ScreenShot
| Created | 2024.11.15 13:51 | Machine | s1_win7_x6403 |
| Filename | wwbizsrvs.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (Zusy, Unsafe, grayware, confidence, Shelm) | ||
| md5 | 2912cd42249241d0e1ef69bfe6513f49 | ||
| sha256 | 968b7f6af70d85cf079621d8c4d54bb7385a584f2a3d3ef981610ae88cf939b0 | ||
| ssdeep | 49152:ZE1zpZW1D7w0brP6+pCixXvq1p/42mi080tULLd0:m1zaZJHP62C2OrQ | ||
| imphash | f6b9c4c616eb15a7d41975bbd1dce6bc | ||
| impfuzzy | 96:wbEDZ18fc+vkNgPbvMRTbKM++ytezm6NBa9aXNys9X1DMpJL2rrtYzGOKslKk6LJ:VIbvhtevY9a9l9FeCJYWslKk6pD7v | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Expresses interest in specific running processes |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x56b450 recvfrom
0x56b454 __WSAFDIsSet
0x56b458 getpeername
0x56b45c ioctlsocket
0x56b460 closesocket
0x56b464 recv
0x56b468 select
0x56b46c getsockname
0x56b470 sendto
0x56b474 socket
0x56b478 connect
0x56b47c accept
0x56b480 send
0x56b484 getsockopt
0x56b488 WSAStringToAddressW
0x56b48c WSAAddressToStringW
0x56b490 WSASocketW
0x56b494 WSASend
0x56b498 WSARecv
0x56b49c WSAGetLastError
0x56b4a0 WSASetLastError
0x56b4a4 WSACleanup
0x56b4a8 WSAStartup
0x56b4ac gethostname
0x56b4b0 gethostbyname
0x56b4b4 shutdown
0x56b4b8 setsockopt
0x56b4bc ntohs
0x56b4c0 ntohl
0x56b4c4 listen
0x56b4c8 htons
0x56b4cc htonl
0x56b4d0 ind
KERNEL32.dll
0x56b0ac LocalAlloc
0x56b0b0 LocalFree
0x56b0b4 GetTickCount
0x56b0b8 lstrcmpA
0x56b0bc GetPrivateProfileStringW
0x56b0c0 CreateDirectoryW
0x56b0c4 DeleteFileW
0x56b0c8 WTSGetActiveConsoleSessionId
0x56b0cc GetCurrentThreadId
0x56b0d0 GetExitCodeThread
0x56b0d4 InitializeCriticalSection
0x56b0d8 EnterCriticalSection
0x56b0dc LeaveCriticalSection
0x56b0e0 DeleteCriticalSection
0x56b0e4 GetFileSize
0x56b0e8 GetFileSizeEx
0x56b0ec WriteFile
0x56b0f0 FlushFileBuffers
0x56b0f4 SetEndOfFile
0x56b0f8 SetFilePointer
0x56b0fc SetFilePointerEx
0x56b100 FindClose
0x56b104 RemoveDirectoryW
0x56b108 FindFirstFileW
0x56b10c CopyFileW
0x56b110 MoveFileExW
0x56b114 FindNextFileW
0x56b118 VerSetConditionMask
0x56b11c InterlockedIncrement
0x56b120 InterlockedDecrement
0x56b124 InterlockedExchange
0x56b128 InterlockedExchangeAdd
0x56b12c InterlockedCompareExchange
0x56b130 FreeResource
0x56b134 TerminateThread
0x56b138 SetLastError
0x56b13c CreateIoCompletionPort
0x56b140 GetQueuedCompletionStatus
0x56b144 PostQueuedCompletionStatus
0x56b148 QueueUserAPC
0x56b14c InitializeCriticalSectionAndSpinCount
0x56b150 SetEvent
0x56b154 WaitForMultipleObjects
0x56b158 FormatMessageA
0x56b15c TlsAlloc
0x56b160 TlsGetValue
0x56b164 TlsSetValue
0x56b168 TlsFree
0x56b16c SleepEx
0x56b170 CreateEventW
0x56b174 Process32NextW
0x56b178 SetWaitableTimer
0x56b17c VerifyVersionInfoW
0x56b180 FreeLibrary
0x56b184 VirtualAlloc
0x56b188 VirtualFree
0x56b18c GetSystemInfo
0x56b190 LoadLibraryExW
0x56b194 OpenProcess
0x56b198 lstrcmpiW
0x56b19c GetModuleFileNameW
0x56b1a0 DecodePointer
0x56b1a4 RaiseException
0x56b1a8 GetProcAddress
0x56b1ac GlobalAlloc
0x56b1b0 GlobalLock
0x56b1b4 GlobalUnlock
0x56b1b8 ReadFile
0x56b1bc GetCurrentProcess
0x56b1c0 GetCurrentProcessId
0x56b1c4 SetUnhandledExceptionFilter
0x56b1c8 CreateMutexW
0x56b1cc LoadLibraryW
0x56b1d0 GetModuleHandleW
0x56b1d4 SetCurrentDirectoryW
0x56b1d8 GetModuleHandleA
0x56b1dc GetVersion
0x56b1e0 GetFileType
0x56b1e4 GetStdHandle
0x56b1e8 QueryPerformanceCounter
0x56b1ec GlobalMemoryStatus
0x56b1f0 LoadLibraryA
0x56b1f4 FlushConsoleInputBuffer
0x56b1f8 GetVersionExA
0x56b1fc ExpandEnvironmentStringsA
0x56b200 CreateMutexA
0x56b204 ReleaseMutex
0x56b208 DuplicateHandle
0x56b20c CreateEventA
0x56b210 PeekNamedPipe
0x56b214 SetFileAttributesW
0x56b218 SetFileTime
0x56b21c GetConsoleMode
0x56b220 FileTimeToSystemTime
0x56b224 SystemTimeToTzSpecificLocalTime
0x56b228 GetDriveTypeW
0x56b22c ExitProcess
0x56b230 GetTimeZoneInformation
0x56b234 SetConsoleCtrlHandler
0x56b238 GetModuleHandleExW
0x56b23c ExitThread
0x56b240 Process32FirstW
0x56b244 CreateToolhelp32Snapshot
0x56b248 WideCharToMultiByte
0x56b24c MultiByteToWideChar
0x56b250 GetVersionExW
0x56b254 CreateFileW
0x56b258 FindResourceExW
0x56b25c FindResourceW
0x56b260 OutputDebugStringW
0x56b264 CreateWaitableTimerW
0x56b268 CloseHandle
0x56b26c SizeofResource
0x56b270 LoadResource
0x56b274 Sleep
0x56b278 WaitForSingleObject
0x56b27c GetLastError
0x56b280 GetProcessHeap
0x56b284 HeapSize
0x56b288 HeapFree
0x56b28c HeapReAlloc
0x56b290 HeapAlloc
0x56b294 HeapDestroy
0x56b298 GlobalMemoryStatusEx
0x56b29c LockResource
0x56b2a0 ReadConsoleInputA
0x56b2a4 SetConsoleMode
0x56b2a8 GetACP
0x56b2ac ReadConsoleW
0x56b2b0 GetDateFormatW
0x56b2b4 GetTimeFormatW
0x56b2b8 IsValidLocale
0x56b2bc GetUserDefaultLCID
0x56b2c0 EnumSystemLocalesW
0x56b2c4 GetConsoleCP
0x56b2c8 SetStdHandle
0x56b2cc GetCurrentDirectoryW
0x56b2d0 GetFullPathNameW
0x56b2d4 FindFirstFileExW
0x56b2d8 IsValidCodePage
0x56b2dc GetOEMCP
0x56b2e0 RtlUnwind
0x56b2e4 UnregisterWaitEx
0x56b2e8 QueryDepthSList
0x56b2ec InterlockedFlushSList
0x56b2f0 InterlockedPushEntrySList
0x56b2f4 InterlockedPopEntrySList
0x56b2f8 ReleaseSemaphore
0x56b2fc VirtualProtect
0x56b300 FreeLibraryAndExitThread
0x56b304 GetThreadTimes
0x56b308 UnregisterWait
0x56b30c RegisterWaitForSingleObject
0x56b310 SetThreadAffinityMask
0x56b314 GetProcessAffinityMask
0x56b318 GetNumaHighestNodeNumber
0x56b31c DeleteTimerQueueTimer
0x56b320 ChangeTimerQueueTimer
0x56b324 CreateTimerQueueTimer
0x56b328 GetLogicalProcessorInformation
0x56b32c GetThreadPriority
0x56b330 SetThreadPriority
0x56b334 CreateThread
0x56b338 SignalObjectAndWait
0x56b33c CreateTimerQueue
0x56b340 InitializeSListHead
0x56b344 GetStartupInfoW
0x56b348 IsProcessorFeaturePresent
0x56b34c TerminateProcess
0x56b350 UnhandledExceptionFilter
0x56b354 ResetEvent
0x56b358 GetStringTypeW
0x56b35c GetCommandLineA
0x56b360 GetCommandLineW
0x56b364 GetEnvironmentStringsW
0x56b368 FreeEnvironmentStringsW
0x56b36c SetEnvironmentVariableA
0x56b370 WriteConsoleW
0x56b374 GlobalFree
0x56b378 GetLocaleInfoW
0x56b37c LCMapStringW
0x56b380 CompareStringW
0x56b384 GetCPInfo
0x56b388 GetSystemTimeAsFileTime
0x56b38c EncodePointer
0x56b390 TryEnterCriticalSection
0x56b394 QueryPerformanceFrequency
0x56b398 GetCurrentThread
0x56b39c SwitchToThread
0x56b3a0 WaitForSingleObjectEx
0x56b3a4 FormatMessageW
0x56b3a8 IsDebuggerPresent
USER32.dll
0x56b40c wsprintfW
0x56b410 CharUpperW
0x56b414 MessageBoxA
0x56b418 GetProcessWindowStation
0x56b41c GetUserObjectInformationW
0x56b420 LoadStringW
ADVAPI32.dll
0x56b000 GetUserNameW
0x56b004 RegisterEventSourceW
0x56b008 ReportEventW
0x56b00c CreateProcessAsUserW
0x56b010 DuplicateTokenEx
0x56b014 RevertToSelf
0x56b018 OpenProcessToken
0x56b01c ImpersonateLoggedOnUser
0x56b020 RegCloseKey
0x56b024 RegCreateKeyExW
0x56b028 RegisterEventSourceA
0x56b02c ReportEventA
0x56b030 StartServiceW
0x56b034 StartServiceCtrlDispatcherW
0x56b038 SetServiceStatus
0x56b03c RegisterServiceCtrlHandlerW
0x56b040 QueryServiceStatus
0x56b044 QueryServiceConfigW
0x56b048 OpenServiceW
0x56b04c OpenSCManagerW
0x56b050 DeleteService
0x56b054 CreateServiceW
0x56b058 ControlService
0x56b05c CloseServiceHandle
0x56b060 ChangeServiceConfig2W
0x56b064 ChangeServiceConfigW
0x56b068 RegSetValueExW
0x56b06c RegQueryValueExW
0x56b070 RegOpenKeyExW
0x56b074 RegOpenKeyW
0x56b078 RegEnumKeyW
0x56b07c RegDeleteKeyW
0x56b080 DeregisterEventSource
SHELL32.dll
0x56b3d8 SHGetFolderPathW
0x56b3dc None
0x56b3e0 SHCreateDirectoryExW
0x56b3e4 SHGetSpecialFolderPathW
0x56b3e8 CommandLineToArgvW
0x56b3ec SHFileOperationW
ole32.dll
0x56b4e0 CoCreateInstance
0x56b4e4 CoUninitialize
0x56b4e8 CoInitialize
0x56b4ec CoFreeUnusedLibraries
OLEAUT32.dll
0x56b3bc VariantClear
0x56b3c0 SysAllocString
0x56b3c4 SystemTimeToVariantTime
0x56b3c8 VariantTimeToSystemTime
0x56b3cc VarUdateFromDate
0x56b3d0 SysFreeString
SHLWAPI.dll
0x56b3f4 PathFindExtensionW
0x56b3f8 PathFileExistsW
0x56b3fc StrCmpNA
0x56b400 PathIsDirectoryW
0x56b404 PathCombineW
WINTRUST.dll
0x56b448 WinVerifyTrust
CRYPT32.dll
0x56b088 CryptMsgGetParam
0x56b08c CertCloseStore
0x56b090 CryptDecodeObject
0x56b094 CertFreeCertificateContext
0x56b098 CertGetNameStringW
0x56b09c CryptQueryObject
0x56b0a0 CertFindCertificateInStore
0x56b0a4 CryptMsgClose
MSWSOCK.dll
0x56b3b0 AcceptEx
0x56b3b4 GetAcceptExSockaddrs
WTSAPI32.dll
0x56b4d8 WTSQueryUserToken
USERENV.dll
0x56b428 CreateEnvironmentBlock
0x56b42c DestroyEnvironmentBlock
0x56b430 LoadUserProfileW
VERSION.dll
0x56b438 GetFileVersionInfoSizeW
0x56b43c GetFileVersionInfoW
0x56b440 VerQueryValueW
EAT(Export Address Table) Library
0x49c4e2 curl_easy_cleanup
0x49c52a curl_easy_duphandle
0x4a8c64 curl_easy_escape
0x49c514 curl_easy_getinfo
0x49c401 curl_easy_init
0x49c7b1 curl_easy_pause
0x49c44d curl_easy_perform
0x49c901 curl_easy_recv
0x49c72e curl_easy_reset
0x49c950 curl_easy_send
0x49c42f curl_easy_setopt
0x4a66a6 curl_easy_strerror
0x4a8d42 curl_easy_unescape
0x4a8c38 curl_escape
0x4b8a5d curl_formadd
0x4b8ce6 curl_formfree
0x4b8bf2 curl_formget
0x4a6f18 curl_free
0x4b6469 curl_getdate
0x4a8a83 curl_getenv
0x49c3a0 curl_global_cleanup
0x49c270 curl_global_init
0x49c32f curl_global_init_mem
0x49d982 curl_maprintf
0x49daac curl_mfprintf
0x49da8a curl_mprintf
0x49d8f2 curl_msnprintf
0x49da69 curl_msprintf
0x4a6fff curl_multi_add_handle
0x4a899b curl_multi_assign
0x4a7ec0 curl_multi_cleanup
0x4a747c curl_multi_fdset
0x4a7fd1 curl_multi_info_read
0x4a6f8e curl_multi_init
0x4a7e33 curl_multi_perform
0x4a71a5 curl_multi_remove_handle
0x4a84b8 curl_multi_setopt
0x4a8532 curl_multi_socket
0x4a855e curl_multi_socket_action
0x4a858b curl_multi_socket_all
0x4a6a06 curl_multi_strerror
0x4a8639 curl_multi_timeout
0x49d9ec curl_mvaprintf
0x49db08 curl_mvfprintf
0x49dae7 curl_mvprintf
0x49d8a6 curl_mvsnprintf
0x49dac7 curl_mvsprintf
0x4a8ee2 curl_share_cleanup
0x4a8ded curl_share_init
0x4a8e01 curl_share_setopt
0x4a6a7a curl_share_strerror
0x4a2065 curl_slist_append
0x4a20b9 curl_slist_free_all
0x4af6df curl_strequal
0x4af6f6 curl_strnequal
0x4a8c4d curl_unescape
WS2_32.dll
0x56b450 recvfrom
0x56b454 __WSAFDIsSet
0x56b458 getpeername
0x56b45c ioctlsocket
0x56b460 closesocket
0x56b464 recv
0x56b468 select
0x56b46c getsockname
0x56b470 sendto
0x56b474 socket
0x56b478 connect
0x56b47c accept
0x56b480 send
0x56b484 getsockopt
0x56b488 WSAStringToAddressW
0x56b48c WSAAddressToStringW
0x56b490 WSASocketW
0x56b494 WSASend
0x56b498 WSARecv
0x56b49c WSAGetLastError
0x56b4a0 WSASetLastError
0x56b4a4 WSACleanup
0x56b4a8 WSAStartup
0x56b4ac gethostname
0x56b4b0 gethostbyname
0x56b4b4 shutdown
0x56b4b8 setsockopt
0x56b4bc ntohs
0x56b4c0 ntohl
0x56b4c4 listen
0x56b4c8 htons
0x56b4cc htonl
0x56b4d0 ind
KERNEL32.dll
0x56b0ac LocalAlloc
0x56b0b0 LocalFree
0x56b0b4 GetTickCount
0x56b0b8 lstrcmpA
0x56b0bc GetPrivateProfileStringW
0x56b0c0 CreateDirectoryW
0x56b0c4 DeleteFileW
0x56b0c8 WTSGetActiveConsoleSessionId
0x56b0cc GetCurrentThreadId
0x56b0d0 GetExitCodeThread
0x56b0d4 InitializeCriticalSection
0x56b0d8 EnterCriticalSection
0x56b0dc LeaveCriticalSection
0x56b0e0 DeleteCriticalSection
0x56b0e4 GetFileSize
0x56b0e8 GetFileSizeEx
0x56b0ec WriteFile
0x56b0f0 FlushFileBuffers
0x56b0f4 SetEndOfFile
0x56b0f8 SetFilePointer
0x56b0fc SetFilePointerEx
0x56b100 FindClose
0x56b104 RemoveDirectoryW
0x56b108 FindFirstFileW
0x56b10c CopyFileW
0x56b110 MoveFileExW
0x56b114 FindNextFileW
0x56b118 VerSetConditionMask
0x56b11c InterlockedIncrement
0x56b120 InterlockedDecrement
0x56b124 InterlockedExchange
0x56b128 InterlockedExchangeAdd
0x56b12c InterlockedCompareExchange
0x56b130 FreeResource
0x56b134 TerminateThread
0x56b138 SetLastError
0x56b13c CreateIoCompletionPort
0x56b140 GetQueuedCompletionStatus
0x56b144 PostQueuedCompletionStatus
0x56b148 QueueUserAPC
0x56b14c InitializeCriticalSectionAndSpinCount
0x56b150 SetEvent
0x56b154 WaitForMultipleObjects
0x56b158 FormatMessageA
0x56b15c TlsAlloc
0x56b160 TlsGetValue
0x56b164 TlsSetValue
0x56b168 TlsFree
0x56b16c SleepEx
0x56b170 CreateEventW
0x56b174 Process32NextW
0x56b178 SetWaitableTimer
0x56b17c VerifyVersionInfoW
0x56b180 FreeLibrary
0x56b184 VirtualAlloc
0x56b188 VirtualFree
0x56b18c GetSystemInfo
0x56b190 LoadLibraryExW
0x56b194 OpenProcess
0x56b198 lstrcmpiW
0x56b19c GetModuleFileNameW
0x56b1a0 DecodePointer
0x56b1a4 RaiseException
0x56b1a8 GetProcAddress
0x56b1ac GlobalAlloc
0x56b1b0 GlobalLock
0x56b1b4 GlobalUnlock
0x56b1b8 ReadFile
0x56b1bc GetCurrentProcess
0x56b1c0 GetCurrentProcessId
0x56b1c4 SetUnhandledExceptionFilter
0x56b1c8 CreateMutexW
0x56b1cc LoadLibraryW
0x56b1d0 GetModuleHandleW
0x56b1d4 SetCurrentDirectoryW
0x56b1d8 GetModuleHandleA
0x56b1dc GetVersion
0x56b1e0 GetFileType
0x56b1e4 GetStdHandle
0x56b1e8 QueryPerformanceCounter
0x56b1ec GlobalMemoryStatus
0x56b1f0 LoadLibraryA
0x56b1f4 FlushConsoleInputBuffer
0x56b1f8 GetVersionExA
0x56b1fc ExpandEnvironmentStringsA
0x56b200 CreateMutexA
0x56b204 ReleaseMutex
0x56b208 DuplicateHandle
0x56b20c CreateEventA
0x56b210 PeekNamedPipe
0x56b214 SetFileAttributesW
0x56b218 SetFileTime
0x56b21c GetConsoleMode
0x56b220 FileTimeToSystemTime
0x56b224 SystemTimeToTzSpecificLocalTime
0x56b228 GetDriveTypeW
0x56b22c ExitProcess
0x56b230 GetTimeZoneInformation
0x56b234 SetConsoleCtrlHandler
0x56b238 GetModuleHandleExW
0x56b23c ExitThread
0x56b240 Process32FirstW
0x56b244 CreateToolhelp32Snapshot
0x56b248 WideCharToMultiByte
0x56b24c MultiByteToWideChar
0x56b250 GetVersionExW
0x56b254 CreateFileW
0x56b258 FindResourceExW
0x56b25c FindResourceW
0x56b260 OutputDebugStringW
0x56b264 CreateWaitableTimerW
0x56b268 CloseHandle
0x56b26c SizeofResource
0x56b270 LoadResource
0x56b274 Sleep
0x56b278 WaitForSingleObject
0x56b27c GetLastError
0x56b280 GetProcessHeap
0x56b284 HeapSize
0x56b288 HeapFree
0x56b28c HeapReAlloc
0x56b290 HeapAlloc
0x56b294 HeapDestroy
0x56b298 GlobalMemoryStatusEx
0x56b29c LockResource
0x56b2a0 ReadConsoleInputA
0x56b2a4 SetConsoleMode
0x56b2a8 GetACP
0x56b2ac ReadConsoleW
0x56b2b0 GetDateFormatW
0x56b2b4 GetTimeFormatW
0x56b2b8 IsValidLocale
0x56b2bc GetUserDefaultLCID
0x56b2c0 EnumSystemLocalesW
0x56b2c4 GetConsoleCP
0x56b2c8 SetStdHandle
0x56b2cc GetCurrentDirectoryW
0x56b2d0 GetFullPathNameW
0x56b2d4 FindFirstFileExW
0x56b2d8 IsValidCodePage
0x56b2dc GetOEMCP
0x56b2e0 RtlUnwind
0x56b2e4 UnregisterWaitEx
0x56b2e8 QueryDepthSList
0x56b2ec InterlockedFlushSList
0x56b2f0 InterlockedPushEntrySList
0x56b2f4 InterlockedPopEntrySList
0x56b2f8 ReleaseSemaphore
0x56b2fc VirtualProtect
0x56b300 FreeLibraryAndExitThread
0x56b304 GetThreadTimes
0x56b308 UnregisterWait
0x56b30c RegisterWaitForSingleObject
0x56b310 SetThreadAffinityMask
0x56b314 GetProcessAffinityMask
0x56b318 GetNumaHighestNodeNumber
0x56b31c DeleteTimerQueueTimer
0x56b320 ChangeTimerQueueTimer
0x56b324 CreateTimerQueueTimer
0x56b328 GetLogicalProcessorInformation
0x56b32c GetThreadPriority
0x56b330 SetThreadPriority
0x56b334 CreateThread
0x56b338 SignalObjectAndWait
0x56b33c CreateTimerQueue
0x56b340 InitializeSListHead
0x56b344 GetStartupInfoW
0x56b348 IsProcessorFeaturePresent
0x56b34c TerminateProcess
0x56b350 UnhandledExceptionFilter
0x56b354 ResetEvent
0x56b358 GetStringTypeW
0x56b35c GetCommandLineA
0x56b360 GetCommandLineW
0x56b364 GetEnvironmentStringsW
0x56b368 FreeEnvironmentStringsW
0x56b36c SetEnvironmentVariableA
0x56b370 WriteConsoleW
0x56b374 GlobalFree
0x56b378 GetLocaleInfoW
0x56b37c LCMapStringW
0x56b380 CompareStringW
0x56b384 GetCPInfo
0x56b388 GetSystemTimeAsFileTime
0x56b38c EncodePointer
0x56b390 TryEnterCriticalSection
0x56b394 QueryPerformanceFrequency
0x56b398 GetCurrentThread
0x56b39c SwitchToThread
0x56b3a0 WaitForSingleObjectEx
0x56b3a4 FormatMessageW
0x56b3a8 IsDebuggerPresent
USER32.dll
0x56b40c wsprintfW
0x56b410 CharUpperW
0x56b414 MessageBoxA
0x56b418 GetProcessWindowStation
0x56b41c GetUserObjectInformationW
0x56b420 LoadStringW
ADVAPI32.dll
0x56b000 GetUserNameW
0x56b004 RegisterEventSourceW
0x56b008 ReportEventW
0x56b00c CreateProcessAsUserW
0x56b010 DuplicateTokenEx
0x56b014 RevertToSelf
0x56b018 OpenProcessToken
0x56b01c ImpersonateLoggedOnUser
0x56b020 RegCloseKey
0x56b024 RegCreateKeyExW
0x56b028 RegisterEventSourceA
0x56b02c ReportEventA
0x56b030 StartServiceW
0x56b034 StartServiceCtrlDispatcherW
0x56b038 SetServiceStatus
0x56b03c RegisterServiceCtrlHandlerW
0x56b040 QueryServiceStatus
0x56b044 QueryServiceConfigW
0x56b048 OpenServiceW
0x56b04c OpenSCManagerW
0x56b050 DeleteService
0x56b054 CreateServiceW
0x56b058 ControlService
0x56b05c CloseServiceHandle
0x56b060 ChangeServiceConfig2W
0x56b064 ChangeServiceConfigW
0x56b068 RegSetValueExW
0x56b06c RegQueryValueExW
0x56b070 RegOpenKeyExW
0x56b074 RegOpenKeyW
0x56b078 RegEnumKeyW
0x56b07c RegDeleteKeyW
0x56b080 DeregisterEventSource
SHELL32.dll
0x56b3d8 SHGetFolderPathW
0x56b3dc None
0x56b3e0 SHCreateDirectoryExW
0x56b3e4 SHGetSpecialFolderPathW
0x56b3e8 CommandLineToArgvW
0x56b3ec SHFileOperationW
ole32.dll
0x56b4e0 CoCreateInstance
0x56b4e4 CoUninitialize
0x56b4e8 CoInitialize
0x56b4ec CoFreeUnusedLibraries
OLEAUT32.dll
0x56b3bc VariantClear
0x56b3c0 SysAllocString
0x56b3c4 SystemTimeToVariantTime
0x56b3c8 VariantTimeToSystemTime
0x56b3cc VarUdateFromDate
0x56b3d0 SysFreeString
SHLWAPI.dll
0x56b3f4 PathFindExtensionW
0x56b3f8 PathFileExistsW
0x56b3fc StrCmpNA
0x56b400 PathIsDirectoryW
0x56b404 PathCombineW
WINTRUST.dll
0x56b448 WinVerifyTrust
CRYPT32.dll
0x56b088 CryptMsgGetParam
0x56b08c CertCloseStore
0x56b090 CryptDecodeObject
0x56b094 CertFreeCertificateContext
0x56b098 CertGetNameStringW
0x56b09c CryptQueryObject
0x56b0a0 CertFindCertificateInStore
0x56b0a4 CryptMsgClose
MSWSOCK.dll
0x56b3b0 AcceptEx
0x56b3b4 GetAcceptExSockaddrs
WTSAPI32.dll
0x56b4d8 WTSQueryUserToken
USERENV.dll
0x56b428 CreateEnvironmentBlock
0x56b42c DestroyEnvironmentBlock
0x56b430 LoadUserProfileW
VERSION.dll
0x56b438 GetFileVersionInfoSizeW
0x56b43c GetFileVersionInfoW
0x56b440 VerQueryValueW
EAT(Export Address Table) Library
0x49c4e2 curl_easy_cleanup
0x49c52a curl_easy_duphandle
0x4a8c64 curl_easy_escape
0x49c514 curl_easy_getinfo
0x49c401 curl_easy_init
0x49c7b1 curl_easy_pause
0x49c44d curl_easy_perform
0x49c901 curl_easy_recv
0x49c72e curl_easy_reset
0x49c950 curl_easy_send
0x49c42f curl_easy_setopt
0x4a66a6 curl_easy_strerror
0x4a8d42 curl_easy_unescape
0x4a8c38 curl_escape
0x4b8a5d curl_formadd
0x4b8ce6 curl_formfree
0x4b8bf2 curl_formget
0x4a6f18 curl_free
0x4b6469 curl_getdate
0x4a8a83 curl_getenv
0x49c3a0 curl_global_cleanup
0x49c270 curl_global_init
0x49c32f curl_global_init_mem
0x49d982 curl_maprintf
0x49daac curl_mfprintf
0x49da8a curl_mprintf
0x49d8f2 curl_msnprintf
0x49da69 curl_msprintf
0x4a6fff curl_multi_add_handle
0x4a899b curl_multi_assign
0x4a7ec0 curl_multi_cleanup
0x4a747c curl_multi_fdset
0x4a7fd1 curl_multi_info_read
0x4a6f8e curl_multi_init
0x4a7e33 curl_multi_perform
0x4a71a5 curl_multi_remove_handle
0x4a84b8 curl_multi_setopt
0x4a8532 curl_multi_socket
0x4a855e curl_multi_socket_action
0x4a858b curl_multi_socket_all
0x4a6a06 curl_multi_strerror
0x4a8639 curl_multi_timeout
0x49d9ec curl_mvaprintf
0x49db08 curl_mvfprintf
0x49dae7 curl_mvprintf
0x49d8a6 curl_mvsnprintf
0x49dac7 curl_mvsprintf
0x4a8ee2 curl_share_cleanup
0x4a8ded curl_share_init
0x4a8e01 curl_share_setopt
0x4a6a7a curl_share_strerror
0x4a2065 curl_slist_append
0x4a20b9 curl_slist_free_all
0x4af6df curl_strequal
0x4af6f6 curl_strnequal
0x4a8c4d curl_unescape