ScreenShot
| Created | 2024.02.02 09:13 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 56 detected (AIDetectMalware, Miner, tstT, malicious, high confidence, score, GenericIH, S30100706, unsafe, CoinMiner, Artemis, MiscX, RiskTool, BitMiner, kenrfp, HackTool, XMRMiner, CLASSIC, PotentialRisk, Tool, BtcMine, R002C0WKN23, XMRig Miner, Bitcoinminer, Detected, ai score=72, GrayWare, ApplicUnwnt@#8ffr6ueia21p, Eldorado, Miner3, Neshta, FileInfector, Gencirc, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | 118c2d536d52dd30116baaf06dfe5e63 | ||
| sha256 | f07c7223fdb691acbf0ebc7d9cc2ae614c0cf705920420c0130248a0c0e861d4 | ||
| ssdeep | 98304:ZHjJcetx2WKUcuIBjyHS7M4NrZdQ/UxBq0L56CVtM3g1fiZYi6BFAD04FyTR:wetx2Td0KBq09jXLfri6v52yTR | ||
| imphash | 2e3e4d2cfd6226981f42ae1c2abe7b12 | ||
| impfuzzy | 96:GehI5PoLULX1oj3cpejwgfTdkI9Nr8Dejys6JWaI4kXcGBgiM38aqooirbnshXJg:m5tFWbwodkI3f6JW4kDXE1rb2XW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14037f8d0 recv
0x14037f8d8 ntohs
0x14037f8e0 htons
0x14037f8e8 send
0x14037f8f0 WSASetLastError
0x14037f8f8 WSAGetLastError
0x14037f900 select
0x14037f908 WSARecvFrom
0x14037f910 WSASocketW
0x14037f918 WSASend
0x14037f920 WSARecv
0x14037f928 WSAIoctl
0x14037f930 gethostname
0x14037f938 WSADuplicateSocketW
0x14037f940 shutdown
0x14037f948 getpeername
0x14037f950 FreeAddrInfoW
0x14037f958 GetAddrInfoW
0x14037f960 htonl
0x14037f968 socket
0x14037f970 setsockopt
0x14037f978 listen
0x14037f980 closesocket
0x14037f988 ind
0x14037f990 WSACleanup
0x14037f998 WSAStartup
0x14037f9a0 getsockopt
0x14037f9a8 getsockname
0x14037f9b0 ioctlsocket
IPHLPAPI.DLL
0x14037f150 GetAdaptersAddresses
USERENV.dll
0x14037f8c0 GetUserProfileDirectoryW
CRYPT32.dll
0x14037f110 CertOpenStore
0x14037f118 CertCloseStore
0x14037f120 CertEnumCertificatesInStore
0x14037f128 CertGetCertificateContextProperty
0x14037f130 CertDuplicateCertificateContext
0x14037f138 CertFreeCertificateContext
0x14037f140 CertFindCertificateInStore
KERNEL32.dll
0x14037f160 SetConsoleMode
0x14037f168 GetConsoleMode
0x14037f170 QueryPerformanceFrequency
0x14037f178 QueryPerformanceCounter
0x14037f180 SizeofResource
0x14037f188 LockResource
0x14037f190 LoadResource
0x14037f198 FindResourceW
0x14037f1a0 ExpandEnvironmentStringsA
0x14037f1a8 GetConsoleWindow
0x14037f1b0 GetSystemFirmwareTable
0x14037f1b8 HeapFree
0x14037f1c0 HeapAlloc
0x14037f1c8 GetProcessHeap
0x14037f1d0 MultiByteToWideChar
0x14037f1d8 SetPriorityClass
0x14037f1e0 GetCurrentProcess
0x14037f1e8 SetThreadPriority
0x14037f1f0 GetSystemPowerStatus
0x14037f1f8 GetCurrentThread
0x14037f200 GetProcAddress
0x14037f208 GetModuleHandleW
0x14037f210 GetTickCount
0x14037f218 CloseHandle
0x14037f220 FreeConsole
0x14037f228 VirtualProtect
0x14037f230 VirtualFree
0x14037f238 VirtualAlloc
0x14037f240 GetLargePageMinimum
0x14037f248 LocalAlloc
0x14037f250 GetLastError
0x14037f258 LocalFree
0x14037f260 FlushInstructionCache
0x14037f268 GetCurrentThreadId
0x14037f270 AddVectoredExceptionHandler
0x14037f278 DeviceIoControl
0x14037f280 GetModuleFileNameW
0x14037f288 CreateFileW
0x14037f290 SetLastError
0x14037f298 GetSystemTime
0x14037f2a0 SystemTimeToFileTime
0x14037f2a8 GetModuleHandleExW
0x14037f2b0 EnterCriticalSection
0x14037f2b8 LeaveCriticalSection
0x14037f2c0 InitializeCriticalSectionAndSpinCount
0x14037f2c8 DeleteCriticalSection
0x14037f2d0 TlsAlloc
0x14037f2d8 TlsGetValue
0x14037f2e0 TlsSetValue
0x14037f2e8 TlsFree
0x14037f2f0 SwitchToFiber
0x14037f2f8 DeleteFiber
0x14037f300 CreateFiber
0x14037f308 FindClose
0x14037f310 FindFirstFileW
0x14037f318 FindNextFileW
0x14037f320 WideCharToMultiByte
0x14037f328 GetFileType
0x14037f330 WriteFile
0x14037f338 ConvertFiberToThread
0x14037f340 ConvertThreadToFiber
0x14037f348 GetCurrentProcessId
0x14037f350 GetSystemTimeAsFileTime
0x14037f358 FreeLibrary
0x14037f360 LoadLibraryA
0x14037f368 LoadLibraryW
0x14037f370 GetEnvironmentVariableW
0x14037f378 ReadConsoleA
0x14037f380 ReadConsoleW
0x14037f388 PostQueuedCompletionStatus
0x14037f390 CreateFileA
0x14037f398 DuplicateHandle
0x14037f3a0 SetEvent
0x14037f3a8 ResetEvent
0x14037f3b0 WaitForSingleObject
0x14037f3b8 CreateEventA
0x14037f3c0 Sleep
0x14037f3c8 QueueUserWorkItem
0x14037f3d0 RegisterWaitForSingleObject
0x14037f3d8 UnregisterWait
0x14037f3e0 GetNumberOfConsoleInputEvents
0x14037f3e8 ReadConsoleInputW
0x14037f3f0 FillConsoleOutputCharacterW
0x14037f3f8 FillConsoleOutputAttribute
0x14037f400 GetConsoleCursorInfo
0x14037f408 SetConsoleCursorInfo
0x14037f410 GetConsoleScreenBufferInfo
0x14037f418 SetConsoleCursorPosition
0x14037f420 SetConsoleTextAttribute
0x14037f428 WriteConsoleInputW
0x14037f430 CreateDirectoryW
0x14037f438 FlushFileBuffers
0x14037f440 GetDiskFreeSpaceW
0x14037f448 GetFileAttributesW
0x14037f450 GetFileInformationByHandle
0x14037f458 GetFileSizeEx
0x14037f460 GetFinalPathNameByHandleW
0x14037f468 GetFullPathNameW
0x14037f470 SetUnhandledExceptionFilter
0x14037f478 RemoveDirectoryW
0x14037f480 SetConsoleTitleA
0x14037f488 SetFileTime
0x14037f490 GetSystemInfo
0x14037f498 MapViewOfFile
0x14037f4a0 FlushViewOfFile
0x14037f4a8 UnmapViewOfFile
0x14037f4b0 CreateFileMappingA
0x14037f4b8 ReOpenFile
0x14037f4c0 CopyFileW
0x14037f4c8 MoveFileExW
0x14037f4d0 CreateHardLinkW
0x14037f4d8 GetFileInformationByHandleEx
0x14037f4e0 CreateSymbolicLinkW
0x14037f4e8 InitializeCriticalSection
0x14037f4f0 SetConsoleCtrlHandler
0x14037f4f8 GetCurrentDirectoryW
0x14037f500 GetLongPathNameW
0x14037f508 GetShortPathNameW
0x14037f510 CreateIoCompletionPort
0x14037f518 ReadDirectoryChangesW
0x14037f520 VerSetConditionMask
0x14037f528 GetEnvironmentStringsW
0x14037f530 FreeEnvironmentStringsW
0x14037f538 SetEnvironmentVariableW
0x14037f540 SetCurrentDirectoryW
0x14037f548 GetTempPathW
0x14037f550 GlobalMemoryStatusEx
0x14037f558 VerifyVersionInfoA
0x14037f560 FileTimeToSystemTime
0x14037f568 RtlUnwind
0x14037f570 SetHandleInformation
0x14037f578 CancelIoEx
0x14037f580 CancelIo
0x14037f588 SwitchToThread
0x14037f590 SetFileCompletionNotificationModes
0x14037f598 LoadLibraryExW
0x14037f5a0 FormatMessageA
0x14037f5a8 SetErrorMode
0x14037f5b0 GetQueuedCompletionStatus
0x14037f5b8 InitializeSRWLock
0x14037f5c0 ReleaseSRWLockExclusive
0x14037f5c8 AcquireSRWLockExclusive
0x14037f5d0 TryEnterCriticalSection
0x14037f5d8 InitializeConditionVariable
0x14037f5e0 WakeConditionVariable
0x14037f5e8 WakeAllConditionVariable
0x14037f5f0 SleepConditionVariableCS
0x14037f5f8 ReleaseSemaphore
0x14037f600 ResumeThread
0x14037f608 GetNativeSystemInfo
0x14037f610 CreateSemaphoreA
0x14037f618 ConnectNamedPipe
0x14037f620 SetNamedPipeHandleState
0x14037f628 PeekNamedPipe
0x14037f630 CreateNamedPipeW
0x14037f638 CancelSynchronousIo
0x14037f640 GetNamedPipeHandleStateA
0x14037f648 TerminateProcess
0x14037f650 GetExitCodeProcess
0x14037f658 UnregisterWaitEx
0x14037f660 LCMapStringW
0x14037f668 DebugBreak
0x14037f670 GetModuleHandleA
0x14037f678 LoadLibraryExA
0x14037f680 GetStartupInfoW
0x14037f688 GetModuleFileNameA
0x14037f690 GetVersionExA
0x14037f698 GetProcessAffinityMask
0x14037f6a0 SetProcessAffinityMask
0x14037f6a8 SetThreadAffinityMask
0x14037f6b0 GetComputerNameA
0x14037f6b8 RtlVirtualUnwind
0x14037f6c0 RtlLookupFunctionEntry
0x14037f6c8 RtlCaptureContext
0x14037f6d0 CreateEventW
0x14037f6d8 GetStringTypeW
0x14037f6e0 GetStdHandle
0x14037f6e8 WriteConsoleW
0x14037f6f0 SetFilePointerEx
0x14037f6f8 UnhandledExceptionFilter
0x14037f700 IsProcessorFeaturePresent
0x14037f708 IsDebuggerPresent
0x14037f710 InitializeSListHead
0x14037f718 RtlUnwindEx
0x14037f720 RtlPcToFileHeader
0x14037f728 RaiseException
0x14037f730 SetStdHandle
0x14037f738 GetCommandLineA
0x14037f740 GetCommandLineW
0x14037f748 CreateThread
0x14037f750 ExitThread
0x14037f758 FreeLibraryAndExitThread
0x14037f760 GetDriveTypeW
0x14037f768 SystemTimeToTzSpecificLocalTime
0x14037f770 ExitProcess
0x14037f778 GetFileAttributesExW
0x14037f780 SetFileAttributesW
0x14037f788 GetConsoleCP
0x14037f790 CompareStringW
0x14037f798 GetLocaleInfoW
0x14037f7a0 IsValidLocale
0x14037f7a8 GetUserDefaultLCID
0x14037f7b0 EnumSystemLocalesW
0x14037f7b8 HeapReAlloc
0x14037f7c0 GetTimeZoneInformation
0x14037f7c8 HeapSize
0x14037f7d0 SetEndOfFile
0x14037f7d8 FindFirstFileExW
0x14037f7e0 IsValidCodePage
0x14037f7e8 GetACP
0x14037f7f0 GetOEMCP
0x14037f7f8 ReadFile
0x14037f800 K32GetProcessMemoryInfo
0x14037f808 InitializeCriticalSectionEx
0x14037f810 WaitForSingleObjectEx
0x14037f818 GetExitCodeThread
0x14037f820 SleepConditionVariableSRW
0x14037f828 EncodePointer
0x14037f830 DecodePointer
0x14037f838 LCMapStringEx
0x14037f840 CompareStringEx
0x14037f848 GetCPInfo
USER32.dll
0x14037f868 GetProcessWindowStation
0x14037f870 GetUserObjectInformationW
0x14037f878 ShowWindow
0x14037f880 GetLastInputInfo
0x14037f888 DispatchMessageA
0x14037f890 GetMessageA
0x14037f898 GetSystemMetrics
0x14037f8a0 MapVirtualKeyW
0x14037f8a8 TranslateMessage
0x14037f8b0 MessageBoxW
SHELL32.dll
0x14037f858 SHGetSpecialFolderPathA
ole32.dll
0x14037f9d0 CoInitializeEx
0x14037f9d8 CoCreateInstance
0x14037f9e0 CoUninitialize
ADVAPI32.dll
0x14037f000 SystemFunction036
0x14037f008 GetUserNameW
0x14037f010 CryptEnumProvidersW
0x14037f018 CryptSignHashW
0x14037f020 CryptDestroyHash
0x14037f028 CryptCreateHash
0x14037f030 CryptDecrypt
0x14037f038 CryptExportKey
0x14037f040 CryptGetUserKey
0x14037f048 CryptGetProvParam
0x14037f050 CryptSetHashParam
0x14037f058 CryptDestroyKey
0x14037f060 CryptReleaseContext
0x14037f068 CryptAcquireContextW
0x14037f070 ReportEventW
0x14037f078 RegisterEventSourceW
0x14037f080 DeregisterEventSource
0x14037f088 CreateServiceW
0x14037f090 QueryServiceStatus
0x14037f098 CloseServiceHandle
0x14037f0a0 OpenSCManagerW
0x14037f0a8 QueryServiceConfigA
0x14037f0b0 DeleteService
0x14037f0b8 ControlService
0x14037f0c0 StartServiceW
0x14037f0c8 OpenServiceW
0x14037f0d0 LookupPrivilegeValueW
0x14037f0d8 AdjustTokenPrivileges
0x14037f0e0 OpenProcessToken
0x14037f0e8 LsaOpenPolicy
0x14037f0f0 LsaAddAccountRights
0x14037f0f8 LsaClose
0x14037f100 GetTokenInformation
crypt.dll
0x14037f9c0 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14037f8d0 recv
0x14037f8d8 ntohs
0x14037f8e0 htons
0x14037f8e8 send
0x14037f8f0 WSASetLastError
0x14037f8f8 WSAGetLastError
0x14037f900 select
0x14037f908 WSARecvFrom
0x14037f910 WSASocketW
0x14037f918 WSASend
0x14037f920 WSARecv
0x14037f928 WSAIoctl
0x14037f930 gethostname
0x14037f938 WSADuplicateSocketW
0x14037f940 shutdown
0x14037f948 getpeername
0x14037f950 FreeAddrInfoW
0x14037f958 GetAddrInfoW
0x14037f960 htonl
0x14037f968 socket
0x14037f970 setsockopt
0x14037f978 listen
0x14037f980 closesocket
0x14037f988 ind
0x14037f990 WSACleanup
0x14037f998 WSAStartup
0x14037f9a0 getsockopt
0x14037f9a8 getsockname
0x14037f9b0 ioctlsocket
IPHLPAPI.DLL
0x14037f150 GetAdaptersAddresses
USERENV.dll
0x14037f8c0 GetUserProfileDirectoryW
CRYPT32.dll
0x14037f110 CertOpenStore
0x14037f118 CertCloseStore
0x14037f120 CertEnumCertificatesInStore
0x14037f128 CertGetCertificateContextProperty
0x14037f130 CertDuplicateCertificateContext
0x14037f138 CertFreeCertificateContext
0x14037f140 CertFindCertificateInStore
KERNEL32.dll
0x14037f160 SetConsoleMode
0x14037f168 GetConsoleMode
0x14037f170 QueryPerformanceFrequency
0x14037f178 QueryPerformanceCounter
0x14037f180 SizeofResource
0x14037f188 LockResource
0x14037f190 LoadResource
0x14037f198 FindResourceW
0x14037f1a0 ExpandEnvironmentStringsA
0x14037f1a8 GetConsoleWindow
0x14037f1b0 GetSystemFirmwareTable
0x14037f1b8 HeapFree
0x14037f1c0 HeapAlloc
0x14037f1c8 GetProcessHeap
0x14037f1d0 MultiByteToWideChar
0x14037f1d8 SetPriorityClass
0x14037f1e0 GetCurrentProcess
0x14037f1e8 SetThreadPriority
0x14037f1f0 GetSystemPowerStatus
0x14037f1f8 GetCurrentThread
0x14037f200 GetProcAddress
0x14037f208 GetModuleHandleW
0x14037f210 GetTickCount
0x14037f218 CloseHandle
0x14037f220 FreeConsole
0x14037f228 VirtualProtect
0x14037f230 VirtualFree
0x14037f238 VirtualAlloc
0x14037f240 GetLargePageMinimum
0x14037f248 LocalAlloc
0x14037f250 GetLastError
0x14037f258 LocalFree
0x14037f260 FlushInstructionCache
0x14037f268 GetCurrentThreadId
0x14037f270 AddVectoredExceptionHandler
0x14037f278 DeviceIoControl
0x14037f280 GetModuleFileNameW
0x14037f288 CreateFileW
0x14037f290 SetLastError
0x14037f298 GetSystemTime
0x14037f2a0 SystemTimeToFileTime
0x14037f2a8 GetModuleHandleExW
0x14037f2b0 EnterCriticalSection
0x14037f2b8 LeaveCriticalSection
0x14037f2c0 InitializeCriticalSectionAndSpinCount
0x14037f2c8 DeleteCriticalSection
0x14037f2d0 TlsAlloc
0x14037f2d8 TlsGetValue
0x14037f2e0 TlsSetValue
0x14037f2e8 TlsFree
0x14037f2f0 SwitchToFiber
0x14037f2f8 DeleteFiber
0x14037f300 CreateFiber
0x14037f308 FindClose
0x14037f310 FindFirstFileW
0x14037f318 FindNextFileW
0x14037f320 WideCharToMultiByte
0x14037f328 GetFileType
0x14037f330 WriteFile
0x14037f338 ConvertFiberToThread
0x14037f340 ConvertThreadToFiber
0x14037f348 GetCurrentProcessId
0x14037f350 GetSystemTimeAsFileTime
0x14037f358 FreeLibrary
0x14037f360 LoadLibraryA
0x14037f368 LoadLibraryW
0x14037f370 GetEnvironmentVariableW
0x14037f378 ReadConsoleA
0x14037f380 ReadConsoleW
0x14037f388 PostQueuedCompletionStatus
0x14037f390 CreateFileA
0x14037f398 DuplicateHandle
0x14037f3a0 SetEvent
0x14037f3a8 ResetEvent
0x14037f3b0 WaitForSingleObject
0x14037f3b8 CreateEventA
0x14037f3c0 Sleep
0x14037f3c8 QueueUserWorkItem
0x14037f3d0 RegisterWaitForSingleObject
0x14037f3d8 UnregisterWait
0x14037f3e0 GetNumberOfConsoleInputEvents
0x14037f3e8 ReadConsoleInputW
0x14037f3f0 FillConsoleOutputCharacterW
0x14037f3f8 FillConsoleOutputAttribute
0x14037f400 GetConsoleCursorInfo
0x14037f408 SetConsoleCursorInfo
0x14037f410 GetConsoleScreenBufferInfo
0x14037f418 SetConsoleCursorPosition
0x14037f420 SetConsoleTextAttribute
0x14037f428 WriteConsoleInputW
0x14037f430 CreateDirectoryW
0x14037f438 FlushFileBuffers
0x14037f440 GetDiskFreeSpaceW
0x14037f448 GetFileAttributesW
0x14037f450 GetFileInformationByHandle
0x14037f458 GetFileSizeEx
0x14037f460 GetFinalPathNameByHandleW
0x14037f468 GetFullPathNameW
0x14037f470 SetUnhandledExceptionFilter
0x14037f478 RemoveDirectoryW
0x14037f480 SetConsoleTitleA
0x14037f488 SetFileTime
0x14037f490 GetSystemInfo
0x14037f498 MapViewOfFile
0x14037f4a0 FlushViewOfFile
0x14037f4a8 UnmapViewOfFile
0x14037f4b0 CreateFileMappingA
0x14037f4b8 ReOpenFile
0x14037f4c0 CopyFileW
0x14037f4c8 MoveFileExW
0x14037f4d0 CreateHardLinkW
0x14037f4d8 GetFileInformationByHandleEx
0x14037f4e0 CreateSymbolicLinkW
0x14037f4e8 InitializeCriticalSection
0x14037f4f0 SetConsoleCtrlHandler
0x14037f4f8 GetCurrentDirectoryW
0x14037f500 GetLongPathNameW
0x14037f508 GetShortPathNameW
0x14037f510 CreateIoCompletionPort
0x14037f518 ReadDirectoryChangesW
0x14037f520 VerSetConditionMask
0x14037f528 GetEnvironmentStringsW
0x14037f530 FreeEnvironmentStringsW
0x14037f538 SetEnvironmentVariableW
0x14037f540 SetCurrentDirectoryW
0x14037f548 GetTempPathW
0x14037f550 GlobalMemoryStatusEx
0x14037f558 VerifyVersionInfoA
0x14037f560 FileTimeToSystemTime
0x14037f568 RtlUnwind
0x14037f570 SetHandleInformation
0x14037f578 CancelIoEx
0x14037f580 CancelIo
0x14037f588 SwitchToThread
0x14037f590 SetFileCompletionNotificationModes
0x14037f598 LoadLibraryExW
0x14037f5a0 FormatMessageA
0x14037f5a8 SetErrorMode
0x14037f5b0 GetQueuedCompletionStatus
0x14037f5b8 InitializeSRWLock
0x14037f5c0 ReleaseSRWLockExclusive
0x14037f5c8 AcquireSRWLockExclusive
0x14037f5d0 TryEnterCriticalSection
0x14037f5d8 InitializeConditionVariable
0x14037f5e0 WakeConditionVariable
0x14037f5e8 WakeAllConditionVariable
0x14037f5f0 SleepConditionVariableCS
0x14037f5f8 ReleaseSemaphore
0x14037f600 ResumeThread
0x14037f608 GetNativeSystemInfo
0x14037f610 CreateSemaphoreA
0x14037f618 ConnectNamedPipe
0x14037f620 SetNamedPipeHandleState
0x14037f628 PeekNamedPipe
0x14037f630 CreateNamedPipeW
0x14037f638 CancelSynchronousIo
0x14037f640 GetNamedPipeHandleStateA
0x14037f648 TerminateProcess
0x14037f650 GetExitCodeProcess
0x14037f658 UnregisterWaitEx
0x14037f660 LCMapStringW
0x14037f668 DebugBreak
0x14037f670 GetModuleHandleA
0x14037f678 LoadLibraryExA
0x14037f680 GetStartupInfoW
0x14037f688 GetModuleFileNameA
0x14037f690 GetVersionExA
0x14037f698 GetProcessAffinityMask
0x14037f6a0 SetProcessAffinityMask
0x14037f6a8 SetThreadAffinityMask
0x14037f6b0 GetComputerNameA
0x14037f6b8 RtlVirtualUnwind
0x14037f6c0 RtlLookupFunctionEntry
0x14037f6c8 RtlCaptureContext
0x14037f6d0 CreateEventW
0x14037f6d8 GetStringTypeW
0x14037f6e0 GetStdHandle
0x14037f6e8 WriteConsoleW
0x14037f6f0 SetFilePointerEx
0x14037f6f8 UnhandledExceptionFilter
0x14037f700 IsProcessorFeaturePresent
0x14037f708 IsDebuggerPresent
0x14037f710 InitializeSListHead
0x14037f718 RtlUnwindEx
0x14037f720 RtlPcToFileHeader
0x14037f728 RaiseException
0x14037f730 SetStdHandle
0x14037f738 GetCommandLineA
0x14037f740 GetCommandLineW
0x14037f748 CreateThread
0x14037f750 ExitThread
0x14037f758 FreeLibraryAndExitThread
0x14037f760 GetDriveTypeW
0x14037f768 SystemTimeToTzSpecificLocalTime
0x14037f770 ExitProcess
0x14037f778 GetFileAttributesExW
0x14037f780 SetFileAttributesW
0x14037f788 GetConsoleCP
0x14037f790 CompareStringW
0x14037f798 GetLocaleInfoW
0x14037f7a0 IsValidLocale
0x14037f7a8 GetUserDefaultLCID
0x14037f7b0 EnumSystemLocalesW
0x14037f7b8 HeapReAlloc
0x14037f7c0 GetTimeZoneInformation
0x14037f7c8 HeapSize
0x14037f7d0 SetEndOfFile
0x14037f7d8 FindFirstFileExW
0x14037f7e0 IsValidCodePage
0x14037f7e8 GetACP
0x14037f7f0 GetOEMCP
0x14037f7f8 ReadFile
0x14037f800 K32GetProcessMemoryInfo
0x14037f808 InitializeCriticalSectionEx
0x14037f810 WaitForSingleObjectEx
0x14037f818 GetExitCodeThread
0x14037f820 SleepConditionVariableSRW
0x14037f828 EncodePointer
0x14037f830 DecodePointer
0x14037f838 LCMapStringEx
0x14037f840 CompareStringEx
0x14037f848 GetCPInfo
USER32.dll
0x14037f868 GetProcessWindowStation
0x14037f870 GetUserObjectInformationW
0x14037f878 ShowWindow
0x14037f880 GetLastInputInfo
0x14037f888 DispatchMessageA
0x14037f890 GetMessageA
0x14037f898 GetSystemMetrics
0x14037f8a0 MapVirtualKeyW
0x14037f8a8 TranslateMessage
0x14037f8b0 MessageBoxW
SHELL32.dll
0x14037f858 SHGetSpecialFolderPathA
ole32.dll
0x14037f9d0 CoInitializeEx
0x14037f9d8 CoCreateInstance
0x14037f9e0 CoUninitialize
ADVAPI32.dll
0x14037f000 SystemFunction036
0x14037f008 GetUserNameW
0x14037f010 CryptEnumProvidersW
0x14037f018 CryptSignHashW
0x14037f020 CryptDestroyHash
0x14037f028 CryptCreateHash
0x14037f030 CryptDecrypt
0x14037f038 CryptExportKey
0x14037f040 CryptGetUserKey
0x14037f048 CryptGetProvParam
0x14037f050 CryptSetHashParam
0x14037f058 CryptDestroyKey
0x14037f060 CryptReleaseContext
0x14037f068 CryptAcquireContextW
0x14037f070 ReportEventW
0x14037f078 RegisterEventSourceW
0x14037f080 DeregisterEventSource
0x14037f088 CreateServiceW
0x14037f090 QueryServiceStatus
0x14037f098 CloseServiceHandle
0x14037f0a0 OpenSCManagerW
0x14037f0a8 QueryServiceConfigA
0x14037f0b0 DeleteService
0x14037f0b8 ControlService
0x14037f0c0 StartServiceW
0x14037f0c8 OpenServiceW
0x14037f0d0 LookupPrivilegeValueW
0x14037f0d8 AdjustTokenPrivileges
0x14037f0e0 OpenProcessToken
0x14037f0e8 LsaOpenPolicy
0x14037f0f0 LsaAddAccountRights
0x14037f0f8 LsaClose
0x14037f100 GetTokenInformation
crypt.dll
0x14037f9c0 BCryptGenRandom
EAT(Export Address Table) is none