb5bc LoadLibraryExW
0x140aeb5c4 LoadLibraryW
0x140aeb5cc LoadResource
0x140aeb5d4 LocalAlloc
0x140aeb5dc LocalFree
0x140aeb5e4 LockResource
0x140aeb5ec MapViewOfFile
0x140aeb5f4 MoveFileExW
0x140aeb5fc MultiByteToWideChar
0x140aeb604 OpenProcess
0x140aeb60c OutputDebugStringA
0x140aeb614 PeekNamedPipe
0x140aeb61c PostQueuedCompletionStatus
0x140aeb624 Process32First
0x140aeb62c Process32Next
0x140aeb634 QueryPerformanceCounter
0x140aeb63c QueryPerformanceFrequency
0x140aeb644 QueueUserWorkItem
0x140aeb64c RaiseException
0x140aeb654 ReOpenFile
0x140aeb65c ReadConsoleA
0x140aeb664 ReadConsoleInputW
0x140aeb66c ReadConsoleW
0x140aeb674 ReadDirectoryChangesW
0x140aeb67c ReadFile
0x140aeb684 RegisterWaitForSingleObject
0x140aeb68c ReleaseSRWLockExclusive
0x140aeb694 ReleaseSRWLockShared
0x140aeb69c ReleaseSemaphore
0x140aeb6a4 RemoveDirectoryW
0x140aeb6ac RemoveVectoredExceptionHandler
0x140aeb6b4 ResetEvent
0x140aeb6bc ResumeThread
0x140aeb6c4 RtlCaptureContext
0x140aeb6cc RtlLookupFunctionEntry
0x140aeb6d4 RtlUnwindEx
0x140aeb6dc RtlVirtualUnwind
0x140aeb6e4 SetConsoleCtrlHandler
0x140aeb6ec SetConsoleCursorInfo
0x140aeb6f4 SetConsoleCursorPosition
0x140aeb6fc SetConsoleMode
0x140aeb704 SetConsoleTextAttribute
0x140aeb70c SetConsoleTitleA
0x140aeb714 SetConsoleTitleW
0x140aeb71c SetCurrentDirectoryW
0x140aeb724 SetEnvironmentVariableW
0x140aeb72c SetErrorMode
0x140aeb734 SetEvent
0x140aeb73c SetFileCompletionNotificationModes
0x140aeb744 SetFilePointerEx
0x140aeb74c SetFileTime
0x140aeb754 SetHandleInformation
0x140aeb75c SetInformationJobObject
0x140aeb764 SetLastError
0x140aeb76c SetNamedPipeHandleState
0x140aeb774 SetPriorityClass
0x140aeb77c SetProcessAffinityMask
0x140aeb784 SetSystemTime
0x140aeb78c SetThreadAffinityMask
0x140aeb794 SetThreadContext
0x140aeb79c SetThreadPriority
0x140aeb7a4 SetUnhandledExceptionFilter
0x140aeb7ac SizeofResource
0x140aeb7b4 Sleep
0x140aeb7bc SleepConditionVariableCS
0x140aeb7c4 SuspendThread
0x140aeb7cc SwitchToFiber
0x140aeb7d4 SwitchToThread
0x140aeb7dc SystemTimeToFileTime
0x140aeb7e4 TerminateProcess
0x140aeb7ec TlsAlloc
0x140aeb7f4 TlsFree
0x140aeb7fc TlsGetValue
0x140aeb804 TlsSetValue
0x140aeb80c TryAcquireSRWLockExclusive
0x140aeb814 TryAcquireSRWLockShared
0x140aeb81c TryEnterCriticalSection
0x140aeb824 UnmapViewOfFile
0x140aeb82c UnregisterWait
0x140aeb834 UnregisterWaitEx
0x140aeb83c VerSetConditionMask
0x140aeb844 VerifyVersionInfoA
0x140aeb84c VirtualAlloc
0x140aeb854 VirtualFree
0x140aeb85c VirtualProtect
0x140aeb864 VirtualQuery
0x140aeb86c WaitForMultipleObjects
0x140aeb874 WaitForSingleObject
0x140aeb87c WaitNamedPipeW
0x140aeb884 WakeAllConditionVariable
0x140aeb88c WakeConditionVariable
0x140aeb894 WideCharToMultiByte
0x140aeb89c WriteConsoleInputW
0x140aeb8a4 WriteConsoleW
0x140aeb8ac WriteFile
0x140aeb8b4 __C_specific_handler
msvcrt.dll
0x140aeb8c4 ___lc_codepage_func
0x140aeb8cc ___mb_cur_max_func
0x140aeb8d4 __argv
0x140aeb8dc __doserrno
0x140aeb8e4 __getmainargs
0x140aeb8ec __initenv
0x140aeb8f4 __iob_func
0x140aeb8fc __set_app_type
0x140aeb904 __setusermatherr
0x140aeb90c _acmdln
0x140aeb914 _amsg_exit
0x140aeb91c _assert
0x140aeb924 _beginthreadex
0x140aeb92c _cexit
0x140aeb934 _close
0x140aeb93c _close
0x140aeb944 _commode
0x140aeb94c _endthreadex
0x140aeb954 _errno
0x140aeb95c _exit
0x140aeb964 _fdopen
0x140aeb96c _filelengthi64
0x140aeb974 _fileno
0x140aeb97c _findclose
0x140aeb984 _fileno
0x140aeb98c _findfirst64
0x140aeb994 _findnext64
0x140aeb99c _fmode
0x140aeb9a4 _fstat64
0x140aeb9ac _fullpath
0x140aeb9b4 _get_osfhandle
0x140aeb9bc _gmtime64
0x140aeb9c4 _initterm
0x140aeb9cc _isatty
0x140aeb9d4 _localtime64
0x140aeb9dc _lock
0x140aeb9e4 _lseeki64
0x140aeb9ec _mkdir
0x140aeb9f4 _onexit
0x140aeb9fc _open
0x140aeba04 _open_osfhandle
0x140aeba0c _read
0x140aeba14 _read
0x140aeba1c _setjmp
0x140aeba24 _setmode
0x140aeba2c _snwprintf
0x140aeba34 _stat64
0x140aeba3c _stricmp
0x140aeba44 _strdup
0x140aeba4c _strdup
0x140aeba54 _strnicmp
0x140aeba5c _time64
0x140aeba64 _ultoa
0x140aeba6c _unlock
0x140aeba74 _umask
0x140aeba7c _vscprintf
0x140aeba84 _vsnprintf
0x140aeba8c _vsnwprintf
0x140aeba94 _wchmod
0x140aeba9c _wcsdup
0x140aebaa4 _wcsnicmp
0x140aebaac _wcsrev
0x140aebab4 _wfopen
0x140aebabc _wopen
0x140aebac4 _write
0x140aebacc _wrmdir
0x140aebad4 abort
0x140aebadc atof
0x140aebae4 atoi
0x140aebaec calloc
0x140aebaf4 exit
0x140aebafc fclose
0x140aebb04 feof
0x140aebb0c ferror
0x140aebb14 fflush
0x140aebb1c fgetpos
0x140aebb24 fgets
0x140aebb2c fopen
0x140aebb34 fprintf
0x140aebb3c fputc
0x140aebb44 fputs
0x140aebb4c fread
0x140aebb54 free
0x140aebb5c fseek
0x140aebb64 fsetpos
0x140aebb6c ftell
0x140aebb74 fwrite
0x140aebb7c getc
0x140aebb84 getenv
0x140aebb8c getwc
0x140aebb94 islower
0x140aebb9c isspace
0x140aebba4 isupper
0x140aebbac iswctype
0x140aebbb4 isxdigit
0x140aebbbc _write
0x140aebbc4 localeconv
0x140aebbcc longjmp
0x140aebbd4 malloc
0x140aebbdc memchr
0x140aebbe4 memcmp
0x140aebbec memcpy
0x140aebbf4 memmove
0x140aebbfc memset
0x140aebc04 printf
0x140aebc0c putc
0x140aebc14 putwc
0x140aebc1c qsort
0x140aebc24 raise
0x140aebc2c realloc
0x140aebc34 rand
0x140aebc3c setlocale
0x140aebc44 setvbuf
0x140aebc4c signal
0x140aebc54 sprintf
0x140aebc5c srand
0x140aebc64 strcat
0x140aebc6c strchr
0x140aebc74 strcmp
0x140aebc7c strcoll
0x140aebc84 strcpy
0x140aebc8c strcspn
0x140aebc94 strerror
0x140aebc9c strftime
0x140aebca4 strlen
0x140aebcac strncmp
0x140aebcb4 strncpy
0x140aebcbc strrchr
0x140aebcc4 strspn
0x140aebccc strstr
0x140aebcd4 strtol
0x140aebcdc strtoul
0x140aebce4 strxfrm
0x140aebcec tolower
0x140aebcf4 toupper
0x140aebcfc towlower
0x140aebd04 towupper
0x140aebd0c ungetc
0x140aebd14 vfprintf
0x140aebd1c ungetwc
0x140aebd24 wcschr
0x140aebd2c wcscmp
0x140aebd34 wcscoll
0x140aebd3c wcscpy
0x140aebd44 wcsftime
0x140aebd4c wcslen
0x140aebd54 wcsncmp
0x140aebd5c wcsncpy
0x140aebd64 wcspbrk
0x140aebd6c wcsrchr
0x140aebd74 wcsstr
0x140aebd7c wcstombs
0x140aebd84 wcsxfrm
ole32.dll
0x140aebd94 CoCreateInstance
0x140aebd9c CoInitializeEx
0x140aebda4 CoUninitialize
SHELL32.dll
0x140aebdb4 SHGetSpecialFolderPathA
USER32.dll
0x140aebdc4 DispatchMessageA
0x140aebdcc GetLastInputInfo
0x140aebdd4 GetMessageA
0x140aebddc GetProcessWindowStation
0x140aebde4 GetSystemMetrics
0x140aebdec GetUserObjectInformationW
0x140aebdf4 MapVirtualKeyW
0x140aebdfc MessageBoxW
0x140aebe04 ShowWindow
0x140aebe0c TranslateMessage
USERENV.dll
0x140aebe1c GetUserProfileDirectoryW
WS2_32.dll
0x140aebe2c FreeAddrInfoW
0x140aebe34 GetAddrInfoW
0x140aebe3c WSACleanup
0x140aebe44 WSADuplicateSocketW
0x140aebe4c WSAGetLastError
0x140aebe54 WSAGetOverlappedResult
0x140aebe5c WSAIoctl
0x140aebe64 WSARecv
0x140aebe6c WSARecvFrom
0x140aebe74 WSASend
0x140aebe7c WSASendTo
0x140aebe84 WSASetLastError
0x140aebe8c WSASocketW
0x140aebe94 WSAStartup
0x140aebe9c accept
0x140aebea4 ind
0x140aebeac closesocket
0x140aebeb4 connect
0x140aebebc freeaddrinfo
0x140aebec4 getaddrinfo
0x140aebecc gethostbyname
0x140aebed4 gethostname
0x140aebedc getnameinfo
0x140aebee4 getpeername
0x140aebeec getsockname
0x140aebef4 getsockopt
0x140aebefc htonl
0x140aebf04 htons
0x140aebf0c ioctlsocket
0x140aebf14 listen
0x140aebf1c ntohs
0x140aebf24 recv
0x140aebf2c select
0x140aebf34 send
0x140aebf3c setsockopt
0x140aebf44 shutdown
0x140aebf4c socket
EAT(Export Address Table) is none
ADVAPI32.dll
0x140aeb01c AdjustTokenPrivileges
0x140aeb024 AllocateAndInitializeSid
0x140aeb02c CloseServiceHandle
0x140aeb034 ControlService
0x140aeb03c CreateServiceW
0x140aeb044 CryptAcquireContextW
0x140aeb04c CryptCreateHash
0x140aeb054 CryptDecrypt
0x140aeb05c CryptDestroyHash
0x140aeb064 CryptDestroyKey
0x140aeb06c CryptEnumProvidersW
0x140aeb074 CryptExportKey
0x140aeb07c CryptGenRandom
0x140aeb084 CryptGetProvParam
0x140aeb08c CryptGetUserKey
0x140aeb094 CryptReleaseContext
0x140aeb09c CryptSetHashParam
0x140aeb0a4 CryptSignHashW
0x140aeb0ac DeleteService
0x140aeb0b4 DeregisterEventSource
0x140aeb0bc FreeSid
0x140aeb0c4 GetSecurityInfo
0x140aeb0cc GetTokenInformation
0x140aeb0d4 GetUserNameW
0x140aeb0dc LookupPrivilegeValueW
0x140aeb0e4 LsaAddAccountRights
0x140aeb0ec LsaClose
0x140aeb0f4 LsaOpenPolicy
0x140aeb0fc OpenProcessToken
0x140aeb104 OpenSCManagerW
0x140aeb10c OpenServiceW
0x140aeb114 QueryServiceConfigA
0x140aeb11c QueryServiceStatus
0x140aeb124 RegCloseKey
0x140aeb12c RegGetValueW
0x140aeb134 RegOpenKeyExW
0x140aeb13c RegQueryValueExW
0x140aeb144 RegisterEventSourceW
0x140aeb14c ReportEventW
0x140aeb154 SetEntriesInAclA
0x140aeb15c SetSecurityInfo
0x140aeb164 StartServiceW
0x140aeb16c SystemFunction036
CRYPT32.dll
0x140aeb17c CertCloseStore
0x140aeb184 CertDuplicateCertificateContext
0x140aeb18c CertEnumCertificatesInStore
0x140aeb194 CertFindCertificateInStore
0x140aeb19c CertFreeCertificateContext
0x140aeb1a4 CertGetCertificateContextProperty
0x140aeb1ac CertOpenStore
IPHLPAPI.DLL
0x140aeb1bc ConvertInterfaceIndexToLuid
0x140aeb1c4 ConvertInterfaceLuidToNameW
0x140aeb1cc GetAdaptersAddresses
KERNEL32.dll
0x140aeb1dc AcquireSRWLockExclusive
0x140aeb1e4 AcquireSRWLockShared
0x140aeb1ec AddVectoredExceptionHandler
0x140aeb1f4 AssignProcessToJobObject
0x140aeb1fc CancelIo
0x140aeb204 CancelIoEx
0x140aeb20c CancelSynchronousIo
0x140aeb214 CloseHandle
0x140aeb21c ConnectNamedPipe
0x140aeb224 ConvertFiberToThread
0x140aeb22c ConvertThreadToFiber
0x140aeb234 CopyFileW
0x140aeb23c CreateDirectoryW
0x140aeb244 CreateEventA
0x140aeb24c CreateFiber
0x140aeb254 CreateFileA
0x140aeb25c CreateFileMappingA
0x140aeb264 CreateFileW
0x140aeb26c CreateHardLinkW
0x140aeb274 CreateIoCompletionPort
0x140aeb27c CreateJobObjectW
0x140aeb284 CreateNamedPipeA
0x140aeb28c CreateNamedPipeW
0x140aeb294 CreateProcessW
0x140aeb29c CreateSemaphoreA
0x140aeb2a4 CreateSymbolicLinkW
0x140aeb2ac CreateToolhelp32Snapshot
0x140aeb2b4 DebugBreak
0x140aeb2bc DeleteCriticalSection
0x140aeb2c4 DeleteFiber
0x140aeb2cc DeviceIoControl
0x140aeb2d4 DuplicateHandle
0x140aeb2dc EnterCriticalSection
0x140aeb2e4 ExpandEnvironmentStringsA
0x140aeb2ec FileTimeToSystemTime
0x140aeb2f4 FillConsoleOutputAttribute
0x140aeb2fc FillConsoleOutputCharacterW
0x140aeb304 FindClose
0x140aeb30c FindFirstFileW
0x140aeb314 FindNextFileW
0x140aeb31c FindResourceW
0x140aeb324 FlushFileBuffers
0x140aeb32c FlushInstructionCache
0x140aeb334 FlushViewOfFile
0x140aeb33c FormatMessageA
0x140aeb344 FormatMessageW
0x140aeb34c FreeConsole
0x140aeb354 FreeEnvironmentStringsW
0x140aeb35c FreeLibrary
0x140aeb364 GetComputerNameA
0x140aeb36c GetConsoleCursorInfo
0x140aeb374 GetConsoleMode
0x140aeb37c GetConsoleScreenBufferInfo
0x140aeb384 GetConsoleTitleW
0x140aeb38c GetConsoleWindow
0x140aeb394 GetCurrentDirectoryW
0x140aeb39c GetCurrentProcess
0x140aeb3a4 GetCurrentProcessId
0x140aeb3ac GetCurrentThread
0x140aeb3b4 GetCurrentThreadId
0x140aeb3bc GetDiskFreeSpaceW
0x140aeb3c4 GetEnvironmentStringsW
0x140aeb3cc GetEnvironmentVariableW
0x140aeb3d4 GetExitCodeProcess
0x140aeb3dc GetFileAttributesA
0x140aeb3e4 GetFileAttributesW
0x140aeb3ec GetFileInformationByHandle
0x140aeb3f4 GetFileInformationByHandleEx
0x140aeb3fc GetFileSizeEx
0x140aeb404 GetFileType
0x140aeb40c GetFinalPathNameByHandleW
0x140aeb414 GetFullPathNameW
0x140aeb41c GetHandleInformation
0x140aeb424 GetLargePageMinimum
0x140aeb42c GetLastError
0x140aeb434 GetLongPathNameW
0x140aeb43c GetModuleFileNameA
0x140aeb444 GetModuleFileNameW
0x140aeb44c GetModuleHandleA
0x140aeb454 GetModuleHandleExW
0x140aeb45c GetModuleHandleW
0x140aeb464 GetNamedPipeHandleStateA
0x140aeb46c GetNativeSystemInfo
0x140aeb474 GetNumberOfConsoleInputEvents
0x140aeb47c GetPriorityClass
0x140aeb484 GetProcAddress
0x140aeb48c GetProcessAffinityMask
0x140aeb494 GetProcessHeap
0x140aeb49c GetProcessIoCounters
0x140aeb4a4 GetProcessTimes
0x140aeb4ac GetQueuedCompletionStatus
0x140aeb4b4 GetShortPathNameW
0x140aeb4bc GetStartupInfoA
0x140aeb4c4 GetStartupInfoW
0x140aeb4cc GetStdHandle
0x140aeb4d4 GetSystemFirmwareTable
0x140aeb4dc GetSystemInfo
0x140aeb4e4 GetSystemPowerStatus
0x140aeb4ec GetSystemTime
0x140aeb4f4 GetSystemTimeAdjustment
0x140aeb4fc GetSystemTimeAsFileTime
0x140aeb504 GetTempPathW
0x140aeb50c GetThreadContext
0x140aeb514 GetThreadPriority
0x140aeb51c GetThreadTimes
0x140aeb524 GetTickCount
0x140aeb52c GetTickCount64
0x140aeb534 GetVersion
0x140aeb53c GetVersionExA
0x140aeb544 GetVersionExW
0x140aeb54c GlobalMemoryStatusEx
0x140aeb554 HeapAlloc
0x140aeb55c HeapFree
0x140aeb564 InitializeConditionVariable
0x140aeb56c InitializeCriticalSection
0x140aeb574 InitializeCriticalSectionAndSpinCount
0x140aeb57c InitializeSRWLock
0x140aeb584 IsDBCSLeadByteEx
0x140aeb58c IsDebuggerPresent
0x140aeb594 K32GetProcessMemoryInfo
0x140aeb59c LCMapStringW
0x140aeb5a4 LeaveCriticalSection
0x140aeb5ac LoadLibraryA
0x140aeb5b4 LoadLibraryExA
0x140aeb5bc LoadLibraryExW
0x140aeb5c4 LoadLibraryW
0x140aeb5cc LoadResource
0x140aeb5d4 LocalAlloc
0x140aeb5dc LocalFree
0x140aeb5e4 LockResource
0x140aeb5ec MapViewOfFile
0x140aeb5f4 MoveFileExW
0x140aeb5fc MultiByteToWideChar
0x140aeb604 OpenProcess
0x140aeb60c OutputDebugStringA
0x140aeb614 PeekNamedPipe
0x140aeb61c PostQueuedCompletionStatus
0x140aeb624 Process32First
0x140aeb62c Process32Next
0x140aeb634 QueryPerformanceCounter
0x140aeb63c QueryPerformanceFrequency
0x140aeb644 QueueUserWorkItem
0x140aeb64c RaiseException
0x140aeb654 ReOpenFile
0x140aeb65c ReadConsoleA
0x140aeb664 ReadConsoleInputW
0x140aeb66c ReadConsoleW
0x140aeb674 ReadDirectoryChangesW
0x140aeb67c ReadFile
0x140aeb684 RegisterWaitForSingleObject
0x140aeb68c ReleaseSRWLockExclusive
0x140aeb694 ReleaseSRWLockShared
0x140aeb69c ReleaseSemaphore
0x140aeb6a4 RemoveDirectoryW
0x140aeb6ac RemoveVectoredExceptionHandler
0x140aeb6b4 ResetEvent
0x140aeb6bc ResumeThread
0x140aeb6c4 RtlCaptureContext
0x140aeb6cc RtlLookupFunctionEntry
0x140aeb6d4 RtlUnwindEx
0x140aeb6dc RtlVirtualUnwind
0x140aeb6e4 SetConsoleCtrlHandler
0x140aeb6ec SetConsoleCursorInfo
0x140aeb6f4 SetConsoleCursorPosition
0x140aeb6fc SetConsoleMode
0x140aeb704 SetConsoleTextAttribute
0x140aeb70c SetConsoleTitleA
0x140aeb714 SetConsoleTitleW
0x140aeb71c SetCurrentDirectoryW
0x140aeb724 SetEnvironmentVariableW
0x140aeb72c SetErrorMode
0x140aeb734 SetEvent
0x140aeb73c SetFileCompletionNotificationModes
0x140aeb744 SetFilePointerEx
0x140aeb74c SetFileTime
0x140aeb754 SetHandleInformation
0x140aeb75c SetInformationJobObject
0x140aeb764 SetLastError
0x140aeb76c SetNamedPipeHandleState
0x140aeb774 SetPriorityClass
0x140aeb77c SetProcessAffinityMask
0x140aeb784 SetSystemTime
0x140aeb78c SetThreadAffinityMask
0x140aeb794 SetThreadContext
0x140aeb79c SetThreadPriority
0x140aeb7a4 SetUnhandledExceptionFilter
0x140aeb7ac SizeofResource
0x140aeb7b4 Sleep
0x140aeb7bc SleepConditionVariableCS
0x140aeb7c4 SuspendThread
0x140aeb7cc SwitchToFiber
0x140aeb7d4 SwitchToThread
0x140aeb7dc SystemTimeToFileTime
0x140aeb7e4 TerminateProcess
0x140aeb7ec TlsAlloc
0x140aeb7f4 TlsFree
0x140aeb7fc TlsGetValue
0x140aeb804 TlsSetValue
0x140aeb80c TryAcquireSRWLockExclusive
0x140aeb814 TryAcquireSRWLockShared
0x140aeb81c TryEnterCriticalSection
0x140aeb824 UnmapViewOfFile
0x140aeb82c UnregisterWait
0x140aeb834 UnregisterWaitEx
0x140aeb83c VerSetConditionMask
0x140aeb844 VerifyVersionInfoA
0x140aeb84c VirtualAlloc
0x140aeb854 VirtualFree
0x140aeb85c VirtualProtect
0x140aeb864 VirtualQuery
0x140aeb86c WaitForMultipleObjects
0x140aeb874 WaitForSingleObject
0x140aeb87c WaitNamedPipeW
0x140aeb884 WakeAllConditionVariable
0x140aeb88c WakeConditionVariable
0x140aeb894 WideCharToMultiByte
0x140aeb89c WriteConsoleInputW
0x140aeb8a4 WriteConsoleW
0x140aeb8ac WriteFile
0x140aeb8b4 __C_specific_handler
msvcrt.dll
0x140aeb8c4 ___lc_codepage_func
0x140aeb8cc ___mb_cur_max_func
0x140aeb8d4 __argv
0x140aeb8dc __doserrno
0x140aeb8e4 __getmainargs
0x140aeb8ec __initenv
0x140aeb8f4 __iob_func
0x140aeb8fc __set_app_type
0x140aeb904 __setusermatherr
0x140aeb90c _acmdln
0x140aeb914 _amsg_exit
0x140aeb91c _assert
0x140aeb924 _beginthreadex
0x140aeb92c _cexit
0x140aeb934 _close
0x140aeb93c _close
0x140aeb944 _commode
0x140aeb94c _endthreadex
0x140aeb954 _errno
0x140aeb95c _exit
0x140aeb964 _fdopen
0x140aeb96c _filelengthi64
0x140aeb974 _fileno
0x140aeb97c _findclose
0x140aeb984 _fileno
0x140aeb98c _findfirst64
0x140aeb994 _findnext64
0x140aeb99c _fmode
0x140aeb9a4 _fstat64
0x140aeb9ac _fullpath
0x140aeb9b4 _get_osfhandle
0x140aeb9bc _gmtime64
0x140aeb9c4 _initterm
0x140aeb9cc _isatty
0x140aeb9d4 _localtime64
0x140aeb9dc _lock
0x140aeb9e4 _lseeki64
0x140aeb9ec _mkdir
0x140aeb9f4 _onexit
0x140aeb9fc _open
0x140aeba04 _open_osfhandle
0x140aeba0c _read
0x140aeba14 _read
0x140aeba1c _setjmp
0x140aeba24 _setmode
0x140aeba2c _snwprintf
0x140aeba34 _stat64
0x140aeba3c _stricmp
0x140aeba44 _strdup
0x140aeba4c _strdup
0x140aeba54 _strnicmp
0x140aeba5c _time64
0x140aeba64 _ultoa
0x140aeba6c _unlock
0x140aeba74 _umask
0x140aeba7c _vscprintf
0x140aeba84 _vsnprintf
0x140aeba8c _vsnwprintf
0x140aeba94 _wchmod
0x140aeba9c _wcsdup
0x140aebaa4 _wcsnicmp
0x140aebaac _wcsrev
0x140aebab4 _wfopen
0x140aebabc _wopen
0x140aebac4 _write
0x140aebacc _wrmdir
0x140aebad4 abort
0x140aebadc atof
0x140aebae4 atoi
0x140aebaec calloc
0x140aebaf4 exit
0x140aebafc fclose
0x140aebb04 feof
0x140aebb0c ferror
0x140aebb14 fflush
0x140aebb1c fgetpos
0x140aebb24 fgets
0x140aebb2c fopen
0x140aebb34 fprintf
0x140aebb3c fputc
0x140aebb44 fputs
0x140aebb4c fread
0x140aebb54 free
0x140aebb5c fseek
0x140aebb64 fsetpos
0x140aebb6c ftell
0x140aebb74 fwrite
0x140aebb7c getc
0x140aebb84 getenv
0x140aebb8c getwc
0x140aebb94 islower
0x140aebb9c isspace
0x140aebba4 isupper
0x140aebbac iswctype
0x140aebbb4 isxdigit
0x140aebbbc _write
0x140aebbc4 localeconv
0x140aebbcc longjmp
0x140aebbd4 malloc
0x140aebbdc memchr
0x140aebbe4 memcmp
0x140aebbec memcpy
0x140aebbf4 memmove
0x140aebbfc memset
0x140aebc04 printf
0x140aebc0c putc
0x140aebc14 putwc
0x140aebc1c qsort
0x140aebc24 raise
0x140aebc2c realloc
0x140aebc34 rand
0x140aebc3c setlocale
0x140aebc44 setvbuf
0x140aebc4c signal
0x140aebc54 sprintf
0x140aebc5c srand
0x140aebc64 strcat
0x140aebc6c strchr
0x140aebc74 strcmp
0x140aebc7c strcoll
0x140aebc84 strcpy
0x140aebc8c strcspn
0x140aebc94 strerror
0x140aebc9c strftime
0x140aebca4 strlen
0x140aebcac strncmp
0x140aebcb4 strncpy
0x140aebcbc strrchr
0x140aebcc4 strspn
0x140aebccc strstr
0x140aebcd4 strtol
0x140aebcdc strtoul
0x140aebce4 strxfrm
0x140aebcec tolower
0x140aebcf4 toupper
0x140aebcfc towlower
0x140aebd04 towupper
0x140aebd0c ungetc
0x140aebd14 vfprintf
0x140aebd1c ungetwc
0x140aebd24 wcschr
0x140aebd2c wcscmp
0x140aebd34 wcscoll
0x140aebd3c wcscpy
0x140aebd44 wcsftime
0x140aebd4c wcslen
0x140aebd54 wcsncmp
0x140aebd5c wcsncpy
0x140aebd64 wcspbrk
0x140aebd6c wcsrchr
0x140aebd74 wcsstr
0x140aebd7c wcstombs
0x140aebd84 wcsxfrm
ole32.dll
0x140aebd94 CoCreateInstance
0x140aebd9c CoInitializeEx
0x140aebda4 CoUninitialize
SHELL32.dll
0x140aebdb4 SHGetSpecialFolderPathA
USER32.dll
0x140aebdc4 DispatchMessageA
0x140aebdcc GetLastInputInfo
0x140aebdd4 GetMessageA
0x140aebddc GetProcessWindowStation
0x140aebde4 GetSystemMetrics
0x140aebdec GetUserObjectInformationW
0x140aebdf4 MapVirtualKeyW
0x140aebdfc MessageBoxW
0x140aebe04 ShowWindow
0x140aebe0c TranslateMessage
USERENV.dll
0x140aebe1c GetUserProfileDirectoryW
WS2_32.dll
0x140aebe2c FreeAddrInfoW
0x140aebe34 GetAddrInfoW
0x140aebe3c WSACleanup
0x140aebe44 WSADuplicateSocketW
0x140aebe4c WSAGetLastError
0x140aebe54 WSAGetOverlappedResult
0x140aebe5c WSAIoctl
0x140aebe64 WSARecv
0x140aebe6c WSARecvFrom
0x140aebe74 WSASend
0x140aebe7c WSASendTo
0x140aebe84 WSASetLastError
0x140aebe8c WSASocketW
0x140aebe94 WSAStartup
0x140aebe9c accept
0x140aebea4 ind
0x140aebeac closesocket
0x140aebeb4 connect
0x140aebebc freeaddrinfo
0x140aebec4 getaddrinfo
0x140aebecc gethostbyname
0x140aebed4 gethostname
0x140aebedc getnameinfo
0x140aebee4 getpeername
0x140aebeec getsockname
0x140aebef4 getsockopt
0x140aebefc htonl
0x140aebf04 htons
0x140aebf0c ioctlsocket
0x140aebf14 listen
0x140aebf1c ntohs
0x140aebf24 recv
0x140aebf2c select
0x140aebf34 send
0x140aebf3c setsockopt
0x140aebf44 shutdown
0x140aebf4c socket
EAT(Export Address Table) is none