ScreenShot
| Created | 2024.04.08 18:30 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 6f4532e49d65c2be0355b222f96e06e8 | ||
| sha256 | acaf8e844ef7f4f65033ebe9546c394cc21bce175dac8b59199106309f04e5ab | ||
| ssdeep | 98304:D8sOUckgBwr4UyuwShsa+XbcDVa2+N/qyRiXM71ZQkcn4CuJ9KWZVxBJNxg/F5MB:vYwr/xU3rDXWMc85j4eEsoCSCwG | ||
| imphash | 3ae5019c0ca1f8d34f2e86c2a0eed3b9 | ||
| impfuzzy | 192:5mShLrx+GW5W6ScwT9Si9pHJpcjSFW4Q8VhdUjgL6H6:bz+GuucK9SiHdlfdUjgL6a | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140ae9014 AdjustTokenPrivileges
0x140ae901c AllocateAndInitializeSid
0x140ae9024 CloseServiceHandle
0x140ae902c ControlService
0x140ae9034 CreateServiceW
0x140ae903c CryptAcquireContextW
0x140ae9044 CryptCreateHash
0x140ae904c CryptDecrypt
0x140ae9054 CryptDestroyHash
0x140ae905c CryptDestroyKey
0x140ae9064 CryptEnumProvidersW
0x140ae906c CryptExportKey
0x140ae9074 CryptGenRandom
0x140ae907c CryptGetProvParam
0x140ae9084 CryptGetUserKey
0x140ae908c CryptReleaseContext
0x140ae9094 CryptSetHashParam
0x140ae909c CryptSignHashW
0x140ae90a4 DeleteService
0x140ae90ac DeregisterEventSource
0x140ae90b4 FreeSid
0x140ae90bc GetSecurityInfo
0x140ae90c4 GetTokenInformation
0x140ae90cc GetUserNameW
0x140ae90d4 LookupPrivilegeValueW
0x140ae90dc LsaAddAccountRights
0x140ae90e4 LsaClose
0x140ae90ec LsaOpenPolicy
0x140ae90f4 OpenProcessToken
0x140ae90fc OpenSCManagerW
0x140ae9104 OpenServiceW
0x140ae910c QueryServiceConfigA
0x140ae9114 QueryServiceStatus
0x140ae911c RegCloseKey
0x140ae9124 RegGetValueW
0x140ae912c RegOpenKeyExW
0x140ae9134 RegQueryValueExW
0x140ae913c RegisterEventSourceW
0x140ae9144 ReportEventW
0x140ae914c SetEntriesInAclA
0x140ae9154 SetSecurityInfo
0x140ae915c StartServiceW
0x140ae9164 SystemFunction036
CRYPT32.dll
0x140ae9174 CertCloseStore
0x140ae917c CertDuplicateCertificateContext
0x140ae9184 CertEnumCertificatesInStore
0x140ae918c CertFindCertificateInStore
0x140ae9194 CertFreeCertificateContext
0x140ae919c CertGetCertificateContextProperty
0x140ae91a4 CertOpenStore
IPHLPAPI.DLL
0x140ae91b4 ConvertInterfaceIndexToLuid
0x140ae91bc ConvertInterfaceLuidToNameW
0x140ae91c4 GetAdaptersAddresses
KERNEL32.dll
0x140ae91d4 AcquireSRWLockExclusive
0x140ae91dc AcquireSRWLockShared
0x140ae91e4 AddVectoredExceptionHandler
0x140ae91ec AssignProcessToJobObject
0x140ae91f4 CancelIo
0x140ae91fc CancelIoEx
0x140ae9204 CancelSynchronousIo
0x140ae920c CloseHandle
0x140ae9214 ConnectNamedPipe
0x140ae921c ConvertFiberToThread
0x140ae9224 ConvertThreadToFiber
0x140ae922c CopyFileW
0x140ae9234 CreateDirectoryW
0x140ae923c CreateEventA
0x140ae9244 CreateFiber
0x140ae924c CreateFileA
0x140ae9254 CreateFileMappingA
0x140ae925c CreateFileW
0x140ae9264 CreateHardLinkW
0x140ae926c CreateIoCompletionPort
0x140ae9274 CreateJobObjectW
0x140ae927c CreateNamedPipeA
0x140ae9284 CreateNamedPipeW
0x140ae928c CreateProcessW
0x140ae9294 CreateSemaphoreA
0x140ae929c CreateSymbolicLinkW
0x140ae92a4 CreateToolhelp32Snapshot
0x140ae92ac DebugBreak
0x140ae92b4 DeleteCriticalSection
0x140ae92bc DeleteFiber
0x140ae92c4 DeviceIoControl
0x140ae92cc DuplicateHandle
0x140ae92d4 EnterCriticalSection
0x140ae92dc ExpandEnvironmentStringsA
0x140ae92e4 FileTimeToSystemTime
0x140ae92ec FillConsoleOutputAttribute
0x140ae92f4 FillConsoleOutputCharacterW
0x140ae92fc FindClose
0x140ae9304 FindFirstFileW
0x140ae930c FindNextFileW
0x140ae9314 FindResourceW
0x140ae931c FlushFileBuffers
0x140ae9324 FlushInstructionCache
0x140ae932c FlushViewOfFile
0x140ae9334 FormatMessageA
0x140ae933c FormatMessageW
0x140ae9344 FreeConsole
0x140ae934c FreeEnvironmentStringsW
0x140ae9354 FreeLibrary
0x140ae935c GetComputerNameA
0x140ae9364 GetConsoleCursorInfo
0x140ae936c GetConsoleMode
0x140ae9374 GetConsoleScreenBufferInfo
0x140ae937c GetConsoleTitleW
0x140ae9384 GetConsoleWindow
0x140ae938c GetCurrentDirectoryW
0x140ae9394 GetCurrentProcess
0x140ae939c GetCurrentProcessId
0x140ae93a4 GetCurrentThread
0x140ae93ac GetCurrentThreadId
0x140ae93b4 GetDiskFreeSpaceW
0x140ae93bc GetEnvironmentStringsW
0x140ae93c4 GetEnvironmentVariableW
0x140ae93cc GetExitCodeProcess
0x140ae93d4 GetFileAttributesA
0x140ae93dc GetFileAttributesW
0x140ae93e4 GetFileInformationByHandle
0x140ae93ec GetFileInformationByHandleEx
0x140ae93f4 GetFileSizeEx
0x140ae93fc GetFileType
0x140ae9404 GetFinalPathNameByHandleW
0x140ae940c GetFullPathNameW
0x140ae9414 GetHandleInformation
0x140ae941c GetLargePageMinimum
0x140ae9424 GetLastError
0x140ae942c GetLongPathNameW
0x140ae9434 GetModuleFileNameA
0x140ae943c GetModuleFileNameW
0x140ae9444 GetModuleHandleA
0x140ae944c GetModuleHandleExW
0x140ae9454 GetModuleHandleW
0x140ae945c GetNamedPipeHandleStateA
0x140ae9464 GetNativeSystemInfo
0x140ae946c GetNumberOfConsoleInputEvents
0x140ae9474 GetPriorityClass
0x140ae947c GetProcAddress
0x140ae9484 GetProcessAffinityMask
0x140ae948c GetProcessHeap
0x140ae9494 GetProcessIoCounters
0x140ae949c GetProcessTimes
0x140ae94a4 GetQueuedCompletionStatus
0x140ae94ac GetShortPathNameW
0x140ae94b4 GetStartupInfoA
0x140ae94bc GetStartupInfoW
0x140ae94c4 GetStdHandle
0x140ae94cc GetSystemFirmwareTable
0x140ae94d4 GetSystemInfo
0x140ae94dc GetSystemPowerStatus
0x140ae94e4 GetSystemTime
0x140ae94ec GetSystemTimeAdjustment
0x140ae94f4 GetSystemTimeAsFileTime
0x140ae94fc GetTempPathW
0x140ae9504 GetThreadContext
0x140ae950c GetThreadPriority
0x140ae9514 GetThreadTimes
0x140ae951c GetTickCount
0x140ae9524 GetTickCount64
0x140ae952c GetVersion
0x140ae9534 GetVersionExA
0x140ae953c GetVersionExW
0x140ae9544 GlobalMemoryStatusEx
0x140ae954c HeapAlloc
0x140ae9554 HeapFree
0x140ae955c InitializeConditionVariable
0x140ae9564 InitializeCriticalSection
0x140ae956c InitializeCriticalSectionAndSpinCount
0x140ae9574 InitializeSRWLock
0x140ae957c IsDBCSLeadByteEx
0x140ae9584 IsDebuggerPresent
0x140ae958c K32GetProcessMemoryInfo
0x140ae9594 LCMapStringW
0x140ae959c LeaveCriticalSection
0x140ae95a4 LoadLibraryA
0x140ae95ac LoadLibraryExA
0x140ae95b4 LoadLibraryExW
0x140ae95bc LoadLibraryW
0x140ae95c4 LoadResource
0x140ae95cc LocalAlloc
0x140ae95d4 LocalFree
0x140ae95dc LockResource
0x140ae95e4 MapViewOfFile
0x140ae95ec MoveFileExW
0x140ae95f4 MultiByteToWideChar
0x140ae95fc OpenProcess
0x140ae9604 OutputDebugStringA
0x140ae960c PeekNamedPipe
0x140ae9614 PostQueuedCompletionStatus
0x140ae961c Process32First
0x140ae9624 Process32Next
0x140ae962c QueryPerformanceCounter
0x140ae9634 QueryPerformanceFrequency
0x140ae963c QueueUserWorkItem
0x140ae9644 RaiseException
0x140ae964c ReOpenFile
0x140ae9654 ReadConsoleA
0x140ae965c ReadConsoleInputW
0x140ae9664 ReadConsoleW
0x140ae966c ReadDirectoryChangesW
0x140ae9674 ReadFile
0x140ae967c RegisterWaitForSingleObject
0x140ae9684 ReleaseSRWLockExclusive
0x140ae968c ReleaseSRWLockShared
0x140ae9694 ReleaseSemaphore
0x140ae969c RemoveDirectoryW
0x140ae96a4 RemoveVectoredExceptionHandler
0x140ae96ac ResetEvent
0x140ae96b4 ResumeThread
0x140ae96bc RtlCaptureContext
0x140ae96c4 RtlLookupFunctionEntry
0x140ae96cc RtlUnwindEx
0x140ae96d4 RtlVirtualUnwind
0x140ae96dc SetConsoleCtrlHandler
0x140ae96e4 SetConsoleCursorInfo
0x140ae96ec SetConsoleCursorPosition
0x140ae96f4 SetConsoleMode
0x140ae96fc SetConsoleTextAttribute
0x140ae9704 SetConsoleTitleA
0x140ae970c SetConsoleTitleW
0x140ae9714 SetCurrentDirectoryW
0x140ae971c SetEnvironmentVariableW
0x140ae9724 SetErrorMode
0x140ae972c SetEvent
0x140ae9734 SetFileCompletionNotificationModes
0x140ae973c SetFilePointerEx
0x140ae9744 SetFileTime
0x140ae974c SetHandleInformation
0x140ae9754 SetInformationJobObject
0x140ae975c SetLastError
0x140ae9764 SetNamedPipeHandleState
0x140ae976c SetPriorityClass
0x140ae9774 SetProcessAffinityMask
0x140ae977c SetSystemTime
0x140ae9784 SetThreadAffinityMask
0x140ae978c SetThreadContext
0x140ae9794 SetThreadPriority
0x140ae979c SetUnhandledExceptionFilter
0x140ae97a4 SizeofResource
0x140ae97ac Sleep
0x140ae97b4 SleepConditionVariableCS
0x140ae97bc SuspendThread
0x140ae97c4 SwitchToFiber
0x140ae97cc SwitchToThread
0x140ae97d4 SystemTimeToFileTime
0x140ae97dc TerminateProcess
0x140ae97e4 TlsAlloc
0x140ae97ec TlsFree
0x140ae97f4 TlsGetValue
0x140ae97fc TlsSetValue
0x140ae9804 TryAcquireSRWLockExclusive
0x140ae980c TryAcquireSRWLockShared
0x140ae9814 TryEnterCriticalSection
0x140ae981c UnmapViewOfFile
0x140ae9824 UnregisterWait
0x140ae982c UnregisterWaitEx
0x140ae9834 VerSetConditionMask
0x140ae983c VerifyVersionInfoA
0x140ae9844 VirtualAlloc
0x140ae984c VirtualFree
0x140ae9854 VirtualProtect
0x140ae985c VirtualQuery
0x140ae9864 WaitForMultipleObjects
0x140ae986c WaitForSingleObject
0x140ae9874 WaitNamedPipeW
0x140ae987c WakeAllConditionVariable
0x140ae9884 WakeConditionVariable
0x140ae988c WideCharToMultiByte
0x140ae9894 WriteConsoleInputW
0x140ae989c WriteConsoleW
0x140ae98a4 WriteFile
0x140ae98ac __C_specific_handler
msvcrt.dll
0x140ae98bc ___lc_codepage_func
0x140ae98c4 ___mb_cur_max_func
0x140ae98cc __argv
0x140ae98d4 __doserrno
0x140ae98dc __getmainargs
0x140ae98e4 __initenv
0x140ae98ec __iob_func
0x140ae98f4 __set_app_type
0x140ae98fc __setusermatherr
0x140ae9904 _acmdln
0x140ae990c _amsg_exit
0x140ae9914 _assert
0x140ae991c _beginthreadex
0x140ae9924 _cexit
0x140ae992c _close
0x140ae9934 _close
0x140ae993c _commode
0x140ae9944 _endthreadex
0x140ae994c _errno
0x140ae9954 _exit
0x140ae995c _fdopen
0x140ae9964 _filelengthi64
0x140ae996c _fileno
0x140ae9974 _findclose
0x140ae997c _fileno
0x140ae9984 _findfirst64
0x140ae998c _findnext64
0x140ae9994 _fmode
0x140ae999c _fstat64
0x140ae99a4 _fullpath
0x140ae99ac _get_osfhandle
0x140ae99b4 _gmtime64
0x140ae99bc _initterm
0x140ae99c4 _isatty
0x140ae99cc _localtime64
0x140ae99d4 _lock
0x140ae99dc _lseeki64
0x140ae99e4 _mkdir
0x140ae99ec _onexit
0x140ae99f4 _open
0x140ae99fc _open_osfhandle
0x140ae9a04 _read
0x140ae9a0c _read
0x140ae9a14 _setjmp
0x140ae9a1c _setmode
0x140ae9a24 _snwprintf
0x140ae9a2c _stat64
0x140ae9a34 _stricmp
0x140ae9a3c _strdup
0x140ae9a44 _strdup
0x140ae9a4c _strnicmp
0x140ae9a54 _time64
0x140ae9a5c _ultoa
0x140ae9a64 _unlock
0x140ae9a6c _umask
0x140ae9a74 _vscprintf
0x140ae9a7c _vsnprintf
0x140ae9a84 _vsnwprintf
0x140ae9a8c _wchmod
0x140ae9a94 _wcsdup
0x140ae9a9c _wcsnicmp
0x140ae9aa4 _wcsrev
0x140ae9aac _wfopen
0x140ae9ab4 _wopen
0x140ae9abc _write
0x140ae9ac4 _wrmdir
0x140ae9acc abort
0x140ae9ad4 atof
0x140ae9adc atoi
0x140ae9ae4 calloc
0x140ae9aec exit
0x140ae9af4 fclose
0x140ae9afc feof
0x140ae9b04 ferror
0x140ae9b0c fflush
0x140ae9b14 fgetpos
0x140ae9b1c fgets
0x140ae9b24 fopen
0x140ae9b2c fprintf
0x140ae9b34 fputc
0x140ae9b3c fputs
0x140ae9b44 fread
0x140ae9b4c free
0x140ae9b54 fseek
0x140ae9b5c fsetpos
0x140ae9b64 ftell
0x140ae9b6c fwrite
0x140ae9b74 getc
0x140ae9b7c getenv
0x140ae9b84 getwc
0x140ae9b8c islower
0x140ae9b94 isspace
0x140ae9b9c isupper
0x140ae9ba4 iswctype
0x140ae9bac isxdigit
0x140ae9bb4 _write
0x140ae9bbc localeconv
0x140ae9bc4 longjmp
0x140ae9bcc malloc
0x140ae9bd4 memchr
0x140ae9bdc memcmp
0x140ae9be4 memcpy
0x140ae9bec memmove
0x140ae9bf4 memset
0x140ae9bfc printf
0x140ae9c04 putc
0x140ae9c0c putwc
0x140ae9c14 qsort
0x140ae9c1c raise
0x140ae9c24 realloc
0x140ae9c2c rand
0x140ae9c34 setlocale
0x140ae9c3c setvbuf
0x140ae9c44 signal
0x140ae9c4c srand
0x140ae9c54 strcat
0x140ae9c5c strchr
0x140ae9c64 strcmp
0x140ae9c6c strcoll
0x140ae9c74 strcpy
0x140ae9c7c strcspn
0x140ae9c84 strerror
0x140ae9c8c strftime
0x140ae9c94 strlen
0x140ae9c9c strncmp
0x140ae9ca4 strncpy
0x140ae9cac strrchr
0x140ae9cb4 strspn
0x140ae9cbc strstr
0x140ae9cc4 strtol
0x140ae9ccc strtoul
0x140ae9cd4 strxfrm
0x140ae9cdc tolower
0x140ae9ce4 toupper
0x140ae9cec towlower
0x140ae9cf4 towupper
0x140ae9cfc ungetc
0x140ae9d04 vfprintf
0x140ae9d0c ungetwc
0x140ae9d14 wcschr
0x140ae9d1c wcscmp
0x140ae9d24 wcscoll
0x140ae9d2c wcscpy
0x140ae9d34 wcsftime
0x140ae9d3c wcslen
0x140ae9d44 wcsncmp
0x140ae9d4c wcsncpy
0x140ae9d54 wcspbrk
0x140ae9d5c wcsrchr
0x140ae9d64 wcsstr
0x140ae9d6c wcstombs
0x140ae9d74 wcsxfrm
ole32.dll
0x140ae9d84 CoCreateInstance
0x140ae9d8c CoInitializeEx
0x140ae9d94 CoUninitialize
SHELL32.dll
0x140ae9da4 SHGetSpecialFolderPathA
USER32.dll
0x140ae9db4 DispatchMessageA
0x140ae9dbc GetLastInputInfo
0x140ae9dc4 GetMessageA
0x140ae9dcc GetProcessWindowStation
0x140ae9dd4 GetSystemMetrics
0x140ae9ddc GetUserObjectInformationW
0x140ae9de4 MapVirtualKeyW
0x140ae9dec MessageBoxW
0x140ae9df4 ShowWindow
0x140ae9dfc TranslateMessage
USERENV.dll
0x140ae9e0c GetUserProfileDirectoryW
WS2_32.dll
0x140ae9e1c FreeAddrInfoW
0x140ae9e24 GetAddrInfoW
0x140ae9e2c WSACleanup
0x140ae9e34 WSADuplicateSocketW
0x140ae9e3c WSAGetLastError
0x140ae9e44 WSAGetOverlappedResult
0x140ae9e4c WSAIoctl
0x140ae9e54 WSARecv
0x140ae9e5c WSARecvFrom
0x140ae9e64 WSASend
0x140ae9e6c WSASendTo
0x140ae9e74 WSASetLastError
0x140ae9e7c WSASocketW
0x140ae9e84 WSAStartup
0x140ae9e8c accept
0x140ae9e94 ind
0x140ae9e9c closesocket
0x140ae9ea4 connect
0x140ae9eac freeaddrinfo
0x140ae9eb4 getaddrinfo
0x140ae9ebc gethostbyname
0x140ae9ec4 gethostname
0x140ae9ecc getnameinfo
0x140ae9ed4 getpeername
0x140ae9edc getsockname
0x140ae9ee4 getsockopt
0x140ae9eec htonl
0x140ae9ef4 htons
0x140ae9efc ioctlsocket
0x140ae9f04 listen
0x140ae9f0c ntohs
0x140ae9f14 recv
0x140ae9f1c select
0x140ae9f24 send
0x140ae9f2c setsockopt
0x140ae9f34 shutdown
0x140ae9f3c socket
EAT(Export Address Table) is none
ADVAPI32.dll
0x140ae9014 AdjustTokenPrivileges
0x140ae901c AllocateAndInitializeSid
0x140ae9024 CloseServiceHandle
0x140ae902c ControlService
0x140ae9034 CreateServiceW
0x140ae903c CryptAcquireContextW
0x140ae9044 CryptCreateHash
0x140ae904c CryptDecrypt
0x140ae9054 CryptDestroyHash
0x140ae905c CryptDestroyKey
0x140ae9064 CryptEnumProvidersW
0x140ae906c CryptExportKey
0x140ae9074 CryptGenRandom
0x140ae907c CryptGetProvParam
0x140ae9084 CryptGetUserKey
0x140ae908c CryptReleaseContext
0x140ae9094 CryptSetHashParam
0x140ae909c CryptSignHashW
0x140ae90a4 DeleteService
0x140ae90ac DeregisterEventSource
0x140ae90b4 FreeSid
0x140ae90bc GetSecurityInfo
0x140ae90c4 GetTokenInformation
0x140ae90cc GetUserNameW
0x140ae90d4 LookupPrivilegeValueW
0x140ae90dc LsaAddAccountRights
0x140ae90e4 LsaClose
0x140ae90ec LsaOpenPolicy
0x140ae90f4 OpenProcessToken
0x140ae90fc OpenSCManagerW
0x140ae9104 OpenServiceW
0x140ae910c QueryServiceConfigA
0x140ae9114 QueryServiceStatus
0x140ae911c RegCloseKey
0x140ae9124 RegGetValueW
0x140ae912c RegOpenKeyExW
0x140ae9134 RegQueryValueExW
0x140ae913c RegisterEventSourceW
0x140ae9144 ReportEventW
0x140ae914c SetEntriesInAclA
0x140ae9154 SetSecurityInfo
0x140ae915c StartServiceW
0x140ae9164 SystemFunction036
CRYPT32.dll
0x140ae9174 CertCloseStore
0x140ae917c CertDuplicateCertificateContext
0x140ae9184 CertEnumCertificatesInStore
0x140ae918c CertFindCertificateInStore
0x140ae9194 CertFreeCertificateContext
0x140ae919c CertGetCertificateContextProperty
0x140ae91a4 CertOpenStore
IPHLPAPI.DLL
0x140ae91b4 ConvertInterfaceIndexToLuid
0x140ae91bc ConvertInterfaceLuidToNameW
0x140ae91c4 GetAdaptersAddresses
KERNEL32.dll
0x140ae91d4 AcquireSRWLockExclusive
0x140ae91dc AcquireSRWLockShared
0x140ae91e4 AddVectoredExceptionHandler
0x140ae91ec AssignProcessToJobObject
0x140ae91f4 CancelIo
0x140ae91fc CancelIoEx
0x140ae9204 CancelSynchronousIo
0x140ae920c CloseHandle
0x140ae9214 ConnectNamedPipe
0x140ae921c ConvertFiberToThread
0x140ae9224 ConvertThreadToFiber
0x140ae922c CopyFileW
0x140ae9234 CreateDirectoryW
0x140ae923c CreateEventA
0x140ae9244 CreateFiber
0x140ae924c CreateFileA
0x140ae9254 CreateFileMappingA
0x140ae925c CreateFileW
0x140ae9264 CreateHardLinkW
0x140ae926c CreateIoCompletionPort
0x140ae9274 CreateJobObjectW
0x140ae927c CreateNamedPipeA
0x140ae9284 CreateNamedPipeW
0x140ae928c CreateProcessW
0x140ae9294 CreateSemaphoreA
0x140ae929c CreateSymbolicLinkW
0x140ae92a4 CreateToolhelp32Snapshot
0x140ae92ac DebugBreak
0x140ae92b4 DeleteCriticalSection
0x140ae92bc DeleteFiber
0x140ae92c4 DeviceIoControl
0x140ae92cc DuplicateHandle
0x140ae92d4 EnterCriticalSection
0x140ae92dc ExpandEnvironmentStringsA
0x140ae92e4 FileTimeToSystemTime
0x140ae92ec FillConsoleOutputAttribute
0x140ae92f4 FillConsoleOutputCharacterW
0x140ae92fc FindClose
0x140ae9304 FindFirstFileW
0x140ae930c FindNextFileW
0x140ae9314 FindResourceW
0x140ae931c FlushFileBuffers
0x140ae9324 FlushInstructionCache
0x140ae932c FlushViewOfFile
0x140ae9334 FormatMessageA
0x140ae933c FormatMessageW
0x140ae9344 FreeConsole
0x140ae934c FreeEnvironmentStringsW
0x140ae9354 FreeLibrary
0x140ae935c GetComputerNameA
0x140ae9364 GetConsoleCursorInfo
0x140ae936c GetConsoleMode
0x140ae9374 GetConsoleScreenBufferInfo
0x140ae937c GetConsoleTitleW
0x140ae9384 GetConsoleWindow
0x140ae938c GetCurrentDirectoryW
0x140ae9394 GetCurrentProcess
0x140ae939c GetCurrentProcessId
0x140ae93a4 GetCurrentThread
0x140ae93ac GetCurrentThreadId
0x140ae93b4 GetDiskFreeSpaceW
0x140ae93bc GetEnvironmentStringsW
0x140ae93c4 GetEnvironmentVariableW
0x140ae93cc GetExitCodeProcess
0x140ae93d4 GetFileAttributesA
0x140ae93dc GetFileAttributesW
0x140ae93e4 GetFileInformationByHandle
0x140ae93ec GetFileInformationByHandleEx
0x140ae93f4 GetFileSizeEx
0x140ae93fc GetFileType
0x140ae9404 GetFinalPathNameByHandleW
0x140ae940c GetFullPathNameW
0x140ae9414 GetHandleInformation
0x140ae941c GetLargePageMinimum
0x140ae9424 GetLastError
0x140ae942c GetLongPathNameW
0x140ae9434 GetModuleFileNameA
0x140ae943c GetModuleFileNameW
0x140ae9444 GetModuleHandleA
0x140ae944c GetModuleHandleExW
0x140ae9454 GetModuleHandleW
0x140ae945c GetNamedPipeHandleStateA
0x140ae9464 GetNativeSystemInfo
0x140ae946c GetNumberOfConsoleInputEvents
0x140ae9474 GetPriorityClass
0x140ae947c GetProcAddress
0x140ae9484 GetProcessAffinityMask
0x140ae948c GetProcessHeap
0x140ae9494 GetProcessIoCounters
0x140ae949c GetProcessTimes
0x140ae94a4 GetQueuedCompletionStatus
0x140ae94ac GetShortPathNameW
0x140ae94b4 GetStartupInfoA
0x140ae94bc GetStartupInfoW
0x140ae94c4 GetStdHandle
0x140ae94cc GetSystemFirmwareTable
0x140ae94d4 GetSystemInfo
0x140ae94dc GetSystemPowerStatus
0x140ae94e4 GetSystemTime
0x140ae94ec GetSystemTimeAdjustment
0x140ae94f4 GetSystemTimeAsFileTime
0x140ae94fc GetTempPathW
0x140ae9504 GetThreadContext
0x140ae950c GetThreadPriority
0x140ae9514 GetThreadTimes
0x140ae951c GetTickCount
0x140ae9524 GetTickCount64
0x140ae952c GetVersion
0x140ae9534 GetVersionExA
0x140ae953c GetVersionExW
0x140ae9544 GlobalMemoryStatusEx
0x140ae954c HeapAlloc
0x140ae9554 HeapFree
0x140ae955c InitializeConditionVariable
0x140ae9564 InitializeCriticalSection
0x140ae956c InitializeCriticalSectionAndSpinCount
0x140ae9574 InitializeSRWLock
0x140ae957c IsDBCSLeadByteEx
0x140ae9584 IsDebuggerPresent
0x140ae958c K32GetProcessMemoryInfo
0x140ae9594 LCMapStringW
0x140ae959c LeaveCriticalSection
0x140ae95a4 LoadLibraryA
0x140ae95ac LoadLibraryExA
0x140ae95b4 LoadLibraryExW
0x140ae95bc LoadLibraryW
0x140ae95c4 LoadResource
0x140ae95cc LocalAlloc
0x140ae95d4 LocalFree
0x140ae95dc LockResource
0x140ae95e4 MapViewOfFile
0x140ae95ec MoveFileExW
0x140ae95f4 MultiByteToWideChar
0x140ae95fc OpenProcess
0x140ae9604 OutputDebugStringA
0x140ae960c PeekNamedPipe
0x140ae9614 PostQueuedCompletionStatus
0x140ae961c Process32First
0x140ae9624 Process32Next
0x140ae962c QueryPerformanceCounter
0x140ae9634 QueryPerformanceFrequency
0x140ae963c QueueUserWorkItem
0x140ae9644 RaiseException
0x140ae964c ReOpenFile
0x140ae9654 ReadConsoleA
0x140ae965c ReadConsoleInputW
0x140ae9664 ReadConsoleW
0x140ae966c ReadDirectoryChangesW
0x140ae9674 ReadFile
0x140ae967c RegisterWaitForSingleObject
0x140ae9684 ReleaseSRWLockExclusive
0x140ae968c ReleaseSRWLockShared
0x140ae9694 ReleaseSemaphore
0x140ae969c RemoveDirectoryW
0x140ae96a4 RemoveVectoredExceptionHandler
0x140ae96ac ResetEvent
0x140ae96b4 ResumeThread
0x140ae96bc RtlCaptureContext
0x140ae96c4 RtlLookupFunctionEntry
0x140ae96cc RtlUnwindEx
0x140ae96d4 RtlVirtualUnwind
0x140ae96dc SetConsoleCtrlHandler
0x140ae96e4 SetConsoleCursorInfo
0x140ae96ec SetConsoleCursorPosition
0x140ae96f4 SetConsoleMode
0x140ae96fc SetConsoleTextAttribute
0x140ae9704 SetConsoleTitleA
0x140ae970c SetConsoleTitleW
0x140ae9714 SetCurrentDirectoryW
0x140ae971c SetEnvironmentVariableW
0x140ae9724 SetErrorMode
0x140ae972c SetEvent
0x140ae9734 SetFileCompletionNotificationModes
0x140ae973c SetFilePointerEx
0x140ae9744 SetFileTime
0x140ae974c SetHandleInformation
0x140ae9754 SetInformationJobObject
0x140ae975c SetLastError
0x140ae9764 SetNamedPipeHandleState
0x140ae976c SetPriorityClass
0x140ae9774 SetProcessAffinityMask
0x140ae977c SetSystemTime
0x140ae9784 SetThreadAffinityMask
0x140ae978c SetThreadContext
0x140ae9794 SetThreadPriority
0x140ae979c SetUnhandledExceptionFilter
0x140ae97a4 SizeofResource
0x140ae97ac Sleep
0x140ae97b4 SleepConditionVariableCS
0x140ae97bc SuspendThread
0x140ae97c4 SwitchToFiber
0x140ae97cc SwitchToThread
0x140ae97d4 SystemTimeToFileTime
0x140ae97dc TerminateProcess
0x140ae97e4 TlsAlloc
0x140ae97ec TlsFree
0x140ae97f4 TlsGetValue
0x140ae97fc TlsSetValue
0x140ae9804 TryAcquireSRWLockExclusive
0x140ae980c TryAcquireSRWLockShared
0x140ae9814 TryEnterCriticalSection
0x140ae981c UnmapViewOfFile
0x140ae9824 UnregisterWait
0x140ae982c UnregisterWaitEx
0x140ae9834 VerSetConditionMask
0x140ae983c VerifyVersionInfoA
0x140ae9844 VirtualAlloc
0x140ae984c VirtualFree
0x140ae9854 VirtualProtect
0x140ae985c VirtualQuery
0x140ae9864 WaitForMultipleObjects
0x140ae986c WaitForSingleObject
0x140ae9874 WaitNamedPipeW
0x140ae987c WakeAllConditionVariable
0x140ae9884 WakeConditionVariable
0x140ae988c WideCharToMultiByte
0x140ae9894 WriteConsoleInputW
0x140ae989c WriteConsoleW
0x140ae98a4 WriteFile
0x140ae98ac __C_specific_handler
msvcrt.dll
0x140ae98bc ___lc_codepage_func
0x140ae98c4 ___mb_cur_max_func
0x140ae98cc __argv
0x140ae98d4 __doserrno
0x140ae98dc __getmainargs
0x140ae98e4 __initenv
0x140ae98ec __iob_func
0x140ae98f4 __set_app_type
0x140ae98fc __setusermatherr
0x140ae9904 _acmdln
0x140ae990c _amsg_exit
0x140ae9914 _assert
0x140ae991c _beginthreadex
0x140ae9924 _cexit
0x140ae992c _close
0x140ae9934 _close
0x140ae993c _commode
0x140ae9944 _endthreadex
0x140ae994c _errno
0x140ae9954 _exit
0x140ae995c _fdopen
0x140ae9964 _filelengthi64
0x140ae996c _fileno
0x140ae9974 _findclose
0x140ae997c _fileno
0x140ae9984 _findfirst64
0x140ae998c _findnext64
0x140ae9994 _fmode
0x140ae999c _fstat64
0x140ae99a4 _fullpath
0x140ae99ac _get_osfhandle
0x140ae99b4 _gmtime64
0x140ae99bc _initterm
0x140ae99c4 _isatty
0x140ae99cc _localtime64
0x140ae99d4 _lock
0x140ae99dc _lseeki64
0x140ae99e4 _mkdir
0x140ae99ec _onexit
0x140ae99f4 _open
0x140ae99fc _open_osfhandle
0x140ae9a04 _read
0x140ae9a0c _read
0x140ae9a14 _setjmp
0x140ae9a1c _setmode
0x140ae9a24 _snwprintf
0x140ae9a2c _stat64
0x140ae9a34 _stricmp
0x140ae9a3c _strdup
0x140ae9a44 _strdup
0x140ae9a4c _strnicmp
0x140ae9a54 _time64
0x140ae9a5c _ultoa
0x140ae9a64 _unlock
0x140ae9a6c _umask
0x140ae9a74 _vscprintf
0x140ae9a7c _vsnprintf
0x140ae9a84 _vsnwprintf
0x140ae9a8c _wchmod
0x140ae9a94 _wcsdup
0x140ae9a9c _wcsnicmp
0x140ae9aa4 _wcsrev
0x140ae9aac _wfopen
0x140ae9ab4 _wopen
0x140ae9abc _write
0x140ae9ac4 _wrmdir
0x140ae9acc abort
0x140ae9ad4 atof
0x140ae9adc atoi
0x140ae9ae4 calloc
0x140ae9aec exit
0x140ae9af4 fclose
0x140ae9afc feof
0x140ae9b04 ferror
0x140ae9b0c fflush
0x140ae9b14 fgetpos
0x140ae9b1c fgets
0x140ae9b24 fopen
0x140ae9b2c fprintf
0x140ae9b34 fputc
0x140ae9b3c fputs
0x140ae9b44 fread
0x140ae9b4c free
0x140ae9b54 fseek
0x140ae9b5c fsetpos
0x140ae9b64 ftell
0x140ae9b6c fwrite
0x140ae9b74 getc
0x140ae9b7c getenv
0x140ae9b84 getwc
0x140ae9b8c islower
0x140ae9b94 isspace
0x140ae9b9c isupper
0x140ae9ba4 iswctype
0x140ae9bac isxdigit
0x140ae9bb4 _write
0x140ae9bbc localeconv
0x140ae9bc4 longjmp
0x140ae9bcc malloc
0x140ae9bd4 memchr
0x140ae9bdc memcmp
0x140ae9be4 memcpy
0x140ae9bec memmove
0x140ae9bf4 memset
0x140ae9bfc printf
0x140ae9c04 putc
0x140ae9c0c putwc
0x140ae9c14 qsort
0x140ae9c1c raise
0x140ae9c24 realloc
0x140ae9c2c rand
0x140ae9c34 setlocale
0x140ae9c3c setvbuf
0x140ae9c44 signal
0x140ae9c4c srand
0x140ae9c54 strcat
0x140ae9c5c strchr
0x140ae9c64 strcmp
0x140ae9c6c strcoll
0x140ae9c74 strcpy
0x140ae9c7c strcspn
0x140ae9c84 strerror
0x140ae9c8c strftime
0x140ae9c94 strlen
0x140ae9c9c strncmp
0x140ae9ca4 strncpy
0x140ae9cac strrchr
0x140ae9cb4 strspn
0x140ae9cbc strstr
0x140ae9cc4 strtol
0x140ae9ccc strtoul
0x140ae9cd4 strxfrm
0x140ae9cdc tolower
0x140ae9ce4 toupper
0x140ae9cec towlower
0x140ae9cf4 towupper
0x140ae9cfc ungetc
0x140ae9d04 vfprintf
0x140ae9d0c ungetwc
0x140ae9d14 wcschr
0x140ae9d1c wcscmp
0x140ae9d24 wcscoll
0x140ae9d2c wcscpy
0x140ae9d34 wcsftime
0x140ae9d3c wcslen
0x140ae9d44 wcsncmp
0x140ae9d4c wcsncpy
0x140ae9d54 wcspbrk
0x140ae9d5c wcsrchr
0x140ae9d64 wcsstr
0x140ae9d6c wcstombs
0x140ae9d74 wcsxfrm
ole32.dll
0x140ae9d84 CoCreateInstance
0x140ae9d8c CoInitializeEx
0x140ae9d94 CoUninitialize
SHELL32.dll
0x140ae9da4 SHGetSpecialFolderPathA
USER32.dll
0x140ae9db4 DispatchMessageA
0x140ae9dbc GetLastInputInfo
0x140ae9dc4 GetMessageA
0x140ae9dcc GetProcessWindowStation
0x140ae9dd4 GetSystemMetrics
0x140ae9ddc GetUserObjectInformationW
0x140ae9de4 MapVirtualKeyW
0x140ae9dec MessageBoxW
0x140ae9df4 ShowWindow
0x140ae9dfc TranslateMessage
USERENV.dll
0x140ae9e0c GetUserProfileDirectoryW
WS2_32.dll
0x140ae9e1c FreeAddrInfoW
0x140ae9e24 GetAddrInfoW
0x140ae9e2c WSACleanup
0x140ae9e34 WSADuplicateSocketW
0x140ae9e3c WSAGetLastError
0x140ae9e44 WSAGetOverlappedResult
0x140ae9e4c WSAIoctl
0x140ae9e54 WSARecv
0x140ae9e5c WSARecvFrom
0x140ae9e64 WSASend
0x140ae9e6c WSASendTo
0x140ae9e74 WSASetLastError
0x140ae9e7c WSASocketW
0x140ae9e84 WSAStartup
0x140ae9e8c accept
0x140ae9e94 ind
0x140ae9e9c closesocket
0x140ae9ea4 connect
0x140ae9eac freeaddrinfo
0x140ae9eb4 getaddrinfo
0x140ae9ebc gethostbyname
0x140ae9ec4 gethostname
0x140ae9ecc getnameinfo
0x140ae9ed4 getpeername
0x140ae9edc getsockname
0x140ae9ee4 getsockopt
0x140ae9eec htonl
0x140ae9ef4 htons
0x140ae9efc ioctlsocket
0x140ae9f04 listen
0x140ae9f0c ntohs
0x140ae9f14 recv
0x140ae9f1c select
0x140ae9f24 send
0x140ae9f2c setsockopt
0x140ae9f34 shutdown
0x140ae9f3c socket
EAT(Export Address Table) is none