xmrig.exe

First submission 2024-10-14 23:54:01 Last sumbission 2024-10-15 20:52:03

File details

File type:	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Mime type:	application/x-dosexec
File size:	8036.0 KB (8228864 bytes)
Compile time:	2022-10-23 13:02:20
MD5:	6f4532e49d65c2be0355b222f96e06e8
SHA1:	268e90ce25e01bbb205f6ae3f493f8da36a61480
SHA256:	acaf8e844ef7f4f65033ebe9546c394cc21bce175dac8b59199106309f04e5ab
Import Hash :	3ae5019c0ca1f8d34f2e86c2a0eed3b9
Sections 11	.text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4	import resource tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	61/77 VT report date: 2024-09-30 00:20:50
Malware Type 3	miner pua trojan
Threat Type 3	bitminer malxmr miswf

URLs, FQDN and IP indicators 2

URL	Host (FQDN/IP)	Date Added
hXXp://main.dsn.ovh/mvt/xmrig.exe	main.dsn.ovh	2024-10-15 20:52:08
hXXp://193.70.43.137/mvt/xmrig.exe	193.70.43.137	2024-10-14 23:54:01

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x5eb648	6209536	d530af3d33011440f8d4d9ddb5c8dee182e0f962	c71a0c414aafb7c5e68fe4a91ee363de
.data	0x5ed000	0x10460	67072	b4175fc5a9dd0dc605a2685e3195616aac5d96be	21c158633eb21cb3082b12ef690ef770
.rdata	0x5fe000	0x15d660	1431552	0be682954f9b12735e054d065757bdc06c40a912	4892ffd89593896b04995dda93fc7740
.pdata	0x75c000	0x2ee0c	192512	76d2f35625fcfd8e0d0ef6238bed39d9598ecabb	cb7b5909bd56d355b34c2de2794e776e
.xdata	0x78b000	0x3b7a8	243712	6be866a65c96b3e62a004ce2bc8d814559a1d689	034812933b8d93588a6e07c869330b0e
.bss	0x7c7000	0x3209e0	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0xae8000	0x46bc	18432	31ebb6dc2b1edbfc69659f3fa0940405282603bf	16c8e5eb84a912fcd1c0688153007c7a
.CRT	0xaed000	0x68	512	79f31a588d691ac9e196d84b4aff6da5b1128147	d95fbb6ad6bb6c672d871d0f95c6eb92
.tls	0xaee000	0x10	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.rsrc	0xaef000	0x5ce8	23784	069b1d0b71124b655c6367c4851b8acffeb0f28e	297c59286282976bae3d9f48f19e2e0c
.reloc	0xaf5000	0x8e78	36864	3f752ffbb917258d63988b74302bdd5d5e6f472b	d654838a44178bf5fc89286bbb658947

PE Resources 4

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xaf4110	1128	PE Resource: RT_ICON - Data ( @vwwvqqqVWWVWWVWWVWWqqqvwwveee#lmmVWWVWWVWWVWWVWWVWWVWWVWWlmmeee#eee#_``VWWVWWVWWVWWVWWVWWVWWVWWVWWVWW_``eee#VWWVWWVWWVWWVWWVWWVWWVWWVWWVWWVWWVWWVWWVWW$VWWVWW$>gg`aaggggg>gggg6yggggggggggD~ggg'pggggggg'pSggg'pggggg'pggDSg>gga~Dgggggg>EvgSggSgggggEv8{S6ygggogggg8{.t#&ogggggggggg&o.t#.t#8{gggggggg8{.t#Ev>gggg>Ev
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xaf4578	62
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xaf45b8	652	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?StringFileInfo000004b0<CompanyNamewww.xmrig.com@FileDescriptionXMRig miner.FileVersion6.18.1h"LegalCopyrightCopyright (C) 2016-2022 xmrig.com< OriginalFilenamexmrig.exe,ProductNameXMRig2ProductVersion6.18.1DVarFileInfo$Translation
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xaf4848	1167	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker"/> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!--The ID below indicates application support for Windows Vista --> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <!--The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <!--The ID below indicates application support for Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!--The ID below indicates application support for Windows 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <!--The ID below indicates application support for Windows 10 --> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> </application> </compatibility> </assembly>

Meta infos 8

LegalCopyright:	Copyright (C) 2016-2022 xmrig.com
ProductVersion:	6.18.1
CompanyName:	www.xmrig.com
FileVersion:	6.18.1
FileDescription:	XMRig miner
Translation:	0x0000 0x04b0
OriginalFilename:	xmrig.exe
ProductName:	XMRig

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 7

GetLastError
IsDebuggerPresent
OutputDebugStringA
Process32First
Process32Next
RaiseException
TerminateProcess

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

XML
topology.xml
Library
ntdll.dll
MSVCRT.dll
ADVAPI32.dll
KERNEL32.dll
SHELL32.dll
Powrprof.dll
USER32.dll
IPHLPAPI.DLL
atiadlxx.dll
PSAPI.DLL
@ntdll.dll
WS2_32.dll
xmrig-cuda.dll
%PROGRAMFILES%\NVIDIA Corporation\NVSMI\nvml.dll
USERENV.dll
nvml.dll
ole32.dll
Crypt32.dll
opencl.dll
%s.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Strings analysis - Possible URLs found 7

https://xmrig.com/wizard
https://xmrig.com/docs/algorithms
http://
https://L)
https://xmrig.com/benchmark/%s
https://
https://H

Import functions

IPHLPAPI.DLL 3 CRYPT32.dll 7 SHELL32.dll 1 KERNEL32.dll 220 msvcrt.dll 152 ADVAPI32.dll 43 ole32.dll 3 WS2_32.dll 37 USER32.dll 10 USERENV.dll 1

Function	Address	Souspicious	Anti Debug
ConvertInterfaceIndexToLuid	0x140ae91b4
ConvertInterfaceLuidToNameW	0x140ae91bc
GetAdaptersAddresses	0x140ae91c4

Function	Address	Souspicious	Anti Debug
CertCloseStore	0x140ae9174
CertDuplicateCertificateContext	0x140ae917c
CertEnumCertificatesInStore	0x140ae9184
CertFindCertificateInStore	0x140ae918c
CertFreeCertificateContext	0x140ae9194
CertGetCertificateContextProperty	0x140ae919c
CertOpenStore	0x140ae91a4

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderPathA	0x140ae9da4

Function	Address	Souspicious	Anti Debug
AcquireSRWLockExclusive	0x140ae91d4
AcquireSRWLockShared	0x140ae91dc
AddVectoredExceptionHandler	0x140ae91e4
AssignProcessToJobObject	0x140ae91ec
CancelIo	0x140ae91f4
CancelIoEx	0x140ae91fc
CancelSynchronousIo	0x140ae9204
CloseHandle	0x140ae920c
ConnectNamedPipe	0x140ae9214
ConvertFiberToThread	0x140ae921c
ConvertThreadToFiber	0x140ae9224
CopyFileW	0x140ae922c
CreateDirectoryW	0x140ae9234
CreateEventA	0x140ae923c
CreateFiber	0x140ae9244
CreateFileA	0x140ae924c
CreateFileMappingA	0x140ae9254
CreateFileW	0x140ae925c
CreateHardLinkW	0x140ae9264
CreateIoCompletionPort	0x140ae926c
CreateJobObjectW	0x140ae9274
CreateNamedPipeA	0x140ae927c
CreateNamedPipeW	0x140ae9284
CreateProcessW	0x140ae928c
CreateSemaphoreA	0x140ae9294
CreateSymbolicLinkW	0x140ae929c
CreateToolhelp32Snapshot	0x140ae92a4
DebugBreak	0x140ae92ac
DeleteCriticalSection	0x140ae92b4
DeleteFiber	0x140ae92bc
DeviceIoControl	0x140ae92c4
DuplicateHandle	0x140ae92cc
EnterCriticalSection	0x140ae92d4
ExpandEnvironmentStringsA	0x140ae92dc
FileTimeToSystemTime	0x140ae92e4
FillConsoleOutputAttribute	0x140ae92ec
FillConsoleOutputCharacterW	0x140ae92f4
FindClose	0x140ae92fc
FindFirstFileW	0x140ae9304
FindNextFileW	0x140ae930c
FindResourceW	0x140ae9314
FlushFileBuffers	0x140ae931c
FlushInstructionCache	0x140ae9324
FlushViewOfFile	0x140ae932c
FormatMessageA	0x140ae9334
FormatMessageW	0x140ae933c
FreeConsole	0x140ae9344
FreeEnvironmentStringsW	0x140ae934c
FreeLibrary	0x140ae9354
GetComputerNameA	0x140ae935c
GetConsoleCursorInfo	0x140ae9364
GetConsoleMode	0x140ae936c
GetConsoleScreenBufferInfo	0x140ae9374
GetConsoleTitleW	0x140ae937c
GetConsoleWindow	0x140ae9384
GetCurrentDirectoryW	0x140ae938c
GetCurrentProcess	0x140ae9394
GetCurrentProcessId	0x140ae939c
GetCurrentThread	0x140ae93a4
GetCurrentThreadId	0x140ae93ac
GetDiskFreeSpaceW	0x140ae93b4
GetEnvironmentStringsW	0x140ae93bc
GetEnvironmentVariableW	0x140ae93c4
GetExitCodeProcess	0x140ae93cc
GetFileAttributesA	0x140ae93d4
GetFileAttributesW	0x140ae93dc
GetFileInformationByHandle	0x140ae93e4
GetFileInformationByHandleEx	0x140ae93ec
GetFileSizeEx	0x140ae93f4
GetFileType	0x140ae93fc
GetFinalPathNameByHandleW	0x140ae9404
GetFullPathNameW	0x140ae940c
GetHandleInformation	0x140ae9414
GetLargePageMinimum	0x140ae941c
GetLastError	0x140ae9424
GetLongPathNameW	0x140ae942c
GetModuleFileNameA	0x140ae9434
GetModuleFileNameW	0x140ae943c
GetModuleHandleA	0x140ae9444
GetModuleHandleExW	0x140ae944c
GetModuleHandleW	0x140ae9454
GetNamedPipeHandleStateA	0x140ae945c
GetNativeSystemInfo	0x140ae9464
GetNumberOfConsoleInputEvents	0x140ae946c
GetPriorityClass	0x140ae9474
GetProcAddress	0x140ae947c
GetProcessAffinityMask	0x140ae9484
GetProcessHeap	0x140ae948c
GetProcessIoCounters	0x140ae9494
GetProcessTimes	0x140ae949c
GetQueuedCompletionStatus	0x140ae94a4
GetShortPathNameW	0x140ae94ac
GetStartupInfoA	0x140ae94b4
GetStartupInfoW	0x140ae94bc
GetStdHandle	0x140ae94c4
GetSystemFirmwareTable	0x140ae94cc
GetSystemInfo	0x140ae94d4
GetSystemPowerStatus	0x140ae94dc
GetSystemTime	0x140ae94e4
GetSystemTimeAdjustment	0x140ae94ec
GetSystemTimeAsFileTime	0x140ae94f4
GetTempPathW	0x140ae94fc
GetThreadContext	0x140ae9504
GetThreadPriority	0x140ae950c
GetThreadTimes	0x140ae9514
GetTickCount	0x140ae951c
GetTickCount64	0x140ae9524
GetVersion	0x140ae952c
GetVersionExA	0x140ae9534
GetVersionExW	0x140ae953c
GlobalMemoryStatusEx	0x140ae9544
HeapAlloc	0x140ae954c
HeapFree	0x140ae9554
InitializeConditionVariable	0x140ae955c
InitializeCriticalSection	0x140ae9564
InitializeCriticalSectionAndSpinCount	0x140ae956c
InitializeSRWLock	0x140ae9574
IsDBCSLeadByteEx	0x140ae957c
IsDebuggerPresent	0x140ae9584
K32GetProcessMemoryInfo	0x140ae958c
LCMapStringW	0x140ae9594
LeaveCriticalSection	0x140ae959c
LoadLibraryA	0x140ae95a4
LoadLibraryExA	0x140ae95ac
LoadLibraryExW	0x140ae95b4
LoadLibraryW	0x140ae95bc
LoadResource	0x140ae95c4
LocalAlloc	0x140ae95cc
LocalFree	0x140ae95d4
LockResource	0x140ae95dc
MapViewOfFile	0x140ae95e4
MoveFileExW	0x140ae95ec
MultiByteToWideChar	0x140ae95f4
OpenProcess	0x140ae95fc
OutputDebugStringA	0x140ae9604
PeekNamedPipe	0x140ae960c
PostQueuedCompletionStatus	0x140ae9614
Process32First	0x140ae961c
Process32Next	0x140ae9624
QueryPerformanceCounter	0x140ae962c
QueryPerformanceFrequency	0x140ae9634
QueueUserWorkItem	0x140ae963c
RaiseException	0x140ae9644
ReOpenFile	0x140ae964c
ReadConsoleA	0x140ae9654
ReadConsoleInputW	0x140ae965c
ReadConsoleW	0x140ae9664
ReadDirectoryChangesW	0x140ae966c
ReadFile	0x140ae9674
RegisterWaitForSingleObject	0x140ae967c
ReleaseSRWLockExclusive	0x140ae9684
ReleaseSRWLockShared	0x140ae968c
ReleaseSemaphore	0x140ae9694
RemoveDirectoryW	0x140ae969c
RemoveVectoredExceptionHandler	0x140ae96a4
ResetEvent	0x140ae96ac
ResumeThread	0x140ae96b4
RtlCaptureContext	0x140ae96bc
RtlLookupFunctionEntry	0x140ae96c4
RtlUnwindEx	0x140ae96cc
RtlVirtualUnwind	0x140ae96d4
SetConsoleCtrlHandler	0x140ae96dc
SetConsoleCursorInfo	0x140ae96e4
SetConsoleCursorPosition	0x140ae96ec
SetConsoleMode	0x140ae96f4
SetConsoleTextAttribute	0x140ae96fc
SetConsoleTitleA	0x140ae9704
SetConsoleTitleW	0x140ae970c
SetCurrentDirectoryW	0x140ae9714
SetEnvironmentVariableW	0x140ae971c
SetErrorMode	0x140ae9724
SetEvent	0x140ae972c
SetFileCompletionNotificationModes	0x140ae9734
SetFilePointerEx	0x140ae973c
SetFileTime	0x140ae9744
SetHandleInformation	0x140ae974c
SetInformationJobObject	0x140ae9754
SetLastError	0x140ae975c
SetNamedPipeHandleState	0x140ae9764
SetPriorityClass	0x140ae976c
SetProcessAffinityMask	0x140ae9774
SetSystemTime	0x140ae977c
SetThreadAffinityMask	0x140ae9784
SetThreadContext	0x140ae978c
SetThreadPriority	0x140ae9794
SetUnhandledExceptionFilter	0x140ae979c
SizeofResource	0x140ae97a4
Sleep	0x140ae97ac
SleepConditionVariableCS	0x140ae97b4
SuspendThread	0x140ae97bc
SwitchToFiber	0x140ae97c4
SwitchToThread	0x140ae97cc
SystemTimeToFileTime	0x140ae97d4
TerminateProcess	0x140ae97dc
TlsAlloc	0x140ae97e4
TlsFree	0x140ae97ec
TlsGetValue	0x140ae97f4
TlsSetValue	0x140ae97fc
TryAcquireSRWLockExclusive	0x140ae9804
TryAcquireSRWLockShared	0x140ae980c
TryEnterCriticalSection	0x140ae9814
UnmapViewOfFile	0x140ae981c
UnregisterWait	0x140ae9824
UnregisterWaitEx	0x140ae982c
VerSetConditionMask	0x140ae9834
VerifyVersionInfoA	0x140ae983c
VirtualAlloc	0x140ae9844
VirtualFree	0x140ae984c
VirtualProtect	0x140ae9854
VirtualQuery	0x140ae985c
WaitForMultipleObjects	0x140ae9864
WaitForSingleObject	0x140ae986c
WaitNamedPipeW	0x140ae9874
WakeAllConditionVariable	0x140ae987c
WakeConditionVariable	0x140ae9884
WideCharToMultiByte	0x140ae988c
WriteConsoleInputW	0x140ae9894
WriteConsoleW	0x140ae989c
WriteFile	0x140ae98a4
__C_specific_handler	0x140ae98ac

Function	Address	Souspicious	Anti Debug
___lc_codepage_func	0x140ae98bc
___mb_cur_max_func	0x140ae98c4
__argv	0x140ae98cc
__doserrno	0x140ae98d4
__getmainargs	0x140ae98dc
__initenv	0x140ae98e4
__iob_func	0x140ae98ec
__set_app_type	0x140ae98f4
__setusermatherr	0x140ae98fc
_acmdln	0x140ae9904
_amsg_exit	0x140ae990c
_assert	0x140ae9914
_beginthreadex	0x140ae991c
_cexit	0x140ae9924
_close	0x140ae992c
_close	0x140ae9934
_commode	0x140ae993c
_endthreadex	0x140ae9944
_errno	0x140ae994c
_exit	0x140ae9954
_fdopen	0x140ae995c
_filelengthi64	0x140ae9964
_fileno	0x140ae996c
_findclose	0x140ae9974
_fileno	0x140ae997c
_findfirst64	0x140ae9984
_findnext64	0x140ae998c
_fmode	0x140ae9994
_fstat64	0x140ae999c
_fullpath	0x140ae99a4
_get_osfhandle	0x140ae99ac
_gmtime64	0x140ae99b4
_initterm	0x140ae99bc
_isatty	0x140ae99c4
_localtime64	0x140ae99cc
_lock	0x140ae99d4
_lseeki64	0x140ae99dc
_mkdir	0x140ae99e4
_onexit	0x140ae99ec
_open	0x140ae99f4
_open_osfhandle	0x140ae99fc
_read	0x140ae9a04
_read	0x140ae9a0c
_setjmp	0x140ae9a14
_setmode	0x140ae9a1c
_snwprintf	0x140ae9a24
_stat64	0x140ae9a2c
_stricmp	0x140ae9a34
_strdup	0x140ae9a3c
_strdup	0x140ae9a44
_strnicmp	0x140ae9a4c
_time64	0x140ae9a54
_ultoa	0x140ae9a5c
_unlock	0x140ae9a64
_umask	0x140ae9a6c
_vscprintf	0x140ae9a74
_vsnprintf	0x140ae9a7c
_vsnwprintf	0x140ae9a84
_wchmod	0x140ae9a8c
_wcsdup	0x140ae9a94
_wcsnicmp	0x140ae9a9c
_wcsrev	0x140ae9aa4
_wfopen	0x140ae9aac
_wopen	0x140ae9ab4
_write	0x140ae9abc
_wrmdir	0x140ae9ac4
abort	0x140ae9acc
atof	0x140ae9ad4
atoi	0x140ae9adc
calloc	0x140ae9ae4
exit	0x140ae9aec
fclose	0x140ae9af4
feof	0x140ae9afc
ferror	0x140ae9b04
fflush	0x140ae9b0c
fgetpos	0x140ae9b14
fgets	0x140ae9b1c
fopen	0x140ae9b24
fprintf	0x140ae9b2c
fputc	0x140ae9b34
fputs	0x140ae9b3c
fread	0x140ae9b44
free	0x140ae9b4c
fseek	0x140ae9b54
fsetpos	0x140ae9b5c
ftell	0x140ae9b64
fwrite	0x140ae9b6c
getc	0x140ae9b74
getenv	0x140ae9b7c
getwc	0x140ae9b84
islower	0x140ae9b8c
isspace	0x140ae9b94
isupper	0x140ae9b9c
iswctype	0x140ae9ba4
isxdigit	0x140ae9bac
_write	0x140ae9bb4
localeconv	0x140ae9bbc
longjmp	0x140ae9bc4
malloc	0x140ae9bcc
memchr	0x140ae9bd4
memcmp	0x140ae9bdc
memcpy	0x140ae9be4
memmove	0x140ae9bec
memset	0x140ae9bf4
printf	0x140ae9bfc
putc	0x140ae9c04
putwc	0x140ae9c0c
qsort	0x140ae9c14
raise	0x140ae9c1c
realloc	0x140ae9c24
rand	0x140ae9c2c
setlocale	0x140ae9c34
setvbuf	0x140ae9c3c
signal	0x140ae9c44
srand	0x140ae9c4c
strcat	0x140ae9c54
strchr	0x140ae9c5c
strcmp	0x140ae9c64
strcoll	0x140ae9c6c
strcpy	0x140ae9c74
strcspn	0x140ae9c7c
strerror	0x140ae9c84
strftime	0x140ae9c8c
strlen	0x140ae9c94
strncmp	0x140ae9c9c
strncpy	0x140ae9ca4
strrchr	0x140ae9cac
strspn	0x140ae9cb4
strstr	0x140ae9cbc
strtol	0x140ae9cc4
strtoul	0x140ae9ccc
strxfrm	0x140ae9cd4
tolower	0x140ae9cdc
toupper	0x140ae9ce4
towlower	0x140ae9cec
towupper	0x140ae9cf4
ungetc	0x140ae9cfc
vfprintf	0x140ae9d04
ungetwc	0x140ae9d0c
wcschr	0x140ae9d14
wcscmp	0x140ae9d1c
wcscoll	0x140ae9d24
wcscpy	0x140ae9d2c
wcsftime	0x140ae9d34
wcslen	0x140ae9d3c
wcsncmp	0x140ae9d44
wcsncpy	0x140ae9d4c
wcspbrk	0x140ae9d54
wcsrchr	0x140ae9d5c
wcsstr	0x140ae9d64
wcstombs	0x140ae9d6c
wcsxfrm	0x140ae9d74

Function	Address	Souspicious	Anti Debug
AdjustTokenPrivileges	0x140ae9014
AllocateAndInitializeSid	0x140ae901c
CloseServiceHandle	0x140ae9024
ControlService	0x140ae902c
CreateServiceW	0x140ae9034
CryptAcquireContextW	0x140ae903c
CryptCreateHash	0x140ae9044
CryptDecrypt	0x140ae904c
CryptDestroyHash	0x140ae9054
CryptDestroyKey	0x140ae905c
CryptEnumProvidersW	0x140ae9064
CryptExportKey	0x140ae906c
CryptGenRandom	0x140ae9074
CryptGetProvParam	0x140ae907c
CryptGetUserKey	0x140ae9084
CryptReleaseContext	0x140ae908c
CryptSetHashParam	0x140ae9094
CryptSignHashW	0x140ae909c
DeleteService	0x140ae90a4
DeregisterEventSource	0x140ae90ac
FreeSid	0x140ae90b4
GetSecurityInfo	0x140ae90bc
GetTokenInformation	0x140ae90c4
GetUserNameW	0x140ae90cc
LookupPrivilegeValueW	0x140ae90d4
LsaAddAccountRights	0x140ae90dc
LsaClose	0x140ae90e4
LsaOpenPolicy	0x140ae90ec
OpenProcessToken	0x140ae90f4
OpenSCManagerW	0x140ae90fc
OpenServiceW	0x140ae9104
QueryServiceConfigA	0x140ae910c
QueryServiceStatus	0x140ae9114
RegCloseKey	0x140ae911c
RegGetValueW	0x140ae9124
RegOpenKeyExW	0x140ae912c
RegQueryValueExW	0x140ae9134
RegisterEventSourceW	0x140ae913c
ReportEventW	0x140ae9144
SetEntriesInAclA	0x140ae914c
SetSecurityInfo	0x140ae9154
StartServiceW	0x140ae915c
SystemFunction036	0x140ae9164

Function	Address	Souspicious	Anti Debug
CoCreateInstance	0x140ae9d84
CoInitializeEx	0x140ae9d8c
CoUninitialize	0x140ae9d94

Function	Address	Souspicious	Anti Debug
FreeAddrInfoW	0x140ae9e1c
GetAddrInfoW	0x140ae9e24
WSACleanup	0x140ae9e2c
WSADuplicateSocketW	0x140ae9e34
WSAGetLastError	0x140ae9e3c
WSAGetOverlappedResult	0x140ae9e44
WSAIoctl	0x140ae9e4c
WSARecv	0x140ae9e54
WSARecvFrom	0x140ae9e5c
WSASend	0x140ae9e64
WSASendTo	0x140ae9e6c
WSASetLastError	0x140ae9e74
WSASocketW	0x140ae9e7c
WSAStartup	0x140ae9e84
accept	0x140ae9e8c
bind	0x140ae9e94
closesocket	0x140ae9e9c
connect	0x140ae9ea4
freeaddrinfo	0x140ae9eac
getaddrinfo	0x140ae9eb4
gethostbyname	0x140ae9ebc
gethostname	0x140ae9ec4
getnameinfo	0x140ae9ecc
getpeername	0x140ae9ed4
getsockname	0x140ae9edc
getsockopt	0x140ae9ee4
htonl	0x140ae9eec
htons	0x140ae9ef4
ioctlsocket	0x140ae9efc
listen	0x140ae9f04
ntohs	0x140ae9f0c
recv	0x140ae9f14
select	0x140ae9f1c
send	0x140ae9f24
setsockopt	0x140ae9f2c
shutdown	0x140ae9f34
socket	0x140ae9f3c

Function	Address	Souspicious	Anti Debug
DispatchMessageA	0x140ae9db4
GetLastInputInfo	0x140ae9dbc
GetMessageA	0x140ae9dc4
GetProcessWindowStation	0x140ae9dcc
GetSystemMetrics	0x140ae9dd4
GetUserObjectInformationW	0x140ae9ddc
MapVirtualKeyW	0x140ae9de4
MessageBoxW	0x140ae9dec
ShowWindow	0x140ae9df4
TranslateMessage	0x140ae9dfc

Function	Address	Souspicious	Anti Debug
GetUserProfileDirectoryW	0x140ae9e0c