ScreenShot
| Created | 2025.03.26 13:31 | Machine | s1_win7_x6401 |
| Filename | loader.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 41 detected (AIDetectMalware, Malicious, score, Lazy, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HHNC, CrypterX, Sabsik, AGEN, Static AI, Suspicious PE, Detected, Wacatac, Eldorado, Artemis, Krypt, R002H09CO25, Bwnw) | ||
| md5 | d9a80ca3c99b9c9afb10e3e3e4137d17 | ||
| sha256 | eae8420d35a95d07857653101b4f0f1edcf04b0f1eb3610353f9dddf2aa84832 | ||
| ssdeep | 49152:5kvaOhBkFx7+qwh6JsVIMqTrOlZT8+HEV/0cGaplYde1sBLj:mkF0hesRSplue1sBLj | ||
| imphash | fbe044da3f7578e1be3025379b580051 | ||
| impfuzzy | 192:soWW0bq53RZkpPdmtkDRscg9aNBpMqsTnaNn7:TWxqtgt7pPsal7 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3dx9_43.dll
0x14015fd68 D3DXMatrixTranspose
0x14015fd70 D3DXVec3Transform
0x14015fd78 D3DXVec3Normalize
d3d11.dll
0x14015fd48 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x14015fd58 D3DX11CreateShaderResourceViewFromMemory
KERNEL32.dll
0x14015f178 DeleteCriticalSection
0x14015f180 SleepEx
0x14015f188 GetSystemDirectoryA
0x14015f190 VerifyVersionInfoA
0x14015f198 GetTickCount
0x14015f1a0 MoveFileExA
0x14015f1a8 WaitForSingleObjectEx
0x14015f1b0 GetEnvironmentVariableA
0x14015f1b8 GetStdHandle
0x14015f1c0 GetFileType
0x14015f1c8 PeekNamedPipe
0x14015f1d0 WaitForMultipleObjects
0x14015f1d8 SetLastError
0x14015f1e0 FormatMessageA
0x14015f1e8 ReleaseSRWLockExclusive
0x14015f1f0 AcquireSRWLockExclusive
0x14015f1f8 SleepConditionVariableSRW
0x14015f200 GetCurrentThreadId
0x14015f208 WakeAllConditionVariable
0x14015f210 RtlCaptureContext
0x14015f218 RtlLookupFunctionEntry
0x14015f220 RtlVirtualUnwind
0x14015f228 UnhandledExceptionFilter
0x14015f230 SetUnhandledExceptionFilter
0x14015f238 TerminateProcess
0x14015f240 IsProcessorFeaturePresent
0x14015f248 IsDebuggerPresent
0x14015f250 GetStartupInfoW
0x14015f258 GetModuleHandleW
0x14015f260 GetCurrentProcessId
0x14015f268 GetSystemTimeAsFileTime
0x14015f270 LeaveCriticalSection
0x14015f278 GetLocaleInfoA
0x14015f280 WideCharToMultiByte
0x14015f288 GlobalFree
0x14015f290 MultiByteToWideChar
0x14015f298 GetStartupInfoA
0x14015f2a0 GetProcAddress
0x14015f2a8 LoadLibraryA
0x14015f2b0 GetCommandLineA
0x14015f2b8 GetModuleHandleA
0x14015f2c0 GlobalUnlock
0x14015f2c8 EnterCriticalSection
0x14015f2d0 CreateFileMappingA
0x14015f2d8 UnmapViewOfFile
0x14015f2e0 MapViewOfFile
0x14015f2e8 CreateFileA
0x14015f2f0 Process32FirstW
0x14015f2f8 ExitProcess
0x14015f300 LocalFree
0x14015f308 GlobalLock
0x14015f310 Beep
0x14015f318 GlobalAlloc
0x14015f320 GetLastError
0x14015f328 Sleep
0x14015f330 GetCurrentProcess
0x14015f338 ReadProcessMemory
0x14015f340 VirtualProtectEx
0x14015f348 CloseHandle
0x14015f350 Process32Next
0x14015f358 K32GetModuleFileNameExA
0x14015f360 InitializeCriticalSectionEx
0x14015f368 Process32NextW
0x14015f370 GetFileSizeEx
0x14015f378 ReadFile
0x14015f380 HeapAlloc
0x14015f388 HeapFree
0x14015f390 VirtualAllocEx
0x14015f398 VirtualFreeEx
0x14015f3a0 Process32First
0x14015f3a8 Module32Next
0x14015f3b0 Module32First
0x14015f3b8 OpenProcess
0x14015f3c0 CreateToolhelp32Snapshot
0x14015f3c8 QueryPerformanceFrequency
0x14015f3d0 QueryPerformanceCounter
0x14015f3d8 FreeLibrary
0x14015f3e0 VerSetConditionMask
0x14015f3e8 InitializeSListHead
USER32.dll
0x14015f5f0 RegisterClassExW
0x14015f5f8 UnregisterClassW
0x14015f600 CallNextHookEx
0x14015f608 ShowWindow
0x14015f610 DestroyWindow
0x14015f618 UnhookWindowsHookEx
0x14015f620 GetWindowRect
0x14015f628 GetForegroundWindow
0x14015f630 SetWindowsHookExA
0x14015f638 MessageBoxA
0x14015f640 PostMessageA
0x14015f648 DispatchMessageA
0x14015f650 GetCursorPos
0x14015f658 SetCursorPos
0x14015f660 ReleaseCapture
0x14015f668 DefWindowProcA
0x14015f670 SetLayeredWindowAttributes
0x14015f678 GetAsyncKeyState
0x14015f680 IsWindowUnicode
0x14015f688 TranslateMessage
0x14015f690 PeekMessageA
0x14015f698 GetWindowLongPtrA
0x14015f6a0 GetClientRect
0x14015f6a8 SetCursor
0x14015f6b0 SetCapture
0x14015f6b8 PostQuitMessage
0x14015f6c0 GetKeyboardLayout
0x14015f6c8 TrackMouseEvent
0x14015f6d0 FindWindowA
0x14015f6d8 ClientToScreen
0x14015f6e0 UpdateWindow
0x14015f6e8 GetCapture
0x14015f6f0 ScreenToClient
0x14015f6f8 OpenClipboard
0x14015f700 LoadCursorA
0x14015f708 GetMessageExtraInfo
0x14015f710 GetKeyState
0x14015f718 SetWindowLongA
0x14015f720 GetWindowTextW
0x14015f728 MoveWindow
0x14015f730 GetWindow
0x14015f738 CloseClipboard
0x14015f740 mouse_event
0x14015f748 SetClipboardData
0x14015f750 GetClipboardData
0x14015f758 GetWindowThreadProcessId
0x14015f760 EmptyClipboard
0x14015f768 GetTopWindow
0x14015f770 SetWindowDisplayAffinity
ADVAPI32.dll
0x14015f000 RegGetValueA
0x14015f008 CryptReleaseContext
0x14015f010 CryptGetHashParam
0x14015f018 CryptGenRandom
0x14015f020 CryptCreateHash
0x14015f028 CryptHashData
0x14015f030 CryptDestroyHash
0x14015f038 CryptDestroyKey
0x14015f040 CryptImportKey
0x14015f048 CryptEncrypt
0x14015f050 GetTokenInformation
0x14015f058 OpenProcessToken
0x14015f060 AdjustTokenPrivileges
0x14015f068 ConvertSidToStringSidA
0x14015f070 DuplicateTokenEx
0x14015f078 SetThreadToken
0x14015f080 RevertToSelf
0x14015f088 CreateProcessAsUserA
0x14015f090 LookupPrivilegeValueA
0x14015f098 PrivilegeCheck
0x14015f0a0 SetTokenInformation
0x14015f0a8 CryptAcquireContextA
ole32.dll
0x14015fdb0 CoInitializeEx
MSVCP140.dll
0x14015f3f8 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f400 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x14015f408 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f410 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14015f418 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14015f420 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x14015f428 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f430 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x14015f438 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x14015f440 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x14015f448 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x14015f450 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x14015f458 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x14015f460 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x14015f468 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x14015f470 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x14015f478 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f480 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f488 ??Bios_base@std@@QEBA_NXZ
0x14015f490 ?uncaught_exceptions@std@@YAHXZ
0x14015f498 ?_Xbad_function_call@std@@YAXXZ
0x14015f4a0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x14015f4a8 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x14015f4b0 _Cnd_do_broadcast_at_thread_exit
0x14015f4b8 _Thrd_detach
0x14015f4c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x14015f4c8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x14015f4d0 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x14015f4d8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x14015f4e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x14015f4e8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x14015f4f0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x14015f4f8 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x14015f500 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x14015f508 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x14015f510 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14015f518 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14015f520 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x14015f528 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f530 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x14015f538 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f540 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
0x14015f548 ?good@ios_base@std@@QEBA_NXZ
0x14015f550 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x14015f558 ??7ios_base@std@@QEBA_NXZ
0x14015f560 ?_Xout_of_range@std@@YAXPEBD@Z
0x14015f568 ?_Id_cnt@id@locale@std@@0HA
0x14015f570 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x14015f578 ??0_Lockit@std@@QEAA@H@Z
0x14015f580 ??1_Lockit@std@@QEAA@XZ
0x14015f588 ?_Random_device@std@@YAIXZ
0x14015f590 _Mtx_unlock
0x14015f598 _Mtx_lock
0x14015f5a0 ?_Xlength_error@std@@YAXPEBD@Z
0x14015f5a8 ?_Throw_Cpp_error@std@@YAXH@Z
0x14015f5b0 _Query_perf_counter
0x14015f5b8 ?_Xbad_alloc@std@@YAXXZ
0x14015f5c0 _Query_perf_frequency
0x14015f5c8 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x14015f5d0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
WS2_32.dll
0x14015f8b8 htonl
0x14015f8c0 recv
0x14015f8c8 send
0x14015f8d0 WSAGetLastError
0x14015f8d8 ind
0x14015f8e0 connect
0x14015f8e8 getpeername
0x14015f8f0 getsockname
0x14015f8f8 getsockopt
0x14015f900 htons
0x14015f908 ntohs
0x14015f910 setsockopt
0x14015f918 socket
0x14015f920 WSASetLastError
0x14015f928 WSAIoctl
0x14015f930 WSAStartup
0x14015f938 WSACleanup
0x14015f940 accept
0x14015f948 ntohl
0x14015f950 gethostname
0x14015f958 sendto
0x14015f960 recvfrom
0x14015f968 freeaddrinfo
0x14015f970 getaddrinfo
0x14015f978 select
0x14015f980 __WSAFDIsSet
0x14015f988 ioctlsocket
0x14015f990 listen
0x14015f998 closesocket
Normaliz.dll
0x14015f5e0 IdnToAscii
CRYPT32.dll
0x14015f0b8 CertFreeCertificateChain
0x14015f0c0 CertGetCertificateChain
0x14015f0c8 CertFreeCertificateChainEngine
0x14015f0d0 CertCreateCertificateChainEngine
0x14015f0d8 CryptQueryObject
0x14015f0e0 CertGetNameStringA
0x14015f0e8 CertFindExtension
0x14015f0f0 CertAddCertificateContextToStore
0x14015f0f8 PFXImportCertStore
0x14015f100 CryptStringToBinaryA
0x14015f108 CertFreeCertificateContext
0x14015f110 CertFindCertificateInStore
0x14015f118 CertEnumCertificatesInStore
0x14015f120 CertCloseStore
0x14015f128 CryptDecodeObjectEx
0x14015f130 CertOpenStore
WLDAP32.dll
0x14015f820 None
0x14015f828 None
0x14015f830 None
0x14015f838 None
0x14015f840 None
0x14015f848 None
0x14015f850 None
0x14015f858 None
0x14015f860 None
0x14015f868 None
0x14015f870 None
0x14015f878 None
0x14015f880 None
0x14015f888 None
0x14015f890 None
0x14015f898 None
0x14015f8a0 None
0x14015f8a8 None
ntdll.dll
0x14015fd98 ZwReadVirtualMemory
0x14015fda0 ZwWriteVirtualMemory
IMM32.dll
0x14015f150 ImmSetCompositionWindow
0x14015f158 ImmSetCandidateWindow
0x14015f160 ImmGetContext
0x14015f168 ImmReleaseContext
D3DCOMPILER_43.dll
0x14015f140 D3DCompile
dwmapi.dll
0x14015fd88 DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll
0x14015f810 __CxxFrameHandler4
VCRUNTIME140.dll
0x14015f780 strrchr
0x14015f788 _CxxThrowException
0x14015f790 __intrinsic_setjmp
0x14015f798 __current_exception_context
0x14015f7a0 __current_exception
0x14015f7a8 __C_specific_handler
0x14015f7b0 memcmp
0x14015f7b8 __std_exception_destroy
0x14015f7c0 __std_exception_copy
0x14015f7c8 __std_terminate
0x14015f7d0 strstr
0x14015f7d8 strchr
0x14015f7e0 memset
0x14015f7e8 longjmp
0x14015f7f0 memcpy
0x14015f7f8 memmove
0x14015f800 memchr
api-ms-win-crt-heap-l1-1-0.dll
0x14015fa30 _set_new_mode
0x14015fa38 realloc
0x14015fa40 malloc
0x14015fa48 free
0x14015fa50 calloc
0x14015fa58 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x14015faf8 _exit
0x14015fb00 terminate
0x14015fb08 _invalid_parameter_noinfo_noreturn
0x14015fb10 _initterm_e
0x14015fb18 _initterm
0x14015fb20 _getpid
0x14015fb28 _beginthreadex
0x14015fb30 __sys_nerr
0x14015fb38 strerror
0x14015fb40 _get_narrow_winmain_command_line
0x14015fb48 _configure_narrow_argv
0x14015fb50 _errno
0x14015fb58 _set_app_type
0x14015fb60 exit
0x14015fb68 _register_thread_local_exe_atexit_callback
0x14015fb70 _seh_filter_exe
0x14015fb78 _cexit
0x14015fb80 _initialize_narrow_environment
0x14015fb88 _initialize_onexit_table
0x14015fb90 _crt_atexit
0x14015fb98 _register_onexit_function
0x14015fba0 _c_exit
api-ms-win-crt-string-l1-1-0.dll
0x14015fcb0 strncpy
0x14015fcb8 strncmp
0x14015fcc0 strcpy_s
0x14015fcc8 _wcsicmp
0x14015fcd0 strcmp
0x14015fcd8 tolower
0x14015fce0 strpbrk
0x14015fce8 _stricmp
0x14015fcf0 strcspn
0x14015fcf8 strspn
0x14015fd00 isupper
0x14015fd08 _strdup
0x14015fd10 toupper
api-ms-win-crt-convert-l1-1-0.dll
0x14015f9a8 strtoll
0x14015f9b0 strtol
0x14015f9b8 strtoull
0x14015f9c0 atof
0x14015f9c8 strtoul
0x14015f9d0 strtod
0x14015f9d8 atoi
api-ms-win-crt-stdio-l1-1-0.dll
0x14015fbb0 fputc
0x14015fbb8 _open
0x14015fbc0 fclose
0x14015fbc8 _close
0x14015fbd0 _write
0x14015fbd8 __stdio_common_vsprintf_s
0x14015fbe0 _read
0x14015fbe8 _lseeki64
0x14015fbf0 fgetc
0x14015fbf8 fgets
0x14015fc00 __p__commode
0x14015fc08 _set_fmode
0x14015fc10 feof
0x14015fc18 fwrite
0x14015fc20 fputs
0x14015fc28 fopen
0x14015fc30 __stdio_common_vsprintf
0x14015fc38 fgetpos
0x14015fc40 setvbuf
0x14015fc48 ungetc
0x14015fc50 __stdio_common_vsscanf
0x14015fc58 _wfopen
0x14015fc60 fsetpos
0x14015fc68 fread
0x14015fc70 __stdio_common_vfprintf
0x14015fc78 fseek
0x14015fc80 __acrt_iob_func
0x14015fc88 ftell
0x14015fc90 fflush
0x14015fc98 _get_stream_buffer_pointers
0x14015fca0 _fseeki64
api-ms-win-crt-math-l1-1-0.dll
0x14015fa80 powf
0x14015fa88 sinf
0x14015fa90 sqrt
0x14015fa98 sqrtf
0x14015faa0 fmodf
0x14015faa8 atan2f
0x14015fab0 _hypotf
0x14015fab8 __setusermatherr
0x14015fac0 ceilf
0x14015fac8 cosf
0x14015fad0 _dsign
0x14015fad8 acosf
api-ms-win-crt-filesystem-l1-1-0.dll
0x14015f9f8 _stat64
0x14015fa00 _access
0x14015fa08 _unlock_file
0x14015fa10 _fstat64
0x14015fa18 _lock_file
0x14015fa20 _unlink
api-ms-win-crt-locale-l1-1-0.dll
0x14015fa68 localeconv
0x14015fa70 _configthreadlocale
api-ms-win-crt-environment-l1-1-0.dll
0x14015f9e8 getenv
api-ms-win-crt-multibyte-l1-1-0.dll
0x14015fae8 _mbsicmp
api-ms-win-crt-utility-l1-1-0.dll
0x14015fd38 qsort
api-ms-win-crt-time-l1-1-0.dll
0x14015fd20 _gmtime64
0x14015fd28 _time64
EAT(Export Address Table) is none
d3dx9_43.dll
0x14015fd68 D3DXMatrixTranspose
0x14015fd70 D3DXVec3Transform
0x14015fd78 D3DXVec3Normalize
d3d11.dll
0x14015fd48 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x14015fd58 D3DX11CreateShaderResourceViewFromMemory
KERNEL32.dll
0x14015f178 DeleteCriticalSection
0x14015f180 SleepEx
0x14015f188 GetSystemDirectoryA
0x14015f190 VerifyVersionInfoA
0x14015f198 GetTickCount
0x14015f1a0 MoveFileExA
0x14015f1a8 WaitForSingleObjectEx
0x14015f1b0 GetEnvironmentVariableA
0x14015f1b8 GetStdHandle
0x14015f1c0 GetFileType
0x14015f1c8 PeekNamedPipe
0x14015f1d0 WaitForMultipleObjects
0x14015f1d8 SetLastError
0x14015f1e0 FormatMessageA
0x14015f1e8 ReleaseSRWLockExclusive
0x14015f1f0 AcquireSRWLockExclusive
0x14015f1f8 SleepConditionVariableSRW
0x14015f200 GetCurrentThreadId
0x14015f208 WakeAllConditionVariable
0x14015f210 RtlCaptureContext
0x14015f218 RtlLookupFunctionEntry
0x14015f220 RtlVirtualUnwind
0x14015f228 UnhandledExceptionFilter
0x14015f230 SetUnhandledExceptionFilter
0x14015f238 TerminateProcess
0x14015f240 IsProcessorFeaturePresent
0x14015f248 IsDebuggerPresent
0x14015f250 GetStartupInfoW
0x14015f258 GetModuleHandleW
0x14015f260 GetCurrentProcessId
0x14015f268 GetSystemTimeAsFileTime
0x14015f270 LeaveCriticalSection
0x14015f278 GetLocaleInfoA
0x14015f280 WideCharToMultiByte
0x14015f288 GlobalFree
0x14015f290 MultiByteToWideChar
0x14015f298 GetStartupInfoA
0x14015f2a0 GetProcAddress
0x14015f2a8 LoadLibraryA
0x14015f2b0 GetCommandLineA
0x14015f2b8 GetModuleHandleA
0x14015f2c0 GlobalUnlock
0x14015f2c8 EnterCriticalSection
0x14015f2d0 CreateFileMappingA
0x14015f2d8 UnmapViewOfFile
0x14015f2e0 MapViewOfFile
0x14015f2e8 CreateFileA
0x14015f2f0 Process32FirstW
0x14015f2f8 ExitProcess
0x14015f300 LocalFree
0x14015f308 GlobalLock
0x14015f310 Beep
0x14015f318 GlobalAlloc
0x14015f320 GetLastError
0x14015f328 Sleep
0x14015f330 GetCurrentProcess
0x14015f338 ReadProcessMemory
0x14015f340 VirtualProtectEx
0x14015f348 CloseHandle
0x14015f350 Process32Next
0x14015f358 K32GetModuleFileNameExA
0x14015f360 InitializeCriticalSectionEx
0x14015f368 Process32NextW
0x14015f370 GetFileSizeEx
0x14015f378 ReadFile
0x14015f380 HeapAlloc
0x14015f388 HeapFree
0x14015f390 VirtualAllocEx
0x14015f398 VirtualFreeEx
0x14015f3a0 Process32First
0x14015f3a8 Module32Next
0x14015f3b0 Module32First
0x14015f3b8 OpenProcess
0x14015f3c0 CreateToolhelp32Snapshot
0x14015f3c8 QueryPerformanceFrequency
0x14015f3d0 QueryPerformanceCounter
0x14015f3d8 FreeLibrary
0x14015f3e0 VerSetConditionMask
0x14015f3e8 InitializeSListHead
USER32.dll
0x14015f5f0 RegisterClassExW
0x14015f5f8 UnregisterClassW
0x14015f600 CallNextHookEx
0x14015f608 ShowWindow
0x14015f610 DestroyWindow
0x14015f618 UnhookWindowsHookEx
0x14015f620 GetWindowRect
0x14015f628 GetForegroundWindow
0x14015f630 SetWindowsHookExA
0x14015f638 MessageBoxA
0x14015f640 PostMessageA
0x14015f648 DispatchMessageA
0x14015f650 GetCursorPos
0x14015f658 SetCursorPos
0x14015f660 ReleaseCapture
0x14015f668 DefWindowProcA
0x14015f670 SetLayeredWindowAttributes
0x14015f678 GetAsyncKeyState
0x14015f680 IsWindowUnicode
0x14015f688 TranslateMessage
0x14015f690 PeekMessageA
0x14015f698 GetWindowLongPtrA
0x14015f6a0 GetClientRect
0x14015f6a8 SetCursor
0x14015f6b0 SetCapture
0x14015f6b8 PostQuitMessage
0x14015f6c0 GetKeyboardLayout
0x14015f6c8 TrackMouseEvent
0x14015f6d0 FindWindowA
0x14015f6d8 ClientToScreen
0x14015f6e0 UpdateWindow
0x14015f6e8 GetCapture
0x14015f6f0 ScreenToClient
0x14015f6f8 OpenClipboard
0x14015f700 LoadCursorA
0x14015f708 GetMessageExtraInfo
0x14015f710 GetKeyState
0x14015f718 SetWindowLongA
0x14015f720 GetWindowTextW
0x14015f728 MoveWindow
0x14015f730 GetWindow
0x14015f738 CloseClipboard
0x14015f740 mouse_event
0x14015f748 SetClipboardData
0x14015f750 GetClipboardData
0x14015f758 GetWindowThreadProcessId
0x14015f760 EmptyClipboard
0x14015f768 GetTopWindow
0x14015f770 SetWindowDisplayAffinity
ADVAPI32.dll
0x14015f000 RegGetValueA
0x14015f008 CryptReleaseContext
0x14015f010 CryptGetHashParam
0x14015f018 CryptGenRandom
0x14015f020 CryptCreateHash
0x14015f028 CryptHashData
0x14015f030 CryptDestroyHash
0x14015f038 CryptDestroyKey
0x14015f040 CryptImportKey
0x14015f048 CryptEncrypt
0x14015f050 GetTokenInformation
0x14015f058 OpenProcessToken
0x14015f060 AdjustTokenPrivileges
0x14015f068 ConvertSidToStringSidA
0x14015f070 DuplicateTokenEx
0x14015f078 SetThreadToken
0x14015f080 RevertToSelf
0x14015f088 CreateProcessAsUserA
0x14015f090 LookupPrivilegeValueA
0x14015f098 PrivilegeCheck
0x14015f0a0 SetTokenInformation
0x14015f0a8 CryptAcquireContextA
ole32.dll
0x14015fdb0 CoInitializeEx
MSVCP140.dll
0x14015f3f8 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f400 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x14015f408 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f410 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14015f418 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14015f420 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x14015f428 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f430 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x14015f438 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x14015f440 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x14015f448 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x14015f450 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x14015f458 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x14015f460 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x14015f468 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x14015f470 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x14015f478 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f480 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f488 ??Bios_base@std@@QEBA_NXZ
0x14015f490 ?uncaught_exceptions@std@@YAHXZ
0x14015f498 ?_Xbad_function_call@std@@YAXXZ
0x14015f4a0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x14015f4a8 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x14015f4b0 _Cnd_do_broadcast_at_thread_exit
0x14015f4b8 _Thrd_detach
0x14015f4c0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x14015f4c8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x14015f4d0 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x14015f4d8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x14015f4e0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x14015f4e8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x14015f4f0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x14015f4f8 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x14015f500 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x14015f508 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x14015f510 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14015f518 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14015f520 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x14015f528 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x14015f530 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x14015f538 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14015f540 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
0x14015f548 ?good@ios_base@std@@QEBA_NXZ
0x14015f550 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x14015f558 ??7ios_base@std@@QEBA_NXZ
0x14015f560 ?_Xout_of_range@std@@YAXPEBD@Z
0x14015f568 ?_Id_cnt@id@locale@std@@0HA
0x14015f570 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x14015f578 ??0_Lockit@std@@QEAA@H@Z
0x14015f580 ??1_Lockit@std@@QEAA@XZ
0x14015f588 ?_Random_device@std@@YAIXZ
0x14015f590 _Mtx_unlock
0x14015f598 _Mtx_lock
0x14015f5a0 ?_Xlength_error@std@@YAXPEBD@Z
0x14015f5a8 ?_Throw_Cpp_error@std@@YAXH@Z
0x14015f5b0 _Query_perf_counter
0x14015f5b8 ?_Xbad_alloc@std@@YAXXZ
0x14015f5c0 _Query_perf_frequency
0x14015f5c8 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x14015f5d0 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
WS2_32.dll
0x14015f8b8 htonl
0x14015f8c0 recv
0x14015f8c8 send
0x14015f8d0 WSAGetLastError
0x14015f8d8 ind
0x14015f8e0 connect
0x14015f8e8 getpeername
0x14015f8f0 getsockname
0x14015f8f8 getsockopt
0x14015f900 htons
0x14015f908 ntohs
0x14015f910 setsockopt
0x14015f918 socket
0x14015f920 WSASetLastError
0x14015f928 WSAIoctl
0x14015f930 WSAStartup
0x14015f938 WSACleanup
0x14015f940 accept
0x14015f948 ntohl
0x14015f950 gethostname
0x14015f958 sendto
0x14015f960 recvfrom
0x14015f968 freeaddrinfo
0x14015f970 getaddrinfo
0x14015f978 select
0x14015f980 __WSAFDIsSet
0x14015f988 ioctlsocket
0x14015f990 listen
0x14015f998 closesocket
Normaliz.dll
0x14015f5e0 IdnToAscii
CRYPT32.dll
0x14015f0b8 CertFreeCertificateChain
0x14015f0c0 CertGetCertificateChain
0x14015f0c8 CertFreeCertificateChainEngine
0x14015f0d0 CertCreateCertificateChainEngine
0x14015f0d8 CryptQueryObject
0x14015f0e0 CertGetNameStringA
0x14015f0e8 CertFindExtension
0x14015f0f0 CertAddCertificateContextToStore
0x14015f0f8 PFXImportCertStore
0x14015f100 CryptStringToBinaryA
0x14015f108 CertFreeCertificateContext
0x14015f110 CertFindCertificateInStore
0x14015f118 CertEnumCertificatesInStore
0x14015f120 CertCloseStore
0x14015f128 CryptDecodeObjectEx
0x14015f130 CertOpenStore
WLDAP32.dll
0x14015f820 None
0x14015f828 None
0x14015f830 None
0x14015f838 None
0x14015f840 None
0x14015f848 None
0x14015f850 None
0x14015f858 None
0x14015f860 None
0x14015f868 None
0x14015f870 None
0x14015f878 None
0x14015f880 None
0x14015f888 None
0x14015f890 None
0x14015f898 None
0x14015f8a0 None
0x14015f8a8 None
ntdll.dll
0x14015fd98 ZwReadVirtualMemory
0x14015fda0 ZwWriteVirtualMemory
IMM32.dll
0x14015f150 ImmSetCompositionWindow
0x14015f158 ImmSetCandidateWindow
0x14015f160 ImmGetContext
0x14015f168 ImmReleaseContext
D3DCOMPILER_43.dll
0x14015f140 D3DCompile
dwmapi.dll
0x14015fd88 DwmExtendFrameIntoClientArea
VCRUNTIME140_1.dll
0x14015f810 __CxxFrameHandler4
VCRUNTIME140.dll
0x14015f780 strrchr
0x14015f788 _CxxThrowException
0x14015f790 __intrinsic_setjmp
0x14015f798 __current_exception_context
0x14015f7a0 __current_exception
0x14015f7a8 __C_specific_handler
0x14015f7b0 memcmp
0x14015f7b8 __std_exception_destroy
0x14015f7c0 __std_exception_copy
0x14015f7c8 __std_terminate
0x14015f7d0 strstr
0x14015f7d8 strchr
0x14015f7e0 memset
0x14015f7e8 longjmp
0x14015f7f0 memcpy
0x14015f7f8 memmove
0x14015f800 memchr
api-ms-win-crt-heap-l1-1-0.dll
0x14015fa30 _set_new_mode
0x14015fa38 realloc
0x14015fa40 malloc
0x14015fa48 free
0x14015fa50 calloc
0x14015fa58 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x14015faf8 _exit
0x14015fb00 terminate
0x14015fb08 _invalid_parameter_noinfo_noreturn
0x14015fb10 _initterm_e
0x14015fb18 _initterm
0x14015fb20 _getpid
0x14015fb28 _beginthreadex
0x14015fb30 __sys_nerr
0x14015fb38 strerror
0x14015fb40 _get_narrow_winmain_command_line
0x14015fb48 _configure_narrow_argv
0x14015fb50 _errno
0x14015fb58 _set_app_type
0x14015fb60 exit
0x14015fb68 _register_thread_local_exe_atexit_callback
0x14015fb70 _seh_filter_exe
0x14015fb78 _cexit
0x14015fb80 _initialize_narrow_environment
0x14015fb88 _initialize_onexit_table
0x14015fb90 _crt_atexit
0x14015fb98 _register_onexit_function
0x14015fba0 _c_exit
api-ms-win-crt-string-l1-1-0.dll
0x14015fcb0 strncpy
0x14015fcb8 strncmp
0x14015fcc0 strcpy_s
0x14015fcc8 _wcsicmp
0x14015fcd0 strcmp
0x14015fcd8 tolower
0x14015fce0 strpbrk
0x14015fce8 _stricmp
0x14015fcf0 strcspn
0x14015fcf8 strspn
0x14015fd00 isupper
0x14015fd08 _strdup
0x14015fd10 toupper
api-ms-win-crt-convert-l1-1-0.dll
0x14015f9a8 strtoll
0x14015f9b0 strtol
0x14015f9b8 strtoull
0x14015f9c0 atof
0x14015f9c8 strtoul
0x14015f9d0 strtod
0x14015f9d8 atoi
api-ms-win-crt-stdio-l1-1-0.dll
0x14015fbb0 fputc
0x14015fbb8 _open
0x14015fbc0 fclose
0x14015fbc8 _close
0x14015fbd0 _write
0x14015fbd8 __stdio_common_vsprintf_s
0x14015fbe0 _read
0x14015fbe8 _lseeki64
0x14015fbf0 fgetc
0x14015fbf8 fgets
0x14015fc00 __p__commode
0x14015fc08 _set_fmode
0x14015fc10 feof
0x14015fc18 fwrite
0x14015fc20 fputs
0x14015fc28 fopen
0x14015fc30 __stdio_common_vsprintf
0x14015fc38 fgetpos
0x14015fc40 setvbuf
0x14015fc48 ungetc
0x14015fc50 __stdio_common_vsscanf
0x14015fc58 _wfopen
0x14015fc60 fsetpos
0x14015fc68 fread
0x14015fc70 __stdio_common_vfprintf
0x14015fc78 fseek
0x14015fc80 __acrt_iob_func
0x14015fc88 ftell
0x14015fc90 fflush
0x14015fc98 _get_stream_buffer_pointers
0x14015fca0 _fseeki64
api-ms-win-crt-math-l1-1-0.dll
0x14015fa80 powf
0x14015fa88 sinf
0x14015fa90 sqrt
0x14015fa98 sqrtf
0x14015faa0 fmodf
0x14015faa8 atan2f
0x14015fab0 _hypotf
0x14015fab8 __setusermatherr
0x14015fac0 ceilf
0x14015fac8 cosf
0x14015fad0 _dsign
0x14015fad8 acosf
api-ms-win-crt-filesystem-l1-1-0.dll
0x14015f9f8 _stat64
0x14015fa00 _access
0x14015fa08 _unlock_file
0x14015fa10 _fstat64
0x14015fa18 _lock_file
0x14015fa20 _unlink
api-ms-win-crt-locale-l1-1-0.dll
0x14015fa68 localeconv
0x14015fa70 _configthreadlocale
api-ms-win-crt-environment-l1-1-0.dll
0x14015f9e8 getenv
api-ms-win-crt-multibyte-l1-1-0.dll
0x14015fae8 _mbsicmp
api-ms-win-crt-utility-l1-1-0.dll
0x14015fd38 qsort
api-ms-win-crt-time-l1-1-0.dll
0x14015fd20 _gmtime64
0x14015fd28 _time64
EAT(Export Address Table) is none