ScreenShot
| Created | 2025.02.24 12:07 | Machine | s1_win7_x6401 |
| Filename | Mizedo.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 64 detected (Windows, Hacktool, Mimikatz, Malicious, score, S13719266, Ransomware, GenericKD, Unsafe, uwccg, CHMF, HacktoolX, Tool, hddnuq, CLASSIC, wtjqu, Static AI, Malicious PE, Detected, ai score=100, Malware@#3p7xsaxu4ql8i, GURI, R290617, HTool, BScope, TrojanPSW, HackingTool, HeNaQklqKtk, Mikatz, susgen, NetWalker, confidence, 100%) | ||
| md5 | 46f366e3ee36c05ab5a7a319319f7c72 | ||
| sha256 | 2e8092205a2ded4b07e9d10d0ec02eba0ffcf1d370cab88c5221a749915f678a | ||
| ssdeep | 24576:ZUawjJv4xFV1To1GPC31fILaq/K34UQCxWw:daOxnOB3aLbK3R5Qw | ||
| imphash | f1f5d7c44930a687e54a18242f91deb2 | ||
| impfuzzy | 192:lUQG9i0nAAoMCpdCuGIOqWN0rYGXTfZfWUQfv9TfBaGZ1yRUnA6di6H:l/muMCpFHT4v9Tr1yRUfdii | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 64 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x495000 CryptSetHashParam
0x495004 CryptGetHashParam
0x495008 CryptExportKey
0x49500c CryptAcquireContextW
0x495010 CryptSetKeyParam
0x495014 CryptGetKeyParam
0x495018 CryptReleaseContext
0x49501c CryptDuplicateKey
0x495020 CryptAcquireContextA
0x495024 CryptGetProvParam
0x495028 CryptImportKey
0x49502c SystemFunction007
0x495030 CryptEncrypt
0x495034 CryptCreateHash
0x495038 CryptGenKey
0x49503c CryptDestroyKey
0x495040 CryptDecrypt
0x495044 CryptDestroyHash
0x495048 CryptHashData
0x49504c CopySid
0x495050 GetLengthSid
0x495054 LsaQueryInformationPolicy
0x495058 LsaOpenPolicy
0x49505c LsaClose
0x495060 CreateWellKnownSid
0x495064 CreateProcessWithLogonW
0x495068 CreateProcessAsUserW
0x49506c RegQueryValueExW
0x495070 RegQueryInfoKeyW
0x495074 RegEnumValueW
0x495078 RegOpenKeyExW
0x49507c RegEnumKeyExW
0x495080 RegCloseKey
0x495084 RegSetValueExW
0x495088 SystemFunction032
0x49508c ConvertSidToStringSidW
0x495090 CreateServiceW
0x495094 CloseServiceHandle
0x495098 DeleteService
0x49509c OpenSCManagerW
0x4950a0 SetServiceObjectSecurity
0x4950a4 OpenServiceW
0x4950a8 BuildSecurityDescriptorW
0x4950ac QueryServiceObjectSecurity
0x4950b0 StartServiceW
0x4950b4 AllocateAndInitializeSid
0x4950b8 QueryServiceStatusEx
0x4950bc FreeSid
0x4950c0 ControlService
0x4950c4 IsTextUnicode
0x4950c8 OpenProcessToken
0x4950cc GetTokenInformation
0x4950d0 LookupAccountNameW
0x4950d4 LookupAccountSidW
0x4950d8 DuplicateTokenEx
0x4950dc CheckTokenMembership
0x4950e0 CryptSetProvParam
0x4950e4 CryptEnumProvidersW
0x4950e8 ConvertStringSidToSidW
0x4950ec LsaFreeMemory
0x4950f0 GetSidSubAuthority
0x4950f4 GetSidSubAuthorityCount
0x4950f8 IsValidSid
0x4950fc SetThreadToken
0x495100 CryptEnumProviderTypesW
0x495104 SystemFunction006
0x495108 CryptGetUserKey
0x49510c OpenEventLogW
0x495110 GetNumberOfEventLogRecords
0x495114 ClearEventLogW
0x495118 SystemFunction001
0x49511c CryptDeriveKey
0x495120 SystemFunction005
0x495124 LsaQueryTrustedDomainInfoByName
0x495128 CryptSignHashW
0x49512c LsaOpenSecret
0x495130 LsaQuerySecret
0x495134 SystemFunction013
0x495138 LsaRetrievePrivateData
0x49513c LsaEnumerateTrustedDomainsEx
0x495140 LookupPrivilegeValueW
0x495144 StartServiceCtrlDispatcherW
0x495148 SetServiceStatus
0x49514c RegisterServiceCtrlHandlerW
0x495150 LookupPrivilegeNameW
0x495154 OpenThreadToken
0x495158 CredFree
0x49515c CredEnumerateW
0x495160 SystemFunction025
0x495164 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x495168 SystemFunction024
0x49516c CredIsMarshaledCredentialW
0x495170 CredUnmarshalCredentialW
Cabinet.dll
0x4951e4 None
0x4951e8 None
0x4951ec None
0x4951f0 None
CRYPT32.dll
0x495178 CertFindCertificateInStore
0x49517c CertEnumSystemStore
0x495180 CertEnumCertificatesInStore
0x495184 CertAddCertificateContextToStore
0x495188 CryptDecodeObjectEx
0x49518c CertAddEncodedCertificateToStore
0x495190 CertOpenStore
0x495194 CertFreeCertificateContext
0x495198 CertCloseStore
0x49519c CertSetCertificateContextProperty
0x4951a0 PFXExportCertStoreEx
0x4951a4 CryptUnprotectData
0x4951a8 CryptBinaryToStringW
0x4951ac CryptBinaryToStringA
0x4951b0 CryptStringToBinaryW
0x4951b4 CryptExportPublicKeyInfo
0x4951b8 CryptFindOIDInfo
0x4951bc CryptAcquireCertificatePrivateKey
0x4951c0 CertNameToStrW
0x4951c4 CryptStringToBinaryA
0x4951c8 CertGetCertificateContextProperty
0x4951cc CryptSignAndEncodeCertificate
0x4951d0 CryptEncodeObject
0x4951d4 CryptProtectData
0x4951d8 CryptQueryObject
0x4951dc CertGetNameStringW
cryptdll.dll
0x495758 MD5Init
0x49575c MD5Update
0x495760 MD5Final
0x495764 CDLocateCSystem
0x495768 CDGenerateRandomBits
0x49576c CDLocateCheckSum
DNSAPI.dll
0x4951f8 DnsFree
0x4951fc DnsQuery_A
FLTLIB.DLL
0x495204 FilterFindFirst
0x495208 FilterFindNext
NETAPI32.dll
0x495468 NetServerGetInfo
0x49546c NetStatisticsGet
0x495470 NetShareEnum
0x495474 DsEnumerateDomainTrustsW
0x495478 DsGetDcNameW
0x49547c NetApiBufferFree
0x495480 NetRemoteTOD
0x495484 NetSessionEnum
0x495488 NetWkstaUserEnum
ole32.dll
0x495960 CoInitializeEx
0x495964 CoUninitialize
0x495968 CoCreateInstance
OLEAUT32.dll
0x495490 VariantInit
0x495494 SysFreeString
0x495498 SysAllocString
RPCRT4.dll
0x4954a0 RpcMgmtEpEltInqNextW
0x4954a4 RpcMgmtEpEltInqBegin
0x4954a8 I_RpcGetCurrentCallHandle
0x4954ac NdrClientCall2
0x4954b0 RpcMgmtEpEltInqDone
0x4954b4 RpcBindingFromStringBindingW
0x4954b8 RpcStringBindingComposeW
0x4954bc MesEncodeIncrementalHandleCreate
0x4954c0 RpcBindingSetAuthInfoExW
0x4954c4 RpcBindingInqAuthClientW
0x4954c8 RpcBindingSetOption
0x4954cc RpcImpersonateClient
0x4954d0 RpcBindingFree
0x4954d4 RpcStringFreeW
0x4954d8 RpcRevertToSelf
0x4954dc MesDecodeIncrementalHandleCreate
0x4954e0 MesHandleFree
0x4954e4 MesIncrementalHandleReset
0x4954e8 NdrMesTypeDecode2
0x4954ec NdrMesTypeAlignSize2
0x4954f0 NdrMesTypeFree2
0x4954f4 NdrMesTypeEncode2
0x4954f8 RpcServerUnregisterIfEx
0x4954fc I_RpcBindingInqSecurityContext
0x495500 RpcServerInqBindings
0x495504 RpcServerListen
0x495508 RpcMgmtWaitServerListen
0x49550c RpcEpRegisterW
0x495510 RpcMgmtStopServerListening
0x495514 RpcBindingToStringBindingW
0x495518 RpcServerRegisterIf2
0x49551c RpcServerRegisterAuthInfoW
0x495520 RpcBindingVectorFree
0x495524 UuidToStringW
0x495528 RpcServerUseProtseqEpW
0x49552c RpcEpUnregister
0x495530 NdrServerCall2
0x495534 RpcEpResolveBinding
0x495538 UuidCreate
SHLWAPI.dll
0x4955b8 PathIsDirectoryW
0x4955bc PathCanonicalizeW
0x4955c0 PathCombineW
0x4955c4 PathFindFileNameW
0x4955c8 PathIsRelativeW
SAMLIB.dll
0x495540 SamEnumerateGroupsInDomain
0x495544 SamiChangePasswordUser
0x495548 SamSetInformationUser
0x49554c SamGetGroupsForUser
0x495550 SamConnect
0x495554 SamGetMembersInGroup
0x495558 SamRidToSid
0x49555c SamGetMembersInAlias
0x495560 SamEnumerateAliasesInDomain
0x495564 SamGetAliasMembership
0x495568 SamOpenGroup
0x49556c SamQueryInformationUser
0x495570 SamCloseHandle
0x495574 SamEnumerateDomainsInSamServer
0x495578 SamFreeMemory
0x49557c SamEnumerateUsersInDomain
0x495580 SamOpenUser
0x495584 SamLookupDomainInSamServer
0x495588 SamLookupNamesInDomain
0x49558c SamLookupIdsInDomain
0x495590 SamOpenDomain
0x495594 SamOpenAlias
Secur32.dll
0x4955d0 QueryContextAttributesW
0x4955d4 FreeContextBuffer
0x4955d8 LsaConnectUntrusted
0x4955dc LsaLookupAuthenticationPackage
0x4955e0 LsaFreeReturnBuffer
0x4955e4 DeleteSecurityContext
0x4955e8 LsaCallAuthenticationPackage
0x4955ec FreeCredentialsHandle
0x4955f0 EnumerateSecurityPackagesW
0x4955f4 AcquireCredentialsHandleW
0x4955f8 InitializeSecurityContextW
0x4955fc LsaDeregisterLogonProcess
SHELL32.dll
0x4955b0 CommandLineToArgvW
USER32.dll
0x495604 IsCharAlphaNumericW
0x495608 GetKeyboardLayout
0x49560c DispatchMessageW
0x495610 DefWindowProcW
0x495614 SetClipboardViewer
0x495618 SendMessageW
0x49561c GetClipboardSequenceNumber
0x495620 OpenClipboard
0x495624 CreateWindowExW
0x495628 ChangeClipboardChain
0x49562c GetClipboardData
0x495630 RegisterClassExW
0x495634 TranslateMessage
0x495638 EnumClipboardFormats
0x49563c PostMessageW
0x495640 UnregisterClassW
0x495644 GetMessageW
0x495648 CloseClipboard
0x49564c DestroyWindow
USERENV.dll
0x495654 CreateEnvironmentBlock
0x495658 DestroyEnvironmentBlock
VERSION.dll
0x495660 GetFileVersionInfoSizeW
0x495664 VerQueryValueW
0x495668 GetFileVersionInfoW
HID.DLL
0x495210 HidD_GetFeature
0x495214 HidD_GetPreparsedData
0x495218 HidD_GetHidGuid
0x49521c HidD_GetAttributes
0x495220 HidD_FreePreparsedData
0x495224 HidP_GetCaps
0x495228 HidD_SetFeature
SETUPAPI.dll
0x49559c SetupDiGetDeviceInterfaceDetailW
0x4955a0 SetupDiEnumDeviceInterfaces
0x4955a4 SetupDiGetClassDevsW
0x4955a8 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x495718 SCardControl
0x49571c SCardTransmit
0x495720 SCardDisconnect
0x495724 SCardGetAttrib
0x495728 SCardEstablishContext
0x49572c SCardFreeMemory
0x495730 SCardListReadersW
0x495734 SCardReleaseContext
0x495738 SCardGetCardTypeProviderNameW
0x49573c SCardListCardsW
0x495740 SCardConnectW
WINSTA.dll
0x495670 WinStationCloseServer
0x495674 WinStationOpenServerW
0x495678 WinStationFreeMemory
0x49567c WinStationConnectW
0x495680 WinStationQueryInformationW
0x495684 WinStationEnumerateW
WLDAP32.dll
0x49568c None
0x495690 None
0x495694 None
0x495698 None
0x49569c None
0x4956a0 None
0x4956a4 None
0x4956a8 None
0x4956ac None
0x4956b0 None
0x4956b4 None
0x4956b8 None
0x4956bc None
0x4956c0 None
0x4956c4 None
0x4956c8 None
0x4956cc None
0x4956d0 None
0x4956d4 None
0x4956d8 None
0x4956dc None
0x4956e0 None
0x4956e4 None
0x4956e8 None
0x4956ec None
0x4956f0 None
0x4956f4 None
0x4956f8 None
0x4956fc None
0x495700 None
0x495704 None
0x495708 None
0x49570c None
0x495710 None
advapi32.dll
0x495748 A_SHAFinal
0x49574c A_SHAInit
0x495750 A_SHAUpdate
msasn1.dll
0x495774 ASN1_CreateModule
0x495778 ASN1BERDotVal2Eoid
0x49577c ASN1_CloseEncoder
0x495780 ASN1_CreateDecoder
0x495784 ASN1_FreeEncoded
0x495788 ASN1_CloseModule
0x49578c ASN1_CreateEncoder
0x495790 ASN1_CloseDecoder
ntdll.dll
0x4958dc RtlUnicodeStringToAnsiString
0x4958e0 RtlFreeAnsiString
0x4958e4 RtlDowncaseUnicodeString
0x4958e8 RtlFreeUnicodeString
0x4958ec RtlInitUnicodeString
0x4958f0 RtlEqualUnicodeString
0x4958f4 NtQueryObject
0x4958f8 RtlCompressBuffer
0x4958fc RtlGetCompressionWorkSpaceSize
0x495900 NtQuerySystemInformation
0x495904 RtlGetCurrentPeb
0x495908 NtQueryInformationProcess
0x49590c RtlCreateUserThread
0x495910 RtlGUIDFromString
0x495914 RtlStringFromGUID
0x495918 NtCompareTokens
0x49591c RtlGetNtVersionNumbers
0x495920 RtlEqualString
0x495924 RtlUpcaseUnicodeString
0x495928 RtlAppendUnicodeStringToString
0x49592c RtlAnsiStringToUnicodeString
0x495930 RtlFreeOemString
0x495934 RtlUpcaseUnicodeStringToOemString
0x495938 NtResumeProcess
0x49593c RtlAdjustPrivilege
0x495940 NtSuspendProcess
0x495944 NtTerminateProcess
0x495948 NtQuerySystemEnvironmentValueEx
0x49594c NtSetSystemEnvironmentValueEx
0x495950 NtEnumerateSystemEnvironmentValuesEx
0x495954 RtlIpv4AddressToStringW
0x495958 RtlIpv6AddressToStringW
netapi32.dll
0x4958cc I_NetServerAuthenticate2
0x4958d0 I_NetServerTrustPasswordsGet
0x4958d4 I_NetServerReqChallenge
KERNEL32.dll
0x495230 GetFileSize
0x495234 HeapReAlloc
0x495238 GetFullPathNameA
0x49523c GetFullPathNameW
0x495240 GetTimeFormatW
0x495244 WideCharToMultiByte
0x495248 GetSystemTimeAsFileTime
0x49524c SystemTimeToFileTime
0x495250 GetDateFormatW
0x495254 InterlockedExchange
0x495258 SetFilePointerEx
0x49525c GetProcessId
0x495260 PurgeComm
0x495264 ClearCommError
0x495268 CreateRemoteThread
0x49526c WaitForSingleObject
0x495270 SetLastError
0x495274 CreateProcessW
0x495278 SetConsoleOutputCP
0x49527c GetConsoleOutputCP
0x495280 CreateFileMappingW
0x495284 UnmapViewOfFile
0x495288 MapViewOfFile
0x49528c WriteProcessMemory
0x495290 VirtualProtect
0x495294 VirtualAllocEx
0x495298 VirtualProtectEx
0x49529c VirtualAlloc
0x4952a0 ReadProcessMemory
0x4952a4 VirtualFreeEx
0x4952a8 VirtualQueryEx
0x4952ac VirtualFree
0x4952b0 VirtualQuery
0x4952b4 GetComputerNameExW
0x4952b8 DeviceIoControl
0x4952bc DuplicateHandle
0x4952c0 OpenProcess
0x4952c4 GetCurrentProcess
0x4952c8 ExpandEnvironmentStringsW
0x4952cc FindNextFileW
0x4952d0 FindClose
0x4952d4 GetCurrentDirectoryW
0x4952d8 GetFileSizeEx
0x4952dc FlushFileBuffers
0x4952e0 GetFileAttributesW
0x4952e4 FindFirstFileW
0x4952e8 lstrlenW
0x4952ec DeleteFileA
0x4952f0 GetTempPathA
0x4952f4 GetFileInformationByHandle
0x4952f8 FileTimeToLocalFileTime
0x4952fc GetCurrentDirectoryA
0x495300 GetTempFileNameA
0x495304 SetFilePointer
0x495308 CreateFileA
0x49530c FileTimeToDosDateTime
0x495310 CreateThread
0x495314 CreateMutexW
0x495318 CloseHandle
0x49531c LocalAlloc
0x495320 GetLastError
0x495324 CreateFileW
0x495328 ReadFile
0x49532c Sleep
0x495330 TerminateThread
0x495334 WriteFile
0x495338 FileTimeToSystemTime
0x49533c SetEndOfFile
0x495340 FreeLibrary
0x495344 HeapAlloc
0x495348 QueryPerformanceCounter
0x49534c HeapFree
0x495350 InterlockedCompareExchange
0x495354 UnlockFile
0x495358 FlushViewOfFile
0x49535c LockFile
0x495360 WaitForSingleObjectEx
0x495364 OutputDebugStringW
0x495368 GetTickCount
0x49536c UnlockFileEx
0x495370 GetProcessHeap
0x495374 FormatMessageA
0x495378 LoadLibraryW
0x49537c HeapCompact
0x495380 FormatMessageW
0x495384 GetVersionExW
0x495388 HeapDestroy
0x49538c GetFileAttributesA
0x495390 HeapCreate
0x495394 HeapValidate
0x495398 MultiByteToWideChar
0x49539c GetTempPathW
0x4953a0 GetProcAddress
0x4953a4 HeapSize
0x4953a8 LockFileEx
0x4953ac GetDiskFreeSpaceW
0x4953b0 LoadLibraryA
0x4953b4 CreateFileMappingA
0x4953b8 GetDiskFreeSpaceA
0x4953bc GetSystemInfo
0x4953c0 GetFileAttributesExW
0x4953c4 OutputDebugStringA
0x4953c8 GetVersionExA
0x4953cc DeleteFileW
0x4953d0 GetCurrentProcessId
0x4953d4 GetSystemTime
0x4953d8 AreFileApisANSI
0x4953dc ExitProcess
0x4953e0 RaiseException
0x4953e4 SetConsoleCtrlHandler
0x4953e8 SetConsoleTitleW
0x4953ec lstrlenA
0x4953f0 GlobalSize
0x4953f4 GetModuleHandleW
0x4953f8 SetHandleInformation
0x4953fc CreatePipe
0x495400 InitializeCriticalSection
0x495404 LeaveCriticalSection
0x495408 EnterCriticalSection
0x49540c DeleteCriticalSection
0x495410 SetEvent
0x495414 CreateEventW
0x495418 GetCurrentThreadId
0x49541c GetModuleHandleA
0x495420 GetVersion
0x495424 SetUnhandledExceptionFilter
0x495428 UnhandledExceptionFilter
0x49542c TerminateProcess
0x495430 LocalFree
0x495434 RtlUnwind
0x495438 GetSystemDirectoryW
0x49543c SetConsoleCursorPosition
0x495440 GetTimeZoneInformation
0x495444 GetStdHandle
0x495448 FillConsoleOutputCharacterW
0x49544c GetComputerNameW
0x495450 ProcessIdToSessionId
0x495454 GetCurrentThread
0x495458 SetCurrentDirectoryW
0x49545c IsWow64Process
0x495460 GetConsoleScreenBufferInfo
msvcrt.dll
0x495798 calloc
0x49579c __set_app_type
0x4957a0 isdigit
0x4957a4 _read
0x4957a8 _lseeki64
0x4957ac mbtowc
0x4957b0 __mb_cur_max
0x4957b4 isleadbyte
0x4957b8 isxdigit
0x4957bc localeconv
0x4957c0 _snprintf
0x4957c4 _itoa
0x4957c8 wctomb
0x4957cc ferror
0x4957d0 iswctype
0x4957d4 wcstombs
0x4957d8 _write
0x4957dc _isatty
0x4957e0 ungetc
0x4957e4 ?terminate@@YAXXZ
0x4957e8 _controlfp
0x4957ec __badioinfo
0x4957f0 __pioinfo
0x4957f4 __p__fmode
0x4957f8 isspace
0x4957fc _wcsicmp
0x495800 __p__commode
0x495804 __setusermatherr
0x495808 _amsg_exit
0x49580c _initterm
0x495810 _errno
0x495814 free
0x495818 _wcsdup
0x49581c _vsnprintf
0x495820 strrchr
0x495824 _except_handler3
0x495828 vfwprintf
0x49582c _vscwprintf
0x495830 fflush
0x495834 _wfopen
0x495838 wprintf
0x49583c _fileno
0x495840 _iob
0x495844 vwprintf
0x495848 _setmode
0x49584c fclose
0x495850 _stricmp
0x495854 wcsrchr
0x495858 wcschr
0x49585c strtoul
0x495860 _wcsnicmp
0x495864 wcsstr
0x495868 _vscprintf
0x49586c memmove
0x495870 strncmp
0x495874 malloc
0x495878 _msize
0x49587c strcspn
0x495880 realloc
0x495884 fgetws
0x495888 wcstoul
0x49588c wcstol
0x495890 towupper
0x495894 _wpgmptr
0x495898 strstr
0x49589c strchr
0x4958a0 _wcstoui64
0x4958a4 wcsncmp
0x4958a8 getchar
0x4958ac memset
0x4958b0 memcpy
0x4958b4 __wgetmainargs
0x4958b8 _cexit
0x4958bc _exit
0x4958c0 _XcptFilter
0x4958c4 exit
EAT(Export Address Table) is none
ADVAPI32.dll
0x495000 CryptSetHashParam
0x495004 CryptGetHashParam
0x495008 CryptExportKey
0x49500c CryptAcquireContextW
0x495010 CryptSetKeyParam
0x495014 CryptGetKeyParam
0x495018 CryptReleaseContext
0x49501c CryptDuplicateKey
0x495020 CryptAcquireContextA
0x495024 CryptGetProvParam
0x495028 CryptImportKey
0x49502c SystemFunction007
0x495030 CryptEncrypt
0x495034 CryptCreateHash
0x495038 CryptGenKey
0x49503c CryptDestroyKey
0x495040 CryptDecrypt
0x495044 CryptDestroyHash
0x495048 CryptHashData
0x49504c CopySid
0x495050 GetLengthSid
0x495054 LsaQueryInformationPolicy
0x495058 LsaOpenPolicy
0x49505c LsaClose
0x495060 CreateWellKnownSid
0x495064 CreateProcessWithLogonW
0x495068 CreateProcessAsUserW
0x49506c RegQueryValueExW
0x495070 RegQueryInfoKeyW
0x495074 RegEnumValueW
0x495078 RegOpenKeyExW
0x49507c RegEnumKeyExW
0x495080 RegCloseKey
0x495084 RegSetValueExW
0x495088 SystemFunction032
0x49508c ConvertSidToStringSidW
0x495090 CreateServiceW
0x495094 CloseServiceHandle
0x495098 DeleteService
0x49509c OpenSCManagerW
0x4950a0 SetServiceObjectSecurity
0x4950a4 OpenServiceW
0x4950a8 BuildSecurityDescriptorW
0x4950ac QueryServiceObjectSecurity
0x4950b0 StartServiceW
0x4950b4 AllocateAndInitializeSid
0x4950b8 QueryServiceStatusEx
0x4950bc FreeSid
0x4950c0 ControlService
0x4950c4 IsTextUnicode
0x4950c8 OpenProcessToken
0x4950cc GetTokenInformation
0x4950d0 LookupAccountNameW
0x4950d4 LookupAccountSidW
0x4950d8 DuplicateTokenEx
0x4950dc CheckTokenMembership
0x4950e0 CryptSetProvParam
0x4950e4 CryptEnumProvidersW
0x4950e8 ConvertStringSidToSidW
0x4950ec LsaFreeMemory
0x4950f0 GetSidSubAuthority
0x4950f4 GetSidSubAuthorityCount
0x4950f8 IsValidSid
0x4950fc SetThreadToken
0x495100 CryptEnumProviderTypesW
0x495104 SystemFunction006
0x495108 CryptGetUserKey
0x49510c OpenEventLogW
0x495110 GetNumberOfEventLogRecords
0x495114 ClearEventLogW
0x495118 SystemFunction001
0x49511c CryptDeriveKey
0x495120 SystemFunction005
0x495124 LsaQueryTrustedDomainInfoByName
0x495128 CryptSignHashW
0x49512c LsaOpenSecret
0x495130 LsaQuerySecret
0x495134 SystemFunction013
0x495138 LsaRetrievePrivateData
0x49513c LsaEnumerateTrustedDomainsEx
0x495140 LookupPrivilegeValueW
0x495144 StartServiceCtrlDispatcherW
0x495148 SetServiceStatus
0x49514c RegisterServiceCtrlHandlerW
0x495150 LookupPrivilegeNameW
0x495154 OpenThreadToken
0x495158 CredFree
0x49515c CredEnumerateW
0x495160 SystemFunction025
0x495164 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x495168 SystemFunction024
0x49516c CredIsMarshaledCredentialW
0x495170 CredUnmarshalCredentialW
Cabinet.dll
0x4951e4 None
0x4951e8 None
0x4951ec None
0x4951f0 None
CRYPT32.dll
0x495178 CertFindCertificateInStore
0x49517c CertEnumSystemStore
0x495180 CertEnumCertificatesInStore
0x495184 CertAddCertificateContextToStore
0x495188 CryptDecodeObjectEx
0x49518c CertAddEncodedCertificateToStore
0x495190 CertOpenStore
0x495194 CertFreeCertificateContext
0x495198 CertCloseStore
0x49519c CertSetCertificateContextProperty
0x4951a0 PFXExportCertStoreEx
0x4951a4 CryptUnprotectData
0x4951a8 CryptBinaryToStringW
0x4951ac CryptBinaryToStringA
0x4951b0 CryptStringToBinaryW
0x4951b4 CryptExportPublicKeyInfo
0x4951b8 CryptFindOIDInfo
0x4951bc CryptAcquireCertificatePrivateKey
0x4951c0 CertNameToStrW
0x4951c4 CryptStringToBinaryA
0x4951c8 CertGetCertificateContextProperty
0x4951cc CryptSignAndEncodeCertificate
0x4951d0 CryptEncodeObject
0x4951d4 CryptProtectData
0x4951d8 CryptQueryObject
0x4951dc CertGetNameStringW
cryptdll.dll
0x495758 MD5Init
0x49575c MD5Update
0x495760 MD5Final
0x495764 CDLocateCSystem
0x495768 CDGenerateRandomBits
0x49576c CDLocateCheckSum
DNSAPI.dll
0x4951f8 DnsFree
0x4951fc DnsQuery_A
FLTLIB.DLL
0x495204 FilterFindFirst
0x495208 FilterFindNext
NETAPI32.dll
0x495468 NetServerGetInfo
0x49546c NetStatisticsGet
0x495470 NetShareEnum
0x495474 DsEnumerateDomainTrustsW
0x495478 DsGetDcNameW
0x49547c NetApiBufferFree
0x495480 NetRemoteTOD
0x495484 NetSessionEnum
0x495488 NetWkstaUserEnum
ole32.dll
0x495960 CoInitializeEx
0x495964 CoUninitialize
0x495968 CoCreateInstance
OLEAUT32.dll
0x495490 VariantInit
0x495494 SysFreeString
0x495498 SysAllocString
RPCRT4.dll
0x4954a0 RpcMgmtEpEltInqNextW
0x4954a4 RpcMgmtEpEltInqBegin
0x4954a8 I_RpcGetCurrentCallHandle
0x4954ac NdrClientCall2
0x4954b0 RpcMgmtEpEltInqDone
0x4954b4 RpcBindingFromStringBindingW
0x4954b8 RpcStringBindingComposeW
0x4954bc MesEncodeIncrementalHandleCreate
0x4954c0 RpcBindingSetAuthInfoExW
0x4954c4 RpcBindingInqAuthClientW
0x4954c8 RpcBindingSetOption
0x4954cc RpcImpersonateClient
0x4954d0 RpcBindingFree
0x4954d4 RpcStringFreeW
0x4954d8 RpcRevertToSelf
0x4954dc MesDecodeIncrementalHandleCreate
0x4954e0 MesHandleFree
0x4954e4 MesIncrementalHandleReset
0x4954e8 NdrMesTypeDecode2
0x4954ec NdrMesTypeAlignSize2
0x4954f0 NdrMesTypeFree2
0x4954f4 NdrMesTypeEncode2
0x4954f8 RpcServerUnregisterIfEx
0x4954fc I_RpcBindingInqSecurityContext
0x495500 RpcServerInqBindings
0x495504 RpcServerListen
0x495508 RpcMgmtWaitServerListen
0x49550c RpcEpRegisterW
0x495510 RpcMgmtStopServerListening
0x495514 RpcBindingToStringBindingW
0x495518 RpcServerRegisterIf2
0x49551c RpcServerRegisterAuthInfoW
0x495520 RpcBindingVectorFree
0x495524 UuidToStringW
0x495528 RpcServerUseProtseqEpW
0x49552c RpcEpUnregister
0x495530 NdrServerCall2
0x495534 RpcEpResolveBinding
0x495538 UuidCreate
SHLWAPI.dll
0x4955b8 PathIsDirectoryW
0x4955bc PathCanonicalizeW
0x4955c0 PathCombineW
0x4955c4 PathFindFileNameW
0x4955c8 PathIsRelativeW
SAMLIB.dll
0x495540 SamEnumerateGroupsInDomain
0x495544 SamiChangePasswordUser
0x495548 SamSetInformationUser
0x49554c SamGetGroupsForUser
0x495550 SamConnect
0x495554 SamGetMembersInGroup
0x495558 SamRidToSid
0x49555c SamGetMembersInAlias
0x495560 SamEnumerateAliasesInDomain
0x495564 SamGetAliasMembership
0x495568 SamOpenGroup
0x49556c SamQueryInformationUser
0x495570 SamCloseHandle
0x495574 SamEnumerateDomainsInSamServer
0x495578 SamFreeMemory
0x49557c SamEnumerateUsersInDomain
0x495580 SamOpenUser
0x495584 SamLookupDomainInSamServer
0x495588 SamLookupNamesInDomain
0x49558c SamLookupIdsInDomain
0x495590 SamOpenDomain
0x495594 SamOpenAlias
Secur32.dll
0x4955d0 QueryContextAttributesW
0x4955d4 FreeContextBuffer
0x4955d8 LsaConnectUntrusted
0x4955dc LsaLookupAuthenticationPackage
0x4955e0 LsaFreeReturnBuffer
0x4955e4 DeleteSecurityContext
0x4955e8 LsaCallAuthenticationPackage
0x4955ec FreeCredentialsHandle
0x4955f0 EnumerateSecurityPackagesW
0x4955f4 AcquireCredentialsHandleW
0x4955f8 InitializeSecurityContextW
0x4955fc LsaDeregisterLogonProcess
SHELL32.dll
0x4955b0 CommandLineToArgvW
USER32.dll
0x495604 IsCharAlphaNumericW
0x495608 GetKeyboardLayout
0x49560c DispatchMessageW
0x495610 DefWindowProcW
0x495614 SetClipboardViewer
0x495618 SendMessageW
0x49561c GetClipboardSequenceNumber
0x495620 OpenClipboard
0x495624 CreateWindowExW
0x495628 ChangeClipboardChain
0x49562c GetClipboardData
0x495630 RegisterClassExW
0x495634 TranslateMessage
0x495638 EnumClipboardFormats
0x49563c PostMessageW
0x495640 UnregisterClassW
0x495644 GetMessageW
0x495648 CloseClipboard
0x49564c DestroyWindow
USERENV.dll
0x495654 CreateEnvironmentBlock
0x495658 DestroyEnvironmentBlock
VERSION.dll
0x495660 GetFileVersionInfoSizeW
0x495664 VerQueryValueW
0x495668 GetFileVersionInfoW
HID.DLL
0x495210 HidD_GetFeature
0x495214 HidD_GetPreparsedData
0x495218 HidD_GetHidGuid
0x49521c HidD_GetAttributes
0x495220 HidD_FreePreparsedData
0x495224 HidP_GetCaps
0x495228 HidD_SetFeature
SETUPAPI.dll
0x49559c SetupDiGetDeviceInterfaceDetailW
0x4955a0 SetupDiEnumDeviceInterfaces
0x4955a4 SetupDiGetClassDevsW
0x4955a8 SetupDiDestroyDeviceInfoList
WinSCard.dll
0x495718 SCardControl
0x49571c SCardTransmit
0x495720 SCardDisconnect
0x495724 SCardGetAttrib
0x495728 SCardEstablishContext
0x49572c SCardFreeMemory
0x495730 SCardListReadersW
0x495734 SCardReleaseContext
0x495738 SCardGetCardTypeProviderNameW
0x49573c SCardListCardsW
0x495740 SCardConnectW
WINSTA.dll
0x495670 WinStationCloseServer
0x495674 WinStationOpenServerW
0x495678 WinStationFreeMemory
0x49567c WinStationConnectW
0x495680 WinStationQueryInformationW
0x495684 WinStationEnumerateW
WLDAP32.dll
0x49568c None
0x495690 None
0x495694 None
0x495698 None
0x49569c None
0x4956a0 None
0x4956a4 None
0x4956a8 None
0x4956ac None
0x4956b0 None
0x4956b4 None
0x4956b8 None
0x4956bc None
0x4956c0 None
0x4956c4 None
0x4956c8 None
0x4956cc None
0x4956d0 None
0x4956d4 None
0x4956d8 None
0x4956dc None
0x4956e0 None
0x4956e4 None
0x4956e8 None
0x4956ec None
0x4956f0 None
0x4956f4 None
0x4956f8 None
0x4956fc None
0x495700 None
0x495704 None
0x495708 None
0x49570c None
0x495710 None
advapi32.dll
0x495748 A_SHAFinal
0x49574c A_SHAInit
0x495750 A_SHAUpdate
msasn1.dll
0x495774 ASN1_CreateModule
0x495778 ASN1BERDotVal2Eoid
0x49577c ASN1_CloseEncoder
0x495780 ASN1_CreateDecoder
0x495784 ASN1_FreeEncoded
0x495788 ASN1_CloseModule
0x49578c ASN1_CreateEncoder
0x495790 ASN1_CloseDecoder
ntdll.dll
0x4958dc RtlUnicodeStringToAnsiString
0x4958e0 RtlFreeAnsiString
0x4958e4 RtlDowncaseUnicodeString
0x4958e8 RtlFreeUnicodeString
0x4958ec RtlInitUnicodeString
0x4958f0 RtlEqualUnicodeString
0x4958f4 NtQueryObject
0x4958f8 RtlCompressBuffer
0x4958fc RtlGetCompressionWorkSpaceSize
0x495900 NtQuerySystemInformation
0x495904 RtlGetCurrentPeb
0x495908 NtQueryInformationProcess
0x49590c RtlCreateUserThread
0x495910 RtlGUIDFromString
0x495914 RtlStringFromGUID
0x495918 NtCompareTokens
0x49591c RtlGetNtVersionNumbers
0x495920 RtlEqualString
0x495924 RtlUpcaseUnicodeString
0x495928 RtlAppendUnicodeStringToString
0x49592c RtlAnsiStringToUnicodeString
0x495930 RtlFreeOemString
0x495934 RtlUpcaseUnicodeStringToOemString
0x495938 NtResumeProcess
0x49593c RtlAdjustPrivilege
0x495940 NtSuspendProcess
0x495944 NtTerminateProcess
0x495948 NtQuerySystemEnvironmentValueEx
0x49594c NtSetSystemEnvironmentValueEx
0x495950 NtEnumerateSystemEnvironmentValuesEx
0x495954 RtlIpv4AddressToStringW
0x495958 RtlIpv6AddressToStringW
netapi32.dll
0x4958cc I_NetServerAuthenticate2
0x4958d0 I_NetServerTrustPasswordsGet
0x4958d4 I_NetServerReqChallenge
KERNEL32.dll
0x495230 GetFileSize
0x495234 HeapReAlloc
0x495238 GetFullPathNameA
0x49523c GetFullPathNameW
0x495240 GetTimeFormatW
0x495244 WideCharToMultiByte
0x495248 GetSystemTimeAsFileTime
0x49524c SystemTimeToFileTime
0x495250 GetDateFormatW
0x495254 InterlockedExchange
0x495258 SetFilePointerEx
0x49525c GetProcessId
0x495260 PurgeComm
0x495264 ClearCommError
0x495268 CreateRemoteThread
0x49526c WaitForSingleObject
0x495270 SetLastError
0x495274 CreateProcessW
0x495278 SetConsoleOutputCP
0x49527c GetConsoleOutputCP
0x495280 CreateFileMappingW
0x495284 UnmapViewOfFile
0x495288 MapViewOfFile
0x49528c WriteProcessMemory
0x495290 VirtualProtect
0x495294 VirtualAllocEx
0x495298 VirtualProtectEx
0x49529c VirtualAlloc
0x4952a0 ReadProcessMemory
0x4952a4 VirtualFreeEx
0x4952a8 VirtualQueryEx
0x4952ac VirtualFree
0x4952b0 VirtualQuery
0x4952b4 GetComputerNameExW
0x4952b8 DeviceIoControl
0x4952bc DuplicateHandle
0x4952c0 OpenProcess
0x4952c4 GetCurrentProcess
0x4952c8 ExpandEnvironmentStringsW
0x4952cc FindNextFileW
0x4952d0 FindClose
0x4952d4 GetCurrentDirectoryW
0x4952d8 GetFileSizeEx
0x4952dc FlushFileBuffers
0x4952e0 GetFileAttributesW
0x4952e4 FindFirstFileW
0x4952e8 lstrlenW
0x4952ec DeleteFileA
0x4952f0 GetTempPathA
0x4952f4 GetFileInformationByHandle
0x4952f8 FileTimeToLocalFileTime
0x4952fc GetCurrentDirectoryA
0x495300 GetTempFileNameA
0x495304 SetFilePointer
0x495308 CreateFileA
0x49530c FileTimeToDosDateTime
0x495310 CreateThread
0x495314 CreateMutexW
0x495318 CloseHandle
0x49531c LocalAlloc
0x495320 GetLastError
0x495324 CreateFileW
0x495328 ReadFile
0x49532c Sleep
0x495330 TerminateThread
0x495334 WriteFile
0x495338 FileTimeToSystemTime
0x49533c SetEndOfFile
0x495340 FreeLibrary
0x495344 HeapAlloc
0x495348 QueryPerformanceCounter
0x49534c HeapFree
0x495350 InterlockedCompareExchange
0x495354 UnlockFile
0x495358 FlushViewOfFile
0x49535c LockFile
0x495360 WaitForSingleObjectEx
0x495364 OutputDebugStringW
0x495368 GetTickCount
0x49536c UnlockFileEx
0x495370 GetProcessHeap
0x495374 FormatMessageA
0x495378 LoadLibraryW
0x49537c HeapCompact
0x495380 FormatMessageW
0x495384 GetVersionExW
0x495388 HeapDestroy
0x49538c GetFileAttributesA
0x495390 HeapCreate
0x495394 HeapValidate
0x495398 MultiByteToWideChar
0x49539c GetTempPathW
0x4953a0 GetProcAddress
0x4953a4 HeapSize
0x4953a8 LockFileEx
0x4953ac GetDiskFreeSpaceW
0x4953b0 LoadLibraryA
0x4953b4 CreateFileMappingA
0x4953b8 GetDiskFreeSpaceA
0x4953bc GetSystemInfo
0x4953c0 GetFileAttributesExW
0x4953c4 OutputDebugStringA
0x4953c8 GetVersionExA
0x4953cc DeleteFileW
0x4953d0 GetCurrentProcessId
0x4953d4 GetSystemTime
0x4953d8 AreFileApisANSI
0x4953dc ExitProcess
0x4953e0 RaiseException
0x4953e4 SetConsoleCtrlHandler
0x4953e8 SetConsoleTitleW
0x4953ec lstrlenA
0x4953f0 GlobalSize
0x4953f4 GetModuleHandleW
0x4953f8 SetHandleInformation
0x4953fc CreatePipe
0x495400 InitializeCriticalSection
0x495404 LeaveCriticalSection
0x495408 EnterCriticalSection
0x49540c DeleteCriticalSection
0x495410 SetEvent
0x495414 CreateEventW
0x495418 GetCurrentThreadId
0x49541c GetModuleHandleA
0x495420 GetVersion
0x495424 SetUnhandledExceptionFilter
0x495428 UnhandledExceptionFilter
0x49542c TerminateProcess
0x495430 LocalFree
0x495434 RtlUnwind
0x495438 GetSystemDirectoryW
0x49543c SetConsoleCursorPosition
0x495440 GetTimeZoneInformation
0x495444 GetStdHandle
0x495448 FillConsoleOutputCharacterW
0x49544c GetComputerNameW
0x495450 ProcessIdToSessionId
0x495454 GetCurrentThread
0x495458 SetCurrentDirectoryW
0x49545c IsWow64Process
0x495460 GetConsoleScreenBufferInfo
msvcrt.dll
0x495798 calloc
0x49579c __set_app_type
0x4957a0 isdigit
0x4957a4 _read
0x4957a8 _lseeki64
0x4957ac mbtowc
0x4957b0 __mb_cur_max
0x4957b4 isleadbyte
0x4957b8 isxdigit
0x4957bc localeconv
0x4957c0 _snprintf
0x4957c4 _itoa
0x4957c8 wctomb
0x4957cc ferror
0x4957d0 iswctype
0x4957d4 wcstombs
0x4957d8 _write
0x4957dc _isatty
0x4957e0 ungetc
0x4957e4 ?terminate@@YAXXZ
0x4957e8 _controlfp
0x4957ec __badioinfo
0x4957f0 __pioinfo
0x4957f4 __p__fmode
0x4957f8 isspace
0x4957fc _wcsicmp
0x495800 __p__commode
0x495804 __setusermatherr
0x495808 _amsg_exit
0x49580c _initterm
0x495810 _errno
0x495814 free
0x495818 _wcsdup
0x49581c _vsnprintf
0x495820 strrchr
0x495824 _except_handler3
0x495828 vfwprintf
0x49582c _vscwprintf
0x495830 fflush
0x495834 _wfopen
0x495838 wprintf
0x49583c _fileno
0x495840 _iob
0x495844 vwprintf
0x495848 _setmode
0x49584c fclose
0x495850 _stricmp
0x495854 wcsrchr
0x495858 wcschr
0x49585c strtoul
0x495860 _wcsnicmp
0x495864 wcsstr
0x495868 _vscprintf
0x49586c memmove
0x495870 strncmp
0x495874 malloc
0x495878 _msize
0x49587c strcspn
0x495880 realloc
0x495884 fgetws
0x495888 wcstoul
0x49588c wcstol
0x495890 towupper
0x495894 _wpgmptr
0x495898 strstr
0x49589c strchr
0x4958a0 _wcstoui64
0x4958a4 wcsncmp
0x4958a8 getchar
0x4958ac memset
0x4958b0 memcpy
0x4958b4 __wgetmainargs
0x4958b8 _cexit
0x4958bc _exit
0x4958c0 _XcptFilter
0x4958c4 exit
EAT(Export Address Table) is none