ScreenShot
| Created | 2023.09.23 09:37 | Machine | s1_win7_x6403 |
| Filename | App1234.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetectMalware, GenericKD, unsafe, Vyiv, TrojanPSW, Stealerc, Attribute, HighConfidence, malicious, high confidence, PWSX, QQPass, QQRob, Tsmw, DownLoader46, ai score=81, Znyonm, Detected, Artemis, Chgt, Generic@AI, RDML, kbVL+J8TC8ghpSn2hNewg, confidence, 100%) | ||
| md5 | e8a7ed6986b1178188c27b9761f39762 | ||
| sha256 | e7df475c90b173430ea4bc85e2006a7e03b7ada50323c1e9fc6dc85d6265a18f | ||
| ssdeep | 98304:B3CNpyBPtb7dRfe/HEkxUzTFDxbIVZNjn98ftpkHf:B2Itb7dRfe/HEeUzTXYbu7 | ||
| imphash | e77b2b68e7e98ffac68641bdc168e821 | ||
| impfuzzy | 192:nhfzUeWhRcfIWNIaza5tHUWQlAqasSWjC:nhfzvdgMIr0FlAFsF+ | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local email clients |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Executes one or more WMI queries |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (10cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING PNG in HTTP POST (Outbound)
ET HUNTING PNG in HTTP POST (Outbound)
PE API
IAT(Import Address Table) Library
kernel32.dll
0x6cd1ac GetStdHandle
0x6cd1b0 MultiByteToWideChar
0x6cd1b4 WriteConsoleW
0x6cd1b8 GetEnvironmentVariableW
0x6cd1bc GetModuleHandleW
0x6cd1c0 FormatMessageW
0x6cd1c4 GetTempPathW
0x6cd1c8 GetModuleFileNameW
0x6cd1cc CreateFileW
0x6cd1d0 GetFileInformationByHandleEx
0x6cd1d4 RtlCaptureContext
0x6cd1d8 GetFullPathNameW
0x6cd1dc FindNextFileW
0x6cd1e0 CreateDirectoryW
0x6cd1e4 FindFirstFileW
0x6cd1e8 FindClose
0x6cd1ec GetCurrentThread
0x6cd1f0 GetProcAddress
0x6cd1f4 ReleaseMutex
0x6cd1f8 CreateMutexA
0x6cd1fc GetEnvironmentStringsW
0x6cd200 FreeEnvironmentStringsW
0x6cd204 CompareStringOrdinal
0x6cd208 GetSystemDirectoryW
0x6cd20c GetWindowsDirectoryW
0x6cd210 CreateProcessW
0x6cd214 GetFileAttributesW
0x6cd218 DuplicateHandle
0x6cd21c CreateNamedPipeW
0x6cd220 CreateThread
0x6cd224 ReadFileEx
0x6cd228 SleepEx
0x6cd22c WriteFileEx
0x6cd230 CreateEventW
0x6cd234 CancelIo
0x6cd238 ReadFile
0x6cd23c QueryPerformanceCounter
0x6cd240 QueryPerformanceFrequency
0x6cd244 GetSystemTimeAsFileTime
0x6cd248 GetCurrentDirectoryW
0x6cd24c DeleteFileW
0x6cd250 SetFileInformationByHandle
0x6cd254 CopyFileExW
0x6cd258 GetDriveTypeW
0x6cd25c GetVolumeInformationW
0x6cd260 GetDiskFreeSpaceExW
0x6cd264 DeviceIoControl
0x6cd268 OpenProcess
0x6cd26c GetCurrentProcessId
0x6cd270 GetCurrentProcess
0x6cd274 GetProcessTimes
0x6cd278 TlsFree
0x6cd27c GetProcessIoCounters
0x6cd280 LoadLibraryA
0x6cd284 WaitForSingleObjectEx
0x6cd288 TlsGetValue
0x6cd28c TlsSetValue
0x6cd290 GetTickCount64
0x6cd294 AcquireSRWLockExclusive
0x6cd298 InitOnceComplete
0x6cd29c TlsAlloc
0x6cd2a0 GetLogicalDrives
0x6cd2a4 HeapReAlloc
0x6cd2a8 InitOnceBeginInitialize
0x6cd2ac SwitchToThread
0x6cd2b0 SetHandleInformation
0x6cd2b4 HeapFree
0x6cd2b8 GlobalMemoryStatusEx
0x6cd2bc GetProcessHeap
0x6cd2c0 HeapAlloc
0x6cd2c4 SetThreadStackGuarantee
0x6cd2c8 FreeLibrary
0x6cd2cc AddVectoredExceptionHandler
0x6cd2d0 SetFilePointerEx
0x6cd2d4 VirtualQuery
0x6cd2d8 LoadLibraryExW
0x6cd2dc IsProcessorFeaturePresent
0x6cd2e0 TerminateProcess
0x6cd2e4 AcquireSRWLockShared
0x6cd2e8 ReleaseSRWLockExclusive
0x6cd2ec ReleaseSRWLockShared
0x6cd2f0 SetUnhandledExceptionFilter
0x6cd2f4 UnhandledExceptionFilter
0x6cd2f8 SetLastError
0x6cd2fc GetFinalPathNameByHandleW
0x6cd300 GetFileInformationByHandle
0x6cd304 TryAcquireSRWLockExclusive
0x6cd308 GetQueuedCompletionStatusEx
0x6cd30c PostQueuedCompletionStatus
0x6cd310 CreateIoCompletionPort
0x6cd314 SetFileCompletionNotificationModes
0x6cd318 GetSystemInfo
0x6cd31c GetModuleHandleA
0x6cd320 FlushFileBuffers
0x6cd324 GetTickCount
0x6cd328 MapViewOfFile
0x6cd32c CreateFileMappingW
0x6cd330 FormatMessageA
0x6cd334 GetSystemTime
0x6cd338 WideCharToMultiByte
0x6cd33c SystemTimeToFileTime
0x6cd340 GetFileSize
0x6cd344 LockFileEx
0x6cd348 LocalFree
0x6cd34c UnlockFile
0x6cd350 HeapDestroy
0x6cd354 HeapCompact
0x6cd358 LoadLibraryW
0x6cd35c DeleteFileA
0x6cd360 CreateFileA
0x6cd364 FlushViewOfFile
0x6cd368 OutputDebugStringW
0x6cd36c GetFileAttributesExW
0x6cd370 GetFileAttributesA
0x6cd374 GetDiskFreeSpaceA
0x6cd378 GetTempPathA
0x6cd37c HeapSize
0x6cd380 HeapValidate
0x6cd384 UnmapViewOfFile
0x6cd388 CreateMutexW
0x6cd38c UnlockFileEx
0x6cd390 SetEndOfFile
0x6cd394 GetFullPathNameA
0x6cd398 SetFilePointer
0x6cd39c LockFile
0x6cd3a0 OutputDebugStringA
0x6cd3a4 GetDiskFreeSpaceW
0x6cd3a8 WriteFile
0x6cd3ac HeapCreate
0x6cd3b0 AreFileApisANSI
0x6cd3b4 InitializeCriticalSection
0x6cd3b8 EnterCriticalSection
0x6cd3bc LeaveCriticalSection
0x6cd3c0 TryEnterCriticalSection
0x6cd3c4 DeleteCriticalSection
0x6cd3c8 GetCurrentThreadId
0x6cd3cc InitializeSListHead
0x6cd3d0 Sleep
0x6cd3d4 IsDebuggerPresent
0x6cd3d8 GetComputerNameExW
0x6cd3dc WakeAllConditionVariable
0x6cd3e0 SleepConditionVariableSRW
0x6cd3e4 GetExitCodeProcess
0x6cd3e8 WaitForSingleObject
0x6cd3ec GetLastError
0x6cd3f0 GetOverlappedResult
0x6cd3f4 WaitForMultipleObjects
0x6cd3f8 GetConsoleMode
0x6cd3fc CloseHandle
0x6cd400 WakeConditionVariable
0x6cd404 GetSystemTimes
crypt32.dll
0x6cd134 CryptUnprotectData
0x6cd138 CertFreeCertificateContext
0x6cd13c CertDuplicateCertificateContext
0x6cd140 CertOpenStore
0x6cd144 CertGetCertificateChain
0x6cd148 CertFreeCertificateChain
0x6cd14c CertDuplicateStore
0x6cd150 CertCloseStore
0x6cd154 CertAddCertificateContextToStore
0x6cd158 CertEnumCertificatesInStore
0x6cd15c CertVerifyCertificateChainPolicy
0x6cd160 CertDuplicateCertificateChain
advapi32.dll
0x6cd02c IsValidSid
0x6cd030 RegQueryValueExW
0x6cd034 RegOpenKeyExW
0x6cd038 RegCloseKey
0x6cd03c LookupAccountSidW
0x6cd040 SystemFunction036
0x6cd044 OpenProcessToken
0x6cd048 GetTokenInformation
0x6cd04c CopySid
0x6cd050 GetLengthSid
user32.dll
0x6cd4e0 GetMonitorInfoW
0x6cd4e4 EnumDisplayMonitors
0x6cd4e8 GetSystemMetrics
0x6cd4ec EnumDisplaySettingsExW
gdi32.dll
0x6cd168 DeleteObject
0x6cd16c CreateDCW
0x6cd170 GetObjectW
0x6cd174 GetDIBits
0x6cd178 SetStretchBltMode
0x6cd17c GetDeviceCaps
0x6cd180 SelectObject
0x6cd184 CreateCompatibleBitmap
0x6cd188 CreateCompatibleDC
0x6cd18c StretchBlt
0x6cd190 DeleteDC
crypt.dll
0x6cd12c BCryptGenRandom
ws2_32.dll
0x6cd4f4 getsockopt
0x6cd4f8 shutdown
0x6cd4fc WSASend
0x6cd500 ind
0x6cd504 WSASocketW
0x6cd508 closesocket
0x6cd50c ioctlsocket
0x6cd510 getaddrinfo
0x6cd514 freeaddrinfo
0x6cd518 WSAIoctl
0x6cd51c setsockopt
0x6cd520 send
0x6cd524 WSACleanup
0x6cd528 recv
0x6cd52c getsockname
0x6cd530 WSAGetLastError
0x6cd534 getpeername
0x6cd538 connect
0x6cd53c WSAStartup
ntdll.dll
0x6cd420 NtWriteFile
0x6cd424 NtReadFile
0x6cd428 NtDeviceIoControlFile
0x6cd42c NtCancelIoFileEx
0x6cd430 RtlNtStatusToDosError
0x6cd434 NtQuerySystemInformation
0x6cd438 NtCreateFile
secur32.dll
0x6cd4a8 FreeContextBuffer
0x6cd4ac DeleteSecurityContext
0x6cd4b0 FreeCredentialsHandle
0x6cd4b4 EncryptMessage
0x6cd4b8 AcceptSecurityContext
0x6cd4bc LsaEnumerateLogonSessions
0x6cd4c0 LsaGetLogonSessionData
0x6cd4c4 LsaFreeReturnBuffer
0x6cd4c8 InitializeSecurityContextW
0x6cd4cc DecryptMessage
0x6cd4d0 QueryContextAttributesW
0x6cd4d4 AcquireCredentialsHandleA
0x6cd4d8 ApplyControlToken
psapi.dll
0x6cd494 GetPerformanceInfo
0x6cd498 EnumProcessModules
0x6cd49c GetModuleFileNameExW
0x6cd4a0 GetModuleInformation
ole32.dll
0x6cd440 CoInitializeSecurity
0x6cd444 CoCreateInstance
0x6cd448 CoInitializeEx
0x6cd44c CoUninitialize
0x6cd450 CoSetProxyBlanket
iphlpapi.dll
0x6cd198 FreeMibTable
0x6cd19c GetIfTable2
0x6cd1a0 GetAdaptersAddresses
0x6cd1a4 GetIfEntry2
netapi32.dll
0x6cd40c NetUserEnum
0x6cd410 NetApiBufferFree
0x6cd414 NetUserGetInfo
0x6cd418 NetUserGetLocalGroups
pdh.dll
0x6cd470 PdhOpenQueryA
0x6cd474 PdhRemoveCounter
0x6cd478 PdhAddEnglishCounterW
0x6cd47c PdhCollectQueryData
0x6cd480 PdhGetFormattedCounterValue
0x6cd484 PdhCloseQuery
powrprof.dll
0x6cd48c CallNtPowerInformation
oleaut32.dll
0x6cd458 SysAllocString
0x6cd45c GetErrorInfo
0x6cd460 SysStringLen
0x6cd464 SysFreeString
0x6cd468 VariantClear
VCRUNTIME140.dll
0x6cd000 memcpy
0x6cd004 memset
0x6cd008 memmove
0x6cd00c memcmp
0x6cd010 _CxxThrowException
0x6cd014 __CxxFrameHandler3
0x6cd018 strrchr
0x6cd01c _except_handler4_common
0x6cd020 __current_exception
0x6cd024 __current_exception_context
api-ms-win-crt-string-l1-1-0.dll
0x6cd104 strcmp
0x6cd108 strlen
0x6cd10c strncmp
0x6cd110 strcspn
api-ms-win-crt-math-l1-1-0.dll
0x6cd078 log10
0x6cd07c log
0x6cd080 _dclass
0x6cd084 pow
0x6cd088 ceil
0x6cd08c round
0x6cd090 exp2
0x6cd094 __setusermatherr
0x6cd098 floor
api-ms-win-crt-heap-l1-1-0.dll
0x6cd058 malloc
0x6cd05c _msize
0x6cd060 _set_new_mode
0x6cd064 realloc
0x6cd068 free
api-ms-win-crt-utility-l1-1-0.dll
0x6cd120 _rotl64
0x6cd124 qsort
api-ms-win-crt-time-l1-1-0.dll
0x6cd118 _localtime64_s
api-ms-win-crt-runtime-l1-1-0.dll
0x6cd0a0 _get_initial_narrow_environment
0x6cd0a4 _initterm_e
0x6cd0a8 _initialize_narrow_environment
0x6cd0ac exit
0x6cd0b0 _exit
0x6cd0b4 __p___argc
0x6cd0b8 __p___argv
0x6cd0bc _cexit
0x6cd0c0 _configure_narrow_argv
0x6cd0c4 _c_exit
0x6cd0c8 _register_thread_local_exe_atexit_callback
0x6cd0cc _seh_filter_exe
0x6cd0d0 _beginthreadex
0x6cd0d4 _initterm
0x6cd0d8 _initialize_onexit_table
0x6cd0dc _register_onexit_function
0x6cd0e0 _crt_atexit
0x6cd0e4 _controlfp_s
0x6cd0e8 terminate
0x6cd0ec _endthreadex
0x6cd0f0 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x6cd0f8 __p__commode
0x6cd0fc _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x6cd070 _configthreadlocale
EAT(Export Address Table) is none
kernel32.dll
0x6cd1ac GetStdHandle
0x6cd1b0 MultiByteToWideChar
0x6cd1b4 WriteConsoleW
0x6cd1b8 GetEnvironmentVariableW
0x6cd1bc GetModuleHandleW
0x6cd1c0 FormatMessageW
0x6cd1c4 GetTempPathW
0x6cd1c8 GetModuleFileNameW
0x6cd1cc CreateFileW
0x6cd1d0 GetFileInformationByHandleEx
0x6cd1d4 RtlCaptureContext
0x6cd1d8 GetFullPathNameW
0x6cd1dc FindNextFileW
0x6cd1e0 CreateDirectoryW
0x6cd1e4 FindFirstFileW
0x6cd1e8 FindClose
0x6cd1ec GetCurrentThread
0x6cd1f0 GetProcAddress
0x6cd1f4 ReleaseMutex
0x6cd1f8 CreateMutexA
0x6cd1fc GetEnvironmentStringsW
0x6cd200 FreeEnvironmentStringsW
0x6cd204 CompareStringOrdinal
0x6cd208 GetSystemDirectoryW
0x6cd20c GetWindowsDirectoryW
0x6cd210 CreateProcessW
0x6cd214 GetFileAttributesW
0x6cd218 DuplicateHandle
0x6cd21c CreateNamedPipeW
0x6cd220 CreateThread
0x6cd224 ReadFileEx
0x6cd228 SleepEx
0x6cd22c WriteFileEx
0x6cd230 CreateEventW
0x6cd234 CancelIo
0x6cd238 ReadFile
0x6cd23c QueryPerformanceCounter
0x6cd240 QueryPerformanceFrequency
0x6cd244 GetSystemTimeAsFileTime
0x6cd248 GetCurrentDirectoryW
0x6cd24c DeleteFileW
0x6cd250 SetFileInformationByHandle
0x6cd254 CopyFileExW
0x6cd258 GetDriveTypeW
0x6cd25c GetVolumeInformationW
0x6cd260 GetDiskFreeSpaceExW
0x6cd264 DeviceIoControl
0x6cd268 OpenProcess
0x6cd26c GetCurrentProcessId
0x6cd270 GetCurrentProcess
0x6cd274 GetProcessTimes
0x6cd278 TlsFree
0x6cd27c GetProcessIoCounters
0x6cd280 LoadLibraryA
0x6cd284 WaitForSingleObjectEx
0x6cd288 TlsGetValue
0x6cd28c TlsSetValue
0x6cd290 GetTickCount64
0x6cd294 AcquireSRWLockExclusive
0x6cd298 InitOnceComplete
0x6cd29c TlsAlloc
0x6cd2a0 GetLogicalDrives
0x6cd2a4 HeapReAlloc
0x6cd2a8 InitOnceBeginInitialize
0x6cd2ac SwitchToThread
0x6cd2b0 SetHandleInformation
0x6cd2b4 HeapFree
0x6cd2b8 GlobalMemoryStatusEx
0x6cd2bc GetProcessHeap
0x6cd2c0 HeapAlloc
0x6cd2c4 SetThreadStackGuarantee
0x6cd2c8 FreeLibrary
0x6cd2cc AddVectoredExceptionHandler
0x6cd2d0 SetFilePointerEx
0x6cd2d4 VirtualQuery
0x6cd2d8 LoadLibraryExW
0x6cd2dc IsProcessorFeaturePresent
0x6cd2e0 TerminateProcess
0x6cd2e4 AcquireSRWLockShared
0x6cd2e8 ReleaseSRWLockExclusive
0x6cd2ec ReleaseSRWLockShared
0x6cd2f0 SetUnhandledExceptionFilter
0x6cd2f4 UnhandledExceptionFilter
0x6cd2f8 SetLastError
0x6cd2fc GetFinalPathNameByHandleW
0x6cd300 GetFileInformationByHandle
0x6cd304 TryAcquireSRWLockExclusive
0x6cd308 GetQueuedCompletionStatusEx
0x6cd30c PostQueuedCompletionStatus
0x6cd310 CreateIoCompletionPort
0x6cd314 SetFileCompletionNotificationModes
0x6cd318 GetSystemInfo
0x6cd31c GetModuleHandleA
0x6cd320 FlushFileBuffers
0x6cd324 GetTickCount
0x6cd328 MapViewOfFile
0x6cd32c CreateFileMappingW
0x6cd330 FormatMessageA
0x6cd334 GetSystemTime
0x6cd338 WideCharToMultiByte
0x6cd33c SystemTimeToFileTime
0x6cd340 GetFileSize
0x6cd344 LockFileEx
0x6cd348 LocalFree
0x6cd34c UnlockFile
0x6cd350 HeapDestroy
0x6cd354 HeapCompact
0x6cd358 LoadLibraryW
0x6cd35c DeleteFileA
0x6cd360 CreateFileA
0x6cd364 FlushViewOfFile
0x6cd368 OutputDebugStringW
0x6cd36c GetFileAttributesExW
0x6cd370 GetFileAttributesA
0x6cd374 GetDiskFreeSpaceA
0x6cd378 GetTempPathA
0x6cd37c HeapSize
0x6cd380 HeapValidate
0x6cd384 UnmapViewOfFile
0x6cd388 CreateMutexW
0x6cd38c UnlockFileEx
0x6cd390 SetEndOfFile
0x6cd394 GetFullPathNameA
0x6cd398 SetFilePointer
0x6cd39c LockFile
0x6cd3a0 OutputDebugStringA
0x6cd3a4 GetDiskFreeSpaceW
0x6cd3a8 WriteFile
0x6cd3ac HeapCreate
0x6cd3b0 AreFileApisANSI
0x6cd3b4 InitializeCriticalSection
0x6cd3b8 EnterCriticalSection
0x6cd3bc LeaveCriticalSection
0x6cd3c0 TryEnterCriticalSection
0x6cd3c4 DeleteCriticalSection
0x6cd3c8 GetCurrentThreadId
0x6cd3cc InitializeSListHead
0x6cd3d0 Sleep
0x6cd3d4 IsDebuggerPresent
0x6cd3d8 GetComputerNameExW
0x6cd3dc WakeAllConditionVariable
0x6cd3e0 SleepConditionVariableSRW
0x6cd3e4 GetExitCodeProcess
0x6cd3e8 WaitForSingleObject
0x6cd3ec GetLastError
0x6cd3f0 GetOverlappedResult
0x6cd3f4 WaitForMultipleObjects
0x6cd3f8 GetConsoleMode
0x6cd3fc CloseHandle
0x6cd400 WakeConditionVariable
0x6cd404 GetSystemTimes
crypt32.dll
0x6cd134 CryptUnprotectData
0x6cd138 CertFreeCertificateContext
0x6cd13c CertDuplicateCertificateContext
0x6cd140 CertOpenStore
0x6cd144 CertGetCertificateChain
0x6cd148 CertFreeCertificateChain
0x6cd14c CertDuplicateStore
0x6cd150 CertCloseStore
0x6cd154 CertAddCertificateContextToStore
0x6cd158 CertEnumCertificatesInStore
0x6cd15c CertVerifyCertificateChainPolicy
0x6cd160 CertDuplicateCertificateChain
advapi32.dll
0x6cd02c IsValidSid
0x6cd030 RegQueryValueExW
0x6cd034 RegOpenKeyExW
0x6cd038 RegCloseKey
0x6cd03c LookupAccountSidW
0x6cd040 SystemFunction036
0x6cd044 OpenProcessToken
0x6cd048 GetTokenInformation
0x6cd04c CopySid
0x6cd050 GetLengthSid
user32.dll
0x6cd4e0 GetMonitorInfoW
0x6cd4e4 EnumDisplayMonitors
0x6cd4e8 GetSystemMetrics
0x6cd4ec EnumDisplaySettingsExW
gdi32.dll
0x6cd168 DeleteObject
0x6cd16c CreateDCW
0x6cd170 GetObjectW
0x6cd174 GetDIBits
0x6cd178 SetStretchBltMode
0x6cd17c GetDeviceCaps
0x6cd180 SelectObject
0x6cd184 CreateCompatibleBitmap
0x6cd188 CreateCompatibleDC
0x6cd18c StretchBlt
0x6cd190 DeleteDC
crypt.dll
0x6cd12c BCryptGenRandom
ws2_32.dll
0x6cd4f4 getsockopt
0x6cd4f8 shutdown
0x6cd4fc WSASend
0x6cd500 ind
0x6cd504 WSASocketW
0x6cd508 closesocket
0x6cd50c ioctlsocket
0x6cd510 getaddrinfo
0x6cd514 freeaddrinfo
0x6cd518 WSAIoctl
0x6cd51c setsockopt
0x6cd520 send
0x6cd524 WSACleanup
0x6cd528 recv
0x6cd52c getsockname
0x6cd530 WSAGetLastError
0x6cd534 getpeername
0x6cd538 connect
0x6cd53c WSAStartup
ntdll.dll
0x6cd420 NtWriteFile
0x6cd424 NtReadFile
0x6cd428 NtDeviceIoControlFile
0x6cd42c NtCancelIoFileEx
0x6cd430 RtlNtStatusToDosError
0x6cd434 NtQuerySystemInformation
0x6cd438 NtCreateFile
secur32.dll
0x6cd4a8 FreeContextBuffer
0x6cd4ac DeleteSecurityContext
0x6cd4b0 FreeCredentialsHandle
0x6cd4b4 EncryptMessage
0x6cd4b8 AcceptSecurityContext
0x6cd4bc LsaEnumerateLogonSessions
0x6cd4c0 LsaGetLogonSessionData
0x6cd4c4 LsaFreeReturnBuffer
0x6cd4c8 InitializeSecurityContextW
0x6cd4cc DecryptMessage
0x6cd4d0 QueryContextAttributesW
0x6cd4d4 AcquireCredentialsHandleA
0x6cd4d8 ApplyControlToken
psapi.dll
0x6cd494 GetPerformanceInfo
0x6cd498 EnumProcessModules
0x6cd49c GetModuleFileNameExW
0x6cd4a0 GetModuleInformation
ole32.dll
0x6cd440 CoInitializeSecurity
0x6cd444 CoCreateInstance
0x6cd448 CoInitializeEx
0x6cd44c CoUninitialize
0x6cd450 CoSetProxyBlanket
iphlpapi.dll
0x6cd198 FreeMibTable
0x6cd19c GetIfTable2
0x6cd1a0 GetAdaptersAddresses
0x6cd1a4 GetIfEntry2
netapi32.dll
0x6cd40c NetUserEnum
0x6cd410 NetApiBufferFree
0x6cd414 NetUserGetInfo
0x6cd418 NetUserGetLocalGroups
pdh.dll
0x6cd470 PdhOpenQueryA
0x6cd474 PdhRemoveCounter
0x6cd478 PdhAddEnglishCounterW
0x6cd47c PdhCollectQueryData
0x6cd480 PdhGetFormattedCounterValue
0x6cd484 PdhCloseQuery
powrprof.dll
0x6cd48c CallNtPowerInformation
oleaut32.dll
0x6cd458 SysAllocString
0x6cd45c GetErrorInfo
0x6cd460 SysStringLen
0x6cd464 SysFreeString
0x6cd468 VariantClear
VCRUNTIME140.dll
0x6cd000 memcpy
0x6cd004 memset
0x6cd008 memmove
0x6cd00c memcmp
0x6cd010 _CxxThrowException
0x6cd014 __CxxFrameHandler3
0x6cd018 strrchr
0x6cd01c _except_handler4_common
0x6cd020 __current_exception
0x6cd024 __current_exception_context
api-ms-win-crt-string-l1-1-0.dll
0x6cd104 strcmp
0x6cd108 strlen
0x6cd10c strncmp
0x6cd110 strcspn
api-ms-win-crt-math-l1-1-0.dll
0x6cd078 log10
0x6cd07c log
0x6cd080 _dclass
0x6cd084 pow
0x6cd088 ceil
0x6cd08c round
0x6cd090 exp2
0x6cd094 __setusermatherr
0x6cd098 floor
api-ms-win-crt-heap-l1-1-0.dll
0x6cd058 malloc
0x6cd05c _msize
0x6cd060 _set_new_mode
0x6cd064 realloc
0x6cd068 free
api-ms-win-crt-utility-l1-1-0.dll
0x6cd120 _rotl64
0x6cd124 qsort
api-ms-win-crt-time-l1-1-0.dll
0x6cd118 _localtime64_s
api-ms-win-crt-runtime-l1-1-0.dll
0x6cd0a0 _get_initial_narrow_environment
0x6cd0a4 _initterm_e
0x6cd0a8 _initialize_narrow_environment
0x6cd0ac exit
0x6cd0b0 _exit
0x6cd0b4 __p___argc
0x6cd0b8 __p___argv
0x6cd0bc _cexit
0x6cd0c0 _configure_narrow_argv
0x6cd0c4 _c_exit
0x6cd0c8 _register_thread_local_exe_atexit_callback
0x6cd0cc _seh_filter_exe
0x6cd0d0 _beginthreadex
0x6cd0d4 _initterm
0x6cd0d8 _initialize_onexit_table
0x6cd0dc _register_onexit_function
0x6cd0e0 _crt_atexit
0x6cd0e4 _controlfp_s
0x6cd0e8 terminate
0x6cd0ec _endthreadex
0x6cd0f0 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x6cd0f8 __p__commode
0x6cd0fc _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x6cd070 _configthreadlocale
EAT(Export Address Table) is none