ScreenShot
| Created | 2025.04.13 15:33 | Machine | s1_win7_x6401 |
| Filename | SQL.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (Lumma, Malicious, score, Ghanarava, Lazy, Unsafe, Attribute, HighConfidence, MalwareX, l46WStEsZTT, kogty, Detected, Wacatac, ABSpyware, WVGK, SpywareX, R698117, Artemis, R002H09DB25, QQPass, QQRob, Gplw, Filecoder) | ||
| md5 | ef0e5882c8bcad3643d51d16c2f5500c | ||
| sha256 | b869941a9c476585bbb8f48f7003d158c71e44038ceb2628cedb231493847775 | ||
| ssdeep | 196608:drUAnbsgUn5Qs3G9cnoY6VLBlv7pJIsVnhO:lLnIzn5Qs3GynoY6VLBlv7pJIW | ||
| imphash | ff2e2d6e94a06331d9e16276dcb3d9f1 | ||
| impfuzzy | 192:urtklO93t5lvJSmXSWyXjMaiFwzWHLW0QV9gu:g/tvJSmXzyXaUqjQTgu | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Starts servers listening |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (11cnts) ?
Suricata ids
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
ET MALWARE Aurotun Stealer CnC Checkin
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
ET POLICY External IP Lookup ip-api.com
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
ET MALWARE Aurotun Stealer CnC Checkin
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
ET POLICY External IP Lookup ip-api.com
PE API
IAT(Import Address Table) Library
ole32.dll
0x140833a90 CoInitialize
0x140833a98 StgCreateDocfile
0x140833aa0 CoTaskMemFree
0x140833aa8 CoCreateInstance
0x140833ab0 CoUninitialize
USER32.dll
0x1408338a0 GetProcessWindowStation
0x1408338a8 GetUserObjectInformationW
0x1408338b0 MessageBoxW
0x1408338b8 LoadStringA
WS2_32.dll
0x1408338c8 __WSAFDIsSet
0x1408338d0 inet_ntop
0x1408338d8 WSAWaitForMultipleEvents
0x1408338e0 WSAResetEvent
0x1408338e8 WSAEventSelect
0x1408338f0 WSAEnumNetworkEvents
0x1408338f8 WSACreateEvent
0x140833900 WSACloseEvent
0x140833908 WSAIoctl
0x140833910 inet_pton
0x140833918 sendto
0x140833920 recvfrom
0x140833928 getpeername
0x140833930 gethostname
0x140833938 listen
0x140833940 ind
0x140833948 accept
0x140833950 send
0x140833958 recv
0x140833960 getservbyname
0x140833968 getservbyport
0x140833970 gethostbyaddr
0x140833978 inet_ntoa
0x140833980 inet_addr
0x140833988 gethostbyname
0x140833990 getsockname
0x140833998 shutdown
0x1408339a0 ntohs
0x1408339a8 freeaddrinfo
0x1408339b0 getaddrinfo
0x1408339b8 WSAStringToAddressW
0x1408339c0 WSASocketW
0x1408339c8 WSARecv
0x1408339d0 WSASetLastError
0x1408339d8 select
0x1408339e0 ntohl
0x1408339e8 htons
0x1408339f0 htonl
0x1408339f8 getsockopt
0x140833a00 connect
0x140833a08 WSASend
0x140833a10 WSAGetLastError
0x140833a18 WSACleanup
0x140833a20 WSAStartup
0x140833a28 setsockopt
0x140833a30 ioctlsocket
0x140833a38 closesocket
0x140833a40 socket
crypt.dll
0x140833a50 BCryptGenRandom
ADVAPI32.dll
0x140833000 CryptDestroyKey
0x140833008 RegOpenKeyExW
0x140833010 RegGetValueW
0x140833018 RegEnumKeyExW
0x140833020 RegQueryInfoKeyW
0x140833028 RegSetValueExW
0x140833030 RegEnumValueW
0x140833038 SystemFunction036
0x140833040 CryptAcquireContextA
0x140833048 CryptReleaseContext
0x140833050 CryptGenRandom
0x140833058 CryptEnumProvidersA
0x140833060 CryptAcquireContextW
0x140833068 DeregisterEventSource
0x140833070 RegisterEventSourceW
0x140833078 ReportEventW
0x140833080 CryptGetHashParam
0x140833088 CryptCreateHash
0x140833090 CryptHashData
0x140833098 CryptEncrypt
0x1408330a0 CryptImportKey
0x1408330a8 RegCloseKey
0x1408330b0 CryptDestroyHash
KERNEL32.dll
0x140833150 InterlockedFlushSList
0x140833158 InterlockedPushEntrySList
0x140833160 InterlockedPopEntrySList
0x140833168 DuplicateHandle
0x140833170 LoadLibraryExW
0x140833178 FreeLibraryAndExitThread
0x140833180 GetThreadTimes
0x140833188 GetCurrentThread
0x140833190 GetStartupInfoW
0x140833198 IsDebuggerPresent
0x1408331a0 InitializeSListHead
0x1408331a8 IsProcessorFeaturePresent
0x1408331b0 SetUnhandledExceptionFilter
0x1408331b8 UnhandledExceptionFilter
0x1408331c0 LCMapStringEx
0x1408331c8 GetCPInfo
0x1408331d0 CompareStringEx
0x1408331d8 DecodePointer
0x1408331e0 EncodePointer
0x1408331e8 CloseThreadpoolWait
0x1408331f0 SetThreadpoolWait
0x1408331f8 QueryDepthSList
0x140833200 SignalObjectAndWait
0x140833208 CreateThread
0x140833210 GetThreadPriority
0x140833218 GetCurrentProcessorNumberEx
0x140833220 GetLogicalProcessorInformationEx
0x140833228 GetNumaHighestNodeNumber
0x140833230 GetThreadGroupAffinity
0x140833238 SetThreadGroupAffinity
0x140833240 GetProcessAffinityMask
0x140833248 ExitThread
0x140833250 ResumeThread
0x140833258 SetConsoleCtrlHandler
0x140833260 ExitProcess
0x140833268 GetDriveTypeW
0x140833270 SystemTimeToTzSpecificLocalTime
0x140833278 FileTimeToSystemTime
0x140833280 GetLastError
0x140833288 FormatMessageA
0x140833290 FormatMessageW
0x140833298 WideCharToMultiByte
0x1408332a0 LocalFree
0x1408332a8 CloseHandle
0x1408332b0 SetLastError
0x1408332b8 CreateIoCompletionPort
0x1408332c0 GetQueuedCompletionStatus
0x1408332c8 PostQueuedCompletionStatus
0x1408332d0 EnterCriticalSection
0x1408332d8 LeaveCriticalSection
0x1408332e0 InitializeCriticalSectionAndSpinCount
0x1408332e8 DeleteCriticalSection
0x1408332f0 SetEvent
0x1408332f8 WaitForSingleObject
0x140833300 SleepEx
0x140833308 CreateEventW
0x140833310 SetWaitableTimer
0x140833318 WaitForMultipleObjects
0x140833320 QueueUserAPC
0x140833328 TerminateThread
0x140833330 MultiByteToWideChar
0x140833338 FreeLibrary
0x140833340 LoadLibraryA
0x140833348 LCMapStringA
0x140833350 GetUserDefaultLCID
0x140833358 GetStringTypeExA
0x140833360 InitializeCriticalSectionEx
0x140833368 CreateWaitableTimerW
0x140833370 InitializeCriticalSection
0x140833378 Sleep
0x140833380 GetSystemInfo
0x140833388 VirtualFree
0x140833390 GetEnvironmentVariableW
0x140833398 GetCurrentDirectoryW
0x1408333a0 CreateDirectoryW
0x1408333a8 CreateFileW
0x1408333b0 DeleteFileW
0x1408333b8 FlushFileBuffers
0x1408333c0 GetFileAttributesW
0x1408333c8 GetFileInformationByHandle
0x1408333d0 GetFileTime
0x1408333d8 GetFullPathNameW
0x1408333e0 RemoveDirectoryW
0x1408333e8 SetEndOfFile
0x1408333f0 SetFileAttributesW
0x1408333f8 SetFilePointerEx
0x140833400 DeviceIoControl
0x140833408 GetWindowsDirectoryW
0x140833410 GetModuleHandleW
0x140833418 SetStdHandle
0x140833420 CreateDirectoryExW
0x140833428 CopyFileExW
0x140833430 MoveFileExW
0x140833438 AreFileApisANSI
0x140833440 DeleteFileA
0x140833448 GetTempPathA
0x140833450 GetTempFileNameA
0x140833458 FlsAlloc
0x140833460 FlsGetValue
0x140833468 FlsSetValue
0x140833470 FlsFree
0x140833478 GetCurrentProcess
0x140833480 GetExitCodeProcess
0x140833488 GetNativeSystemInfo
0x140833490 GetModuleFileNameA
0x140833498 GetModuleFileNameW
0x1408334a0 GetModuleHandleExA
0x1408334a8 CreateFileA
0x1408334b0 GetFileAttributesExA
0x1408334b8 LockFileEx
0x1408334c0 UnlockFileEx
0x1408334c8 LoadLibraryW
0x1408334d0 FindClose
0x1408334d8 ResetEvent
0x1408334e0 CreateEventA
0x1408334e8 GetTickCount
0x1408334f0 QueryPerformanceCounter
0x1408334f8 MapViewOfFile
0x140833500 CreateFileMappingW
0x140833508 GetSystemTime
0x140833510 GetSystemTimeAsFileTime
0x140833518 SystemTimeToFileTime
0x140833520 GetProcessHeap
0x140833528 GetCurrentProcessId
0x140833530 GetFileSize
0x140833538 UnlockFile
0x140833540 HeapDestroy
0x140833548 HeapCompact
0x140833550 HeapAlloc
0x140833558 HeapReAlloc
0x140833560 WaitForSingleObjectEx
0x140833568 FlushViewOfFile
0x140833570 OutputDebugStringW
0x140833578 GetFileAttributesExW
0x140833580 GetFileAttributesA
0x140833588 GetDiskFreeSpaceA
0x140833590 CreateThreadpoolWait
0x140833598 HeapValidate
0x1408335a0 UnmapViewOfFile
0x1408335a8 CreateMutexW
0x1408335b0 GetTempPathW
0x1408335b8 GetFullPathNameA
0x1408335c0 SetFilePointer
0x1408335c8 LockFile
0x1408335d0 OutputDebugStringA
0x1408335d8 GetDiskFreeSpaceW
0x1408335e0 WriteFile
0x1408335e8 HeapFree
0x1408335f0 HeapCreate
0x1408335f8 ReadFile
0x140833600 RaiseException
0x140833608 TryEnterCriticalSection
0x140833610 GetCurrentThreadId
0x140833618 RtlVirtualUnwind
0x140833620 GetStdHandle
0x140833628 GetFileType
0x140833630 TlsAlloc
0x140833638 TlsGetValue
0x140833640 TlsSetValue
0x140833648 TlsFree
0x140833650 GetModuleHandleExW
0x140833658 GetACP
0x140833660 ReleaseSemaphore
0x140833668 GetExitCodeThread
0x140833670 CreateSemaphoreA
0x140833678 GetSystemDirectoryA
0x140833680 TerminateProcess
0x140833688 GetConsoleMode
0x140833690 SetConsoleMode
0x140833698 ReadConsoleA
0x1408336a0 ReadConsoleW
0x1408336a8 FindFirstFileW
0x1408336b0 FindNextFileW
0x1408336b8 InitializeConditionVariable
0x1408336c0 WakeConditionVariable
0x1408336c8 SleepConditionVariableCS
0x1408336d0 SetThreadPriority
0x1408336d8 GetFileSizeEx
0x1408336e0 CreateFileMappingA
0x1408336e8 ReleaseSRWLockExclusive
0x1408336f0 AcquireSRWLockExclusive
0x1408336f8 QueryPerformanceFrequency
0x140833700 GetSystemDirectoryW
0x140833708 GetEnvironmentVariableA
0x140833710 VerSetConditionMask
0x140833718 GetModuleHandleA
0x140833720 VerifyVersionInfoW
0x140833728 PeekNamedPipe
0x140833730 CloseThreadpoolTimer
0x140833738 WaitForThreadpoolTimerCallbacks
0x140833740 SetThreadpoolTimer
0x140833748 CreateThreadpoolTimer
0x140833750 FreeLibraryWhenCallbackReturns
0x140833758 FlushProcessWriteBuffers
0x140833760 CreateSemaphoreExW
0x140833768 CreateEventExW
0x140833770 SetEnvironmentVariableW
0x140833778 GetConsoleOutputCP
0x140833780 GetDateFormatW
0x140833788 GetTimeFormatW
0x140833790 CompareStringW
0x140833798 LCMapStringW
0x1408337a0 GetLocaleInfoW
0x1408337a8 IsValidLocale
0x1408337b0 EnumSystemLocalesW
0x1408337b8 GetTimeZoneInformation
0x1408337c0 IsValidCodePage
0x1408337c8 WriteConsoleW
0x1408337d0 GetOEMCP
0x1408337d8 GetCommandLineA
0x1408337e0 GetCommandLineW
0x1408337e8 GetEnvironmentStringsW
0x1408337f0 GetProcAddress
0x1408337f8 HeapSize
0x140833800 SwitchToThread
0x140833808 ReleaseSRWLockShared
0x140833810 AcquireSRWLockShared
0x140833818 TryAcquireSRWLockExclusive
0x140833820 SleepConditionVariableSRW
0x140833828 GetTickCount64
0x140833830 GetStringTypeW
0x140833838 WakeAllConditionVariable
0x140833840 GetLocaleInfoEx
0x140833848 FindFirstFileExW
0x140833850 FreeEnvironmentStringsW
OLEAUT32.dll
0x140833860 OleCreatePropertyFrame
0x140833868 SysAllocStringByteLen
0x140833870 SysStringByteLen
0x140833878 VariantClear
0x140833880 VariantInit
0x140833888 SysFreeString
0x140833890 SysAllocString
ntdll.dll
0x140833a60 RtlPcToFileHeader
0x140833a68 RtlCaptureContext
0x140833a70 RtlLookupFunctionEntry
0x140833a78 RtlUnwindEx
0x140833a80 RtlUnwind
CRYPT32.dll
0x1408330c0 CertGetCertificateChain
0x1408330c8 CertCloseStore
0x1408330d0 CertFindCertificateInStore
0x1408330d8 CertFreeCertificateContext
0x1408330e0 CertOpenSystemStoreW
0x1408330e8 CertOpenStore
0x1408330f0 CertEnumCertificatesInStore
0x1408330f8 CryptStringToBinaryW
0x140833100 PFXImportCertStore
0x140833108 CryptDecodeObjectEx
0x140833110 CertAddCertificateContextToStore
0x140833118 CertFindExtension
0x140833120 CertGetNameStringW
0x140833128 CryptQueryObject
0x140833130 CertCreateCertificateChainEngine
0x140833138 CertFreeCertificateChainEngine
0x140833140 CertFreeCertificateChain
EAT(Export Address Table) is none
ole32.dll
0x140833a90 CoInitialize
0x140833a98 StgCreateDocfile
0x140833aa0 CoTaskMemFree
0x140833aa8 CoCreateInstance
0x140833ab0 CoUninitialize
USER32.dll
0x1408338a0 GetProcessWindowStation
0x1408338a8 GetUserObjectInformationW
0x1408338b0 MessageBoxW
0x1408338b8 LoadStringA
WS2_32.dll
0x1408338c8 __WSAFDIsSet
0x1408338d0 inet_ntop
0x1408338d8 WSAWaitForMultipleEvents
0x1408338e0 WSAResetEvent
0x1408338e8 WSAEventSelect
0x1408338f0 WSAEnumNetworkEvents
0x1408338f8 WSACreateEvent
0x140833900 WSACloseEvent
0x140833908 WSAIoctl
0x140833910 inet_pton
0x140833918 sendto
0x140833920 recvfrom
0x140833928 getpeername
0x140833930 gethostname
0x140833938 listen
0x140833940 ind
0x140833948 accept
0x140833950 send
0x140833958 recv
0x140833960 getservbyname
0x140833968 getservbyport
0x140833970 gethostbyaddr
0x140833978 inet_ntoa
0x140833980 inet_addr
0x140833988 gethostbyname
0x140833990 getsockname
0x140833998 shutdown
0x1408339a0 ntohs
0x1408339a8 freeaddrinfo
0x1408339b0 getaddrinfo
0x1408339b8 WSAStringToAddressW
0x1408339c0 WSASocketW
0x1408339c8 WSARecv
0x1408339d0 WSASetLastError
0x1408339d8 select
0x1408339e0 ntohl
0x1408339e8 htons
0x1408339f0 htonl
0x1408339f8 getsockopt
0x140833a00 connect
0x140833a08 WSASend
0x140833a10 WSAGetLastError
0x140833a18 WSACleanup
0x140833a20 WSAStartup
0x140833a28 setsockopt
0x140833a30 ioctlsocket
0x140833a38 closesocket
0x140833a40 socket
crypt.dll
0x140833a50 BCryptGenRandom
ADVAPI32.dll
0x140833000 CryptDestroyKey
0x140833008 RegOpenKeyExW
0x140833010 RegGetValueW
0x140833018 RegEnumKeyExW
0x140833020 RegQueryInfoKeyW
0x140833028 RegSetValueExW
0x140833030 RegEnumValueW
0x140833038 SystemFunction036
0x140833040 CryptAcquireContextA
0x140833048 CryptReleaseContext
0x140833050 CryptGenRandom
0x140833058 CryptEnumProvidersA
0x140833060 CryptAcquireContextW
0x140833068 DeregisterEventSource
0x140833070 RegisterEventSourceW
0x140833078 ReportEventW
0x140833080 CryptGetHashParam
0x140833088 CryptCreateHash
0x140833090 CryptHashData
0x140833098 CryptEncrypt
0x1408330a0 CryptImportKey
0x1408330a8 RegCloseKey
0x1408330b0 CryptDestroyHash
KERNEL32.dll
0x140833150 InterlockedFlushSList
0x140833158 InterlockedPushEntrySList
0x140833160 InterlockedPopEntrySList
0x140833168 DuplicateHandle
0x140833170 LoadLibraryExW
0x140833178 FreeLibraryAndExitThread
0x140833180 GetThreadTimes
0x140833188 GetCurrentThread
0x140833190 GetStartupInfoW
0x140833198 IsDebuggerPresent
0x1408331a0 InitializeSListHead
0x1408331a8 IsProcessorFeaturePresent
0x1408331b0 SetUnhandledExceptionFilter
0x1408331b8 UnhandledExceptionFilter
0x1408331c0 LCMapStringEx
0x1408331c8 GetCPInfo
0x1408331d0 CompareStringEx
0x1408331d8 DecodePointer
0x1408331e0 EncodePointer
0x1408331e8 CloseThreadpoolWait
0x1408331f0 SetThreadpoolWait
0x1408331f8 QueryDepthSList
0x140833200 SignalObjectAndWait
0x140833208 CreateThread
0x140833210 GetThreadPriority
0x140833218 GetCurrentProcessorNumberEx
0x140833220 GetLogicalProcessorInformationEx
0x140833228 GetNumaHighestNodeNumber
0x140833230 GetThreadGroupAffinity
0x140833238 SetThreadGroupAffinity
0x140833240 GetProcessAffinityMask
0x140833248 ExitThread
0x140833250 ResumeThread
0x140833258 SetConsoleCtrlHandler
0x140833260 ExitProcess
0x140833268 GetDriveTypeW
0x140833270 SystemTimeToTzSpecificLocalTime
0x140833278 FileTimeToSystemTime
0x140833280 GetLastError
0x140833288 FormatMessageA
0x140833290 FormatMessageW
0x140833298 WideCharToMultiByte
0x1408332a0 LocalFree
0x1408332a8 CloseHandle
0x1408332b0 SetLastError
0x1408332b8 CreateIoCompletionPort
0x1408332c0 GetQueuedCompletionStatus
0x1408332c8 PostQueuedCompletionStatus
0x1408332d0 EnterCriticalSection
0x1408332d8 LeaveCriticalSection
0x1408332e0 InitializeCriticalSectionAndSpinCount
0x1408332e8 DeleteCriticalSection
0x1408332f0 SetEvent
0x1408332f8 WaitForSingleObject
0x140833300 SleepEx
0x140833308 CreateEventW
0x140833310 SetWaitableTimer
0x140833318 WaitForMultipleObjects
0x140833320 QueueUserAPC
0x140833328 TerminateThread
0x140833330 MultiByteToWideChar
0x140833338 FreeLibrary
0x140833340 LoadLibraryA
0x140833348 LCMapStringA
0x140833350 GetUserDefaultLCID
0x140833358 GetStringTypeExA
0x140833360 InitializeCriticalSectionEx
0x140833368 CreateWaitableTimerW
0x140833370 InitializeCriticalSection
0x140833378 Sleep
0x140833380 GetSystemInfo
0x140833388 VirtualFree
0x140833390 GetEnvironmentVariableW
0x140833398 GetCurrentDirectoryW
0x1408333a0 CreateDirectoryW
0x1408333a8 CreateFileW
0x1408333b0 DeleteFileW
0x1408333b8 FlushFileBuffers
0x1408333c0 GetFileAttributesW
0x1408333c8 GetFileInformationByHandle
0x1408333d0 GetFileTime
0x1408333d8 GetFullPathNameW
0x1408333e0 RemoveDirectoryW
0x1408333e8 SetEndOfFile
0x1408333f0 SetFileAttributesW
0x1408333f8 SetFilePointerEx
0x140833400 DeviceIoControl
0x140833408 GetWindowsDirectoryW
0x140833410 GetModuleHandleW
0x140833418 SetStdHandle
0x140833420 CreateDirectoryExW
0x140833428 CopyFileExW
0x140833430 MoveFileExW
0x140833438 AreFileApisANSI
0x140833440 DeleteFileA
0x140833448 GetTempPathA
0x140833450 GetTempFileNameA
0x140833458 FlsAlloc
0x140833460 FlsGetValue
0x140833468 FlsSetValue
0x140833470 FlsFree
0x140833478 GetCurrentProcess
0x140833480 GetExitCodeProcess
0x140833488 GetNativeSystemInfo
0x140833490 GetModuleFileNameA
0x140833498 GetModuleFileNameW
0x1408334a0 GetModuleHandleExA
0x1408334a8 CreateFileA
0x1408334b0 GetFileAttributesExA
0x1408334b8 LockFileEx
0x1408334c0 UnlockFileEx
0x1408334c8 LoadLibraryW
0x1408334d0 FindClose
0x1408334d8 ResetEvent
0x1408334e0 CreateEventA
0x1408334e8 GetTickCount
0x1408334f0 QueryPerformanceCounter
0x1408334f8 MapViewOfFile
0x140833500 CreateFileMappingW
0x140833508 GetSystemTime
0x140833510 GetSystemTimeAsFileTime
0x140833518 SystemTimeToFileTime
0x140833520 GetProcessHeap
0x140833528 GetCurrentProcessId
0x140833530 GetFileSize
0x140833538 UnlockFile
0x140833540 HeapDestroy
0x140833548 HeapCompact
0x140833550 HeapAlloc
0x140833558 HeapReAlloc
0x140833560 WaitForSingleObjectEx
0x140833568 FlushViewOfFile
0x140833570 OutputDebugStringW
0x140833578 GetFileAttributesExW
0x140833580 GetFileAttributesA
0x140833588 GetDiskFreeSpaceA
0x140833590 CreateThreadpoolWait
0x140833598 HeapValidate
0x1408335a0 UnmapViewOfFile
0x1408335a8 CreateMutexW
0x1408335b0 GetTempPathW
0x1408335b8 GetFullPathNameA
0x1408335c0 SetFilePointer
0x1408335c8 LockFile
0x1408335d0 OutputDebugStringA
0x1408335d8 GetDiskFreeSpaceW
0x1408335e0 WriteFile
0x1408335e8 HeapFree
0x1408335f0 HeapCreate
0x1408335f8 ReadFile
0x140833600 RaiseException
0x140833608 TryEnterCriticalSection
0x140833610 GetCurrentThreadId
0x140833618 RtlVirtualUnwind
0x140833620 GetStdHandle
0x140833628 GetFileType
0x140833630 TlsAlloc
0x140833638 TlsGetValue
0x140833640 TlsSetValue
0x140833648 TlsFree
0x140833650 GetModuleHandleExW
0x140833658 GetACP
0x140833660 ReleaseSemaphore
0x140833668 GetExitCodeThread
0x140833670 CreateSemaphoreA
0x140833678 GetSystemDirectoryA
0x140833680 TerminateProcess
0x140833688 GetConsoleMode
0x140833690 SetConsoleMode
0x140833698 ReadConsoleA
0x1408336a0 ReadConsoleW
0x1408336a8 FindFirstFileW
0x1408336b0 FindNextFileW
0x1408336b8 InitializeConditionVariable
0x1408336c0 WakeConditionVariable
0x1408336c8 SleepConditionVariableCS
0x1408336d0 SetThreadPriority
0x1408336d8 GetFileSizeEx
0x1408336e0 CreateFileMappingA
0x1408336e8 ReleaseSRWLockExclusive
0x1408336f0 AcquireSRWLockExclusive
0x1408336f8 QueryPerformanceFrequency
0x140833700 GetSystemDirectoryW
0x140833708 GetEnvironmentVariableA
0x140833710 VerSetConditionMask
0x140833718 GetModuleHandleA
0x140833720 VerifyVersionInfoW
0x140833728 PeekNamedPipe
0x140833730 CloseThreadpoolTimer
0x140833738 WaitForThreadpoolTimerCallbacks
0x140833740 SetThreadpoolTimer
0x140833748 CreateThreadpoolTimer
0x140833750 FreeLibraryWhenCallbackReturns
0x140833758 FlushProcessWriteBuffers
0x140833760 CreateSemaphoreExW
0x140833768 CreateEventExW
0x140833770 SetEnvironmentVariableW
0x140833778 GetConsoleOutputCP
0x140833780 GetDateFormatW
0x140833788 GetTimeFormatW
0x140833790 CompareStringW
0x140833798 LCMapStringW
0x1408337a0 GetLocaleInfoW
0x1408337a8 IsValidLocale
0x1408337b0 EnumSystemLocalesW
0x1408337b8 GetTimeZoneInformation
0x1408337c0 IsValidCodePage
0x1408337c8 WriteConsoleW
0x1408337d0 GetOEMCP
0x1408337d8 GetCommandLineA
0x1408337e0 GetCommandLineW
0x1408337e8 GetEnvironmentStringsW
0x1408337f0 GetProcAddress
0x1408337f8 HeapSize
0x140833800 SwitchToThread
0x140833808 ReleaseSRWLockShared
0x140833810 AcquireSRWLockShared
0x140833818 TryAcquireSRWLockExclusive
0x140833820 SleepConditionVariableSRW
0x140833828 GetTickCount64
0x140833830 GetStringTypeW
0x140833838 WakeAllConditionVariable
0x140833840 GetLocaleInfoEx
0x140833848 FindFirstFileExW
0x140833850 FreeEnvironmentStringsW
OLEAUT32.dll
0x140833860 OleCreatePropertyFrame
0x140833868 SysAllocStringByteLen
0x140833870 SysStringByteLen
0x140833878 VariantClear
0x140833880 VariantInit
0x140833888 SysFreeString
0x140833890 SysAllocString
ntdll.dll
0x140833a60 RtlPcToFileHeader
0x140833a68 RtlCaptureContext
0x140833a70 RtlLookupFunctionEntry
0x140833a78 RtlUnwindEx
0x140833a80 RtlUnwind
CRYPT32.dll
0x1408330c0 CertGetCertificateChain
0x1408330c8 CertCloseStore
0x1408330d0 CertFindCertificateInStore
0x1408330d8 CertFreeCertificateContext
0x1408330e0 CertOpenSystemStoreW
0x1408330e8 CertOpenStore
0x1408330f0 CertEnumCertificatesInStore
0x1408330f8 CryptStringToBinaryW
0x140833100 PFXImportCertStore
0x140833108 CryptDecodeObjectEx
0x140833110 CertAddCertificateContextToStore
0x140833118 CertFindExtension
0x140833120 CertGetNameStringW
0x140833128 CryptQueryObject
0x140833130 CertCreateCertificateChainEngine
0x140833138 CertFreeCertificateChainEngine
0x140833140 CertFreeCertificateChain
EAT(Export Address Table) is none