Loader.exe?ex=670dff4f&is=670cadcf&hm=92c7a30e584586d3ed549f95936b6cbb14ea14086c2cf6dd7d96d627f3cb7ec4&

First submission 2024-10-14 16:43:01

File details

File type:	PE32+ executable (console) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1478.5 KB (1513984 bytes)
Compile time:	2024-08-19 18:29:09
MD5:	2a4d4da0839146e500af4fe56a7d39ea
SHA1:	897ffd113087d9db0bb4c297474a3e153b7fc09c
SHA256:	00d78b6ff237c0df3e436b73e927ad9d70dafb73e8ba4950868d9fbf920478b3
Import Hash :	9ad2d236071201eb51095d038bd1b898
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	36/76 VT report date: 2024-10-13 19:51:03
Malware Type 1	trojan
Threat Type 1	barys

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1293400136088682506/1294352884535787520/Loader.exe?ex=670dff4f&is=670cadcf&hm=92c7a30e584586d3ed549f95936b6cbb14ea14086c2cf6dd7d96d627f3cb7ec4&	cdn.discordapp.com	2024-10-14 16:43:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x5bbf7	375808	8a8c27d8177110f81ce2b545738bc49b4b02a43b	64c0453ff0866852edea153be4efd2b6
.rdata	0x5d000	0xf7504	1013248	e96f5d128458cece16365f1ce9e83ec8730447f8	cdd2d4cd00beefb7ba47549fb8b07f25
.data	0x155000	0x19648	101888	14e916dbe69095cb1e424e23081836d3d6f5a72a	3cbd5e2b08ad9e390e8f7a7e8fbdfb12
.pdata	0x16f000	0x3f9c	16384	82366c179a56fdecec40debff2ebcf1977f5c483	9b2458b3f7cca4ad616de2c5f33a54e4
.rsrc	0x173000	0x1338	5120	8df958ffff14b717e9e30db9bec736360681d3ff	6a0199a061da538ff352df0ab971aff0
.reloc	0x175000	0x190	512	b5298982f86ba760dd382f2e3b9268176ee228cc	032ee69ead74c30a95a4fb7f930d5c6b

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1730f0	4264	PE Resource: RT_ICON - Data ( @ !"' 1$ ##/& %)$!#4* !'!$ (4! 3'/+ ! $$" #%% .&.-!% " "$'(5%,:);"% )&+)(.(932& #" %),48 :!9!K ?)).4%82H,N#1 4&,5<,56 +%+. #7&,2"&4]79[[nIFG20AZ!B38='N7NL.J@,BV3;F2E4'N.3M.47# %$:$&.$#1,+?.0M$)Ma#o6=lFKM,1G"h%A7I_gg':=)<l#1Z29!ZU#E(# * . ' %( )/L!nP S&i([)CT ! ~Sn!#,`+\ 24 .!!' %9D7e "[&r!1,N Km"-"H")#5c&;c&%!J - -!8@,i` i'2 (_(9(--R.#d/r-,' $ " 4o d !. ' ,%80,,Q#h'/+.11E # 8tb ) #&$#+!F -/s !3.E"7 &xG$ 5 kg '!!1"@.Z\|>d$* )/f 7 %6c k!% (!%$~v $3 h()n qG$ + Hhj"" ! # # &#& "K !tEG + ', 4ll%! " %& #v l` G ?$ 575 jsv! !xix,'2 = gv h}!KFYQ)@q!"$ ~!# )38bf] tP[Yk4G &kb2* g ph !u# ' 3 a{y #Qh9bn8dx%% f$ $kbfvR! .J iJ!]4vk5pc+# %/'7)( D! 17JhgNDI $_:zg8ifF;f:'Y"/gLh:"l4Z(g$c~rS 0* ) 7:@#A#A"=B$Z<ddCzt]taE>E'.<E/'G+]CdDO'99 80 ! %-5=';%:#9 4I8\WDqVA:W9';',5" ) (A) C&DNT/ # /!0"=/"B3(5(C=cPC{V5-Z: 7!!(2#% #4"/DO'= % ./ '"F=/G>27,":,$>)<%I:hWD^7KY=,=,,2G(+/6,( 0!>>'1$;3"80+#)16H6mXJqfti[IE587'Q,'.18+))1 8'# #"1(1&H5hUIed]sr>[R/M;;?+"%-/!"" $( /&1)?0@M@^UL5Z}{iOG6#()(&$ "% -$,%+#/(<1!XF-}ZH8%* !##
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x174198	20
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1741b0	392	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='requireAdministrator' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x1730f0

4264

RT_GROUP_ICON

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x174198

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x1741b0

392

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 12

CheckRemoteDebuggerPresent
DebugActiveProcess
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
imgui_log.txt
Library
ntdll.dll
api-ms-win-core-synch-l1-2-0.dll
KERNEL32.dll
d3d9.dll
api-ms-win-crt-utility-l1-1-0.dll
ADVAPI32.dll
Shcore.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
xinput1_3.dll
xinput1_4.dll
SHELL32.dll
msvcp140.dll
GDI32.dll
xinput1_2.dll
VCRUNTIME140_1.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
WININET.dll
xinput9_1_0.dll
USER32.dll
api-ms-win-crt-runtime-l1-1-0.dll
xinput1_1.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
vcruntime140.dll
IMM32.dll
api-ms-win-crt-math-l1-1-0.dll

Strings analysis - Possible IPs found 10

85.5.5.5
6.6.6.8
6.6.6.6
5.5.5.3
5.5.5.5
1.1.1.2
7.7.7.8
8.8.8.8
7.8.8.8
7.7.7.7

Strings analysis - Possible URLs found 17

https://maticsk
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLLexendMedium
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
https://www.lexend.comhttps://www.lexend.comThis
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
http://cmbin22.Rhttp://rmbin22.creen.microsoft.+++++++w++//////<
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
http://www.microsoft.com/typographyMicrosoft
http://en.wikipedia.org/wiki/MIT_License),
http://www.microsoft.com/typography
https://github.com/ThomasJockin/lexend)Lexend
http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a

Import functions

api-ms-win-crt-filesystem-l1-1-0.dll 3 api-ms-win-crt-utility-l1-1-0.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 20 api-ms-win-crt-locale-l1-1-0.dll 2 MSVCP140.dll 70 WININET.dll 6 GDI32.dll 1 api-ms-win-crt-string-l1-1-0.dll 4 VCRUNTIME140_1.dll 1 SHELL32.dll 1 KERNEL32.dll 75 api-ms-win-crt-math-l1-1-0.dll 7 api-ms-win-crt-convert-l1-1-0.dll 2 VCRUNTIME140.dll 13 ADVAPI32.dll 10 api-ms-win-crt-stdio-l1-1-0.dll 27 d3d9.dll 1 api-ms-win-crt-heap-l1-1-0.dll 4 USER32.dll 53 IMM32.dll 3

Function	Address	Souspicious	Anti Debug
_unlock_file	0x14005d7b0
remove	0x14005d7b8
_lock_file	0x14005d7c0

Function	Address	Souspicious	Anti Debug
qsort	0x14005da00

Function	Address	Souspicious	Anti Debug
_initialize_narrow_environment	0x14005d850
_register_thread_local_exe_atexit_callback	0x14005d858
_crt_atexit	0x14005d860
_initialize_onexit_table	0x14005d868
_seh_filter_exe	0x14005d870
_c_exit	0x14005d878
__p___argv	0x14005d880
__p___argc	0x14005d888
_register_onexit_function	0x14005d890
_exit	0x14005d898
_initterm_e	0x14005d8a0
_get_initial_narrow_environment	0x14005d8a8
terminate	0x14005d8b0
_initterm	0x14005d8b8
_cexit	0x14005d8c0
exit	0x14005d8c8
_configure_narrow_argv	0x14005d8d0
system	0x14005d8d8
_invalid_parameter_noinfo_noreturn	0x14005d8e0
_set_app_type	0x14005d8e8

Function	Address	Souspicious	Anti Debug
___lc_codepage_func	0x14005d7f8
_configthreadlocale	0x14005d800

Function	Address	Souspicious	Anti Debug
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x14005d2e8
?widen@?$ctype@_W@std@@QEBA_WD@Z	0x14005d2f0
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ	0x14005d2f8
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z	0x14005d300
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x14005d308
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z	0x14005d310
??1_Lockit@std@@QEAA@XZ	0x14005d318
??0_Lockit@std@@QEAA@H@Z	0x14005d320
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x14005d328
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x14005d330
?uncaught_exception@std@@YA_NXZ	0x14005d338
?_Xbad_alloc@std@@YAXXZ	0x14005d340
?_Xout_of_range@std@@YAXPEBD@Z	0x14005d348
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x14005d350
?_Winerror_map@std@@YAHH@Z	0x14005d358
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x14005d360
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x14005d368
?_Xlength_error@std@@YAXPEBD@Z	0x14005d370
?_Syserror_map@std@@YAPEBDH@Z	0x14005d378
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x14005d380
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z	0x14005d388
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x14005d390
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x14005d398
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x14005d3a0
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x14005d3a8
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x14005d3b0
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x14005d3b8
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x14005d3c0
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x14005d3c8
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x14005d3d0
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x14005d3d8
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x14005d3e0
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x14005d3e8
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x14005d3f0
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x14005d3f8
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x14005d400
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x14005d408
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ	0x14005d410
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x14005d418
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x14005d420
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x14005d428
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14005d430
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x14005d438
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x14005d440
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x14005d448
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x14005d450
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x14005d458
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x14005d460
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z	0x14005d468
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x14005d470
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z	0x14005d478
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14005d480
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14005d488
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x14005d490
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z	0x14005d498
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14005d4a0
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z	0x14005d4a8
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x14005d4b0
??Bid@locale@std@@QEAA_KXZ	0x14005d4b8
?_Random_device@std@@YAIXZ	0x14005d4c0
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A	0x14005d4c8
?id@?$ctype@_W@std@@2V0locale@2@A	0x14005d4d0
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A	0x14005d4d8
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z	0x14005d4e0
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z	0x14005d4e8
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z	0x14005d4f0
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z	0x14005d4f8
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ	0x14005d500
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ	0x14005d508
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z	0x14005d510

Function	Address	Souspicious	Anti Debug
InternetOpenUrlA	0x14005d760
InternetOpenUrlW	0x14005d768
InternetOpenA	0x14005d770
InternetOpenW	0x14005d778
InternetCloseHandle	0x14005d780
InternetReadFile	0x14005d788

Function	Address	Souspicious	Anti Debug
GetDeviceCaps	0x14005d058

Function	Address	Souspicious	Anti Debug
strncpy	0x14005d9d8
strncmp	0x14005d9e0
_wcsicmp	0x14005d9e8
strcmp	0x14005d9f0

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x14005d750

Function	Address	Souspicious	Anti Debug
ShellExecuteW	0x14005d520

Function	Address	Souspicious	Anti Debug
CreateProcessA	0x14005d088
QueryPerformanceCounter	0x14005d090
GetTickCount	0x14005d098
IsDebuggerPresent	0x14005d0a0
CheckRemoteDebuggerPresent	0x14005d0a8
GetExitCodeProcess	0x14005d0b0
MultiByteToWideChar	0x14005d0b8
GlobalAlloc	0x14005d0c0
GlobalFree	0x14005d0c8
GlobalLock	0x14005d0d0
WideCharToMultiByte	0x14005d0d8
GlobalUnlock	0x14005d0e0
LoadLibraryA	0x14005d0e8
QueryPerformanceFrequency	0x14005d0f0
VerSetConditionMask	0x14005d0f8
GetModuleHandleW	0x14005d100
FreeLibrary	0x14005d108
VerifyVersionInfoW	0x14005d110
lstrcmpA	0x14005d118
K32GetProcessImageFileNameW	0x14005d120
OpenProcess	0x14005d128
Sleep	0x14005d130
GetFileAttributesA	0x14005d138
CreateThread	0x14005d140
LoadLibraryExW	0x14005d148
SetConsoleTitleA	0x14005d150
CreateFileW	0x14005d158
SetFileInformationByHandle	0x14005d160
GetConsoleWindow	0x14005d168
OutputDebugStringW	0x14005d170
InitializeSListHead	0x14005d178
GetSystemTimeAsFileTime	0x14005d180
GetCurrentThreadId	0x14005d188
CreateEventW	0x14005d190
WaitForSingleObjectEx	0x14005d198
ResetEvent	0x14005d1a0
DebugActiveProcess	0x14005d1a8
DeleteCriticalSection	0x14005d1b0
InitializeCriticalSectionAndSpinCount	0x14005d1b8
LoadLibraryW	0x14005d1c0
EnterCriticalSection	0x14005d1c8
IsProcessorFeaturePresent	0x14005d1d0
TerminateProcess	0x14005d1d8
SetUnhandledExceptionFilter	0x14005d1e0
UnhandledExceptionFilter	0x14005d1e8
RtlVirtualUnwind	0x14005d1f0
RtlLookupFunctionEntry	0x14005d1f8
RtlCaptureContext	0x14005d200
GetFileInformationByHandleEx	0x14005d208
AreFileApisANSI	0x14005d210
GetTempPathW	0x14005d218
GetFileAttributesW	0x14005d220
FindNextFileW	0x14005d228
FindFirstFileExW	0x14005d230
FindClose	0x14005d238
GetLocaleInfoEx	0x14005d240
FormatMessageA	0x14005d248
LocalFree	0x14005d250
GetCurrentProcessId	0x14005d258
GetProcAddress	0x14005d260
Process32NextW	0x14005d268
GetThreadContext	0x14005d270
GetLastError	0x14005d278
CreateToolhelp32Snapshot	0x14005d280
WaitForSingleObject	0x14005d288
CreateMutexW	0x14005d290
GetModuleFileNameW	0x14005d298
CloseHandle	0x14005d2a0
Process32FirstW	0x14005d2a8
LeaveCriticalSection	0x14005d2b0
GetCurrentThread	0x14005d2b8
GetCurrentProcess	0x14005d2c0
GetStdHandle	0x14005d2c8
SetConsoleTextAttribute	0x14005d2d0
SetEvent	0x14005d2d8

Function	Address	Souspicious	Anti Debug
sinf	0x14005d810
cosf	0x14005d818
acosf	0x14005d820
__setusermatherr	0x14005d828
ceilf	0x14005d830
fmodf	0x14005d838
sqrtf	0x14005d840

Function	Address	Souspicious	Anti Debug
wcstombs_s	0x14005d798
atoi	0x14005d7a0

Function	Address	Souspicious	Anti Debug
__std_terminate	0x14005d6e0
__C_specific_handler	0x14005d6e8
memchr	0x14005d6f0
memcmp	0x14005d6f8
memcpy	0x14005d700
__std_exception_destroy	0x14005d708
memmove	0x14005d710
__std_exception_copy	0x14005d718
__current_exception	0x14005d720
__current_exception_context	0x14005d728
memset	0x14005d730
_CxxThrowException	0x14005d738
strstr	0x14005d740

Function	Address	Souspicious	Anti Debug
RegCreateKeyExW	0x14005d000
RegSetValueExW	0x14005d008
RegOpenKeyExW	0x14005d010
RegQueryValueExW	0x14005d018
RegDeleteKeyValueW	0x14005d020
RegCloseKey	0x14005d028
OpenProcessToken	0x14005d030
AdjustTokenPrivileges	0x14005d038
LookupPrivilegeValueW	0x14005d040
GetTokenInformation	0x14005d048

Function	Address	Souspicious	Anti Debug
fclose	0x14005d8f8
fputc	0x14005d900
_fseeki64	0x14005d908
__p__commode	0x14005d910
_set_fmode	0x14005d918
__stdio_common_vsprintf_s	0x14005d920
__stdio_common_vfwprintf	0x14005d928
__stdio_common_vsscanf	0x14005d930
_wfopen	0x14005d938
_pclose	0x14005d940
fgetc	0x14005d948
fopen	0x14005d950
fseek	0x14005d958
fgets	0x14005d960
ftell	0x14005d968
__stdio_common_vsprintf	0x14005d970
__stdio_common_vfprintf	0x14005d978
fwrite	0x14005d980
__acrt_iob_func	0x14005d988
_get_stream_buffer_pointers	0x14005d990
fgetpos	0x14005d998
fread	0x14005d9a0
fsetpos	0x14005d9a8
ungetc	0x14005d9b0
_popen	0x14005d9b8
setvbuf	0x14005d9c0
fflush	0x14005d9c8

Function	Address	Souspicious	Anti Debug
Direct3DCreate9	0x14005da10

Function	Address	Souspicious	Anti Debug
malloc	0x14005d7d0
_callnewh	0x14005d7d8
free	0x14005d7e0
_set_new_mode	0x14005d7e8

Function	Address	Souspicious	Anti Debug
DispatchMessageW	0x14005d530
PeekMessageW	0x14005d538
TranslateMessage	0x14005d540
GetSystemMetrics	0x14005d548
ScreenToClient	0x14005d550
CreateWindowExW	0x14005d558
EnumDisplayMonitors	0x14005d560
MonitorFromWindow	0x14005d568
SetWindowPos	0x14005d570
GetDC	0x14005d578
DestroyWindow	0x14005d580
GetKeyState	0x14005d588
PostQuitMessage	0x14005d590
UpdateWindow	0x14005d598
GetWindowThreadProcessId	0x14005d5a0
EnumWindows	0x14005d5a8
AdjustWindowRectEx	0x14005d5b0
DefWindowProcW	0x14005d5b8
GetWindowLongW	0x14005d5c0
PostThreadMessageW	0x14005d5c8
SetWindowsHookExW	0x14005d5d0
SetWindowTextW	0x14005d5d8
RegisterClassExW	0x14005d5e0
WindowFromPoint	0x14005d5e8
ShowWindow	0x14005d5f0
GetCapture	0x14005d5f8
GetMonitorInfoW	0x14005d600
ClientToScreen	0x14005d608
IsChild	0x14005d610
GetForegroundWindow	0x14005d618
SetLayeredWindowAttributes	0x14005d620
SetFocus	0x14005d628
BringWindowToTop	0x14005d630
LoadCursorW	0x14005d638
SetCapture	0x14005d640
SetCursor	0x14005d648
SetWindowLongW	0x14005d650
UnregisterClassW	0x14005d658
GetClientRect	0x14005d660
ReleaseCapture	0x14005d668
SetForegroundWindow	0x14005d670
MessageBoxA	0x14005d678
MessageBoxW	0x14005d680
IsIconic	0x14005d688
FindWindowW	0x14005d690
SetCursorPos	0x14005d698
ReleaseDC	0x14005d6a0
SetClipboardData	0x14005d6a8
GetClipboardData	0x14005d6b0
EmptyClipboard	0x14005d6b8
CloseClipboard	0x14005d6c0
OpenClipboard	0x14005d6c8
GetCursorPos	0x14005d6d0

Function	Address	Souspicious	Anti Debug
ImmSetCompositionWindow	0x14005d068
ImmGetContext	0x14005d070
ImmReleaseContext	0x14005d078