ScreenShot
| Created | 2025.01.12 14:34 | Machine | s1_win7_x6403 |
| Filename | win.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 55 detected (Miner, tstT, Malicious, score, Ghanarava, Unsafe, grayware, confidence, CryptoMiner, Attribute, HighConfidence, Windows, CoinMiner, MiscX, RiskTool, XMRigMiner, HackTool, XMRMiner, CLASSIC, PotentialRisk, BitMiner, Real Protect, XMRig Miner, Static AI, Malicious PE, Bitcoinminer, Detected, XMRig, ApplicUnwnt@#2ke5rqpsy3n28, Eldorado, Artemis, eTYPNp2GCAQ, susgen) | ||
| md5 | f6d520ae125f03056c4646c508218d16 | ||
| sha256 | d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1 | ||
| ssdeep | 98304:JtRK2Xvf49fuI0nBkLuFvJr4XGCkc/zF2fz5IZ4ePzpS+KdbjrD/6K+TU3nA:I2Xv42VKzYz6Z4qSndf3D+TU3A | ||
| imphash | a18fc2f25c6acc165a4bd1c9e694f93e | ||
| impfuzzy | 96:oPy57iyLULX1ojQW5WNqpxgIJkIOr8fcg+3XdfLuclZ7VtGBgiM3GF7OXtiIX/rM:j5CFWQW5WNqpxPkIOHwewXE1X/rbI | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x140427918 WSASetLastError
0x140427920 send
0x140427928 recv
0x140427930 ntohs
0x140427938 htons
0x140427940 htonl
0x140427948 inet_addr
0x140427950 inet_ntoa
0x140427958 gethostbyaddr
0x140427960 WSAGetLastError
0x140427968 WSAIoctl
0x140427970 gethostbyname
0x140427978 WSARecvFrom
0x140427980 WSASocketW
0x140427988 WSASend
0x140427990 WSARecv
0x140427998 gethostname
0x1404279a0 WSADuplicateSocketW
0x1404279a8 getpeername
0x1404279b0 FreeAddrInfoW
0x1404279b8 GetAddrInfoW
0x1404279c0 shutdown
0x1404279c8 socket
0x1404279d0 setsockopt
0x1404279d8 listen
0x1404279e0 connect
0x1404279e8 closesocket
0x1404279f0 ind
0x1404279f8 WSACleanup
0x140427a00 WSAStartup
0x140427a08 select
0x140427a10 getsockopt
0x140427a18 getsockname
0x140427a20 ioctlsocket
0x140427a28 getservbyname
0x140427a30 getservbyport
IPHLPAPI.DLL
0x140427150 GetAdaptersAddresses
USERENV.dll
0x140427908 GetUserProfileDirectoryW
CRYPT32.dll
0x140427110 CertFreeCertificateContext
0x140427118 CertFindCertificateInStore
0x140427120 CertEnumCertificatesInStore
0x140427128 CertCloseStore
0x140427130 CertOpenStore
0x140427138 CertGetCertificateContextProperty
0x140427140 CertDuplicateCertificateContext
KERNEL32.dll
0x140427160 GetStringTypeW
0x140427168 InitializeCriticalSectionAndSpinCount
0x140427170 CreateEventW
0x140427178 WriteConsoleW
0x140427180 SetConsoleTitleA
0x140427188 GetStdHandle
0x140427190 SetConsoleMode
0x140427198 GetConsoleMode
0x1404271a0 QueryPerformanceFrequency
0x1404271a8 QueryPerformanceCounter
0x1404271b0 SizeofResource
0x1404271b8 LockResource
0x1404271c0 LoadResource
0x1404271c8 FindResourceW
0x1404271d0 ExpandEnvironmentStringsA
0x1404271d8 GetConsoleWindow
0x1404271e0 GetSystemFirmwareTable
0x1404271e8 HeapFree
0x1404271f0 HeapAlloc
0x1404271f8 GetProcessHeap
0x140427200 MultiByteToWideChar
0x140427208 SetPriorityClass
0x140427210 GetCurrentProcess
0x140427218 SetThreadPriority
0x140427220 GetSystemPowerStatus
0x140427228 GetCurrentThread
0x140427230 GetProcAddress
0x140427238 GetModuleHandleW
0x140427240 GetTickCount
0x140427248 CloseHandle
0x140427250 FreeConsole
0x140427258 VirtualProtect
0x140427260 VirtualFree
0x140427268 VirtualAlloc
0x140427270 GetLargePageMinimum
0x140427278 LocalAlloc
0x140427280 GetLastError
0x140427288 LocalFree
0x140427290 FlushInstructionCache
0x140427298 GetCurrentThreadId
0x1404272a0 AddVectoredExceptionHandler
0x1404272a8 DeviceIoControl
0x1404272b0 GetModuleFileNameW
0x1404272b8 CreateFileW
0x1404272c0 SetLastError
0x1404272c8 GetSystemTime
0x1404272d0 SystemTimeToFileTime
0x1404272d8 GetModuleHandleExW
0x1404272e0 Sleep
0x1404272e8 InitializeSRWLock
0x1404272f0 ReleaseSRWLockExclusive
0x1404272f8 ReleaseSRWLockShared
0x140427300 AcquireSRWLockExclusive
0x140427308 AcquireSRWLockShared
0x140427310 TlsAlloc
0x140427318 TlsGetValue
0x140427320 TlsSetValue
0x140427328 TlsFree
0x140427330 GetSystemInfo
0x140427338 SwitchToFiber
0x140427340 DeleteFiber
0x140427348 CreateFiberEx
0x140427350 FindClose
0x140427358 FindFirstFileW
0x140427360 FindNextFileW
0x140427368 WideCharToMultiByte
0x140427370 GetSystemDirectoryA
0x140427378 FreeLibrary
0x140427380 LoadLibraryA
0x140427388 FormatMessageA
0x140427390 GetFileType
0x140427398 WriteFile
0x1404273a0 GetEnvironmentVariableW
0x1404273a8 GetACP
0x1404273b0 ConvertFiberToThread
0x1404273b8 ConvertThreadToFiberEx
0x1404273c0 GetCurrentProcessId
0x1404273c8 GetSystemTimeAsFileTime
0x1404273d0 LoadLibraryW
0x1404273d8 ReadConsoleA
0x1404273e0 ReadConsoleW
0x1404273e8 PostQueuedCompletionStatus
0x1404273f0 CreateFileA
0x1404273f8 DuplicateHandle
0x140427400 SetEvent
0x140427408 ResetEvent
0x140427410 WaitForSingleObject
0x140427418 CreateEventA
0x140427420 QueueUserWorkItem
0x140427428 RegisterWaitForSingleObject
0x140427430 UnregisterWait
0x140427438 GetNumberOfConsoleInputEvents
0x140427440 ReadConsoleInputW
0x140427448 FillConsoleOutputCharacterW
0x140427450 FillConsoleOutputAttribute
0x140427458 GetConsoleCursorInfo
0x140427460 SetConsoleCursorInfo
0x140427468 GetConsoleScreenBufferInfo
0x140427470 SetConsoleCursorPosition
0x140427478 SetConsoleTextAttribute
0x140427480 WriteConsoleInputW
0x140427488 CreateDirectoryW
0x140427490 FlushFileBuffers
0x140427498 GetDiskFreeSpaceW
0x1404274a0 GetFileAttributesW
0x1404274a8 RtlCaptureContext
0x1404274b0 RtlLookupFunctionEntry
0x1404274b8 GetFinalPathNameByHandleW
0x1404274c0 GetFullPathNameW
0x1404274c8 ReadFile
0x1404274d0 RemoveDirectoryW
0x1404274d8 SetFilePointerEx
0x1404274e0 SetFileTime
0x1404274e8 MapViewOfFile
0x1404274f0 FlushViewOfFile
0x1404274f8 UnmapViewOfFile
0x140427500 CreateFileMappingA
0x140427508 ReOpenFile
0x140427510 CopyFileW
0x140427518 MoveFileExW
0x140427520 CreateHardLinkW
0x140427528 GetFileInformationByHandleEx
0x140427530 CreateSymbolicLinkW
0x140427538 InitializeCriticalSection
0x140427540 EnterCriticalSection
0x140427548 LeaveCriticalSection
0x140427550 TryEnterCriticalSection
0x140427558 DeleteCriticalSection
0x140427560 InitOnceExecuteOnce
0x140427568 InitializeConditionVariable
0x140427570 WakeConditionVariable
0x140427578 WakeAllConditionVariable
0x140427580 SleepConditionVariableCS
0x140427588 ReleaseSemaphore
0x140427590 ResumeThread
0x140427598 GetNativeSystemInfo
0x1404275a0 GetProcessAffinityMask
0x1404275a8 SetThreadAffinityMask
0x1404275b0 CreateSemaphoreA
0x1404275b8 SetConsoleCtrlHandler
0x1404275c0 RtlUnwind
0x1404275c8 GetLongPathNameW
0x1404275d0 GetShortPathNameW
0x1404275d8 CreateIoCompletionPort
0x1404275e0 ReadDirectoryChangesW
0x1404275e8 GetEnvironmentStringsW
0x1404275f0 FreeEnvironmentStringsW
0x1404275f8 SetEnvironmentVariableW
0x140427600 SetCurrentDirectoryW
0x140427608 GetTempPathW
0x140427610 GlobalMemoryStatusEx
0x140427618 FileTimeToSystemTime
0x140427620 K32GetProcessMemoryInfo
0x140427628 SetHandleInformation
0x140427630 CancelIoEx
0x140427638 CancelIo
0x140427640 SwitchToThread
0x140427648 SetFileCompletionNotificationModes
0x140427650 LoadLibraryExW
0x140427658 SetErrorMode
0x140427660 GetQueuedCompletionStatus
0x140427668 ConnectNamedPipe
0x140427670 SetNamedPipeHandleState
0x140427678 PeekNamedPipe
0x140427680 CreateNamedPipeW
0x140427688 GetOverlappedResult
0x140427690 CancelSynchronousIo
0x140427698 GetNamedPipeHandleStateA
0x1404276a0 GetNamedPipeClientProcessId
0x1404276a8 GetNamedPipeServerProcessId
0x1404276b0 TerminateProcess
0x1404276b8 GetExitCodeProcess
0x1404276c0 UnregisterWaitEx
0x1404276c8 DebugBreak
0x1404276d0 GetModuleHandleA
0x1404276d8 LoadLibraryExA
0x1404276e0 GetStartupInfoW
0x1404276e8 GetModuleFileNameA
0x1404276f0 GetVersionExA
0x1404276f8 SetProcessAffinityMask
0x140427700 GetComputerNameA
0x140427708 FlsFree
0x140427710 FlsSetValue
0x140427718 FlsGetValue
0x140427720 FlsAlloc
0x140427728 GetCPInfo
0x140427730 RtlVirtualUnwind
0x140427738 GetFileSizeEx
0x140427740 UnhandledExceptionFilter
0x140427748 SetUnhandledExceptionFilter
0x140427750 IsProcessorFeaturePresent
0x140427758 IsDebuggerPresent
0x140427760 InitializeSListHead
0x140427768 RtlUnwindEx
0x140427770 RtlPcToFileHeader
0x140427778 RaiseException
0x140427780 SetStdHandle
0x140427788 GetCommandLineA
0x140427790 GetCommandLineW
0x140427798 CreateThread
0x1404277a0 ExitThread
0x1404277a8 FreeLibraryAndExitThread
0x1404277b0 GetDriveTypeW
0x1404277b8 SystemTimeToTzSpecificLocalTime
0x1404277c0 ExitProcess
0x1404277c8 GetFileAttributesExW
0x1404277d0 SetFileAttributesW
0x1404277d8 GetConsoleOutputCP
0x1404277e0 CompareStringW
0x1404277e8 LCMapStringW
0x1404277f0 GetLocaleInfoW
0x1404277f8 IsValidLocale
0x140427800 GetUserDefaultLCID
0x140427808 EnumSystemLocalesW
0x140427810 HeapReAlloc
0x140427818 GetTimeZoneInformation
0x140427820 HeapSize
0x140427828 SetEndOfFile
0x140427830 FindFirstFileExW
0x140427838 IsValidCodePage
0x140427840 GetOEMCP
0x140427848 GetFileInformationByHandle
0x140427850 GetCurrentDirectoryW
0x140427858 CompareStringEx
0x140427860 LCMapStringEx
0x140427868 InitializeCriticalSectionEx
0x140427870 WaitForSingleObjectEx
0x140427878 GetExitCodeThread
0x140427880 SleepConditionVariableSRW
0x140427888 EncodePointer
0x140427890 DecodePointer
USER32.dll
0x1404278b0 GetLastInputInfo
0x1404278b8 MessageBoxW
0x1404278c0 GetProcessWindowStation
0x1404278c8 TranslateMessage
0x1404278d0 GetUserObjectInformationW
0x1404278d8 ShowWindow
0x1404278e0 DispatchMessageA
0x1404278e8 GetSystemMetrics
0x1404278f0 MapVirtualKeyW
0x1404278f8 GetMessageA
SHELL32.dll
0x1404278a0 SHGetSpecialFolderPathA
ole32.dll
0x140427a50 CoInitializeEx
0x140427a58 CoUninitialize
0x140427a60 CoCreateInstance
ADVAPI32.dll
0x140427000 SystemFunction036
0x140427008 GetUserNameW
0x140427010 ReportEventW
0x140427018 RegisterEventSourceW
0x140427020 DeregisterEventSource
0x140427028 CryptEnumProvidersW
0x140427030 CryptSignHashW
0x140427038 CryptDestroyHash
0x140427040 CryptCreateHash
0x140427048 CryptDecrypt
0x140427050 CryptExportKey
0x140427058 CryptGetUserKey
0x140427060 CryptGetProvParam
0x140427068 CryptSetHashParam
0x140427070 CryptDestroyKey
0x140427078 CryptReleaseContext
0x140427080 CryptAcquireContextW
0x140427088 CreateServiceW
0x140427090 QueryServiceStatus
0x140427098 CloseServiceHandle
0x1404270a0 OpenSCManagerW
0x1404270a8 QueryServiceConfigA
0x1404270b0 DeleteService
0x1404270b8 ControlService
0x1404270c0 StartServiceW
0x1404270c8 OpenServiceW
0x1404270d0 LookupPrivilegeValueW
0x1404270d8 AdjustTokenPrivileges
0x1404270e0 OpenProcessToken
0x1404270e8 LsaOpenPolicy
0x1404270f0 LsaAddAccountRights
0x1404270f8 LsaClose
0x140427100 GetTokenInformation
crypt.dll
0x140427a40 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x140427918 WSASetLastError
0x140427920 send
0x140427928 recv
0x140427930 ntohs
0x140427938 htons
0x140427940 htonl
0x140427948 inet_addr
0x140427950 inet_ntoa
0x140427958 gethostbyaddr
0x140427960 WSAGetLastError
0x140427968 WSAIoctl
0x140427970 gethostbyname
0x140427978 WSARecvFrom
0x140427980 WSASocketW
0x140427988 WSASend
0x140427990 WSARecv
0x140427998 gethostname
0x1404279a0 WSADuplicateSocketW
0x1404279a8 getpeername
0x1404279b0 FreeAddrInfoW
0x1404279b8 GetAddrInfoW
0x1404279c0 shutdown
0x1404279c8 socket
0x1404279d0 setsockopt
0x1404279d8 listen
0x1404279e0 connect
0x1404279e8 closesocket
0x1404279f0 ind
0x1404279f8 WSACleanup
0x140427a00 WSAStartup
0x140427a08 select
0x140427a10 getsockopt
0x140427a18 getsockname
0x140427a20 ioctlsocket
0x140427a28 getservbyname
0x140427a30 getservbyport
IPHLPAPI.DLL
0x140427150 GetAdaptersAddresses
USERENV.dll
0x140427908 GetUserProfileDirectoryW
CRYPT32.dll
0x140427110 CertFreeCertificateContext
0x140427118 CertFindCertificateInStore
0x140427120 CertEnumCertificatesInStore
0x140427128 CertCloseStore
0x140427130 CertOpenStore
0x140427138 CertGetCertificateContextProperty
0x140427140 CertDuplicateCertificateContext
KERNEL32.dll
0x140427160 GetStringTypeW
0x140427168 InitializeCriticalSectionAndSpinCount
0x140427170 CreateEventW
0x140427178 WriteConsoleW
0x140427180 SetConsoleTitleA
0x140427188 GetStdHandle
0x140427190 SetConsoleMode
0x140427198 GetConsoleMode
0x1404271a0 QueryPerformanceFrequency
0x1404271a8 QueryPerformanceCounter
0x1404271b0 SizeofResource
0x1404271b8 LockResource
0x1404271c0 LoadResource
0x1404271c8 FindResourceW
0x1404271d0 ExpandEnvironmentStringsA
0x1404271d8 GetConsoleWindow
0x1404271e0 GetSystemFirmwareTable
0x1404271e8 HeapFree
0x1404271f0 HeapAlloc
0x1404271f8 GetProcessHeap
0x140427200 MultiByteToWideChar
0x140427208 SetPriorityClass
0x140427210 GetCurrentProcess
0x140427218 SetThreadPriority
0x140427220 GetSystemPowerStatus
0x140427228 GetCurrentThread
0x140427230 GetProcAddress
0x140427238 GetModuleHandleW
0x140427240 GetTickCount
0x140427248 CloseHandle
0x140427250 FreeConsole
0x140427258 VirtualProtect
0x140427260 VirtualFree
0x140427268 VirtualAlloc
0x140427270 GetLargePageMinimum
0x140427278 LocalAlloc
0x140427280 GetLastError
0x140427288 LocalFree
0x140427290 FlushInstructionCache
0x140427298 GetCurrentThreadId
0x1404272a0 AddVectoredExceptionHandler
0x1404272a8 DeviceIoControl
0x1404272b0 GetModuleFileNameW
0x1404272b8 CreateFileW
0x1404272c0 SetLastError
0x1404272c8 GetSystemTime
0x1404272d0 SystemTimeToFileTime
0x1404272d8 GetModuleHandleExW
0x1404272e0 Sleep
0x1404272e8 InitializeSRWLock
0x1404272f0 ReleaseSRWLockExclusive
0x1404272f8 ReleaseSRWLockShared
0x140427300 AcquireSRWLockExclusive
0x140427308 AcquireSRWLockShared
0x140427310 TlsAlloc
0x140427318 TlsGetValue
0x140427320 TlsSetValue
0x140427328 TlsFree
0x140427330 GetSystemInfo
0x140427338 SwitchToFiber
0x140427340 DeleteFiber
0x140427348 CreateFiberEx
0x140427350 FindClose
0x140427358 FindFirstFileW
0x140427360 FindNextFileW
0x140427368 WideCharToMultiByte
0x140427370 GetSystemDirectoryA
0x140427378 FreeLibrary
0x140427380 LoadLibraryA
0x140427388 FormatMessageA
0x140427390 GetFileType
0x140427398 WriteFile
0x1404273a0 GetEnvironmentVariableW
0x1404273a8 GetACP
0x1404273b0 ConvertFiberToThread
0x1404273b8 ConvertThreadToFiberEx
0x1404273c0 GetCurrentProcessId
0x1404273c8 GetSystemTimeAsFileTime
0x1404273d0 LoadLibraryW
0x1404273d8 ReadConsoleA
0x1404273e0 ReadConsoleW
0x1404273e8 PostQueuedCompletionStatus
0x1404273f0 CreateFileA
0x1404273f8 DuplicateHandle
0x140427400 SetEvent
0x140427408 ResetEvent
0x140427410 WaitForSingleObject
0x140427418 CreateEventA
0x140427420 QueueUserWorkItem
0x140427428 RegisterWaitForSingleObject
0x140427430 UnregisterWait
0x140427438 GetNumberOfConsoleInputEvents
0x140427440 ReadConsoleInputW
0x140427448 FillConsoleOutputCharacterW
0x140427450 FillConsoleOutputAttribute
0x140427458 GetConsoleCursorInfo
0x140427460 SetConsoleCursorInfo
0x140427468 GetConsoleScreenBufferInfo
0x140427470 SetConsoleCursorPosition
0x140427478 SetConsoleTextAttribute
0x140427480 WriteConsoleInputW
0x140427488 CreateDirectoryW
0x140427490 FlushFileBuffers
0x140427498 GetDiskFreeSpaceW
0x1404274a0 GetFileAttributesW
0x1404274a8 RtlCaptureContext
0x1404274b0 RtlLookupFunctionEntry
0x1404274b8 GetFinalPathNameByHandleW
0x1404274c0 GetFullPathNameW
0x1404274c8 ReadFile
0x1404274d0 RemoveDirectoryW
0x1404274d8 SetFilePointerEx
0x1404274e0 SetFileTime
0x1404274e8 MapViewOfFile
0x1404274f0 FlushViewOfFile
0x1404274f8 UnmapViewOfFile
0x140427500 CreateFileMappingA
0x140427508 ReOpenFile
0x140427510 CopyFileW
0x140427518 MoveFileExW
0x140427520 CreateHardLinkW
0x140427528 GetFileInformationByHandleEx
0x140427530 CreateSymbolicLinkW
0x140427538 InitializeCriticalSection
0x140427540 EnterCriticalSection
0x140427548 LeaveCriticalSection
0x140427550 TryEnterCriticalSection
0x140427558 DeleteCriticalSection
0x140427560 InitOnceExecuteOnce
0x140427568 InitializeConditionVariable
0x140427570 WakeConditionVariable
0x140427578 WakeAllConditionVariable
0x140427580 SleepConditionVariableCS
0x140427588 ReleaseSemaphore
0x140427590 ResumeThread
0x140427598 GetNativeSystemInfo
0x1404275a0 GetProcessAffinityMask
0x1404275a8 SetThreadAffinityMask
0x1404275b0 CreateSemaphoreA
0x1404275b8 SetConsoleCtrlHandler
0x1404275c0 RtlUnwind
0x1404275c8 GetLongPathNameW
0x1404275d0 GetShortPathNameW
0x1404275d8 CreateIoCompletionPort
0x1404275e0 ReadDirectoryChangesW
0x1404275e8 GetEnvironmentStringsW
0x1404275f0 FreeEnvironmentStringsW
0x1404275f8 SetEnvironmentVariableW
0x140427600 SetCurrentDirectoryW
0x140427608 GetTempPathW
0x140427610 GlobalMemoryStatusEx
0x140427618 FileTimeToSystemTime
0x140427620 K32GetProcessMemoryInfo
0x140427628 SetHandleInformation
0x140427630 CancelIoEx
0x140427638 CancelIo
0x140427640 SwitchToThread
0x140427648 SetFileCompletionNotificationModes
0x140427650 LoadLibraryExW
0x140427658 SetErrorMode
0x140427660 GetQueuedCompletionStatus
0x140427668 ConnectNamedPipe
0x140427670 SetNamedPipeHandleState
0x140427678 PeekNamedPipe
0x140427680 CreateNamedPipeW
0x140427688 GetOverlappedResult
0x140427690 CancelSynchronousIo
0x140427698 GetNamedPipeHandleStateA
0x1404276a0 GetNamedPipeClientProcessId
0x1404276a8 GetNamedPipeServerProcessId
0x1404276b0 TerminateProcess
0x1404276b8 GetExitCodeProcess
0x1404276c0 UnregisterWaitEx
0x1404276c8 DebugBreak
0x1404276d0 GetModuleHandleA
0x1404276d8 LoadLibraryExA
0x1404276e0 GetStartupInfoW
0x1404276e8 GetModuleFileNameA
0x1404276f0 GetVersionExA
0x1404276f8 SetProcessAffinityMask
0x140427700 GetComputerNameA
0x140427708 FlsFree
0x140427710 FlsSetValue
0x140427718 FlsGetValue
0x140427720 FlsAlloc
0x140427728 GetCPInfo
0x140427730 RtlVirtualUnwind
0x140427738 GetFileSizeEx
0x140427740 UnhandledExceptionFilter
0x140427748 SetUnhandledExceptionFilter
0x140427750 IsProcessorFeaturePresent
0x140427758 IsDebuggerPresent
0x140427760 InitializeSListHead
0x140427768 RtlUnwindEx
0x140427770 RtlPcToFileHeader
0x140427778 RaiseException
0x140427780 SetStdHandle
0x140427788 GetCommandLineA
0x140427790 GetCommandLineW
0x140427798 CreateThread
0x1404277a0 ExitThread
0x1404277a8 FreeLibraryAndExitThread
0x1404277b0 GetDriveTypeW
0x1404277b8 SystemTimeToTzSpecificLocalTime
0x1404277c0 ExitProcess
0x1404277c8 GetFileAttributesExW
0x1404277d0 SetFileAttributesW
0x1404277d8 GetConsoleOutputCP
0x1404277e0 CompareStringW
0x1404277e8 LCMapStringW
0x1404277f0 GetLocaleInfoW
0x1404277f8 IsValidLocale
0x140427800 GetUserDefaultLCID
0x140427808 EnumSystemLocalesW
0x140427810 HeapReAlloc
0x140427818 GetTimeZoneInformation
0x140427820 HeapSize
0x140427828 SetEndOfFile
0x140427830 FindFirstFileExW
0x140427838 IsValidCodePage
0x140427840 GetOEMCP
0x140427848 GetFileInformationByHandle
0x140427850 GetCurrentDirectoryW
0x140427858 CompareStringEx
0x140427860 LCMapStringEx
0x140427868 InitializeCriticalSectionEx
0x140427870 WaitForSingleObjectEx
0x140427878 GetExitCodeThread
0x140427880 SleepConditionVariableSRW
0x140427888 EncodePointer
0x140427890 DecodePointer
USER32.dll
0x1404278b0 GetLastInputInfo
0x1404278b8 MessageBoxW
0x1404278c0 GetProcessWindowStation
0x1404278c8 TranslateMessage
0x1404278d0 GetUserObjectInformationW
0x1404278d8 ShowWindow
0x1404278e0 DispatchMessageA
0x1404278e8 GetSystemMetrics
0x1404278f0 MapVirtualKeyW
0x1404278f8 GetMessageA
SHELL32.dll
0x1404278a0 SHGetSpecialFolderPathA
ole32.dll
0x140427a50 CoInitializeEx
0x140427a58 CoUninitialize
0x140427a60 CoCreateInstance
ADVAPI32.dll
0x140427000 SystemFunction036
0x140427008 GetUserNameW
0x140427010 ReportEventW
0x140427018 RegisterEventSourceW
0x140427020 DeregisterEventSource
0x140427028 CryptEnumProvidersW
0x140427030 CryptSignHashW
0x140427038 CryptDestroyHash
0x140427040 CryptCreateHash
0x140427048 CryptDecrypt
0x140427050 CryptExportKey
0x140427058 CryptGetUserKey
0x140427060 CryptGetProvParam
0x140427068 CryptSetHashParam
0x140427070 CryptDestroyKey
0x140427078 CryptReleaseContext
0x140427080 CryptAcquireContextW
0x140427088 CreateServiceW
0x140427090 QueryServiceStatus
0x140427098 CloseServiceHandle
0x1404270a0 OpenSCManagerW
0x1404270a8 QueryServiceConfigA
0x1404270b0 DeleteService
0x1404270b8 ControlService
0x1404270c0 StartServiceW
0x1404270c8 OpenServiceW
0x1404270d0 LookupPrivilegeValueW
0x1404270d8 AdjustTokenPrivileges
0x1404270e0 OpenProcessToken
0x1404270e8 LsaOpenPolicy
0x1404270f0 LsaAddAccountRights
0x1404270f8 LsaClose
0x140427100 GetTokenInformation
crypt.dll
0x140427a40 BCryptGenRandom
EAT(Export Address Table) is none