ScreenShot
| Created | 2024.08.30 18:16 | Machine | s1_win7_x6403 |
| Filename | StartPrime2.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, Barys, malicious, high confidence, score, Artemis, Unsafe, Lazy, Save, Attribute, HighConfidence, GameHack, FileRepMalware, Misc, CLOUD, AGEN, Static AI, Malicious PE, Detected, ai score=82, AMAA, Eldorado, Krypt, GdSda, R002H01HS24, GenKryptik, GHEK, confidence) | ||
| md5 | 8eb33cfbc3fccab789e6f96cd7b4553b | ||
| sha256 | 3cf61b6951d14daddeac3838d212ab9df11624c39838fca00aee497458639b9c | ||
| ssdeep | 24576:aexdNwVn2WMhft1qs5UZMIlHZnVbvwAM:ae7NwBmfODTnVM | ||
| imphash | 0b5ed182a18f08e11ae5e8b9937998f5 | ||
| impfuzzy | 96:PVhTczJWAt1Qw6L5xOsCSQB0saT8XmiOENOUpB3iIPMaptHxU34t4+SoFgcVl4CC:zaJW6KxOsCSBhDDEkyuPpGo8rKJypgJB | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d9.dll
0x1400b6df0 Direct3DCreate9Ex
dwmapi.dll
0x1400b6e10 DwmExtendFrameIntoClientArea
KERNEL32.dll
0x1400b6158 HeapDestroy
0x1400b6160 HeapAlloc
0x1400b6168 HeapReAlloc
0x1400b6170 HeapFree
0x1400b6178 HeapSize
0x1400b6180 GetProcessHeap
0x1400b6188 InitializeCriticalSectionEx
0x1400b6190 DeleteCriticalSection
0x1400b6198 VirtualProtect
0x1400b61a0 CreateFileMappingW
0x1400b61a8 MapViewOfFile
0x1400b61b0 UnmapViewOfFile
0x1400b61b8 GetModuleHandleA
0x1400b61c0 QueryFullProcessImageNameW
0x1400b61c8 FormatMessageA
0x1400b61d0 LocalFree
0x1400b61d8 EnterCriticalSection
0x1400b61e0 LeaveCriticalSection
0x1400b61e8 SleepEx
0x1400b61f0 VerSetConditionMask
0x1400b61f8 GetSystemDirectoryA
0x1400b6200 FreeLibrary
0x1400b6208 DeviceIoControl
0x1400b6210 GetConsoleWindow
0x1400b6218 GetEnvironmentVariableA
0x1400b6220 GetFileType
0x1400b6228 ReadFile
0x1400b6230 PeekNamedPipe
0x1400b6238 WaitForMultipleObjects
0x1400b6240 GetFileSizeEx
0x1400b6248 ReleaseSRWLockExclusive
0x1400b6250 AcquireSRWLockExclusive
0x1400b6258 WakeAllConditionVariable
0x1400b6260 SleepConditionVariableSRW
0x1400b6268 RtlCaptureContext
0x1400b6270 RtlLookupFunctionEntry
0x1400b6278 RtlVirtualUnwind
0x1400b6280 UnhandledExceptionFilter
0x1400b6288 SetUnhandledExceptionFilter
0x1400b6290 IsProcessorFeaturePresent
0x1400b6298 IsDebuggerPresent
0x1400b62a0 GetCurrentProcessId
0x1400b62a8 SetConsoleTitleA
0x1400b62b0 SetConsoleWindowInfo
0x1400b62b8 GetCurrentThreadId
0x1400b62c0 GetSystemTimeAsFileTime
0x1400b62c8 SetLastError
0x1400b62d0 GetLastError
0x1400b62d8 CreateToolhelp32Snapshot
0x1400b62e0 Process32Next
0x1400b62e8 WaitForSingleObjectEx
0x1400b62f0 Process32First
0x1400b62f8 SetConsoleTextAttribute
0x1400b6300 SetConsoleScreenBufferSize
0x1400b6308 WideCharToMultiByte
0x1400b6310 MultiByteToWideChar
0x1400b6318 lstrcmpiA
0x1400b6320 LoadLibraryA
0x1400b6328 GetProcAddress
0x1400b6330 GetModuleHandleW
0x1400b6338 GetModuleFileNameA
0x1400b6340 GetTickCount
0x1400b6348 DebugBreak
0x1400b6350 CreateThread
0x1400b6358 TerminateProcess
0x1400b6360 ExitProcess
0x1400b6368 GetCurrentProcess
0x1400b6370 Sleep
0x1400b6378 MoveFileExA
0x1400b6380 CloseHandle
0x1400b6388 CreateFileW
0x1400b6390 CreateFileA
0x1400b6398 GetStdHandle
0x1400b63a0 QueryPerformanceFrequency
0x1400b63a8 QueryPerformanceCounter
0x1400b63b0 GlobalFree
0x1400b63b8 GlobalLock
0x1400b63c0 GlobalUnlock
0x1400b63c8 GlobalAlloc
0x1400b63d0 OutputDebugStringW
0x1400b63d8 VerifyVersionInfoA
0x1400b63e0 InitializeSListHead
USER32.dll
0x1400b66a8 SetCursor
0x1400b66b0 GetCursorPos
0x1400b66b8 ClientToScreen
0x1400b66c0 ScreenToClient
0x1400b66c8 LoadCursorA
0x1400b66d0 TranslateMessage
0x1400b66d8 DispatchMessageA
0x1400b66e0 PeekMessageA
0x1400b66e8 DefWindowProcA
0x1400b66f0 PostQuitMessage
0x1400b66f8 RegisterClassA
0x1400b6700 UnregisterClassA
0x1400b6708 CreateWindowExA
0x1400b6710 DestroyWindow
0x1400b6718 GetCapture
0x1400b6720 GetKeyState
0x1400b6728 GetActiveWindow
0x1400b6730 SetCursorPos
0x1400b6738 GetClientRect
0x1400b6740 SetLayeredWindowAttributes
0x1400b6748 MoveWindow
0x1400b6750 SetWindowDisplayAffinity
0x1400b6758 GetAsyncKeyState
0x1400b6760 mouse_event
0x1400b6768 GetSystemMetrics
0x1400b6770 UpdateWindow
0x1400b6778 GetForegroundWindow
0x1400b6780 EmptyClipboard
0x1400b6788 GetClipboardData
0x1400b6790 GetWindowRect
0x1400b6798 GetWindowLongA
0x1400b67a0 SetWindowLongA
0x1400b67a8 GetWindowLongPtrA
0x1400b67b0 SetWindowLongPtrA
0x1400b67b8 FindWindowA
0x1400b67c0 SetWindowPos
0x1400b67c8 GetWindow
0x1400b67d0 ReleaseCapture
0x1400b67d8 ShowWindow
0x1400b67e0 SetClipboardData
0x1400b67e8 CloseClipboard
0x1400b67f0 OpenClipboard
0x1400b67f8 MessageBoxA
0x1400b6800 SetCapture
GDI32.dll
0x1400b6128 GetStockObject
SHELL32.dll
0x1400b6698 ShellExecuteA
d3dx9_43.dll
0x1400b6e00 D3DXCreateTextureFromFileInMemory
IMM32.dll
0x1400b6138 ImmReleaseContext
0x1400b6140 ImmGetContext
0x1400b6148 ImmSetCompositionWindow
MSVCP140.dll
0x1400b63f0 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b63f8 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400b6400 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b6408 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6410 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
0x1400b6418 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b6420 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400b6428 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b6430 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400b6438 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
0x1400b6440 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400b6448 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
0x1400b6450 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400b6458 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b6460 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400b6468 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400b6470 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400b6478 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
0x1400b6480 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400b6488 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400b6490 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400b6498 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400b64a0 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b64a8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400b64b0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b64b8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400b64c0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400b64c8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400b64d0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b64d8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400b64e0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b64e8 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b64f0 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400b64f8 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400b6500 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b6508 ?setf@ios_base@std@@QEAAHHH@Z
0x1400b6510 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
0x1400b6518 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400b6520 ?_Xbad_function_call@std@@YAXXZ
0x1400b6528 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400b6530 ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6538 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6540 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6548 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400b6550 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400b6558 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b6560 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b6568 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b6570 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b6578 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400b6580 ?width@ios_base@std@@QEAA_J_J@Z
0x1400b6588 ?width@ios_base@std@@QEBA_JXZ
0x1400b6590 ?flags@ios_base@std@@QEBAHXZ
0x1400b6598 ?good@ios_base@std@@QEBA_NXZ
0x1400b65a0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b65a8 ?is@?$ctype@D@std@@QEBA_NFD@Z
0x1400b65b0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400b65b8 ??Bid@locale@std@@QEAA_KXZ
0x1400b65c0 _Cnd_do_broadcast_at_thread_exit
0x1400b65c8 _Mtx_unlock
0x1400b65d0 _Mtx_lock
0x1400b65d8 _Mtx_destroy_in_situ
0x1400b65e0 _Mtx_init_in_situ
0x1400b65e8 _Thrd_id
0x1400b65f0 _Thrd_sleep
0x1400b65f8 _Thrd_join
0x1400b6600 _Query_perf_frequency
0x1400b6608 _Query_perf_counter
0x1400b6610 _Xtime_get_ticks
0x1400b6618 ?uncaught_exceptions@std@@YAHXZ
0x1400b6620 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400b6628 ??1_Lockit@std@@QEAA@XZ
0x1400b6630 ??0_Lockit@std@@QEAA@H@Z
0x1400b6638 ?_Xlength_error@std@@YAXPEBD@Z
0x1400b6640 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6648 ?_Throw_Cpp_error@std@@YAXH@Z
urlmon.dll
0x1400b6e20 URLDownloadToFileA
Normaliz.dll
0x1400b6658 IdnToAscii
WLDAP32.dll
0x1400b68b0 None
0x1400b68b8 None
0x1400b68c0 None
0x1400b68c8 None
0x1400b68d0 None
0x1400b68d8 None
0x1400b68e0 None
0x1400b68e8 None
0x1400b68f0 None
0x1400b68f8 None
0x1400b6900 None
0x1400b6908 None
0x1400b6910 None
0x1400b6918 None
0x1400b6920 None
0x1400b6928 None
0x1400b6930 None
0x1400b6938 None
CRYPT32.dll
0x1400b60a0 CertFreeCertificateChain
0x1400b60a8 CertGetCertificateChain
0x1400b60b0 CertFreeCertificateChainEngine
0x1400b60b8 CertCreateCertificateChainEngine
0x1400b60c0 CryptQueryObject
0x1400b60c8 CertGetNameStringA
0x1400b60d0 CertOpenStore
0x1400b60d8 CertCloseStore
0x1400b60e0 CertEnumCertificatesInStore
0x1400b60e8 CertFindCertificateInStore
0x1400b60f0 CertFreeCertificateContext
0x1400b60f8 CryptStringToBinaryA
0x1400b6100 PFXImportCertStore
0x1400b6108 CryptDecodeObjectEx
0x1400b6110 CertAddCertificateContextToStore
0x1400b6118 CertFindExtension
WS2_32.dll
0x1400b6948 closesocket
0x1400b6950 recv
0x1400b6958 send
0x1400b6960 ntohl
0x1400b6968 gethostname
0x1400b6970 sendto
0x1400b6978 recvfrom
0x1400b6980 freeaddrinfo
0x1400b6988 getaddrinfo
0x1400b6990 select
0x1400b6998 __WSAFDIsSet
0x1400b69a0 ioctlsocket
0x1400b69a8 listen
0x1400b69b0 htonl
0x1400b69b8 accept
0x1400b69c0 WSACleanup
0x1400b69c8 WSAStartup
0x1400b69d0 WSAIoctl
0x1400b69d8 WSASetLastError
0x1400b69e0 socket
0x1400b69e8 setsockopt
0x1400b69f0 ntohs
0x1400b69f8 htons
0x1400b6a00 getsockopt
0x1400b6a08 getsockname
0x1400b6a10 getpeername
0x1400b6a18 connect
0x1400b6a20 ind
0x1400b6a28 WSAGetLastError
RPCRT4.dll
0x1400b6678 UuidToStringA
0x1400b6680 UuidCreate
0x1400b6688 RpcStringFreeA
PSAPI.DLL
0x1400b6668 GetModuleInformation
USERENV.dll
0x1400b6810 UnloadUserProfile
VCRUNTIME140.dll
0x1400b6820 __std_terminate
0x1400b6828 strstr
0x1400b6830 memchr
0x1400b6838 memcpy
0x1400b6840 memset
0x1400b6848 __current_exception_context
0x1400b6850 __std_exception_copy
0x1400b6858 __std_exception_destroy
0x1400b6860 _CxxThrowException
0x1400b6868 memcmp
0x1400b6870 __C_specific_handler
0x1400b6878 strchr
0x1400b6880 __current_exception
0x1400b6888 strrchr
0x1400b6890 memmove
VCRUNTIME140_1.dll
0x1400b68a0 __CxxFrameHandler4
api-ms-win-crt-string-l1-1-0.dll
0x1400b6d38 strcspn
0x1400b6d40 isupper
0x1400b6d48 isalnum
0x1400b6d50 strpbrk
0x1400b6d58 tolower
0x1400b6d60 isprint
0x1400b6d68 strcmp
0x1400b6d70 _strdup
0x1400b6d78 wcscpy
0x1400b6d80 strlen
0x1400b6d88 strncmp
0x1400b6d90 strspn
0x1400b6d98 strncpy
api-ms-win-crt-stdio-l1-1-0.dll
0x1400b6c58 fread
0x1400b6c60 fseek
0x1400b6c68 ftell
0x1400b6c70 __stdio_common_vsnprintf_s
0x1400b6c78 __stdio_common_vsprintf_s
0x1400b6c80 fgets
0x1400b6c88 _pclose
0x1400b6c90 _popen
0x1400b6c98 fwrite
0x1400b6ca0 _set_fmode
0x1400b6ca8 __stdio_common_vfprintf
0x1400b6cb0 __stdio_common_vsprintf
0x1400b6cb8 __stdio_common_vsscanf
0x1400b6cc0 _open
0x1400b6cc8 __acrt_iob_func
0x1400b6cd0 _close
0x1400b6cd8 _write
0x1400b6ce0 fputc
0x1400b6ce8 fopen
0x1400b6cf0 fclose
0x1400b6cf8 _read
0x1400b6d00 fputs
0x1400b6d08 __p__commode
0x1400b6d10 fflush
0x1400b6d18 feof
0x1400b6d20 _lseeki64
0x1400b6d28 _wfopen
api-ms-win-crt-heap-l1-1-0.dll
0x1400b6aa0 free
0x1400b6aa8 realloc
0x1400b6ab0 calloc
0x1400b6ab8 _callnewh
0x1400b6ac0 malloc
0x1400b6ac8 _set_new_mode
api-ms-win-crt-utility-l1-1-0.dll
0x1400b6dd0 srand
0x1400b6dd8 rand
0x1400b6de0 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1400b6af0 fabs
0x1400b6af8 atan2
0x1400b6b00 sinf
0x1400b6b08 asin
0x1400b6b10 sqrtf
0x1400b6b18 tanf
0x1400b6b20 floorf
0x1400b6b28 cosf
0x1400b6b30 ceilf
0x1400b6b38 atan2f
0x1400b6b40 sqrt
0x1400b6b48 fmodf
0x1400b6b50 powf
0x1400b6b58 pow
0x1400b6b60 __setusermatherr
0x1400b6b68 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1400b6b78 _c_exit
0x1400b6b80 __p___argc
0x1400b6b88 _initterm_e
0x1400b6b90 _initterm
0x1400b6b98 _get_initial_narrow_environment
0x1400b6ba0 exit
0x1400b6ba8 _resetstkoflw
0x1400b6bb0 system
0x1400b6bb8 _set_app_type
0x1400b6bc0 _seh_filter_exe
0x1400b6bc8 _cexit
0x1400b6bd0 _register_thread_local_exe_atexit_callback
0x1400b6bd8 _crt_atexit
0x1400b6be0 _register_onexit_function
0x1400b6be8 _initialize_onexit_table
0x1400b6bf0 _initialize_narrow_environment
0x1400b6bf8 _configure_narrow_argv
0x1400b6c00 _invalid_parameter_noinfo_noreturn
0x1400b6c08 _beginthreadex
0x1400b6c10 _getpid
0x1400b6c18 strerror
0x1400b6c20 __p___argv
0x1400b6c28 __sys_nerr
0x1400b6c30 _exit
0x1400b6c38 _errno
0x1400b6c40 terminate
0x1400b6c48 _invalid_parameter_noinfo
api-ms-win-crt-convert-l1-1-0.dll
0x1400b6a38 strtoll
0x1400b6a40 strtoul
0x1400b6a48 strtol
0x1400b6a50 strtod
0x1400b6a58 strtoull
0x1400b6a60 atoi
0x1400b6a68 atof
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400b6a78 _stat64
0x1400b6a80 _fstat64
0x1400b6a88 _unlink
0x1400b6a90 _access
api-ms-win-crt-time-l1-1-0.dll
0x1400b6da8 _localtime64_s
0x1400b6db0 strftime
0x1400b6db8 _time64
0x1400b6dc0 _gmtime64
api-ms-win-crt-locale-l1-1-0.dll
0x1400b6ad8 _configthreadlocale
0x1400b6ae0 localeconv
ADVAPI32.dll
0x1400b6000 CryptGenRandom
0x1400b6008 CryptCreateHash
0x1400b6010 CryptEncrypt
0x1400b6018 CryptImportKey
0x1400b6020 OpenProcessToken
0x1400b6028 AddAccessAllowedAce
0x1400b6030 GetLengthSid
0x1400b6038 GetTokenInformation
0x1400b6040 InitializeAcl
0x1400b6048 IsValidSid
0x1400b6050 SetSecurityInfo
0x1400b6058 CopySid
0x1400b6060 ConvertSidToStringSidA
0x1400b6068 CryptAcquireContextA
0x1400b6070 CryptReleaseContext
0x1400b6078 CryptGetHashParam
0x1400b6080 CryptDestroyHash
0x1400b6088 CryptDestroyKey
0x1400b6090 CryptHashData
EAT(Export Address Table) is none
d3d9.dll
0x1400b6df0 Direct3DCreate9Ex
dwmapi.dll
0x1400b6e10 DwmExtendFrameIntoClientArea
KERNEL32.dll
0x1400b6158 HeapDestroy
0x1400b6160 HeapAlloc
0x1400b6168 HeapReAlloc
0x1400b6170 HeapFree
0x1400b6178 HeapSize
0x1400b6180 GetProcessHeap
0x1400b6188 InitializeCriticalSectionEx
0x1400b6190 DeleteCriticalSection
0x1400b6198 VirtualProtect
0x1400b61a0 CreateFileMappingW
0x1400b61a8 MapViewOfFile
0x1400b61b0 UnmapViewOfFile
0x1400b61b8 GetModuleHandleA
0x1400b61c0 QueryFullProcessImageNameW
0x1400b61c8 FormatMessageA
0x1400b61d0 LocalFree
0x1400b61d8 EnterCriticalSection
0x1400b61e0 LeaveCriticalSection
0x1400b61e8 SleepEx
0x1400b61f0 VerSetConditionMask
0x1400b61f8 GetSystemDirectoryA
0x1400b6200 FreeLibrary
0x1400b6208 DeviceIoControl
0x1400b6210 GetConsoleWindow
0x1400b6218 GetEnvironmentVariableA
0x1400b6220 GetFileType
0x1400b6228 ReadFile
0x1400b6230 PeekNamedPipe
0x1400b6238 WaitForMultipleObjects
0x1400b6240 GetFileSizeEx
0x1400b6248 ReleaseSRWLockExclusive
0x1400b6250 AcquireSRWLockExclusive
0x1400b6258 WakeAllConditionVariable
0x1400b6260 SleepConditionVariableSRW
0x1400b6268 RtlCaptureContext
0x1400b6270 RtlLookupFunctionEntry
0x1400b6278 RtlVirtualUnwind
0x1400b6280 UnhandledExceptionFilter
0x1400b6288 SetUnhandledExceptionFilter
0x1400b6290 IsProcessorFeaturePresent
0x1400b6298 IsDebuggerPresent
0x1400b62a0 GetCurrentProcessId
0x1400b62a8 SetConsoleTitleA
0x1400b62b0 SetConsoleWindowInfo
0x1400b62b8 GetCurrentThreadId
0x1400b62c0 GetSystemTimeAsFileTime
0x1400b62c8 SetLastError
0x1400b62d0 GetLastError
0x1400b62d8 CreateToolhelp32Snapshot
0x1400b62e0 Process32Next
0x1400b62e8 WaitForSingleObjectEx
0x1400b62f0 Process32First
0x1400b62f8 SetConsoleTextAttribute
0x1400b6300 SetConsoleScreenBufferSize
0x1400b6308 WideCharToMultiByte
0x1400b6310 MultiByteToWideChar
0x1400b6318 lstrcmpiA
0x1400b6320 LoadLibraryA
0x1400b6328 GetProcAddress
0x1400b6330 GetModuleHandleW
0x1400b6338 GetModuleFileNameA
0x1400b6340 GetTickCount
0x1400b6348 DebugBreak
0x1400b6350 CreateThread
0x1400b6358 TerminateProcess
0x1400b6360 ExitProcess
0x1400b6368 GetCurrentProcess
0x1400b6370 Sleep
0x1400b6378 MoveFileExA
0x1400b6380 CloseHandle
0x1400b6388 CreateFileW
0x1400b6390 CreateFileA
0x1400b6398 GetStdHandle
0x1400b63a0 QueryPerformanceFrequency
0x1400b63a8 QueryPerformanceCounter
0x1400b63b0 GlobalFree
0x1400b63b8 GlobalLock
0x1400b63c0 GlobalUnlock
0x1400b63c8 GlobalAlloc
0x1400b63d0 OutputDebugStringW
0x1400b63d8 VerifyVersionInfoA
0x1400b63e0 InitializeSListHead
USER32.dll
0x1400b66a8 SetCursor
0x1400b66b0 GetCursorPos
0x1400b66b8 ClientToScreen
0x1400b66c0 ScreenToClient
0x1400b66c8 LoadCursorA
0x1400b66d0 TranslateMessage
0x1400b66d8 DispatchMessageA
0x1400b66e0 PeekMessageA
0x1400b66e8 DefWindowProcA
0x1400b66f0 PostQuitMessage
0x1400b66f8 RegisterClassA
0x1400b6700 UnregisterClassA
0x1400b6708 CreateWindowExA
0x1400b6710 DestroyWindow
0x1400b6718 GetCapture
0x1400b6720 GetKeyState
0x1400b6728 GetActiveWindow
0x1400b6730 SetCursorPos
0x1400b6738 GetClientRect
0x1400b6740 SetLayeredWindowAttributes
0x1400b6748 MoveWindow
0x1400b6750 SetWindowDisplayAffinity
0x1400b6758 GetAsyncKeyState
0x1400b6760 mouse_event
0x1400b6768 GetSystemMetrics
0x1400b6770 UpdateWindow
0x1400b6778 GetForegroundWindow
0x1400b6780 EmptyClipboard
0x1400b6788 GetClipboardData
0x1400b6790 GetWindowRect
0x1400b6798 GetWindowLongA
0x1400b67a0 SetWindowLongA
0x1400b67a8 GetWindowLongPtrA
0x1400b67b0 SetWindowLongPtrA
0x1400b67b8 FindWindowA
0x1400b67c0 SetWindowPos
0x1400b67c8 GetWindow
0x1400b67d0 ReleaseCapture
0x1400b67d8 ShowWindow
0x1400b67e0 SetClipboardData
0x1400b67e8 CloseClipboard
0x1400b67f0 OpenClipboard
0x1400b67f8 MessageBoxA
0x1400b6800 SetCapture
GDI32.dll
0x1400b6128 GetStockObject
SHELL32.dll
0x1400b6698 ShellExecuteA
d3dx9_43.dll
0x1400b6e00 D3DXCreateTextureFromFileInMemory
IMM32.dll
0x1400b6138 ImmReleaseContext
0x1400b6140 ImmGetContext
0x1400b6148 ImmSetCompositionWindow
MSVCP140.dll
0x1400b63f0 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b63f8 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400b6400 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b6408 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6410 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
0x1400b6418 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400b6420 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400b6428 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b6430 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400b6438 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
0x1400b6440 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400b6448 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
0x1400b6450 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400b6458 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b6460 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400b6468 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400b6470 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400b6478 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
0x1400b6480 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400b6488 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400b6490 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400b6498 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400b64a0 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b64a8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400b64b0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b64b8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400b64c0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400b64c8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400b64d0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400b64d8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400b64e0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b64e8 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400b64f0 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400b64f8 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400b6500 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400b6508 ?setf@ios_base@std@@QEAAHHH@Z
0x1400b6510 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
0x1400b6518 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400b6520 ?_Xbad_function_call@std@@YAXXZ
0x1400b6528 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400b6530 ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6538 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6540 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6548 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400b6550 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400b6558 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b6560 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400b6568 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400b6570 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400b6578 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400b6580 ?width@ios_base@std@@QEAA_J_J@Z
0x1400b6588 ?width@ios_base@std@@QEBA_JXZ
0x1400b6590 ?flags@ios_base@std@@QEBAHXZ
0x1400b6598 ?good@ios_base@std@@QEBA_NXZ
0x1400b65a0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400b65a8 ?is@?$ctype@D@std@@QEBA_NFD@Z
0x1400b65b0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400b65b8 ??Bid@locale@std@@QEAA_KXZ
0x1400b65c0 _Cnd_do_broadcast_at_thread_exit
0x1400b65c8 _Mtx_unlock
0x1400b65d0 _Mtx_lock
0x1400b65d8 _Mtx_destroy_in_situ
0x1400b65e0 _Mtx_init_in_situ
0x1400b65e8 _Thrd_id
0x1400b65f0 _Thrd_sleep
0x1400b65f8 _Thrd_join
0x1400b6600 _Query_perf_frequency
0x1400b6608 _Query_perf_counter
0x1400b6610 _Xtime_get_ticks
0x1400b6618 ?uncaught_exceptions@std@@YAHXZ
0x1400b6620 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400b6628 ??1_Lockit@std@@QEAA@XZ
0x1400b6630 ??0_Lockit@std@@QEAA@H@Z
0x1400b6638 ?_Xlength_error@std@@YAXPEBD@Z
0x1400b6640 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400b6648 ?_Throw_Cpp_error@std@@YAXH@Z
urlmon.dll
0x1400b6e20 URLDownloadToFileA
Normaliz.dll
0x1400b6658 IdnToAscii
WLDAP32.dll
0x1400b68b0 None
0x1400b68b8 None
0x1400b68c0 None
0x1400b68c8 None
0x1400b68d0 None
0x1400b68d8 None
0x1400b68e0 None
0x1400b68e8 None
0x1400b68f0 None
0x1400b68f8 None
0x1400b6900 None
0x1400b6908 None
0x1400b6910 None
0x1400b6918 None
0x1400b6920 None
0x1400b6928 None
0x1400b6930 None
0x1400b6938 None
CRYPT32.dll
0x1400b60a0 CertFreeCertificateChain
0x1400b60a8 CertGetCertificateChain
0x1400b60b0 CertFreeCertificateChainEngine
0x1400b60b8 CertCreateCertificateChainEngine
0x1400b60c0 CryptQueryObject
0x1400b60c8 CertGetNameStringA
0x1400b60d0 CertOpenStore
0x1400b60d8 CertCloseStore
0x1400b60e0 CertEnumCertificatesInStore
0x1400b60e8 CertFindCertificateInStore
0x1400b60f0 CertFreeCertificateContext
0x1400b60f8 CryptStringToBinaryA
0x1400b6100 PFXImportCertStore
0x1400b6108 CryptDecodeObjectEx
0x1400b6110 CertAddCertificateContextToStore
0x1400b6118 CertFindExtension
WS2_32.dll
0x1400b6948 closesocket
0x1400b6950 recv
0x1400b6958 send
0x1400b6960 ntohl
0x1400b6968 gethostname
0x1400b6970 sendto
0x1400b6978 recvfrom
0x1400b6980 freeaddrinfo
0x1400b6988 getaddrinfo
0x1400b6990 select
0x1400b6998 __WSAFDIsSet
0x1400b69a0 ioctlsocket
0x1400b69a8 listen
0x1400b69b0 htonl
0x1400b69b8 accept
0x1400b69c0 WSACleanup
0x1400b69c8 WSAStartup
0x1400b69d0 WSAIoctl
0x1400b69d8 WSASetLastError
0x1400b69e0 socket
0x1400b69e8 setsockopt
0x1400b69f0 ntohs
0x1400b69f8 htons
0x1400b6a00 getsockopt
0x1400b6a08 getsockname
0x1400b6a10 getpeername
0x1400b6a18 connect
0x1400b6a20 ind
0x1400b6a28 WSAGetLastError
RPCRT4.dll
0x1400b6678 UuidToStringA
0x1400b6680 UuidCreate
0x1400b6688 RpcStringFreeA
PSAPI.DLL
0x1400b6668 GetModuleInformation
USERENV.dll
0x1400b6810 UnloadUserProfile
VCRUNTIME140.dll
0x1400b6820 __std_terminate
0x1400b6828 strstr
0x1400b6830 memchr
0x1400b6838 memcpy
0x1400b6840 memset
0x1400b6848 __current_exception_context
0x1400b6850 __std_exception_copy
0x1400b6858 __std_exception_destroy
0x1400b6860 _CxxThrowException
0x1400b6868 memcmp
0x1400b6870 __C_specific_handler
0x1400b6878 strchr
0x1400b6880 __current_exception
0x1400b6888 strrchr
0x1400b6890 memmove
VCRUNTIME140_1.dll
0x1400b68a0 __CxxFrameHandler4
api-ms-win-crt-string-l1-1-0.dll
0x1400b6d38 strcspn
0x1400b6d40 isupper
0x1400b6d48 isalnum
0x1400b6d50 strpbrk
0x1400b6d58 tolower
0x1400b6d60 isprint
0x1400b6d68 strcmp
0x1400b6d70 _strdup
0x1400b6d78 wcscpy
0x1400b6d80 strlen
0x1400b6d88 strncmp
0x1400b6d90 strspn
0x1400b6d98 strncpy
api-ms-win-crt-stdio-l1-1-0.dll
0x1400b6c58 fread
0x1400b6c60 fseek
0x1400b6c68 ftell
0x1400b6c70 __stdio_common_vsnprintf_s
0x1400b6c78 __stdio_common_vsprintf_s
0x1400b6c80 fgets
0x1400b6c88 _pclose
0x1400b6c90 _popen
0x1400b6c98 fwrite
0x1400b6ca0 _set_fmode
0x1400b6ca8 __stdio_common_vfprintf
0x1400b6cb0 __stdio_common_vsprintf
0x1400b6cb8 __stdio_common_vsscanf
0x1400b6cc0 _open
0x1400b6cc8 __acrt_iob_func
0x1400b6cd0 _close
0x1400b6cd8 _write
0x1400b6ce0 fputc
0x1400b6ce8 fopen
0x1400b6cf0 fclose
0x1400b6cf8 _read
0x1400b6d00 fputs
0x1400b6d08 __p__commode
0x1400b6d10 fflush
0x1400b6d18 feof
0x1400b6d20 _lseeki64
0x1400b6d28 _wfopen
api-ms-win-crt-heap-l1-1-0.dll
0x1400b6aa0 free
0x1400b6aa8 realloc
0x1400b6ab0 calloc
0x1400b6ab8 _callnewh
0x1400b6ac0 malloc
0x1400b6ac8 _set_new_mode
api-ms-win-crt-utility-l1-1-0.dll
0x1400b6dd0 srand
0x1400b6dd8 rand
0x1400b6de0 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1400b6af0 fabs
0x1400b6af8 atan2
0x1400b6b00 sinf
0x1400b6b08 asin
0x1400b6b10 sqrtf
0x1400b6b18 tanf
0x1400b6b20 floorf
0x1400b6b28 cosf
0x1400b6b30 ceilf
0x1400b6b38 atan2f
0x1400b6b40 sqrt
0x1400b6b48 fmodf
0x1400b6b50 powf
0x1400b6b58 pow
0x1400b6b60 __setusermatherr
0x1400b6b68 _dclass
api-ms-win-crt-runtime-l1-1-0.dll
0x1400b6b78 _c_exit
0x1400b6b80 __p___argc
0x1400b6b88 _initterm_e
0x1400b6b90 _initterm
0x1400b6b98 _get_initial_narrow_environment
0x1400b6ba0 exit
0x1400b6ba8 _resetstkoflw
0x1400b6bb0 system
0x1400b6bb8 _set_app_type
0x1400b6bc0 _seh_filter_exe
0x1400b6bc8 _cexit
0x1400b6bd0 _register_thread_local_exe_atexit_callback
0x1400b6bd8 _crt_atexit
0x1400b6be0 _register_onexit_function
0x1400b6be8 _initialize_onexit_table
0x1400b6bf0 _initialize_narrow_environment
0x1400b6bf8 _configure_narrow_argv
0x1400b6c00 _invalid_parameter_noinfo_noreturn
0x1400b6c08 _beginthreadex
0x1400b6c10 _getpid
0x1400b6c18 strerror
0x1400b6c20 __p___argv
0x1400b6c28 __sys_nerr
0x1400b6c30 _exit
0x1400b6c38 _errno
0x1400b6c40 terminate
0x1400b6c48 _invalid_parameter_noinfo
api-ms-win-crt-convert-l1-1-0.dll
0x1400b6a38 strtoll
0x1400b6a40 strtoul
0x1400b6a48 strtol
0x1400b6a50 strtod
0x1400b6a58 strtoull
0x1400b6a60 atoi
0x1400b6a68 atof
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400b6a78 _stat64
0x1400b6a80 _fstat64
0x1400b6a88 _unlink
0x1400b6a90 _access
api-ms-win-crt-time-l1-1-0.dll
0x1400b6da8 _localtime64_s
0x1400b6db0 strftime
0x1400b6db8 _time64
0x1400b6dc0 _gmtime64
api-ms-win-crt-locale-l1-1-0.dll
0x1400b6ad8 _configthreadlocale
0x1400b6ae0 localeconv
ADVAPI32.dll
0x1400b6000 CryptGenRandom
0x1400b6008 CryptCreateHash
0x1400b6010 CryptEncrypt
0x1400b6018 CryptImportKey
0x1400b6020 OpenProcessToken
0x1400b6028 AddAccessAllowedAce
0x1400b6030 GetLengthSid
0x1400b6038 GetTokenInformation
0x1400b6040 InitializeAcl
0x1400b6048 IsValidSid
0x1400b6050 SetSecurityInfo
0x1400b6058 CopySid
0x1400b6060 ConvertSidToStringSidA
0x1400b6068 CryptAcquireContextA
0x1400b6070 CryptReleaseContext
0x1400b6078 CryptGetHashParam
0x1400b6080 CryptDestroyHash
0x1400b6088 CryptDestroyKey
0x1400b6090 CryptHashData
EAT(Export Address Table) is none