ScreenShot
| Created | 2024.07.08 17:08 | Machine | s1_win7_x6403 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (AIDetectMalware, Miner, tstT, Windows, Cryptominer, Malicious, score, CoinMiner, Artemis, Unsafe, MiscX, RiskTool, BitMiner, kmlecm, HackTool, XMRMiner, CLASSIC, PotentialRisk, Tool, BtcMine, Real Protect, XMRig Miner, conl, Bitcoinminer, Detected, ai score=76, GrayWare, XMRig, ApplicUnwnt@#17lxgrjukmbyh, Eldorado, Miner3, R002H0CDN24, Gencirc, 3A7UmKm9TjY, Static AI, Malicious PE, susgen) | ||
| md5 | c0f8959614ae06561216158d78a787e5 | ||
| sha256 | e199d88569fb54346d5fa20ee7b59b2ea6f16f4ecca3ea1e1c937b11aab7b2b0 | ||
| ssdeep | 98304:AwHlVzThdquIJ3mH6KfTSr2tJCkN3dOauqMAC2Taf43TZquOE2:fVz5CkN3dXuq9Taf4jLt2 | ||
| imphash | 12806e48b853545b536463546db4baa1 | ||
| impfuzzy | 96:oPy57iDLULX1ojQW5WNqpxgIJkIWr8fcg+uXCavLuc6Z7etGBgiM3DwOXtiIX/rM:j5NFWQW5WNqpxPkIW+KrVXE7X/rbI | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14041b908 WSASetLastError
0x14041b910 send
0x14041b918 recv
0x14041b920 ntohs
0x14041b928 htons
0x14041b930 htonl
0x14041b938 inet_addr
0x14041b940 inet_ntoa
0x14041b948 gethostbyaddr
0x14041b950 WSAGetLastError
0x14041b958 WSAIoctl
0x14041b960 gethostbyname
0x14041b968 WSARecvFrom
0x14041b970 WSASocketW
0x14041b978 WSASend
0x14041b980 WSARecv
0x14041b988 gethostname
0x14041b990 WSADuplicateSocketW
0x14041b998 getpeername
0x14041b9a0 FreeAddrInfoW
0x14041b9a8 GetAddrInfoW
0x14041b9b0 shutdown
0x14041b9b8 socket
0x14041b9c0 setsockopt
0x14041b9c8 listen
0x14041b9d0 connect
0x14041b9d8 closesocket
0x14041b9e0 ind
0x14041b9e8 WSACleanup
0x14041b9f0 WSAStartup
0x14041b9f8 select
0x14041ba00 getsockopt
0x14041ba08 getsockname
0x14041ba10 ioctlsocket
0x14041ba18 getservbyname
0x14041ba20 getservbyport
IPHLPAPI.DLL
0x14041b150 GetAdaptersAddresses
USERENV.dll
0x14041b8f8 GetUserProfileDirectoryW
CRYPT32.dll
0x14041b110 CertFreeCertificateContext
0x14041b118 CertFindCertificateInStore
0x14041b120 CertEnumCertificatesInStore
0x14041b128 CertCloseStore
0x14041b130 CertOpenStore
0x14041b138 CertGetCertificateContextProperty
0x14041b140 CertDuplicateCertificateContext
KERNEL32.dll
0x14041b160 GetStringTypeW
0x14041b168 InitializeCriticalSectionAndSpinCount
0x14041b170 WriteConsoleW
0x14041b178 SetConsoleTitleA
0x14041b180 GetStdHandle
0x14041b188 SetConsoleMode
0x14041b190 GetConsoleMode
0x14041b198 QueryPerformanceFrequency
0x14041b1a0 QueryPerformanceCounter
0x14041b1a8 SizeofResource
0x14041b1b0 LockResource
0x14041b1b8 LoadResource
0x14041b1c0 FindResourceW
0x14041b1c8 ExpandEnvironmentStringsA
0x14041b1d0 GetConsoleWindow
0x14041b1d8 GetSystemFirmwareTable
0x14041b1e0 HeapFree
0x14041b1e8 HeapAlloc
0x14041b1f0 GetProcessHeap
0x14041b1f8 MultiByteToWideChar
0x14041b200 SetPriorityClass
0x14041b208 GetCurrentProcess
0x14041b210 SetThreadPriority
0x14041b218 GetSystemPowerStatus
0x14041b220 GetCurrentThread
0x14041b228 GetProcAddress
0x14041b230 GetModuleHandleW
0x14041b238 GetTickCount
0x14041b240 CloseHandle
0x14041b248 FreeConsole
0x14041b250 VirtualProtect
0x14041b258 VirtualFree
0x14041b260 VirtualAlloc
0x14041b268 GetLargePageMinimum
0x14041b270 LocalAlloc
0x14041b278 GetLastError
0x14041b280 LocalFree
0x14041b288 FlushInstructionCache
0x14041b290 GetCurrentThreadId
0x14041b298 AddVectoredExceptionHandler
0x14041b2a0 DeviceIoControl
0x14041b2a8 GetModuleFileNameW
0x14041b2b0 CreateFileW
0x14041b2b8 SetLastError
0x14041b2c0 GetSystemTime
0x14041b2c8 SystemTimeToFileTime
0x14041b2d0 GetModuleHandleExW
0x14041b2d8 Sleep
0x14041b2e0 InitializeSRWLock
0x14041b2e8 ReleaseSRWLockExclusive
0x14041b2f0 ReleaseSRWLockShared
0x14041b2f8 AcquireSRWLockExclusive
0x14041b300 AcquireSRWLockShared
0x14041b308 TlsAlloc
0x14041b310 TlsGetValue
0x14041b318 TlsSetValue
0x14041b320 TlsFree
0x14041b328 GetSystemInfo
0x14041b330 SwitchToFiber
0x14041b338 DeleteFiber
0x14041b340 CreateFiberEx
0x14041b348 FindClose
0x14041b350 FindFirstFileW
0x14041b358 FindNextFileW
0x14041b360 WideCharToMultiByte
0x14041b368 GetSystemDirectoryA
0x14041b370 FreeLibrary
0x14041b378 LoadLibraryA
0x14041b380 FormatMessageA
0x14041b388 GetFileType
0x14041b390 WriteFile
0x14041b398 GetEnvironmentVariableW
0x14041b3a0 GetACP
0x14041b3a8 ConvertFiberToThread
0x14041b3b0 ConvertThreadToFiberEx
0x14041b3b8 GetCurrentProcessId
0x14041b3c0 GetSystemTimeAsFileTime
0x14041b3c8 LoadLibraryW
0x14041b3d0 ReadConsoleA
0x14041b3d8 ReadConsoleW
0x14041b3e0 PostQueuedCompletionStatus
0x14041b3e8 CreateFileA
0x14041b3f0 DuplicateHandle
0x14041b3f8 SetEvent
0x14041b400 ResetEvent
0x14041b408 WaitForSingleObject
0x14041b410 CreateEventA
0x14041b418 QueueUserWorkItem
0x14041b420 RegisterWaitForSingleObject
0x14041b428 UnregisterWait
0x14041b430 GetNumberOfConsoleInputEvents
0x14041b438 ReadConsoleInputW
0x14041b440 FillConsoleOutputCharacterW
0x14041b448 FillConsoleOutputAttribute
0x14041b450 GetConsoleCursorInfo
0x14041b458 SetConsoleCursorInfo
0x14041b460 GetConsoleScreenBufferInfo
0x14041b468 SetConsoleCursorPosition
0x14041b470 SetConsoleTextAttribute
0x14041b478 WriteConsoleInputW
0x14041b480 CreateDirectoryW
0x14041b488 FlushFileBuffers
0x14041b490 GetDiskFreeSpaceW
0x14041b498 GetFileAttributesW
0x14041b4a0 GetFileInformationByHandle
0x14041b4a8 CreateEventW
0x14041b4b0 RtlCaptureContext
0x14041b4b8 GetFullPathNameW
0x14041b4c0 ReadFile
0x14041b4c8 RemoveDirectoryW
0x14041b4d0 SetFilePointerEx
0x14041b4d8 SetFileTime
0x14041b4e0 MapViewOfFile
0x14041b4e8 FlushViewOfFile
0x14041b4f0 UnmapViewOfFile
0x14041b4f8 CreateFileMappingA
0x14041b500 ReOpenFile
0x14041b508 CopyFileW
0x14041b510 MoveFileExW
0x14041b518 CreateHardLinkW
0x14041b520 GetFileInformationByHandleEx
0x14041b528 CreateSymbolicLinkW
0x14041b530 InitializeCriticalSection
0x14041b538 EnterCriticalSection
0x14041b540 LeaveCriticalSection
0x14041b548 TryEnterCriticalSection
0x14041b550 DeleteCriticalSection
0x14041b558 InitializeConditionVariable
0x14041b560 WakeConditionVariable
0x14041b568 WakeAllConditionVariable
0x14041b570 SleepConditionVariableCS
0x14041b578 ReleaseSemaphore
0x14041b580 ResumeThread
0x14041b588 GetNativeSystemInfo
0x14041b590 GetProcessAffinityMask
0x14041b598 SetThreadAffinityMask
0x14041b5a0 CreateSemaphoreA
0x14041b5a8 SetConsoleCtrlHandler
0x14041b5b0 GetCurrentDirectoryW
0x14041b5b8 GetLongPathNameW
0x14041b5c0 RtlUnwind
0x14041b5c8 CreateIoCompletionPort
0x14041b5d0 ReadDirectoryChangesW
0x14041b5d8 GetEnvironmentStringsW
0x14041b5e0 FreeEnvironmentStringsW
0x14041b5e8 SetEnvironmentVariableW
0x14041b5f0 SetCurrentDirectoryW
0x14041b5f8 GetTempPathW
0x14041b600 GlobalMemoryStatusEx
0x14041b608 FileTimeToSystemTime
0x14041b610 K32GetProcessMemoryInfo
0x14041b618 SetHandleInformation
0x14041b620 CancelIoEx
0x14041b628 CancelIo
0x14041b630 SwitchToThread
0x14041b638 SetFileCompletionNotificationModes
0x14041b640 LoadLibraryExW
0x14041b648 SetErrorMode
0x14041b650 GetQueuedCompletionStatus
0x14041b658 ConnectNamedPipe
0x14041b660 SetNamedPipeHandleState
0x14041b668 PeekNamedPipe
0x14041b670 CreateNamedPipeW
0x14041b678 CancelSynchronousIo
0x14041b680 GetNamedPipeHandleStateA
0x14041b688 GetNamedPipeClientProcessId
0x14041b690 GetNamedPipeServerProcessId
0x14041b698 TerminateProcess
0x14041b6a0 GetExitCodeProcess
0x14041b6a8 UnregisterWaitEx
0x14041b6b0 LCMapStringW
0x14041b6b8 DebugBreak
0x14041b6c0 GetModuleHandleA
0x14041b6c8 LoadLibraryExA
0x14041b6d0 GetStartupInfoW
0x14041b6d8 GetModuleFileNameA
0x14041b6e0 GetVersionExA
0x14041b6e8 SetProcessAffinityMask
0x14041b6f0 GetComputerNameA
0x14041b6f8 FlsFree
0x14041b700 FlsSetValue
0x14041b708 FlsGetValue
0x14041b710 FlsAlloc
0x14041b718 GetCPInfo
0x14041b720 RtlLookupFunctionEntry
0x14041b728 GetFinalPathNameByHandleW
0x14041b730 RtlVirtualUnwind
0x14041b738 UnhandledExceptionFilter
0x14041b740 SetUnhandledExceptionFilter
0x14041b748 IsProcessorFeaturePresent
0x14041b750 IsDebuggerPresent
0x14041b758 InitializeSListHead
0x14041b760 RtlUnwindEx
0x14041b768 RtlPcToFileHeader
0x14041b770 RaiseException
0x14041b778 SetStdHandle
0x14041b780 GetCommandLineA
0x14041b788 GetCommandLineW
0x14041b790 CreateThread
0x14041b798 ExitThread
0x14041b7a0 FreeLibraryAndExitThread
0x14041b7a8 GetDriveTypeW
0x14041b7b0 SystemTimeToTzSpecificLocalTime
0x14041b7b8 ExitProcess
0x14041b7c0 GetFileAttributesExW
0x14041b7c8 SetFileAttributesW
0x14041b7d0 GetConsoleOutputCP
0x14041b7d8 CompareStringW
0x14041b7e0 GetLocaleInfoW
0x14041b7e8 IsValidLocale
0x14041b7f0 GetUserDefaultLCID
0x14041b7f8 EnumSystemLocalesW
0x14041b800 HeapReAlloc
0x14041b808 GetTimeZoneInformation
0x14041b810 HeapSize
0x14041b818 SetEndOfFile
0x14041b820 FindFirstFileExW
0x14041b828 IsValidCodePage
0x14041b830 GetOEMCP
0x14041b838 GetFileSizeEx
0x14041b840 GetShortPathNameW
0x14041b848 CompareStringEx
0x14041b850 LCMapStringEx
0x14041b858 InitializeCriticalSectionEx
0x14041b860 WaitForSingleObjectEx
0x14041b868 GetExitCodeThread
0x14041b870 SleepConditionVariableSRW
0x14041b878 EncodePointer
0x14041b880 DecodePointer
USER32.dll
0x14041b8a0 GetLastInputInfo
0x14041b8a8 MessageBoxW
0x14041b8b0 GetProcessWindowStation
0x14041b8b8 TranslateMessage
0x14041b8c0 GetUserObjectInformationW
0x14041b8c8 ShowWindow
0x14041b8d0 DispatchMessageA
0x14041b8d8 GetSystemMetrics
0x14041b8e0 MapVirtualKeyW
0x14041b8e8 GetMessageA
SHELL32.dll
0x14041b890 SHGetSpecialFolderPathA
ole32.dll
0x14041ba40 CoInitializeEx
0x14041ba48 CoUninitialize
0x14041ba50 CoCreateInstance
ADVAPI32.dll
0x14041b000 SystemFunction036
0x14041b008 GetUserNameW
0x14041b010 ReportEventW
0x14041b018 RegisterEventSourceW
0x14041b020 DeregisterEventSource
0x14041b028 CryptEnumProvidersW
0x14041b030 CryptSignHashW
0x14041b038 CryptDestroyHash
0x14041b040 CryptCreateHash
0x14041b048 CryptDecrypt
0x14041b050 CryptExportKey
0x14041b058 CryptGetUserKey
0x14041b060 CryptGetProvParam
0x14041b068 CryptSetHashParam
0x14041b070 CryptDestroyKey
0x14041b078 CryptReleaseContext
0x14041b080 CryptAcquireContextW
0x14041b088 CreateServiceW
0x14041b090 QueryServiceStatus
0x14041b098 CloseServiceHandle
0x14041b0a0 OpenSCManagerW
0x14041b0a8 QueryServiceConfigA
0x14041b0b0 DeleteService
0x14041b0b8 ControlService
0x14041b0c0 StartServiceW
0x14041b0c8 OpenServiceW
0x14041b0d0 LookupPrivilegeValueW
0x14041b0d8 AdjustTokenPrivileges
0x14041b0e0 OpenProcessToken
0x14041b0e8 LsaOpenPolicy
0x14041b0f0 LsaAddAccountRights
0x14041b0f8 LsaClose
0x14041b100 GetTokenInformation
crypt.dll
0x14041ba30 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14041b908 WSASetLastError
0x14041b910 send
0x14041b918 recv
0x14041b920 ntohs
0x14041b928 htons
0x14041b930 htonl
0x14041b938 inet_addr
0x14041b940 inet_ntoa
0x14041b948 gethostbyaddr
0x14041b950 WSAGetLastError
0x14041b958 WSAIoctl
0x14041b960 gethostbyname
0x14041b968 WSARecvFrom
0x14041b970 WSASocketW
0x14041b978 WSASend
0x14041b980 WSARecv
0x14041b988 gethostname
0x14041b990 WSADuplicateSocketW
0x14041b998 getpeername
0x14041b9a0 FreeAddrInfoW
0x14041b9a8 GetAddrInfoW
0x14041b9b0 shutdown
0x14041b9b8 socket
0x14041b9c0 setsockopt
0x14041b9c8 listen
0x14041b9d0 connect
0x14041b9d8 closesocket
0x14041b9e0 ind
0x14041b9e8 WSACleanup
0x14041b9f0 WSAStartup
0x14041b9f8 select
0x14041ba00 getsockopt
0x14041ba08 getsockname
0x14041ba10 ioctlsocket
0x14041ba18 getservbyname
0x14041ba20 getservbyport
IPHLPAPI.DLL
0x14041b150 GetAdaptersAddresses
USERENV.dll
0x14041b8f8 GetUserProfileDirectoryW
CRYPT32.dll
0x14041b110 CertFreeCertificateContext
0x14041b118 CertFindCertificateInStore
0x14041b120 CertEnumCertificatesInStore
0x14041b128 CertCloseStore
0x14041b130 CertOpenStore
0x14041b138 CertGetCertificateContextProperty
0x14041b140 CertDuplicateCertificateContext
KERNEL32.dll
0x14041b160 GetStringTypeW
0x14041b168 InitializeCriticalSectionAndSpinCount
0x14041b170 WriteConsoleW
0x14041b178 SetConsoleTitleA
0x14041b180 GetStdHandle
0x14041b188 SetConsoleMode
0x14041b190 GetConsoleMode
0x14041b198 QueryPerformanceFrequency
0x14041b1a0 QueryPerformanceCounter
0x14041b1a8 SizeofResource
0x14041b1b0 LockResource
0x14041b1b8 LoadResource
0x14041b1c0 FindResourceW
0x14041b1c8 ExpandEnvironmentStringsA
0x14041b1d0 GetConsoleWindow
0x14041b1d8 GetSystemFirmwareTable
0x14041b1e0 HeapFree
0x14041b1e8 HeapAlloc
0x14041b1f0 GetProcessHeap
0x14041b1f8 MultiByteToWideChar
0x14041b200 SetPriorityClass
0x14041b208 GetCurrentProcess
0x14041b210 SetThreadPriority
0x14041b218 GetSystemPowerStatus
0x14041b220 GetCurrentThread
0x14041b228 GetProcAddress
0x14041b230 GetModuleHandleW
0x14041b238 GetTickCount
0x14041b240 CloseHandle
0x14041b248 FreeConsole
0x14041b250 VirtualProtect
0x14041b258 VirtualFree
0x14041b260 VirtualAlloc
0x14041b268 GetLargePageMinimum
0x14041b270 LocalAlloc
0x14041b278 GetLastError
0x14041b280 LocalFree
0x14041b288 FlushInstructionCache
0x14041b290 GetCurrentThreadId
0x14041b298 AddVectoredExceptionHandler
0x14041b2a0 DeviceIoControl
0x14041b2a8 GetModuleFileNameW
0x14041b2b0 CreateFileW
0x14041b2b8 SetLastError
0x14041b2c0 GetSystemTime
0x14041b2c8 SystemTimeToFileTime
0x14041b2d0 GetModuleHandleExW
0x14041b2d8 Sleep
0x14041b2e0 InitializeSRWLock
0x14041b2e8 ReleaseSRWLockExclusive
0x14041b2f0 ReleaseSRWLockShared
0x14041b2f8 AcquireSRWLockExclusive
0x14041b300 AcquireSRWLockShared
0x14041b308 TlsAlloc
0x14041b310 TlsGetValue
0x14041b318 TlsSetValue
0x14041b320 TlsFree
0x14041b328 GetSystemInfo
0x14041b330 SwitchToFiber
0x14041b338 DeleteFiber
0x14041b340 CreateFiberEx
0x14041b348 FindClose
0x14041b350 FindFirstFileW
0x14041b358 FindNextFileW
0x14041b360 WideCharToMultiByte
0x14041b368 GetSystemDirectoryA
0x14041b370 FreeLibrary
0x14041b378 LoadLibraryA
0x14041b380 FormatMessageA
0x14041b388 GetFileType
0x14041b390 WriteFile
0x14041b398 GetEnvironmentVariableW
0x14041b3a0 GetACP
0x14041b3a8 ConvertFiberToThread
0x14041b3b0 ConvertThreadToFiberEx
0x14041b3b8 GetCurrentProcessId
0x14041b3c0 GetSystemTimeAsFileTime
0x14041b3c8 LoadLibraryW
0x14041b3d0 ReadConsoleA
0x14041b3d8 ReadConsoleW
0x14041b3e0 PostQueuedCompletionStatus
0x14041b3e8 CreateFileA
0x14041b3f0 DuplicateHandle
0x14041b3f8 SetEvent
0x14041b400 ResetEvent
0x14041b408 WaitForSingleObject
0x14041b410 CreateEventA
0x14041b418 QueueUserWorkItem
0x14041b420 RegisterWaitForSingleObject
0x14041b428 UnregisterWait
0x14041b430 GetNumberOfConsoleInputEvents
0x14041b438 ReadConsoleInputW
0x14041b440 FillConsoleOutputCharacterW
0x14041b448 FillConsoleOutputAttribute
0x14041b450 GetConsoleCursorInfo
0x14041b458 SetConsoleCursorInfo
0x14041b460 GetConsoleScreenBufferInfo
0x14041b468 SetConsoleCursorPosition
0x14041b470 SetConsoleTextAttribute
0x14041b478 WriteConsoleInputW
0x14041b480 CreateDirectoryW
0x14041b488 FlushFileBuffers
0x14041b490 GetDiskFreeSpaceW
0x14041b498 GetFileAttributesW
0x14041b4a0 GetFileInformationByHandle
0x14041b4a8 CreateEventW
0x14041b4b0 RtlCaptureContext
0x14041b4b8 GetFullPathNameW
0x14041b4c0 ReadFile
0x14041b4c8 RemoveDirectoryW
0x14041b4d0 SetFilePointerEx
0x14041b4d8 SetFileTime
0x14041b4e0 MapViewOfFile
0x14041b4e8 FlushViewOfFile
0x14041b4f0 UnmapViewOfFile
0x14041b4f8 CreateFileMappingA
0x14041b500 ReOpenFile
0x14041b508 CopyFileW
0x14041b510 MoveFileExW
0x14041b518 CreateHardLinkW
0x14041b520 GetFileInformationByHandleEx
0x14041b528 CreateSymbolicLinkW
0x14041b530 InitializeCriticalSection
0x14041b538 EnterCriticalSection
0x14041b540 LeaveCriticalSection
0x14041b548 TryEnterCriticalSection
0x14041b550 DeleteCriticalSection
0x14041b558 InitializeConditionVariable
0x14041b560 WakeConditionVariable
0x14041b568 WakeAllConditionVariable
0x14041b570 SleepConditionVariableCS
0x14041b578 ReleaseSemaphore
0x14041b580 ResumeThread
0x14041b588 GetNativeSystemInfo
0x14041b590 GetProcessAffinityMask
0x14041b598 SetThreadAffinityMask
0x14041b5a0 CreateSemaphoreA
0x14041b5a8 SetConsoleCtrlHandler
0x14041b5b0 GetCurrentDirectoryW
0x14041b5b8 GetLongPathNameW
0x14041b5c0 RtlUnwind
0x14041b5c8 CreateIoCompletionPort
0x14041b5d0 ReadDirectoryChangesW
0x14041b5d8 GetEnvironmentStringsW
0x14041b5e0 FreeEnvironmentStringsW
0x14041b5e8 SetEnvironmentVariableW
0x14041b5f0 SetCurrentDirectoryW
0x14041b5f8 GetTempPathW
0x14041b600 GlobalMemoryStatusEx
0x14041b608 FileTimeToSystemTime
0x14041b610 K32GetProcessMemoryInfo
0x14041b618 SetHandleInformation
0x14041b620 CancelIoEx
0x14041b628 CancelIo
0x14041b630 SwitchToThread
0x14041b638 SetFileCompletionNotificationModes
0x14041b640 LoadLibraryExW
0x14041b648 SetErrorMode
0x14041b650 GetQueuedCompletionStatus
0x14041b658 ConnectNamedPipe
0x14041b660 SetNamedPipeHandleState
0x14041b668 PeekNamedPipe
0x14041b670 CreateNamedPipeW
0x14041b678 CancelSynchronousIo
0x14041b680 GetNamedPipeHandleStateA
0x14041b688 GetNamedPipeClientProcessId
0x14041b690 GetNamedPipeServerProcessId
0x14041b698 TerminateProcess
0x14041b6a0 GetExitCodeProcess
0x14041b6a8 UnregisterWaitEx
0x14041b6b0 LCMapStringW
0x14041b6b8 DebugBreak
0x14041b6c0 GetModuleHandleA
0x14041b6c8 LoadLibraryExA
0x14041b6d0 GetStartupInfoW
0x14041b6d8 GetModuleFileNameA
0x14041b6e0 GetVersionExA
0x14041b6e8 SetProcessAffinityMask
0x14041b6f0 GetComputerNameA
0x14041b6f8 FlsFree
0x14041b700 FlsSetValue
0x14041b708 FlsGetValue
0x14041b710 FlsAlloc
0x14041b718 GetCPInfo
0x14041b720 RtlLookupFunctionEntry
0x14041b728 GetFinalPathNameByHandleW
0x14041b730 RtlVirtualUnwind
0x14041b738 UnhandledExceptionFilter
0x14041b740 SetUnhandledExceptionFilter
0x14041b748 IsProcessorFeaturePresent
0x14041b750 IsDebuggerPresent
0x14041b758 InitializeSListHead
0x14041b760 RtlUnwindEx
0x14041b768 RtlPcToFileHeader
0x14041b770 RaiseException
0x14041b778 SetStdHandle
0x14041b780 GetCommandLineA
0x14041b788 GetCommandLineW
0x14041b790 CreateThread
0x14041b798 ExitThread
0x14041b7a0 FreeLibraryAndExitThread
0x14041b7a8 GetDriveTypeW
0x14041b7b0 SystemTimeToTzSpecificLocalTime
0x14041b7b8 ExitProcess
0x14041b7c0 GetFileAttributesExW
0x14041b7c8 SetFileAttributesW
0x14041b7d0 GetConsoleOutputCP
0x14041b7d8 CompareStringW
0x14041b7e0 GetLocaleInfoW
0x14041b7e8 IsValidLocale
0x14041b7f0 GetUserDefaultLCID
0x14041b7f8 EnumSystemLocalesW
0x14041b800 HeapReAlloc
0x14041b808 GetTimeZoneInformation
0x14041b810 HeapSize
0x14041b818 SetEndOfFile
0x14041b820 FindFirstFileExW
0x14041b828 IsValidCodePage
0x14041b830 GetOEMCP
0x14041b838 GetFileSizeEx
0x14041b840 GetShortPathNameW
0x14041b848 CompareStringEx
0x14041b850 LCMapStringEx
0x14041b858 InitializeCriticalSectionEx
0x14041b860 WaitForSingleObjectEx
0x14041b868 GetExitCodeThread
0x14041b870 SleepConditionVariableSRW
0x14041b878 EncodePointer
0x14041b880 DecodePointer
USER32.dll
0x14041b8a0 GetLastInputInfo
0x14041b8a8 MessageBoxW
0x14041b8b0 GetProcessWindowStation
0x14041b8b8 TranslateMessage
0x14041b8c0 GetUserObjectInformationW
0x14041b8c8 ShowWindow
0x14041b8d0 DispatchMessageA
0x14041b8d8 GetSystemMetrics
0x14041b8e0 MapVirtualKeyW
0x14041b8e8 GetMessageA
SHELL32.dll
0x14041b890 SHGetSpecialFolderPathA
ole32.dll
0x14041ba40 CoInitializeEx
0x14041ba48 CoUninitialize
0x14041ba50 CoCreateInstance
ADVAPI32.dll
0x14041b000 SystemFunction036
0x14041b008 GetUserNameW
0x14041b010 ReportEventW
0x14041b018 RegisterEventSourceW
0x14041b020 DeregisterEventSource
0x14041b028 CryptEnumProvidersW
0x14041b030 CryptSignHashW
0x14041b038 CryptDestroyHash
0x14041b040 CryptCreateHash
0x14041b048 CryptDecrypt
0x14041b050 CryptExportKey
0x14041b058 CryptGetUserKey
0x14041b060 CryptGetProvParam
0x14041b068 CryptSetHashParam
0x14041b070 CryptDestroyKey
0x14041b078 CryptReleaseContext
0x14041b080 CryptAcquireContextW
0x14041b088 CreateServiceW
0x14041b090 QueryServiceStatus
0x14041b098 CloseServiceHandle
0x14041b0a0 OpenSCManagerW
0x14041b0a8 QueryServiceConfigA
0x14041b0b0 DeleteService
0x14041b0b8 ControlService
0x14041b0c0 StartServiceW
0x14041b0c8 OpenServiceW
0x14041b0d0 LookupPrivilegeValueW
0x14041b0d8 AdjustTokenPrivileges
0x14041b0e0 OpenProcessToken
0x14041b0e8 LsaOpenPolicy
0x14041b0f0 LsaAddAccountRights
0x14041b0f8 LsaClose
0x14041b100 GetTokenInformation
crypt.dll
0x14041ba30 BCryptGenRandom
EAT(Export Address Table) is none