ScreenShot
| Created | 2024.09.30 11:29 | Machine | s1_win7_x6401 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 59 detected (AIDetectMalware, Miner, tstT, Malicious, score, Dump, CoinMiner, Unsafe, grayware, confidence, CryptoMiner, Attribute, HighConfidence, Windows, RiskTool, BitMiner, ksaxup, HackTool, XMRMiner, CLASSIC, PotentialRisk, Tool, VSNTIL24, Real Protect, XMRig Miner, Static AI, Malicious PE, Bitcoinminer, Detected, XMRig, ApplicUnwnt@#vpjoctrukvif, Eldorado, Miner3, Artemis, Gencirc, g9G643djSTI, susgen) | ||
| md5 | 5fba8ae226b096da3b31de0e17496735 | ||
| sha256 | ca28f4aeaa5e16d216cd828b67454a56f3c7feeb242412d26ed914fadff20d40 | ||
| ssdeep | 98304:iONmXliGgyduIy7bWynX75rfdRZqOXmvFubCY9yxl5TtX8Ao0Ezae6B:GXlivZqOXmtubmxl5ppvEzT6 | ||
| imphash | 12806e48b853545b536463546db4baa1 | ||
| impfuzzy | 96:oPy57iDLULX1ojQW5WNqpxgIJkIWr8fcg+uXCavLuc6Z7etGBgiM3DwOXtiIX/rM:j5NFWQW5WNqpxPkIW+KrVXE7X/rbI | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14041c908 WSASetLastError
0x14041c910 send
0x14041c918 recv
0x14041c920 ntohs
0x14041c928 htons
0x14041c930 htonl
0x14041c938 inet_addr
0x14041c940 inet_ntoa
0x14041c948 gethostbyaddr
0x14041c950 WSAGetLastError
0x14041c958 WSAIoctl
0x14041c960 gethostbyname
0x14041c968 WSARecvFrom
0x14041c970 WSASocketW
0x14041c978 WSASend
0x14041c980 WSARecv
0x14041c988 gethostname
0x14041c990 WSADuplicateSocketW
0x14041c998 getpeername
0x14041c9a0 FreeAddrInfoW
0x14041c9a8 GetAddrInfoW
0x14041c9b0 shutdown
0x14041c9b8 socket
0x14041c9c0 setsockopt
0x14041c9c8 listen
0x14041c9d0 connect
0x14041c9d8 closesocket
0x14041c9e0 ind
0x14041c9e8 WSACleanup
0x14041c9f0 WSAStartup
0x14041c9f8 select
0x14041ca00 getsockopt
0x14041ca08 getsockname
0x14041ca10 ioctlsocket
0x14041ca18 getservbyname
0x14041ca20 getservbyport
IPHLPAPI.DLL
0x14041c150 GetAdaptersAddresses
USERENV.dll
0x14041c8f8 GetUserProfileDirectoryW
CRYPT32.dll
0x14041c110 CertFreeCertificateContext
0x14041c118 CertFindCertificateInStore
0x14041c120 CertEnumCertificatesInStore
0x14041c128 CertCloseStore
0x14041c130 CertOpenStore
0x14041c138 CertGetCertificateContextProperty
0x14041c140 CertDuplicateCertificateContext
KERNEL32.dll
0x14041c160 GetStringTypeW
0x14041c168 InitializeCriticalSectionAndSpinCount
0x14041c170 WriteConsoleW
0x14041c178 SetConsoleTitleA
0x14041c180 GetStdHandle
0x14041c188 SetConsoleMode
0x14041c190 GetConsoleMode
0x14041c198 QueryPerformanceFrequency
0x14041c1a0 QueryPerformanceCounter
0x14041c1a8 SizeofResource
0x14041c1b0 LockResource
0x14041c1b8 LoadResource
0x14041c1c0 FindResourceW
0x14041c1c8 ExpandEnvironmentStringsA
0x14041c1d0 GetConsoleWindow
0x14041c1d8 GetSystemFirmwareTable
0x14041c1e0 HeapFree
0x14041c1e8 HeapAlloc
0x14041c1f0 GetProcessHeap
0x14041c1f8 MultiByteToWideChar
0x14041c200 SetPriorityClass
0x14041c208 GetCurrentProcess
0x14041c210 SetThreadPriority
0x14041c218 GetSystemPowerStatus
0x14041c220 GetCurrentThread
0x14041c228 GetProcAddress
0x14041c230 GetModuleHandleW
0x14041c238 GetTickCount
0x14041c240 CloseHandle
0x14041c248 FreeConsole
0x14041c250 VirtualProtect
0x14041c258 VirtualFree
0x14041c260 VirtualAlloc
0x14041c268 GetLargePageMinimum
0x14041c270 LocalAlloc
0x14041c278 GetLastError
0x14041c280 LocalFree
0x14041c288 FlushInstructionCache
0x14041c290 GetCurrentThreadId
0x14041c298 AddVectoredExceptionHandler
0x14041c2a0 DeviceIoControl
0x14041c2a8 GetModuleFileNameW
0x14041c2b0 CreateFileW
0x14041c2b8 SetLastError
0x14041c2c0 GetSystemTime
0x14041c2c8 SystemTimeToFileTime
0x14041c2d0 GetModuleHandleExW
0x14041c2d8 Sleep
0x14041c2e0 InitializeSRWLock
0x14041c2e8 ReleaseSRWLockExclusive
0x14041c2f0 ReleaseSRWLockShared
0x14041c2f8 AcquireSRWLockExclusive
0x14041c300 AcquireSRWLockShared
0x14041c308 TlsAlloc
0x14041c310 TlsGetValue
0x14041c318 TlsSetValue
0x14041c320 TlsFree
0x14041c328 GetSystemInfo
0x14041c330 SwitchToFiber
0x14041c338 DeleteFiber
0x14041c340 CreateFiberEx
0x14041c348 FindClose
0x14041c350 FindFirstFileW
0x14041c358 FindNextFileW
0x14041c360 WideCharToMultiByte
0x14041c368 GetSystemDirectoryA
0x14041c370 FreeLibrary
0x14041c378 LoadLibraryA
0x14041c380 FormatMessageA
0x14041c388 GetFileType
0x14041c390 WriteFile
0x14041c398 GetEnvironmentVariableW
0x14041c3a0 GetACP
0x14041c3a8 ConvertFiberToThread
0x14041c3b0 ConvertThreadToFiberEx
0x14041c3b8 GetCurrentProcessId
0x14041c3c0 GetSystemTimeAsFileTime
0x14041c3c8 LoadLibraryW
0x14041c3d0 ReadConsoleA
0x14041c3d8 ReadConsoleW
0x14041c3e0 PostQueuedCompletionStatus
0x14041c3e8 CreateFileA
0x14041c3f0 DuplicateHandle
0x14041c3f8 SetEvent
0x14041c400 ResetEvent
0x14041c408 WaitForSingleObject
0x14041c410 CreateEventA
0x14041c418 QueueUserWorkItem
0x14041c420 RegisterWaitForSingleObject
0x14041c428 UnregisterWait
0x14041c430 GetNumberOfConsoleInputEvents
0x14041c438 ReadConsoleInputW
0x14041c440 FillConsoleOutputCharacterW
0x14041c448 FillConsoleOutputAttribute
0x14041c450 GetConsoleCursorInfo
0x14041c458 SetConsoleCursorInfo
0x14041c460 GetConsoleScreenBufferInfo
0x14041c468 SetConsoleCursorPosition
0x14041c470 SetConsoleTextAttribute
0x14041c478 WriteConsoleInputW
0x14041c480 CreateDirectoryW
0x14041c488 FlushFileBuffers
0x14041c490 GetDiskFreeSpaceW
0x14041c498 GetFileAttributesW
0x14041c4a0 GetFileInformationByHandle
0x14041c4a8 CreateEventW
0x14041c4b0 RtlCaptureContext
0x14041c4b8 GetFullPathNameW
0x14041c4c0 ReadFile
0x14041c4c8 RemoveDirectoryW
0x14041c4d0 SetFilePointerEx
0x14041c4d8 SetFileTime
0x14041c4e0 MapViewOfFile
0x14041c4e8 FlushViewOfFile
0x14041c4f0 UnmapViewOfFile
0x14041c4f8 CreateFileMappingA
0x14041c500 ReOpenFile
0x14041c508 CopyFileW
0x14041c510 MoveFileExW
0x14041c518 CreateHardLinkW
0x14041c520 GetFileInformationByHandleEx
0x14041c528 CreateSymbolicLinkW
0x14041c530 InitializeCriticalSection
0x14041c538 EnterCriticalSection
0x14041c540 LeaveCriticalSection
0x14041c548 TryEnterCriticalSection
0x14041c550 DeleteCriticalSection
0x14041c558 InitializeConditionVariable
0x14041c560 WakeConditionVariable
0x14041c568 WakeAllConditionVariable
0x14041c570 SleepConditionVariableCS
0x14041c578 ReleaseSemaphore
0x14041c580 ResumeThread
0x14041c588 GetNativeSystemInfo
0x14041c590 GetProcessAffinityMask
0x14041c598 SetThreadAffinityMask
0x14041c5a0 CreateSemaphoreA
0x14041c5a8 SetConsoleCtrlHandler
0x14041c5b0 GetCurrentDirectoryW
0x14041c5b8 GetLongPathNameW
0x14041c5c0 RtlUnwind
0x14041c5c8 CreateIoCompletionPort
0x14041c5d0 ReadDirectoryChangesW
0x14041c5d8 GetEnvironmentStringsW
0x14041c5e0 FreeEnvironmentStringsW
0x14041c5e8 SetEnvironmentVariableW
0x14041c5f0 SetCurrentDirectoryW
0x14041c5f8 GetTempPathW
0x14041c600 GlobalMemoryStatusEx
0x14041c608 FileTimeToSystemTime
0x14041c610 K32GetProcessMemoryInfo
0x14041c618 SetHandleInformation
0x14041c620 CancelIoEx
0x14041c628 CancelIo
0x14041c630 SwitchToThread
0x14041c638 SetFileCompletionNotificationModes
0x14041c640 LoadLibraryExW
0x14041c648 SetErrorMode
0x14041c650 GetQueuedCompletionStatus
0x14041c658 ConnectNamedPipe
0x14041c660 SetNamedPipeHandleState
0x14041c668 PeekNamedPipe
0x14041c670 CreateNamedPipeW
0x14041c678 CancelSynchronousIo
0x14041c680 GetNamedPipeHandleStateA
0x14041c688 GetNamedPipeClientProcessId
0x14041c690 GetNamedPipeServerProcessId
0x14041c698 TerminateProcess
0x14041c6a0 GetExitCodeProcess
0x14041c6a8 UnregisterWaitEx
0x14041c6b0 LCMapStringW
0x14041c6b8 DebugBreak
0x14041c6c0 GetModuleHandleA
0x14041c6c8 LoadLibraryExA
0x14041c6d0 GetStartupInfoW
0x14041c6d8 GetModuleFileNameA
0x14041c6e0 GetVersionExA
0x14041c6e8 SetProcessAffinityMask
0x14041c6f0 GetComputerNameA
0x14041c6f8 FlsFree
0x14041c700 FlsSetValue
0x14041c708 FlsGetValue
0x14041c710 FlsAlloc
0x14041c718 GetCPInfo
0x14041c720 RtlLookupFunctionEntry
0x14041c728 GetFinalPathNameByHandleW
0x14041c730 RtlVirtualUnwind
0x14041c738 UnhandledExceptionFilter
0x14041c740 SetUnhandledExceptionFilter
0x14041c748 IsProcessorFeaturePresent
0x14041c750 IsDebuggerPresent
0x14041c758 InitializeSListHead
0x14041c760 RtlUnwindEx
0x14041c768 RtlPcToFileHeader
0x14041c770 RaiseException
0x14041c778 SetStdHandle
0x14041c780 GetCommandLineA
0x14041c788 GetCommandLineW
0x14041c790 CreateThread
0x14041c798 ExitThread
0x14041c7a0 FreeLibraryAndExitThread
0x14041c7a8 GetDriveTypeW
0x14041c7b0 SystemTimeToTzSpecificLocalTime
0x14041c7b8 ExitProcess
0x14041c7c0 GetFileAttributesExW
0x14041c7c8 SetFileAttributesW
0x14041c7d0 GetConsoleOutputCP
0x14041c7d8 CompareStringW
0x14041c7e0 GetLocaleInfoW
0x14041c7e8 IsValidLocale
0x14041c7f0 GetUserDefaultLCID
0x14041c7f8 EnumSystemLocalesW
0x14041c800 HeapReAlloc
0x14041c808 GetTimeZoneInformation
0x14041c810 HeapSize
0x14041c818 SetEndOfFile
0x14041c820 FindFirstFileExW
0x14041c828 IsValidCodePage
0x14041c830 GetOEMCP
0x14041c838 GetFileSizeEx
0x14041c840 GetShortPathNameW
0x14041c848 CompareStringEx
0x14041c850 LCMapStringEx
0x14041c858 InitializeCriticalSectionEx
0x14041c860 WaitForSingleObjectEx
0x14041c868 GetExitCodeThread
0x14041c870 SleepConditionVariableSRW
0x14041c878 EncodePointer
0x14041c880 DecodePointer
USER32.dll
0x14041c8a0 GetLastInputInfo
0x14041c8a8 MessageBoxW
0x14041c8b0 GetProcessWindowStation
0x14041c8b8 TranslateMessage
0x14041c8c0 GetUserObjectInformationW
0x14041c8c8 ShowWindow
0x14041c8d0 DispatchMessageA
0x14041c8d8 GetSystemMetrics
0x14041c8e0 MapVirtualKeyW
0x14041c8e8 GetMessageA
SHELL32.dll
0x14041c890 SHGetSpecialFolderPathA
ole32.dll
0x14041ca40 CoInitializeEx
0x14041ca48 CoUninitialize
0x14041ca50 CoCreateInstance
ADVAPI32.dll
0x14041c000 SystemFunction036
0x14041c008 GetUserNameW
0x14041c010 ReportEventW
0x14041c018 RegisterEventSourceW
0x14041c020 DeregisterEventSource
0x14041c028 CryptEnumProvidersW
0x14041c030 CryptSignHashW
0x14041c038 CryptDestroyHash
0x14041c040 CryptCreateHash
0x14041c048 CryptDecrypt
0x14041c050 CryptExportKey
0x14041c058 CryptGetUserKey
0x14041c060 CryptGetProvParam
0x14041c068 CryptSetHashParam
0x14041c070 CryptDestroyKey
0x14041c078 CryptReleaseContext
0x14041c080 CryptAcquireContextW
0x14041c088 CreateServiceW
0x14041c090 QueryServiceStatus
0x14041c098 CloseServiceHandle
0x14041c0a0 OpenSCManagerW
0x14041c0a8 QueryServiceConfigA
0x14041c0b0 DeleteService
0x14041c0b8 ControlService
0x14041c0c0 StartServiceW
0x14041c0c8 OpenServiceW
0x14041c0d0 LookupPrivilegeValueW
0x14041c0d8 AdjustTokenPrivileges
0x14041c0e0 OpenProcessToken
0x14041c0e8 LsaOpenPolicy
0x14041c0f0 LsaAddAccountRights
0x14041c0f8 LsaClose
0x14041c100 GetTokenInformation
crypt.dll
0x14041ca30 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14041c908 WSASetLastError
0x14041c910 send
0x14041c918 recv
0x14041c920 ntohs
0x14041c928 htons
0x14041c930 htonl
0x14041c938 inet_addr
0x14041c940 inet_ntoa
0x14041c948 gethostbyaddr
0x14041c950 WSAGetLastError
0x14041c958 WSAIoctl
0x14041c960 gethostbyname
0x14041c968 WSARecvFrom
0x14041c970 WSASocketW
0x14041c978 WSASend
0x14041c980 WSARecv
0x14041c988 gethostname
0x14041c990 WSADuplicateSocketW
0x14041c998 getpeername
0x14041c9a0 FreeAddrInfoW
0x14041c9a8 GetAddrInfoW
0x14041c9b0 shutdown
0x14041c9b8 socket
0x14041c9c0 setsockopt
0x14041c9c8 listen
0x14041c9d0 connect
0x14041c9d8 closesocket
0x14041c9e0 ind
0x14041c9e8 WSACleanup
0x14041c9f0 WSAStartup
0x14041c9f8 select
0x14041ca00 getsockopt
0x14041ca08 getsockname
0x14041ca10 ioctlsocket
0x14041ca18 getservbyname
0x14041ca20 getservbyport
IPHLPAPI.DLL
0x14041c150 GetAdaptersAddresses
USERENV.dll
0x14041c8f8 GetUserProfileDirectoryW
CRYPT32.dll
0x14041c110 CertFreeCertificateContext
0x14041c118 CertFindCertificateInStore
0x14041c120 CertEnumCertificatesInStore
0x14041c128 CertCloseStore
0x14041c130 CertOpenStore
0x14041c138 CertGetCertificateContextProperty
0x14041c140 CertDuplicateCertificateContext
KERNEL32.dll
0x14041c160 GetStringTypeW
0x14041c168 InitializeCriticalSectionAndSpinCount
0x14041c170 WriteConsoleW
0x14041c178 SetConsoleTitleA
0x14041c180 GetStdHandle
0x14041c188 SetConsoleMode
0x14041c190 GetConsoleMode
0x14041c198 QueryPerformanceFrequency
0x14041c1a0 QueryPerformanceCounter
0x14041c1a8 SizeofResource
0x14041c1b0 LockResource
0x14041c1b8 LoadResource
0x14041c1c0 FindResourceW
0x14041c1c8 ExpandEnvironmentStringsA
0x14041c1d0 GetConsoleWindow
0x14041c1d8 GetSystemFirmwareTable
0x14041c1e0 HeapFree
0x14041c1e8 HeapAlloc
0x14041c1f0 GetProcessHeap
0x14041c1f8 MultiByteToWideChar
0x14041c200 SetPriorityClass
0x14041c208 GetCurrentProcess
0x14041c210 SetThreadPriority
0x14041c218 GetSystemPowerStatus
0x14041c220 GetCurrentThread
0x14041c228 GetProcAddress
0x14041c230 GetModuleHandleW
0x14041c238 GetTickCount
0x14041c240 CloseHandle
0x14041c248 FreeConsole
0x14041c250 VirtualProtect
0x14041c258 VirtualFree
0x14041c260 VirtualAlloc
0x14041c268 GetLargePageMinimum
0x14041c270 LocalAlloc
0x14041c278 GetLastError
0x14041c280 LocalFree
0x14041c288 FlushInstructionCache
0x14041c290 GetCurrentThreadId
0x14041c298 AddVectoredExceptionHandler
0x14041c2a0 DeviceIoControl
0x14041c2a8 GetModuleFileNameW
0x14041c2b0 CreateFileW
0x14041c2b8 SetLastError
0x14041c2c0 GetSystemTime
0x14041c2c8 SystemTimeToFileTime
0x14041c2d0 GetModuleHandleExW
0x14041c2d8 Sleep
0x14041c2e0 InitializeSRWLock
0x14041c2e8 ReleaseSRWLockExclusive
0x14041c2f0 ReleaseSRWLockShared
0x14041c2f8 AcquireSRWLockExclusive
0x14041c300 AcquireSRWLockShared
0x14041c308 TlsAlloc
0x14041c310 TlsGetValue
0x14041c318 TlsSetValue
0x14041c320 TlsFree
0x14041c328 GetSystemInfo
0x14041c330 SwitchToFiber
0x14041c338 DeleteFiber
0x14041c340 CreateFiberEx
0x14041c348 FindClose
0x14041c350 FindFirstFileW
0x14041c358 FindNextFileW
0x14041c360 WideCharToMultiByte
0x14041c368 GetSystemDirectoryA
0x14041c370 FreeLibrary
0x14041c378 LoadLibraryA
0x14041c380 FormatMessageA
0x14041c388 GetFileType
0x14041c390 WriteFile
0x14041c398 GetEnvironmentVariableW
0x14041c3a0 GetACP
0x14041c3a8 ConvertFiberToThread
0x14041c3b0 ConvertThreadToFiberEx
0x14041c3b8 GetCurrentProcessId
0x14041c3c0 GetSystemTimeAsFileTime
0x14041c3c8 LoadLibraryW
0x14041c3d0 ReadConsoleA
0x14041c3d8 ReadConsoleW
0x14041c3e0 PostQueuedCompletionStatus
0x14041c3e8 CreateFileA
0x14041c3f0 DuplicateHandle
0x14041c3f8 SetEvent
0x14041c400 ResetEvent
0x14041c408 WaitForSingleObject
0x14041c410 CreateEventA
0x14041c418 QueueUserWorkItem
0x14041c420 RegisterWaitForSingleObject
0x14041c428 UnregisterWait
0x14041c430 GetNumberOfConsoleInputEvents
0x14041c438 ReadConsoleInputW
0x14041c440 FillConsoleOutputCharacterW
0x14041c448 FillConsoleOutputAttribute
0x14041c450 GetConsoleCursorInfo
0x14041c458 SetConsoleCursorInfo
0x14041c460 GetConsoleScreenBufferInfo
0x14041c468 SetConsoleCursorPosition
0x14041c470 SetConsoleTextAttribute
0x14041c478 WriteConsoleInputW
0x14041c480 CreateDirectoryW
0x14041c488 FlushFileBuffers
0x14041c490 GetDiskFreeSpaceW
0x14041c498 GetFileAttributesW
0x14041c4a0 GetFileInformationByHandle
0x14041c4a8 CreateEventW
0x14041c4b0 RtlCaptureContext
0x14041c4b8 GetFullPathNameW
0x14041c4c0 ReadFile
0x14041c4c8 RemoveDirectoryW
0x14041c4d0 SetFilePointerEx
0x14041c4d8 SetFileTime
0x14041c4e0 MapViewOfFile
0x14041c4e8 FlushViewOfFile
0x14041c4f0 UnmapViewOfFile
0x14041c4f8 CreateFileMappingA
0x14041c500 ReOpenFile
0x14041c508 CopyFileW
0x14041c510 MoveFileExW
0x14041c518 CreateHardLinkW
0x14041c520 GetFileInformationByHandleEx
0x14041c528 CreateSymbolicLinkW
0x14041c530 InitializeCriticalSection
0x14041c538 EnterCriticalSection
0x14041c540 LeaveCriticalSection
0x14041c548 TryEnterCriticalSection
0x14041c550 DeleteCriticalSection
0x14041c558 InitializeConditionVariable
0x14041c560 WakeConditionVariable
0x14041c568 WakeAllConditionVariable
0x14041c570 SleepConditionVariableCS
0x14041c578 ReleaseSemaphore
0x14041c580 ResumeThread
0x14041c588 GetNativeSystemInfo
0x14041c590 GetProcessAffinityMask
0x14041c598 SetThreadAffinityMask
0x14041c5a0 CreateSemaphoreA
0x14041c5a8 SetConsoleCtrlHandler
0x14041c5b0 GetCurrentDirectoryW
0x14041c5b8 GetLongPathNameW
0x14041c5c0 RtlUnwind
0x14041c5c8 CreateIoCompletionPort
0x14041c5d0 ReadDirectoryChangesW
0x14041c5d8 GetEnvironmentStringsW
0x14041c5e0 FreeEnvironmentStringsW
0x14041c5e8 SetEnvironmentVariableW
0x14041c5f0 SetCurrentDirectoryW
0x14041c5f8 GetTempPathW
0x14041c600 GlobalMemoryStatusEx
0x14041c608 FileTimeToSystemTime
0x14041c610 K32GetProcessMemoryInfo
0x14041c618 SetHandleInformation
0x14041c620 CancelIoEx
0x14041c628 CancelIo
0x14041c630 SwitchToThread
0x14041c638 SetFileCompletionNotificationModes
0x14041c640 LoadLibraryExW
0x14041c648 SetErrorMode
0x14041c650 GetQueuedCompletionStatus
0x14041c658 ConnectNamedPipe
0x14041c660 SetNamedPipeHandleState
0x14041c668 PeekNamedPipe
0x14041c670 CreateNamedPipeW
0x14041c678 CancelSynchronousIo
0x14041c680 GetNamedPipeHandleStateA
0x14041c688 GetNamedPipeClientProcessId
0x14041c690 GetNamedPipeServerProcessId
0x14041c698 TerminateProcess
0x14041c6a0 GetExitCodeProcess
0x14041c6a8 UnregisterWaitEx
0x14041c6b0 LCMapStringW
0x14041c6b8 DebugBreak
0x14041c6c0 GetModuleHandleA
0x14041c6c8 LoadLibraryExA
0x14041c6d0 GetStartupInfoW
0x14041c6d8 GetModuleFileNameA
0x14041c6e0 GetVersionExA
0x14041c6e8 SetProcessAffinityMask
0x14041c6f0 GetComputerNameA
0x14041c6f8 FlsFree
0x14041c700 FlsSetValue
0x14041c708 FlsGetValue
0x14041c710 FlsAlloc
0x14041c718 GetCPInfo
0x14041c720 RtlLookupFunctionEntry
0x14041c728 GetFinalPathNameByHandleW
0x14041c730 RtlVirtualUnwind
0x14041c738 UnhandledExceptionFilter
0x14041c740 SetUnhandledExceptionFilter
0x14041c748 IsProcessorFeaturePresent
0x14041c750 IsDebuggerPresent
0x14041c758 InitializeSListHead
0x14041c760 RtlUnwindEx
0x14041c768 RtlPcToFileHeader
0x14041c770 RaiseException
0x14041c778 SetStdHandle
0x14041c780 GetCommandLineA
0x14041c788 GetCommandLineW
0x14041c790 CreateThread
0x14041c798 ExitThread
0x14041c7a0 FreeLibraryAndExitThread
0x14041c7a8 GetDriveTypeW
0x14041c7b0 SystemTimeToTzSpecificLocalTime
0x14041c7b8 ExitProcess
0x14041c7c0 GetFileAttributesExW
0x14041c7c8 SetFileAttributesW
0x14041c7d0 GetConsoleOutputCP
0x14041c7d8 CompareStringW
0x14041c7e0 GetLocaleInfoW
0x14041c7e8 IsValidLocale
0x14041c7f0 GetUserDefaultLCID
0x14041c7f8 EnumSystemLocalesW
0x14041c800 HeapReAlloc
0x14041c808 GetTimeZoneInformation
0x14041c810 HeapSize
0x14041c818 SetEndOfFile
0x14041c820 FindFirstFileExW
0x14041c828 IsValidCodePage
0x14041c830 GetOEMCP
0x14041c838 GetFileSizeEx
0x14041c840 GetShortPathNameW
0x14041c848 CompareStringEx
0x14041c850 LCMapStringEx
0x14041c858 InitializeCriticalSectionEx
0x14041c860 WaitForSingleObjectEx
0x14041c868 GetExitCodeThread
0x14041c870 SleepConditionVariableSRW
0x14041c878 EncodePointer
0x14041c880 DecodePointer
USER32.dll
0x14041c8a0 GetLastInputInfo
0x14041c8a8 MessageBoxW
0x14041c8b0 GetProcessWindowStation
0x14041c8b8 TranslateMessage
0x14041c8c0 GetUserObjectInformationW
0x14041c8c8 ShowWindow
0x14041c8d0 DispatchMessageA
0x14041c8d8 GetSystemMetrics
0x14041c8e0 MapVirtualKeyW
0x14041c8e8 GetMessageA
SHELL32.dll
0x14041c890 SHGetSpecialFolderPathA
ole32.dll
0x14041ca40 CoInitializeEx
0x14041ca48 CoUninitialize
0x14041ca50 CoCreateInstance
ADVAPI32.dll
0x14041c000 SystemFunction036
0x14041c008 GetUserNameW
0x14041c010 ReportEventW
0x14041c018 RegisterEventSourceW
0x14041c020 DeregisterEventSource
0x14041c028 CryptEnumProvidersW
0x14041c030 CryptSignHashW
0x14041c038 CryptDestroyHash
0x14041c040 CryptCreateHash
0x14041c048 CryptDecrypt
0x14041c050 CryptExportKey
0x14041c058 CryptGetUserKey
0x14041c060 CryptGetProvParam
0x14041c068 CryptSetHashParam
0x14041c070 CryptDestroyKey
0x14041c078 CryptReleaseContext
0x14041c080 CryptAcquireContextW
0x14041c088 CreateServiceW
0x14041c090 QueryServiceStatus
0x14041c098 CloseServiceHandle
0x14041c0a0 OpenSCManagerW
0x14041c0a8 QueryServiceConfigA
0x14041c0b0 DeleteService
0x14041c0b8 ControlService
0x14041c0c0 StartServiceW
0x14041c0c8 OpenServiceW
0x14041c0d0 LookupPrivilegeValueW
0x14041c0d8 AdjustTokenPrivileges
0x14041c0e0 OpenProcessToken
0x14041c0e8 LsaOpenPolicy
0x14041c0f0 LsaAddAccountRights
0x14041c0f8 LsaClose
0x14041c100 GetTokenInformation
crypt.dll
0x14041ca30 BCryptGenRandom
EAT(Export Address Table) is none