ScreenShot
| Created | 2024.11.13 14:00 | Machine | s1_win7_x6403 |
| Filename | RuntimeBrikon.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (AIDetectMalware, CryptInject, Emotet, Unsafe, malicious, confidence, Attribute, HighConfidence, high confidence, GameHack, DangerousSig, score, MalCert, CLASSIC, AGEN, Tool, Static AI, Malicious PE, Detected, ApplicUnwnt@#g235t1go6j5d, Eldorado, Artemis, Krypt, GdSda, Mjgl, GenKryptik, GHEK) | ||
| md5 | 06d9c1f5142610b929557ea6e6005a63 | ||
| sha256 | 165356f1cdd243a49c95d3df02069391e079b8ef40302bb887cc146818fa84a4 | ||
| ssdeep | 49152:c4/6eXhp59mEp7nUX7IU6ivGtlqaVwASOrfmrTEbTRjkek2FjufBaCOh5PaOcegJ:c4/6Ep+Y39mHqWN2K4E+gPdo | ||
| imphash | 4adceefc88455c875a37ee4e076fb499 | ||
| impfuzzy | 96:hWOtE1H8BrV2Tc6BecxkuJxU34C4+2ylBWyMjYoFsY2xUxCLy5/zYQtdwEm5ElEh:hWwihBecxqPHu/Y5NPbKrJ/CPljyty | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Encryption keys have been identified in this analysis |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400ba158 AcquireSRWLockExclusive
0x1400ba160 ReleaseSRWLockExclusive
0x1400ba168 GetFileSizeEx
0x1400ba170 CreateFileA
0x1400ba178 WaitForMultipleObjects
0x1400ba180 PeekNamedPipe
0x1400ba188 ReadFile
0x1400ba190 GetFileType
0x1400ba198 GetStdHandle
0x1400ba1a0 GetEnvironmentVariableA
0x1400ba1a8 WaitForSingleObjectEx
0x1400ba1b0 MoveFileExA
0x1400ba1b8 GetTickCount
0x1400ba1c0 UnhandledExceptionFilter
0x1400ba1c8 SetUnhandledExceptionFilter
0x1400ba1d0 TerminateProcess
0x1400ba1d8 IsProcessorFeaturePresent
0x1400ba1e0 VerifyVersionInfoA
0x1400ba1e8 GetSystemDirectoryA
0x1400ba1f0 IsDebuggerPresent
0x1400ba1f8 SleepConditionVariableSRW
0x1400ba200 GetCurrentProcessId
0x1400ba208 GetCurrentThreadId
0x1400ba210 GetSystemTimeAsFileTime
0x1400ba218 InitializeSListHead
0x1400ba220 OutputDebugStringW
0x1400ba228 QueryPerformanceCounter
0x1400ba230 VerifyVersionInfoW
0x1400ba238 FreeLibrary
0x1400ba240 VerSetConditionMask
0x1400ba248 GetProcAddress
0x1400ba250 QueryPerformanceFrequency
0x1400ba258 LoadLibraryA
0x1400ba260 GetModuleHandleA
0x1400ba268 GlobalUnlock
0x1400ba270 WideCharToMultiByte
0x1400ba278 GlobalLock
0x1400ba280 GlobalFree
0x1400ba288 GlobalAlloc
0x1400ba290 MultiByteToWideChar
0x1400ba298 CreateProcessA
0x1400ba2a0 WakeAllConditionVariable
0x1400ba2a8 RtlCaptureContext
0x1400ba2b0 GetStartupInfoW
0x1400ba2b8 RtlVirtualUnwind
0x1400ba2c0 RtlLookupFunctionEntry
0x1400ba2c8 CreateFileW
0x1400ba2d0 GetLastError
0x1400ba2d8 HeapDestroy
0x1400ba2e0 HeapAlloc
0x1400ba2e8 CloseHandle
0x1400ba2f0 HeapReAlloc
0x1400ba2f8 HeapFree
0x1400ba300 HeapSize
0x1400ba308 GetProcessHeap
0x1400ba310 InitializeCriticalSectionEx
0x1400ba318 DeleteCriticalSection
0x1400ba320 Sleep
0x1400ba328 GetCurrentProcess
0x1400ba330 CreateThread
0x1400ba338 VirtualProtect
0x1400ba340 CreateFileMappingW
0x1400ba348 MapViewOfFile
0x1400ba350 UnmapViewOfFile
0x1400ba358 GetModuleFileNameA
0x1400ba360 GetModuleHandleW
0x1400ba368 QueryFullProcessImageNameW
0x1400ba370 SetLastError
0x1400ba378 FormatMessageA
0x1400ba380 LocalFree
0x1400ba388 EnterCriticalSection
0x1400ba390 LeaveCriticalSection
0x1400ba398 SleepEx
USER32.dll
0x1400ba590 SetWindowTextW
0x1400ba598 ScreenToClient
0x1400ba5a0 EnumDisplayMonitors
0x1400ba5a8 MonitorFromWindow
0x1400ba5b0 SetWindowPos
0x1400ba5b8 GetCapture
0x1400ba5c0 GetDC
0x1400ba5c8 DestroyWindow
0x1400ba5d0 WindowFromPoint
0x1400ba5d8 ClientToScreen
0x1400ba5e0 LoadCursorA
0x1400ba5e8 IsChild
0x1400ba5f0 GetForegroundWindow
0x1400ba5f8 DefWindowProcA
0x1400ba600 CreateWindowExA
0x1400ba608 SetLayeredWindowAttributes
0x1400ba610 SetFocus
0x1400ba618 SetWindowLongA
0x1400ba620 GetMonitorInfoA
0x1400ba628 BringWindowToTop
0x1400ba630 DispatchMessageA
0x1400ba638 TranslateMessage
0x1400ba640 GetDesktopWindow
0x1400ba648 PeekMessageA
0x1400ba650 PostQuitMessage
0x1400ba658 UpdateWindow
0x1400ba660 SetCapture
0x1400ba668 SetCursor
0x1400ba670 SetWindowLongW
0x1400ba678 GetClientRect
0x1400ba680 UnregisterClassA
0x1400ba688 RegisterClassExA
0x1400ba690 ReleaseCapture
0x1400ba698 SetForegroundWindow
0x1400ba6a0 IsIconic
0x1400ba6a8 GetKeyState
0x1400ba6b0 AdjustWindowRectEx
0x1400ba6b8 SetCursorPos
0x1400ba6c0 ReleaseDC
0x1400ba6c8 GetCursorPos
0x1400ba6d0 OpenClipboard
0x1400ba6d8 GetWindowLongW
0x1400ba6e0 CloseClipboard
0x1400ba6e8 ShowWindow
0x1400ba6f0 EmptyClipboard
0x1400ba6f8 MessageBoxA
0x1400ba700 GetWindowRect
0x1400ba708 SetClipboardData
0x1400ba710 GetClipboardData
GDI32.dll
0x1400ba128 GetDeviceCaps
SHELL32.dll
0x1400ba580 ShellExecuteA
MSVCP140.dll
0x1400ba3a8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400ba3b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400ba3b8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400ba3c0 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba3c8 ?_Xbad_function_call@std@@YAXXZ
0x1400ba3d0 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400ba3d8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400ba3e0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ba3e8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400ba3f0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ba3f8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ba400 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ba408 ??Bid@locale@std@@QEAA_KXZ
0x1400ba410 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400ba418 ??7ios_base@std@@QEBA_NXZ
0x1400ba420 ?good@ios_base@std@@QEBA_NXZ
0x1400ba428 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400ba430 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400ba438 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba440 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba448 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400ba450 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400ba458 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400ba460 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba468 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400ba470 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ba478 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400ba480 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400ba488 ??1_Lockit@std@@QEAA@XZ
0x1400ba490 ??0_Lockit@std@@QEAA@H@Z
0x1400ba498 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400ba4a0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ba4a8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ba4b0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400ba4b8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400ba4c0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400ba4c8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400ba4d0 ?uncaught_exception@std@@YA_NXZ
0x1400ba4d8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400ba4e0 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400ba4e8 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ba4f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400ba4f8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400ba500 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400ba508 ?_Xlength_error@std@@YAXPEBD@Z
0x1400ba510 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400ba518 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400ba520 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400ba528 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400ba530 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
WS2_32.dll
0x1400ba858 WSAGetLastError
0x1400ba860 getpeername
0x1400ba868 sendto
0x1400ba870 recvfrom
0x1400ba878 connect
0x1400ba880 ind
0x1400ba888 send
0x1400ba890 freeaddrinfo
0x1400ba898 getsockopt
0x1400ba8a0 getaddrinfo
0x1400ba8a8 select
0x1400ba8b0 recv
0x1400ba8b8 __WSAFDIsSet
0x1400ba8c0 ioctlsocket
0x1400ba8c8 listen
0x1400ba8d0 htonl
0x1400ba8d8 accept
0x1400ba8e0 WSACleanup
0x1400ba8e8 gethostname
0x1400ba8f0 ntohl
0x1400ba8f8 closesocket
0x1400ba900 WSAStartup
0x1400ba908 WSAIoctl
0x1400ba910 WSASetLastError
0x1400ba918 socket
0x1400ba920 setsockopt
0x1400ba928 ntohs
0x1400ba930 htons
0x1400ba938 getsockname
IMM32.dll
0x1400ba138 ImmSetCompositionWindow
0x1400ba140 ImmGetContext
0x1400ba148 ImmReleaseContext
d3d9.dll
0x1400bacb0 Direct3DCreate9
Normaliz.dll
0x1400ba540 IdnToAscii
WLDAP32.dll
0x1400ba7c0 None
0x1400ba7c8 None
0x1400ba7d0 None
0x1400ba7d8 None
0x1400ba7e0 None
0x1400ba7e8 None
0x1400ba7f0 None
0x1400ba7f8 None
0x1400ba800 None
0x1400ba808 None
0x1400ba810 None
0x1400ba818 None
0x1400ba820 None
0x1400ba828 None
0x1400ba830 None
0x1400ba838 None
0x1400ba840 None
0x1400ba848 None
CRYPT32.dll
0x1400ba0a0 CertGetNameStringA
0x1400ba0a8 CryptQueryObject
0x1400ba0b0 CertCreateCertificateChainEngine
0x1400ba0b8 CertFreeCertificateChainEngine
0x1400ba0c0 CertFindCertificateInStore
0x1400ba0c8 CertGetCertificateChain
0x1400ba0d0 CertFreeCertificateChain
0x1400ba0d8 CertEnumCertificatesInStore
0x1400ba0e0 CertAddCertificateContextToStore
0x1400ba0e8 CryptDecodeObjectEx
0x1400ba0f0 PFXImportCertStore
0x1400ba0f8 CryptStringToBinaryA
0x1400ba100 CertFreeCertificateContext
0x1400ba108 CertOpenStore
0x1400ba110 CertCloseStore
0x1400ba118 CertFindExtension
RPCRT4.dll
0x1400ba560 UuidToStringA
0x1400ba568 UuidCreate
0x1400ba570 RpcStringFreeA
PSAPI.DLL
0x1400ba550 GetModuleInformation
USERENV.dll
0x1400ba720 UnloadUserProfile
VCRUNTIME140_1.dll
0x1400ba7b0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400ba730 __current_exception
0x1400ba738 __C_specific_handler
0x1400ba740 strrchr
0x1400ba748 memset
0x1400ba750 memmove
0x1400ba758 memcpy
0x1400ba760 memcmp
0x1400ba768 _CxxThrowException
0x1400ba770 strchr
0x1400ba778 strstr
0x1400ba780 __std_terminate
0x1400ba788 __std_exception_copy
0x1400ba790 __std_exception_destroy
0x1400ba798 __current_exception_context
0x1400ba7a0 memchr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400baa50 _invalid_parameter_noinfo
0x1400baa58 exit
0x1400baa60 _getpid
0x1400baa68 system
0x1400baa70 _invalid_parameter_noinfo_noreturn
0x1400baa78 _wassert
0x1400baa80 _errno
0x1400baa88 strerror
0x1400baa90 __sys_nerr
0x1400baa98 _initialize_onexit_table
0x1400baaa0 _resetstkoflw
0x1400baaa8 _register_thread_local_exe_atexit_callback
0x1400baab0 _c_exit
0x1400baab8 _beginthreadex
0x1400baac0 _exit
0x1400baac8 _initterm_e
0x1400baad0 _initterm
0x1400baad8 _get_narrow_winmain_command_line
0x1400baae0 _set_app_type
0x1400baae8 _seh_filter_exe
0x1400baaf0 terminate
0x1400baaf8 _cexit
0x1400bab00 _crt_atexit
0x1400bab08 _register_onexit_function
0x1400bab10 _initialize_narrow_environment
0x1400bab18 _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll
0x1400bab28 fwrite
0x1400bab30 fgetpos
0x1400bab38 _lseeki64
0x1400bab40 setvbuf
0x1400bab48 _set_fmode
0x1400bab50 fputc
0x1400bab58 fgetc
0x1400bab60 ungetc
0x1400bab68 feof
0x1400bab70 fputs
0x1400bab78 fopen
0x1400bab80 fflush
0x1400bab88 __p__commode
0x1400bab90 fsetpos
0x1400bab98 _read
0x1400baba0 _write
0x1400baba8 _popen
0x1400babb0 _pclose
0x1400babb8 fgets
0x1400babc0 _close
0x1400babc8 _open
0x1400babd0 __stdio_common_vsscanf
0x1400babd8 __stdio_common_vsprintf
0x1400babe0 _wfopen
0x1400babe8 fread
0x1400babf0 _fseeki64
0x1400babf8 fclose
0x1400bac00 fseek
0x1400bac08 __acrt_iob_func
0x1400bac10 _get_stream_buffer_pointers
0x1400bac18 ftell
api-ms-win-crt-utility-l1-1-0.dll
0x1400bac90 qsort
0x1400bac98 rand
0x1400baca0 srand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400ba980 _access
0x1400ba988 _unlink
0x1400ba990 _lock_file
0x1400ba998 _stat64
0x1400ba9a0 _unlock_file
0x1400ba9a8 _fstat64
api-ms-win-crt-time-l1-1-0.dll
0x1400bac78 _time64
0x1400bac80 _gmtime64
api-ms-win-crt-string-l1-1-0.dll
0x1400bac28 isupper
0x1400bac30 strncpy
0x1400bac38 strncmp
0x1400bac40 _strdup
0x1400bac48 tolower
0x1400bac50 strpbrk
0x1400bac58 strcmp
0x1400bac60 strcspn
0x1400bac68 strspn
api-ms-win-crt-heap-l1-1-0.dll
0x1400ba9b8 realloc
0x1400ba9c0 _set_new_mode
0x1400ba9c8 calloc
0x1400ba9d0 _callnewh
0x1400ba9d8 free
0x1400ba9e0 malloc
api-ms-win-crt-convert-l1-1-0.dll
0x1400ba948 strtod
0x1400ba950 strtol
0x1400ba958 strtoul
0x1400ba960 strtoll
0x1400ba968 strtoull
0x1400ba970 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x1400ba9f0 localeconv
0x1400ba9f8 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x1400baa08 fmodf
0x1400baa10 _dclass
0x1400baa18 ceilf
0x1400baa20 acosf
0x1400baa28 __setusermatherr
0x1400baa30 cosf
0x1400baa38 sinf
0x1400baa40 sqrtf
ADVAPI32.dll
0x1400ba000 CryptGetHashParam
0x1400ba008 GetLengthSid
0x1400ba010 GetTokenInformation
0x1400ba018 InitializeAcl
0x1400ba020 IsValidSid
0x1400ba028 SetSecurityInfo
0x1400ba030 CopySid
0x1400ba038 ConvertSidToStringSidA
0x1400ba040 OpenProcessToken
0x1400ba048 CryptAcquireContextA
0x1400ba050 CryptReleaseContext
0x1400ba058 CryptGenRandom
0x1400ba060 CryptCreateHash
0x1400ba068 CryptHashData
0x1400ba070 CryptDestroyHash
0x1400ba078 CryptDestroyKey
0x1400ba080 CryptImportKey
0x1400ba088 CryptEncrypt
0x1400ba090 AddAccessAllowedAce
EAT(Export Address Table) is none
KERNEL32.dll
0x1400ba158 AcquireSRWLockExclusive
0x1400ba160 ReleaseSRWLockExclusive
0x1400ba168 GetFileSizeEx
0x1400ba170 CreateFileA
0x1400ba178 WaitForMultipleObjects
0x1400ba180 PeekNamedPipe
0x1400ba188 ReadFile
0x1400ba190 GetFileType
0x1400ba198 GetStdHandle
0x1400ba1a0 GetEnvironmentVariableA
0x1400ba1a8 WaitForSingleObjectEx
0x1400ba1b0 MoveFileExA
0x1400ba1b8 GetTickCount
0x1400ba1c0 UnhandledExceptionFilter
0x1400ba1c8 SetUnhandledExceptionFilter
0x1400ba1d0 TerminateProcess
0x1400ba1d8 IsProcessorFeaturePresent
0x1400ba1e0 VerifyVersionInfoA
0x1400ba1e8 GetSystemDirectoryA
0x1400ba1f0 IsDebuggerPresent
0x1400ba1f8 SleepConditionVariableSRW
0x1400ba200 GetCurrentProcessId
0x1400ba208 GetCurrentThreadId
0x1400ba210 GetSystemTimeAsFileTime
0x1400ba218 InitializeSListHead
0x1400ba220 OutputDebugStringW
0x1400ba228 QueryPerformanceCounter
0x1400ba230 VerifyVersionInfoW
0x1400ba238 FreeLibrary
0x1400ba240 VerSetConditionMask
0x1400ba248 GetProcAddress
0x1400ba250 QueryPerformanceFrequency
0x1400ba258 LoadLibraryA
0x1400ba260 GetModuleHandleA
0x1400ba268 GlobalUnlock
0x1400ba270 WideCharToMultiByte
0x1400ba278 GlobalLock
0x1400ba280 GlobalFree
0x1400ba288 GlobalAlloc
0x1400ba290 MultiByteToWideChar
0x1400ba298 CreateProcessA
0x1400ba2a0 WakeAllConditionVariable
0x1400ba2a8 RtlCaptureContext
0x1400ba2b0 GetStartupInfoW
0x1400ba2b8 RtlVirtualUnwind
0x1400ba2c0 RtlLookupFunctionEntry
0x1400ba2c8 CreateFileW
0x1400ba2d0 GetLastError
0x1400ba2d8 HeapDestroy
0x1400ba2e0 HeapAlloc
0x1400ba2e8 CloseHandle
0x1400ba2f0 HeapReAlloc
0x1400ba2f8 HeapFree
0x1400ba300 HeapSize
0x1400ba308 GetProcessHeap
0x1400ba310 InitializeCriticalSectionEx
0x1400ba318 DeleteCriticalSection
0x1400ba320 Sleep
0x1400ba328 GetCurrentProcess
0x1400ba330 CreateThread
0x1400ba338 VirtualProtect
0x1400ba340 CreateFileMappingW
0x1400ba348 MapViewOfFile
0x1400ba350 UnmapViewOfFile
0x1400ba358 GetModuleFileNameA
0x1400ba360 GetModuleHandleW
0x1400ba368 QueryFullProcessImageNameW
0x1400ba370 SetLastError
0x1400ba378 FormatMessageA
0x1400ba380 LocalFree
0x1400ba388 EnterCriticalSection
0x1400ba390 LeaveCriticalSection
0x1400ba398 SleepEx
USER32.dll
0x1400ba590 SetWindowTextW
0x1400ba598 ScreenToClient
0x1400ba5a0 EnumDisplayMonitors
0x1400ba5a8 MonitorFromWindow
0x1400ba5b0 SetWindowPos
0x1400ba5b8 GetCapture
0x1400ba5c0 GetDC
0x1400ba5c8 DestroyWindow
0x1400ba5d0 WindowFromPoint
0x1400ba5d8 ClientToScreen
0x1400ba5e0 LoadCursorA
0x1400ba5e8 IsChild
0x1400ba5f0 GetForegroundWindow
0x1400ba5f8 DefWindowProcA
0x1400ba600 CreateWindowExA
0x1400ba608 SetLayeredWindowAttributes
0x1400ba610 SetFocus
0x1400ba618 SetWindowLongA
0x1400ba620 GetMonitorInfoA
0x1400ba628 BringWindowToTop
0x1400ba630 DispatchMessageA
0x1400ba638 TranslateMessage
0x1400ba640 GetDesktopWindow
0x1400ba648 PeekMessageA
0x1400ba650 PostQuitMessage
0x1400ba658 UpdateWindow
0x1400ba660 SetCapture
0x1400ba668 SetCursor
0x1400ba670 SetWindowLongW
0x1400ba678 GetClientRect
0x1400ba680 UnregisterClassA
0x1400ba688 RegisterClassExA
0x1400ba690 ReleaseCapture
0x1400ba698 SetForegroundWindow
0x1400ba6a0 IsIconic
0x1400ba6a8 GetKeyState
0x1400ba6b0 AdjustWindowRectEx
0x1400ba6b8 SetCursorPos
0x1400ba6c0 ReleaseDC
0x1400ba6c8 GetCursorPos
0x1400ba6d0 OpenClipboard
0x1400ba6d8 GetWindowLongW
0x1400ba6e0 CloseClipboard
0x1400ba6e8 ShowWindow
0x1400ba6f0 EmptyClipboard
0x1400ba6f8 MessageBoxA
0x1400ba700 GetWindowRect
0x1400ba708 SetClipboardData
0x1400ba710 GetClipboardData
GDI32.dll
0x1400ba128 GetDeviceCaps
SHELL32.dll
0x1400ba580 ShellExecuteA
MSVCP140.dll
0x1400ba3a8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400ba3b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400ba3b8 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400ba3c0 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba3c8 ?_Xbad_function_call@std@@YAXXZ
0x1400ba3d0 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400ba3d8 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400ba3e0 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ba3e8 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400ba3f0 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ba3f8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ba400 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ba408 ??Bid@locale@std@@QEAA_KXZ
0x1400ba410 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400ba418 ??7ios_base@std@@QEBA_NXZ
0x1400ba420 ?good@ios_base@std@@QEBA_NXZ
0x1400ba428 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400ba430 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400ba438 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba440 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba448 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400ba450 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400ba458 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400ba460 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ba468 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400ba470 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ba478 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400ba480 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400ba488 ??1_Lockit@std@@QEAA@XZ
0x1400ba490 ??0_Lockit@std@@QEAA@H@Z
0x1400ba498 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400ba4a0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ba4a8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ba4b0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400ba4b8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400ba4c0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400ba4c8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400ba4d0 ?uncaught_exception@std@@YA_NXZ
0x1400ba4d8 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400ba4e0 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400ba4e8 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ba4f0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400ba4f8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400ba500 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400ba508 ?_Xlength_error@std@@YAXPEBD@Z
0x1400ba510 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400ba518 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400ba520 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400ba528 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400ba530 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
WS2_32.dll
0x1400ba858 WSAGetLastError
0x1400ba860 getpeername
0x1400ba868 sendto
0x1400ba870 recvfrom
0x1400ba878 connect
0x1400ba880 ind
0x1400ba888 send
0x1400ba890 freeaddrinfo
0x1400ba898 getsockopt
0x1400ba8a0 getaddrinfo
0x1400ba8a8 select
0x1400ba8b0 recv
0x1400ba8b8 __WSAFDIsSet
0x1400ba8c0 ioctlsocket
0x1400ba8c8 listen
0x1400ba8d0 htonl
0x1400ba8d8 accept
0x1400ba8e0 WSACleanup
0x1400ba8e8 gethostname
0x1400ba8f0 ntohl
0x1400ba8f8 closesocket
0x1400ba900 WSAStartup
0x1400ba908 WSAIoctl
0x1400ba910 WSASetLastError
0x1400ba918 socket
0x1400ba920 setsockopt
0x1400ba928 ntohs
0x1400ba930 htons
0x1400ba938 getsockname
IMM32.dll
0x1400ba138 ImmSetCompositionWindow
0x1400ba140 ImmGetContext
0x1400ba148 ImmReleaseContext
d3d9.dll
0x1400bacb0 Direct3DCreate9
Normaliz.dll
0x1400ba540 IdnToAscii
WLDAP32.dll
0x1400ba7c0 None
0x1400ba7c8 None
0x1400ba7d0 None
0x1400ba7d8 None
0x1400ba7e0 None
0x1400ba7e8 None
0x1400ba7f0 None
0x1400ba7f8 None
0x1400ba800 None
0x1400ba808 None
0x1400ba810 None
0x1400ba818 None
0x1400ba820 None
0x1400ba828 None
0x1400ba830 None
0x1400ba838 None
0x1400ba840 None
0x1400ba848 None
CRYPT32.dll
0x1400ba0a0 CertGetNameStringA
0x1400ba0a8 CryptQueryObject
0x1400ba0b0 CertCreateCertificateChainEngine
0x1400ba0b8 CertFreeCertificateChainEngine
0x1400ba0c0 CertFindCertificateInStore
0x1400ba0c8 CertGetCertificateChain
0x1400ba0d0 CertFreeCertificateChain
0x1400ba0d8 CertEnumCertificatesInStore
0x1400ba0e0 CertAddCertificateContextToStore
0x1400ba0e8 CryptDecodeObjectEx
0x1400ba0f0 PFXImportCertStore
0x1400ba0f8 CryptStringToBinaryA
0x1400ba100 CertFreeCertificateContext
0x1400ba108 CertOpenStore
0x1400ba110 CertCloseStore
0x1400ba118 CertFindExtension
RPCRT4.dll
0x1400ba560 UuidToStringA
0x1400ba568 UuidCreate
0x1400ba570 RpcStringFreeA
PSAPI.DLL
0x1400ba550 GetModuleInformation
USERENV.dll
0x1400ba720 UnloadUserProfile
VCRUNTIME140_1.dll
0x1400ba7b0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400ba730 __current_exception
0x1400ba738 __C_specific_handler
0x1400ba740 strrchr
0x1400ba748 memset
0x1400ba750 memmove
0x1400ba758 memcpy
0x1400ba760 memcmp
0x1400ba768 _CxxThrowException
0x1400ba770 strchr
0x1400ba778 strstr
0x1400ba780 __std_terminate
0x1400ba788 __std_exception_copy
0x1400ba790 __std_exception_destroy
0x1400ba798 __current_exception_context
0x1400ba7a0 memchr
api-ms-win-crt-runtime-l1-1-0.dll
0x1400baa50 _invalid_parameter_noinfo
0x1400baa58 exit
0x1400baa60 _getpid
0x1400baa68 system
0x1400baa70 _invalid_parameter_noinfo_noreturn
0x1400baa78 _wassert
0x1400baa80 _errno
0x1400baa88 strerror
0x1400baa90 __sys_nerr
0x1400baa98 _initialize_onexit_table
0x1400baaa0 _resetstkoflw
0x1400baaa8 _register_thread_local_exe_atexit_callback
0x1400baab0 _c_exit
0x1400baab8 _beginthreadex
0x1400baac0 _exit
0x1400baac8 _initterm_e
0x1400baad0 _initterm
0x1400baad8 _get_narrow_winmain_command_line
0x1400baae0 _set_app_type
0x1400baae8 _seh_filter_exe
0x1400baaf0 terminate
0x1400baaf8 _cexit
0x1400bab00 _crt_atexit
0x1400bab08 _register_onexit_function
0x1400bab10 _initialize_narrow_environment
0x1400bab18 _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll
0x1400bab28 fwrite
0x1400bab30 fgetpos
0x1400bab38 _lseeki64
0x1400bab40 setvbuf
0x1400bab48 _set_fmode
0x1400bab50 fputc
0x1400bab58 fgetc
0x1400bab60 ungetc
0x1400bab68 feof
0x1400bab70 fputs
0x1400bab78 fopen
0x1400bab80 fflush
0x1400bab88 __p__commode
0x1400bab90 fsetpos
0x1400bab98 _read
0x1400baba0 _write
0x1400baba8 _popen
0x1400babb0 _pclose
0x1400babb8 fgets
0x1400babc0 _close
0x1400babc8 _open
0x1400babd0 __stdio_common_vsscanf
0x1400babd8 __stdio_common_vsprintf
0x1400babe0 _wfopen
0x1400babe8 fread
0x1400babf0 _fseeki64
0x1400babf8 fclose
0x1400bac00 fseek
0x1400bac08 __acrt_iob_func
0x1400bac10 _get_stream_buffer_pointers
0x1400bac18 ftell
api-ms-win-crt-utility-l1-1-0.dll
0x1400bac90 qsort
0x1400bac98 rand
0x1400baca0 srand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400ba980 _access
0x1400ba988 _unlink
0x1400ba990 _lock_file
0x1400ba998 _stat64
0x1400ba9a0 _unlock_file
0x1400ba9a8 _fstat64
api-ms-win-crt-time-l1-1-0.dll
0x1400bac78 _time64
0x1400bac80 _gmtime64
api-ms-win-crt-string-l1-1-0.dll
0x1400bac28 isupper
0x1400bac30 strncpy
0x1400bac38 strncmp
0x1400bac40 _strdup
0x1400bac48 tolower
0x1400bac50 strpbrk
0x1400bac58 strcmp
0x1400bac60 strcspn
0x1400bac68 strspn
api-ms-win-crt-heap-l1-1-0.dll
0x1400ba9b8 realloc
0x1400ba9c0 _set_new_mode
0x1400ba9c8 calloc
0x1400ba9d0 _callnewh
0x1400ba9d8 free
0x1400ba9e0 malloc
api-ms-win-crt-convert-l1-1-0.dll
0x1400ba948 strtod
0x1400ba950 strtol
0x1400ba958 strtoul
0x1400ba960 strtoll
0x1400ba968 strtoull
0x1400ba970 atoi
api-ms-win-crt-locale-l1-1-0.dll
0x1400ba9f0 localeconv
0x1400ba9f8 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
0x1400baa08 fmodf
0x1400baa10 _dclass
0x1400baa18 ceilf
0x1400baa20 acosf
0x1400baa28 __setusermatherr
0x1400baa30 cosf
0x1400baa38 sinf
0x1400baa40 sqrtf
ADVAPI32.dll
0x1400ba000 CryptGetHashParam
0x1400ba008 GetLengthSid
0x1400ba010 GetTokenInformation
0x1400ba018 InitializeAcl
0x1400ba020 IsValidSid
0x1400ba028 SetSecurityInfo
0x1400ba030 CopySid
0x1400ba038 ConvertSidToStringSidA
0x1400ba040 OpenProcessToken
0x1400ba048 CryptAcquireContextA
0x1400ba050 CryptReleaseContext
0x1400ba058 CryptGenRandom
0x1400ba060 CryptCreateHash
0x1400ba068 CryptHashData
0x1400ba070 CryptDestroyHash
0x1400ba078 CryptDestroyKey
0x1400ba080 CryptImportKey
0x1400ba088 CryptEncrypt
0x1400ba090 AddAccessAllowedAce
EAT(Export Address Table) is none