ScreenShot
| Created | 2025.04.29 17:04 | Machine | s1_win7_x6403 |
| Filename | tomcaterror.bmpqoq | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetectMalware, Miner, Coinminer, Lazy, Unsafe, malicious, confidence, Attribute, HighConfidence, score, PotentialRisk, Static AI, Malicious PE, DisguisedXMRigMiner, Detected, Miner3, R472641, Vmprotect, HackTool, XmrigGo) | ||
| md5 | 467d1d12df433e5f6bb45998f05d99df | ||
| sha256 | 91f71f655004eb5e2783a98f7556c5e0e58d4f438fd5d2dcdf9e522735cf09b9 | ||
| ssdeep | 98304:HPWAAX3vGNYvdIiYTAL2gMlrV++ytwh+T0QEEr+HZTLVIhJBN68:HgX3k7ytw0T0A+HZTROj68 | ||
| imphash | a346f1de2922750a7e7b73eb9c762422 | ||
| impfuzzy | 96:thQ45LtLULX1oj3cpejwgfTdkIVr8gkeY4DQzX7tGBgiM3DQnWXqoowrbnshXJg:I45GFWbwodkIVVDQzuXECWZrb2XW | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Created a service where a service was also not started |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | XMRig_Miner_IN | XMRig Miner | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x14037e8c0 ntohs
0x14037e8c8 recv
0x14037e8d0 send
0x14037e8d8 WSASetLastError
0x14037e8e0 htons
0x14037e8e8 WSARecv
0x14037e8f0 WSAGetLastError
0x14037e8f8 select
0x14037e900 WSARecvFrom
0x14037e908 WSASocketW
0x14037e910 WSASend
0x14037e918 gethostname
0x14037e920 WSAIoctl
0x14037e928 WSADuplicateSocketW
0x14037e930 shutdown
0x14037e938 getpeername
0x14037e940 FreeAddrInfoW
0x14037e948 GetAddrInfoW
0x14037e950 htonl
0x14037e958 socket
0x14037e960 setsockopt
0x14037e968 listen
0x14037e970 closesocket
0x14037e978 ind
0x14037e980 WSACleanup
0x14037e988 WSAStartup
0x14037e990 getsockopt
0x14037e998 getsockname
0x14037e9a0 ioctlsocket
PSAPI.DLL
0x14037e838 GetProcessMemoryInfo
IPHLPAPI.DLL
0x14037e150 GetAdaptersAddresses
USERENV.dll
0x14037e8b0 GetUserProfileDirectoryW
CRYPT32.dll
0x14037e110 CertGetCertificateContextProperty
0x14037e118 CertOpenStore
0x14037e120 CertCloseStore
0x14037e128 CertEnumCertificatesInStore
0x14037e130 CertFreeCertificateContext
0x14037e138 CertDuplicateCertificateContext
0x14037e140 CertFindCertificateInStore
KERNEL32.dll
0x14037e160 GetStdHandle
0x14037e168 SetConsoleMode
0x14037e170 GetConsoleMode
0x14037e178 QueryPerformanceFrequency
0x14037e180 QueryPerformanceCounter
0x14037e188 SizeofResource
0x14037e190 LockResource
0x14037e198 LoadResource
0x14037e1a0 FindResourceW
0x14037e1a8 ExpandEnvironmentStringsA
0x14037e1b0 GetConsoleWindow
0x14037e1b8 GetSystemFirmwareTable
0x14037e1c0 HeapFree
0x14037e1c8 HeapAlloc
0x14037e1d0 GetProcessHeap
0x14037e1d8 MultiByteToWideChar
0x14037e1e0 SetPriorityClass
0x14037e1e8 GetCurrentProcess
0x14037e1f0 SetThreadPriority
0x14037e1f8 GetSystemPowerStatus
0x14037e200 GetCurrentThread
0x14037e208 GetProcAddress
0x14037e210 GetModuleHandleW
0x14037e218 GetTickCount
0x14037e220 CloseHandle
0x14037e228 FreeConsole
0x14037e230 VirtualProtect
0x14037e238 VirtualFree
0x14037e240 VirtualAlloc
0x14037e248 GetLargePageMinimum
0x14037e250 LocalAlloc
0x14037e258 GetLastError
0x14037e260 LocalFree
0x14037e268 FlushInstructionCache
0x14037e270 GetCurrentThreadId
0x14037e278 AddVectoredExceptionHandler
0x14037e280 DeviceIoControl
0x14037e288 GetModuleFileNameW
0x14037e290 CreateFileW
0x14037e298 SetLastError
0x14037e2a0 GetSystemTime
0x14037e2a8 SystemTimeToFileTime
0x14037e2b0 GetModuleHandleExW
0x14037e2b8 EnterCriticalSection
0x14037e2c0 LeaveCriticalSection
0x14037e2c8 InitializeCriticalSectionAndSpinCount
0x14037e2d0 DeleteCriticalSection
0x14037e2d8 TlsAlloc
0x14037e2e0 TlsGetValue
0x14037e2e8 TlsSetValue
0x14037e2f0 TlsFree
0x14037e2f8 SwitchToFiber
0x14037e300 DeleteFiber
0x14037e308 CreateFiber
0x14037e310 FindClose
0x14037e318 FindFirstFileW
0x14037e320 FindNextFileW
0x14037e328 WideCharToMultiByte
0x14037e330 GetFileType
0x14037e338 WriteFile
0x14037e340 ConvertFiberToThread
0x14037e348 ConvertThreadToFiber
0x14037e350 GetCurrentProcessId
0x14037e358 GetSystemTimeAsFileTime
0x14037e360 FreeLibrary
0x14037e368 LoadLibraryA
0x14037e370 LoadLibraryW
0x14037e378 GetEnvironmentVariableW
0x14037e380 ReadConsoleA
0x14037e388 ReadConsoleW
0x14037e390 PostQueuedCompletionStatus
0x14037e398 CreateFileA
0x14037e3a0 DuplicateHandle
0x14037e3a8 SetEvent
0x14037e3b0 ResetEvent
0x14037e3b8 WaitForSingleObject
0x14037e3c0 CreateEventA
0x14037e3c8 Sleep
0x14037e3d0 QueueUserWorkItem
0x14037e3d8 RegisterWaitForSingleObject
0x14037e3e0 UnregisterWait
0x14037e3e8 GetNumberOfConsoleInputEvents
0x14037e3f0 ReadConsoleInputW
0x14037e3f8 FillConsoleOutputCharacterW
0x14037e400 FillConsoleOutputAttribute
0x14037e408 GetConsoleCursorInfo
0x14037e410 SetConsoleCursorInfo
0x14037e418 GetConsoleScreenBufferInfo
0x14037e420 SetConsoleCursorPosition
0x14037e428 SetConsoleTextAttribute
0x14037e430 WriteConsoleInputW
0x14037e438 CreateDirectoryW
0x14037e440 FlushFileBuffers
0x14037e448 GetDiskFreeSpaceW
0x14037e450 SetConsoleTitleA
0x14037e458 WriteConsoleW
0x14037e460 GetFileSizeEx
0x14037e468 GetFinalPathNameByHandleW
0x14037e470 GetFullPathNameW
0x14037e478 ReadFile
0x14037e480 RemoveDirectoryW
0x14037e488 SetFilePointerEx
0x14037e490 SetFileTime
0x14037e498 GetSystemInfo
0x14037e4a0 MapViewOfFile
0x14037e4a8 FlushViewOfFile
0x14037e4b0 UnmapViewOfFile
0x14037e4b8 CreateFileMappingA
0x14037e4c0 ReOpenFile
0x14037e4c8 CopyFileW
0x14037e4d0 MoveFileExW
0x14037e4d8 CreateHardLinkW
0x14037e4e0 GetFileInformationByHandleEx
0x14037e4e8 CreateSymbolicLinkW
0x14037e4f0 InitializeCriticalSection
0x14037e4f8 TryEnterCriticalSection
0x14037e500 InitializeConditionVariable
0x14037e508 WakeConditionVariable
0x14037e510 WakeAllConditionVariable
0x14037e518 SleepConditionVariableCS
0x14037e520 ReleaseSemaphore
0x14037e528 ResumeThread
0x14037e530 GetNativeSystemInfo
0x14037e538 CreateSemaphoreA
0x14037e540 SetConsoleCtrlHandler
0x14037e548 GetCurrentDirectoryW
0x14037e550 GetLongPathNameW
0x14037e558 GetShortPathNameW
0x14037e560 CreateIoCompletionPort
0x14037e568 ReadDirectoryChangesW
0x14037e570 VerSetConditionMask
0x14037e578 GetEnvironmentStringsW
0x14037e580 FreeEnvironmentStringsW
0x14037e588 SetEnvironmentVariableW
0x14037e590 RtlUnwind
0x14037e598 GetTempPathW
0x14037e5a0 GlobalMemoryStatusEx
0x14037e5a8 VerifyVersionInfoA
0x14037e5b0 FileTimeToSystemTime
0x14037e5b8 SetHandleInformation
0x14037e5c0 CancelIo
0x14037e5c8 SetFileCompletionNotificationModes
0x14037e5d0 LoadLibraryExW
0x14037e5d8 FormatMessageA
0x14037e5e0 SetErrorMode
0x14037e5e8 GetQueuedCompletionStatus
0x14037e5f0 ConnectNamedPipe
0x14037e5f8 PeekNamedPipe
0x14037e600 CreateNamedPipeW
0x14037e608 CancelIoEx
0x14037e610 CancelSynchronousIo
0x14037e618 SwitchToThread
0x14037e620 TerminateProcess
0x14037e628 GetExitCodeProcess
0x14037e630 UnregisterWaitEx
0x14037e638 LCMapStringW
0x14037e640 DebugBreak
0x14037e648 GetModuleHandleA
0x14037e650 GetStartupInfoW
0x14037e658 GetModuleFileNameA
0x14037e660 GetVersionExA
0x14037e668 GetProcessAffinityMask
0x14037e670 SetProcessAffinityMask
0x14037e678 SetThreadAffinityMask
0x14037e680 GetComputerNameA
0x14037e688 RtlLookupFunctionEntry
0x14037e690 RtlCaptureContext
0x14037e698 CreateEventW
0x14037e6a0 GetStringTypeW
0x14037e6a8 RtlVirtualUnwind
0x14037e6b0 GetFileInformationByHandle
0x14037e6b8 UnhandledExceptionFilter
0x14037e6c0 SetUnhandledExceptionFilter
0x14037e6c8 IsProcessorFeaturePresent
0x14037e6d0 IsDebuggerPresent
0x14037e6d8 InitializeSListHead
0x14037e6e0 RtlUnwindEx
0x14037e6e8 RtlPcToFileHeader
0x14037e6f0 RaiseException
0x14037e6f8 SetStdHandle
0x14037e700 GetCommandLineA
0x14037e708 GetCommandLineW
0x14037e710 CreateThread
0x14037e718 ExitThread
0x14037e720 FreeLibraryAndExitThread
0x14037e728 GetDriveTypeW
0x14037e730 SystemTimeToTzSpecificLocalTime
0x14037e738 ExitProcess
0x14037e740 GetFileAttributesExW
0x14037e748 SetFileAttributesW
0x14037e750 GetConsoleOutputCP
0x14037e758 CompareStringW
0x14037e760 GetLocaleInfoW
0x14037e768 IsValidLocale
0x14037e770 GetUserDefaultLCID
0x14037e778 EnumSystemLocalesW
0x14037e780 HeapReAlloc
0x14037e788 GetTimeZoneInformation
0x14037e790 HeapSize
0x14037e798 SetEndOfFile
0x14037e7a0 FindFirstFileExW
0x14037e7a8 IsValidCodePage
0x14037e7b0 GetACP
0x14037e7b8 GetOEMCP
0x14037e7c0 GetFileAttributesW
0x14037e7c8 SetCurrentDirectoryW
0x14037e7d0 InitializeSRWLock
0x14037e7d8 ReleaseSRWLockExclusive
0x14037e7e0 AcquireSRWLockExclusive
0x14037e7e8 InitializeCriticalSectionEx
0x14037e7f0 WaitForSingleObjectEx
0x14037e7f8 GetExitCodeThread
0x14037e800 SleepConditionVariableSRW
0x14037e808 EncodePointer
0x14037e810 DecodePointer
0x14037e818 LCMapStringEx
0x14037e820 CompareStringEx
0x14037e828 GetCPInfo
USER32.dll
0x14037e858 GetProcessWindowStation
0x14037e860 ShowWindow
0x14037e868 GetLastInputInfo
0x14037e870 GetUserObjectInformationW
0x14037e878 GetSystemMetrics
0x14037e880 MapVirtualKeyW
0x14037e888 DispatchMessageA
0x14037e890 TranslateMessage
0x14037e898 GetMessageA
0x14037e8a0 MessageBoxW
SHELL32.dll
0x14037e848 SHGetSpecialFolderPathA
ole32.dll
0x14037e9c0 CoInitializeEx
0x14037e9c8 CoCreateInstance
0x14037e9d0 CoUninitialize
ADVAPI32.dll
0x14037e000 SystemFunction036
0x14037e008 GetUserNameW
0x14037e010 CryptEnumProvidersW
0x14037e018 CryptSignHashW
0x14037e020 CryptDestroyHash
0x14037e028 CryptCreateHash
0x14037e030 CryptDecrypt
0x14037e038 CryptExportKey
0x14037e040 CryptGetUserKey
0x14037e048 CryptGetProvParam
0x14037e050 CryptSetHashParam
0x14037e058 CryptDestroyKey
0x14037e060 CryptReleaseContext
0x14037e068 CryptAcquireContextW
0x14037e070 ReportEventW
0x14037e078 RegisterEventSourceW
0x14037e080 DeregisterEventSource
0x14037e088 CreateServiceW
0x14037e090 QueryServiceStatus
0x14037e098 CloseServiceHandle
0x14037e0a0 OpenSCManagerW
0x14037e0a8 QueryServiceConfigA
0x14037e0b0 DeleteService
0x14037e0b8 ControlService
0x14037e0c0 StartServiceW
0x14037e0c8 OpenServiceW
0x14037e0d0 LookupPrivilegeValueW
0x14037e0d8 AdjustTokenPrivileges
0x14037e0e0 OpenProcessToken
0x14037e0e8 LsaOpenPolicy
0x14037e0f0 LsaAddAccountRights
0x14037e0f8 LsaClose
0x14037e100 GetTokenInformation
crypt.dll
0x14037e9b0 BCryptGenRandom
EAT(Export Address Table) is none
WS2_32.dll
0x14037e8c0 ntohs
0x14037e8c8 recv
0x14037e8d0 send
0x14037e8d8 WSASetLastError
0x14037e8e0 htons
0x14037e8e8 WSARecv
0x14037e8f0 WSAGetLastError
0x14037e8f8 select
0x14037e900 WSARecvFrom
0x14037e908 WSASocketW
0x14037e910 WSASend
0x14037e918 gethostname
0x14037e920 WSAIoctl
0x14037e928 WSADuplicateSocketW
0x14037e930 shutdown
0x14037e938 getpeername
0x14037e940 FreeAddrInfoW
0x14037e948 GetAddrInfoW
0x14037e950 htonl
0x14037e958 socket
0x14037e960 setsockopt
0x14037e968 listen
0x14037e970 closesocket
0x14037e978 ind
0x14037e980 WSACleanup
0x14037e988 WSAStartup
0x14037e990 getsockopt
0x14037e998 getsockname
0x14037e9a0 ioctlsocket
PSAPI.DLL
0x14037e838 GetProcessMemoryInfo
IPHLPAPI.DLL
0x14037e150 GetAdaptersAddresses
USERENV.dll
0x14037e8b0 GetUserProfileDirectoryW
CRYPT32.dll
0x14037e110 CertGetCertificateContextProperty
0x14037e118 CertOpenStore
0x14037e120 CertCloseStore
0x14037e128 CertEnumCertificatesInStore
0x14037e130 CertFreeCertificateContext
0x14037e138 CertDuplicateCertificateContext
0x14037e140 CertFindCertificateInStore
KERNEL32.dll
0x14037e160 GetStdHandle
0x14037e168 SetConsoleMode
0x14037e170 GetConsoleMode
0x14037e178 QueryPerformanceFrequency
0x14037e180 QueryPerformanceCounter
0x14037e188 SizeofResource
0x14037e190 LockResource
0x14037e198 LoadResource
0x14037e1a0 FindResourceW
0x14037e1a8 ExpandEnvironmentStringsA
0x14037e1b0 GetConsoleWindow
0x14037e1b8 GetSystemFirmwareTable
0x14037e1c0 HeapFree
0x14037e1c8 HeapAlloc
0x14037e1d0 GetProcessHeap
0x14037e1d8 MultiByteToWideChar
0x14037e1e0 SetPriorityClass
0x14037e1e8 GetCurrentProcess
0x14037e1f0 SetThreadPriority
0x14037e1f8 GetSystemPowerStatus
0x14037e200 GetCurrentThread
0x14037e208 GetProcAddress
0x14037e210 GetModuleHandleW
0x14037e218 GetTickCount
0x14037e220 CloseHandle
0x14037e228 FreeConsole
0x14037e230 VirtualProtect
0x14037e238 VirtualFree
0x14037e240 VirtualAlloc
0x14037e248 GetLargePageMinimum
0x14037e250 LocalAlloc
0x14037e258 GetLastError
0x14037e260 LocalFree
0x14037e268 FlushInstructionCache
0x14037e270 GetCurrentThreadId
0x14037e278 AddVectoredExceptionHandler
0x14037e280 DeviceIoControl
0x14037e288 GetModuleFileNameW
0x14037e290 CreateFileW
0x14037e298 SetLastError
0x14037e2a0 GetSystemTime
0x14037e2a8 SystemTimeToFileTime
0x14037e2b0 GetModuleHandleExW
0x14037e2b8 EnterCriticalSection
0x14037e2c0 LeaveCriticalSection
0x14037e2c8 InitializeCriticalSectionAndSpinCount
0x14037e2d0 DeleteCriticalSection
0x14037e2d8 TlsAlloc
0x14037e2e0 TlsGetValue
0x14037e2e8 TlsSetValue
0x14037e2f0 TlsFree
0x14037e2f8 SwitchToFiber
0x14037e300 DeleteFiber
0x14037e308 CreateFiber
0x14037e310 FindClose
0x14037e318 FindFirstFileW
0x14037e320 FindNextFileW
0x14037e328 WideCharToMultiByte
0x14037e330 GetFileType
0x14037e338 WriteFile
0x14037e340 ConvertFiberToThread
0x14037e348 ConvertThreadToFiber
0x14037e350 GetCurrentProcessId
0x14037e358 GetSystemTimeAsFileTime
0x14037e360 FreeLibrary
0x14037e368 LoadLibraryA
0x14037e370 LoadLibraryW
0x14037e378 GetEnvironmentVariableW
0x14037e380 ReadConsoleA
0x14037e388 ReadConsoleW
0x14037e390 PostQueuedCompletionStatus
0x14037e398 CreateFileA
0x14037e3a0 DuplicateHandle
0x14037e3a8 SetEvent
0x14037e3b0 ResetEvent
0x14037e3b8 WaitForSingleObject
0x14037e3c0 CreateEventA
0x14037e3c8 Sleep
0x14037e3d0 QueueUserWorkItem
0x14037e3d8 RegisterWaitForSingleObject
0x14037e3e0 UnregisterWait
0x14037e3e8 GetNumberOfConsoleInputEvents
0x14037e3f0 ReadConsoleInputW
0x14037e3f8 FillConsoleOutputCharacterW
0x14037e400 FillConsoleOutputAttribute
0x14037e408 GetConsoleCursorInfo
0x14037e410 SetConsoleCursorInfo
0x14037e418 GetConsoleScreenBufferInfo
0x14037e420 SetConsoleCursorPosition
0x14037e428 SetConsoleTextAttribute
0x14037e430 WriteConsoleInputW
0x14037e438 CreateDirectoryW
0x14037e440 FlushFileBuffers
0x14037e448 GetDiskFreeSpaceW
0x14037e450 SetConsoleTitleA
0x14037e458 WriteConsoleW
0x14037e460 GetFileSizeEx
0x14037e468 GetFinalPathNameByHandleW
0x14037e470 GetFullPathNameW
0x14037e478 ReadFile
0x14037e480 RemoveDirectoryW
0x14037e488 SetFilePointerEx
0x14037e490 SetFileTime
0x14037e498 GetSystemInfo
0x14037e4a0 MapViewOfFile
0x14037e4a8 FlushViewOfFile
0x14037e4b0 UnmapViewOfFile
0x14037e4b8 CreateFileMappingA
0x14037e4c0 ReOpenFile
0x14037e4c8 CopyFileW
0x14037e4d0 MoveFileExW
0x14037e4d8 CreateHardLinkW
0x14037e4e0 GetFileInformationByHandleEx
0x14037e4e8 CreateSymbolicLinkW
0x14037e4f0 InitializeCriticalSection
0x14037e4f8 TryEnterCriticalSection
0x14037e500 InitializeConditionVariable
0x14037e508 WakeConditionVariable
0x14037e510 WakeAllConditionVariable
0x14037e518 SleepConditionVariableCS
0x14037e520 ReleaseSemaphore
0x14037e528 ResumeThread
0x14037e530 GetNativeSystemInfo
0x14037e538 CreateSemaphoreA
0x14037e540 SetConsoleCtrlHandler
0x14037e548 GetCurrentDirectoryW
0x14037e550 GetLongPathNameW
0x14037e558 GetShortPathNameW
0x14037e560 CreateIoCompletionPort
0x14037e568 ReadDirectoryChangesW
0x14037e570 VerSetConditionMask
0x14037e578 GetEnvironmentStringsW
0x14037e580 FreeEnvironmentStringsW
0x14037e588 SetEnvironmentVariableW
0x14037e590 RtlUnwind
0x14037e598 GetTempPathW
0x14037e5a0 GlobalMemoryStatusEx
0x14037e5a8 VerifyVersionInfoA
0x14037e5b0 FileTimeToSystemTime
0x14037e5b8 SetHandleInformation
0x14037e5c0 CancelIo
0x14037e5c8 SetFileCompletionNotificationModes
0x14037e5d0 LoadLibraryExW
0x14037e5d8 FormatMessageA
0x14037e5e0 SetErrorMode
0x14037e5e8 GetQueuedCompletionStatus
0x14037e5f0 ConnectNamedPipe
0x14037e5f8 PeekNamedPipe
0x14037e600 CreateNamedPipeW
0x14037e608 CancelIoEx
0x14037e610 CancelSynchronousIo
0x14037e618 SwitchToThread
0x14037e620 TerminateProcess
0x14037e628 GetExitCodeProcess
0x14037e630 UnregisterWaitEx
0x14037e638 LCMapStringW
0x14037e640 DebugBreak
0x14037e648 GetModuleHandleA
0x14037e650 GetStartupInfoW
0x14037e658 GetModuleFileNameA
0x14037e660 GetVersionExA
0x14037e668 GetProcessAffinityMask
0x14037e670 SetProcessAffinityMask
0x14037e678 SetThreadAffinityMask
0x14037e680 GetComputerNameA
0x14037e688 RtlLookupFunctionEntry
0x14037e690 RtlCaptureContext
0x14037e698 CreateEventW
0x14037e6a0 GetStringTypeW
0x14037e6a8 RtlVirtualUnwind
0x14037e6b0 GetFileInformationByHandle
0x14037e6b8 UnhandledExceptionFilter
0x14037e6c0 SetUnhandledExceptionFilter
0x14037e6c8 IsProcessorFeaturePresent
0x14037e6d0 IsDebuggerPresent
0x14037e6d8 InitializeSListHead
0x14037e6e0 RtlUnwindEx
0x14037e6e8 RtlPcToFileHeader
0x14037e6f0 RaiseException
0x14037e6f8 SetStdHandle
0x14037e700 GetCommandLineA
0x14037e708 GetCommandLineW
0x14037e710 CreateThread
0x14037e718 ExitThread
0x14037e720 FreeLibraryAndExitThread
0x14037e728 GetDriveTypeW
0x14037e730 SystemTimeToTzSpecificLocalTime
0x14037e738 ExitProcess
0x14037e740 GetFileAttributesExW
0x14037e748 SetFileAttributesW
0x14037e750 GetConsoleOutputCP
0x14037e758 CompareStringW
0x14037e760 GetLocaleInfoW
0x14037e768 IsValidLocale
0x14037e770 GetUserDefaultLCID
0x14037e778 EnumSystemLocalesW
0x14037e780 HeapReAlloc
0x14037e788 GetTimeZoneInformation
0x14037e790 HeapSize
0x14037e798 SetEndOfFile
0x14037e7a0 FindFirstFileExW
0x14037e7a8 IsValidCodePage
0x14037e7b0 GetACP
0x14037e7b8 GetOEMCP
0x14037e7c0 GetFileAttributesW
0x14037e7c8 SetCurrentDirectoryW
0x14037e7d0 InitializeSRWLock
0x14037e7d8 ReleaseSRWLockExclusive
0x14037e7e0 AcquireSRWLockExclusive
0x14037e7e8 InitializeCriticalSectionEx
0x14037e7f0 WaitForSingleObjectEx
0x14037e7f8 GetExitCodeThread
0x14037e800 SleepConditionVariableSRW
0x14037e808 EncodePointer
0x14037e810 DecodePointer
0x14037e818 LCMapStringEx
0x14037e820 CompareStringEx
0x14037e828 GetCPInfo
USER32.dll
0x14037e858 GetProcessWindowStation
0x14037e860 ShowWindow
0x14037e868 GetLastInputInfo
0x14037e870 GetUserObjectInformationW
0x14037e878 GetSystemMetrics
0x14037e880 MapVirtualKeyW
0x14037e888 DispatchMessageA
0x14037e890 TranslateMessage
0x14037e898 GetMessageA
0x14037e8a0 MessageBoxW
SHELL32.dll
0x14037e848 SHGetSpecialFolderPathA
ole32.dll
0x14037e9c0 CoInitializeEx
0x14037e9c8 CoCreateInstance
0x14037e9d0 CoUninitialize
ADVAPI32.dll
0x14037e000 SystemFunction036
0x14037e008 GetUserNameW
0x14037e010 CryptEnumProvidersW
0x14037e018 CryptSignHashW
0x14037e020 CryptDestroyHash
0x14037e028 CryptCreateHash
0x14037e030 CryptDecrypt
0x14037e038 CryptExportKey
0x14037e040 CryptGetUserKey
0x14037e048 CryptGetProvParam
0x14037e050 CryptSetHashParam
0x14037e058 CryptDestroyKey
0x14037e060 CryptReleaseContext
0x14037e068 CryptAcquireContextW
0x14037e070 ReportEventW
0x14037e078 RegisterEventSourceW
0x14037e080 DeregisterEventSource
0x14037e088 CreateServiceW
0x14037e090 QueryServiceStatus
0x14037e098 CloseServiceHandle
0x14037e0a0 OpenSCManagerW
0x14037e0a8 QueryServiceConfigA
0x14037e0b0 DeleteService
0x14037e0b8 ControlService
0x14037e0c0 StartServiceW
0x14037e0c8 OpenServiceW
0x14037e0d0 LookupPrivilegeValueW
0x14037e0d8 AdjustTokenPrivileges
0x14037e0e0 OpenProcessToken
0x14037e0e8 LsaOpenPolicy
0x14037e0f0 LsaAddAccountRights
0x14037e0f8 LsaClose
0x14037e100 GetTokenInformation
crypt.dll
0x14037e9b0 BCryptGenRandom
EAT(Export Address Table) is none