ScreenShot
| Created | 2024.03.29 07:49 | Machine | s1_win7_x6403 |
| Filename | pt.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 9 detected (malicious, moderate confidence, Greedy, score, Casdet, Static AI, Suspicious PE, confidence) | ||
| md5 | 28b734a208be706ba26a552f1b0adafe | ||
| sha256 | a7f44db1d0eff2bff49da2a4c059c2104b900e173da5fad6cec88fbf46a7dd9c | ||
| ssdeep | 49152:ns7opF2Kvl91QRsOX+apGccWUsPc0MmOY5ku66Tj2MoisgrNeucZQr/W3GJeybP2:sMs5Z5kB+ZvjGeW3Qeybe9Fmd+sN+ | ||
| imphash | 32fd047d5baf78baa335b3790147faae | ||
| impfuzzy | 96:LXqx+EWVSvtruIIESMXWzZ4bQBKhNZazav2/fcRIkGoUURHSsEW6:LaAEW4vtPIoWNQNZazaF8URH4W6 | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Executes one or more WMI queries |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | Steals private information from local Internet browsers |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (3cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x14033d718 CoInitializeSecurity
0x14033d720 CoInitializeEx
kernel32.dll
0x14033d0f8 SetConsoleMode
0x14033d100 GetConsoleScreenBufferInfo
0x14033d108 SetConsoleTextAttribute
0x14033d110 SetThreadStackGuarantee
0x14033d118 ReleaseSRWLockExclusive
0x14033d120 CreateFileW
0x14033d128 GetModuleFileNameW
0x14033d130 SetFileInformationByHandle
0x14033d138 SwitchToThread
0x14033d140 SetEnvironmentVariableW
0x14033d148 GetCPInfo
0x14033d150 GetOEMCP
0x14033d158 GetACP
0x14033d160 IsValidCodePage
0x14033d168 FindFirstFileExW
0x14033d170 FormatMessageW
0x14033d178 LocalFree
0x14033d180 SetLastError
0x14033d188 GetConsoleMode
0x14033d190 TryAcquireSRWLockExclusive
0x14033d198 GetQueuedCompletionStatusEx
0x14033d1a0 CreateIoCompletionPort
0x14033d1a8 SetFileCompletionNotificationModes
0x14033d1b0 LCMapStringW
0x14033d1b8 AddVectoredExceptionHandler
0x14033d1c0 SetStdHandle
0x14033d1c8 WakeAllConditionVariable
0x14033d1d0 SleepConditionVariableSRW
0x14033d1d8 WakeConditionVariable
0x14033d1e0 GetSystemInfo
0x14033d1e8 GetStringTypeW
0x14033d1f0 CompareStringW
0x14033d1f8 FlsFree
0x14033d200 FlsSetValue
0x14033d208 FlsGetValue
0x14033d210 GetStdHandle
0x14033d218 GetFinalPathNameByHandleW
0x14033d220 GetLastError
0x14033d228 FlsAlloc
0x14033d230 GetTimeZoneInformation
0x14033d238 GetCommandLineA
0x14033d240 GetModuleHandleExW
0x14033d248 AcquireSRWLockShared
0x14033d250 ReleaseSRWLockShared
0x14033d258 QueryPerformanceCounter
0x14033d260 SetFilePointerEx
0x14033d268 GetFileInformationByHandle
0x14033d270 GetFileInformationByHandleEx
0x14033d278 GetCommandLineW
0x14033d280 FreeLibraryAndExitThread
0x14033d288 ExitThread
0x14033d290 GetModuleHandleA
0x14033d298 GetConsoleWindow
0x14033d2a0 GetCurrentThread
0x14033d2a8 RtlPcToFileHeader
0x14033d2b0 WaitForSingleObject
0x14033d2b8 MultiByteToWideChar
0x14033d2c0 WriteConsoleW
0x14033d2c8 CreateWaitableTimerExW
0x14033d2d0 SetWaitableTimer
0x14033d2d8 Sleep
0x14033d2e0 QueryPerformanceFrequency
0x14033d2e8 GetModuleHandleW
0x14033d2f0 GetCurrentProcess
0x14033d2f8 GetEnvironmentVariableW
0x14033d300 GetTempPathW
0x14033d308 LoadLibraryExW
0x14033d310 GetFullPathNameW
0x14033d318 FindNextFileW
0x14033d320 CreateDirectoryW
0x14033d328 FindFirstFileW
0x14033d330 TlsFree
0x14033d338 TlsSetValue
0x14033d340 TlsGetValue
0x14033d348 TlsAlloc
0x14033d350 GetEnvironmentStringsW
0x14033d358 FreeEnvironmentStringsW
0x14033d360 CompareStringOrdinal
0x14033d368 GetSystemDirectoryW
0x14033d370 GetWindowsDirectoryW
0x14033d378 CreateProcessW
0x14033d380 GetFileAttributesW
0x14033d388 DuplicateHandle
0x14033d390 InitializeProcThreadAttributeList
0x14033d398 UpdateProcThreadAttribute
0x14033d3a0 DeleteProcThreadAttributeList
0x14033d3a8 GetCurrentProcessId
0x14033d3b0 CreateNamedPipeW
0x14033d3b8 CreateThread
0x14033d3c0 ReadFileEx
0x14033d3c8 SleepEx
0x14033d3d0 WriteFileEx
0x14033d3d8 WaitForMultipleObjects
0x14033d3e0 GetOverlappedResult
0x14033d3e8 GetExitCodeProcess
0x14033d3f0 CreateEventW
0x14033d3f8 CancelIo
0x14033d400 ReadFile
0x14033d408 ExitProcess
0x14033d410 GetSystemTimeAsFileTime
0x14033d418 GetProcessHeap
0x14033d420 HeapAlloc
0x14033d428 GetCurrentDirectoryW
0x14033d430 RtlCaptureContext
0x14033d438 RtlLookupFunctionEntry
0x14033d440 CreateMutexA
0x14033d448 WaitForSingleObjectEx
0x14033d450 LoadLibraryA
0x14033d458 RtlVirtualUnwind
0x14033d460 CopyFileExW
0x14033d468 GetFileType
0x14033d470 SetHandleInformation
0x14033d478 InitializeCriticalSectionAndSpinCount
0x14033d480 FindClose
0x14033d488 CloseHandle
0x14033d490 EncodePointer
0x14033d498 ReadProcessMemory
0x14033d4a0 VirtualQueryEx
0x14033d4a8 GetProcessTimes
0x14033d4b0 GetSystemTimes
0x14033d4b8 GetProcessIoCounters
0x14033d4c0 RtlUnwindEx
0x14033d4c8 GetConsoleOutputCP
0x14033d4d0 HeapFree
0x14033d4d8 AcquireSRWLockExclusive
0x14033d4e0 OpenProcess
0x14033d4e8 GlobalMemoryStatusEx
0x14033d4f0 K32GetPerformanceInfo
0x14033d4f8 GetStartupInfoW
0x14033d500 IsDebuggerPresent
0x14033d508 InitializeSListHead
0x14033d510 IsProcessorFeaturePresent
0x14033d518 TerminateProcess
0x14033d520 SetUnhandledExceptionFilter
0x14033d528 PostQueuedCompletionStatus
0x14033d530 UnhandledExceptionFilter
0x14033d538 HeapReAlloc
0x14033d540 GetProcAddress
0x14033d548 ReleaseMutex
0x14033d550 GetCurrentThreadId
0x14033d558 DeleteCriticalSection
0x14033d560 LoadLibraryExA
0x14033d568 FreeLibrary
0x14033d570 TryEnterCriticalSection
0x14033d578 FlushFileBuffers
0x14033d580 GetTickCount
0x14033d588 MapViewOfFile
0x14033d590 CreateFileMappingW
0x14033d598 FormatMessageA
0x14033d5a0 GetSystemTime
0x14033d5a8 WideCharToMultiByte
0x14033d5b0 SystemTimeToFileTime
0x14033d5b8 GetFileSize
0x14033d5c0 LockFileEx
0x14033d5c8 UnlockFile
0x14033d5d0 HeapDestroy
0x14033d5d8 HeapCompact
0x14033d5e0 LoadLibraryW
0x14033d5e8 DeleteFileW
0x14033d5f0 DeleteFileA
0x14033d5f8 CreateFileA
0x14033d600 FlushViewOfFile
0x14033d608 OutputDebugStringW
0x14033d610 GetFileAttributesExW
0x14033d618 GetFileAttributesA
0x14033d620 GetDiskFreeSpaceA
0x14033d628 GetTempPathA
0x14033d630 HeapSize
0x14033d638 HeapValidate
0x14033d640 UnmapViewOfFile
0x14033d648 CreateMutexW
0x14033d650 UnlockFileEx
0x14033d658 SetEndOfFile
0x14033d660 GetFullPathNameA
0x14033d668 SetFilePointer
0x14033d670 LockFile
0x14033d678 OutputDebugStringA
0x14033d680 GetDiskFreeSpaceW
0x14033d688 WriteFile
0x14033d690 HeapCreate
0x14033d698 AreFileApisANSI
0x14033d6a0 RaiseException
0x14033d6a8 InitializeCriticalSection
0x14033d6b0 EnterCriticalSection
0x14033d6b8 LeaveCriticalSection
advapi32.dll
0x14033d000 RegQueryValueExW
0x14033d008 RegOpenKeyExW
0x14033d010 RegCloseKey
0x14033d018 CopySid
0x14033d020 GetLengthSid
0x14033d028 SystemFunction036
0x14033d030 IsValidSid
0x14033d038 GetTokenInformation
0x14033d040 OpenProcessToken
0x14033d048 RegSetValueExW
ws2_32.dll
0x14033d828 ind
0x14033d830 setsockopt
0x14033d838 getsockopt
0x14033d840 shutdown
0x14033d848 connect
0x14033d850 WSACleanup
0x14033d858 WSASend
0x14033d860 getaddrinfo
0x14033d868 WSAIoctl
0x14033d870 ioctlsocket
0x14033d878 WSASocketW
0x14033d880 getsockname
0x14033d888 WSAGetLastError
0x14033d890 getpeername
0x14033d898 send
0x14033d8a0 freeaddrinfo
0x14033d8a8 WSAStartup
0x14033d8b0 closesocket
0x14033d8b8 recv
0x14033d8c0 socket
crypt32.dll
0x14033d068 CryptUnprotectData
0x14033d070 CertAddCertificateContextToStore
0x14033d078 CertEnumCertificatesInStore
0x14033d080 CertVerifyCertificateChainPolicy
0x14033d088 CertFreeCertificateChain
0x14033d090 CertGetCertificateChain
0x14033d098 CertDuplicateStore
0x14033d0a0 CertDuplicateCertificateChain
0x14033d0a8 CertOpenStore
0x14033d0b0 CertGetEnhancedKeyUsage
0x14033d0b8 CertVerifyTimeValidity
0x14033d0c0 CertFreeCertificateContext
0x14033d0c8 CertCloseStore
0x14033d0d0 CertDuplicateCertificateContext
user32.dll
0x14033d818 ShowWindow
iphlpapi.dll
0x14033d0e0 GetAdaptersAddresses
0x14033d0e8 GetIpForwardTable
pdh.dll
0x14033d750 PdhGetFormattedCounterValue
0x14033d758 PdhAddEnglishCounterW
0x14033d760 PdhCloseQuery
0x14033d768 PdhRemoveCounter
0x14033d770 PdhCollectQueryData
0x14033d778 PdhOpenQueryA
ntdll.dll
0x14033d6c8 NtCancelIoFileEx
0x14033d6d0 RtlGetVersion
0x14033d6d8 NtReadFile
0x14033d6e0 RtlNtStatusToDosError
0x14033d6e8 NtDeviceIoControlFile
0x14033d6f0 NtCreateFile
0x14033d6f8 NtWriteFile
0x14033d700 NtQueryInformationProcess
0x14033d708 NtQuerySystemInformation
crypt.dll
0x14033d058 BCryptGenRandom
secur32.dll
0x14033d7b0 DeleteSecurityContext
0x14033d7b8 QueryContextAttributesW
0x14033d7c0 DecryptMessage
0x14033d7c8 FreeCredentialsHandle
0x14033d7d0 ApplyControlToken
0x14033d7d8 FreeContextBuffer
0x14033d7e0 AcceptSecurityContext
0x14033d7e8 AcquireCredentialsHandleA
0x14033d7f0 EncryptMessage
0x14033d7f8 InitializeSecurityContextW
psapi.dll
0x14033d798 GetModuleFileNameExW
0x14033d7a0 GetProcessMemoryInfo
shell32.dll
0x14033d808 CommandLineToArgvW
powrprof.dll
0x14033d788 CallNtPowerInformation
oleaut32.dll
0x14033d730 GetErrorInfo
0x14033d738 SysStringLen
0x14033d740 SysFreeString
EAT(Export Address Table) is none
ole32.dll
0x14033d718 CoInitializeSecurity
0x14033d720 CoInitializeEx
kernel32.dll
0x14033d0f8 SetConsoleMode
0x14033d100 GetConsoleScreenBufferInfo
0x14033d108 SetConsoleTextAttribute
0x14033d110 SetThreadStackGuarantee
0x14033d118 ReleaseSRWLockExclusive
0x14033d120 CreateFileW
0x14033d128 GetModuleFileNameW
0x14033d130 SetFileInformationByHandle
0x14033d138 SwitchToThread
0x14033d140 SetEnvironmentVariableW
0x14033d148 GetCPInfo
0x14033d150 GetOEMCP
0x14033d158 GetACP
0x14033d160 IsValidCodePage
0x14033d168 FindFirstFileExW
0x14033d170 FormatMessageW
0x14033d178 LocalFree
0x14033d180 SetLastError
0x14033d188 GetConsoleMode
0x14033d190 TryAcquireSRWLockExclusive
0x14033d198 GetQueuedCompletionStatusEx
0x14033d1a0 CreateIoCompletionPort
0x14033d1a8 SetFileCompletionNotificationModes
0x14033d1b0 LCMapStringW
0x14033d1b8 AddVectoredExceptionHandler
0x14033d1c0 SetStdHandle
0x14033d1c8 WakeAllConditionVariable
0x14033d1d0 SleepConditionVariableSRW
0x14033d1d8 WakeConditionVariable
0x14033d1e0 GetSystemInfo
0x14033d1e8 GetStringTypeW
0x14033d1f0 CompareStringW
0x14033d1f8 FlsFree
0x14033d200 FlsSetValue
0x14033d208 FlsGetValue
0x14033d210 GetStdHandle
0x14033d218 GetFinalPathNameByHandleW
0x14033d220 GetLastError
0x14033d228 FlsAlloc
0x14033d230 GetTimeZoneInformation
0x14033d238 GetCommandLineA
0x14033d240 GetModuleHandleExW
0x14033d248 AcquireSRWLockShared
0x14033d250 ReleaseSRWLockShared
0x14033d258 QueryPerformanceCounter
0x14033d260 SetFilePointerEx
0x14033d268 GetFileInformationByHandle
0x14033d270 GetFileInformationByHandleEx
0x14033d278 GetCommandLineW
0x14033d280 FreeLibraryAndExitThread
0x14033d288 ExitThread
0x14033d290 GetModuleHandleA
0x14033d298 GetConsoleWindow
0x14033d2a0 GetCurrentThread
0x14033d2a8 RtlPcToFileHeader
0x14033d2b0 WaitForSingleObject
0x14033d2b8 MultiByteToWideChar
0x14033d2c0 WriteConsoleW
0x14033d2c8 CreateWaitableTimerExW
0x14033d2d0 SetWaitableTimer
0x14033d2d8 Sleep
0x14033d2e0 QueryPerformanceFrequency
0x14033d2e8 GetModuleHandleW
0x14033d2f0 GetCurrentProcess
0x14033d2f8 GetEnvironmentVariableW
0x14033d300 GetTempPathW
0x14033d308 LoadLibraryExW
0x14033d310 GetFullPathNameW
0x14033d318 FindNextFileW
0x14033d320 CreateDirectoryW
0x14033d328 FindFirstFileW
0x14033d330 TlsFree
0x14033d338 TlsSetValue
0x14033d340 TlsGetValue
0x14033d348 TlsAlloc
0x14033d350 GetEnvironmentStringsW
0x14033d358 FreeEnvironmentStringsW
0x14033d360 CompareStringOrdinal
0x14033d368 GetSystemDirectoryW
0x14033d370 GetWindowsDirectoryW
0x14033d378 CreateProcessW
0x14033d380 GetFileAttributesW
0x14033d388 DuplicateHandle
0x14033d390 InitializeProcThreadAttributeList
0x14033d398 UpdateProcThreadAttribute
0x14033d3a0 DeleteProcThreadAttributeList
0x14033d3a8 GetCurrentProcessId
0x14033d3b0 CreateNamedPipeW
0x14033d3b8 CreateThread
0x14033d3c0 ReadFileEx
0x14033d3c8 SleepEx
0x14033d3d0 WriteFileEx
0x14033d3d8 WaitForMultipleObjects
0x14033d3e0 GetOverlappedResult
0x14033d3e8 GetExitCodeProcess
0x14033d3f0 CreateEventW
0x14033d3f8 CancelIo
0x14033d400 ReadFile
0x14033d408 ExitProcess
0x14033d410 GetSystemTimeAsFileTime
0x14033d418 GetProcessHeap
0x14033d420 HeapAlloc
0x14033d428 GetCurrentDirectoryW
0x14033d430 RtlCaptureContext
0x14033d438 RtlLookupFunctionEntry
0x14033d440 CreateMutexA
0x14033d448 WaitForSingleObjectEx
0x14033d450 LoadLibraryA
0x14033d458 RtlVirtualUnwind
0x14033d460 CopyFileExW
0x14033d468 GetFileType
0x14033d470 SetHandleInformation
0x14033d478 InitializeCriticalSectionAndSpinCount
0x14033d480 FindClose
0x14033d488 CloseHandle
0x14033d490 EncodePointer
0x14033d498 ReadProcessMemory
0x14033d4a0 VirtualQueryEx
0x14033d4a8 GetProcessTimes
0x14033d4b0 GetSystemTimes
0x14033d4b8 GetProcessIoCounters
0x14033d4c0 RtlUnwindEx
0x14033d4c8 GetConsoleOutputCP
0x14033d4d0 HeapFree
0x14033d4d8 AcquireSRWLockExclusive
0x14033d4e0 OpenProcess
0x14033d4e8 GlobalMemoryStatusEx
0x14033d4f0 K32GetPerformanceInfo
0x14033d4f8 GetStartupInfoW
0x14033d500 IsDebuggerPresent
0x14033d508 InitializeSListHead
0x14033d510 IsProcessorFeaturePresent
0x14033d518 TerminateProcess
0x14033d520 SetUnhandledExceptionFilter
0x14033d528 PostQueuedCompletionStatus
0x14033d530 UnhandledExceptionFilter
0x14033d538 HeapReAlloc
0x14033d540 GetProcAddress
0x14033d548 ReleaseMutex
0x14033d550 GetCurrentThreadId
0x14033d558 DeleteCriticalSection
0x14033d560 LoadLibraryExA
0x14033d568 FreeLibrary
0x14033d570 TryEnterCriticalSection
0x14033d578 FlushFileBuffers
0x14033d580 GetTickCount
0x14033d588 MapViewOfFile
0x14033d590 CreateFileMappingW
0x14033d598 FormatMessageA
0x14033d5a0 GetSystemTime
0x14033d5a8 WideCharToMultiByte
0x14033d5b0 SystemTimeToFileTime
0x14033d5b8 GetFileSize
0x14033d5c0 LockFileEx
0x14033d5c8 UnlockFile
0x14033d5d0 HeapDestroy
0x14033d5d8 HeapCompact
0x14033d5e0 LoadLibraryW
0x14033d5e8 DeleteFileW
0x14033d5f0 DeleteFileA
0x14033d5f8 CreateFileA
0x14033d600 FlushViewOfFile
0x14033d608 OutputDebugStringW
0x14033d610 GetFileAttributesExW
0x14033d618 GetFileAttributesA
0x14033d620 GetDiskFreeSpaceA
0x14033d628 GetTempPathA
0x14033d630 HeapSize
0x14033d638 HeapValidate
0x14033d640 UnmapViewOfFile
0x14033d648 CreateMutexW
0x14033d650 UnlockFileEx
0x14033d658 SetEndOfFile
0x14033d660 GetFullPathNameA
0x14033d668 SetFilePointer
0x14033d670 LockFile
0x14033d678 OutputDebugStringA
0x14033d680 GetDiskFreeSpaceW
0x14033d688 WriteFile
0x14033d690 HeapCreate
0x14033d698 AreFileApisANSI
0x14033d6a0 RaiseException
0x14033d6a8 InitializeCriticalSection
0x14033d6b0 EnterCriticalSection
0x14033d6b8 LeaveCriticalSection
advapi32.dll
0x14033d000 RegQueryValueExW
0x14033d008 RegOpenKeyExW
0x14033d010 RegCloseKey
0x14033d018 CopySid
0x14033d020 GetLengthSid
0x14033d028 SystemFunction036
0x14033d030 IsValidSid
0x14033d038 GetTokenInformation
0x14033d040 OpenProcessToken
0x14033d048 RegSetValueExW
ws2_32.dll
0x14033d828 ind
0x14033d830 setsockopt
0x14033d838 getsockopt
0x14033d840 shutdown
0x14033d848 connect
0x14033d850 WSACleanup
0x14033d858 WSASend
0x14033d860 getaddrinfo
0x14033d868 WSAIoctl
0x14033d870 ioctlsocket
0x14033d878 WSASocketW
0x14033d880 getsockname
0x14033d888 WSAGetLastError
0x14033d890 getpeername
0x14033d898 send
0x14033d8a0 freeaddrinfo
0x14033d8a8 WSAStartup
0x14033d8b0 closesocket
0x14033d8b8 recv
0x14033d8c0 socket
crypt32.dll
0x14033d068 CryptUnprotectData
0x14033d070 CertAddCertificateContextToStore
0x14033d078 CertEnumCertificatesInStore
0x14033d080 CertVerifyCertificateChainPolicy
0x14033d088 CertFreeCertificateChain
0x14033d090 CertGetCertificateChain
0x14033d098 CertDuplicateStore
0x14033d0a0 CertDuplicateCertificateChain
0x14033d0a8 CertOpenStore
0x14033d0b0 CertGetEnhancedKeyUsage
0x14033d0b8 CertVerifyTimeValidity
0x14033d0c0 CertFreeCertificateContext
0x14033d0c8 CertCloseStore
0x14033d0d0 CertDuplicateCertificateContext
user32.dll
0x14033d818 ShowWindow
iphlpapi.dll
0x14033d0e0 GetAdaptersAddresses
0x14033d0e8 GetIpForwardTable
pdh.dll
0x14033d750 PdhGetFormattedCounterValue
0x14033d758 PdhAddEnglishCounterW
0x14033d760 PdhCloseQuery
0x14033d768 PdhRemoveCounter
0x14033d770 PdhCollectQueryData
0x14033d778 PdhOpenQueryA
ntdll.dll
0x14033d6c8 NtCancelIoFileEx
0x14033d6d0 RtlGetVersion
0x14033d6d8 NtReadFile
0x14033d6e0 RtlNtStatusToDosError
0x14033d6e8 NtDeviceIoControlFile
0x14033d6f0 NtCreateFile
0x14033d6f8 NtWriteFile
0x14033d700 NtQueryInformationProcess
0x14033d708 NtQuerySystemInformation
crypt.dll
0x14033d058 BCryptGenRandom
secur32.dll
0x14033d7b0 DeleteSecurityContext
0x14033d7b8 QueryContextAttributesW
0x14033d7c0 DecryptMessage
0x14033d7c8 FreeCredentialsHandle
0x14033d7d0 ApplyControlToken
0x14033d7d8 FreeContextBuffer
0x14033d7e0 AcceptSecurityContext
0x14033d7e8 AcquireCredentialsHandleA
0x14033d7f0 EncryptMessage
0x14033d7f8 InitializeSecurityContextW
psapi.dll
0x14033d798 GetModuleFileNameExW
0x14033d7a0 GetProcessMemoryInfo
shell32.dll
0x14033d808 CommandLineToArgvW
powrprof.dll
0x14033d788 CallNtPowerInformation
oleaut32.dll
0x14033d730 GetErrorInfo
0x14033d738 SysStringLen
0x14033d740 SysFreeString
EAT(Export Address Table) is none