ScreenShot
| Created | 2023.06.21 12:25 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (Convagent, malicious, high confidence, score, CoinMiner, Neshta, FileInfector, Miner, Miners, grayware, confidence, 100%, Eldorado, Attribute, HighConfidence, RiskTool, BitCoinMiner, juvfrc, CoinminerX, Bitminer, BtcMine, Tool, R002C0PB323, XMRig Miner, atsq, Xmrig, ApplicUnwnt@#otsuqsw372wl, Detected, R559418, ai score=76, unsafe, HackTool, XMRMiner, CLASSIC, L4+xPzTwgrk, Static AI, Suspicious PE, susgen) | ||
| md5 | 0b021b93052fed386a4d094edae61ca8 | ||
| sha256 | 0510f1e57b0bc5967a8b658cea729948219d578b6c9b3a036ff33b4a6a46e495 | ||
| ssdeep | 98304:1qEqoiuD0Sl7r5qCEShFa+XWgUyeC6SmIaAgXMQ3AyCQRy1/ANwCZJu3ThnklTmn:bkSl7L7ztTLblSwNgIxlstyZI5Hd | ||
| imphash | 16bb67d62ee484974f9392fc52c45722 | ||
| impfuzzy | 192:5mShLrx+GW5W6ScwT9Si9pHJpcjSFW4Q8VhdUjgLnH6:bz+GuucK9SiHdlfdUjgLna | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140aea01c AdjustTokenPrivileges
0x140aea024 AllocateAndInitializeSid
0x140aea02c CloseServiceHandle
0x140aea034 ControlService
0x140aea03c CreateServiceW
0x140aea044 CryptAcquireContextW
0x140aea04c CryptCreateHash
0x140aea054 CryptDecrypt
0x140aea05c CryptDestroyHash
0x140aea064 CryptDestroyKey
0x140aea06c CryptEnumProvidersW
0x140aea074 CryptExportKey
0x140aea07c CryptGenRandom
0x140aea084 CryptGetProvParam
0x140aea08c CryptGetUserKey
0x140aea094 CryptReleaseContext
0x140aea09c CryptSetHashParam
0x140aea0a4 CryptSignHashW
0x140aea0ac DeleteService
0x140aea0b4 DeregisterEventSource
0x140aea0bc FreeSid
0x140aea0c4 GetSecurityInfo
0x140aea0cc GetTokenInformation
0x140aea0d4 GetUserNameW
0x140aea0dc LookupPrivilegeValueW
0x140aea0e4 LsaAddAccountRights
0x140aea0ec LsaClose
0x140aea0f4 LsaOpenPolicy
0x140aea0fc OpenProcessToken
0x140aea104 OpenSCManagerW
0x140aea10c OpenServiceW
0x140aea114 QueryServiceConfigA
0x140aea11c QueryServiceStatus
0x140aea124 RegCloseKey
0x140aea12c RegGetValueW
0x140aea134 RegOpenKeyExW
0x140aea13c RegQueryValueExW
0x140aea144 RegisterEventSourceW
0x140aea14c ReportEventW
0x140aea154 SetEntriesInAclA
0x140aea15c SetSecurityInfo
0x140aea164 StartServiceW
0x140aea16c SystemFunction036
CRYPT32.dll
0x140aea17c CertCloseStore
0x140aea184 CertDuplicateCertificateContext
0x140aea18c CertEnumCertificatesInStore
0x140aea194 CertFindCertificateInStore
0x140aea19c CertFreeCertificateContext
0x140aea1a4 CertGetCertificateContextProperty
0x140aea1ac CertOpenStore
IPHLPAPI.DLL
0x140aea1bc ConvertInterfaceIndexToLuid
0x140aea1c4 ConvertInterfaceLuidToNameW
0x140aea1cc GetAdaptersAddresses
KERNEL32.dll
0x140aea1dc AcquireSRWLockExclusive
0x140aea1e4 AcquireSRWLockShared
0x140aea1ec AddVectoredExceptionHandler
0x140aea1f4 AssignProcessToJobObject
0x140aea1fc CancelIo
0x140aea204 CancelIoEx
0x140aea20c CancelSynchronousIo
0x140aea214 CloseHandle
0x140aea21c ConnectNamedPipe
0x140aea224 ConvertFiberToThread
0x140aea22c ConvertThreadToFiber
0x140aea234 CopyFileW
0x140aea23c CreateDirectoryW
0x140aea244 CreateEventA
0x140aea24c CreateFiber
0x140aea254 CreateFileA
0x140aea25c CreateFileMappingA
0x140aea264 CreateFileW
0x140aea26c CreateHardLinkW
0x140aea274 CreateIoCompletionPort
0x140aea27c CreateJobObjectW
0x140aea284 CreateNamedPipeA
0x140aea28c CreateNamedPipeW
0x140aea294 CreateProcessW
0x140aea29c CreateSemaphoreA
0x140aea2a4 CreateSymbolicLinkW
0x140aea2ac CreateToolhelp32Snapshot
0x140aea2b4 DebugBreak
0x140aea2bc DeleteCriticalSection
0x140aea2c4 DeleteFiber
0x140aea2cc DeviceIoControl
0x140aea2d4 DuplicateHandle
0x140aea2dc EnterCriticalSection
0x140aea2e4 ExpandEnvironmentStringsA
0x140aea2ec FileTimeToSystemTime
0x140aea2f4 FillConsoleOutputAttribute
0x140aea2fc FillConsoleOutputCharacterW
0x140aea304 FindClose
0x140aea30c FindFirstFileW
0x140aea314 FindNextFileW
0x140aea31c FindResourceW
0x140aea324 FlushFileBuffers
0x140aea32c FlushInstructionCache
0x140aea334 FlushViewOfFile
0x140aea33c FormatMessageA
0x140aea344 FormatMessageW
0x140aea34c FreeConsole
0x140aea354 FreeEnvironmentStringsW
0x140aea35c FreeLibrary
0x140aea364 GetComputerNameA
0x140aea36c GetConsoleCursorInfo
0x140aea374 GetConsoleMode
0x140aea37c GetConsoleScreenBufferInfo
0x140aea384 GetConsoleTitleW
0x140aea38c GetConsoleWindow
0x140aea394 GetCurrentDirectoryW
0x140aea39c GetCurrentProcess
0x140aea3a4 GetCurrentProcessId
0x140aea3ac GetCurrentThread
0x140aea3b4 GetCurrentThreadId
0x140aea3bc GetDiskFreeSpaceW
0x140aea3c4 GetEnvironmentStringsW
0x140aea3cc GetEnvironmentVariableW
0x140aea3d4 GetExitCodeProcess
0x140aea3dc GetFileAttributesA
0x140aea3e4 GetFileAttributesW
0x140aea3ec GetFileInformationByHandle
0x140aea3f4 GetFileInformationByHandleEx
0x140aea3fc GetFileSizeEx
0x140aea404 GetFileType
0x140aea40c GetFinalPathNameByHandleW
0x140aea414 GetFullPathNameW
0x140aea41c GetHandleInformation
0x140aea424 GetLargePageMinimum
0x140aea42c GetLastError
0x140aea434 GetLongPathNameW
0x140aea43c GetModuleFileNameA
0x140aea444 GetModuleFileNameW
0x140aea44c GetModuleHandleA
0x140aea454 GetModuleHandleExW
0x140aea45c GetModuleHandleW
0x140aea464 GetNamedPipeHandleStateA
0x140aea46c GetNativeSystemInfo
0x140aea474 GetNumberOfConsoleInputEvents
0x140aea47c GetPriorityClass
0x140aea484 GetProcAddress
0x140aea48c GetProcessAffinityMask
0x140aea494 GetProcessHeap
0x140aea49c GetProcessIoCounters
0x140aea4a4 GetProcessTimes
0x140aea4ac GetQueuedCompletionStatus
0x140aea4b4 GetShortPathNameW
0x140aea4bc GetStartupInfoA
0x140aea4c4 GetStartupInfoW
0x140aea4cc GetStdHandle
0x140aea4d4 GetSystemFirmwareTable
0x140aea4dc GetSystemInfo
0x140aea4e4 GetSystemPowerStatus
0x140aea4ec GetSystemTime
0x140aea4f4 GetSystemTimeAdjustment
0x140aea4fc GetSystemTimeAsFileTime
0x140aea504 GetTempPathW
0x140aea50c GetThreadContext
0x140aea514 GetThreadPriority
0x140aea51c GetThreadTimes
0x140aea524 GetTickCount
0x140aea52c GetTickCount64
0x140aea534 GetVersion
0x140aea53c GetVersionExA
0x140aea544 GetVersionExW
0x140aea54c GlobalMemoryStatusEx
0x140aea554 HeapAlloc
0x140aea55c HeapFree
0x140aea564 InitializeConditionVariable
0x140aea56c InitializeCriticalSection
0x140aea574 InitializeCriticalSectionAndSpinCount
0x140aea57c InitializeSRWLock
0x140aea584 IsDBCSLeadByteEx
0x140aea58c IsDebuggerPresent
0x140aea594 K32GetProcessMemoryInfo
0x140aea59c LCMapStringW
0x140aea5a4 LeaveCriticalSection
0x140aea5ac LoadLibraryA
0x140aea5b4 LoadLibraryExA
0x140aea5bc LoadLibraryExW
0x140aea5c4 LoadLibraryW
0x140aea5cc LoadResource
0x140aea5d4 LocalAlloc
0x140aea5dc LocalFree
0x140aea5e4 LockResource
0x140aea5ec MapViewOfFile
0x140aea5f4 MoveFileExW
0x140aea5fc MultiByteToWideChar
0x140aea604 OpenProcess
0x140aea60c OutputDebugStringA
0x140aea614 PeekNamedPipe
0x140aea61c PostQueuedCompletionStatus
0x140aea624 Process32First
0x140aea62c Process32Next
0x140aea634 QueryPerformanceCounter
0x140aea63c QueryPerformanceFrequency
0x140aea644 QueueUserWorkItem
0x140aea64c RaiseException
0x140aea654 ReOpenFile
0x140aea65c ReadConsoleA
0x140aea664 ReadConsoleInputW
0x140aea66c ReadConsoleW
0x140aea674 ReadDirectoryChangesW
0x140aea67c ReadFile
0x140aea684 RegisterWaitForSingleObject
0x140aea68c ReleaseSRWLockExclusive
0x140aea694 ReleaseSRWLockShared
0x140aea69c ReleaseSemaphore
0x140aea6a4 RemoveDirectoryW
0x140aea6ac RemoveVectoredExceptionHandler
0x140aea6b4 ResetEvent
0x140aea6bc ResumeThread
0x140aea6c4 RtlCaptureContext
0x140aea6cc RtlLookupFunctionEntry
0x140aea6d4 RtlUnwindEx
0x140aea6dc RtlVirtualUnwind
0x140aea6e4 SetConsoleCtrlHandler
0x140aea6ec SetConsoleCursorInfo
0x140aea6f4 SetConsoleCursorPosition
0x140aea6fc SetConsoleMode
0x140aea704 SetConsoleTextAttribute
0x140aea70c SetConsoleTitleA
0x140aea714 SetConsoleTitleW
0x140aea71c SetCurrentDirectoryW
0x140aea724 SetEnvironmentVariableW
0x140aea72c SetErrorMode
0x140aea734 SetEvent
0x140aea73c SetFileCompletionNotificationModes
0x140aea744 SetFilePointerEx
0x140aea74c SetFileTime
0x140aea754 SetHandleInformation
0x140aea75c SetInformationJobObject
0x140aea764 SetLastError
0x140aea76c SetNamedPipeHandleState
0x140aea774 SetPriorityClass
0x140aea77c SetProcessAffinityMask
0x140aea784 SetSystemTime
0x140aea78c SetThreadAffinityMask
0x140aea794 SetThreadContext
0x140aea79c SetThreadPriority
0x140aea7a4 SetUnhandledExceptionFilter
0x140aea7ac SizeofResource
0x140aea7b4 Sleep
0x140aea7bc SleepConditionVariableCS
0x140aea7c4 SuspendThread
0x140aea7cc SwitchToFiber
0x140aea7d4 SwitchToThread
0x140aea7dc SystemTimeToFileTime
0x140aea7e4 TerminateProcess
0x140aea7ec TlsAlloc
0x140aea7f4 TlsFree
0x140aea7fc TlsGetValue
0x140aea804 TlsSetValue
0x140aea80c TryAcquireSRWLockExclusive
0x140aea814 TryAcquireSRWLockShared
0x140aea81c TryEnterCriticalSection
0x140aea824 UnmapViewOfFile
0x140aea82c UnregisterWait
0x140aea834 UnregisterWaitEx
0x140aea83c VerSetConditionMask
0x140aea844 VerifyVersionInfoA
0x140aea84c VirtualAlloc
0x140aea854 VirtualFree
0x140aea85c VirtualProtect
0x140aea864 VirtualQuery
0x140aea86c WaitForMultipleObjects
0x140aea874 WaitForSingleObject
0x140aea87c WaitNamedPipeW
0x140aea884 WakeAllConditionVariable
0x140aea88c WakeConditionVariable
0x140aea894 WideCharToMultiByte
0x140aea89c WriteConsoleInputW
0x140aea8a4 WriteConsoleW
0x140aea8ac WriteFile
0x140aea8b4 __C_specific_handler
msvcrt.dll
0x140aea8c4 ___lc_codepage_func
0x140aea8cc ___mb_cur_max_func
0x140aea8d4 __argv
0x140aea8dc __doserrno
0x140aea8e4 __getmainargs
0x140aea8ec __initenv
0x140aea8f4 __iob_func
0x140aea8fc __set_app_type
0x140aea904 __setusermatherr
0x140aea90c _acmdln
0x140aea914 _amsg_exit
0x140aea91c _assert
0x140aea924 _beginthreadex
0x140aea92c _cexit
0x140aea934 _close
0x140aea93c _close
0x140aea944 _commode
0x140aea94c _endthreadex
0x140aea954 _errno
0x140aea95c _exit
0x140aea964 _fdopen
0x140aea96c _filelengthi64
0x140aea974 _fileno
0x140aea97c _findclose
0x140aea984 _fileno
0x140aea98c _findfirst64
0x140aea994 _findnext64
0x140aea99c _fmode
0x140aea9a4 _fstat64
0x140aea9ac _fullpath
0x140aea9b4 _get_osfhandle
0x140aea9bc _gmtime64
0x140aea9c4 _initterm
0x140aea9cc _isatty
0x140aea9d4 _localtime64
0x140aea9dc _lock
0x140aea9e4 _lseeki64
0x140aea9ec _mkdir
0x140aea9f4 _onexit
0x140aea9fc _open
0x140aeaa04 _open_osfhandle
0x140aeaa0c _read
0x140aeaa14 _read
0x140aeaa1c _setjmp
0x140aeaa24 _setmode
0x140aeaa2c _snwprintf
0x140aeaa34 _stat64
0x140aeaa3c _stricmp
0x140aeaa44 _strdup
0x140aeaa4c _strdup
0x140aeaa54 _strnicmp
0x140aeaa5c _time64
0x140aeaa64 _ultoa
0x140aeaa6c _unlock
0x140aeaa74 _umask
0x140aeaa7c _vscprintf
0x140aeaa84 _vsnprintf
0x140aeaa8c _vsnwprintf
0x140aeaa94 _wchmod
0x140aeaa9c _wcsdup
0x140aeaaa4 _wcsnicmp
0x140aeaaac _wcsrev
0x140aeaab4 _wfopen
0x140aeaabc _wopen
0x140aeaac4 _write
0x140aeaacc _wrmdir
0x140aeaad4 abort
0x140aeaadc atof
0x140aeaae4 atoi
0x140aeaaec calloc
0x140aeaaf4 exit
0x140aeaafc fclose
0x140aeab04 feof
0x140aeab0c ferror
0x140aeab14 fflush
0x140aeab1c fgetpos
0x140aeab24 fgets
0x140aeab2c fopen
0x140aeab34 fprintf
0x140aeab3c fputc
0x140aeab44 fputs
0x140aeab4c fread
0x140aeab54 free
0x140aeab5c fseek
0x140aeab64 fsetpos
0x140aeab6c ftell
0x140aeab74 fwrite
0x140aeab7c getc
0x140aeab84 getenv
0x140aeab8c getwc
0x140aeab94 islower
0x140aeab9c isspace
0x140aeaba4 isupper
0x140aeabac iswctype
0x140aeabb4 isxdigit
0x140aeabbc _write
0x140aeabc4 localeconv
0x140aeabcc longjmp
0x140aeabd4 malloc
0x140aeabdc memchr
0x140aeabe4 memcmp
0x140aeabec memcpy
0x140aeabf4 memmove
0x140aeabfc memset
0x140aeac04 printf
0x140aeac0c putc
0x140aeac14 putwc
0x140aeac1c qsort
0x140aeac24 raise
0x140aeac2c realloc
0x140aeac34 rand
0x140aeac3c setlocale
0x140aeac44 setvbuf
0x140aeac4c signal
0x140aeac54 sprintf
0x140aeac5c srand
0x140aeac64 strcat
0x140aeac6c strchr
0x140aeac74 strcmp
0x140aeac7c strcoll
0x140aeac84 strcpy
0x140aeac8c strcspn
0x140aeac94 strerror
0x140aeac9c strftime
0x140aeaca4 strlen
0x140aeacac strncmp
0x140aeacb4 strncpy
0x140aeacbc strrchr
0x140aeacc4 strspn
0x140aeaccc strstr
0x140aeacd4 strtol
0x140aeacdc strtoul
0x140aeace4 strxfrm
0x140aeacec tolower
0x140aeacf4 toupper
0x140aeacfc towlower
0x140aead04 towupper
0x140aead0c ungetc
0x140aead14 vfprintf
0x140aead1c ungetwc
0x140aead24 wcschr
0x140aead2c wcscmp
0x140aead34 wcscoll
0x140aead3c wcscpy
0x140aead44 wcsftime
0x140aead4c wcslen
0x140aead54 wcsncmp
0x140aead5c wcsncpy
0x140aead64 wcspbrk
0x140aead6c wcsrchr
0x140aead74 wcsstr
0x140aead7c wcstombs
0x140aead84 wcsxfrm
ole32.dll
0x140aead94 CoCreateInstance
0x140aead9c CoInitializeEx
0x140aeada4 CoUninitialize
SHELL32.dll
0x140aeadb4 SHGetSpecialFolderPathA
USER32.dll
0x140aeadc4 DispatchMessageA
0x140aeadcc GetLastInputInfo
0x140aeadd4 GetMessageA
0x140aeaddc GetProcessWindowStation
0x140aeade4 GetSystemMetrics
0x140aeadec GetUserObjectInformationW
0x140aeadf4 MapVirtualKeyW
0x140aeadfc MessageBoxW
0x140aeae04 ShowWindow
0x140aeae0c TranslateMessage
USERENV.dll
0x140aeae1c GetUserProfileDirectoryW
WS2_32.dll
0x140aeae2c FreeAddrInfoW
0x140aeae34 GetAddrInfoW
0x140aeae3c WSACleanup
0x140aeae44 WSADuplicateSocketW
0x140aeae4c WSAGetLastError
0x140aeae54 WSAGetOverlappedResult
0x140aeae5c WSAIoctl
0x140aeae64 WSARecv
0x140aeae6c WSARecvFrom
0x140aeae74 WSASend
0x140aeae7c WSASendTo
0x140aeae84 WSASetLastError
0x140aeae8c WSASocketW
0x140aeae94 WSAStartup
0x140aeae9c accept
0x140aeaea4 ind
0x140aeaeac closesocket
0x140aeaeb4 connect
0x140aeaebc freeaddrinfo
0x140aeaec4 getaddrinfo
0x140aeaecc gethostbyname
0x140aeaed4 gethostname
0x140aeaedc getnameinfo
0x140aeaee4 getpeername
0x140aeaeec getsockname
0x140aeaef4 getsockopt
0x140aeaefc htonl
0x140aeaf04 htons
0x140aeaf0c ioctlsocket
0x140aeaf14 listen
0x140aeaf1c ntohs
0x140aeaf24 recv
0x140aeaf2c select
0x140aeaf34 send
0x140aeaf3c setsockopt
0x140aeaf44 shutdown
0x140aeaf4c socket
EAT(Export Address Table) is none
ADVAPI32.dll
0x140aea01c AdjustTokenPrivileges
0x140aea024 AllocateAndInitializeSid
0x140aea02c CloseServiceHandle
0x140aea034 ControlService
0x140aea03c CreateServiceW
0x140aea044 CryptAcquireContextW
0x140aea04c CryptCreateHash
0x140aea054 CryptDecrypt
0x140aea05c CryptDestroyHash
0x140aea064 CryptDestroyKey
0x140aea06c CryptEnumProvidersW
0x140aea074 CryptExportKey
0x140aea07c CryptGenRandom
0x140aea084 CryptGetProvParam
0x140aea08c CryptGetUserKey
0x140aea094 CryptReleaseContext
0x140aea09c CryptSetHashParam
0x140aea0a4 CryptSignHashW
0x140aea0ac DeleteService
0x140aea0b4 DeregisterEventSource
0x140aea0bc FreeSid
0x140aea0c4 GetSecurityInfo
0x140aea0cc GetTokenInformation
0x140aea0d4 GetUserNameW
0x140aea0dc LookupPrivilegeValueW
0x140aea0e4 LsaAddAccountRights
0x140aea0ec LsaClose
0x140aea0f4 LsaOpenPolicy
0x140aea0fc OpenProcessToken
0x140aea104 OpenSCManagerW
0x140aea10c OpenServiceW
0x140aea114 QueryServiceConfigA
0x140aea11c QueryServiceStatus
0x140aea124 RegCloseKey
0x140aea12c RegGetValueW
0x140aea134 RegOpenKeyExW
0x140aea13c RegQueryValueExW
0x140aea144 RegisterEventSourceW
0x140aea14c ReportEventW
0x140aea154 SetEntriesInAclA
0x140aea15c SetSecurityInfo
0x140aea164 StartServiceW
0x140aea16c SystemFunction036
CRYPT32.dll
0x140aea17c CertCloseStore
0x140aea184 CertDuplicateCertificateContext
0x140aea18c CertEnumCertificatesInStore
0x140aea194 CertFindCertificateInStore
0x140aea19c CertFreeCertificateContext
0x140aea1a4 CertGetCertificateContextProperty
0x140aea1ac CertOpenStore
IPHLPAPI.DLL
0x140aea1bc ConvertInterfaceIndexToLuid
0x140aea1c4 ConvertInterfaceLuidToNameW
0x140aea1cc GetAdaptersAddresses
KERNEL32.dll
0x140aea1dc AcquireSRWLockExclusive
0x140aea1e4 AcquireSRWLockShared
0x140aea1ec AddVectoredExceptionHandler
0x140aea1f4 AssignProcessToJobObject
0x140aea1fc CancelIo
0x140aea204 CancelIoEx
0x140aea20c CancelSynchronousIo
0x140aea214 CloseHandle
0x140aea21c ConnectNamedPipe
0x140aea224 ConvertFiberToThread
0x140aea22c ConvertThreadToFiber
0x140aea234 CopyFileW
0x140aea23c CreateDirectoryW
0x140aea244 CreateEventA
0x140aea24c CreateFiber
0x140aea254 CreateFileA
0x140aea25c CreateFileMappingA
0x140aea264 CreateFileW
0x140aea26c CreateHardLinkW
0x140aea274 CreateIoCompletionPort
0x140aea27c CreateJobObjectW
0x140aea284 CreateNamedPipeA
0x140aea28c CreateNamedPipeW
0x140aea294 CreateProcessW
0x140aea29c CreateSemaphoreA
0x140aea2a4 CreateSymbolicLinkW
0x140aea2ac CreateToolhelp32Snapshot
0x140aea2b4 DebugBreak
0x140aea2bc DeleteCriticalSection
0x140aea2c4 DeleteFiber
0x140aea2cc DeviceIoControl
0x140aea2d4 DuplicateHandle
0x140aea2dc EnterCriticalSection
0x140aea2e4 ExpandEnvironmentStringsA
0x140aea2ec FileTimeToSystemTime
0x140aea2f4 FillConsoleOutputAttribute
0x140aea2fc FillConsoleOutputCharacterW
0x140aea304 FindClose
0x140aea30c FindFirstFileW
0x140aea314 FindNextFileW
0x140aea31c FindResourceW
0x140aea324 FlushFileBuffers
0x140aea32c FlushInstructionCache
0x140aea334 FlushViewOfFile
0x140aea33c FormatMessageA
0x140aea344 FormatMessageW
0x140aea34c FreeConsole
0x140aea354 FreeEnvironmentStringsW
0x140aea35c FreeLibrary
0x140aea364 GetComputerNameA
0x140aea36c GetConsoleCursorInfo
0x140aea374 GetConsoleMode
0x140aea37c GetConsoleScreenBufferInfo
0x140aea384 GetConsoleTitleW
0x140aea38c GetConsoleWindow
0x140aea394 GetCurrentDirectoryW
0x140aea39c GetCurrentProcess
0x140aea3a4 GetCurrentProcessId
0x140aea3ac GetCurrentThread
0x140aea3b4 GetCurrentThreadId
0x140aea3bc GetDiskFreeSpaceW
0x140aea3c4 GetEnvironmentStringsW
0x140aea3cc GetEnvironmentVariableW
0x140aea3d4 GetExitCodeProcess
0x140aea3dc GetFileAttributesA
0x140aea3e4 GetFileAttributesW
0x140aea3ec GetFileInformationByHandle
0x140aea3f4 GetFileInformationByHandleEx
0x140aea3fc GetFileSizeEx
0x140aea404 GetFileType
0x140aea40c GetFinalPathNameByHandleW
0x140aea414 GetFullPathNameW
0x140aea41c GetHandleInformation
0x140aea424 GetLargePageMinimum
0x140aea42c GetLastError
0x140aea434 GetLongPathNameW
0x140aea43c GetModuleFileNameA
0x140aea444 GetModuleFileNameW
0x140aea44c GetModuleHandleA
0x140aea454 GetModuleHandleExW
0x140aea45c GetModuleHandleW
0x140aea464 GetNamedPipeHandleStateA
0x140aea46c GetNativeSystemInfo
0x140aea474 GetNumberOfConsoleInputEvents
0x140aea47c GetPriorityClass
0x140aea484 GetProcAddress
0x140aea48c GetProcessAffinityMask
0x140aea494 GetProcessHeap
0x140aea49c GetProcessIoCounters
0x140aea4a4 GetProcessTimes
0x140aea4ac GetQueuedCompletionStatus
0x140aea4b4 GetShortPathNameW
0x140aea4bc GetStartupInfoA
0x140aea4c4 GetStartupInfoW
0x140aea4cc GetStdHandle
0x140aea4d4 GetSystemFirmwareTable
0x140aea4dc GetSystemInfo
0x140aea4e4 GetSystemPowerStatus
0x140aea4ec GetSystemTime
0x140aea4f4 GetSystemTimeAdjustment
0x140aea4fc GetSystemTimeAsFileTime
0x140aea504 GetTempPathW
0x140aea50c GetThreadContext
0x140aea514 GetThreadPriority
0x140aea51c GetThreadTimes
0x140aea524 GetTickCount
0x140aea52c GetTickCount64
0x140aea534 GetVersion
0x140aea53c GetVersionExA
0x140aea544 GetVersionExW
0x140aea54c GlobalMemoryStatusEx
0x140aea554 HeapAlloc
0x140aea55c HeapFree
0x140aea564 InitializeConditionVariable
0x140aea56c InitializeCriticalSection
0x140aea574 InitializeCriticalSectionAndSpinCount
0x140aea57c InitializeSRWLock
0x140aea584 IsDBCSLeadByteEx
0x140aea58c IsDebuggerPresent
0x140aea594 K32GetProcessMemoryInfo
0x140aea59c LCMapStringW
0x140aea5a4 LeaveCriticalSection
0x140aea5ac LoadLibraryA
0x140aea5b4 LoadLibraryExA
0x140aea5bc LoadLibraryExW
0x140aea5c4 LoadLibraryW
0x140aea5cc LoadResource
0x140aea5d4 LocalAlloc
0x140aea5dc LocalFree
0x140aea5e4 LockResource
0x140aea5ec MapViewOfFile
0x140aea5f4 MoveFileExW
0x140aea5fc MultiByteToWideChar
0x140aea604 OpenProcess
0x140aea60c OutputDebugStringA
0x140aea614 PeekNamedPipe
0x140aea61c PostQueuedCompletionStatus
0x140aea624 Process32First
0x140aea62c Process32Next
0x140aea634 QueryPerformanceCounter
0x140aea63c QueryPerformanceFrequency
0x140aea644 QueueUserWorkItem
0x140aea64c RaiseException
0x140aea654 ReOpenFile
0x140aea65c ReadConsoleA
0x140aea664 ReadConsoleInputW
0x140aea66c ReadConsoleW
0x140aea674 ReadDirectoryChangesW
0x140aea67c ReadFile
0x140aea684 RegisterWaitForSingleObject
0x140aea68c ReleaseSRWLockExclusive
0x140aea694 ReleaseSRWLockShared
0x140aea69c ReleaseSemaphore
0x140aea6a4 RemoveDirectoryW
0x140aea6ac RemoveVectoredExceptionHandler
0x140aea6b4 ResetEvent
0x140aea6bc ResumeThread
0x140aea6c4 RtlCaptureContext
0x140aea6cc RtlLookupFunctionEntry
0x140aea6d4 RtlUnwindEx
0x140aea6dc RtlVirtualUnwind
0x140aea6e4 SetConsoleCtrlHandler
0x140aea6ec SetConsoleCursorInfo
0x140aea6f4 SetConsoleCursorPosition
0x140aea6fc SetConsoleMode
0x140aea704 SetConsoleTextAttribute
0x140aea70c SetConsoleTitleA
0x140aea714 SetConsoleTitleW
0x140aea71c SetCurrentDirectoryW
0x140aea724 SetEnvironmentVariableW
0x140aea72c SetErrorMode
0x140aea734 SetEvent
0x140aea73c SetFileCompletionNotificationModes
0x140aea744 SetFilePointerEx
0x140aea74c SetFileTime
0x140aea754 SetHandleInformation
0x140aea75c SetInformationJobObject
0x140aea764 SetLastError
0x140aea76c SetNamedPipeHandleState
0x140aea774 SetPriorityClass
0x140aea77c SetProcessAffinityMask
0x140aea784 SetSystemTime
0x140aea78c SetThreadAffinityMask
0x140aea794 SetThreadContext
0x140aea79c SetThreadPriority
0x140aea7a4 SetUnhandledExceptionFilter
0x140aea7ac SizeofResource
0x140aea7b4 Sleep
0x140aea7bc SleepConditionVariableCS
0x140aea7c4 SuspendThread
0x140aea7cc SwitchToFiber
0x140aea7d4 SwitchToThread
0x140aea7dc SystemTimeToFileTime
0x140aea7e4 TerminateProcess
0x140aea7ec TlsAlloc
0x140aea7f4 TlsFree
0x140aea7fc TlsGetValue
0x140aea804 TlsSetValue
0x140aea80c TryAcquireSRWLockExclusive
0x140aea814 TryAcquireSRWLockShared
0x140aea81c TryEnterCriticalSection
0x140aea824 UnmapViewOfFile
0x140aea82c UnregisterWait
0x140aea834 UnregisterWaitEx
0x140aea83c VerSetConditionMask
0x140aea844 VerifyVersionInfoA
0x140aea84c VirtualAlloc
0x140aea854 VirtualFree
0x140aea85c VirtualProtect
0x140aea864 VirtualQuery
0x140aea86c WaitForMultipleObjects
0x140aea874 WaitForSingleObject
0x140aea87c WaitNamedPipeW
0x140aea884 WakeAllConditionVariable
0x140aea88c WakeConditionVariable
0x140aea894 WideCharToMultiByte
0x140aea89c WriteConsoleInputW
0x140aea8a4 WriteConsoleW
0x140aea8ac WriteFile
0x140aea8b4 __C_specific_handler
msvcrt.dll
0x140aea8c4 ___lc_codepage_func
0x140aea8cc ___mb_cur_max_func
0x140aea8d4 __argv
0x140aea8dc __doserrno
0x140aea8e4 __getmainargs
0x140aea8ec __initenv
0x140aea8f4 __iob_func
0x140aea8fc __set_app_type
0x140aea904 __setusermatherr
0x140aea90c _acmdln
0x140aea914 _amsg_exit
0x140aea91c _assert
0x140aea924 _beginthreadex
0x140aea92c _cexit
0x140aea934 _close
0x140aea93c _close
0x140aea944 _commode
0x140aea94c _endthreadex
0x140aea954 _errno
0x140aea95c _exit
0x140aea964 _fdopen
0x140aea96c _filelengthi64
0x140aea974 _fileno
0x140aea97c _findclose
0x140aea984 _fileno
0x140aea98c _findfirst64
0x140aea994 _findnext64
0x140aea99c _fmode
0x140aea9a4 _fstat64
0x140aea9ac _fullpath
0x140aea9b4 _get_osfhandle
0x140aea9bc _gmtime64
0x140aea9c4 _initterm
0x140aea9cc _isatty
0x140aea9d4 _localtime64
0x140aea9dc _lock
0x140aea9e4 _lseeki64
0x140aea9ec _mkdir
0x140aea9f4 _onexit
0x140aea9fc _open
0x140aeaa04 _open_osfhandle
0x140aeaa0c _read
0x140aeaa14 _read
0x140aeaa1c _setjmp
0x140aeaa24 _setmode
0x140aeaa2c _snwprintf
0x140aeaa34 _stat64
0x140aeaa3c _stricmp
0x140aeaa44 _strdup
0x140aeaa4c _strdup
0x140aeaa54 _strnicmp
0x140aeaa5c _time64
0x140aeaa64 _ultoa
0x140aeaa6c _unlock
0x140aeaa74 _umask
0x140aeaa7c _vscprintf
0x140aeaa84 _vsnprintf
0x140aeaa8c _vsnwprintf
0x140aeaa94 _wchmod
0x140aeaa9c _wcsdup
0x140aeaaa4 _wcsnicmp
0x140aeaaac _wcsrev
0x140aeaab4 _wfopen
0x140aeaabc _wopen
0x140aeaac4 _write
0x140aeaacc _wrmdir
0x140aeaad4 abort
0x140aeaadc atof
0x140aeaae4 atoi
0x140aeaaec calloc
0x140aeaaf4 exit
0x140aeaafc fclose
0x140aeab04 feof
0x140aeab0c ferror
0x140aeab14 fflush
0x140aeab1c fgetpos
0x140aeab24 fgets
0x140aeab2c fopen
0x140aeab34 fprintf
0x140aeab3c fputc
0x140aeab44 fputs
0x140aeab4c fread
0x140aeab54 free
0x140aeab5c fseek
0x140aeab64 fsetpos
0x140aeab6c ftell
0x140aeab74 fwrite
0x140aeab7c getc
0x140aeab84 getenv
0x140aeab8c getwc
0x140aeab94 islower
0x140aeab9c isspace
0x140aeaba4 isupper
0x140aeabac iswctype
0x140aeabb4 isxdigit
0x140aeabbc _write
0x140aeabc4 localeconv
0x140aeabcc longjmp
0x140aeabd4 malloc
0x140aeabdc memchr
0x140aeabe4 memcmp
0x140aeabec memcpy
0x140aeabf4 memmove
0x140aeabfc memset
0x140aeac04 printf
0x140aeac0c putc
0x140aeac14 putwc
0x140aeac1c qsort
0x140aeac24 raise
0x140aeac2c realloc
0x140aeac34 rand
0x140aeac3c setlocale
0x140aeac44 setvbuf
0x140aeac4c signal
0x140aeac54 sprintf
0x140aeac5c srand
0x140aeac64 strcat
0x140aeac6c strchr
0x140aeac74 strcmp
0x140aeac7c strcoll
0x140aeac84 strcpy
0x140aeac8c strcspn
0x140aeac94 strerror
0x140aeac9c strftime
0x140aeaca4 strlen
0x140aeacac strncmp
0x140aeacb4 strncpy
0x140aeacbc strrchr
0x140aeacc4 strspn
0x140aeaccc strstr
0x140aeacd4 strtol
0x140aeacdc strtoul
0x140aeace4 strxfrm
0x140aeacec tolower
0x140aeacf4 toupper
0x140aeacfc towlower
0x140aead04 towupper
0x140aead0c ungetc
0x140aead14 vfprintf
0x140aead1c ungetwc
0x140aead24 wcschr
0x140aead2c wcscmp
0x140aead34 wcscoll
0x140aead3c wcscpy
0x140aead44 wcsftime
0x140aead4c wcslen
0x140aead54 wcsncmp
0x140aead5c wcsncpy
0x140aead64 wcspbrk
0x140aead6c wcsrchr
0x140aead74 wcsstr
0x140aead7c wcstombs
0x140aead84 wcsxfrm
ole32.dll
0x140aead94 CoCreateInstance
0x140aead9c CoInitializeEx
0x140aeada4 CoUninitialize
SHELL32.dll
0x140aeadb4 SHGetSpecialFolderPathA
USER32.dll
0x140aeadc4 DispatchMessageA
0x140aeadcc GetLastInputInfo
0x140aeadd4 GetMessageA
0x140aeaddc GetProcessWindowStation
0x140aeade4 GetSystemMetrics
0x140aeadec GetUserObjectInformationW
0x140aeadf4 MapVirtualKeyW
0x140aeadfc MessageBoxW
0x140aeae04 ShowWindow
0x140aeae0c TranslateMessage
USERENV.dll
0x140aeae1c GetUserProfileDirectoryW
WS2_32.dll
0x140aeae2c FreeAddrInfoW
0x140aeae34 GetAddrInfoW
0x140aeae3c WSACleanup
0x140aeae44 WSADuplicateSocketW
0x140aeae4c WSAGetLastError
0x140aeae54 WSAGetOverlappedResult
0x140aeae5c WSAIoctl
0x140aeae64 WSARecv
0x140aeae6c WSARecvFrom
0x140aeae74 WSASend
0x140aeae7c WSASendTo
0x140aeae84 WSASetLastError
0x140aeae8c WSASocketW
0x140aeae94 WSAStartup
0x140aeae9c accept
0x140aeaea4 ind
0x140aeaeac closesocket
0x140aeaeb4 connect
0x140aeaebc freeaddrinfo
0x140aeaec4 getaddrinfo
0x140aeaecc gethostbyname
0x140aeaed4 gethostname
0x140aeaedc getnameinfo
0x140aeaee4 getpeername
0x140aeaeec getsockname
0x140aeaef4 getsockopt
0x140aeaefc htonl
0x140aeaf04 htons
0x140aeaf0c ioctlsocket
0x140aeaf14 listen
0x140aeaf1c ntohs
0x140aeaf24 recv
0x140aeaf2c select
0x140aeaf34 send
0x140aeaf3c setsockopt
0x140aeaf44 shutdown
0x140aeaf4c socket
EAT(Export Address Table) is none