ScreenShot
| Created | 2024.10.21 14:36 | Machine | s1_win7_x6401 |
| Filename | fortpriv2.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 33 detected (AIDetectMalware, Malicious, score, Lazy, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, GameHack, AGEN, Static AI, Malicious PE, Detected, Eldorado, Small, GenKryptik, GHEK) | ||
| md5 | 7a0a6fd82698a9276141efaca0af7bfa | ||
| sha256 | 4984808e2a583c975aa381584047c93ea54acb6bd62daa10bc3a74beb3cc3498 | ||
| ssdeep | 24576:MaaczuqoldEU4fbtieKAXbLyPzED3kdnfptOdn:MaaczuqoldEB5sYf4e3unxon | ||
| imphash | a41ed998cd3acb68a462d38ef3532850 | ||
| impfuzzy | 96:AWJtl1iphDfEnTEnATFpaEb4oofuN3nEPufMuB58IxzCexU3yxUZxUxCASg/zYQM:AWnnYnATFrnGeB/EEY/r3fzjh+sk6TTL | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400bb150 WaitForSingleObjectEx
0x1400bb158 GetEnvironmentVariableA
0x1400bb160 GetFileType
0x1400bb168 ReadFile
0x1400bb170 PeekNamedPipe
0x1400bb178 WaitForMultipleObjects
0x1400bb180 CreateFileA
0x1400bb188 GetFileSizeEx
0x1400bb190 ReleaseSRWLockExclusive
0x1400bb198 AcquireSRWLockExclusive
0x1400bb1a0 WakeAllConditionVariable
0x1400bb1a8 CreateFileMappingW
0x1400bb1b0 VirtualProtect
0x1400bb1b8 CreateThread
0x1400bb1c0 GetTickCount
0x1400bb1c8 SleepConditionVariableSRW
0x1400bb1d0 RtlCaptureContext
0x1400bb1d8 RtlLookupFunctionEntry
0x1400bb1e0 RtlVirtualUnwind
0x1400bb1e8 UnhandledExceptionFilter
0x1400bb1f0 SetUnhandledExceptionFilter
0x1400bb1f8 VerifyVersionInfoA
0x1400bb200 IsProcessorFeaturePresent
0x1400bb208 IsDebuggerPresent
0x1400bb210 GetCurrentProcessId
0x1400bb218 GetCurrentThreadId
0x1400bb220 GetSystemTimeAsFileTime
0x1400bb228 InitializeSListHead
0x1400bb230 OutputDebugStringW
0x1400bb238 GetCurrentProcess
0x1400bb240 DeleteCriticalSection
0x1400bb248 InitializeCriticalSectionEx
0x1400bb250 GetProcessHeap
0x1400bb258 HeapSize
0x1400bb260 HeapFree
0x1400bb268 HeapReAlloc
0x1400bb270 HeapAlloc
0x1400bb278 HeapDestroy
0x1400bb280 GetLastError
0x1400bb288 QueryPerformanceCounter
0x1400bb290 GetSystemDirectoryA
0x1400bb298 SleepEx
0x1400bb2a0 LeaveCriticalSection
0x1400bb2a8 EnterCriticalSection
0x1400bb2b0 LocalFree
0x1400bb2b8 FormatMessageA
0x1400bb2c0 SetLastError
0x1400bb2c8 QueryFullProcessImageNameW
0x1400bb2d0 GetModuleHandleW
0x1400bb2d8 FreeLibrary
0x1400bb2e0 MoveFileExA
0x1400bb2e8 GetModuleFileNameA
0x1400bb2f0 UnmapViewOfFile
0x1400bb2f8 TerminateProcess
0x1400bb300 MapViewOfFile
0x1400bb308 VerSetConditionMask
0x1400bb310 GetProcAddress
0x1400bb318 QueryPerformanceFrequency
0x1400bb320 LoadLibraryA
0x1400bb328 GetLocaleInfoA
0x1400bb330 GlobalUnlock
0x1400bb338 WideCharToMultiByte
0x1400bb340 GlobalLock
0x1400bb348 GlobalFree
0x1400bb350 GlobalAlloc
0x1400bb358 MultiByteToWideChar
0x1400bb360 lstrcmpiA
0x1400bb368 GetConsoleWindow
0x1400bb370 CloseHandle
0x1400bb378 Process32Next
0x1400bb380 Sleep
0x1400bb388 CreateToolhelp32Snapshot
0x1400bb390 GetModuleHandleA
0x1400bb398 CreateFileW
0x1400bb3a0 SetConsoleWindowInfo
0x1400bb3a8 VirtualAlloc
0x1400bb3b0 GetStdHandle
0x1400bb3b8 SetConsoleScreenBufferSize
0x1400bb3c0 SetConsoleTitleA
0x1400bb3c8 SetConsoleTextAttribute
0x1400bb3d0 Process32First
USER32.dll
0x1400bb688 LoadCursorA
0x1400bb690 GetForegroundWindow
0x1400bb698 SetCursorPos
0x1400bb6a0 GetCursorPos
0x1400bb6a8 GetKeyboardLayout
0x1400bb6b0 ScreenToClient
0x1400bb6b8 EmptyClipboard
0x1400bb6c0 GetClipboardData
0x1400bb6c8 SetClipboardData
0x1400bb6d0 GetKeyState
0x1400bb6d8 DestroyWindow
0x1400bb6e0 GetSystemMetrics
0x1400bb6e8 SetWindowDisplayAffinity
0x1400bb6f0 MessageBoxA
0x1400bb6f8 RegisterClassA
0x1400bb700 ClientToScreen
0x1400bb708 OpenClipboard
0x1400bb710 DispatchMessageA
0x1400bb718 SetCursor
0x1400bb720 CloseClipboard
0x1400bb728 GetClientRect
0x1400bb730 FindWindowA
0x1400bb738 SetWindowLongPtrA
0x1400bb740 PostQuitMessage
0x1400bb748 GetWindowLongPtrA
0x1400bb750 PeekMessageA
0x1400bb758 TranslateMessage
0x1400bb760 SetLayeredWindowAttributes
0x1400bb768 DefWindowProcA
MSVCP140.dll
0x1400bb3e0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400bb3e8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400bb3f0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400bb3f8 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400bb400 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400bb408 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400bb410 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400bb418 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400bb420 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400bb428 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb430 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb438 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400bb440 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400bb448 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
0x1400bb450 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400bb458 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
0x1400bb460 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb468 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
0x1400bb470 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400bb478 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
0x1400bb480 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb488 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400bb490 ?good@ios_base@std@@QEBA_NXZ
0x1400bb498 ??Bios_base@std@@QEBA_NXZ
0x1400bb4a0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400bb4a8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400bb4b0 ??Bid@locale@std@@QEAA_KXZ
0x1400bb4b8 ?_Xbad_function_call@std@@YAXXZ
0x1400bb4c0 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400bb4c8 ?_Xbad_alloc@std@@YAXXZ
0x1400bb4d0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400bb4d8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400bb4e0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400bb4e8 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400bb4f0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400bb4f8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400bb500 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400bb508 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400bb510 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400bb518 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400bb520 ?_Random_device@std@@YAIXZ
0x1400bb528 ?_Xlength_error@std@@YAXPEBD@Z
0x1400bb530 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb538 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400bb540 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400bb548 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400bb550 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400bb558 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400bb560 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400bb568 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400bb570 _Mtx_destroy_in_situ
0x1400bb578 _Mtx_init_in_situ
0x1400bb580 _Cnd_do_broadcast_at_thread_exit
0x1400bb588 _Thrd_sleep
0x1400bb590 _Query_perf_counter
0x1400bb598 _Thrd_detach
0x1400bb5a0 _Xtime_get_ticks
0x1400bb5a8 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400bb5b0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400bb5b8 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400bb5c8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400bb5d0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5d8 ?uncaught_exception@std@@YA_NXZ
0x1400bb5e0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5e8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400bb5f0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400bb5f8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400bb600 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400bb608 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400bb610 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400bb618 ??0_Lockit@std@@QEAA@H@Z
0x1400bb620 ??1_Lockit@std@@QEAA@XZ
0x1400bb628 _Query_perf_frequency
d3d9.dll
0x1400bbd60 Direct3DCreate9Ex
dwmapi.dll
0x1400bbd70 DwmExtendFrameIntoClientArea
urlmon.dll
0x1400bbd80 URLDownloadToFileA
CRYPT32.dll
0x1400bb0a0 CertFreeCertificateChainEngine
0x1400bb0a8 CertGetCertificateChain
0x1400bb0b0 CertFreeCertificateChain
0x1400bb0b8 CertFreeCertificateContext
0x1400bb0c0 CertCreateCertificateChainEngine
0x1400bb0c8 CertGetNameStringA
0x1400bb0d0 CertFindExtension
0x1400bb0d8 CertAddCertificateContextToStore
0x1400bb0e0 CryptDecodeObjectEx
0x1400bb0e8 PFXImportCertStore
0x1400bb0f0 CryptStringToBinaryA
0x1400bb0f8 CertFindCertificateInStore
0x1400bb100 CertEnumCertificatesInStore
0x1400bb108 CertCloseStore
0x1400bb110 CertOpenStore
0x1400bb118 CryptQueryObject
IMM32.dll
0x1400bb128 ImmReleaseContext
0x1400bb130 ImmSetCompositionWindow
0x1400bb138 ImmSetCandidateWindow
0x1400bb140 ImmGetContext
Normaliz.dll
0x1400bb638 IdnToAscii
WLDAP32.dll
0x1400bb818 None
0x1400bb820 None
0x1400bb828 None
0x1400bb830 None
0x1400bb838 None
0x1400bb840 None
0x1400bb848 None
0x1400bb850 None
0x1400bb858 None
0x1400bb860 None
0x1400bb868 None
0x1400bb870 None
0x1400bb878 None
0x1400bb880 None
0x1400bb888 None
0x1400bb890 None
0x1400bb898 None
0x1400bb8a0 None
WS2_32.dll
0x1400bb8b0 getsockname
0x1400bb8b8 getpeername
0x1400bb8c0 connect
0x1400bb8c8 htons
0x1400bb8d0 WSAGetLastError
0x1400bb8d8 send
0x1400bb8e0 recv
0x1400bb8e8 closesocket
0x1400bb8f0 getsockopt
0x1400bb8f8 ntohs
0x1400bb900 setsockopt
0x1400bb908 socket
0x1400bb910 WSASetLastError
0x1400bb918 WSAIoctl
0x1400bb920 WSAStartup
0x1400bb928 WSACleanup
0x1400bb930 accept
0x1400bb938 listen
0x1400bb940 ioctlsocket
0x1400bb948 __WSAFDIsSet
0x1400bb950 select
0x1400bb958 getaddrinfo
0x1400bb960 freeaddrinfo
0x1400bb968 recvfrom
0x1400bb970 sendto
0x1400bb978 gethostname
0x1400bb980 ind
0x1400bb988 ntohl
0x1400bb990 htonl
RPCRT4.dll
0x1400bb658 RpcStringFreeA
0x1400bb660 UuidToStringA
0x1400bb668 UuidCreate
PSAPI.DLL
0x1400bb648 GetModuleInformation
USERENV.dll
0x1400bb778 UnloadUserProfile
VCRUNTIME140_1.dll
0x1400bb808 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400bb788 __C_specific_handler
0x1400bb790 __current_exception_context
0x1400bb798 __current_exception
0x1400bb7a0 memset
0x1400bb7a8 memmove
0x1400bb7b0 memcpy
0x1400bb7b8 memcmp
0x1400bb7c0 memchr
0x1400bb7c8 _CxxThrowException
0x1400bb7d0 strchr
0x1400bb7d8 strstr
0x1400bb7e0 __std_terminate
0x1400bb7e8 __std_exception_copy
0x1400bb7f0 strrchr
0x1400bb7f8 __std_exception_destroy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400bbae8 _configure_narrow_argv
0x1400bbaf0 _initialize_narrow_environment
0x1400bbaf8 _initialize_onexit_table
0x1400bbb00 _register_onexit_function
0x1400bbb08 _crt_atexit
0x1400bbb10 _cexit
0x1400bbb18 _seh_filter_exe
0x1400bbb20 _set_app_type
0x1400bbb28 _get_initial_narrow_environment
0x1400bbb30 _resetstkoflw
0x1400bbb38 _getpid
0x1400bbb40 _invalid_parameter_noinfo
0x1400bbb48 _initterm
0x1400bbb50 __sys_nerr
0x1400bbb58 strerror
0x1400bbb60 _initterm_e
0x1400bbb68 _exit
0x1400bbb70 __p___argc
0x1400bbb78 exit
0x1400bbb80 __p___argv
0x1400bbb88 _beginthreadex
0x1400bbb90 system
0x1400bbb98 terminate
0x1400bbba0 _errno
0x1400bbba8 _c_exit
0x1400bbbb0 _register_thread_local_exe_atexit_callback
0x1400bbbb8 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0.dll
0x1400bbbc8 _lseeki64
0x1400bbbd0 __stdio_common_vsprintf
0x1400bbbd8 _wfopen
0x1400bbbe0 feof
0x1400bbbe8 fputs
0x1400bbbf0 fseek
0x1400bbbf8 ftell
0x1400bbc00 _get_stream_buffer_pointers
0x1400bbc08 _read
0x1400bbc10 _fseeki64
0x1400bbc18 fread
0x1400bbc20 fsetpos
0x1400bbc28 ungetc
0x1400bbc30 fopen
0x1400bbc38 _set_fmode
0x1400bbc40 fgetpos
0x1400bbc48 __p__commode
0x1400bbc50 fwrite
0x1400bbc58 _popen
0x1400bbc60 _write
0x1400bbc68 _close
0x1400bbc70 _open
0x1400bbc78 __stdio_common_vfprintf
0x1400bbc80 fgetc
0x1400bbc88 _pclose
0x1400bbc90 fgets
0x1400bbc98 __stdio_common_vsscanf
0x1400bbca0 fclose
0x1400bbca8 fflush
0x1400bbcb0 fputc
0x1400bbcb8 __acrt_iob_func
0x1400bbcc0 setvbuf
api-ms-win-crt-heap-l1-1-0.dll
0x1400bba18 realloc
0x1400bba20 calloc
0x1400bba28 _set_new_mode
0x1400bba30 _callnewh
0x1400bba38 malloc
0x1400bba40 free
api-ms-win-crt-time-l1-1-0.dll
0x1400bbd20 _gmtime64
0x1400bbd28 _localtime64_s
0x1400bbd30 strftime
0x1400bbd38 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x1400bbd48 qsort
0x1400bbd50 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400bb9e0 _stat64
0x1400bb9e8 _fstat64
0x1400bb9f0 _lock_file
0x1400bb9f8 _unlock_file
0x1400bba00 _unlink
0x1400bba08 _access
api-ms-win-crt-convert-l1-1-0.dll
0x1400bb9a0 strtoul
0x1400bb9a8 strtol
0x1400bb9b0 atof
0x1400bb9b8 strtoull
0x1400bb9c0 strtod
0x1400bb9c8 atoi
0x1400bb9d0 strtoll
api-ms-win-crt-string-l1-1-0.dll
0x1400bbcd0 tolower
0x1400bbcd8 strcspn
0x1400bbce0 strncmp
0x1400bbce8 _strdup
0x1400bbcf0 strcmp
0x1400bbcf8 strpbrk
0x1400bbd00 strspn
0x1400bbd08 isupper
0x1400bbd10 strncpy
api-ms-win-crt-locale-l1-1-0.dll
0x1400bba50 _configthreadlocale
0x1400bba58 localeconv
api-ms-win-crt-math-l1-1-0.dll
0x1400bba68 ceilf
0x1400bba70 cosf
0x1400bba78 tanf
0x1400bba80 powf
0x1400bba88 __setusermatherr
0x1400bba90 fmodf
0x1400bba98 _dclass
0x1400bbaa0 atan2f
0x1400bbaa8 sinf
0x1400bbab0 atan2
0x1400bbab8 copysignf
0x1400bbac0 acosf
0x1400bbac8 sqrt
0x1400bbad0 sqrtf
0x1400bbad8 asin
ADVAPI32.dll
0x1400bb000 OpenProcessToken
0x1400bb008 CryptEncrypt
0x1400bb010 CryptImportKey
0x1400bb018 CryptDestroyKey
0x1400bb020 CryptDestroyHash
0x1400bb028 CryptHashData
0x1400bb030 CryptCreateHash
0x1400bb038 AddAccessAllowedAce
0x1400bb040 GetLengthSid
0x1400bb048 GetTokenInformation
0x1400bb050 InitializeAcl
0x1400bb058 IsValidSid
0x1400bb060 SetSecurityInfo
0x1400bb068 CopySid
0x1400bb070 ConvertSidToStringSidA
0x1400bb078 CryptAcquireContextA
0x1400bb080 CryptReleaseContext
0x1400bb088 CryptGetHashParam
0x1400bb090 CryptGenRandom
SHELL32.dll
0x1400bb678 ShellExecuteA
EAT(Export Address Table) is none
KERNEL32.dll
0x1400bb150 WaitForSingleObjectEx
0x1400bb158 GetEnvironmentVariableA
0x1400bb160 GetFileType
0x1400bb168 ReadFile
0x1400bb170 PeekNamedPipe
0x1400bb178 WaitForMultipleObjects
0x1400bb180 CreateFileA
0x1400bb188 GetFileSizeEx
0x1400bb190 ReleaseSRWLockExclusive
0x1400bb198 AcquireSRWLockExclusive
0x1400bb1a0 WakeAllConditionVariable
0x1400bb1a8 CreateFileMappingW
0x1400bb1b0 VirtualProtect
0x1400bb1b8 CreateThread
0x1400bb1c0 GetTickCount
0x1400bb1c8 SleepConditionVariableSRW
0x1400bb1d0 RtlCaptureContext
0x1400bb1d8 RtlLookupFunctionEntry
0x1400bb1e0 RtlVirtualUnwind
0x1400bb1e8 UnhandledExceptionFilter
0x1400bb1f0 SetUnhandledExceptionFilter
0x1400bb1f8 VerifyVersionInfoA
0x1400bb200 IsProcessorFeaturePresent
0x1400bb208 IsDebuggerPresent
0x1400bb210 GetCurrentProcessId
0x1400bb218 GetCurrentThreadId
0x1400bb220 GetSystemTimeAsFileTime
0x1400bb228 InitializeSListHead
0x1400bb230 OutputDebugStringW
0x1400bb238 GetCurrentProcess
0x1400bb240 DeleteCriticalSection
0x1400bb248 InitializeCriticalSectionEx
0x1400bb250 GetProcessHeap
0x1400bb258 HeapSize
0x1400bb260 HeapFree
0x1400bb268 HeapReAlloc
0x1400bb270 HeapAlloc
0x1400bb278 HeapDestroy
0x1400bb280 GetLastError
0x1400bb288 QueryPerformanceCounter
0x1400bb290 GetSystemDirectoryA
0x1400bb298 SleepEx
0x1400bb2a0 LeaveCriticalSection
0x1400bb2a8 EnterCriticalSection
0x1400bb2b0 LocalFree
0x1400bb2b8 FormatMessageA
0x1400bb2c0 SetLastError
0x1400bb2c8 QueryFullProcessImageNameW
0x1400bb2d0 GetModuleHandleW
0x1400bb2d8 FreeLibrary
0x1400bb2e0 MoveFileExA
0x1400bb2e8 GetModuleFileNameA
0x1400bb2f0 UnmapViewOfFile
0x1400bb2f8 TerminateProcess
0x1400bb300 MapViewOfFile
0x1400bb308 VerSetConditionMask
0x1400bb310 GetProcAddress
0x1400bb318 QueryPerformanceFrequency
0x1400bb320 LoadLibraryA
0x1400bb328 GetLocaleInfoA
0x1400bb330 GlobalUnlock
0x1400bb338 WideCharToMultiByte
0x1400bb340 GlobalLock
0x1400bb348 GlobalFree
0x1400bb350 GlobalAlloc
0x1400bb358 MultiByteToWideChar
0x1400bb360 lstrcmpiA
0x1400bb368 GetConsoleWindow
0x1400bb370 CloseHandle
0x1400bb378 Process32Next
0x1400bb380 Sleep
0x1400bb388 CreateToolhelp32Snapshot
0x1400bb390 GetModuleHandleA
0x1400bb398 CreateFileW
0x1400bb3a0 SetConsoleWindowInfo
0x1400bb3a8 VirtualAlloc
0x1400bb3b0 GetStdHandle
0x1400bb3b8 SetConsoleScreenBufferSize
0x1400bb3c0 SetConsoleTitleA
0x1400bb3c8 SetConsoleTextAttribute
0x1400bb3d0 Process32First
USER32.dll
0x1400bb688 LoadCursorA
0x1400bb690 GetForegroundWindow
0x1400bb698 SetCursorPos
0x1400bb6a0 GetCursorPos
0x1400bb6a8 GetKeyboardLayout
0x1400bb6b0 ScreenToClient
0x1400bb6b8 EmptyClipboard
0x1400bb6c0 GetClipboardData
0x1400bb6c8 SetClipboardData
0x1400bb6d0 GetKeyState
0x1400bb6d8 DestroyWindow
0x1400bb6e0 GetSystemMetrics
0x1400bb6e8 SetWindowDisplayAffinity
0x1400bb6f0 MessageBoxA
0x1400bb6f8 RegisterClassA
0x1400bb700 ClientToScreen
0x1400bb708 OpenClipboard
0x1400bb710 DispatchMessageA
0x1400bb718 SetCursor
0x1400bb720 CloseClipboard
0x1400bb728 GetClientRect
0x1400bb730 FindWindowA
0x1400bb738 SetWindowLongPtrA
0x1400bb740 PostQuitMessage
0x1400bb748 GetWindowLongPtrA
0x1400bb750 PeekMessageA
0x1400bb758 TranslateMessage
0x1400bb760 SetLayeredWindowAttributes
0x1400bb768 DefWindowProcA
MSVCP140.dll
0x1400bb3e0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400bb3e8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400bb3f0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400bb3f8 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400bb400 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400bb408 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400bb410 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400bb418 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400bb420 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400bb428 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb430 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb438 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400bb440 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400bb448 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
0x1400bb450 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400bb458 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
0x1400bb460 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb468 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
0x1400bb470 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400bb478 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
0x1400bb480 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb488 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400bb490 ?good@ios_base@std@@QEBA_NXZ
0x1400bb498 ??Bios_base@std@@QEBA_NXZ
0x1400bb4a0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400bb4a8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400bb4b0 ??Bid@locale@std@@QEAA_KXZ
0x1400bb4b8 ?_Xbad_function_call@std@@YAXXZ
0x1400bb4c0 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400bb4c8 ?_Xbad_alloc@std@@YAXXZ
0x1400bb4d0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400bb4d8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400bb4e0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400bb4e8 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400bb4f0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400bb4f8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400bb500 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400bb508 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400bb510 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400bb518 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400bb520 ?_Random_device@std@@YAIXZ
0x1400bb528 ?_Xlength_error@std@@YAXPEBD@Z
0x1400bb530 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400bb538 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400bb540 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400bb548 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400bb550 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400bb558 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400bb560 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400bb568 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400bb570 _Mtx_destroy_in_situ
0x1400bb578 _Mtx_init_in_situ
0x1400bb580 _Cnd_do_broadcast_at_thread_exit
0x1400bb588 _Thrd_sleep
0x1400bb590 _Query_perf_counter
0x1400bb598 _Thrd_detach
0x1400bb5a0 _Xtime_get_ticks
0x1400bb5a8 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400bb5b0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400bb5b8 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400bb5c8 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400bb5d0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5d8 ?uncaught_exception@std@@YA_NXZ
0x1400bb5e0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400bb5e8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400bb5f0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400bb5f8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400bb600 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400bb608 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400bb610 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400bb618 ??0_Lockit@std@@QEAA@H@Z
0x1400bb620 ??1_Lockit@std@@QEAA@XZ
0x1400bb628 _Query_perf_frequency
d3d9.dll
0x1400bbd60 Direct3DCreate9Ex
dwmapi.dll
0x1400bbd70 DwmExtendFrameIntoClientArea
urlmon.dll
0x1400bbd80 URLDownloadToFileA
CRYPT32.dll
0x1400bb0a0 CertFreeCertificateChainEngine
0x1400bb0a8 CertGetCertificateChain
0x1400bb0b0 CertFreeCertificateChain
0x1400bb0b8 CertFreeCertificateContext
0x1400bb0c0 CertCreateCertificateChainEngine
0x1400bb0c8 CertGetNameStringA
0x1400bb0d0 CertFindExtension
0x1400bb0d8 CertAddCertificateContextToStore
0x1400bb0e0 CryptDecodeObjectEx
0x1400bb0e8 PFXImportCertStore
0x1400bb0f0 CryptStringToBinaryA
0x1400bb0f8 CertFindCertificateInStore
0x1400bb100 CertEnumCertificatesInStore
0x1400bb108 CertCloseStore
0x1400bb110 CertOpenStore
0x1400bb118 CryptQueryObject
IMM32.dll
0x1400bb128 ImmReleaseContext
0x1400bb130 ImmSetCompositionWindow
0x1400bb138 ImmSetCandidateWindow
0x1400bb140 ImmGetContext
Normaliz.dll
0x1400bb638 IdnToAscii
WLDAP32.dll
0x1400bb818 None
0x1400bb820 None
0x1400bb828 None
0x1400bb830 None
0x1400bb838 None
0x1400bb840 None
0x1400bb848 None
0x1400bb850 None
0x1400bb858 None
0x1400bb860 None
0x1400bb868 None
0x1400bb870 None
0x1400bb878 None
0x1400bb880 None
0x1400bb888 None
0x1400bb890 None
0x1400bb898 None
0x1400bb8a0 None
WS2_32.dll
0x1400bb8b0 getsockname
0x1400bb8b8 getpeername
0x1400bb8c0 connect
0x1400bb8c8 htons
0x1400bb8d0 WSAGetLastError
0x1400bb8d8 send
0x1400bb8e0 recv
0x1400bb8e8 closesocket
0x1400bb8f0 getsockopt
0x1400bb8f8 ntohs
0x1400bb900 setsockopt
0x1400bb908 socket
0x1400bb910 WSASetLastError
0x1400bb918 WSAIoctl
0x1400bb920 WSAStartup
0x1400bb928 WSACleanup
0x1400bb930 accept
0x1400bb938 listen
0x1400bb940 ioctlsocket
0x1400bb948 __WSAFDIsSet
0x1400bb950 select
0x1400bb958 getaddrinfo
0x1400bb960 freeaddrinfo
0x1400bb968 recvfrom
0x1400bb970 sendto
0x1400bb978 gethostname
0x1400bb980 ind
0x1400bb988 ntohl
0x1400bb990 htonl
RPCRT4.dll
0x1400bb658 RpcStringFreeA
0x1400bb660 UuidToStringA
0x1400bb668 UuidCreate
PSAPI.DLL
0x1400bb648 GetModuleInformation
USERENV.dll
0x1400bb778 UnloadUserProfile
VCRUNTIME140_1.dll
0x1400bb808 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400bb788 __C_specific_handler
0x1400bb790 __current_exception_context
0x1400bb798 __current_exception
0x1400bb7a0 memset
0x1400bb7a8 memmove
0x1400bb7b0 memcpy
0x1400bb7b8 memcmp
0x1400bb7c0 memchr
0x1400bb7c8 _CxxThrowException
0x1400bb7d0 strchr
0x1400bb7d8 strstr
0x1400bb7e0 __std_terminate
0x1400bb7e8 __std_exception_copy
0x1400bb7f0 strrchr
0x1400bb7f8 __std_exception_destroy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400bbae8 _configure_narrow_argv
0x1400bbaf0 _initialize_narrow_environment
0x1400bbaf8 _initialize_onexit_table
0x1400bbb00 _register_onexit_function
0x1400bbb08 _crt_atexit
0x1400bbb10 _cexit
0x1400bbb18 _seh_filter_exe
0x1400bbb20 _set_app_type
0x1400bbb28 _get_initial_narrow_environment
0x1400bbb30 _resetstkoflw
0x1400bbb38 _getpid
0x1400bbb40 _invalid_parameter_noinfo
0x1400bbb48 _initterm
0x1400bbb50 __sys_nerr
0x1400bbb58 strerror
0x1400bbb60 _initterm_e
0x1400bbb68 _exit
0x1400bbb70 __p___argc
0x1400bbb78 exit
0x1400bbb80 __p___argv
0x1400bbb88 _beginthreadex
0x1400bbb90 system
0x1400bbb98 terminate
0x1400bbba0 _errno
0x1400bbba8 _c_exit
0x1400bbbb0 _register_thread_local_exe_atexit_callback
0x1400bbbb8 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0.dll
0x1400bbbc8 _lseeki64
0x1400bbbd0 __stdio_common_vsprintf
0x1400bbbd8 _wfopen
0x1400bbbe0 feof
0x1400bbbe8 fputs
0x1400bbbf0 fseek
0x1400bbbf8 ftell
0x1400bbc00 _get_stream_buffer_pointers
0x1400bbc08 _read
0x1400bbc10 _fseeki64
0x1400bbc18 fread
0x1400bbc20 fsetpos
0x1400bbc28 ungetc
0x1400bbc30 fopen
0x1400bbc38 _set_fmode
0x1400bbc40 fgetpos
0x1400bbc48 __p__commode
0x1400bbc50 fwrite
0x1400bbc58 _popen
0x1400bbc60 _write
0x1400bbc68 _close
0x1400bbc70 _open
0x1400bbc78 __stdio_common_vfprintf
0x1400bbc80 fgetc
0x1400bbc88 _pclose
0x1400bbc90 fgets
0x1400bbc98 __stdio_common_vsscanf
0x1400bbca0 fclose
0x1400bbca8 fflush
0x1400bbcb0 fputc
0x1400bbcb8 __acrt_iob_func
0x1400bbcc0 setvbuf
api-ms-win-crt-heap-l1-1-0.dll
0x1400bba18 realloc
0x1400bba20 calloc
0x1400bba28 _set_new_mode
0x1400bba30 _callnewh
0x1400bba38 malloc
0x1400bba40 free
api-ms-win-crt-time-l1-1-0.dll
0x1400bbd20 _gmtime64
0x1400bbd28 _localtime64_s
0x1400bbd30 strftime
0x1400bbd38 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x1400bbd48 qsort
0x1400bbd50 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400bb9e0 _stat64
0x1400bb9e8 _fstat64
0x1400bb9f0 _lock_file
0x1400bb9f8 _unlock_file
0x1400bba00 _unlink
0x1400bba08 _access
api-ms-win-crt-convert-l1-1-0.dll
0x1400bb9a0 strtoul
0x1400bb9a8 strtol
0x1400bb9b0 atof
0x1400bb9b8 strtoull
0x1400bb9c0 strtod
0x1400bb9c8 atoi
0x1400bb9d0 strtoll
api-ms-win-crt-string-l1-1-0.dll
0x1400bbcd0 tolower
0x1400bbcd8 strcspn
0x1400bbce0 strncmp
0x1400bbce8 _strdup
0x1400bbcf0 strcmp
0x1400bbcf8 strpbrk
0x1400bbd00 strspn
0x1400bbd08 isupper
0x1400bbd10 strncpy
api-ms-win-crt-locale-l1-1-0.dll
0x1400bba50 _configthreadlocale
0x1400bba58 localeconv
api-ms-win-crt-math-l1-1-0.dll
0x1400bba68 ceilf
0x1400bba70 cosf
0x1400bba78 tanf
0x1400bba80 powf
0x1400bba88 __setusermatherr
0x1400bba90 fmodf
0x1400bba98 _dclass
0x1400bbaa0 atan2f
0x1400bbaa8 sinf
0x1400bbab0 atan2
0x1400bbab8 copysignf
0x1400bbac0 acosf
0x1400bbac8 sqrt
0x1400bbad0 sqrtf
0x1400bbad8 asin
ADVAPI32.dll
0x1400bb000 OpenProcessToken
0x1400bb008 CryptEncrypt
0x1400bb010 CryptImportKey
0x1400bb018 CryptDestroyKey
0x1400bb020 CryptDestroyHash
0x1400bb028 CryptHashData
0x1400bb030 CryptCreateHash
0x1400bb038 AddAccessAllowedAce
0x1400bb040 GetLengthSid
0x1400bb048 GetTokenInformation
0x1400bb050 InitializeAcl
0x1400bb058 IsValidSid
0x1400bb060 SetSecurityInfo
0x1400bb068 CopySid
0x1400bb070 ConvertSidToStringSidA
0x1400bb078 CryptAcquireContextA
0x1400bb080 CryptReleaseContext
0x1400bb088 CryptGetHashParam
0x1400bb090 CryptGenRandom
SHELL32.dll
0x1400bb678 ShellExecuteA
EAT(Export Address Table) is none