ScreenShot
| Created | 2024.10.21 17:07 | Machine | s1_win7_x6403 |
| Filename | p90.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (AIDetectMalware, Malicious, score, Unsafe, Variadic, Miner, grayware, confidence, Attribute, HighConfidence, Windows, Cryptominer, CoinMiner, MiscX, RiskTool, BitMiner, HackTool, XMRMiner, CLASSIC, Generic ML PUA, Static AI, Malicious PE, XMRigMiner, Detected, Wacapew, Miner3, R512976, BitcoinMiner, susgen) | ||
| md5 | b1834e1ac5d374dbdfc865de566834b9 | ||
| sha256 | 26a91c5bdd982f9ca4dab220a56565f145d29d3abc2be6fbfb09191296844308 | ||
| ssdeep | 98304:6xOgFu7FSdeIMpAiRfzUoraomhFY/Hl6RqVJgwFKR+uCZlf:65FuYhhFYPl6AgwFGW/f | ||
| imphash | 25bd73a66fa0b74f0c54bf2764e1e538 | ||
| impfuzzy | 96:4zXHKLQ/sLzsX1xj3cpejwgfTdkINar8DeLCs6JWaI4kXSGBgFM3DSqoii3rbnsQ:oqQ/F9bwodkIcH6JW4kF+E8rb2XW | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x180356880 send
0x180356888 WSASetLastError
0x180356890 WSAGetLastError
0x180356898 recv
0x1803568a0 htons
0x1803568a8 select
0x1803568b0 WSARecvFrom
0x1803568b8 WSASocketW
0x1803568c0 WSASend
0x1803568c8 WSARecv
0x1803568d0 WSAIoctl
0x1803568d8 gethostname
0x1803568e0 shutdown
0x1803568e8 FreeAddrInfoW
0x1803568f0 GetAddrInfoW
0x1803568f8 htonl
0x180356900 socket
0x180356908 setsockopt
0x180356910 closesocket
0x180356918 ind
0x180356920 WSACleanup
0x180356928 WSAStartup
0x180356930 getsockopt
0x180356938 ioctlsocket
USERENV.dll
0x180356870 GetUserProfileDirectoryW
WTSAPI32.dll
0x180356948 WTSEnumerateSessionsW
0x180356950 WTSFreeMemory
0x180356958 WTSQuerySessionInformationW
CRYPT32.dll
0x180356110 CertOpenStore
0x180356118 CertDuplicateCertificateContext
0x180356120 CertFindCertificateInStore
0x180356128 CertEnumCertificatesInStore
0x180356130 CertGetCertificateContextProperty
0x180356138 CertFreeCertificateContext
0x180356140 CertCloseStore
KERNEL32.dll
0x180356150 CreateEventW
0x180356158 WriteConsoleW
0x180356160 SetConsoleTitleA
0x180356168 GetStdHandle
0x180356170 SetConsoleMode
0x180356178 GetConsoleMode
0x180356180 QueryPerformanceFrequency
0x180356188 QueryPerformanceCounter
0x180356190 ExpandEnvironmentStringsA
0x180356198 CreateThread
0x1803561a0 GetSystemFirmwareTable
0x1803561a8 HeapFree
0x1803561b0 HeapAlloc
0x1803561b8 GetProcessHeap
0x1803561c0 MultiByteToWideChar
0x1803561c8 SetPriorityClass
0x1803561d0 GetCurrentProcess
0x1803561d8 SetThreadPriority
0x1803561e0 GetSystemPowerStatus
0x1803561e8 GetCurrentThread
0x1803561f0 GetProcAddress
0x1803561f8 GetModuleHandleW
0x180356200 CloseHandle
0x180356208 FreeConsole
0x180356210 GetConsoleWindow
0x180356218 VirtualProtect
0x180356220 VirtualFree
0x180356228 VirtualAlloc
0x180356230 GetLargePageMinimum
0x180356238 LocalAlloc
0x180356240 GetLastError
0x180356248 LocalFree
0x180356250 FlushInstructionCache
0x180356258 GetCurrentThreadId
0x180356260 AddVectoredExceptionHandler
0x180356268 DeviceIoControl
0x180356270 GetModuleFileNameW
0x180356278 CreateFileW
0x180356280 SetLastError
0x180356288 GetSystemTime
0x180356290 SystemTimeToFileTime
0x180356298 GetModuleHandleExW
0x1803562a0 EnterCriticalSection
0x1803562a8 LeaveCriticalSection
0x1803562b0 InitializeCriticalSectionAndSpinCount
0x1803562b8 DeleteCriticalSection
0x1803562c0 TlsAlloc
0x1803562c8 TlsGetValue
0x1803562d0 TlsSetValue
0x1803562d8 TlsFree
0x1803562e0 SwitchToFiber
0x1803562e8 DeleteFiber
0x1803562f0 CreateFiber
0x1803562f8 FindClose
0x180356300 FindFirstFileW
0x180356308 FindNextFileW
0x180356310 WideCharToMultiByte
0x180356318 GetFileType
0x180356320 WriteFile
0x180356328 ConvertFiberToThread
0x180356330 ConvertThreadToFiber
0x180356338 GetCurrentProcessId
0x180356340 GetSystemTimeAsFileTime
0x180356348 FreeLibrary
0x180356350 LoadLibraryA
0x180356358 LoadLibraryW
0x180356360 GetEnvironmentVariableW
0x180356368 ReadConsoleA
0x180356370 ReadConsoleW
0x180356378 PostQueuedCompletionStatus
0x180356380 CreateFileA
0x180356388 DuplicateHandle
0x180356390 SetEvent
0x180356398 ResetEvent
0x1803563a0 WaitForSingleObject
0x1803563a8 CreateEventA
0x1803563b0 Sleep
0x1803563b8 QueueUserWorkItem
0x1803563c0 RegisterWaitForSingleObject
0x1803563c8 UnregisterWait
0x1803563d0 GetNumberOfConsoleInputEvents
0x1803563d8 ReadConsoleInputW
0x1803563e0 FillConsoleOutputCharacterW
0x1803563e8 FillConsoleOutputAttribute
0x1803563f0 GetConsoleCursorInfo
0x1803563f8 SetConsoleCursorInfo
0x180356400 GetConsoleScreenBufferInfo
0x180356408 SetConsoleCursorPosition
0x180356410 SetConsoleTextAttribute
0x180356418 WriteConsoleInputW
0x180356420 CreateDirectoryW
0x180356428 FlushFileBuffers
0x180356430 GetDiskFreeSpaceW
0x180356438 GetFileAttributesW
0x180356440 GetFileInformationByHandle
0x180356448 UnhandledExceptionFilter
0x180356450 GetFinalPathNameByHandleW
0x180356458 RtlCaptureContext
0x180356460 ReadFile
0x180356468 RemoveDirectoryW
0x180356470 SetFilePointerEx
0x180356478 SetFileTime
0x180356480 GetSystemInfo
0x180356488 MapViewOfFile
0x180356490 FlushViewOfFile
0x180356498 UnmapViewOfFile
0x1803564a0 CreateFileMappingA
0x1803564a8 ReOpenFile
0x1803564b0 CopyFileW
0x1803564b8 MoveFileExW
0x1803564c0 CreateHardLinkW
0x1803564c8 GetFileInformationByHandleEx
0x1803564d0 CreateSymbolicLinkW
0x1803564d8 InitializeCriticalSection
0x1803564e0 SetConsoleCtrlHandler
0x1803564e8 GetCurrentDirectoryW
0x1803564f0 GetLongPathNameW
0x1803564f8 GetShortPathNameW
0x180356500 CreateIoCompletionPort
0x180356508 ReadDirectoryChangesW
0x180356510 GetEnvironmentStringsW
0x180356518 FreeEnvironmentStringsW
0x180356520 SetEnvironmentVariableW
0x180356528 SetCurrentDirectoryW
0x180356530 GetTempPathW
0x180356538 GlobalMemoryStatusEx
0x180356540 RtlUnwind
0x180356548 SetHandleInformation
0x180356550 CancelIoEx
0x180356558 CancelIo
0x180356560 SwitchToThread
0x180356568 SetFileCompletionNotificationModes
0x180356570 LoadLibraryExW
0x180356578 FormatMessageA
0x180356580 SetErrorMode
0x180356588 GetQueuedCompletionStatus
0x180356590 InitializeSRWLock
0x180356598 ReleaseSRWLockExclusive
0x1803565a0 AcquireSRWLockExclusive
0x1803565a8 TryEnterCriticalSection
0x1803565b0 InitializeConditionVariable
0x1803565b8 WakeConditionVariable
0x1803565c0 WakeAllConditionVariable
0x1803565c8 SleepConditionVariableCS
0x1803565d0 ReleaseSemaphore
0x1803565d8 ResumeThread
0x1803565e0 GetNativeSystemInfo
0x1803565e8 CreateSemaphoreA
0x1803565f0 ConnectNamedPipe
0x1803565f8 SetNamedPipeHandleState
0x180356600 PeekNamedPipe
0x180356608 CreateNamedPipeW
0x180356610 CancelSynchronousIo
0x180356618 GetNamedPipeHandleStateA
0x180356620 TerminateProcess
0x180356628 GetExitCodeProcess
0x180356630 UnregisterWaitEx
0x180356638 LCMapStringW
0x180356640 DebugBreak
0x180356648 GetModuleHandleA
0x180356650 LoadLibraryExA
0x180356658 GetStartupInfoW
0x180356660 GetModuleFileNameA
0x180356668 GetVersionExA
0x180356670 GetProcessAffinityMask
0x180356678 SetProcessAffinityMask
0x180356680 SetThreadAffinityMask
0x180356688 GetComputerNameA
0x180356690 GetStringTypeW
0x180356698 RtlLookupFunctionEntry
0x1803566a0 GetFullPathNameW
0x1803566a8 RtlVirtualUnwind
0x1803566b0 SetUnhandledExceptionFilter
0x1803566b8 IsProcessorFeaturePresent
0x1803566c0 IsDebuggerPresent
0x1803566c8 InitializeSListHead
0x1803566d0 RtlUnwindEx
0x1803566d8 RtlPcToFileHeader
0x1803566e0 RaiseException
0x1803566e8 InterlockedFlushSList
0x1803566f0 SetStdHandle
0x1803566f8 GetCommandLineA
0x180356700 GetCommandLineW
0x180356708 ExitThread
0x180356710 FreeLibraryAndExitThread
0x180356718 GetDriveTypeW
0x180356720 SystemTimeToTzSpecificLocalTime
0x180356728 ExitProcess
0x180356730 GetFileAttributesExW
0x180356738 SetFileAttributesW
0x180356740 GetConsoleOutputCP
0x180356748 CompareStringW
0x180356750 GetLocaleInfoW
0x180356758 IsValidLocale
0x180356760 GetUserDefaultLCID
0x180356768 EnumSystemLocalesW
0x180356770 HeapReAlloc
0x180356778 GetTimeZoneInformation
0x180356780 HeapSize
0x180356788 SetEndOfFile
0x180356790 FindFirstFileExW
0x180356798 IsValidCodePage
0x1803567a0 GetACP
0x1803567a8 GetOEMCP
0x1803567b0 GetFileSizeEx
0x1803567b8 FileTimeToSystemTime
0x1803567c0 InitializeCriticalSectionEx
0x1803567c8 WaitForSingleObjectEx
0x1803567d0 GetExitCodeThread
0x1803567d8 SleepConditionVariableSRW
0x1803567e0 EncodePointer
0x1803567e8 DecodePointer
0x1803567f0 LCMapStringEx
0x1803567f8 CompareStringEx
0x180356800 GetCPInfo
USER32.dll
0x180356820 MessageBoxW
0x180356828 GetProcessWindowStation
0x180356830 GetSystemMetrics
0x180356838 MapVirtualKeyW
0x180356840 DispatchMessageA
0x180356848 TranslateMessage
0x180356850 GetMessageA
0x180356858 GetUserObjectInformationW
0x180356860 ShowWindow
SHELL32.dll
0x180356810 SHGetSpecialFolderPathA
ADVAPI32.dll
0x180356000 SystemFunction036
0x180356008 GetUserNameW
0x180356010 CryptEnumProvidersW
0x180356018 CryptSignHashW
0x180356020 CryptDestroyHash
0x180356028 CryptCreateHash
0x180356030 CryptDecrypt
0x180356038 CryptExportKey
0x180356040 CryptGetUserKey
0x180356048 CryptGetProvParam
0x180356050 CryptSetHashParam
0x180356058 CryptDestroyKey
0x180356060 CryptReleaseContext
0x180356068 CryptAcquireContextW
0x180356070 ReportEventW
0x180356078 RegisterEventSourceW
0x180356080 DeregisterEventSource
0x180356088 CreateServiceW
0x180356090 QueryServiceStatus
0x180356098 CloseServiceHandle
0x1803560a0 OpenSCManagerW
0x1803560a8 QueryServiceConfigA
0x1803560b0 DeleteService
0x1803560b8 ControlService
0x1803560c0 StartServiceW
0x1803560c8 OpenServiceW
0x1803560d0 LookupPrivilegeValueW
0x1803560d8 AdjustTokenPrivileges
0x1803560e0 OpenProcessToken
0x1803560e8 LsaOpenPolicy
0x1803560f0 LsaAddAccountRights
0x1803560f8 LsaClose
0x180356100 GetTokenInformation
crypt.dll
0x180356968 BCryptGenRandom
EAT(Export Address Table) Library
0x18002c4f0 DllRegisterServer
WS2_32.dll
0x180356880 send
0x180356888 WSASetLastError
0x180356890 WSAGetLastError
0x180356898 recv
0x1803568a0 htons
0x1803568a8 select
0x1803568b0 WSARecvFrom
0x1803568b8 WSASocketW
0x1803568c0 WSASend
0x1803568c8 WSARecv
0x1803568d0 WSAIoctl
0x1803568d8 gethostname
0x1803568e0 shutdown
0x1803568e8 FreeAddrInfoW
0x1803568f0 GetAddrInfoW
0x1803568f8 htonl
0x180356900 socket
0x180356908 setsockopt
0x180356910 closesocket
0x180356918 ind
0x180356920 WSACleanup
0x180356928 WSAStartup
0x180356930 getsockopt
0x180356938 ioctlsocket
USERENV.dll
0x180356870 GetUserProfileDirectoryW
WTSAPI32.dll
0x180356948 WTSEnumerateSessionsW
0x180356950 WTSFreeMemory
0x180356958 WTSQuerySessionInformationW
CRYPT32.dll
0x180356110 CertOpenStore
0x180356118 CertDuplicateCertificateContext
0x180356120 CertFindCertificateInStore
0x180356128 CertEnumCertificatesInStore
0x180356130 CertGetCertificateContextProperty
0x180356138 CertFreeCertificateContext
0x180356140 CertCloseStore
KERNEL32.dll
0x180356150 CreateEventW
0x180356158 WriteConsoleW
0x180356160 SetConsoleTitleA
0x180356168 GetStdHandle
0x180356170 SetConsoleMode
0x180356178 GetConsoleMode
0x180356180 QueryPerformanceFrequency
0x180356188 QueryPerformanceCounter
0x180356190 ExpandEnvironmentStringsA
0x180356198 CreateThread
0x1803561a0 GetSystemFirmwareTable
0x1803561a8 HeapFree
0x1803561b0 HeapAlloc
0x1803561b8 GetProcessHeap
0x1803561c0 MultiByteToWideChar
0x1803561c8 SetPriorityClass
0x1803561d0 GetCurrentProcess
0x1803561d8 SetThreadPriority
0x1803561e0 GetSystemPowerStatus
0x1803561e8 GetCurrentThread
0x1803561f0 GetProcAddress
0x1803561f8 GetModuleHandleW
0x180356200 CloseHandle
0x180356208 FreeConsole
0x180356210 GetConsoleWindow
0x180356218 VirtualProtect
0x180356220 VirtualFree
0x180356228 VirtualAlloc
0x180356230 GetLargePageMinimum
0x180356238 LocalAlloc
0x180356240 GetLastError
0x180356248 LocalFree
0x180356250 FlushInstructionCache
0x180356258 GetCurrentThreadId
0x180356260 AddVectoredExceptionHandler
0x180356268 DeviceIoControl
0x180356270 GetModuleFileNameW
0x180356278 CreateFileW
0x180356280 SetLastError
0x180356288 GetSystemTime
0x180356290 SystemTimeToFileTime
0x180356298 GetModuleHandleExW
0x1803562a0 EnterCriticalSection
0x1803562a8 LeaveCriticalSection
0x1803562b0 InitializeCriticalSectionAndSpinCount
0x1803562b8 DeleteCriticalSection
0x1803562c0 TlsAlloc
0x1803562c8 TlsGetValue
0x1803562d0 TlsSetValue
0x1803562d8 TlsFree
0x1803562e0 SwitchToFiber
0x1803562e8 DeleteFiber
0x1803562f0 CreateFiber
0x1803562f8 FindClose
0x180356300 FindFirstFileW
0x180356308 FindNextFileW
0x180356310 WideCharToMultiByte
0x180356318 GetFileType
0x180356320 WriteFile
0x180356328 ConvertFiberToThread
0x180356330 ConvertThreadToFiber
0x180356338 GetCurrentProcessId
0x180356340 GetSystemTimeAsFileTime
0x180356348 FreeLibrary
0x180356350 LoadLibraryA
0x180356358 LoadLibraryW
0x180356360 GetEnvironmentVariableW
0x180356368 ReadConsoleA
0x180356370 ReadConsoleW
0x180356378 PostQueuedCompletionStatus
0x180356380 CreateFileA
0x180356388 DuplicateHandle
0x180356390 SetEvent
0x180356398 ResetEvent
0x1803563a0 WaitForSingleObject
0x1803563a8 CreateEventA
0x1803563b0 Sleep
0x1803563b8 QueueUserWorkItem
0x1803563c0 RegisterWaitForSingleObject
0x1803563c8 UnregisterWait
0x1803563d0 GetNumberOfConsoleInputEvents
0x1803563d8 ReadConsoleInputW
0x1803563e0 FillConsoleOutputCharacterW
0x1803563e8 FillConsoleOutputAttribute
0x1803563f0 GetConsoleCursorInfo
0x1803563f8 SetConsoleCursorInfo
0x180356400 GetConsoleScreenBufferInfo
0x180356408 SetConsoleCursorPosition
0x180356410 SetConsoleTextAttribute
0x180356418 WriteConsoleInputW
0x180356420 CreateDirectoryW
0x180356428 FlushFileBuffers
0x180356430 GetDiskFreeSpaceW
0x180356438 GetFileAttributesW
0x180356440 GetFileInformationByHandle
0x180356448 UnhandledExceptionFilter
0x180356450 GetFinalPathNameByHandleW
0x180356458 RtlCaptureContext
0x180356460 ReadFile
0x180356468 RemoveDirectoryW
0x180356470 SetFilePointerEx
0x180356478 SetFileTime
0x180356480 GetSystemInfo
0x180356488 MapViewOfFile
0x180356490 FlushViewOfFile
0x180356498 UnmapViewOfFile
0x1803564a0 CreateFileMappingA
0x1803564a8 ReOpenFile
0x1803564b0 CopyFileW
0x1803564b8 MoveFileExW
0x1803564c0 CreateHardLinkW
0x1803564c8 GetFileInformationByHandleEx
0x1803564d0 CreateSymbolicLinkW
0x1803564d8 InitializeCriticalSection
0x1803564e0 SetConsoleCtrlHandler
0x1803564e8 GetCurrentDirectoryW
0x1803564f0 GetLongPathNameW
0x1803564f8 GetShortPathNameW
0x180356500 CreateIoCompletionPort
0x180356508 ReadDirectoryChangesW
0x180356510 GetEnvironmentStringsW
0x180356518 FreeEnvironmentStringsW
0x180356520 SetEnvironmentVariableW
0x180356528 SetCurrentDirectoryW
0x180356530 GetTempPathW
0x180356538 GlobalMemoryStatusEx
0x180356540 RtlUnwind
0x180356548 SetHandleInformation
0x180356550 CancelIoEx
0x180356558 CancelIo
0x180356560 SwitchToThread
0x180356568 SetFileCompletionNotificationModes
0x180356570 LoadLibraryExW
0x180356578 FormatMessageA
0x180356580 SetErrorMode
0x180356588 GetQueuedCompletionStatus
0x180356590 InitializeSRWLock
0x180356598 ReleaseSRWLockExclusive
0x1803565a0 AcquireSRWLockExclusive
0x1803565a8 TryEnterCriticalSection
0x1803565b0 InitializeConditionVariable
0x1803565b8 WakeConditionVariable
0x1803565c0 WakeAllConditionVariable
0x1803565c8 SleepConditionVariableCS
0x1803565d0 ReleaseSemaphore
0x1803565d8 ResumeThread
0x1803565e0 GetNativeSystemInfo
0x1803565e8 CreateSemaphoreA
0x1803565f0 ConnectNamedPipe
0x1803565f8 SetNamedPipeHandleState
0x180356600 PeekNamedPipe
0x180356608 CreateNamedPipeW
0x180356610 CancelSynchronousIo
0x180356618 GetNamedPipeHandleStateA
0x180356620 TerminateProcess
0x180356628 GetExitCodeProcess
0x180356630 UnregisterWaitEx
0x180356638 LCMapStringW
0x180356640 DebugBreak
0x180356648 GetModuleHandleA
0x180356650 LoadLibraryExA
0x180356658 GetStartupInfoW
0x180356660 GetModuleFileNameA
0x180356668 GetVersionExA
0x180356670 GetProcessAffinityMask
0x180356678 SetProcessAffinityMask
0x180356680 SetThreadAffinityMask
0x180356688 GetComputerNameA
0x180356690 GetStringTypeW
0x180356698 RtlLookupFunctionEntry
0x1803566a0 GetFullPathNameW
0x1803566a8 RtlVirtualUnwind
0x1803566b0 SetUnhandledExceptionFilter
0x1803566b8 IsProcessorFeaturePresent
0x1803566c0 IsDebuggerPresent
0x1803566c8 InitializeSListHead
0x1803566d0 RtlUnwindEx
0x1803566d8 RtlPcToFileHeader
0x1803566e0 RaiseException
0x1803566e8 InterlockedFlushSList
0x1803566f0 SetStdHandle
0x1803566f8 GetCommandLineA
0x180356700 GetCommandLineW
0x180356708 ExitThread
0x180356710 FreeLibraryAndExitThread
0x180356718 GetDriveTypeW
0x180356720 SystemTimeToTzSpecificLocalTime
0x180356728 ExitProcess
0x180356730 GetFileAttributesExW
0x180356738 SetFileAttributesW
0x180356740 GetConsoleOutputCP
0x180356748 CompareStringW
0x180356750 GetLocaleInfoW
0x180356758 IsValidLocale
0x180356760 GetUserDefaultLCID
0x180356768 EnumSystemLocalesW
0x180356770 HeapReAlloc
0x180356778 GetTimeZoneInformation
0x180356780 HeapSize
0x180356788 SetEndOfFile
0x180356790 FindFirstFileExW
0x180356798 IsValidCodePage
0x1803567a0 GetACP
0x1803567a8 GetOEMCP
0x1803567b0 GetFileSizeEx
0x1803567b8 FileTimeToSystemTime
0x1803567c0 InitializeCriticalSectionEx
0x1803567c8 WaitForSingleObjectEx
0x1803567d0 GetExitCodeThread
0x1803567d8 SleepConditionVariableSRW
0x1803567e0 EncodePointer
0x1803567e8 DecodePointer
0x1803567f0 LCMapStringEx
0x1803567f8 CompareStringEx
0x180356800 GetCPInfo
USER32.dll
0x180356820 MessageBoxW
0x180356828 GetProcessWindowStation
0x180356830 GetSystemMetrics
0x180356838 MapVirtualKeyW
0x180356840 DispatchMessageA
0x180356848 TranslateMessage
0x180356850 GetMessageA
0x180356858 GetUserObjectInformationW
0x180356860 ShowWindow
SHELL32.dll
0x180356810 SHGetSpecialFolderPathA
ADVAPI32.dll
0x180356000 SystemFunction036
0x180356008 GetUserNameW
0x180356010 CryptEnumProvidersW
0x180356018 CryptSignHashW
0x180356020 CryptDestroyHash
0x180356028 CryptCreateHash
0x180356030 CryptDecrypt
0x180356038 CryptExportKey
0x180356040 CryptGetUserKey
0x180356048 CryptGetProvParam
0x180356050 CryptSetHashParam
0x180356058 CryptDestroyKey
0x180356060 CryptReleaseContext
0x180356068 CryptAcquireContextW
0x180356070 ReportEventW
0x180356078 RegisterEventSourceW
0x180356080 DeregisterEventSource
0x180356088 CreateServiceW
0x180356090 QueryServiceStatus
0x180356098 CloseServiceHandle
0x1803560a0 OpenSCManagerW
0x1803560a8 QueryServiceConfigA
0x1803560b0 DeleteService
0x1803560b8 ControlService
0x1803560c0 StartServiceW
0x1803560c8 OpenServiceW
0x1803560d0 LookupPrivilegeValueW
0x1803560d8 AdjustTokenPrivileges
0x1803560e0 OpenProcessToken
0x1803560e8 LsaOpenPolicy
0x1803560f0 LsaAddAccountRights
0x1803560f8 LsaClose
0x180356100 GetTokenInformation
crypt.dll
0x180356968 BCryptGenRandom
EAT(Export Address Table) Library
0x18002c4f0 DllRegisterServer