ScreenShot
| Created | 2024.05.19 10:51 | Machine | s1_win7_x6401 |
| Filename | xmrig-notls.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (DeepScan, malicious, high confidence, score, CoinMiner, unsafe, Save, Attribute, HighConfidence, Artemis, CoinminerX, RiskTool, BitMiner, HackTool, XMRMiner, CLASSIC, PotentialRisk, Tool, XMRig Miner, comv, Bitcoinminer, Detected, ai score=100, GrayWare, XMRig, IRCbot, Eldorado, Miner3, Neshta, FileInfector, R002H0CLF23, Gencirc, Static AI, Malicious PE, susgen, Miner) | ||
| md5 | b03bd8c9b9965ed83232260719faedbf | ||
| sha256 | 6838c752804b1927a2718bc6156348e7afc8af96bb662fd5cb2eb6a2f3d26481 | ||
| ssdeep | 98304:JR/a0YRm8R3UIWP39tyILIjYVrOPvhRCBc1redIhiIu/6xQaSY9:HYRQCvhIBc8IhifSxSY9 | ||
| imphash | 14c1585cec9f2f1bd8a61c93c95651de | ||
| impfuzzy | 96:GehI5PoLULX1oj3cpejwgfTdkI63r8Dejy363VzXGGBgiM38yWXqooirbnshXJg:m5tFWbwodkIIS6FzBXE/Wvrb2XW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x1403968b8 recv
0x1403968c0 ntohs
0x1403968c8 htons
0x1403968d0 send
0x1403968d8 WSASetLastError
0x1403968e0 WSAGetLastError
0x1403968e8 select
0x1403968f0 WSARecvFrom
0x1403968f8 WSASocketW
0x140396900 WSASend
0x140396908 WSARecv
0x140396910 WSAIoctl
0x140396918 gethostname
0x140396920 WSADuplicateSocketW
0x140396928 shutdown
0x140396930 getpeername
0x140396938 FreeAddrInfoW
0x140396940 GetAddrInfoW
0x140396948 htonl
0x140396950 socket
0x140396958 setsockopt
0x140396960 listen
0x140396968 closesocket
0x140396970 ind
0x140396978 WSACleanup
0x140396980 WSAStartup
0x140396988 getsockopt
0x140396990 getsockname
0x140396998 ioctlsocket
IPHLPAPI.DLL
0x140396150 GetAdaptersAddresses
USERENV.dll
0x1403968a8 GetUserProfileDirectoryW
CRYPT32.dll
0x140396110 CertOpenStore
0x140396118 CertCloseStore
0x140396120 CertEnumCertificatesInStore
0x140396128 CertGetCertificateContextProperty
0x140396130 CertDuplicateCertificateContext
0x140396138 CertFreeCertificateContext
0x140396140 CertFindCertificateInStore
KERNEL32.dll
0x140396160 SetConsoleMode
0x140396168 GetConsoleMode
0x140396170 QueryPerformanceFrequency
0x140396178 QueryPerformanceCounter
0x140396180 SizeofResource
0x140396188 LockResource
0x140396190 LoadResource
0x140396198 FindResourceW
0x1403961a0 ExpandEnvironmentStringsA
0x1403961a8 GetConsoleWindow
0x1403961b0 GetSystemFirmwareTable
0x1403961b8 HeapFree
0x1403961c0 HeapAlloc
0x1403961c8 GetProcessHeap
0x1403961d0 MultiByteToWideChar
0x1403961d8 SetPriorityClass
0x1403961e0 GetCurrentProcess
0x1403961e8 SetThreadPriority
0x1403961f0 GetSystemPowerStatus
0x1403961f8 GetCurrentThread
0x140396200 GetProcAddress
0x140396208 GetModuleHandleW
0x140396210 GetTickCount
0x140396218 CloseHandle
0x140396220 FreeConsole
0x140396228 VirtualProtect
0x140396230 VirtualFree
0x140396238 VirtualAlloc
0x140396240 GetLargePageMinimum
0x140396248 LocalAlloc
0x140396250 GetLastError
0x140396258 LocalFree
0x140396260 FlushInstructionCache
0x140396268 GetCurrentThreadId
0x140396270 AddVectoredExceptionHandler
0x140396278 DeviceIoControl
0x140396280 GetModuleFileNameW
0x140396288 CreateFileW
0x140396290 SetLastError
0x140396298 GetSystemTime
0x1403962a0 SystemTimeToFileTime
0x1403962a8 GetModuleHandleExW
0x1403962b0 EnterCriticalSection
0x1403962b8 LeaveCriticalSection
0x1403962c0 InitializeCriticalSectionAndSpinCount
0x1403962c8 DeleteCriticalSection
0x1403962d0 TlsAlloc
0x1403962d8 TlsGetValue
0x1403962e0 TlsSetValue
0x1403962e8 TlsFree
0x1403962f0 SwitchToFiber
0x1403962f8 DeleteFiber
0x140396300 CreateFiber
0x140396308 FindClose
0x140396310 FindFirstFileW
0x140396318 FindNextFileW
0x140396320 WideCharToMultiByte
0x140396328 GetFileType
0x140396330 WriteFile
0x140396338 ConvertFiberToThread
0x140396340 ConvertThreadToFiber
0x140396348 GetCurrentProcessId
0x140396350 GetSystemTimeAsFileTime
0x140396358 FreeLibrary
0x140396360 LoadLibraryA
0x140396368 LoadLibraryW
0x140396370 GetEnvironmentVariableW
0x140396378 ReadConsoleA
0x140396380 ReadConsoleW
0x140396388 PostQueuedCompletionStatus
0x140396390 CreateFileA
0x140396398 DuplicateHandle
0x1403963a0 SetEvent
0x1403963a8 ResetEvent
0x1403963b0 WaitForSingleObject
0x1403963b8 CreateEventA
0x1403963c0 Sleep
0x1403963c8 QueueUserWorkItem
0x1403963d0 RegisterWaitForSingleObject
0x1403963d8 UnregisterWait
0x1403963e0 GetNumberOfConsoleInputEvents
0x1403963e8 ReadConsoleInputW
0x1403963f0 FillConsoleOutputCharacterW
0x1403963f8 FillConsoleOutputAttribute
0x140396400 GetConsoleCursorInfo
0x140396408 SetConsoleCursorInfo
0x140396410 GetConsoleScreenBufferInfo
0x140396418 SetConsoleCursorPosition
0x140396420 SetConsoleTextAttribute
0x140396428 WriteConsoleInputW
0x140396430 CreateDirectoryW
0x140396438 FlushFileBuffers
0x140396440 GetDiskFreeSpaceW
0x140396448 GetFileAttributesW
0x140396450 SetUnhandledExceptionFilter
0x140396458 GetFileSizeEx
0x140396460 SetConsoleTitleA
0x140396468 GetFullPathNameW
0x140396470 ReadFile
0x140396478 RemoveDirectoryW
0x140396480 SetFilePointerEx
0x140396488 SetFileTime
0x140396490 GetSystemInfo
0x140396498 MapViewOfFile
0x1403964a0 FlushViewOfFile
0x1403964a8 UnmapViewOfFile
0x1403964b0 CreateFileMappingA
0x1403964b8 ReOpenFile
0x1403964c0 CopyFileW
0x1403964c8 MoveFileExW
0x1403964d0 CreateHardLinkW
0x1403964d8 GetFileInformationByHandleEx
0x1403964e0 CreateSymbolicLinkW
0x1403964e8 InitializeCriticalSection
0x1403964f0 SetConsoleCtrlHandler
0x1403964f8 GetCurrentDirectoryW
0x140396500 GetLongPathNameW
0x140396508 GetShortPathNameW
0x140396510 CreateIoCompletionPort
0x140396518 ReadDirectoryChangesW
0x140396520 VerSetConditionMask
0x140396528 GetEnvironmentStringsW
0x140396530 FreeEnvironmentStringsW
0x140396538 SetEnvironmentVariableW
0x140396540 SetCurrentDirectoryW
0x140396548 GetTempPathW
0x140396550 GlobalMemoryStatusEx
0x140396558 VerifyVersionInfoA
0x140396560 FileTimeToSystemTime
0x140396568 RtlUnwind
0x140396570 K32GetProcessMemoryInfo
0x140396578 SetHandleInformation
0x140396580 CancelIo
0x140396588 SwitchToThread
0x140396590 SetFileCompletionNotificationModes
0x140396598 LoadLibraryExW
0x1403965a0 FormatMessageA
0x1403965a8 SetErrorMode
0x1403965b0 GetQueuedCompletionStatus
0x1403965b8 TryEnterCriticalSection
0x1403965c0 InitializeConditionVariable
0x1403965c8 WakeConditionVariable
0x1403965d0 WakeAllConditionVariable
0x1403965d8 SleepConditionVariableCS
0x1403965e0 ReleaseSemaphore
0x1403965e8 ResumeThread
0x1403965f0 GetNativeSystemInfo
0x1403965f8 CreateSemaphoreA
0x140396600 ConnectNamedPipe
0x140396608 PeekNamedPipe
0x140396610 CreateNamedPipeW
0x140396618 CancelIoEx
0x140396620 CancelSynchronousIo
0x140396628 TerminateProcess
0x140396630 GetExitCodeProcess
0x140396638 UnregisterWaitEx
0x140396640 LCMapStringW
0x140396648 DebugBreak
0x140396650 GetModuleHandleA
0x140396658 GetStartupInfoW
0x140396660 GetModuleFileNameA
0x140396668 GetVersionExA
0x140396670 GetProcessAffinityMask
0x140396678 SetProcessAffinityMask
0x140396680 SetThreadAffinityMask
0x140396688 GetComputerNameA
0x140396690 RtlVirtualUnwind
0x140396698 RtlLookupFunctionEntry
0x1403966a0 RtlCaptureContext
0x1403966a8 CreateEventW
0x1403966b0 GetStringTypeW
0x1403966b8 GetStdHandle
0x1403966c0 WriteConsoleW
0x1403966c8 GetFinalPathNameByHandleW
0x1403966d0 UnhandledExceptionFilter
0x1403966d8 IsProcessorFeaturePresent
0x1403966e0 IsDebuggerPresent
0x1403966e8 InitializeSListHead
0x1403966f0 RtlUnwindEx
0x1403966f8 RtlPcToFileHeader
0x140396700 RaiseException
0x140396708 SetStdHandle
0x140396710 GetCommandLineA
0x140396718 GetCommandLineW
0x140396720 CreateThread
0x140396728 ExitThread
0x140396730 FreeLibraryAndExitThread
0x140396738 GetDriveTypeW
0x140396740 SystemTimeToTzSpecificLocalTime
0x140396748 ExitProcess
0x140396750 GetFileAttributesExW
0x140396758 SetFileAttributesW
0x140396760 GetConsoleCP
0x140396768 CompareStringW
0x140396770 GetLocaleInfoW
0x140396778 IsValidLocale
0x140396780 GetUserDefaultLCID
0x140396788 EnumSystemLocalesW
0x140396790 HeapReAlloc
0x140396798 GetTimeZoneInformation
0x1403967a0 HeapSize
0x1403967a8 SetEndOfFile
0x1403967b0 FindFirstFileExW
0x1403967b8 IsValidCodePage
0x1403967c0 GetACP
0x1403967c8 GetOEMCP
0x1403967d0 GetFileInformationByHandle
0x1403967d8 InitializeSRWLock
0x1403967e0 ReleaseSRWLockExclusive
0x1403967e8 AcquireSRWLockExclusive
0x1403967f0 InitializeCriticalSectionEx
0x1403967f8 WaitForSingleObjectEx
0x140396800 GetExitCodeThread
0x140396808 SleepConditionVariableSRW
0x140396810 EncodePointer
0x140396818 DecodePointer
0x140396820 LCMapStringEx
0x140396828 CompareStringEx
0x140396830 GetCPInfo
USER32.dll
0x140396850 GetProcessWindowStation
0x140396858 GetUserObjectInformationW
0x140396860 ShowWindow
0x140396868 GetLastInputInfo
0x140396870 DispatchMessageA
0x140396878 GetMessageA
0x140396880 GetSystemMetrics
0x140396888 MapVirtualKeyW
0x140396890 TranslateMessage
0x140396898 MessageBoxW
SHELL32.dll
0x140396840 SHGetSpecialFolderPathA
ole32.dll
0x1403969b8 CoInitializeEx
0x1403969c0 CoCreateInstance
0x1403969c8 CoUninitialize
ADVAPI32.dll
0x140396000 SystemFunction036
0x140396008 GetUserNameW
0x140396010 CryptEnumProvidersW
0x140396018 CryptSignHashW
0x140396020 CryptDestroyHash
0x140396028 CryptCreateHash
0x140396030 CryptDecrypt
0x140396038 CryptExportKey
0x140396040 CryptGetUserKey
0x140396048 CryptGetProvParam
0x140396050 CryptSetHashParam
0x140396058 CryptDestroyKey
0x140396060 CryptReleaseContext
0x140396068 CryptAcquireContextW
0x140396070 ReportEventW
0x140396078 RegisterEventSourceW
0x140396080 DeregisterEventSource
0x140396088 CreateServiceW
0x140396090 QueryServiceStatus
0x140396098 CloseServiceHandle
0x1403960a0 OpenSCManagerW
0x1403960a8 QueryServiceConfigA
0x1403960b0 DeleteService
0x1403960b8 ControlService
0x1403960c0 StartServiceW
0x1403960c8 OpenServiceW
0x1403960d0 LookupPrivilegeValueW
0x1403960d8 AdjustTokenPrivileges
0x1403960e0 OpenProcessToken
0x1403960e8 LsaOpenPolicy
0x1403960f0 LsaAddAccountRights
0x1403960f8 LsaClose
0x140396100 GetTokenInformation
crypt.dll
0x1403969a8 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x1403968b8 recv
0x1403968c0 ntohs
0x1403968c8 htons
0x1403968d0 send
0x1403968d8 WSASetLastError
0x1403968e0 WSAGetLastError
0x1403968e8 select
0x1403968f0 WSARecvFrom
0x1403968f8 WSASocketW
0x140396900 WSASend
0x140396908 WSARecv
0x140396910 WSAIoctl
0x140396918 gethostname
0x140396920 WSADuplicateSocketW
0x140396928 shutdown
0x140396930 getpeername
0x140396938 FreeAddrInfoW
0x140396940 GetAddrInfoW
0x140396948 htonl
0x140396950 socket
0x140396958 setsockopt
0x140396960 listen
0x140396968 closesocket
0x140396970 ind
0x140396978 WSACleanup
0x140396980 WSAStartup
0x140396988 getsockopt
0x140396990 getsockname
0x140396998 ioctlsocket
IPHLPAPI.DLL
0x140396150 GetAdaptersAddresses
USERENV.dll
0x1403968a8 GetUserProfileDirectoryW
CRYPT32.dll
0x140396110 CertOpenStore
0x140396118 CertCloseStore
0x140396120 CertEnumCertificatesInStore
0x140396128 CertGetCertificateContextProperty
0x140396130 CertDuplicateCertificateContext
0x140396138 CertFreeCertificateContext
0x140396140 CertFindCertificateInStore
KERNEL32.dll
0x140396160 SetConsoleMode
0x140396168 GetConsoleMode
0x140396170 QueryPerformanceFrequency
0x140396178 QueryPerformanceCounter
0x140396180 SizeofResource
0x140396188 LockResource
0x140396190 LoadResource
0x140396198 FindResourceW
0x1403961a0 ExpandEnvironmentStringsA
0x1403961a8 GetConsoleWindow
0x1403961b0 GetSystemFirmwareTable
0x1403961b8 HeapFree
0x1403961c0 HeapAlloc
0x1403961c8 GetProcessHeap
0x1403961d0 MultiByteToWideChar
0x1403961d8 SetPriorityClass
0x1403961e0 GetCurrentProcess
0x1403961e8 SetThreadPriority
0x1403961f0 GetSystemPowerStatus
0x1403961f8 GetCurrentThread
0x140396200 GetProcAddress
0x140396208 GetModuleHandleW
0x140396210 GetTickCount
0x140396218 CloseHandle
0x140396220 FreeConsole
0x140396228 VirtualProtect
0x140396230 VirtualFree
0x140396238 VirtualAlloc
0x140396240 GetLargePageMinimum
0x140396248 LocalAlloc
0x140396250 GetLastError
0x140396258 LocalFree
0x140396260 FlushInstructionCache
0x140396268 GetCurrentThreadId
0x140396270 AddVectoredExceptionHandler
0x140396278 DeviceIoControl
0x140396280 GetModuleFileNameW
0x140396288 CreateFileW
0x140396290 SetLastError
0x140396298 GetSystemTime
0x1403962a0 SystemTimeToFileTime
0x1403962a8 GetModuleHandleExW
0x1403962b0 EnterCriticalSection
0x1403962b8 LeaveCriticalSection
0x1403962c0 InitializeCriticalSectionAndSpinCount
0x1403962c8 DeleteCriticalSection
0x1403962d0 TlsAlloc
0x1403962d8 TlsGetValue
0x1403962e0 TlsSetValue
0x1403962e8 TlsFree
0x1403962f0 SwitchToFiber
0x1403962f8 DeleteFiber
0x140396300 CreateFiber
0x140396308 FindClose
0x140396310 FindFirstFileW
0x140396318 FindNextFileW
0x140396320 WideCharToMultiByte
0x140396328 GetFileType
0x140396330 WriteFile
0x140396338 ConvertFiberToThread
0x140396340 ConvertThreadToFiber
0x140396348 GetCurrentProcessId
0x140396350 GetSystemTimeAsFileTime
0x140396358 FreeLibrary
0x140396360 LoadLibraryA
0x140396368 LoadLibraryW
0x140396370 GetEnvironmentVariableW
0x140396378 ReadConsoleA
0x140396380 ReadConsoleW
0x140396388 PostQueuedCompletionStatus
0x140396390 CreateFileA
0x140396398 DuplicateHandle
0x1403963a0 SetEvent
0x1403963a8 ResetEvent
0x1403963b0 WaitForSingleObject
0x1403963b8 CreateEventA
0x1403963c0 Sleep
0x1403963c8 QueueUserWorkItem
0x1403963d0 RegisterWaitForSingleObject
0x1403963d8 UnregisterWait
0x1403963e0 GetNumberOfConsoleInputEvents
0x1403963e8 ReadConsoleInputW
0x1403963f0 FillConsoleOutputCharacterW
0x1403963f8 FillConsoleOutputAttribute
0x140396400 GetConsoleCursorInfo
0x140396408 SetConsoleCursorInfo
0x140396410 GetConsoleScreenBufferInfo
0x140396418 SetConsoleCursorPosition
0x140396420 SetConsoleTextAttribute
0x140396428 WriteConsoleInputW
0x140396430 CreateDirectoryW
0x140396438 FlushFileBuffers
0x140396440 GetDiskFreeSpaceW
0x140396448 GetFileAttributesW
0x140396450 SetUnhandledExceptionFilter
0x140396458 GetFileSizeEx
0x140396460 SetConsoleTitleA
0x140396468 GetFullPathNameW
0x140396470 ReadFile
0x140396478 RemoveDirectoryW
0x140396480 SetFilePointerEx
0x140396488 SetFileTime
0x140396490 GetSystemInfo
0x140396498 MapViewOfFile
0x1403964a0 FlushViewOfFile
0x1403964a8 UnmapViewOfFile
0x1403964b0 CreateFileMappingA
0x1403964b8 ReOpenFile
0x1403964c0 CopyFileW
0x1403964c8 MoveFileExW
0x1403964d0 CreateHardLinkW
0x1403964d8 GetFileInformationByHandleEx
0x1403964e0 CreateSymbolicLinkW
0x1403964e8 InitializeCriticalSection
0x1403964f0 SetConsoleCtrlHandler
0x1403964f8 GetCurrentDirectoryW
0x140396500 GetLongPathNameW
0x140396508 GetShortPathNameW
0x140396510 CreateIoCompletionPort
0x140396518 ReadDirectoryChangesW
0x140396520 VerSetConditionMask
0x140396528 GetEnvironmentStringsW
0x140396530 FreeEnvironmentStringsW
0x140396538 SetEnvironmentVariableW
0x140396540 SetCurrentDirectoryW
0x140396548 GetTempPathW
0x140396550 GlobalMemoryStatusEx
0x140396558 VerifyVersionInfoA
0x140396560 FileTimeToSystemTime
0x140396568 RtlUnwind
0x140396570 K32GetProcessMemoryInfo
0x140396578 SetHandleInformation
0x140396580 CancelIo
0x140396588 SwitchToThread
0x140396590 SetFileCompletionNotificationModes
0x140396598 LoadLibraryExW
0x1403965a0 FormatMessageA
0x1403965a8 SetErrorMode
0x1403965b0 GetQueuedCompletionStatus
0x1403965b8 TryEnterCriticalSection
0x1403965c0 InitializeConditionVariable
0x1403965c8 WakeConditionVariable
0x1403965d0 WakeAllConditionVariable
0x1403965d8 SleepConditionVariableCS
0x1403965e0 ReleaseSemaphore
0x1403965e8 ResumeThread
0x1403965f0 GetNativeSystemInfo
0x1403965f8 CreateSemaphoreA
0x140396600 ConnectNamedPipe
0x140396608 PeekNamedPipe
0x140396610 CreateNamedPipeW
0x140396618 CancelIoEx
0x140396620 CancelSynchronousIo
0x140396628 TerminateProcess
0x140396630 GetExitCodeProcess
0x140396638 UnregisterWaitEx
0x140396640 LCMapStringW
0x140396648 DebugBreak
0x140396650 GetModuleHandleA
0x140396658 GetStartupInfoW
0x140396660 GetModuleFileNameA
0x140396668 GetVersionExA
0x140396670 GetProcessAffinityMask
0x140396678 SetProcessAffinityMask
0x140396680 SetThreadAffinityMask
0x140396688 GetComputerNameA
0x140396690 RtlVirtualUnwind
0x140396698 RtlLookupFunctionEntry
0x1403966a0 RtlCaptureContext
0x1403966a8 CreateEventW
0x1403966b0 GetStringTypeW
0x1403966b8 GetStdHandle
0x1403966c0 WriteConsoleW
0x1403966c8 GetFinalPathNameByHandleW
0x1403966d0 UnhandledExceptionFilter
0x1403966d8 IsProcessorFeaturePresent
0x1403966e0 IsDebuggerPresent
0x1403966e8 InitializeSListHead
0x1403966f0 RtlUnwindEx
0x1403966f8 RtlPcToFileHeader
0x140396700 RaiseException
0x140396708 SetStdHandle
0x140396710 GetCommandLineA
0x140396718 GetCommandLineW
0x140396720 CreateThread
0x140396728 ExitThread
0x140396730 FreeLibraryAndExitThread
0x140396738 GetDriveTypeW
0x140396740 SystemTimeToTzSpecificLocalTime
0x140396748 ExitProcess
0x140396750 GetFileAttributesExW
0x140396758 SetFileAttributesW
0x140396760 GetConsoleCP
0x140396768 CompareStringW
0x140396770 GetLocaleInfoW
0x140396778 IsValidLocale
0x140396780 GetUserDefaultLCID
0x140396788 EnumSystemLocalesW
0x140396790 HeapReAlloc
0x140396798 GetTimeZoneInformation
0x1403967a0 HeapSize
0x1403967a8 SetEndOfFile
0x1403967b0 FindFirstFileExW
0x1403967b8 IsValidCodePage
0x1403967c0 GetACP
0x1403967c8 GetOEMCP
0x1403967d0 GetFileInformationByHandle
0x1403967d8 InitializeSRWLock
0x1403967e0 ReleaseSRWLockExclusive
0x1403967e8 AcquireSRWLockExclusive
0x1403967f0 InitializeCriticalSectionEx
0x1403967f8 WaitForSingleObjectEx
0x140396800 GetExitCodeThread
0x140396808 SleepConditionVariableSRW
0x140396810 EncodePointer
0x140396818 DecodePointer
0x140396820 LCMapStringEx
0x140396828 CompareStringEx
0x140396830 GetCPInfo
USER32.dll
0x140396850 GetProcessWindowStation
0x140396858 GetUserObjectInformationW
0x140396860 ShowWindow
0x140396868 GetLastInputInfo
0x140396870 DispatchMessageA
0x140396878 GetMessageA
0x140396880 GetSystemMetrics
0x140396888 MapVirtualKeyW
0x140396890 TranslateMessage
0x140396898 MessageBoxW
SHELL32.dll
0x140396840 SHGetSpecialFolderPathA
ole32.dll
0x1403969b8 CoInitializeEx
0x1403969c0 CoCreateInstance
0x1403969c8 CoUninitialize
ADVAPI32.dll
0x140396000 SystemFunction036
0x140396008 GetUserNameW
0x140396010 CryptEnumProvidersW
0x140396018 CryptSignHashW
0x140396020 CryptDestroyHash
0x140396028 CryptCreateHash
0x140396030 CryptDecrypt
0x140396038 CryptExportKey
0x140396040 CryptGetUserKey
0x140396048 CryptGetProvParam
0x140396050 CryptSetHashParam
0x140396058 CryptDestroyKey
0x140396060 CryptReleaseContext
0x140396068 CryptAcquireContextW
0x140396070 ReportEventW
0x140396078 RegisterEventSourceW
0x140396080 DeregisterEventSource
0x140396088 CreateServiceW
0x140396090 QueryServiceStatus
0x140396098 CloseServiceHandle
0x1403960a0 OpenSCManagerW
0x1403960a8 QueryServiceConfigA
0x1403960b0 DeleteService
0x1403960b8 ControlService
0x1403960c0 StartServiceW
0x1403960c8 OpenServiceW
0x1403960d0 LookupPrivilegeValueW
0x1403960d8 AdjustTokenPrivileges
0x1403960e0 OpenProcessToken
0x1403960e8 LsaOpenPolicy
0x1403960f0 LsaAddAccountRights
0x1403960f8 LsaClose
0x140396100 GetTokenInformation
crypt.dll
0x1403969a8 BCryptGenRandom
EAT(Export Address Table) is none