ScreenShot
| Created | 2023.03.27 10:25 | Machine | s1_win7_x6401 |
| Filename | RedHat.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (Stealerc, malicious, moderate confidence, Siggen20, GenericKD, Artemis, Vidar, V6eu, TrojanPSW, confidence, ZexaF, @Z1@a0qDvRai, a variant of Generik, JNSZUPP, score, Undefined, KlBGkNsNMRQ, Redcap, eutkv, ai score=80, Malware@#1jubevf7nilr2, Casdet, StealC, 4HT4ZZ, Detected, BScope, unsafe, R002H0CCP23, QQPass, QQRob, Simw, PossibleThreat) | ||
| md5 | 684b2bdbe523cd89846944b6814f4de3 | ||
| sha256 | d235538772b86e3ef1e4cd2f00d4b7931c8bc622d29aad39b7e3a6a465a1c669 | ||
| ssdeep | 196608:UaX543YpgKiG1mrZHSEWQiPhIjNLvPfpTCJJlcvtFvsvqc+hrBYv:UaQGQZH72pIjNLv3xCJkRNYv | ||
| imphash | 0ec728b69f9b2c2cd0c25c220fb7500a | ||
| impfuzzy | 96:NN+9W5W6ttFWA55nH6buxKcXHdbxofPDRufI9yXiX1SjwJGdN17qtj+1AXJ4Zcpw:L+9W5W6ttFWA5nt2wWySFGd3mtjrZ45r | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Checks the CPU name from registry |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An executable file was downloaded by the process redhat.exe |
| notice | Creates executable files on the filesystem |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (9cnts) ?
Suricata ids
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
PE API
IAT(Import Address Table) Library
advapi32.dll
0xba1000 OpenProcessToken
crypt.dll
0xba1008 BCryptCloseAlgorithmProvider
0xba100c BCryptGenRandom
0xba1010 BCryptOpenAlgorithmProvider
kernel32.dll
0xba1018 AcquireSRWLockExclusive
0xba101c AcquireSRWLockShared
0xba1020 AddVectoredExceptionHandler
0xba1024 CancelIo
0xba1028 CloseHandle
0xba102c CompareStringOrdinal
0xba1030 CopyFileExW
0xba1034 CreateDirectoryW
0xba1038 CreateEventW
0xba103c CreateFileMappingA
0xba1040 CreateFileW
0xba1044 CreateHardLinkW
0xba1048 CreateMutexA
0xba104c CreateNamedPipeW
0xba1050 CreateProcessW
0xba1054 CreateSymbolicLinkW
0xba1058 CreateThread
0xba105c CreateToolhelp32Snapshot
0xba1060 DeleteFileW
0xba1064 DeviceIoControl
0xba1068 DuplicateHandle
0xba106c ExitProcess
0xba1070 FindClose
0xba1074 FindFirstFileW
0xba1078 FindNextFileW
0xba107c FlushFileBuffers
0xba1080 FormatMessageW
0xba1084 FreeEnvironmentStringsW
0xba1088 FreeLibrary
0xba108c GetCommandLineW
0xba1090 GetConsoleMode
0xba1094 GetCurrentDirectoryW
0xba1098 GetCurrentProcess
0xba109c GetCurrentProcessId
0xba10a0 GetCurrentThread
0xba10a4 GetEnvironmentStringsW
0xba10a8 GetEnvironmentVariableW
0xba10ac GetExitCodeProcess
0xba10b0 GetFileAttributesW
0xba10b4 GetFileInformationByHandle
0xba10b8 GetFileInformationByHandleEx
0xba10bc GetFileType
0xba10c0 GetFinalPathNameByHandleW
0xba10c4 GetFullPathNameW
0xba10c8 GetLastError
0xba10cc GetModuleFileNameW
0xba10d0 GetModuleHandleA
0xba10d4 GetModuleHandleW
0xba10d8 GetOverlappedResult
0xba10dc GetProcAddress
0xba10e0 GetProcessHeap
0xba10e4 GetProcessId
0xba10e8 GetStartupInfoA
0xba10ec GetStdHandle
0xba10f0 GetSystemDirectoryW
0xba10f4 GetSystemInfo
0xba10f8 GetSystemTimeAsFileTime
0xba10fc GetTempPathW
0xba1100 GetWindowsDirectoryW
0xba1104 GlobalAlloc
0xba1108 HeapAlloc
0xba110c HeapFree
0xba1110 HeapReAlloc
0xba1114 InitOnceBeginInitialize
0xba1118 InitOnceComplete
0xba111c LoadLibraryA
0xba1120 LoadLibraryW
0xba1124 MapViewOfFile
0xba1128 Module32FirstW
0xba112c Module32NextW
0xba1130 MoveFileExW
0xba1134 QueryPerformanceCounter
0xba1138 QueryPerformanceFrequency
0xba113c ReadConsoleW
0xba1140 ReadFile
0xba1144 ReadFileEx
0xba1148 ReleaseMutex
0xba114c ReleaseSRWLockExclusive
0xba1150 ReleaseSRWLockShared
0xba1154 RemoveDirectoryW
0xba1158 RtlCaptureContext
0xba115c SetCurrentDirectoryW
0xba1160 SetEnvironmentVariableW
0xba1164 SetEvent
0xba1168 SetFileAttributesW
0xba116c SetFileInformationByHandle
0xba1170 SetFilePointerEx
0xba1174 SetFileTime
0xba1178 SetHandleInformation
0xba117c SetLastError
0xba1180 SetThreadStackGuarantee
0xba1184 SetUnhandledExceptionFilter
0xba1188 Sleep
0xba118c SleepConditionVariableSRW
0xba1190 SleepEx
0xba1194 SwitchToThread
0xba1198 TerminateProcess
0xba119c TlsAlloc
0xba11a0 TlsFree
0xba11a4 TlsGetValue
0xba11a8 TlsSetValue
0xba11ac TryAcquireSRWLockExclusive
0xba11b0 UnmapViewOfFile
0xba11b4 VirtualProtect
0xba11b8 WaitForMultipleObjects
0xba11bc WaitForSingleObject
0xba11c0 WaitForSingleObjectEx
0xba11c4 WakeAllConditionVariable
0xba11c8 WakeConditionVariable
0xba11cc WriteConsoleW
0xba11d0 WriteFileEx
ole32.dll
0xba11d8 CoCreateGuid
oleaut32.dll
0xba11e0 GetErrorInfo
0xba11e4 SetErrorInfo
0xba11e8 SysAllocStringLen
0xba11ec SysFreeString
0xba11f0 SysStringLen
userenv.dll
0xba11f8 GetUserProfileDirectoryW
ws2_32.dll
0xba1200 WSACleanup
0xba1204 WSADuplicateSocketW
0xba1208 WSAGetLastError
0xba120c WSARecv
0xba1210 WSASend
0xba1214 WSASocketW
0xba1218 WSAStartup
0xba121c accept
0xba1220 ind
0xba1224 closesocket
0xba1228 connect
0xba122c freeaddrinfo
0xba1230 getaddrinfo
0xba1234 getpeername
0xba1238 getsockname
0xba123c getsockopt
0xba1240 ioctlsocket
0xba1244 listen
0xba1248 recv
0xba124c recvfrom
0xba1250 select
0xba1254 send
0xba1258 sendto
0xba125c setsockopt
0xba1260 shutdown
kernel32.dll
0xba1268 CreateEventA
0xba126c CreateSemaphoreA
0xba1270 DeleteCriticalSection
0xba1274 EnterCriticalSection
0xba1278 GetCurrentThreadId
0xba127c GetHandleInformation
0xba1280 GetProcessAffinityMask
0xba1284 GetThreadContext
0xba1288 GetThreadPriority
0xba128c GetTickCount
0xba1290 InitializeCriticalSection
0xba1294 IsDebuggerPresent
0xba1298 LeaveCriticalSection
0xba129c OutputDebugStringA
0xba12a0 RaiseException
0xba12a4 ReleaseSemaphore
0xba12a8 RemoveVectoredExceptionHandler
0xba12ac ResetEvent
0xba12b0 ResumeThread
0xba12b4 SetProcessAffinityMask
0xba12b8 SetThreadContext
0xba12bc SetThreadPriority
0xba12c0 SuspendThread
0xba12c4 TryEnterCriticalSection
0xba12c8 UnhandledExceptionFilter
0xba12cc VirtualQuery
msvcrt.dll
0xba12d4 __dllonexit
0xba12d8 __getmainargs
0xba12dc __initenv
0xba12e0 __lconv_init
0xba12e4 __set_app_type
0xba12e8 __setusermatherr
0xba12ec _acmdln
0xba12f0 _amsg_exit
0xba12f4 _beginthreadex
0xba12f8 _cexit
0xba12fc _endthreadex
0xba1300 _fmode
0xba1304 _fpreset
0xba1308 _initterm
0xba130c _iob
0xba1310 _lock
0xba1314 _onexit
0xba1318 _setjmp3
0xba131c _strdup
0xba1320 _ultoa
0xba1324 _unlock
0xba1328 abort
0xba132c calloc
0xba1330 exit
0xba1334 fprintf
0xba1338 free
0xba133c fwrite
0xba1340 longjmp
0xba1344 malloc
0xba1348 memcmp
0xba134c memcpy
0xba1350 memmove
0xba1354 memset
0xba1358 printf
0xba135c realloc
0xba1360 signal
0xba1364 strlen
0xba1368 strncmp
0xba136c vfprintf
0xba1370 wcslen
kernel32.dll
0xba1378 GetSystemTimeAsFileTime
0xba137c CreateEventA
0xba1380 GetModuleHandleA
0xba1384 TerminateProcess
0xba1388 GetCurrentProcess
0xba138c CreateToolhelp32Snapshot
0xba1390 Thread32First
0xba1394 GetCurrentProcessId
0xba1398 GetCurrentThreadId
0xba139c OpenThread
0xba13a0 Thread32Next
0xba13a4 CloseHandle
0xba13a8 SuspendThread
0xba13ac ResumeThread
0xba13b0 WriteProcessMemory
0xba13b4 GetSystemInfo
0xba13b8 VirtualAlloc
0xba13bc VirtualProtect
0xba13c0 VirtualFree
0xba13c4 GetProcessAffinityMask
0xba13c8 SetProcessAffinityMask
0xba13cc GetCurrentThread
0xba13d0 SetThreadAffinityMask
0xba13d4 Sleep
0xba13d8 LoadLibraryA
0xba13dc FreeLibrary
0xba13e0 GetTickCount
0xba13e4 SystemTimeToFileTime
0xba13e8 FileTimeToSystemTime
0xba13ec GlobalFree
0xba13f0 HeapAlloc
0xba13f4 HeapFree
0xba13f8 GetProcAddress
0xba13fc ExitProcess
0xba1400 EnterCriticalSection
0xba1404 LeaveCriticalSection
0xba1408 InitializeCriticalSection
0xba140c DeleteCriticalSection
0xba1410 MultiByteToWideChar
0xba1414 GetModuleHandleW
0xba1418 LoadResource
0xba141c FindResourceExW
0xba1420 FindResourceExA
0xba1424 WideCharToMultiByte
0xba1428 GetThreadLocale
0xba142c GetUserDefaultLCID
0xba1430 GetSystemDefaultLCID
0xba1434 EnumResourceNamesA
0xba1438 EnumResourceNamesW
0xba143c EnumResourceLanguagesA
0xba1440 EnumResourceLanguagesW
0xba1444 EnumResourceTypesA
0xba1448 EnumResourceTypesW
0xba144c CreateFileW
0xba1450 LoadLibraryW
0xba1454 GetLastError
0xba1458 FlushFileBuffers
0xba145c VirtualQuery
0xba1460 GetCommandLineA
0xba1464 GetCPInfo
0xba1468 InterlockedIncrement
0xba146c InterlockedDecrement
0xba1470 GetACP
0xba1474 GetOEMCP
0xba1478 IsValidCodePage
0xba147c TlsGetValue
0xba1480 TlsAlloc
0xba1484 TlsSetValue
0xba1488 TlsFree
0xba148c SetLastError
0xba1490 UnhandledExceptionFilter
0xba1494 SetUnhandledExceptionFilter
0xba1498 IsDebuggerPresent
0xba149c RaiseException
0xba14a0 LCMapStringA
0xba14a4 LCMapStringW
0xba14a8 SetHandleCount
0xba14ac GetStdHandle
0xba14b0 GetFileType
0xba14b4 GetStartupInfoA
0xba14b8 GetModuleFileNameA
0xba14bc FreeEnvironmentStringsA
0xba14c0 GetEnvironmentStrings
0xba14c4 FreeEnvironmentStringsW
0xba14c8 GetEnvironmentStringsW
0xba14cc HeapCreate
0xba14d0 HeapDestroy
0xba14d4 QueryPerformanceCounter
0xba14d8 HeapReAlloc
0xba14dc GetStringTypeA
0xba14e0 GetStringTypeW
0xba14e4 GetLocaleInfoA
0xba14e8 HeapSize
0xba14ec WriteFile
0xba14f0 RtlUnwind
0xba14f4 SetFilePointer
0xba14f8 GetConsoleCP
0xba14fc GetConsoleMode
0xba1500 InitializeCriticalSectionAndSpinCount
0xba1504 SetStdHandle
0xba1508 WriteConsoleA
0xba150c GetConsoleOutputCP
0xba1510 WriteConsoleW
0xba1514 CreateFileA
USER32.dll
0xba151c CharUpperBuffW
EAT(Export Address Table) is none
advapi32.dll
0xba1000 OpenProcessToken
crypt.dll
0xba1008 BCryptCloseAlgorithmProvider
0xba100c BCryptGenRandom
0xba1010 BCryptOpenAlgorithmProvider
kernel32.dll
0xba1018 AcquireSRWLockExclusive
0xba101c AcquireSRWLockShared
0xba1020 AddVectoredExceptionHandler
0xba1024 CancelIo
0xba1028 CloseHandle
0xba102c CompareStringOrdinal
0xba1030 CopyFileExW
0xba1034 CreateDirectoryW
0xba1038 CreateEventW
0xba103c CreateFileMappingA
0xba1040 CreateFileW
0xba1044 CreateHardLinkW
0xba1048 CreateMutexA
0xba104c CreateNamedPipeW
0xba1050 CreateProcessW
0xba1054 CreateSymbolicLinkW
0xba1058 CreateThread
0xba105c CreateToolhelp32Snapshot
0xba1060 DeleteFileW
0xba1064 DeviceIoControl
0xba1068 DuplicateHandle
0xba106c ExitProcess
0xba1070 FindClose
0xba1074 FindFirstFileW
0xba1078 FindNextFileW
0xba107c FlushFileBuffers
0xba1080 FormatMessageW
0xba1084 FreeEnvironmentStringsW
0xba1088 FreeLibrary
0xba108c GetCommandLineW
0xba1090 GetConsoleMode
0xba1094 GetCurrentDirectoryW
0xba1098 GetCurrentProcess
0xba109c GetCurrentProcessId
0xba10a0 GetCurrentThread
0xba10a4 GetEnvironmentStringsW
0xba10a8 GetEnvironmentVariableW
0xba10ac GetExitCodeProcess
0xba10b0 GetFileAttributesW
0xba10b4 GetFileInformationByHandle
0xba10b8 GetFileInformationByHandleEx
0xba10bc GetFileType
0xba10c0 GetFinalPathNameByHandleW
0xba10c4 GetFullPathNameW
0xba10c8 GetLastError
0xba10cc GetModuleFileNameW
0xba10d0 GetModuleHandleA
0xba10d4 GetModuleHandleW
0xba10d8 GetOverlappedResult
0xba10dc GetProcAddress
0xba10e0 GetProcessHeap
0xba10e4 GetProcessId
0xba10e8 GetStartupInfoA
0xba10ec GetStdHandle
0xba10f0 GetSystemDirectoryW
0xba10f4 GetSystemInfo
0xba10f8 GetSystemTimeAsFileTime
0xba10fc GetTempPathW
0xba1100 GetWindowsDirectoryW
0xba1104 GlobalAlloc
0xba1108 HeapAlloc
0xba110c HeapFree
0xba1110 HeapReAlloc
0xba1114 InitOnceBeginInitialize
0xba1118 InitOnceComplete
0xba111c LoadLibraryA
0xba1120 LoadLibraryW
0xba1124 MapViewOfFile
0xba1128 Module32FirstW
0xba112c Module32NextW
0xba1130 MoveFileExW
0xba1134 QueryPerformanceCounter
0xba1138 QueryPerformanceFrequency
0xba113c ReadConsoleW
0xba1140 ReadFile
0xba1144 ReadFileEx
0xba1148 ReleaseMutex
0xba114c ReleaseSRWLockExclusive
0xba1150 ReleaseSRWLockShared
0xba1154 RemoveDirectoryW
0xba1158 RtlCaptureContext
0xba115c SetCurrentDirectoryW
0xba1160 SetEnvironmentVariableW
0xba1164 SetEvent
0xba1168 SetFileAttributesW
0xba116c SetFileInformationByHandle
0xba1170 SetFilePointerEx
0xba1174 SetFileTime
0xba1178 SetHandleInformation
0xba117c SetLastError
0xba1180 SetThreadStackGuarantee
0xba1184 SetUnhandledExceptionFilter
0xba1188 Sleep
0xba118c SleepConditionVariableSRW
0xba1190 SleepEx
0xba1194 SwitchToThread
0xba1198 TerminateProcess
0xba119c TlsAlloc
0xba11a0 TlsFree
0xba11a4 TlsGetValue
0xba11a8 TlsSetValue
0xba11ac TryAcquireSRWLockExclusive
0xba11b0 UnmapViewOfFile
0xba11b4 VirtualProtect
0xba11b8 WaitForMultipleObjects
0xba11bc WaitForSingleObject
0xba11c0 WaitForSingleObjectEx
0xba11c4 WakeAllConditionVariable
0xba11c8 WakeConditionVariable
0xba11cc WriteConsoleW
0xba11d0 WriteFileEx
ole32.dll
0xba11d8 CoCreateGuid
oleaut32.dll
0xba11e0 GetErrorInfo
0xba11e4 SetErrorInfo
0xba11e8 SysAllocStringLen
0xba11ec SysFreeString
0xba11f0 SysStringLen
userenv.dll
0xba11f8 GetUserProfileDirectoryW
ws2_32.dll
0xba1200 WSACleanup
0xba1204 WSADuplicateSocketW
0xba1208 WSAGetLastError
0xba120c WSARecv
0xba1210 WSASend
0xba1214 WSASocketW
0xba1218 WSAStartup
0xba121c accept
0xba1220 ind
0xba1224 closesocket
0xba1228 connect
0xba122c freeaddrinfo
0xba1230 getaddrinfo
0xba1234 getpeername
0xba1238 getsockname
0xba123c getsockopt
0xba1240 ioctlsocket
0xba1244 listen
0xba1248 recv
0xba124c recvfrom
0xba1250 select
0xba1254 send
0xba1258 sendto
0xba125c setsockopt
0xba1260 shutdown
kernel32.dll
0xba1268 CreateEventA
0xba126c CreateSemaphoreA
0xba1270 DeleteCriticalSection
0xba1274 EnterCriticalSection
0xba1278 GetCurrentThreadId
0xba127c GetHandleInformation
0xba1280 GetProcessAffinityMask
0xba1284 GetThreadContext
0xba1288 GetThreadPriority
0xba128c GetTickCount
0xba1290 InitializeCriticalSection
0xba1294 IsDebuggerPresent
0xba1298 LeaveCriticalSection
0xba129c OutputDebugStringA
0xba12a0 RaiseException
0xba12a4 ReleaseSemaphore
0xba12a8 RemoveVectoredExceptionHandler
0xba12ac ResetEvent
0xba12b0 ResumeThread
0xba12b4 SetProcessAffinityMask
0xba12b8 SetThreadContext
0xba12bc SetThreadPriority
0xba12c0 SuspendThread
0xba12c4 TryEnterCriticalSection
0xba12c8 UnhandledExceptionFilter
0xba12cc VirtualQuery
msvcrt.dll
0xba12d4 __dllonexit
0xba12d8 __getmainargs
0xba12dc __initenv
0xba12e0 __lconv_init
0xba12e4 __set_app_type
0xba12e8 __setusermatherr
0xba12ec _acmdln
0xba12f0 _amsg_exit
0xba12f4 _beginthreadex
0xba12f8 _cexit
0xba12fc _endthreadex
0xba1300 _fmode
0xba1304 _fpreset
0xba1308 _initterm
0xba130c _iob
0xba1310 _lock
0xba1314 _onexit
0xba1318 _setjmp3
0xba131c _strdup
0xba1320 _ultoa
0xba1324 _unlock
0xba1328 abort
0xba132c calloc
0xba1330 exit
0xba1334 fprintf
0xba1338 free
0xba133c fwrite
0xba1340 longjmp
0xba1344 malloc
0xba1348 memcmp
0xba134c memcpy
0xba1350 memmove
0xba1354 memset
0xba1358 printf
0xba135c realloc
0xba1360 signal
0xba1364 strlen
0xba1368 strncmp
0xba136c vfprintf
0xba1370 wcslen
kernel32.dll
0xba1378 GetSystemTimeAsFileTime
0xba137c CreateEventA
0xba1380 GetModuleHandleA
0xba1384 TerminateProcess
0xba1388 GetCurrentProcess
0xba138c CreateToolhelp32Snapshot
0xba1390 Thread32First
0xba1394 GetCurrentProcessId
0xba1398 GetCurrentThreadId
0xba139c OpenThread
0xba13a0 Thread32Next
0xba13a4 CloseHandle
0xba13a8 SuspendThread
0xba13ac ResumeThread
0xba13b0 WriteProcessMemory
0xba13b4 GetSystemInfo
0xba13b8 VirtualAlloc
0xba13bc VirtualProtect
0xba13c0 VirtualFree
0xba13c4 GetProcessAffinityMask
0xba13c8 SetProcessAffinityMask
0xba13cc GetCurrentThread
0xba13d0 SetThreadAffinityMask
0xba13d4 Sleep
0xba13d8 LoadLibraryA
0xba13dc FreeLibrary
0xba13e0 GetTickCount
0xba13e4 SystemTimeToFileTime
0xba13e8 FileTimeToSystemTime
0xba13ec GlobalFree
0xba13f0 HeapAlloc
0xba13f4 HeapFree
0xba13f8 GetProcAddress
0xba13fc ExitProcess
0xba1400 EnterCriticalSection
0xba1404 LeaveCriticalSection
0xba1408 InitializeCriticalSection
0xba140c DeleteCriticalSection
0xba1410 MultiByteToWideChar
0xba1414 GetModuleHandleW
0xba1418 LoadResource
0xba141c FindResourceExW
0xba1420 FindResourceExA
0xba1424 WideCharToMultiByte
0xba1428 GetThreadLocale
0xba142c GetUserDefaultLCID
0xba1430 GetSystemDefaultLCID
0xba1434 EnumResourceNamesA
0xba1438 EnumResourceNamesW
0xba143c EnumResourceLanguagesA
0xba1440 EnumResourceLanguagesW
0xba1444 EnumResourceTypesA
0xba1448 EnumResourceTypesW
0xba144c CreateFileW
0xba1450 LoadLibraryW
0xba1454 GetLastError
0xba1458 FlushFileBuffers
0xba145c VirtualQuery
0xba1460 GetCommandLineA
0xba1464 GetCPInfo
0xba1468 InterlockedIncrement
0xba146c InterlockedDecrement
0xba1470 GetACP
0xba1474 GetOEMCP
0xba1478 IsValidCodePage
0xba147c TlsGetValue
0xba1480 TlsAlloc
0xba1484 TlsSetValue
0xba1488 TlsFree
0xba148c SetLastError
0xba1490 UnhandledExceptionFilter
0xba1494 SetUnhandledExceptionFilter
0xba1498 IsDebuggerPresent
0xba149c RaiseException
0xba14a0 LCMapStringA
0xba14a4 LCMapStringW
0xba14a8 SetHandleCount
0xba14ac GetStdHandle
0xba14b0 GetFileType
0xba14b4 GetStartupInfoA
0xba14b8 GetModuleFileNameA
0xba14bc FreeEnvironmentStringsA
0xba14c0 GetEnvironmentStrings
0xba14c4 FreeEnvironmentStringsW
0xba14c8 GetEnvironmentStringsW
0xba14cc HeapCreate
0xba14d0 HeapDestroy
0xba14d4 QueryPerformanceCounter
0xba14d8 HeapReAlloc
0xba14dc GetStringTypeA
0xba14e0 GetStringTypeW
0xba14e4 GetLocaleInfoA
0xba14e8 HeapSize
0xba14ec WriteFile
0xba14f0 RtlUnwind
0xba14f4 SetFilePointer
0xba14f8 GetConsoleCP
0xba14fc GetConsoleMode
0xba1500 InitializeCriticalSectionAndSpinCount
0xba1504 SetStdHandle
0xba1508 WriteConsoleA
0xba150c GetConsoleOutputCP
0xba1510 WriteConsoleW
0xba1514 CreateFileA
USER32.dll
0xba151c CharUpperBuffW
EAT(Export Address Table) is none