ScreenShot
| Created | 2024.10.21 17:05 | Machine | s1_win7_x6403 |
| Filename | SoftWall.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, GameHack, Malicious, score, GenericKD, Unsafe, Save, confidence, Attribute, HighConfidence, high confidence, FileRepMalware, Misc, Hacktool, CLOUD, AGEN, Tool, Static AI, Malicious PE, Detected, Sabsik, Wacatac, Eldorado, Artemis, Chgt, R002H09J624, Gencirc, GenKryptik, GHEK) | ||
| md5 | f7c9ceb8ad6ca3b2a1e0e264cd3673ae | ||
| sha256 | 0a34b4983108c1ca1a0da7769d0405a4f2eb0db1f4fc9519ed9966f1d1eea7e4 | ||
| ssdeep | 49152:5ZsuOa8IogG/pa4FLIVynGOUkOQcmYDC:pREtIHvVF | ||
| imphash | 477d323607210ef5b70941f292c7f556 | ||
| impfuzzy | 192:JWYT2Ufj3yFMj4gxvF4WcAn/sDJh2KrB3BRNMciTQ:JLTPiFME04uKrBxnhP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140112160 PeekNamedPipe
0x140112168 WaitForMultipleObjects
0x140112170 CreateFileA
0x140112178 GetFileSizeEx
0x140112180 GetLocaleInfoEx
0x140112188 CreateDirectoryW
0x140112190 FindClose
0x140112198 FindFirstFileW
0x1401121a0 FindFirstFileExW
0x1401121a8 FindNextFileW
0x1401121b0 GetFileAttributesExW
0x1401121b8 LoadLibraryA
0x1401121c0 AreFileApisANSI
0x1401121c8 GetFileType
0x1401121d0 GetEnvironmentVariableA
0x1401121d8 WaitForSingleObjectEx
0x1401121e0 MoveFileExA
0x1401121e8 MoveFileExW
0x1401121f0 VirtualProtect
0x1401121f8 GetTickCount
0x140112200 ReleaseSRWLockExclusive
0x140112208 AcquireSRWLockExclusive
0x140112210 WakeAllConditionVariable
0x140112218 SleepConditionVariableSRW
0x140112220 UnhandledExceptionFilter
0x140112228 SetUnhandledExceptionFilter
0x140112230 TerminateProcess
0x140112238 IsProcessorFeaturePresent
0x140112240 IsDebuggerPresent
0x140112248 GetCurrentProcessId
0x140112250 GetCurrentThreadId
0x140112258 GetSystemTimeAsFileTime
0x140112260 InitializeSListHead
0x140112268 OutputDebugStringW
0x140112270 GetModuleHandleA
0x140112278 GlobalUnlock
0x140112280 GlobalLock
0x140112288 VerifyVersionInfoA
0x140112290 GetSystemDirectoryA
0x140112298 SleepEx
0x1401122a0 LeaveCriticalSection
0x1401122a8 EnterCriticalSection
0x1401122b0 LocalFree
0x1401122b8 FormatMessageA
0x1401122c0 SetLastError
0x1401122c8 GetModuleFileNameA
0x1401122d0 GlobalFree
0x1401122d8 CreateThread
0x1401122e0 GetCurrentProcess
0x1401122e8 DeleteCriticalSection
0x1401122f0 InitializeCriticalSectionEx
0x1401122f8 GetProcessHeap
0x140112300 HeapSize
0x140112308 HeapFree
0x140112310 HeapReAlloc
0x140112318 HeapAlloc
0x140112320 HeapDestroy
0x140112328 GetLastError
0x140112330 CreateFileW
0x140112338 GetModuleHandleW
0x140112340 QueryPerformanceCounter
0x140112348 FreeLibrary
0x140112350 GetProcAddress
0x140112358 ReadFile
0x140112360 UnmapViewOfFile
0x140112368 MapViewOfFile
0x140112370 CreateFileMappingW
0x140112378 GlobalAlloc
0x140112380 MultiByteToWideChar
0x140112388 QueryFullProcessImageNameW
0x140112390 VerifyVersionInfoW
0x140112398 GetConsoleWindow
0x1401123a0 WideCharToMultiByte
0x1401123a8 VerSetConditionMask
0x1401123b0 CloseHandle
0x1401123b8 Sleep
0x1401123c0 OpenProcess
0x1401123c8 SetConsoleWindowInfo
0x1401123d0 SetConsoleScreenBufferSize
0x1401123d8 SetConsoleTextAttribute
0x1401123e0 GetTickCount64
0x1401123e8 DeviceIoControl
0x1401123f0 GetFileInformationByHandleEx
0x1401123f8 QueryPerformanceFrequency
0x140112400 GetStdHandle
USER32.dll
0x140112738 ShowWindow
0x140112740 GetWindowLongPtrW
0x140112748 SetWindowLongPtrW
0x140112750 SetClipboardData
0x140112758 GetClipboardData
0x140112760 EmptyClipboard
0x140112768 CloseClipboard
0x140112770 OpenClipboard
0x140112778 GetCursorPos
0x140112780 GetAsyncKeyState
0x140112788 GetForegroundWindow
0x140112790 SetLayeredWindowAttributes
0x140112798 SetCursorPos
0x1401127a0 ReleaseCapture
0x1401127a8 IsWindowUnicode
0x1401127b0 GetClientRect
0x1401127b8 SetCursor
0x1401127c0 SetCapture
0x1401127c8 ClientToScreen
0x1401127d0 FindWindowW
0x1401127d8 MapVirtualKeyW
0x1401127e0 SendMessageW
0x1401127e8 FindWindowA
0x1401127f0 GetCapture
0x1401127f8 mouse_event
0x140112800 DefWindowProcW
0x140112808 GetKeyboardState
0x140112810 GetWindowLongW
0x140112818 ToUnicode
0x140112820 TrackMouseEvent
0x140112828 SetWindowPos
0x140112830 CreateWindowExW
0x140112838 UnregisterClassW
0x140112840 RegisterClassExW
0x140112848 DispatchMessageW
0x140112850 PeekMessageW
0x140112858 LoadCursorW
0x140112860 SetWindowDisplayAffinity
0x140112868 TranslateMessage
0x140112870 SetWindowLongW
0x140112878 PostQuitMessage
0x140112880 ScreenToClient
0x140112888 GetMessageExtraInfo
0x140112890 GetKeyState
0x140112898 MessageBoxA
0x1401128a0 UnregisterClassA
0x1401128a8 DestroyWindow
0x1401128b0 UpdateWindow
SHELL32.dll
0x140112720 SHGetFolderPathA
0x140112728 ShellExecuteA
MSVCP140.dll
0x140112410 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140112418 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140112420 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x140112428 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x140112430 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x140112438 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x140112440 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x140112448 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
0x140112450 _Strxfrm
0x140112458 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140112460 ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
0x140112468 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x140112470 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x140112478 ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
0x140112480 ?id@?$ctype@D@std@@2V0locale@2@A
0x140112488 ?id@?$collate@D@std@@2V0locale@2@A
0x140112490 _Strcoll
0x140112498 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1401124a0 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401124a8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1401124b0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401124b8 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1401124c0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401124c8 ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
0x1401124d0 ?tolower@?$ctype@D@std@@QEBADD@Z
0x1401124d8 ??1facet@locale@std@@MEAA@XZ
0x1401124e0 ??0facet@locale@std@@IEAA@_K@Z
0x1401124e8 ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
0x1401124f0 ?_Incref@facet@locale@std@@UEAAXXZ
0x1401124f8 ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
0x140112500 ??1_Locinfo@std@@QEAA@XZ
0x140112508 ??0_Locinfo@std@@QEAA@PEBD@Z
0x140112510 ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
0x140112518 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x140112520 ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
0x140112528 ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
0x140112530 ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
0x140112538 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
0x140112540 ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
0x140112548 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x140112550 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x140112558 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140112560 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x140112568 _Query_perf_counter
0x140112570 _Thrd_sleep
0x140112578 _Cnd_do_broadcast_at_thread_exit
0x140112580 ?_Throw_Cpp_error@std@@YAXH@Z
0x140112588 _Query_perf_frequency
0x140112590 ??Bid@locale@std@@QEAA_KXZ
0x140112598 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1401125a0 ??Bios_base@std@@QEBA_NXZ
0x1401125a8 _Thrd_detach
0x1401125b0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125b8 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125c0 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1401125c8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125d0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1401125d8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1401125e0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1401125e8 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401125f0 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125f8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140112600 ?_Xbad_alloc@std@@YAXXZ
0x140112608 ?_Xout_of_range@std@@YAXPEBD@Z
0x140112610 ?_Winerror_map@std@@YAHH@Z
0x140112618 ?_Xlength_error@std@@YAXPEBD@Z
0x140112620 ?_Syserror_map@std@@YAPEBDH@Z
0x140112628 _Xtime_get_ticks
0x140112630 ??1_Lockit@std@@QEAA@XZ
0x140112638 ??0_Lockit@std@@QEAA@H@Z
0x140112640 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140112648 ?uncaught_exception@std@@YA_NXZ
0x140112650 ?_Xbad_function_call@std@@YAXXZ
0x140112658 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x140112660 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x140112668 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140112670 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140112678 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140112680 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140112688 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140112690 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140112698 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1401126a0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1401126a8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401126b0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1401126b8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1401126c0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1401126c8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1401126d0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
d3d11.dll
0x140112ee8 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_47.dll
0x140112128 D3DCompile
dwmapi.dll
0x140112ef8 DwmExtendFrameIntoClientArea
WINMM.dll
0x140112960 PlaySoundA
ntdll.dll
0x140112f08 RtlLookupFunctionEntry
0x140112f10 RtlVirtualUnwind
0x140112f18 RtlCaptureContext
urlmon.dll
0x140112f28 URLDownloadToFileA
IMM32.dll
0x140112138 ImmGetContext
0x140112140 ImmReleaseContext
0x140112148 ImmSetCandidateWindow
0x140112150 ImmSetCompositionWindow
Normaliz.dll
0x1401126e0 IdnToAscii
WLDAP32.dll
0x140112970 None
0x140112978 None
0x140112980 None
0x140112988 None
0x140112990 None
0x140112998 None
0x1401129a0 None
0x1401129a8 None
0x1401129b0 None
0x1401129b8 None
0x1401129c0 None
0x1401129c8 None
0x1401129d0 None
0x1401129d8 None
0x1401129e0 None
0x1401129e8 None
0x1401129f0 None
0x1401129f8 None
CRYPT32.dll
0x1401120a0 CertAddCertificateContextToStore
0x1401120a8 CertOpenStore
0x1401120b0 CertCloseStore
0x1401120b8 CertEnumCertificatesInStore
0x1401120c0 CertFindCertificateInStore
0x1401120c8 CertFreeCertificateContext
0x1401120d0 CryptStringToBinaryA
0x1401120d8 PFXImportCertStore
0x1401120e0 CryptDecodeObjectEx
0x1401120e8 CertGetCertificateChain
0x1401120f0 CertFindExtension
0x1401120f8 CertGetNameStringA
0x140112100 CryptQueryObject
0x140112108 CertCreateCertificateChainEngine
0x140112110 CertFreeCertificateChainEngine
0x140112118 CertFreeCertificateChain
WS2_32.dll
0x140112a08 closesocket
0x140112a10 recv
0x140112a18 send
0x140112a20 WSAGetLastError
0x140112a28 ind
0x140112a30 connect
0x140112a38 getpeername
0x140112a40 getsockname
0x140112a48 ntohl
0x140112a50 gethostname
0x140112a58 sendto
0x140112a60 recvfrom
0x140112a68 freeaddrinfo
0x140112a70 getaddrinfo
0x140112a78 select
0x140112a80 __WSAFDIsSet
0x140112a88 ioctlsocket
0x140112a90 listen
0x140112a98 htonl
0x140112aa0 accept
0x140112aa8 WSACleanup
0x140112ab0 WSAStartup
0x140112ab8 getsockopt
0x140112ac0 WSASetLastError
0x140112ac8 socket
0x140112ad0 setsockopt
0x140112ad8 ntohs
0x140112ae0 htons
0x140112ae8 WSAIoctl
RPCRT4.dll
0x140112700 UuidToStringA
0x140112708 UuidCreate
0x140112710 RpcStringFreeA
PSAPI.DLL
0x1401126f0 GetModuleInformation
USERENV.dll
0x1401128c0 UnloadUserProfile
VCRUNTIME140_1.dll
0x140112950 __CxxFrameHandler4
VCRUNTIME140.dll
0x1401128d0 __current_exception
0x1401128d8 strrchr
0x1401128e0 memset
0x1401128e8 memmove
0x1401128f0 memcpy
0x1401128f8 memcmp
0x140112900 __C_specific_handler
0x140112908 _CxxThrowException
0x140112910 strstr
0x140112918 strchr
0x140112920 __std_exception_copy
0x140112928 __std_exception_destroy
0x140112930 __current_exception_context
0x140112938 memchr
0x140112940 __std_terminate
api-ms-win-crt-heap-l1-1-0.dll
0x140112b78 free
0x140112b80 _set_new_mode
0x140112b88 malloc
0x140112b90 realloc
0x140112b98 _callnewh
0x140112ba0 calloc
api-ms-win-crt-filesystem-l1-1-0.dll
0x140112b38 _lock_file
0x140112b40 _fstat64
0x140112b48 _access
0x140112b50 remove
0x140112b58 _unlink
0x140112b60 _stat64
0x140112b68 _unlock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x140112c78 __p___argv
0x140112c80 _register_thread_local_exe_atexit_callback
0x140112c88 _getpid
0x140112c90 _exit
0x140112c98 _invalid_parameter_noinfo_noreturn
0x140112ca0 abort
0x140112ca8 _initterm_e
0x140112cb0 _initterm
0x140112cb8 _resetstkoflw
0x140112cc0 _get_initial_narrow_environment
0x140112cc8 _invalid_parameter_noinfo
0x140112cd0 __sys_nerr
0x140112cd8 strerror
0x140112ce0 _configure_narrow_argv
0x140112ce8 _set_app_type
0x140112cf0 _seh_filter_exe
0x140112cf8 _initialize_narrow_environment
0x140112d00 _c_exit
0x140112d08 _errno
0x140112d10 _cexit
0x140112d18 exit
0x140112d20 _crt_atexit
0x140112d28 _beginthreadex
0x140112d30 _initialize_onexit_table
0x140112d38 terminate
0x140112d40 system
0x140112d48 _register_onexit_function
0x140112d50 __p___argc
api-ms-win-crt-stdio-l1-1-0.dll
0x140112d60 ftell
0x140112d68 fgets
0x140112d70 fseek
0x140112d78 __stdio_common_vfprintf
0x140112d80 _pclose
0x140112d88 _set_fmode
0x140112d90 __acrt_iob_func
0x140112d98 __p__commode
0x140112da0 __stdio_common_vsscanf
0x140112da8 _read
0x140112db0 _get_stream_buffer_pointers
0x140112db8 _fseeki64
0x140112dc0 fread
0x140112dc8 fsetpos
0x140112dd0 ungetc
0x140112dd8 setvbuf
0x140112de0 fgetpos
0x140112de8 _write
0x140112df0 __stdio_common_vsprintf
0x140112df8 fwrite
0x140112e00 feof
0x140112e08 _close
0x140112e10 fgetc
0x140112e18 _open
0x140112e20 fclose
0x140112e28 fopen
0x140112e30 fflush
0x140112e38 fputs
0x140112e40 fputc
0x140112e48 _popen
0x140112e50 _lseeki64
0x140112e58 _wfopen
api-ms-win-crt-math-l1-1-0.dll
0x140112bd0 sqrt
0x140112bd8 pow
0x140112be0 powf
0x140112be8 sqrtf
0x140112bf0 roundf
0x140112bf8 fmodf
0x140112c00 cosf
0x140112c08 ldexp
0x140112c10 __setusermatherr
0x140112c18 _dclass
0x140112c20 sin
0x140112c28 _dsign
0x140112c30 sinf
0x140112c38 cos
0x140112c40 ceilf
0x140112c48 atanf
0x140112c50 tan
0x140112c58 tanf
0x140112c60 atan2f
0x140112c68 acosf
api-ms-win-crt-convert-l1-1-0.dll
0x140112af8 strtol
0x140112b00 strtoul
0x140112b08 strtod
0x140112b10 strtoull
0x140112b18 atof
0x140112b20 strtoll
0x140112b28 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x140112bb0 _configthreadlocale
0x140112bb8 localeconv
0x140112bc0 ___lc_codepage_func
api-ms-win-crt-utility-l1-1-0.dll
0x140112ed8 qsort
api-ms-win-crt-string-l1-1-0.dll
0x140112e68 _strdup
0x140112e70 strncmp
0x140112e78 wcsncpy
0x140112e80 strncpy
0x140112e88 strpbrk
0x140112e90 isupper
0x140112e98 strspn
0x140112ea0 strcspn
0x140112ea8 tolower
0x140112eb0 strcmp
api-ms-win-crt-time-l1-1-0.dll
0x140112ec0 _time64
0x140112ec8 _gmtime64
ADVAPI32.dll
0x140112000 CryptEncrypt
0x140112008 CryptImportKey
0x140112010 CryptDestroyKey
0x140112018 CryptDestroyHash
0x140112020 CryptHashData
0x140112028 CryptCreateHash
0x140112030 CryptGenRandom
0x140112038 CryptGetHashParam
0x140112040 CryptReleaseContext
0x140112048 CryptAcquireContextA
0x140112050 ConvertSidToStringSidA
0x140112058 CopySid
0x140112060 SetSecurityInfo
0x140112068 IsValidSid
0x140112070 InitializeAcl
0x140112078 GetTokenInformation
0x140112080 GetLengthSid
0x140112088 AddAccessAllowedAce
0x140112090 OpenProcessToken
EAT(Export Address Table) is none
KERNEL32.dll
0x140112160 PeekNamedPipe
0x140112168 WaitForMultipleObjects
0x140112170 CreateFileA
0x140112178 GetFileSizeEx
0x140112180 GetLocaleInfoEx
0x140112188 CreateDirectoryW
0x140112190 FindClose
0x140112198 FindFirstFileW
0x1401121a0 FindFirstFileExW
0x1401121a8 FindNextFileW
0x1401121b0 GetFileAttributesExW
0x1401121b8 LoadLibraryA
0x1401121c0 AreFileApisANSI
0x1401121c8 GetFileType
0x1401121d0 GetEnvironmentVariableA
0x1401121d8 WaitForSingleObjectEx
0x1401121e0 MoveFileExA
0x1401121e8 MoveFileExW
0x1401121f0 VirtualProtect
0x1401121f8 GetTickCount
0x140112200 ReleaseSRWLockExclusive
0x140112208 AcquireSRWLockExclusive
0x140112210 WakeAllConditionVariable
0x140112218 SleepConditionVariableSRW
0x140112220 UnhandledExceptionFilter
0x140112228 SetUnhandledExceptionFilter
0x140112230 TerminateProcess
0x140112238 IsProcessorFeaturePresent
0x140112240 IsDebuggerPresent
0x140112248 GetCurrentProcessId
0x140112250 GetCurrentThreadId
0x140112258 GetSystemTimeAsFileTime
0x140112260 InitializeSListHead
0x140112268 OutputDebugStringW
0x140112270 GetModuleHandleA
0x140112278 GlobalUnlock
0x140112280 GlobalLock
0x140112288 VerifyVersionInfoA
0x140112290 GetSystemDirectoryA
0x140112298 SleepEx
0x1401122a0 LeaveCriticalSection
0x1401122a8 EnterCriticalSection
0x1401122b0 LocalFree
0x1401122b8 FormatMessageA
0x1401122c0 SetLastError
0x1401122c8 GetModuleFileNameA
0x1401122d0 GlobalFree
0x1401122d8 CreateThread
0x1401122e0 GetCurrentProcess
0x1401122e8 DeleteCriticalSection
0x1401122f0 InitializeCriticalSectionEx
0x1401122f8 GetProcessHeap
0x140112300 HeapSize
0x140112308 HeapFree
0x140112310 HeapReAlloc
0x140112318 HeapAlloc
0x140112320 HeapDestroy
0x140112328 GetLastError
0x140112330 CreateFileW
0x140112338 GetModuleHandleW
0x140112340 QueryPerformanceCounter
0x140112348 FreeLibrary
0x140112350 GetProcAddress
0x140112358 ReadFile
0x140112360 UnmapViewOfFile
0x140112368 MapViewOfFile
0x140112370 CreateFileMappingW
0x140112378 GlobalAlloc
0x140112380 MultiByteToWideChar
0x140112388 QueryFullProcessImageNameW
0x140112390 VerifyVersionInfoW
0x140112398 GetConsoleWindow
0x1401123a0 WideCharToMultiByte
0x1401123a8 VerSetConditionMask
0x1401123b0 CloseHandle
0x1401123b8 Sleep
0x1401123c0 OpenProcess
0x1401123c8 SetConsoleWindowInfo
0x1401123d0 SetConsoleScreenBufferSize
0x1401123d8 SetConsoleTextAttribute
0x1401123e0 GetTickCount64
0x1401123e8 DeviceIoControl
0x1401123f0 GetFileInformationByHandleEx
0x1401123f8 QueryPerformanceFrequency
0x140112400 GetStdHandle
USER32.dll
0x140112738 ShowWindow
0x140112740 GetWindowLongPtrW
0x140112748 SetWindowLongPtrW
0x140112750 SetClipboardData
0x140112758 GetClipboardData
0x140112760 EmptyClipboard
0x140112768 CloseClipboard
0x140112770 OpenClipboard
0x140112778 GetCursorPos
0x140112780 GetAsyncKeyState
0x140112788 GetForegroundWindow
0x140112790 SetLayeredWindowAttributes
0x140112798 SetCursorPos
0x1401127a0 ReleaseCapture
0x1401127a8 IsWindowUnicode
0x1401127b0 GetClientRect
0x1401127b8 SetCursor
0x1401127c0 SetCapture
0x1401127c8 ClientToScreen
0x1401127d0 FindWindowW
0x1401127d8 MapVirtualKeyW
0x1401127e0 SendMessageW
0x1401127e8 FindWindowA
0x1401127f0 GetCapture
0x1401127f8 mouse_event
0x140112800 DefWindowProcW
0x140112808 GetKeyboardState
0x140112810 GetWindowLongW
0x140112818 ToUnicode
0x140112820 TrackMouseEvent
0x140112828 SetWindowPos
0x140112830 CreateWindowExW
0x140112838 UnregisterClassW
0x140112840 RegisterClassExW
0x140112848 DispatchMessageW
0x140112850 PeekMessageW
0x140112858 LoadCursorW
0x140112860 SetWindowDisplayAffinity
0x140112868 TranslateMessage
0x140112870 SetWindowLongW
0x140112878 PostQuitMessage
0x140112880 ScreenToClient
0x140112888 GetMessageExtraInfo
0x140112890 GetKeyState
0x140112898 MessageBoxA
0x1401128a0 UnregisterClassA
0x1401128a8 DestroyWindow
0x1401128b0 UpdateWindow
SHELL32.dll
0x140112720 SHGetFolderPathA
0x140112728 ShellExecuteA
MSVCP140.dll
0x140112410 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140112418 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x140112420 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x140112428 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x140112430 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x140112438 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x140112440 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x140112448 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
0x140112450 _Strxfrm
0x140112458 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140112460 ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
0x140112468 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x140112470 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x140112478 ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
0x140112480 ?id@?$ctype@D@std@@2V0locale@2@A
0x140112488 ?id@?$collate@D@std@@2V0locale@2@A
0x140112490 _Strcoll
0x140112498 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1401124a0 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401124a8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1401124b0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401124b8 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1401124c0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401124c8 ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
0x1401124d0 ?tolower@?$ctype@D@std@@QEBADD@Z
0x1401124d8 ??1facet@locale@std@@MEAA@XZ
0x1401124e0 ??0facet@locale@std@@IEAA@_K@Z
0x1401124e8 ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
0x1401124f0 ?_Incref@facet@locale@std@@UEAAXXZ
0x1401124f8 ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
0x140112500 ??1_Locinfo@std@@QEAA@XZ
0x140112508 ??0_Locinfo@std@@QEAA@PEBD@Z
0x140112510 ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
0x140112518 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x140112520 ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
0x140112528 ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
0x140112530 ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
0x140112538 ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
0x140112540 ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
0x140112548 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x140112550 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x140112558 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140112560 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x140112568 _Query_perf_counter
0x140112570 _Thrd_sleep
0x140112578 _Cnd_do_broadcast_at_thread_exit
0x140112580 ?_Throw_Cpp_error@std@@YAXH@Z
0x140112588 _Query_perf_frequency
0x140112590 ??Bid@locale@std@@QEAA_KXZ
0x140112598 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1401125a0 ??Bios_base@std@@QEBA_NXZ
0x1401125a8 _Thrd_detach
0x1401125b0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125b8 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125c0 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1401125c8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125d0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1401125d8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1401125e0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1401125e8 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1401125f0 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1401125f8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x140112600 ?_Xbad_alloc@std@@YAXXZ
0x140112608 ?_Xout_of_range@std@@YAXPEBD@Z
0x140112610 ?_Winerror_map@std@@YAHH@Z
0x140112618 ?_Xlength_error@std@@YAXPEBD@Z
0x140112620 ?_Syserror_map@std@@YAPEBDH@Z
0x140112628 _Xtime_get_ticks
0x140112630 ??1_Lockit@std@@QEAA@XZ
0x140112638 ??0_Lockit@std@@QEAA@H@Z
0x140112640 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140112648 ?uncaught_exception@std@@YA_NXZ
0x140112650 ?_Xbad_function_call@std@@YAXXZ
0x140112658 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x140112660 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x140112668 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140112670 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140112678 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140112680 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140112688 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x140112690 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140112698 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1401126a0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1401126a8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1401126b0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1401126b8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1401126c0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1401126c8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1401126d0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
d3d11.dll
0x140112ee8 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_47.dll
0x140112128 D3DCompile
dwmapi.dll
0x140112ef8 DwmExtendFrameIntoClientArea
WINMM.dll
0x140112960 PlaySoundA
ntdll.dll
0x140112f08 RtlLookupFunctionEntry
0x140112f10 RtlVirtualUnwind
0x140112f18 RtlCaptureContext
urlmon.dll
0x140112f28 URLDownloadToFileA
IMM32.dll
0x140112138 ImmGetContext
0x140112140 ImmReleaseContext
0x140112148 ImmSetCandidateWindow
0x140112150 ImmSetCompositionWindow
Normaliz.dll
0x1401126e0 IdnToAscii
WLDAP32.dll
0x140112970 None
0x140112978 None
0x140112980 None
0x140112988 None
0x140112990 None
0x140112998 None
0x1401129a0 None
0x1401129a8 None
0x1401129b0 None
0x1401129b8 None
0x1401129c0 None
0x1401129c8 None
0x1401129d0 None
0x1401129d8 None
0x1401129e0 None
0x1401129e8 None
0x1401129f0 None
0x1401129f8 None
CRYPT32.dll
0x1401120a0 CertAddCertificateContextToStore
0x1401120a8 CertOpenStore
0x1401120b0 CertCloseStore
0x1401120b8 CertEnumCertificatesInStore
0x1401120c0 CertFindCertificateInStore
0x1401120c8 CertFreeCertificateContext
0x1401120d0 CryptStringToBinaryA
0x1401120d8 PFXImportCertStore
0x1401120e0 CryptDecodeObjectEx
0x1401120e8 CertGetCertificateChain
0x1401120f0 CertFindExtension
0x1401120f8 CertGetNameStringA
0x140112100 CryptQueryObject
0x140112108 CertCreateCertificateChainEngine
0x140112110 CertFreeCertificateChainEngine
0x140112118 CertFreeCertificateChain
WS2_32.dll
0x140112a08 closesocket
0x140112a10 recv
0x140112a18 send
0x140112a20 WSAGetLastError
0x140112a28 ind
0x140112a30 connect
0x140112a38 getpeername
0x140112a40 getsockname
0x140112a48 ntohl
0x140112a50 gethostname
0x140112a58 sendto
0x140112a60 recvfrom
0x140112a68 freeaddrinfo
0x140112a70 getaddrinfo
0x140112a78 select
0x140112a80 __WSAFDIsSet
0x140112a88 ioctlsocket
0x140112a90 listen
0x140112a98 htonl
0x140112aa0 accept
0x140112aa8 WSACleanup
0x140112ab0 WSAStartup
0x140112ab8 getsockopt
0x140112ac0 WSASetLastError
0x140112ac8 socket
0x140112ad0 setsockopt
0x140112ad8 ntohs
0x140112ae0 htons
0x140112ae8 WSAIoctl
RPCRT4.dll
0x140112700 UuidToStringA
0x140112708 UuidCreate
0x140112710 RpcStringFreeA
PSAPI.DLL
0x1401126f0 GetModuleInformation
USERENV.dll
0x1401128c0 UnloadUserProfile
VCRUNTIME140_1.dll
0x140112950 __CxxFrameHandler4
VCRUNTIME140.dll
0x1401128d0 __current_exception
0x1401128d8 strrchr
0x1401128e0 memset
0x1401128e8 memmove
0x1401128f0 memcpy
0x1401128f8 memcmp
0x140112900 __C_specific_handler
0x140112908 _CxxThrowException
0x140112910 strstr
0x140112918 strchr
0x140112920 __std_exception_copy
0x140112928 __std_exception_destroy
0x140112930 __current_exception_context
0x140112938 memchr
0x140112940 __std_terminate
api-ms-win-crt-heap-l1-1-0.dll
0x140112b78 free
0x140112b80 _set_new_mode
0x140112b88 malloc
0x140112b90 realloc
0x140112b98 _callnewh
0x140112ba0 calloc
api-ms-win-crt-filesystem-l1-1-0.dll
0x140112b38 _lock_file
0x140112b40 _fstat64
0x140112b48 _access
0x140112b50 remove
0x140112b58 _unlink
0x140112b60 _stat64
0x140112b68 _unlock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x140112c78 __p___argv
0x140112c80 _register_thread_local_exe_atexit_callback
0x140112c88 _getpid
0x140112c90 _exit
0x140112c98 _invalid_parameter_noinfo_noreturn
0x140112ca0 abort
0x140112ca8 _initterm_e
0x140112cb0 _initterm
0x140112cb8 _resetstkoflw
0x140112cc0 _get_initial_narrow_environment
0x140112cc8 _invalid_parameter_noinfo
0x140112cd0 __sys_nerr
0x140112cd8 strerror
0x140112ce0 _configure_narrow_argv
0x140112ce8 _set_app_type
0x140112cf0 _seh_filter_exe
0x140112cf8 _initialize_narrow_environment
0x140112d00 _c_exit
0x140112d08 _errno
0x140112d10 _cexit
0x140112d18 exit
0x140112d20 _crt_atexit
0x140112d28 _beginthreadex
0x140112d30 _initialize_onexit_table
0x140112d38 terminate
0x140112d40 system
0x140112d48 _register_onexit_function
0x140112d50 __p___argc
api-ms-win-crt-stdio-l1-1-0.dll
0x140112d60 ftell
0x140112d68 fgets
0x140112d70 fseek
0x140112d78 __stdio_common_vfprintf
0x140112d80 _pclose
0x140112d88 _set_fmode
0x140112d90 __acrt_iob_func
0x140112d98 __p__commode
0x140112da0 __stdio_common_vsscanf
0x140112da8 _read
0x140112db0 _get_stream_buffer_pointers
0x140112db8 _fseeki64
0x140112dc0 fread
0x140112dc8 fsetpos
0x140112dd0 ungetc
0x140112dd8 setvbuf
0x140112de0 fgetpos
0x140112de8 _write
0x140112df0 __stdio_common_vsprintf
0x140112df8 fwrite
0x140112e00 feof
0x140112e08 _close
0x140112e10 fgetc
0x140112e18 _open
0x140112e20 fclose
0x140112e28 fopen
0x140112e30 fflush
0x140112e38 fputs
0x140112e40 fputc
0x140112e48 _popen
0x140112e50 _lseeki64
0x140112e58 _wfopen
api-ms-win-crt-math-l1-1-0.dll
0x140112bd0 sqrt
0x140112bd8 pow
0x140112be0 powf
0x140112be8 sqrtf
0x140112bf0 roundf
0x140112bf8 fmodf
0x140112c00 cosf
0x140112c08 ldexp
0x140112c10 __setusermatherr
0x140112c18 _dclass
0x140112c20 sin
0x140112c28 _dsign
0x140112c30 sinf
0x140112c38 cos
0x140112c40 ceilf
0x140112c48 atanf
0x140112c50 tan
0x140112c58 tanf
0x140112c60 atan2f
0x140112c68 acosf
api-ms-win-crt-convert-l1-1-0.dll
0x140112af8 strtol
0x140112b00 strtoul
0x140112b08 strtod
0x140112b10 strtoull
0x140112b18 atof
0x140112b20 strtoll
0x140112b28 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x140112bb0 _configthreadlocale
0x140112bb8 localeconv
0x140112bc0 ___lc_codepage_func
api-ms-win-crt-utility-l1-1-0.dll
0x140112ed8 qsort
api-ms-win-crt-string-l1-1-0.dll
0x140112e68 _strdup
0x140112e70 strncmp
0x140112e78 wcsncpy
0x140112e80 strncpy
0x140112e88 strpbrk
0x140112e90 isupper
0x140112e98 strspn
0x140112ea0 strcspn
0x140112ea8 tolower
0x140112eb0 strcmp
api-ms-win-crt-time-l1-1-0.dll
0x140112ec0 _time64
0x140112ec8 _gmtime64
ADVAPI32.dll
0x140112000 CryptEncrypt
0x140112008 CryptImportKey
0x140112010 CryptDestroyKey
0x140112018 CryptDestroyHash
0x140112020 CryptHashData
0x140112028 CryptCreateHash
0x140112030 CryptGenRandom
0x140112038 CryptGetHashParam
0x140112040 CryptReleaseContext
0x140112048 CryptAcquireContextA
0x140112050 ConvertSidToStringSidA
0x140112058 CopySid
0x140112060 SetSecurityInfo
0x140112068 IsValidSid
0x140112070 InitializeAcl
0x140112078 GetTokenInformation
0x140112080 GetLengthSid
0x140112088 AddAccessAllowedAce
0x140112090 OpenProcessToken
EAT(Export Address Table) is none