ScreenShot
| Created | 2023.05.18 09:48 | Machine | s1_win7_x6403 |
| Filename | llaa25.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (Artemis, Eldorado, Malicious, FileRepMalware, Misc, GenericKD, Casdet, Chgt, Fabookie, CLOUD) | ||
| md5 | aec63ca0e90ee3b2f811656ae8747e9e | ||
| sha256 | 94e03a7ceab6adddb4e2c0ebc59705a9c6bed46472c4afb9a42bcf439e727aae | ||
| ssdeep | 6144:C8pJxhKjBkhD5qslNvdA6NZ+cP0MMUcMUDyu5Wp2i3UdSGZRW:1pJxrDNlp1PemUd | ||
| imphash | 31e556ae7fe1ed4edcf727f836365d92 | ||
| impfuzzy | 192:8A1ci1mlHuaXC0L0Lr9eFH26BW0PVaXHxpsaz:Vci1cbXCC0Lr9eFH26BW0PVaXRpt | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Attempts to create or modify system certificates |
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (12cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Double User-Agent (User-Agent User-Agent)
ET HUNTING Double User-Agent (User-Agent User-Agent)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegCloseKey
0x100001008 RegQueryValueExW
0x100001010 RegSetValueExW
0x100001018 OpenSCManagerW
0x100001020 EnumServicesStatusW
0x100001028 OpenServiceW
0x100001030 CloseServiceHandle
0x100001038 ChangeServiceConfigW
0x100001040 QueryServiceConfigW
0x100001048 RegEnumKeyExW
0x100001050 RegOpenKeyExW
0x100001058 RegCreateKeyExW
0x100001060 RegQueryInfoKeyW
0x100001068 RegEnumValueW
0x100001070 RegDeleteValueW
0x100001078 OpenProcessToken
0x100001080 LookupPrivilegeValueW
0x100001088 AdjustTokenPrivileges
0x100001090 InitiateShutdownW
KERNEL32.dll
0x100001118 DeleteFileW
0x100001120 MoveFileExW
0x100001128 FindResourceW
0x100001130 LoadResource
0x100001138 LockResource
0x100001140 SizeofResource
0x100001148 GlobalAlloc
0x100001150 GlobalLock
0x100001158 GlobalUnlock
0x100001160 GlobalFree
0x100001168 GetSystemInfo
0x100001170 GetPhysicallyInstalledSystemMemory
0x100001178 GlobalMemoryStatusEx
0x100001180 GetCurrentProcess
0x100001188 FindFirstFileW
0x100001190 CopyFileW
0x100001198 FreeLibrary
0x1000011a0 FormatMessageW
0x1000011a8 LocalFree
0x1000011b0 HeapSetInformation
0x1000011b8 RegisterApplicationRestart
0x1000011c0 OpenProcess
0x1000011c8 GetCurrentProcessId
0x1000011d0 GetCurrentThreadId
0x1000011d8 GetCommandLineW
0x1000011e0 CompareStringW
0x1000011e8 SetFileAttributesW
0x1000011f0 CreateDirectoryW
0x1000011f8 CreateSemaphoreW
0x100001200 MultiByteToWideChar
0x100001208 WideCharToMultiByte
0x100001210 lstrcmpiW
0x100001218 lstrlenW
0x100001220 FindClose
0x100001228 RtlCompareMemory
0x100001230 FindNextFileW
0x100001238 GetDateFormatW
0x100001240 QueryDosDeviceW
0x100001248 LocalAlloc
0x100001250 UnhandledExceptionFilter
0x100001258 TerminateProcess
0x100001260 GetSystemTimeAsFileTime
0x100001268 GetTickCount
0x100001270 QueryPerformanceCounter
0x100001278 SetUnhandledExceptionFilter
0x100001280 GetStartupInfoW
0x100001288 Sleep
0x100001290 InterlockedPushEntrySList
0x100001298 VirtualAlloc
0x1000012a0 InterlockedPopEntrySList
0x1000012a8 GetProcessHeap
0x1000012b0 VirtualFree
0x1000012b8 HeapFree
0x1000012c0 HeapAlloc
0x1000012c8 GetNativeSystemInfo
0x1000012d0 CloseHandle
0x1000012d8 CreateThread
0x1000012e0 GetModuleHandleW
0x1000012e8 LoadLibraryW
0x1000012f0 GetProcAddress
0x1000012f8 ExpandEnvironmentStringsW
0x100001300 GetTimeFormatW
0x100001308 GetLastError
0x100001310 FlushInstructionCache
GDI32.dll
0x1000010f8 GetTextMetricsW
0x100001100 SelectObject
0x100001108 GetTextExtentPoint32W
USER32.dll
0x1000018d8 SetCursor
0x1000018e0 LoadCursorW
0x1000018e8 GetFocus
0x1000018f0 ShowWindow
0x1000018f8 MessageBoxW
0x100001900 IsWindowEnabled
0x100001908 GetSystemMetrics
0x100001910 EndDialog
0x100001918 SetFocus
0x100001920 SetWindowTextW
0x100001928 LoadStringW
0x100001930 GetActiveWindow
0x100001938 GetDlgItem
0x100001940 GetDlgItemTextW
0x100001948 GetClientRect
0x100001950 SendMessageW
0x100001958 LoadIconW
0x100001960 CharNextW
0x100001968 FindWindowW
0x100001970 SetForegroundWindow
0x100001978 IsIconic
0x100001980 GetLastActivePopup
0x100001988 IsDlgButtonChecked
0x100001990 CheckDlgButton
0x100001998 SetDlgItemInt
0x1000019a0 SetDlgItemTextW
0x1000019a8 GetWindowTextLengthW
0x1000019b0 GetWindowTextW
0x1000019b8 SetWindowLongPtrW
0x1000019c0 GetDC
0x1000019c8 ReleaseDC
0x1000019d0 GetKeyState
0x1000019d8 CallWindowProcW
0x1000019e0 GetWindowLongPtrW
0x1000019e8 EnableWindow
MFC42u.dll
0x100001320 None
0x100001328 None
0x100001330 None
0x100001338 None
0x100001340 None
0x100001348 None
0x100001350 None
0x100001358 None
0x100001360 None
0x100001368 None
0x100001370 None
0x100001378 None
0x100001380 None
0x100001388 None
0x100001390 None
0x100001398 None
0x1000013a0 None
0x1000013a8 None
0x1000013b0 None
0x1000013b8 None
0x1000013c0 None
0x1000013c8 None
0x1000013d0 None
0x1000013d8 None
0x1000013e0 None
0x1000013e8 None
0x1000013f0 None
0x1000013f8 None
0x100001400 None
0x100001408 None
0x100001410 None
0x100001418 None
0x100001420 None
0x100001428 None
0x100001430 None
0x100001438 None
0x100001440 None
0x100001448 None
0x100001450 None
0x100001458 None
0x100001460 None
0x100001468 None
0x100001470 None
0x100001478 None
0x100001480 None
0x100001488 None
0x100001490 None
0x100001498 None
0x1000014a0 None
0x1000014a8 None
0x1000014b0 None
0x1000014b8 None
0x1000014c0 None
0x1000014c8 None
0x1000014d0 None
0x1000014d8 None
0x1000014e0 None
0x1000014e8 None
0x1000014f0 None
0x1000014f8 None
0x100001500 None
0x100001508 None
0x100001510 None
0x100001518 None
0x100001520 None
0x100001528 None
0x100001530 None
0x100001538 None
0x100001540 None
0x100001548 None
0x100001550 None
0x100001558 None
0x100001560 None
0x100001568 None
0x100001570 None
0x100001578 None
0x100001580 None
0x100001588 None
0x100001590 None
0x100001598 None
0x1000015a0 None
0x1000015a8 None
0x1000015b0 None
0x1000015b8 None
0x1000015c0 None
0x1000015c8 None
0x1000015d0 None
0x1000015d8 None
0x1000015e0 None
0x1000015e8 None
0x1000015f0 None
0x1000015f8 None
0x100001600 None
0x100001608 None
0x100001610 None
0x100001618 None
0x100001620 None
0x100001628 None
0x100001630 None
0x100001638 None
0x100001640 None
0x100001648 None
0x100001650 None
0x100001658 None
0x100001660 None
0x100001668 None
0x100001670 None
0x100001678 None
0x100001680 None
0x100001688 None
0x100001690 None
0x100001698 None
0x1000016a0 None
0x1000016a8 None
0x1000016b0 None
0x1000016b8 None
0x1000016c0 None
0x1000016c8 None
0x1000016d0 None
0x1000016d8 None
0x1000016e0 None
0x1000016e8 None
0x1000016f0 None
0x1000016f8 None
0x100001700 None
0x100001708 None
0x100001710 None
0x100001718 None
0x100001720 None
0x100001728 None
0x100001730 None
0x100001738 None
0x100001740 None
0x100001748 None
0x100001750 None
0x100001758 None
0x100001760 None
0x100001768 None
0x100001770 None
0x100001778 None
0x100001780 None
0x100001788 None
0x100001790 None
0x100001798 None
0x1000017a0 None
0x1000017a8 None
0x1000017b0 None
0x1000017b8 None
0x1000017c0 None
0x1000017c8 None
0x1000017d0 None
0x1000017d8 None
0x1000017e0 None
0x1000017e8 None
0x1000017f0 None
0x1000017f8 None
0x100001800 None
0x100001808 None
0x100001810 None
0x100001818 None
0x100001820 None
0x100001828 None
0x100001830 None
0x100001838 None
0x100001840 None
0x100001848 None
0x100001850 None
0x100001858 None
0x100001860 None
0x100001868 None
0x100001870 None
0x100001878 None
msvcrt.dll
0x100001a18 ??1type_info@@UEAA@XZ
0x100001a20 _unlock
0x100001a28 __dllonexit
0x100001a30 _lock
0x100001a38 _onexit
0x100001a40 _amsg_exit
0x100001a48 _initterm
0x100001a50 _wcmdln
0x100001a58 exit
0x100001a60 _cexit
0x100001a68 _exit
0x100001a70 _XcptFilter
0x100001a78 __C_specific_handler
0x100001a80 __wgetmainargs
0x100001a88 __CxxFrameHandler3
0x100001a90 ?terminate@@YAXXZ
0x100001a98 _CxxThrowException
0x100001aa0 ??0exception@@QEAA@AEBQEBDH@Z
0x100001aa8 iswdigit
0x100001ab0 wcsrchr
0x100001ab8 _wtoi
0x100001ac0 memmove
0x100001ac8 calloc
0x100001ad0 _vsnwprintf
0x100001ad8 _wtol
0x100001ae0 _itow_s
0x100001ae8 memcpy
0x100001af0 memcmp
0x100001af8 _snwscanf_s
0x100001b00 _wcsupr
0x100001b08 wcsnlen
0x100001b10 strncmp
0x100001b18 wcsncpy_s
0x100001b20 __set_app_type
0x100001b28 _fmode
0x100001b30 _commode
0x100001b38 _callnewh
0x100001b40 memset
0x100001b48 _ultow_s
0x100001b50 wcschr
0x100001b58 _wcsnicmp
0x100001b60 wcstoul
0x100001b68 swprintf_s
0x100001b70 wcscpy_s
0x100001b78 wcscat_s
0x100001b80 _wcsicmp
0x100001b88 ??0exception@@QEAA@XZ
0x100001b90 memmove_s
0x100001b98 ??0exception@@QEAA@AEBQEBD@Z
0x100001ba0 ??1exception@@UEAA@XZ
0x100001ba8 ?what@exception@@UEBAPEBDXZ
0x100001bb0 memcpy_s
0x100001bb8 ??0exception@@QEAA@AEBV0@@Z
0x100001bc0 _wcsicoll
0x100001bc8 wcstok
0x100001bd0 wcsstr
0x100001bd8 _wcslwr
0x100001be0 _purecall
0x100001be8 free
0x100001bf0 malloc
0x100001bf8 __setusermatherr
ATL.DLL
0x1000010a0 None
0x1000010a8 None
0x1000010b0 None
0x1000010b8 None
0x1000010c0 None
0x1000010c8 None
0x1000010d0 None
0x1000010d8 None
0x1000010e0 None
0x1000010e8 None
SHELL32.dll
0x1000018b8 ShellExecuteW
0x1000018c0 SHEvaluateSystemCommandTemplate
0x1000018c8 SHGetSpecialFolderPathW
OLEAUT32.dll
0x100001888 SysAllocString
0x100001890 VariantChangeType
0x100001898 VariantClear
0x1000018a0 SysFreeString
0x1000018a8 VariantInit
ole32.dll
0x100001dc0 CreateStreamOnHGlobal
0x100001dc8 CoInitializeEx
0x100001dd0 CoTaskMemFree
0x100001dd8 CoCreateInstance
0x100001de0 CoUninitialize
0x100001de8 CoInitialize
VERSION.dll
0x1000019f8 VerQueryValueW
0x100001a00 GetFileVersionInfoW
0x100001a08 GetFileVersionInfoSizeW
ntdll.dll
0x100001c08 RtlNtStatusToDosError
0x100001c10 RtlInitUnicodeString
0x100001c18 RtlCaptureContext
0x100001c20 RtlLookupFunctionEntry
0x100001c28 RtlVirtualUnwind
0x100001c30 WinSqmAddToStream
0x100001c38 NtResetEvent
0x100001c40 NtDeleteFile
0x100001c48 NtQueryVolumeInformationFile
0x100001c50 LdrGetDllHandle
0x100001c58 NtQueryInformationFile
0x100001c60 RtlStringFromGUID
0x100001c68 NtQuerySystemInformation
0x100001c70 RtlFreeHeap
0x100001c78 RtlFreeUnicodeString
0x100001c80 RtlGUIDFromString
0x100001c88 NtClose
0x100001c90 RtlAllocateHeap
0x100001c98 NtOpenFile
0x100001ca0 NtDeviceIoControlFile
0x100001ca8 NtWaitForSingleObject
0x100001cb0 NtCreateEvent
0x100001cb8 NtQueryKey
0x100001cc0 NtEnumerateKey
0x100001cc8 NtQueryAttributesFile
0x100001cd0 NtOpenKey
0x100001cd8 RtlCreateAcl
0x100001ce0 NtSaveKey
0x100001ce8 NtUnloadKey
0x100001cf0 RtlFreeSid
0x100001cf8 RtlSetDaclSecurityDescriptor
0x100001d00 NtDeleteValueKey
0x100001d08 NtLoadKey
0x100001d10 NtOpenThreadToken
0x100001d18 NtCreateKey
0x100001d20 NtCreateFile
0x100001d28 RtlLengthSecurityDescriptor
0x100001d30 RtlAddAccessAllowedAceEx
0x100001d38 NtOpenProcessToken
0x100001d40 NtSetSecurityObject
0x100001d48 NtQueryValueKey
0x100001d50 NtSetValueKey
0x100001d58 NtAdjustPrivilegesToken
0x100001d60 NtDeleteKey
0x100001d68 RtlAllocateAndInitializeSid
0x100001d70 RtlLengthSid
0x100001d78 RtlCreateSecurityDescriptor
0x100001d80 RtlSetOwnerSecurityDescriptor
0x100001d88 NtAllocateUuids
0x100001d90 RtlInitAnsiString
0x100001d98 NtOpenSymbolicLinkObject
0x100001da0 LdrGetProcedureAddress
0x100001da8 NtQuerySymbolicLinkObject
0x100001db0 WinSqmIncrementDWORD
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegCloseKey
0x100001008 RegQueryValueExW
0x100001010 RegSetValueExW
0x100001018 OpenSCManagerW
0x100001020 EnumServicesStatusW
0x100001028 OpenServiceW
0x100001030 CloseServiceHandle
0x100001038 ChangeServiceConfigW
0x100001040 QueryServiceConfigW
0x100001048 RegEnumKeyExW
0x100001050 RegOpenKeyExW
0x100001058 RegCreateKeyExW
0x100001060 RegQueryInfoKeyW
0x100001068 RegEnumValueW
0x100001070 RegDeleteValueW
0x100001078 OpenProcessToken
0x100001080 LookupPrivilegeValueW
0x100001088 AdjustTokenPrivileges
0x100001090 InitiateShutdownW
KERNEL32.dll
0x100001118 DeleteFileW
0x100001120 MoveFileExW
0x100001128 FindResourceW
0x100001130 LoadResource
0x100001138 LockResource
0x100001140 SizeofResource
0x100001148 GlobalAlloc
0x100001150 GlobalLock
0x100001158 GlobalUnlock
0x100001160 GlobalFree
0x100001168 GetSystemInfo
0x100001170 GetPhysicallyInstalledSystemMemory
0x100001178 GlobalMemoryStatusEx
0x100001180 GetCurrentProcess
0x100001188 FindFirstFileW
0x100001190 CopyFileW
0x100001198 FreeLibrary
0x1000011a0 FormatMessageW
0x1000011a8 LocalFree
0x1000011b0 HeapSetInformation
0x1000011b8 RegisterApplicationRestart
0x1000011c0 OpenProcess
0x1000011c8 GetCurrentProcessId
0x1000011d0 GetCurrentThreadId
0x1000011d8 GetCommandLineW
0x1000011e0 CompareStringW
0x1000011e8 SetFileAttributesW
0x1000011f0 CreateDirectoryW
0x1000011f8 CreateSemaphoreW
0x100001200 MultiByteToWideChar
0x100001208 WideCharToMultiByte
0x100001210 lstrcmpiW
0x100001218 lstrlenW
0x100001220 FindClose
0x100001228 RtlCompareMemory
0x100001230 FindNextFileW
0x100001238 GetDateFormatW
0x100001240 QueryDosDeviceW
0x100001248 LocalAlloc
0x100001250 UnhandledExceptionFilter
0x100001258 TerminateProcess
0x100001260 GetSystemTimeAsFileTime
0x100001268 GetTickCount
0x100001270 QueryPerformanceCounter
0x100001278 SetUnhandledExceptionFilter
0x100001280 GetStartupInfoW
0x100001288 Sleep
0x100001290 InterlockedPushEntrySList
0x100001298 VirtualAlloc
0x1000012a0 InterlockedPopEntrySList
0x1000012a8 GetProcessHeap
0x1000012b0 VirtualFree
0x1000012b8 HeapFree
0x1000012c0 HeapAlloc
0x1000012c8 GetNativeSystemInfo
0x1000012d0 CloseHandle
0x1000012d8 CreateThread
0x1000012e0 GetModuleHandleW
0x1000012e8 LoadLibraryW
0x1000012f0 GetProcAddress
0x1000012f8 ExpandEnvironmentStringsW
0x100001300 GetTimeFormatW
0x100001308 GetLastError
0x100001310 FlushInstructionCache
GDI32.dll
0x1000010f8 GetTextMetricsW
0x100001100 SelectObject
0x100001108 GetTextExtentPoint32W
USER32.dll
0x1000018d8 SetCursor
0x1000018e0 LoadCursorW
0x1000018e8 GetFocus
0x1000018f0 ShowWindow
0x1000018f8 MessageBoxW
0x100001900 IsWindowEnabled
0x100001908 GetSystemMetrics
0x100001910 EndDialog
0x100001918 SetFocus
0x100001920 SetWindowTextW
0x100001928 LoadStringW
0x100001930 GetActiveWindow
0x100001938 GetDlgItem
0x100001940 GetDlgItemTextW
0x100001948 GetClientRect
0x100001950 SendMessageW
0x100001958 LoadIconW
0x100001960 CharNextW
0x100001968 FindWindowW
0x100001970 SetForegroundWindow
0x100001978 IsIconic
0x100001980 GetLastActivePopup
0x100001988 IsDlgButtonChecked
0x100001990 CheckDlgButton
0x100001998 SetDlgItemInt
0x1000019a0 SetDlgItemTextW
0x1000019a8 GetWindowTextLengthW
0x1000019b0 GetWindowTextW
0x1000019b8 SetWindowLongPtrW
0x1000019c0 GetDC
0x1000019c8 ReleaseDC
0x1000019d0 GetKeyState
0x1000019d8 CallWindowProcW
0x1000019e0 GetWindowLongPtrW
0x1000019e8 EnableWindow
MFC42u.dll
0x100001320 None
0x100001328 None
0x100001330 None
0x100001338 None
0x100001340 None
0x100001348 None
0x100001350 None
0x100001358 None
0x100001360 None
0x100001368 None
0x100001370 None
0x100001378 None
0x100001380 None
0x100001388 None
0x100001390 None
0x100001398 None
0x1000013a0 None
0x1000013a8 None
0x1000013b0 None
0x1000013b8 None
0x1000013c0 None
0x1000013c8 None
0x1000013d0 None
0x1000013d8 None
0x1000013e0 None
0x1000013e8 None
0x1000013f0 None
0x1000013f8 None
0x100001400 None
0x100001408 None
0x100001410 None
0x100001418 None
0x100001420 None
0x100001428 None
0x100001430 None
0x100001438 None
0x100001440 None
0x100001448 None
0x100001450 None
0x100001458 None
0x100001460 None
0x100001468 None
0x100001470 None
0x100001478 None
0x100001480 None
0x100001488 None
0x100001490 None
0x100001498 None
0x1000014a0 None
0x1000014a8 None
0x1000014b0 None
0x1000014b8 None
0x1000014c0 None
0x1000014c8 None
0x1000014d0 None
0x1000014d8 None
0x1000014e0 None
0x1000014e8 None
0x1000014f0 None
0x1000014f8 None
0x100001500 None
0x100001508 None
0x100001510 None
0x100001518 None
0x100001520 None
0x100001528 None
0x100001530 None
0x100001538 None
0x100001540 None
0x100001548 None
0x100001550 None
0x100001558 None
0x100001560 None
0x100001568 None
0x100001570 None
0x100001578 None
0x100001580 None
0x100001588 None
0x100001590 None
0x100001598 None
0x1000015a0 None
0x1000015a8 None
0x1000015b0 None
0x1000015b8 None
0x1000015c0 None
0x1000015c8 None
0x1000015d0 None
0x1000015d8 None
0x1000015e0 None
0x1000015e8 None
0x1000015f0 None
0x1000015f8 None
0x100001600 None
0x100001608 None
0x100001610 None
0x100001618 None
0x100001620 None
0x100001628 None
0x100001630 None
0x100001638 None
0x100001640 None
0x100001648 None
0x100001650 None
0x100001658 None
0x100001660 None
0x100001668 None
0x100001670 None
0x100001678 None
0x100001680 None
0x100001688 None
0x100001690 None
0x100001698 None
0x1000016a0 None
0x1000016a8 None
0x1000016b0 None
0x1000016b8 None
0x1000016c0 None
0x1000016c8 None
0x1000016d0 None
0x1000016d8 None
0x1000016e0 None
0x1000016e8 None
0x1000016f0 None
0x1000016f8 None
0x100001700 None
0x100001708 None
0x100001710 None
0x100001718 None
0x100001720 None
0x100001728 None
0x100001730 None
0x100001738 None
0x100001740 None
0x100001748 None
0x100001750 None
0x100001758 None
0x100001760 None
0x100001768 None
0x100001770 None
0x100001778 None
0x100001780 None
0x100001788 None
0x100001790 None
0x100001798 None
0x1000017a0 None
0x1000017a8 None
0x1000017b0 None
0x1000017b8 None
0x1000017c0 None
0x1000017c8 None
0x1000017d0 None
0x1000017d8 None
0x1000017e0 None
0x1000017e8 None
0x1000017f0 None
0x1000017f8 None
0x100001800 None
0x100001808 None
0x100001810 None
0x100001818 None
0x100001820 None
0x100001828 None
0x100001830 None
0x100001838 None
0x100001840 None
0x100001848 None
0x100001850 None
0x100001858 None
0x100001860 None
0x100001868 None
0x100001870 None
0x100001878 None
msvcrt.dll
0x100001a18 ??1type_info@@UEAA@XZ
0x100001a20 _unlock
0x100001a28 __dllonexit
0x100001a30 _lock
0x100001a38 _onexit
0x100001a40 _amsg_exit
0x100001a48 _initterm
0x100001a50 _wcmdln
0x100001a58 exit
0x100001a60 _cexit
0x100001a68 _exit
0x100001a70 _XcptFilter
0x100001a78 __C_specific_handler
0x100001a80 __wgetmainargs
0x100001a88 __CxxFrameHandler3
0x100001a90 ?terminate@@YAXXZ
0x100001a98 _CxxThrowException
0x100001aa0 ??0exception@@QEAA@AEBQEBDH@Z
0x100001aa8 iswdigit
0x100001ab0 wcsrchr
0x100001ab8 _wtoi
0x100001ac0 memmove
0x100001ac8 calloc
0x100001ad0 _vsnwprintf
0x100001ad8 _wtol
0x100001ae0 _itow_s
0x100001ae8 memcpy
0x100001af0 memcmp
0x100001af8 _snwscanf_s
0x100001b00 _wcsupr
0x100001b08 wcsnlen
0x100001b10 strncmp
0x100001b18 wcsncpy_s
0x100001b20 __set_app_type
0x100001b28 _fmode
0x100001b30 _commode
0x100001b38 _callnewh
0x100001b40 memset
0x100001b48 _ultow_s
0x100001b50 wcschr
0x100001b58 _wcsnicmp
0x100001b60 wcstoul
0x100001b68 swprintf_s
0x100001b70 wcscpy_s
0x100001b78 wcscat_s
0x100001b80 _wcsicmp
0x100001b88 ??0exception@@QEAA@XZ
0x100001b90 memmove_s
0x100001b98 ??0exception@@QEAA@AEBQEBD@Z
0x100001ba0 ??1exception@@UEAA@XZ
0x100001ba8 ?what@exception@@UEBAPEBDXZ
0x100001bb0 memcpy_s
0x100001bb8 ??0exception@@QEAA@AEBV0@@Z
0x100001bc0 _wcsicoll
0x100001bc8 wcstok
0x100001bd0 wcsstr
0x100001bd8 _wcslwr
0x100001be0 _purecall
0x100001be8 free
0x100001bf0 malloc
0x100001bf8 __setusermatherr
ATL.DLL
0x1000010a0 None
0x1000010a8 None
0x1000010b0 None
0x1000010b8 None
0x1000010c0 None
0x1000010c8 None
0x1000010d0 None
0x1000010d8 None
0x1000010e0 None
0x1000010e8 None
SHELL32.dll
0x1000018b8 ShellExecuteW
0x1000018c0 SHEvaluateSystemCommandTemplate
0x1000018c8 SHGetSpecialFolderPathW
OLEAUT32.dll
0x100001888 SysAllocString
0x100001890 VariantChangeType
0x100001898 VariantClear
0x1000018a0 SysFreeString
0x1000018a8 VariantInit
ole32.dll
0x100001dc0 CreateStreamOnHGlobal
0x100001dc8 CoInitializeEx
0x100001dd0 CoTaskMemFree
0x100001dd8 CoCreateInstance
0x100001de0 CoUninitialize
0x100001de8 CoInitialize
VERSION.dll
0x1000019f8 VerQueryValueW
0x100001a00 GetFileVersionInfoW
0x100001a08 GetFileVersionInfoSizeW
ntdll.dll
0x100001c08 RtlNtStatusToDosError
0x100001c10 RtlInitUnicodeString
0x100001c18 RtlCaptureContext
0x100001c20 RtlLookupFunctionEntry
0x100001c28 RtlVirtualUnwind
0x100001c30 WinSqmAddToStream
0x100001c38 NtResetEvent
0x100001c40 NtDeleteFile
0x100001c48 NtQueryVolumeInformationFile
0x100001c50 LdrGetDllHandle
0x100001c58 NtQueryInformationFile
0x100001c60 RtlStringFromGUID
0x100001c68 NtQuerySystemInformation
0x100001c70 RtlFreeHeap
0x100001c78 RtlFreeUnicodeString
0x100001c80 RtlGUIDFromString
0x100001c88 NtClose
0x100001c90 RtlAllocateHeap
0x100001c98 NtOpenFile
0x100001ca0 NtDeviceIoControlFile
0x100001ca8 NtWaitForSingleObject
0x100001cb0 NtCreateEvent
0x100001cb8 NtQueryKey
0x100001cc0 NtEnumerateKey
0x100001cc8 NtQueryAttributesFile
0x100001cd0 NtOpenKey
0x100001cd8 RtlCreateAcl
0x100001ce0 NtSaveKey
0x100001ce8 NtUnloadKey
0x100001cf0 RtlFreeSid
0x100001cf8 RtlSetDaclSecurityDescriptor
0x100001d00 NtDeleteValueKey
0x100001d08 NtLoadKey
0x100001d10 NtOpenThreadToken
0x100001d18 NtCreateKey
0x100001d20 NtCreateFile
0x100001d28 RtlLengthSecurityDescriptor
0x100001d30 RtlAddAccessAllowedAceEx
0x100001d38 NtOpenProcessToken
0x100001d40 NtSetSecurityObject
0x100001d48 NtQueryValueKey
0x100001d50 NtSetValueKey
0x100001d58 NtAdjustPrivilegesToken
0x100001d60 NtDeleteKey
0x100001d68 RtlAllocateAndInitializeSid
0x100001d70 RtlLengthSid
0x100001d78 RtlCreateSecurityDescriptor
0x100001d80 RtlSetOwnerSecurityDescriptor
0x100001d88 NtAllocateUuids
0x100001d90 RtlInitAnsiString
0x100001d98 NtOpenSymbolicLinkObject
0x100001da0 LdrGetProcedureAddress
0x100001da8 NtQuerySymbolicLinkObject
0x100001db0 WinSqmIncrementDWORD
EAT(Export Address Table) is none