ScreenShot
| Created | 2023.05.10 18:03 | Machine | s1_win7_x6403 |
| Filename | pspp | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (Miner, malicious, high confidence, BitCoinMiner, CoinMiner, Voy6, Miners, score, RiskTool, oosh, Bkjl, VMProtBad, Expiro, high, GrayWare, Caypnamer, Detected, Artemis, ai score=71, unsafe, R002H0CE523, CLOUD, susgen) | ||
| md5 | 14f04f5932bc851acf217a147afb018a | ||
| sha256 | 6a3067c98e097d24ddde33ad98df7422d66327127fbdfff649e1263cdb1bf645 | ||
| ssdeep | 196608:q6MiO9h9xz2nHTcM5IUA/dU3B4bWpN1xIR:qcOrjziHTpSdUybINXI | ||
| imphash | a1990b4be806eba5f3af52b26ba4ad05 | ||
| impfuzzy | 192:n50xF9bQg2dk5hyDQpofPEJ/rbPXv6R+BuPZcg:nmxQg2xDNXER34+Ccg | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x140b76000 GetAddrInfoW
0x140b76008 WSAGetLastError
0x140b76010 setsockopt
0x140b76018 WSARecvFrom
0x140b76020 WSASend
0x140b76028 WSARecv
0x140b76030 WSAIoctl
0x140b76038 WSADuplicateSocketW
0x140b76040 FreeAddrInfoW
0x140b76048 htons
0x140b76050 gethostname
0x140b76058 htonl
0x140b76060 listen
0x140b76068 ind
0x140b76070 getsockname
0x140b76078 WSASetLastError
0x140b76080 WSACleanup
0x140b76088 __WSAFDIsSet
0x140b76090 closesocket
0x140b76098 select
0x140b760a0 shutdown
0x140b760a8 WSASocketW
0x140b760b0 inet_pton
0x140b760b8 getaddrinfo
0x140b760c0 WSAStartup
0x140b760c8 getpeername
0x140b760d0 send
0x140b760d8 socket
0x140b760e0 ntohs
0x140b760e8 connect
0x140b760f0 recv
0x140b760f8 getsockopt
0x140b76100 freeaddrinfo
0x140b76108 ioctlsocket
0x140b76110 getnameinfo
PSAPI.DLL
0x140b76120 GetProcessMemoryInfo
IPHLPAPI.DLL
0x140b76130 GetAdaptersAddresses
USERENV.dll
0x140b76140 GetUserProfileDirectoryW
CRYPT32.dll
0x140b76150 CertCloseStore
0x140b76158 CertGetCertificateContextProperty
0x140b76160 CertFreeCertificateContext
0x140b76168 CertOpenSystemStoreW
0x140b76170 CertEnumCertificatesInStore
0x140b76178 CertFindCertificateInStore
0x140b76180 CertOpenStore
0x140b76188 CertDuplicateCertificateContext
KERNEL32.dll
0x140b76198 GetStdHandle
0x140b761a0 SetConsoleMode
0x140b761a8 GetConsoleMode
0x140b761b0 SizeofResource
0x140b761b8 LockResource
0x140b761c0 LoadResource
0x140b761c8 FindResourceW
0x140b761d0 ExpandEnvironmentStringsA
0x140b761d8 SetThreadExecutionState
0x140b761e0 GetTickCount
0x140b761e8 GetSystemFirmwareTable
0x140b761f0 HeapFree
0x140b761f8 HeapAlloc
0x140b76200 GetProcessHeap
0x140b76208 MultiByteToWideChar
0x140b76210 SetPriorityClass
0x140b76218 GetCurrentProcess
0x140b76220 SetThreadPriority
0x140b76228 GetSystemPowerStatus
0x140b76230 GetCurrentThread
0x140b76238 GetProcAddress
0x140b76240 GetModuleHandleW
0x140b76248 CloseHandle
0x140b76250 FreeConsole
0x140b76258 GetConsoleWindow
0x140b76260 VirtualProtect
0x140b76268 VirtualFree
0x140b76270 VirtualAlloc
0x140b76278 GetLargePageMinimum
0x140b76280 LocalAlloc
0x140b76288 GetLastError
0x140b76290 LocalFree
0x140b76298 FlushInstructionCache
0x140b762a0 GetCurrentThreadId
0x140b762a8 AddVectoredExceptionHandler
0x140b762b0 DeviceIoControl
0x140b762b8 GetModuleFileNameW
0x140b762c0 CreateFileW
0x140b762c8 SetLastError
0x140b762d0 GetSystemTime
0x140b762d8 SystemTimeToFileTime
0x140b762e0 GetModuleHandleExW
0x140b762e8 EnterCriticalSection
0x140b762f0 LeaveCriticalSection
0x140b762f8 InitializeCriticalSectionAndSpinCount
0x140b76300 DeleteCriticalSection
0x140b76308 TlsAlloc
0x140b76310 TlsGetValue
0x140b76318 TlsSetValue
0x140b76320 TlsFree
0x140b76328 SwitchToFiber
0x140b76330 DeleteFiber
0x140b76338 CreateFiber
0x140b76340 FindClose
0x140b76348 FindFirstFileW
0x140b76350 FindNextFileW
0x140b76358 WideCharToMultiByte
0x140b76360 GetFileType
0x140b76368 WriteFile
0x140b76370 FormatMessageW
0x140b76378 ConvertFiberToThread
0x140b76380 ConvertThreadToFiber
0x140b76388 QueryPerformanceCounter
0x140b76390 GetCurrentProcessId
0x140b76398 GetSystemTimeAsFileTime
0x140b763a0 FreeLibrary
0x140b763a8 LoadLibraryA
0x140b763b0 LoadLibraryW
0x140b763b8 GetEnvironmentVariableW
0x140b763c0 ReadConsoleA
0x140b763c8 ReadConsoleW
0x140b763d0 PostQueuedCompletionStatus
0x140b763d8 CreateFileA
0x140b763e0 DuplicateHandle
0x140b763e8 SetEvent
0x140b763f0 ResetEvent
0x140b763f8 WaitForSingleObject
0x140b76400 CreateEventA
0x140b76408 Sleep
0x140b76410 QueueUserWorkItem
0x140b76418 RegisterWaitForSingleObject
0x140b76420 UnregisterWait
0x140b76428 GetNumberOfConsoleInputEvents
0x140b76430 ReadConsoleInputW
0x140b76438 FillConsoleOutputCharacterW
0x140b76440 FillConsoleOutputAttribute
0x140b76448 GetConsoleCursorInfo
0x140b76450 SetConsoleCursorInfo
0x140b76458 GetConsoleScreenBufferInfo
0x140b76460 SetConsoleCursorPosition
0x140b76468 SetConsoleTextAttribute
0x140b76470 WriteConsoleInputW
0x140b76478 VerSetConditionMask
0x140b76480 GetEnvironmentStringsW
0x140b76488 SetConsoleTitleA
0x140b76490 WriteConsoleW
0x140b76498 SetCurrentDirectoryW
0x140b764a0 GetCurrentDirectoryW
0x140b764a8 GetTempPathW
0x140b764b0 QueryPerformanceFrequency
0x140b764b8 InitializeCriticalSection
0x140b764c0 GlobalMemoryStatusEx
0x140b764c8 GetSystemInfo
0x140b764d0 GetVersionExW
0x140b764d8 VerifyVersionInfoA
0x140b764e0 FileTimeToSystemTime
0x140b764e8 CreateDirectoryW
0x140b764f0 FlushFileBuffers
0x140b764f8 GetDiskFreeSpaceW
0x140b76500 GetFileAttributesW
0x140b76508 GetFileInformationByHandle
0x140b76510 GetFileSizeEx
0x140b76518 GetFinalPathNameByHandleW
0x140b76520 GetFullPathNameW
0x140b76528 ReadFile
0x140b76530 RemoveDirectoryW
0x140b76538 SetFilePointerEx
0x140b76540 SetFileTime
0x140b76548 RtlUnwind
0x140b76550 FlushViewOfFile
0x140b76558 UnmapViewOfFile
0x140b76560 CreateFileMappingA
0x140b76568 ReOpenFile
0x140b76570 CopyFileW
0x140b76578 MoveFileExW
0x140b76580 CreateHardLinkW
0x140b76588 GetFileInformationByHandleEx
0x140b76590 CreateSymbolicLinkW
0x140b76598 SetConsoleCtrlHandler
0x140b765a0 GetLongPathNameW
0x140b765a8 GetShortPathNameW
0x140b765b0 CreateIoCompletionPort
0x140b765b8 ReadDirectoryChangesW
0x140b765c0 SetHandleInformation
0x140b765c8 CancelIo
0x140b765d0 SetFileCompletionNotificationModes
0x140b765d8 LoadLibraryExW
0x140b765e0 FormatMessageA
0x140b765e8 SetErrorMode
0x140b765f0 GetQueuedCompletionStatus
0x140b765f8 ConnectNamedPipe
0x140b76600 PeekNamedPipe
0x140b76608 CreateNamedPipeW
0x140b76610 CancelIoEx
0x140b76618 CancelSynchronousIo
0x140b76620 SwitchToThread
0x140b76628 TerminateProcess
0x140b76630 GetExitCodeProcess
0x140b76638 UnregisterWaitEx
0x140b76640 LCMapStringW
0x140b76648 DebugBreak
0x140b76650 TryEnterCriticalSection
0x140b76658 InitializeConditionVariable
0x140b76660 WakeConditionVariable
0x140b76668 SleepConditionVariableCS
0x140b76670 ReleaseSemaphore
0x140b76678 ResumeThread
0x140b76680 GetNativeSystemInfo
0x140b76688 CreateSemaphoreA
0x140b76690 GetModuleHandleA
0x140b76698 GetStartupInfoW
0x140b766a0 GetModuleFileNameA
0x140b766a8 GetVersionExA
0x140b766b0 GetProcessAffinityMask
0x140b766b8 SetProcessAffinityMask
0x140b766c0 SetThreadAffinityMask
0x140b766c8 GetComputerNameA
0x140b766d0 CreateTimerQueue
0x140b766d8 IsDebuggerPresent
0x140b766e0 InitializeSListHead
0x140b766e8 IsProcessorFeaturePresent
0x140b766f0 SetUnhandledExceptionFilter
0x140b766f8 UnhandledExceptionFilter
0x140b76700 RtlVirtualUnwind
0x140b76708 RtlLookupFunctionEntry
0x140b76710 RtlCaptureContext
0x140b76718 GetStringTypeW
0x140b76720 GetLocaleInfoW
0x140b76728 CompareStringW
0x140b76730 CreateEventW
0x140b76738 GetCPInfo
0x140b76740 DecodePointer
0x140b76748 EncodePointer
0x140b76750 SignalObjectAndWait
0x140b76758 SetEnvironmentVariableW
0x140b76760 CreateThread
0x140b76768 GetThreadPriority
0x140b76770 GetLogicalProcessorInformation
0x140b76778 CreateTimerQueueTimer
0x140b76780 ChangeTimerQueueTimer
0x140b76788 DeleteTimerQueueTimer
0x140b76790 GetNumaHighestNodeNumber
0x140b76798 GetThreadTimes
0x140b767a0 FreeLibraryAndExitThread
0x140b767a8 InterlockedPopEntrySList
0x140b767b0 InterlockedPushEntrySList
0x140b767b8 InterlockedFlushSList
0x140b767c0 QueryDepthSList
0x140b767c8 RtlUnwindEx
0x140b767d0 SetStdHandle
0x140b767d8 GetCommandLineA
0x140b767e0 GetCommandLineW
0x140b767e8 ExitThread
0x140b767f0 GetDriveTypeW
0x140b767f8 SystemTimeToTzSpecificLocalTime
0x140b76800 ExitProcess
0x140b76808 GetFileAttributesExW
0x140b76810 SetFileAttributesW
0x140b76818 GetConsoleCP
0x140b76820 IsValidLocale
0x140b76828 GetUserDefaultLCID
0x140b76830 EnumSystemLocalesW
0x140b76838 HeapReAlloc
0x140b76840 GetTimeZoneInformation
0x140b76848 HeapSize
0x140b76850 SetEndOfFile
0x140b76858 FindFirstFileExW
0x140b76860 IsValidCodePage
0x140b76868 GetACP
0x140b76870 GetOEMCP
0x140b76878 FreeEnvironmentStringsW
0x140b76880 MapViewOfFile
0x140b76888 GetExitCodeThread
0x140b76890 WaitForSingleObjectEx
0x140b76898 RtlPcToFileHeader
0x140b768a0 RaiseException
USER32.dll
0x140b768b0 GetSystemMetrics
0x140b768b8 MapVirtualKeyW
0x140b768c0 DispatchMessageA
0x140b768c8 TranslateMessage
0x140b768d0 GetMessageA
0x140b768d8 MessageBoxW
0x140b768e0 GetUserObjectInformationW
0x140b768e8 GetProcessWindowStation
0x140b768f0 ShowWindow
0x140b768f8 GetLastInputInfo
0x140b76900 FindWindowW
SHELL32.dll
0x140b76910 SHGetSpecialFolderPathA
0x140b76918 SHGetFolderPathW
ADVAPI32.dll
0x140b76928 SystemFunction036
0x140b76930 GetUserNameW
0x140b76938 CryptEnumProvidersW
0x140b76940 CryptSignHashW
0x140b76948 CryptDestroyHash
0x140b76950 CryptCreateHash
0x140b76958 CryptExportKey
0x140b76960 CryptGetUserKey
0x140b76968 CryptGetProvParam
0x140b76970 CryptSetHashParam
0x140b76978 CryptDestroyKey
0x140b76980 CryptReleaseContext
0x140b76988 ReportEventW
0x140b76990 RegisterEventSourceW
0x140b76998 DeregisterEventSource
0x140b769a0 CreateServiceW
0x140b769a8 QueryServiceStatus
0x140b769b0 CloseServiceHandle
0x140b769b8 OpenSCManagerW
0x140b769c0 QueryServiceConfigA
0x140b769c8 DeleteService
0x140b769d0 ControlService
0x140b769d8 StartServiceW
0x140b769e0 OpenServiceW
0x140b769e8 LookupPrivilegeValueW
0x140b769f0 AdjustTokenPrivileges
0x140b769f8 OpenProcessToken
0x140b76a00 LsaOpenPolicy
0x140b76a08 LsaAddAccountRights
0x140b76a10 LsaClose
0x140b76a18 GetTokenInformation
0x140b76a20 CryptAcquireContextW
0x140b76a28 CryptDecrypt
0x140b76a30 CryptSetKeyParam
0x140b76a38 CryptImportKey
crypt.dll
0x140b76a48 BCryptGenRandom
WTSAPI32.dll
0x140b76a58 WTSSendMessageW
KERNEL32.dll
0x140b76a68 GetSystemTimeAsFileTime
0x140b76a70 GetModuleHandleA
0x140b76a78 CreateEventA
0x140b76a80 GetModuleFileNameW
0x140b76a88 LoadLibraryA
0x140b76a90 TerminateProcess
0x140b76a98 GetCurrentProcess
0x140b76aa0 CreateToolhelp32Snapshot
0x140b76aa8 Thread32First
0x140b76ab0 GetCurrentProcessId
0x140b76ab8 GetCurrentThreadId
0x140b76ac0 OpenThread
0x140b76ac8 Thread32Next
0x140b76ad0 CloseHandle
0x140b76ad8 SuspendThread
0x140b76ae0 ResumeThread
0x140b76ae8 WriteProcessMemory
0x140b76af0 GetSystemInfo
0x140b76af8 VirtualAlloc
0x140b76b00 VirtualProtect
0x140b76b08 VirtualFree
0x140b76b10 GetProcessAffinityMask
0x140b76b18 SetProcessAffinityMask
0x140b76b20 GetCurrentThread
0x140b76b28 SetThreadAffinityMask
0x140b76b30 Sleep
0x140b76b38 FreeLibrary
0x140b76b40 GetTickCount
0x140b76b48 SystemTimeToFileTime
0x140b76b50 FileTimeToSystemTime
0x140b76b58 GlobalFree
0x140b76b60 LocalAlloc
0x140b76b68 LocalFree
0x140b76b70 GetProcAddress
0x140b76b78 ExitProcess
0x140b76b80 EnterCriticalSection
0x140b76b88 LeaveCriticalSection
0x140b76b90 InitializeCriticalSection
0x140b76b98 DeleteCriticalSection
0x140b76ba0 GetModuleHandleW
0x140b76ba8 LoadResource
0x140b76bb0 MultiByteToWideChar
0x140b76bb8 FindResourceExW
0x140b76bc0 FindResourceExA
0x140b76bc8 WideCharToMultiByte
0x140b76bd0 GetThreadLocale
0x140b76bd8 GetUserDefaultLCID
0x140b76be0 GetSystemDefaultLCID
0x140b76be8 EnumResourceNamesA
0x140b76bf0 EnumResourceNamesW
0x140b76bf8 EnumResourceLanguagesA
0x140b76c00 EnumResourceLanguagesW
0x140b76c08 EnumResourceTypesA
0x140b76c10 EnumResourceTypesW
0x140b76c18 CreateFileW
0x140b76c20 LoadLibraryW
0x140b76c28 GetLastError
0x140b76c30 FlushFileBuffers
0x140b76c38 CreateFileA
0x140b76c40 WriteConsoleW
0x140b76c48 GetConsoleOutputCP
0x140b76c50 WriteConsoleA
0x140b76c58 SetStdHandle
0x140b76c60 FlsSetValue
0x140b76c68 GetCommandLineA
0x140b76c70 RaiseException
0x140b76c78 RtlPcToFileHeader
0x140b76c80 RtlLookupFunctionEntry
0x140b76c88 RtlUnwindEx
0x140b76c90 HeapFree
0x140b76c98 GetCPInfo
0x140b76ca0 GetACP
0x140b76ca8 GetOEMCP
0x140b76cb0 IsValidCodePage
0x140b76cb8 EncodePointer
0x140b76cc0 DecodePointer
0x140b76cc8 FlsGetValue
0x140b76cd0 FlsFree
0x140b76cd8 SetLastError
0x140b76ce0 FlsAlloc
0x140b76ce8 UnhandledExceptionFilter
0x140b76cf0 SetUnhandledExceptionFilter
0x140b76cf8 IsDebuggerPresent
0x140b76d00 RtlVirtualUnwind
0x140b76d08 RtlCaptureContext
0x140b76d10 HeapAlloc
0x140b76d18 LCMapStringA
0x140b76d20 LCMapStringW
0x140b76d28 SetHandleCount
0x140b76d30 GetStdHandle
0x140b76d38 GetFileType
0x140b76d40 GetStartupInfoA
0x140b76d48 GetModuleFileNameA
0x140b76d50 FreeEnvironmentStringsA
0x140b76d58 GetEnvironmentStrings
0x140b76d60 FreeEnvironmentStringsW
0x140b76d68 GetEnvironmentStringsW
0x140b76d70 HeapSetInformation
0x140b76d78 HeapCreate
0x140b76d80 HeapDestroy
0x140b76d88 QueryPerformanceCounter
0x140b76d90 GetStringTypeA
0x140b76d98 GetStringTypeW
0x140b76da0 GetLocaleInfoA
0x140b76da8 HeapSize
0x140b76db0 WriteFile
0x140b76db8 SetFilePointer
0x140b76dc0 GetConsoleCP
0x140b76dc8 GetConsoleMode
0x140b76dd0 HeapReAlloc
0x140b76dd8 InitializeCriticalSectionAndSpinCount
USER32.dll
0x140b76de8 GetUserObjectInformationW
0x140b76df0 CharUpperBuffW
0x140b76df8 MessageBoxW
0x140b76e00 GetProcessWindowStation
KERNEL32.dll
0x140b76e10 LocalAlloc
0x140b76e18 LocalFree
0x140b76e20 GetModuleFileNameW
0x140b76e28 GetProcessAffinityMask
0x140b76e30 SetProcessAffinityMask
0x140b76e38 SetThreadAffinityMask
0x140b76e40 Sleep
0x140b76e48 ExitProcess
0x140b76e50 FreeLibrary
0x140b76e58 LoadLibraryA
0x140b76e60 GetModuleHandleA
0x140b76e68 GetProcAddress
USER32.dll
0x140b76e78 GetProcessWindowStation
0x140b76e80 GetUserObjectInformationW
EAT(Export Address Table) Library
WS2_32.dll
0x140b76000 GetAddrInfoW
0x140b76008 WSAGetLastError
0x140b76010 setsockopt
0x140b76018 WSARecvFrom
0x140b76020 WSASend
0x140b76028 WSARecv
0x140b76030 WSAIoctl
0x140b76038 WSADuplicateSocketW
0x140b76040 FreeAddrInfoW
0x140b76048 htons
0x140b76050 gethostname
0x140b76058 htonl
0x140b76060 listen
0x140b76068 ind
0x140b76070 getsockname
0x140b76078 WSASetLastError
0x140b76080 WSACleanup
0x140b76088 __WSAFDIsSet
0x140b76090 closesocket
0x140b76098 select
0x140b760a0 shutdown
0x140b760a8 WSASocketW
0x140b760b0 inet_pton
0x140b760b8 getaddrinfo
0x140b760c0 WSAStartup
0x140b760c8 getpeername
0x140b760d0 send
0x140b760d8 socket
0x140b760e0 ntohs
0x140b760e8 connect
0x140b760f0 recv
0x140b760f8 getsockopt
0x140b76100 freeaddrinfo
0x140b76108 ioctlsocket
0x140b76110 getnameinfo
PSAPI.DLL
0x140b76120 GetProcessMemoryInfo
IPHLPAPI.DLL
0x140b76130 GetAdaptersAddresses
USERENV.dll
0x140b76140 GetUserProfileDirectoryW
CRYPT32.dll
0x140b76150 CertCloseStore
0x140b76158 CertGetCertificateContextProperty
0x140b76160 CertFreeCertificateContext
0x140b76168 CertOpenSystemStoreW
0x140b76170 CertEnumCertificatesInStore
0x140b76178 CertFindCertificateInStore
0x140b76180 CertOpenStore
0x140b76188 CertDuplicateCertificateContext
KERNEL32.dll
0x140b76198 GetStdHandle
0x140b761a0 SetConsoleMode
0x140b761a8 GetConsoleMode
0x140b761b0 SizeofResource
0x140b761b8 LockResource
0x140b761c0 LoadResource
0x140b761c8 FindResourceW
0x140b761d0 ExpandEnvironmentStringsA
0x140b761d8 SetThreadExecutionState
0x140b761e0 GetTickCount
0x140b761e8 GetSystemFirmwareTable
0x140b761f0 HeapFree
0x140b761f8 HeapAlloc
0x140b76200 GetProcessHeap
0x140b76208 MultiByteToWideChar
0x140b76210 SetPriorityClass
0x140b76218 GetCurrentProcess
0x140b76220 SetThreadPriority
0x140b76228 GetSystemPowerStatus
0x140b76230 GetCurrentThread
0x140b76238 GetProcAddress
0x140b76240 GetModuleHandleW
0x140b76248 CloseHandle
0x140b76250 FreeConsole
0x140b76258 GetConsoleWindow
0x140b76260 VirtualProtect
0x140b76268 VirtualFree
0x140b76270 VirtualAlloc
0x140b76278 GetLargePageMinimum
0x140b76280 LocalAlloc
0x140b76288 GetLastError
0x140b76290 LocalFree
0x140b76298 FlushInstructionCache
0x140b762a0 GetCurrentThreadId
0x140b762a8 AddVectoredExceptionHandler
0x140b762b0 DeviceIoControl
0x140b762b8 GetModuleFileNameW
0x140b762c0 CreateFileW
0x140b762c8 SetLastError
0x140b762d0 GetSystemTime
0x140b762d8 SystemTimeToFileTime
0x140b762e0 GetModuleHandleExW
0x140b762e8 EnterCriticalSection
0x140b762f0 LeaveCriticalSection
0x140b762f8 InitializeCriticalSectionAndSpinCount
0x140b76300 DeleteCriticalSection
0x140b76308 TlsAlloc
0x140b76310 TlsGetValue
0x140b76318 TlsSetValue
0x140b76320 TlsFree
0x140b76328 SwitchToFiber
0x140b76330 DeleteFiber
0x140b76338 CreateFiber
0x140b76340 FindClose
0x140b76348 FindFirstFileW
0x140b76350 FindNextFileW
0x140b76358 WideCharToMultiByte
0x140b76360 GetFileType
0x140b76368 WriteFile
0x140b76370 FormatMessageW
0x140b76378 ConvertFiberToThread
0x140b76380 ConvertThreadToFiber
0x140b76388 QueryPerformanceCounter
0x140b76390 GetCurrentProcessId
0x140b76398 GetSystemTimeAsFileTime
0x140b763a0 FreeLibrary
0x140b763a8 LoadLibraryA
0x140b763b0 LoadLibraryW
0x140b763b8 GetEnvironmentVariableW
0x140b763c0 ReadConsoleA
0x140b763c8 ReadConsoleW
0x140b763d0 PostQueuedCompletionStatus
0x140b763d8 CreateFileA
0x140b763e0 DuplicateHandle
0x140b763e8 SetEvent
0x140b763f0 ResetEvent
0x140b763f8 WaitForSingleObject
0x140b76400 CreateEventA
0x140b76408 Sleep
0x140b76410 QueueUserWorkItem
0x140b76418 RegisterWaitForSingleObject
0x140b76420 UnregisterWait
0x140b76428 GetNumberOfConsoleInputEvents
0x140b76430 ReadConsoleInputW
0x140b76438 FillConsoleOutputCharacterW
0x140b76440 FillConsoleOutputAttribute
0x140b76448 GetConsoleCursorInfo
0x140b76450 SetConsoleCursorInfo
0x140b76458 GetConsoleScreenBufferInfo
0x140b76460 SetConsoleCursorPosition
0x140b76468 SetConsoleTextAttribute
0x140b76470 WriteConsoleInputW
0x140b76478 VerSetConditionMask
0x140b76480 GetEnvironmentStringsW
0x140b76488 SetConsoleTitleA
0x140b76490 WriteConsoleW
0x140b76498 SetCurrentDirectoryW
0x140b764a0 GetCurrentDirectoryW
0x140b764a8 GetTempPathW
0x140b764b0 QueryPerformanceFrequency
0x140b764b8 InitializeCriticalSection
0x140b764c0 GlobalMemoryStatusEx
0x140b764c8 GetSystemInfo
0x140b764d0 GetVersionExW
0x140b764d8 VerifyVersionInfoA
0x140b764e0 FileTimeToSystemTime
0x140b764e8 CreateDirectoryW
0x140b764f0 FlushFileBuffers
0x140b764f8 GetDiskFreeSpaceW
0x140b76500 GetFileAttributesW
0x140b76508 GetFileInformationByHandle
0x140b76510 GetFileSizeEx
0x140b76518 GetFinalPathNameByHandleW
0x140b76520 GetFullPathNameW
0x140b76528 ReadFile
0x140b76530 RemoveDirectoryW
0x140b76538 SetFilePointerEx
0x140b76540 SetFileTime
0x140b76548 RtlUnwind
0x140b76550 FlushViewOfFile
0x140b76558 UnmapViewOfFile
0x140b76560 CreateFileMappingA
0x140b76568 ReOpenFile
0x140b76570 CopyFileW
0x140b76578 MoveFileExW
0x140b76580 CreateHardLinkW
0x140b76588 GetFileInformationByHandleEx
0x140b76590 CreateSymbolicLinkW
0x140b76598 SetConsoleCtrlHandler
0x140b765a0 GetLongPathNameW
0x140b765a8 GetShortPathNameW
0x140b765b0 CreateIoCompletionPort
0x140b765b8 ReadDirectoryChangesW
0x140b765c0 SetHandleInformation
0x140b765c8 CancelIo
0x140b765d0 SetFileCompletionNotificationModes
0x140b765d8 LoadLibraryExW
0x140b765e0 FormatMessageA
0x140b765e8 SetErrorMode
0x140b765f0 GetQueuedCompletionStatus
0x140b765f8 ConnectNamedPipe
0x140b76600 PeekNamedPipe
0x140b76608 CreateNamedPipeW
0x140b76610 CancelIoEx
0x140b76618 CancelSynchronousIo
0x140b76620 SwitchToThread
0x140b76628 TerminateProcess
0x140b76630 GetExitCodeProcess
0x140b76638 UnregisterWaitEx
0x140b76640 LCMapStringW
0x140b76648 DebugBreak
0x140b76650 TryEnterCriticalSection
0x140b76658 InitializeConditionVariable
0x140b76660 WakeConditionVariable
0x140b76668 SleepConditionVariableCS
0x140b76670 ReleaseSemaphore
0x140b76678 ResumeThread
0x140b76680 GetNativeSystemInfo
0x140b76688 CreateSemaphoreA
0x140b76690 GetModuleHandleA
0x140b76698 GetStartupInfoW
0x140b766a0 GetModuleFileNameA
0x140b766a8 GetVersionExA
0x140b766b0 GetProcessAffinityMask
0x140b766b8 SetProcessAffinityMask
0x140b766c0 SetThreadAffinityMask
0x140b766c8 GetComputerNameA
0x140b766d0 CreateTimerQueue
0x140b766d8 IsDebuggerPresent
0x140b766e0 InitializeSListHead
0x140b766e8 IsProcessorFeaturePresent
0x140b766f0 SetUnhandledExceptionFilter
0x140b766f8 UnhandledExceptionFilter
0x140b76700 RtlVirtualUnwind
0x140b76708 RtlLookupFunctionEntry
0x140b76710 RtlCaptureContext
0x140b76718 GetStringTypeW
0x140b76720 GetLocaleInfoW
0x140b76728 CompareStringW
0x140b76730 CreateEventW
0x140b76738 GetCPInfo
0x140b76740 DecodePointer
0x140b76748 EncodePointer
0x140b76750 SignalObjectAndWait
0x140b76758 SetEnvironmentVariableW
0x140b76760 CreateThread
0x140b76768 GetThreadPriority
0x140b76770 GetLogicalProcessorInformation
0x140b76778 CreateTimerQueueTimer
0x140b76780 ChangeTimerQueueTimer
0x140b76788 DeleteTimerQueueTimer
0x140b76790 GetNumaHighestNodeNumber
0x140b76798 GetThreadTimes
0x140b767a0 FreeLibraryAndExitThread
0x140b767a8 InterlockedPopEntrySList
0x140b767b0 InterlockedPushEntrySList
0x140b767b8 InterlockedFlushSList
0x140b767c0 QueryDepthSList
0x140b767c8 RtlUnwindEx
0x140b767d0 SetStdHandle
0x140b767d8 GetCommandLineA
0x140b767e0 GetCommandLineW
0x140b767e8 ExitThread
0x140b767f0 GetDriveTypeW
0x140b767f8 SystemTimeToTzSpecificLocalTime
0x140b76800 ExitProcess
0x140b76808 GetFileAttributesExW
0x140b76810 SetFileAttributesW
0x140b76818 GetConsoleCP
0x140b76820 IsValidLocale
0x140b76828 GetUserDefaultLCID
0x140b76830 EnumSystemLocalesW
0x140b76838 HeapReAlloc
0x140b76840 GetTimeZoneInformation
0x140b76848 HeapSize
0x140b76850 SetEndOfFile
0x140b76858 FindFirstFileExW
0x140b76860 IsValidCodePage
0x140b76868 GetACP
0x140b76870 GetOEMCP
0x140b76878 FreeEnvironmentStringsW
0x140b76880 MapViewOfFile
0x140b76888 GetExitCodeThread
0x140b76890 WaitForSingleObjectEx
0x140b76898 RtlPcToFileHeader
0x140b768a0 RaiseException
USER32.dll
0x140b768b0 GetSystemMetrics
0x140b768b8 MapVirtualKeyW
0x140b768c0 DispatchMessageA
0x140b768c8 TranslateMessage
0x140b768d0 GetMessageA
0x140b768d8 MessageBoxW
0x140b768e0 GetUserObjectInformationW
0x140b768e8 GetProcessWindowStation
0x140b768f0 ShowWindow
0x140b768f8 GetLastInputInfo
0x140b76900 FindWindowW
SHELL32.dll
0x140b76910 SHGetSpecialFolderPathA
0x140b76918 SHGetFolderPathW
ADVAPI32.dll
0x140b76928 SystemFunction036
0x140b76930 GetUserNameW
0x140b76938 CryptEnumProvidersW
0x140b76940 CryptSignHashW
0x140b76948 CryptDestroyHash
0x140b76950 CryptCreateHash
0x140b76958 CryptExportKey
0x140b76960 CryptGetUserKey
0x140b76968 CryptGetProvParam
0x140b76970 CryptSetHashParam
0x140b76978 CryptDestroyKey
0x140b76980 CryptReleaseContext
0x140b76988 ReportEventW
0x140b76990 RegisterEventSourceW
0x140b76998 DeregisterEventSource
0x140b769a0 CreateServiceW
0x140b769a8 QueryServiceStatus
0x140b769b0 CloseServiceHandle
0x140b769b8 OpenSCManagerW
0x140b769c0 QueryServiceConfigA
0x140b769c8 DeleteService
0x140b769d0 ControlService
0x140b769d8 StartServiceW
0x140b769e0 OpenServiceW
0x140b769e8 LookupPrivilegeValueW
0x140b769f0 AdjustTokenPrivileges
0x140b769f8 OpenProcessToken
0x140b76a00 LsaOpenPolicy
0x140b76a08 LsaAddAccountRights
0x140b76a10 LsaClose
0x140b76a18 GetTokenInformation
0x140b76a20 CryptAcquireContextW
0x140b76a28 CryptDecrypt
0x140b76a30 CryptSetKeyParam
0x140b76a38 CryptImportKey
crypt.dll
0x140b76a48 BCryptGenRandom
WTSAPI32.dll
0x140b76a58 WTSSendMessageW
KERNEL32.dll
0x140b76a68 GetSystemTimeAsFileTime
0x140b76a70 GetModuleHandleA
0x140b76a78 CreateEventA
0x140b76a80 GetModuleFileNameW
0x140b76a88 LoadLibraryA
0x140b76a90 TerminateProcess
0x140b76a98 GetCurrentProcess
0x140b76aa0 CreateToolhelp32Snapshot
0x140b76aa8 Thread32First
0x140b76ab0 GetCurrentProcessId
0x140b76ab8 GetCurrentThreadId
0x140b76ac0 OpenThread
0x140b76ac8 Thread32Next
0x140b76ad0 CloseHandle
0x140b76ad8 SuspendThread
0x140b76ae0 ResumeThread
0x140b76ae8 WriteProcessMemory
0x140b76af0 GetSystemInfo
0x140b76af8 VirtualAlloc
0x140b76b00 VirtualProtect
0x140b76b08 VirtualFree
0x140b76b10 GetProcessAffinityMask
0x140b76b18 SetProcessAffinityMask
0x140b76b20 GetCurrentThread
0x140b76b28 SetThreadAffinityMask
0x140b76b30 Sleep
0x140b76b38 FreeLibrary
0x140b76b40 GetTickCount
0x140b76b48 SystemTimeToFileTime
0x140b76b50 FileTimeToSystemTime
0x140b76b58 GlobalFree
0x140b76b60 LocalAlloc
0x140b76b68 LocalFree
0x140b76b70 GetProcAddress
0x140b76b78 ExitProcess
0x140b76b80 EnterCriticalSection
0x140b76b88 LeaveCriticalSection
0x140b76b90 InitializeCriticalSection
0x140b76b98 DeleteCriticalSection
0x140b76ba0 GetModuleHandleW
0x140b76ba8 LoadResource
0x140b76bb0 MultiByteToWideChar
0x140b76bb8 FindResourceExW
0x140b76bc0 FindResourceExA
0x140b76bc8 WideCharToMultiByte
0x140b76bd0 GetThreadLocale
0x140b76bd8 GetUserDefaultLCID
0x140b76be0 GetSystemDefaultLCID
0x140b76be8 EnumResourceNamesA
0x140b76bf0 EnumResourceNamesW
0x140b76bf8 EnumResourceLanguagesA
0x140b76c00 EnumResourceLanguagesW
0x140b76c08 EnumResourceTypesA
0x140b76c10 EnumResourceTypesW
0x140b76c18 CreateFileW
0x140b76c20 LoadLibraryW
0x140b76c28 GetLastError
0x140b76c30 FlushFileBuffers
0x140b76c38 CreateFileA
0x140b76c40 WriteConsoleW
0x140b76c48 GetConsoleOutputCP
0x140b76c50 WriteConsoleA
0x140b76c58 SetStdHandle
0x140b76c60 FlsSetValue
0x140b76c68 GetCommandLineA
0x140b76c70 RaiseException
0x140b76c78 RtlPcToFileHeader
0x140b76c80 RtlLookupFunctionEntry
0x140b76c88 RtlUnwindEx
0x140b76c90 HeapFree
0x140b76c98 GetCPInfo
0x140b76ca0 GetACP
0x140b76ca8 GetOEMCP
0x140b76cb0 IsValidCodePage
0x140b76cb8 EncodePointer
0x140b76cc0 DecodePointer
0x140b76cc8 FlsGetValue
0x140b76cd0 FlsFree
0x140b76cd8 SetLastError
0x140b76ce0 FlsAlloc
0x140b76ce8 UnhandledExceptionFilter
0x140b76cf0 SetUnhandledExceptionFilter
0x140b76cf8 IsDebuggerPresent
0x140b76d00 RtlVirtualUnwind
0x140b76d08 RtlCaptureContext
0x140b76d10 HeapAlloc
0x140b76d18 LCMapStringA
0x140b76d20 LCMapStringW
0x140b76d28 SetHandleCount
0x140b76d30 GetStdHandle
0x140b76d38 GetFileType
0x140b76d40 GetStartupInfoA
0x140b76d48 GetModuleFileNameA
0x140b76d50 FreeEnvironmentStringsA
0x140b76d58 GetEnvironmentStrings
0x140b76d60 FreeEnvironmentStringsW
0x140b76d68 GetEnvironmentStringsW
0x140b76d70 HeapSetInformation
0x140b76d78 HeapCreate
0x140b76d80 HeapDestroy
0x140b76d88 QueryPerformanceCounter
0x140b76d90 GetStringTypeA
0x140b76d98 GetStringTypeW
0x140b76da0 GetLocaleInfoA
0x140b76da8 HeapSize
0x140b76db0 WriteFile
0x140b76db8 SetFilePointer
0x140b76dc0 GetConsoleCP
0x140b76dc8 GetConsoleMode
0x140b76dd0 HeapReAlloc
0x140b76dd8 InitializeCriticalSectionAndSpinCount
USER32.dll
0x140b76de8 GetUserObjectInformationW
0x140b76df0 CharUpperBuffW
0x140b76df8 MessageBoxW
0x140b76e00 GetProcessWindowStation
KERNEL32.dll
0x140b76e10 LocalAlloc
0x140b76e18 LocalFree
0x140b76e20 GetModuleFileNameW
0x140b76e28 GetProcessAffinityMask
0x140b76e30 SetProcessAffinityMask
0x140b76e38 SetThreadAffinityMask
0x140b76e40 Sleep
0x140b76e48 ExitProcess
0x140b76e50 FreeLibrary
0x140b76e58 LoadLibraryA
0x140b76e60 GetModuleHandleA
0x140b76e68 GetProcAddress
USER32.dll
0x140b76e78 GetProcessWindowStation
0x140b76e80 GetUserObjectInformationW
EAT(Export Address Table) Library