MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 19


Intelligence 19 IOCs 1 YARA 32 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273
SHA3-384 hash: 0c466a1da5cd5f135c5a6b6776fee2d32833724342feb70f9e9326db98ca27398fe7aef51d89cb7943b77a6406ef6a90
SHA1 hash: f3e6e40de8a8ca8b7cc3f8f4d636ad788df39935
MD5 hash: 7b17ebbf77f53472d2febb38e9785026
humanhash: lion-island-michigan-ohio
File name:7B17EBBF77F53472D2FEBB38E9785026.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'020'449 bytes
First seen:2024-12-31 19:25:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 99ee65c2db82c04251a5c24f214c8892 (34 x Formbook, 11 x RemcosRAT, 4 x SnakeKeylogger)
ssdeep 24576:hN/BUBb+tYjBFHL68+WHE3YLXiM0hD6di/AX:jpUlRhTfHEoLXiM0hDTU
TLSH T1B4250212B7C480B2D0B229324AB6D750167D7D612F658A8F53E03DBEAB705D2D631FA3
TrID 76.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
16.5% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
3.0% (.EXE) Win64 Executable (generic) (10522/11/4)
1.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
File icon (PE):PE icon
dhash icon 5211fadcf9346460 (3 x Formbook, 2 x AsyncRAT)
Reporter abuse_ch
Tags:AsyncRAT exe RAT


Avatar
abuse_ch
AsyncRAT C2:
195.26.255.81:77

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
195.26.255.81:77 https://threatfox.abuse.ch/ioc/1349030/

Intelligence

File Origin
# of uploads :
1
# of downloads :
575
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
7B17EBBF77F53472D2FEBB38E9785026.exe
Verdict:
Malicious activity
Analysis date:
2024-12-31 19:25:59 UTC
Tags:
autoit rat asyncrat remote stealer
Link:
https://app.any.run/tasks/e22bd8b9-751e-4350-914c-64428cd2aef1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Inject5.14221.17708.30369.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6774454b74a2bd296e24d7ec
Tags:
asyncrat autoit emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the %temp% subdirectories
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-vm autoit evasive fingerprint installer keylogger microsoft_visual_cc overlay packed packer_detected sfx
Link:
https://www.filescan.io/uploads/6774454a5e5944880fe28043/reports/00d300fe-8d20-4f70-a519-9bb5b3b3ab98/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ea350e80-5c30-41b8-8855-7d1819581e12
Result
Threat name:
AsyncRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1582904
Signature
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Found API chain indicative of sandbox detection
Found malware configuration
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Protects its processes via BreakOnTermination flag
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Double Extension Files
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Suricata IDS alerts for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses ipconfig to lookup or modify the Windows network settings
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected AntiVM autoit script
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected Autoit Injector
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1582904 Sample: yjOJ1YK5M3.exe Startdate: 31/12/2024 Architecture: WINDOWS Score: 100 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 15 other signatures 2->75 9 yjOJ1YK5M3.exe 3 35 2->9         started        13 cipkucw.ppt.exe 1 1 2->13         started        15 cipkucw.ppt.exe 2->15         started        17 cipkucw.ppt.exe 2->17         started        process3 file4 61 C:\Users\user\AppData\Local\...\cipkucw.ppt, PE32 9->61 dropped 63 C:\Users\user\AppData\Local\Temp\...\pgoh.vbe, Unicode 9->63 dropped 91 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->91 19 wscript.exe 1 9->19         started        65 C:\Users\user\AppData\...\cipkucw.ppt.exe.exe, PE32 13->65 dropped 93 Found API chain indicative of sandbox detection 13->93 95 Writes to foreign memory regions 13->95 97 Allocates memory in foreign processes 13->97 22 RegSvcs.exe 3 13->22         started        99 Injects a PE file into a foreign processes 15->99 24 RegSvcs.exe 15->24         started        26 RegSvcs.exe 17->26         started        signatures5 process6 signatures7 81 Windows Scripting host queries suspicious COM object (likely to drop second stage) 19->81 28 cmd.exe 1 19->28         started        30 cmd.exe 1 19->30         started        33 cmd.exe 1 19->33         started        process8 signatures9 35 cipkucw.ppt 1 33 28->35         started        39 conhost.exe 28->39         started        101 Uses ipconfig to lookup or modify the Windows network settings 30->101 41 conhost.exe 30->41         started        43 ipconfig.exe 1 30->43         started        45 conhost.exe 33->45         started        47 ipconfig.exe 1 33->47         started        process10 file11 53 C:\Users\user\AppData\...\cipkucw.ppt.exe, PE32 35->53 dropped 55 C:\Users\user\AppData\Local\...\cipkucw.ppt, PE32 35->55 dropped 57 C:\Users\user\AppData\...\cipkucw.ppt.exe, PE32 35->57 dropped 59 2 other files (1 malicious) 35->59 dropped 83 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 35->83 85 Writes to foreign memory regions 35->85 87 Allocates memory in foreign processes 35->87 89 Injects a PE file into a foreign processes 35->89 49 RegSvcs.exe 3 35->49         started        signatures12 process13 dnsIp14 67 195.26.255.81, 2106, 49737 KCOM-SPNService-ProviderNetworkex-MistralGB United Kingdom 49->67 77 Protects its processes via BreakOnTermination flag 49->77 79 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 49->79 signatures15
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273
Detection:
asyncrat
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273/
Threat name:
Win32.Trojan.Runner
Create hunting rule
Status:
Malicious
First seen:
2024-12-30 00:11:00 UTC
File Type:
PE (Exe)
Extracted files:
90
AV detection:
23 of 37 (62.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yi5xsubarohy5crcyqa4wxu2axswbltbdeyh3f23uya3jyxjsjzq._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
error
AsyncRAT
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default discovery persistence rat spyware stealer
Link:
https://tria.ge/reports/241231-x5hapsvpew/
Behaviour
Gathers network information
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
AsyncRat
Asyncrat family
Malware Config
C2 Extraction:
195.26.255.81:6606
195.26.255.81:7707
195.26.255.81:8808
195.26.255.81:0077
195.26.255.81:1996
195.26.255.81:2106
195.26.255.81:7777
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c1b53b41-bc7e-49d3-9bd2-8463d7351e2d
Unpacked files
SH256 hash:
98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b
MD5 hash:
0adb9b817f1df7807576c2d7068dd931
SHA1 hash:
4a1b94a9a5113106f40cd8ea724703734d15f118
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/a1b7cef8-1cd4-4942-8194-2c8d19c2cb6c/
Parent samples :
7cdd2a796b1b8de7131deadb7a9d6b348d321ce6b7af022124b0826166f70c18
333d68c6bff4c107f9f4b95c51c5471aa56c03469d8d155bd949902ada3af5fa
db9737257fac05121420a708b7d32413086f06824152969883dbf04a23e8137d
7f5afd30f7eb7858f4d31dc758fdf58927e9547446a50125216b0486f2295e2e
a7d30ea8eb070eddffb46afd3b839c4af00021f0dd33352e36ef1173502bac11
98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b
4fba27b378c3aeab8e9f98899e8d13ed36c61039b023af9388fb3056ef894f59
8057475293e725d1b81a46eb5196aa468fa2d67af28ec220908ac89153381f95
e0ee7fe891f5d36b1b41e16f94c53a99e74c81ac3b721b639867fb0a5043c99b
282b43f40f8670d673e45bba045f21d498cd5a857c36a27be13acae669e90120
e8747d7ab6ce57aee41a7085c16d08e55441ae0a8a88a49d9fab903ed07ac888
62a89602c9e4fdf606690b19290c75ca012a3308e044a522fb019654a8780bd4
6c13b65c7ffaef21388c60cc2be3370b35a729eb9e8986ce1abd3303e144896f
490aa9aa3053f1eaba17713ac5f334e94271e979a56ebc4d3f9cfb61d78f66d5
a1cafe0d39cc17c0e36db2afdb4f640e3e81da7b2302c01e03c96348723ffdc9
aee72e1441fa3c9ea74409e5e670e10dbf86e1663f6d6a9dc11fd97e7dec6030
16b2851cd765c313395a3cba2a38a16d4338ef32bb68e5c13320494b3c84c52a
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350
6d414885d7f75777705948ed9a7134421d7cc2eabb4c4591b913864e8642850a
f9b5af130a858971c48de2b78ac57dc335d2e5fa905887ab0e058c083cfc5fe3
1e847cccbb36b7d28db70aeedede580bab5721a1da53b9296b1c4e13b344c313
c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273
e5bcb2a1cdf6cab62da5b7c8e8d78c25acb5627be5028fd5499df561fd4f24df
f3c0f469753fe8f40c2f45cee815d8afb9fa2b54f2b6a32a14bf3dd1db56f3b7
807ccda4477aa254715390adcb32600ec28e9b601cc1c66d94d5d4a8fd72593d
5e124622c393c00a23222f7d61e5680a6572c7fe6db6412ac631b8cdfb56f339
6678bc6c477241fda05929d12aa57d80511f56bde4c16eaba2338b7ae039dd2f
4ee8706cd6bf820a75a528e933d35a306ac18d466cc989a3317be9f5be9c1e5e
e037b1be05a5def69a7692aef31446093ef7c4190215af0a6d742f4724fb1fd3
9051f50868b433bf7b8fb2c35956bd87deff78c6b3f4ce06986956aa46dc161e
ffc9154b06d3288a4e30383c92b53ac10d9f617bfebd5b6cd9bd8aef91acfd12
a625ecad0006b950b07194830e7f33e7e820ac29ab8d8d90305f7bf441c0803e
83f196de27b44807a2c4697ebe19b7995971e7dbf6d09a9dbc0c91076b47a6a1
52a189781402d404196a0bd74055e8322915aa4a00b37ac0f1ef06e2c7a91d74
2d4a0802f338b3b4a174963bbb8e76c13ef958a42265f51af1f746736c6c8451
17b48e9aa4ea6dc0b97d9d4233806960051c384281a34fd0ec23dc4f3cb30250
7df40b776f6b6c0d3e904a5f4e459aceb74cdfaeaed506702fb3e3cebc0acde3
4cea2d681b946622831d5aabe52bea6be9a92dd70a1725f4f21c7af87bc30b8d
9e1a61c477a77c8d3429f2332c6ac7f9cbf7acc7d0f760f30067b5b2ba9c32f7
e9dd17079ef1906ec63ae75676a703731a1a0b235abf8604630d0f52b44b5088
488c6c4ea3ea6021ef5f344aa958fad9e977958533c4d48ce923b6410679ffc1
4c8de5fe1cd25f11cacfd4aae14eb69a3579cf210d9135fd5a2eed1dfc7798f3
a54764e6c1d020ee0c9b2184cc1b7697a7a86d9e9126c7cabef65a6576fc4893
3fc87dc91ea3a28c0b71dd59cfbf92ac4f27fe1d1e682dac03198fd07ad8d4c1
02aafe6e13fc993f38f7c81ca8d3560ca596d5189984550ff293f6a998c7bb40
de0ad26e3d33b27e4486440745067ba3aa765dfe8ee35d759229ae83473bd669
1dad6cb984f93799b594024aad10191ae1374d53670e132b75abffb89848ae46
bac991e38b4e9ac602cb939fdbffb4213ed6dbfa1d5b170c28cad6e5b3d5c83d
057c2a603337cc33567f32aa4e793e5b1975715b18dd71200f6785b740d95394
b062569dc998c1decbde7acc61c10c5aa751e3eeaed8abe43fc5e2d930ae68b2
e003206e4b468d128c3e9a3cced6def52784b5dd6efda81f30107eee1af2b265
6c292a1785ee86d820b7cd804efe7ae31b179cbab3a99fed8c5fccb1e2750936
4ca06ee3340b192b3ca3ff2d08ab69f3753c6a805c2db18ef81303d7beeb7d68
6962ecb3e9c43b067ef6f3e6a445d8110f24165c3dd5704b3d2cc85fc3b65ba7
dabdfe0696d886914b534e0f90d81627113409ec8b3f3cdcad0aebd2e5bc8aea
ead56795ab3c2106e9618fa6cafcece2a0bbd1ab7ad7daba386df21d45aa67dd
SH256 hash:
c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273
MD5 hash:
7b17ebbf77f53472d2febb38e9785026
SHA1 hash:
f3e6e40de8a8ca8b7cc3f8f4d636ad788df39935
Link:
https://www.unpac.me/results/a1b7cef8-1cd4-4942-8194-2c8d19c2cb6c/
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c23b7950208b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c23b7950208b8f8e8a22c401cb5e9a05e560ae6119307d975ba601b4e2e99273

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AsyncRat
Create hunting rule
Author:kevoreilly, JPCERT/CC Incident Response Group
Description:AsyncRat Payload
Rule name:asyncrat_kingrat
Create hunting rule
Author:jeFF0Falltrades
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:golang_david_CSC846
Create hunting rule
Author:David
Description:CSC-846 Golang
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Rule name:INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse
Create hunting rule
Author:ditekSHen
Description:Detects file containing reversed ASEP Autorun registry keys
Rule name:Macos_Infostealer_Wallets_8e469ea0
Create hunting rule
Author:Elastic Security
Rule name:malware_asyncrat
Create hunting rule
Description:detect AsyncRat in memory
Reference:https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
Rule name:MAL_AsnycRAT
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
Rule name:MAL_AsyncRAT_Config_Decryption
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
Rule name:msil_suspicious_use_of_strreverse
Create hunting rule
Author:dr4k0nia
Description:Detects mixed use of Microsoft.CSharp and VisualBasic to use StrReverse
Rule name:Multifamily_RAT_Detection
Create hunting rule
Author:Lucas Acha (http://www.lukeacha.com)
Description:Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:RansomPyShield_Antiransomware
Create hunting rule
Author:XiAnzheng
Description:Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:SUSP_DOTNET_PE_List_AV
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detecs .NET Binary that lists installed AVs
Rule name:SUSP_Reverse_Run_Key
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects a Reversed Run Key
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:Windows_Trojan_Asyncrat_11a11ba1
Create hunting rule
Author:Elastic Security
Rule name:win_asyncrat_bytecodes
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects bytecodes present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_asyncrat_w0
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments