MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ConnectWise


Vendor detections: 15


Intelligence 15 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0
SHA3-384 hash: 57ee7ed22450a3397e2f8f961c3178e5bb0c60e9be1b49e9e117c4206a3d1281e400cd7f662cb6c5dbc0b759db715f07
SHA1 hash: c9b28e26d40d9d42a7c19c123103f854501a0edb
MD5 hash: 59a8c372735dafb6e20ad3cf30770d8e
humanhash: dakota-sweet-minnesota-early
File name:Scan_PDF_5255303072.exe
Download: download sample
Signature ConnectWise
Create hunting rule
File size:5'685'032 bytes
First seen:2024-10-02 04:11:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9771ee6344923fa220489ab01239bdfd (239 x ConnectWise)
ssdeep 49152:zDex5xKkEJkGYYpT0+TFiH7efP0x58IJL+md3rHgDNMKLo8SsxG/XcW32gqkAfoO:B4s6efPQ53JLbd3LINMLaGUW39f0
Threatray 203 similar samples on MalwareBazaar
TLSH T1C746F111B3D995B9D0BF063CD87A52699A74BC048722C7AF57D4B92D2D32BC04E323B6
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter JAMESWT_WT
Tags:ConnectWise exe filedn-com signed

Code Signing Certificate

Organisation:Connectwise, LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-17T00:00:00Z
Valid to:2025-08-15T23:59:59Z
Serial number: 0b9360051bccf66642998998d5ba97ce
Intelligence: 443 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 82b4e7924d5bed84fb16ddf8391936eb301479cec707dc14e23bc22b8cdeae28
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
360
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Scan_PDF_5255303072.exe
Verdict:
Malicious activity
Analysis date:
2024-10-02 04:35:10 UTC
Tags:
screenconnect remote
Link:
https://app.any.run/tasks/b8eb3a6c-9526-44ba-b99e-5b79a8f7ad61

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.29065.SC.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Siggen26.37800.12014.29258.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66fcc81b780a9b632d226695
Tags:
Connectwise Shellcode Exploit Dropper
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Launching a process
Creating a file
Creating a window
Searching for synchronization primitives
Loading a suspicious library
Launching a service
Modifying a system file
Creating a file in the Windows subdirectories
Creating a file in the Program Files subdirectories
Creating a service
Creating a process from a recently created file
Searching for the window
DNS request
Moving a file to the Windows subdirectory
Connection attempt
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Possible injection to a system process
Unauthorized injection to a recently created process
Enabling autorun with the shell\open\command registry branches
Enabling autorun
Enabling autorun for a service
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ScreenConnect Software
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/40096896-0e6d-4c3d-8324-fc03415eaf05
Result
Threat name:
ScreenConnect Tool
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
46 / 100
Link:
https://www.joesandbox.com/analysis/1523874
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Enables network access during safeboot for specific services
Initial sample is a PE file and has a suspicious name
Modifies security policies related information
Multi AV Scanner detection for submitted file
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Remote Access Tool - ScreenConnect Suspicious Execution
Uses dynamic DNS services
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523874 Sample: Scan_PDF_5255303072.exe Startdate: 02/10/2024 Architecture: WINDOWS Score: 46 55 kkl22.ddns.net 2->55 61 Multi AV Scanner detection for submitted file 2->61 63 .NET source code contains potential unpacker 2->63 65 .NET source code references suspicious native API functions 2->65 69 4 other signatures 2->69 8 ScreenConnect.ClientService.exe 2 5 2->8         started        12 msiexec.exe 94 51 2->12         started        15 Scan_PDF_5255303072.exe 4 2->15         started        17 svchost.exe 2->17         started        signatures3 67 Uses dynamic DNS services 55->67 process4 dnsIp5 57 kkl22.ddns.net 188.119.113.59, 49710, 8041 SERVERIUS-ASNL Russian Federation 8->57 73 Reads the Security eventlog 8->73 75 Reads the System eventlog 8->75 19 ScreenConnect.WindowsClient.exe 2 8->19         started        22 ScreenConnect.WindowsClient.exe 2 8->22         started        45 C:\...\ScreenConnect.ClientService.exe, PE32 12->45 dropped 47 C:\Windows\Installer\MSI7A98.tmp, PE32 12->47 dropped 49 C:\Windows\Installer\MSI74FA.tmp, PE32 12->49 dropped 51 9 other files (none is malicious) 12->51 dropped 77 Enables network access during safeboot for specific services 12->77 79 Modifies security policies related information 12->79 24 msiexec.exe 12->24         started        26 msiexec.exe 1 12->26         started        28 msiexec.exe 12->28         started        81 Contains functionality to hide user accounts 15->81 30 msiexec.exe 6 15->30         started        file6 signatures7 process8 file9 71 Contains functionality to hide user accounts 19->71 33 rundll32.exe 10 24->33         started        53 C:\Users\user\AppData\Local\...\MSI6E42.tmp, PE32 30->53 dropped signatures10 process11 file12 37 C:\Users\user\...\ScreenConnect.Windows.dll, PE32 33->37 dropped 39 C:\...\ScreenConnect.InstallerActions.dll, PE32 33->39 dropped 41 C:\Users\user\...\ScreenConnect.Core.dll, PE32 33->41 dropped 43 4 other files (none is malicious) 33->43 dropped 59 Contains functionality to hide user accounts 33->59 signatures13
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-10-01 12:45:03 UTC
File Type:
PE (Exe)
Extracted files:
174
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=um32fcyucpwxq62oge6pwbh755veomgn3r2uhmmlnodfnzsrcgqa._file
Verdict:
malicious
Label(s):
admintool_screenconnect
Create hunting rule
Similar samples:
3f09d8ba69d6c6f9990d49d8183ad139522591b06d247535cf1bd4d4df3a9daf
ConnectWise
3f5c833dc7b2aedccbdc734198ebcd06a77f8c61c55cbfd3c0bca40fa68d8110
ConnectWise
4e81851729d58f321bb83bdb03200f62bc5ee56e0703b2d609a3923a033d5b53
ConnectWise
934a35f92555d0004e1fb78fd91f6dd33036afa329c0900969adb07305231f74
ConnectWise
aa1b77e4203f23734eee91f426b9167c579f3a075ddc45c42ac4714ddc56d03a
ConnectWise
af0c898ab09223b4adb394e52928c835d144106ea382dd21418ae707687e4f76
ConnectWise
dd01e65fb09f159502fd2339d3593cb93e6be2b696f5564d65bb0c329094544c
ConnectWise
error
ConnectWise
fa5b511ef1b55546770402f47dcc78b31461b71e4aac7dafe8ef02de732f6ac0
ConnectWise
+ 193 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/241002-esh3cszgjd/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Boot or Logon Autostart Execution: Authentication Package
Checks computer location settings
Drops file in System32 directory
Event Triggered Execution: Component Object Model Hijacking
Enumerates connected drives
Sets service image path in registry
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/66270d0e-fcc7-4dfc-a2b7-613365a03748
Unpacked files
SH256 hash:
aa8fe440519915417730ec3399f330b32c8071065fc174f0d1ec37aeca1a3a09
MD5 hash:
28e158d55a02bc3b449e9a4b845e536c
SHA1 hash:
daa848501a2d3f6dfbe0da824156dcbf7afb4d00
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
Parent samples :
1f473e89717a811066269c38eb6a53a9a0ea0e5788190636b45622b74eaa4d53
6d7c89f55c50eb63071a1eb0ef8b212a8d87e42aa376fa63d433120b212b4a48
9fa76b4ab82376d9486f051b2a7f0e2f584243296f94b2b4b30ea24fae05edd3
85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253
64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
e1a3eb6e1ec31406443bfbe5067c1852706406a824a29c2490c8e1b73fcf0081
58ff97145ad54ff4900f10bedbecd4a926fb847b23cc0c26ad46f1a96c0a34e9
f435f6ed37b03147bc9ea44f2f291afde9a1c303452ecd3c64493a6c7504b03a
b17964f1729c74ab244e0322f3bac392063ae791380fbfa49bdf82a10e4cd7f0
SH256 hash:
abca7cf12937da14c9323c880ec490cc0e063d7a3eef2eac878cd25c84cf1660
MD5 hash:
9f823778701969823c5a01ef3ece57b7
SHA1 hash:
da733f482825ec2d91f9f1186a3f934a2ea21fa1
Detections:
SUSP_NET_Shellcode_Loader_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
Parent samples :
aa1b77e4203f23734eee91f426b9167c579f3a075ddc45c42ac4714ddc56d03a
1172a51b9f3f9bb486d4cc11257facb25238351262acf297a314f6f3774dd053
cef038d63b561e927a0279b5bf7a07248b6ef80e89a5a75a4767b22eca240df3
4b29a54f59990f265e150f437518823f2e8b1e82604201c6e15301ddc09ee3df
b1668588b2c6cc2abea3af4b25949aef0afe18941b842bf338c9d8abc28907a2
415ed80ee0977b5fa793e50bea0539e157b5845af417ddd11ec1fab94409d4ad
56f2d60a446835b53f1ecb54fefebd55c0cfd8c4511a8a96f0e396ad8bc22dbb
b30acefcdf5ba41a18270ae8e79dd9ddb445a729ff67aade0abf3259592738ed
d014a441cee293d4696bfcb06d51816536312bf2f1d5ddfd224d4e6d8660f06b
9d77eb0fee359764d3362dbbafb96472cf549fe144d95b3fe9dc97d0b5828976
934a35f92555d0004e1fb78fd91f6dd33036afa329c0900969adb07305231f74
fd0198e078b123e91bf968c6457666b8d9f9b5e69eae273665994d1a4595b6aa
a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0
ec0f1ec3f107b3559c97f1db4f9a1ae04481f2893c20b2e071f855309d7cc8ed
1f473e89717a811066269c38eb6a53a9a0ea0e5788190636b45622b74eaa4d53
6d7c89f55c50eb63071a1eb0ef8b212a8d87e42aa376fa63d433120b212b4a48
9fa76b4ab82376d9486f051b2a7f0e2f584243296f94b2b4b30ea24fae05edd3
85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253
64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
e1a3eb6e1ec31406443bfbe5067c1852706406a824a29c2490c8e1b73fcf0081
58ff97145ad54ff4900f10bedbecd4a926fb847b23cc0c26ad46f1a96c0a34e9
f435f6ed37b03147bc9ea44f2f291afde9a1c303452ecd3c64493a6c7504b03a
b17964f1729c74ab244e0322f3bac392063ae791380fbfa49bdf82a10e4cd7f0
SH256 hash:
9342c7be8036a5f8dc3895d75e3314dce961fd3bc70ee59928c67fa04f0c7e08
MD5 hash:
5419ff27205d3e5affa3fc18b811b843
SHA1 hash:
cf49072c50456381cd26cd32cb97606c5f5cfd26
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
ad6062215032ab58369403b1221562b5e7fb5ae7d52b29b7fad69eefb2d8455b
MD5 hash:
723f2aaeeda1d2bb2f49322da349ffc9
SHA1 hash:
ac6ab994beaff69adf8a2dc480a8a628175ff6c8
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
4d4bf19ad99827f63dd74649d8f7244fc8e29330f4d80138c6b64660c8190a53
MD5 hash:
16c4f1e36895a0fa2b4da3852085547a
SHA1 hash:
ab068a2f4ffd0509213455c79d311f169cd7cab8
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
Parent samples :
1f473e89717a811066269c38eb6a53a9a0ea0e5788190636b45622b74eaa4d53
6d7c89f55c50eb63071a1eb0ef8b212a8d87e42aa376fa63d433120b212b4a48
9fa76b4ab82376d9486f051b2a7f0e2f584243296f94b2b4b30ea24fae05edd3
85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253
64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
e1a3eb6e1ec31406443bfbe5067c1852706406a824a29c2490c8e1b73fcf0081
58ff97145ad54ff4900f10bedbecd4a926fb847b23cc0c26ad46f1a96c0a34e9
f435f6ed37b03147bc9ea44f2f291afde9a1c303452ecd3c64493a6c7504b03a
b17964f1729c74ab244e0322f3bac392063ae791380fbfa49bdf82a10e4cd7f0
4d4bf19ad99827f63dd74649d8f7244fc8e29330f4d80138c6b64660c8190a53
SH256 hash:
19ac323ca6eae2f8145cdc2bac865b32cd5a48ad6ff199d4ca7da214b056e1dc
MD5 hash:
5fb6074b08ac4709cf2f29fa5b49023e
SHA1 hash:
8bbb78a47c08867c50572f0bd2a27171f91e0454
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
d4803e18440d3c72fec6ba517e45cb13a5d902acc916c0ef050338bb20c720a2
MD5 hash:
81878abbb311b94b89476b9312785ba0
SHA1 hash:
290e243c5a81c66d993d5fc83df4eb7e8452cda0
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
Parent samples :
1f473e89717a811066269c38eb6a53a9a0ea0e5788190636b45622b74eaa4d53
6d7c89f55c50eb63071a1eb0ef8b212a8d87e42aa376fa63d433120b212b4a48
9fa76b4ab82376d9486f051b2a7f0e2f584243296f94b2b4b30ea24fae05edd3
85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253
64ca91a2446a8e567b24deea926bbdb34fd2dda221577787bbb62d07cbf0272d
d19dbc6b0c0792df8f420c14ef25130052a81d481d38340a40194862ff0095cd
e1a3eb6e1ec31406443bfbe5067c1852706406a824a29c2490c8e1b73fcf0081
58ff97145ad54ff4900f10bedbecd4a926fb847b23cc0c26ad46f1a96c0a34e9
f435f6ed37b03147bc9ea44f2f291afde9a1c303452ecd3c64493a6c7504b03a
b17964f1729c74ab244e0322f3bac392063ae791380fbfa49bdf82a10e4cd7f0
SH256 hash:
ac7721f50829c6b569cdf6ef8d516c89f10a89165b38f9ddb608e8c7844b2108
MD5 hash:
5fe7a9b6ce2c7a379ee6a9ccff85eb51
SHA1 hash:
2506a5fe1e61def362610057ba36ebca0a181dee
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
56da3090333853a21a6b2b04c2754f8e0bf478c542f251d3c2b28f29fa6a0f55
MD5 hash:
0dcc8fa6b9abfe1b4317ac83782a38ab
SHA1 hash:
07f67dbd48a6f7c0e2060361722df5311422f73d
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
289a4eea79baa4141744e44d60db713e18b5f23322663c63047962f51b467614
MD5 hash:
48979a1a6d3badea8124bce04b1e01a5
SHA1 hash:
06931bd96343ce167eda796112a30ca8d9fa536a
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
8a55c15cc76e31042e17458c479772aa95bc1b908016c85b1dc8b8e3eff23254
MD5 hash:
decb1fd20d75e6eade9289cc24605f29
SHA1 hash:
5169602d641c4f2ebd9ca0639622949e00c25566
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
SH256 hash:
a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0
MD5 hash:
59a8c372735dafb6e20ad3cf30770d8e
SHA1 hash:
c9b28e26d40d9d42a7c19c123103f854501a0edb
Link:
https://www.unpac.me/results/b3068b34-4e08-4ed8-ac30-9ff64caf299c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:INDICATOR_EXE_DotNET_Encrypted
Create hunting rule
Author:ditekSHen
Description:Detects encrypted or obfuscated .NET executables
Rule name:INDICATOR_RMM_ConnectWise_ScreenConnect
Create hunting rule
Author:ditekSHen
Description:Detects ConnectWise Control (formerly ScreenConnect). Review RMM Inventory
Rule name:INDICATOR_RMM_ConnectWise_ScreenConnect_CERT
Create hunting rule
Author:ditekSHen
Description:Detects ConnectWise Control (formerly ScreenConnect) by (default) certificate. Review RMM Inventory
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ConnectWise

Executable exe a337a28b1413ed787b4e313cfb04ffef6a4730cddc7543b18b6b8656e65111a0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3204347/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW

Comments