ScreenShot
| Created | 2023.03.27 10:51 | Machine | s1_win7_x6403 |
| Filename | Lamb.pif.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (Strab, malicious, high confidence, GenericKD, Artemis, Vkkk, confidence, a variant of Generik, MSQCKTL, score, FalseSign, Nsmw, Redcap, pepza, ai score=86, Wacatac, Malware@#tymsne84ancj, BScope, R03BH0CCQ23, Undefined, KlBGkNsNMRQ, PossibleThreat, ZexaCO, @Z2@aKcgWanG) | ||
| md5 | 581176025eb809b5120fd584cb9dc237 | ||
| sha256 | e1a13b501f98bc44503f719cf0905a070b5ce1a42f66d2cb530df8f172274cdc | ||
| ssdeep | 393216:bflAEh22VkgTB56Hmuny6SN9XbSgD0t5JheFWofA:LlZHVvUG2HUbSjnKA | ||
| imphash | 0ec728b69f9b2c2cd0c25c220fb7500a | ||
| impfuzzy | 96:NN+9W5W6ttFWA55nH6buxKcXHdbxofPDRufI9yXiX1SjwJGdN17qtj+1AXJ4Zcpw:L+9W5W6ttFWA5nt2wWySFGd3mtjrZ45r | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (25cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
advapi32.dll
0xbfc000 OpenProcessToken
crypt.dll
0xbfc008 BCryptCloseAlgorithmProvider
0xbfc00c BCryptGenRandom
0xbfc010 BCryptOpenAlgorithmProvider
kernel32.dll
0xbfc018 AcquireSRWLockExclusive
0xbfc01c AcquireSRWLockShared
0xbfc020 AddVectoredExceptionHandler
0xbfc024 CancelIo
0xbfc028 CloseHandle
0xbfc02c CompareStringOrdinal
0xbfc030 CopyFileExW
0xbfc034 CreateDirectoryW
0xbfc038 CreateEventW
0xbfc03c CreateFileMappingA
0xbfc040 CreateFileW
0xbfc044 CreateHardLinkW
0xbfc048 CreateMutexA
0xbfc04c CreateNamedPipeW
0xbfc050 CreateProcessW
0xbfc054 CreateSymbolicLinkW
0xbfc058 CreateThread
0xbfc05c CreateToolhelp32Snapshot
0xbfc060 DeleteFileW
0xbfc064 DeviceIoControl
0xbfc068 DuplicateHandle
0xbfc06c ExitProcess
0xbfc070 FindClose
0xbfc074 FindFirstFileW
0xbfc078 FindNextFileW
0xbfc07c FlushFileBuffers
0xbfc080 FormatMessageW
0xbfc084 FreeEnvironmentStringsW
0xbfc088 FreeLibrary
0xbfc08c GetCommandLineW
0xbfc090 GetConsoleMode
0xbfc094 GetCurrentDirectoryW
0xbfc098 GetCurrentProcess
0xbfc09c GetCurrentProcessId
0xbfc0a0 GetCurrentThread
0xbfc0a4 GetEnvironmentStringsW
0xbfc0a8 GetEnvironmentVariableW
0xbfc0ac GetExitCodeProcess
0xbfc0b0 GetFileAttributesW
0xbfc0b4 GetFileInformationByHandle
0xbfc0b8 GetFileInformationByHandleEx
0xbfc0bc GetFileType
0xbfc0c0 GetFinalPathNameByHandleW
0xbfc0c4 GetFullPathNameW
0xbfc0c8 GetLastError
0xbfc0cc GetModuleFileNameW
0xbfc0d0 GetModuleHandleA
0xbfc0d4 GetModuleHandleW
0xbfc0d8 GetOverlappedResult
0xbfc0dc GetProcAddress
0xbfc0e0 GetProcessHeap
0xbfc0e4 GetProcessId
0xbfc0e8 GetStartupInfoA
0xbfc0ec GetStdHandle
0xbfc0f0 GetSystemDirectoryW
0xbfc0f4 GetSystemInfo
0xbfc0f8 GetSystemTimeAsFileTime
0xbfc0fc GetTempPathW
0xbfc100 GetWindowsDirectoryW
0xbfc104 GlobalAlloc
0xbfc108 HeapAlloc
0xbfc10c HeapFree
0xbfc110 HeapReAlloc
0xbfc114 InitOnceBeginInitialize
0xbfc118 InitOnceComplete
0xbfc11c LoadLibraryA
0xbfc120 LoadLibraryW
0xbfc124 MapViewOfFile
0xbfc128 Module32FirstW
0xbfc12c Module32NextW
0xbfc130 MoveFileExW
0xbfc134 QueryPerformanceCounter
0xbfc138 QueryPerformanceFrequency
0xbfc13c ReadConsoleW
0xbfc140 ReadFile
0xbfc144 ReadFileEx
0xbfc148 ReleaseMutex
0xbfc14c ReleaseSRWLockExclusive
0xbfc150 ReleaseSRWLockShared
0xbfc154 RemoveDirectoryW
0xbfc158 RtlCaptureContext
0xbfc15c SetCurrentDirectoryW
0xbfc160 SetEnvironmentVariableW
0xbfc164 SetEvent
0xbfc168 SetFileAttributesW
0xbfc16c SetFileInformationByHandle
0xbfc170 SetFilePointerEx
0xbfc174 SetFileTime
0xbfc178 SetHandleInformation
0xbfc17c SetLastError
0xbfc180 SetThreadStackGuarantee
0xbfc184 SetUnhandledExceptionFilter
0xbfc188 Sleep
0xbfc18c SleepConditionVariableSRW
0xbfc190 SleepEx
0xbfc194 SwitchToThread
0xbfc198 TerminateProcess
0xbfc19c TlsAlloc
0xbfc1a0 TlsFree
0xbfc1a4 TlsGetValue
0xbfc1a8 TlsSetValue
0xbfc1ac TryAcquireSRWLockExclusive
0xbfc1b0 UnmapViewOfFile
0xbfc1b4 VirtualProtect
0xbfc1b8 WaitForMultipleObjects
0xbfc1bc WaitForSingleObject
0xbfc1c0 WaitForSingleObjectEx
0xbfc1c4 WakeAllConditionVariable
0xbfc1c8 WakeConditionVariable
0xbfc1cc WriteConsoleW
0xbfc1d0 WriteFileEx
ole32.dll
0xbfc1d8 CoCreateGuid
oleaut32.dll
0xbfc1e0 GetErrorInfo
0xbfc1e4 SetErrorInfo
0xbfc1e8 SysAllocStringLen
0xbfc1ec SysFreeString
0xbfc1f0 SysStringLen
userenv.dll
0xbfc1f8 GetUserProfileDirectoryW
ws2_32.dll
0xbfc200 WSACleanup
0xbfc204 WSADuplicateSocketW
0xbfc208 WSAGetLastError
0xbfc20c WSARecv
0xbfc210 WSASend
0xbfc214 WSASocketW
0xbfc218 WSAStartup
0xbfc21c accept
0xbfc220 ind
0xbfc224 closesocket
0xbfc228 connect
0xbfc22c freeaddrinfo
0xbfc230 getaddrinfo
0xbfc234 getpeername
0xbfc238 getsockname
0xbfc23c getsockopt
0xbfc240 ioctlsocket
0xbfc244 listen
0xbfc248 recv
0xbfc24c recvfrom
0xbfc250 select
0xbfc254 send
0xbfc258 sendto
0xbfc25c setsockopt
0xbfc260 shutdown
kernel32.dll
0xbfc268 CreateEventA
0xbfc26c CreateSemaphoreA
0xbfc270 DeleteCriticalSection
0xbfc274 EnterCriticalSection
0xbfc278 GetCurrentThreadId
0xbfc27c GetHandleInformation
0xbfc280 GetProcessAffinityMask
0xbfc284 GetThreadContext
0xbfc288 GetThreadPriority
0xbfc28c GetTickCount
0xbfc290 InitializeCriticalSection
0xbfc294 IsDebuggerPresent
0xbfc298 LeaveCriticalSection
0xbfc29c OutputDebugStringA
0xbfc2a0 RaiseException
0xbfc2a4 ReleaseSemaphore
0xbfc2a8 RemoveVectoredExceptionHandler
0xbfc2ac ResetEvent
0xbfc2b0 ResumeThread
0xbfc2b4 SetProcessAffinityMask
0xbfc2b8 SetThreadContext
0xbfc2bc SetThreadPriority
0xbfc2c0 SuspendThread
0xbfc2c4 TryEnterCriticalSection
0xbfc2c8 UnhandledExceptionFilter
0xbfc2cc VirtualQuery
msvcrt.dll
0xbfc2d4 __dllonexit
0xbfc2d8 __getmainargs
0xbfc2dc __initenv
0xbfc2e0 __lconv_init
0xbfc2e4 __set_app_type
0xbfc2e8 __setusermatherr
0xbfc2ec _acmdln
0xbfc2f0 _amsg_exit
0xbfc2f4 _beginthreadex
0xbfc2f8 _cexit
0xbfc2fc _endthreadex
0xbfc300 _fmode
0xbfc304 _fpreset
0xbfc308 _initterm
0xbfc30c _iob
0xbfc310 _lock
0xbfc314 _onexit
0xbfc318 _setjmp3
0xbfc31c _strdup
0xbfc320 _ultoa
0xbfc324 _unlock
0xbfc328 abort
0xbfc32c calloc
0xbfc330 exit
0xbfc334 fprintf
0xbfc338 free
0xbfc33c fwrite
0xbfc340 longjmp
0xbfc344 malloc
0xbfc348 memcmp
0xbfc34c memcpy
0xbfc350 memmove
0xbfc354 memset
0xbfc358 printf
0xbfc35c realloc
0xbfc360 signal
0xbfc364 strlen
0xbfc368 strncmp
0xbfc36c vfprintf
0xbfc370 wcslen
kernel32.dll
0xbfc378 GetSystemTimeAsFileTime
0xbfc37c CreateEventA
0xbfc380 GetModuleHandleA
0xbfc384 TerminateProcess
0xbfc388 GetCurrentProcess
0xbfc38c CreateToolhelp32Snapshot
0xbfc390 Thread32First
0xbfc394 GetCurrentProcessId
0xbfc398 GetCurrentThreadId
0xbfc39c OpenThread
0xbfc3a0 Thread32Next
0xbfc3a4 CloseHandle
0xbfc3a8 SuspendThread
0xbfc3ac ResumeThread
0xbfc3b0 WriteProcessMemory
0xbfc3b4 GetSystemInfo
0xbfc3b8 VirtualAlloc
0xbfc3bc VirtualProtect
0xbfc3c0 VirtualFree
0xbfc3c4 GetProcessAffinityMask
0xbfc3c8 SetProcessAffinityMask
0xbfc3cc GetCurrentThread
0xbfc3d0 SetThreadAffinityMask
0xbfc3d4 Sleep
0xbfc3d8 LoadLibraryA
0xbfc3dc FreeLibrary
0xbfc3e0 GetTickCount
0xbfc3e4 SystemTimeToFileTime
0xbfc3e8 FileTimeToSystemTime
0xbfc3ec GlobalFree
0xbfc3f0 HeapAlloc
0xbfc3f4 HeapFree
0xbfc3f8 GetProcAddress
0xbfc3fc ExitProcess
0xbfc400 EnterCriticalSection
0xbfc404 LeaveCriticalSection
0xbfc408 InitializeCriticalSection
0xbfc40c DeleteCriticalSection
0xbfc410 MultiByteToWideChar
0xbfc414 GetModuleHandleW
0xbfc418 LoadResource
0xbfc41c FindResourceExW
0xbfc420 FindResourceExA
0xbfc424 WideCharToMultiByte
0xbfc428 GetThreadLocale
0xbfc42c GetUserDefaultLCID
0xbfc430 GetSystemDefaultLCID
0xbfc434 EnumResourceNamesA
0xbfc438 EnumResourceNamesW
0xbfc43c EnumResourceLanguagesA
0xbfc440 EnumResourceLanguagesW
0xbfc444 EnumResourceTypesA
0xbfc448 EnumResourceTypesW
0xbfc44c CreateFileW
0xbfc450 LoadLibraryW
0xbfc454 GetLastError
0xbfc458 FlushFileBuffers
0xbfc45c VirtualQuery
0xbfc460 GetCommandLineA
0xbfc464 GetCPInfo
0xbfc468 InterlockedIncrement
0xbfc46c InterlockedDecrement
0xbfc470 GetACP
0xbfc474 GetOEMCP
0xbfc478 IsValidCodePage
0xbfc47c TlsGetValue
0xbfc480 TlsAlloc
0xbfc484 TlsSetValue
0xbfc488 TlsFree
0xbfc48c SetLastError
0xbfc490 UnhandledExceptionFilter
0xbfc494 SetUnhandledExceptionFilter
0xbfc498 IsDebuggerPresent
0xbfc49c RaiseException
0xbfc4a0 LCMapStringA
0xbfc4a4 LCMapStringW
0xbfc4a8 SetHandleCount
0xbfc4ac GetStdHandle
0xbfc4b0 GetFileType
0xbfc4b4 GetStartupInfoA
0xbfc4b8 GetModuleFileNameA
0xbfc4bc FreeEnvironmentStringsA
0xbfc4c0 GetEnvironmentStrings
0xbfc4c4 FreeEnvironmentStringsW
0xbfc4c8 GetEnvironmentStringsW
0xbfc4cc HeapCreate
0xbfc4d0 HeapDestroy
0xbfc4d4 QueryPerformanceCounter
0xbfc4d8 HeapReAlloc
0xbfc4dc GetStringTypeA
0xbfc4e0 GetStringTypeW
0xbfc4e4 GetLocaleInfoA
0xbfc4e8 HeapSize
0xbfc4ec WriteFile
0xbfc4f0 RtlUnwind
0xbfc4f4 SetFilePointer
0xbfc4f8 GetConsoleCP
0xbfc4fc GetConsoleMode
0xbfc500 InitializeCriticalSectionAndSpinCount
0xbfc504 SetStdHandle
0xbfc508 WriteConsoleA
0xbfc50c GetConsoleOutputCP
0xbfc510 WriteConsoleW
0xbfc514 CreateFileA
USER32.dll
0xbfc51c CharUpperBuffW
EAT(Export Address Table) is none
advapi32.dll
0xbfc000 OpenProcessToken
crypt.dll
0xbfc008 BCryptCloseAlgorithmProvider
0xbfc00c BCryptGenRandom
0xbfc010 BCryptOpenAlgorithmProvider
kernel32.dll
0xbfc018 AcquireSRWLockExclusive
0xbfc01c AcquireSRWLockShared
0xbfc020 AddVectoredExceptionHandler
0xbfc024 CancelIo
0xbfc028 CloseHandle
0xbfc02c CompareStringOrdinal
0xbfc030 CopyFileExW
0xbfc034 CreateDirectoryW
0xbfc038 CreateEventW
0xbfc03c CreateFileMappingA
0xbfc040 CreateFileW
0xbfc044 CreateHardLinkW
0xbfc048 CreateMutexA
0xbfc04c CreateNamedPipeW
0xbfc050 CreateProcessW
0xbfc054 CreateSymbolicLinkW
0xbfc058 CreateThread
0xbfc05c CreateToolhelp32Snapshot
0xbfc060 DeleteFileW
0xbfc064 DeviceIoControl
0xbfc068 DuplicateHandle
0xbfc06c ExitProcess
0xbfc070 FindClose
0xbfc074 FindFirstFileW
0xbfc078 FindNextFileW
0xbfc07c FlushFileBuffers
0xbfc080 FormatMessageW
0xbfc084 FreeEnvironmentStringsW
0xbfc088 FreeLibrary
0xbfc08c GetCommandLineW
0xbfc090 GetConsoleMode
0xbfc094 GetCurrentDirectoryW
0xbfc098 GetCurrentProcess
0xbfc09c GetCurrentProcessId
0xbfc0a0 GetCurrentThread
0xbfc0a4 GetEnvironmentStringsW
0xbfc0a8 GetEnvironmentVariableW
0xbfc0ac GetExitCodeProcess
0xbfc0b0 GetFileAttributesW
0xbfc0b4 GetFileInformationByHandle
0xbfc0b8 GetFileInformationByHandleEx
0xbfc0bc GetFileType
0xbfc0c0 GetFinalPathNameByHandleW
0xbfc0c4 GetFullPathNameW
0xbfc0c8 GetLastError
0xbfc0cc GetModuleFileNameW
0xbfc0d0 GetModuleHandleA
0xbfc0d4 GetModuleHandleW
0xbfc0d8 GetOverlappedResult
0xbfc0dc GetProcAddress
0xbfc0e0 GetProcessHeap
0xbfc0e4 GetProcessId
0xbfc0e8 GetStartupInfoA
0xbfc0ec GetStdHandle
0xbfc0f0 GetSystemDirectoryW
0xbfc0f4 GetSystemInfo
0xbfc0f8 GetSystemTimeAsFileTime
0xbfc0fc GetTempPathW
0xbfc100 GetWindowsDirectoryW
0xbfc104 GlobalAlloc
0xbfc108 HeapAlloc
0xbfc10c HeapFree
0xbfc110 HeapReAlloc
0xbfc114 InitOnceBeginInitialize
0xbfc118 InitOnceComplete
0xbfc11c LoadLibraryA
0xbfc120 LoadLibraryW
0xbfc124 MapViewOfFile
0xbfc128 Module32FirstW
0xbfc12c Module32NextW
0xbfc130 MoveFileExW
0xbfc134 QueryPerformanceCounter
0xbfc138 QueryPerformanceFrequency
0xbfc13c ReadConsoleW
0xbfc140 ReadFile
0xbfc144 ReadFileEx
0xbfc148 ReleaseMutex
0xbfc14c ReleaseSRWLockExclusive
0xbfc150 ReleaseSRWLockShared
0xbfc154 RemoveDirectoryW
0xbfc158 RtlCaptureContext
0xbfc15c SetCurrentDirectoryW
0xbfc160 SetEnvironmentVariableW
0xbfc164 SetEvent
0xbfc168 SetFileAttributesW
0xbfc16c SetFileInformationByHandle
0xbfc170 SetFilePointerEx
0xbfc174 SetFileTime
0xbfc178 SetHandleInformation
0xbfc17c SetLastError
0xbfc180 SetThreadStackGuarantee
0xbfc184 SetUnhandledExceptionFilter
0xbfc188 Sleep
0xbfc18c SleepConditionVariableSRW
0xbfc190 SleepEx
0xbfc194 SwitchToThread
0xbfc198 TerminateProcess
0xbfc19c TlsAlloc
0xbfc1a0 TlsFree
0xbfc1a4 TlsGetValue
0xbfc1a8 TlsSetValue
0xbfc1ac TryAcquireSRWLockExclusive
0xbfc1b0 UnmapViewOfFile
0xbfc1b4 VirtualProtect
0xbfc1b8 WaitForMultipleObjects
0xbfc1bc WaitForSingleObject
0xbfc1c0 WaitForSingleObjectEx
0xbfc1c4 WakeAllConditionVariable
0xbfc1c8 WakeConditionVariable
0xbfc1cc WriteConsoleW
0xbfc1d0 WriteFileEx
ole32.dll
0xbfc1d8 CoCreateGuid
oleaut32.dll
0xbfc1e0 GetErrorInfo
0xbfc1e4 SetErrorInfo
0xbfc1e8 SysAllocStringLen
0xbfc1ec SysFreeString
0xbfc1f0 SysStringLen
userenv.dll
0xbfc1f8 GetUserProfileDirectoryW
ws2_32.dll
0xbfc200 WSACleanup
0xbfc204 WSADuplicateSocketW
0xbfc208 WSAGetLastError
0xbfc20c WSARecv
0xbfc210 WSASend
0xbfc214 WSASocketW
0xbfc218 WSAStartup
0xbfc21c accept
0xbfc220 ind
0xbfc224 closesocket
0xbfc228 connect
0xbfc22c freeaddrinfo
0xbfc230 getaddrinfo
0xbfc234 getpeername
0xbfc238 getsockname
0xbfc23c getsockopt
0xbfc240 ioctlsocket
0xbfc244 listen
0xbfc248 recv
0xbfc24c recvfrom
0xbfc250 select
0xbfc254 send
0xbfc258 sendto
0xbfc25c setsockopt
0xbfc260 shutdown
kernel32.dll
0xbfc268 CreateEventA
0xbfc26c CreateSemaphoreA
0xbfc270 DeleteCriticalSection
0xbfc274 EnterCriticalSection
0xbfc278 GetCurrentThreadId
0xbfc27c GetHandleInformation
0xbfc280 GetProcessAffinityMask
0xbfc284 GetThreadContext
0xbfc288 GetThreadPriority
0xbfc28c GetTickCount
0xbfc290 InitializeCriticalSection
0xbfc294 IsDebuggerPresent
0xbfc298 LeaveCriticalSection
0xbfc29c OutputDebugStringA
0xbfc2a0 RaiseException
0xbfc2a4 ReleaseSemaphore
0xbfc2a8 RemoveVectoredExceptionHandler
0xbfc2ac ResetEvent
0xbfc2b0 ResumeThread
0xbfc2b4 SetProcessAffinityMask
0xbfc2b8 SetThreadContext
0xbfc2bc SetThreadPriority
0xbfc2c0 SuspendThread
0xbfc2c4 TryEnterCriticalSection
0xbfc2c8 UnhandledExceptionFilter
0xbfc2cc VirtualQuery
msvcrt.dll
0xbfc2d4 __dllonexit
0xbfc2d8 __getmainargs
0xbfc2dc __initenv
0xbfc2e0 __lconv_init
0xbfc2e4 __set_app_type
0xbfc2e8 __setusermatherr
0xbfc2ec _acmdln
0xbfc2f0 _amsg_exit
0xbfc2f4 _beginthreadex
0xbfc2f8 _cexit
0xbfc2fc _endthreadex
0xbfc300 _fmode
0xbfc304 _fpreset
0xbfc308 _initterm
0xbfc30c _iob
0xbfc310 _lock
0xbfc314 _onexit
0xbfc318 _setjmp3
0xbfc31c _strdup
0xbfc320 _ultoa
0xbfc324 _unlock
0xbfc328 abort
0xbfc32c calloc
0xbfc330 exit
0xbfc334 fprintf
0xbfc338 free
0xbfc33c fwrite
0xbfc340 longjmp
0xbfc344 malloc
0xbfc348 memcmp
0xbfc34c memcpy
0xbfc350 memmove
0xbfc354 memset
0xbfc358 printf
0xbfc35c realloc
0xbfc360 signal
0xbfc364 strlen
0xbfc368 strncmp
0xbfc36c vfprintf
0xbfc370 wcslen
kernel32.dll
0xbfc378 GetSystemTimeAsFileTime
0xbfc37c CreateEventA
0xbfc380 GetModuleHandleA
0xbfc384 TerminateProcess
0xbfc388 GetCurrentProcess
0xbfc38c CreateToolhelp32Snapshot
0xbfc390 Thread32First
0xbfc394 GetCurrentProcessId
0xbfc398 GetCurrentThreadId
0xbfc39c OpenThread
0xbfc3a0 Thread32Next
0xbfc3a4 CloseHandle
0xbfc3a8 SuspendThread
0xbfc3ac ResumeThread
0xbfc3b0 WriteProcessMemory
0xbfc3b4 GetSystemInfo
0xbfc3b8 VirtualAlloc
0xbfc3bc VirtualProtect
0xbfc3c0 VirtualFree
0xbfc3c4 GetProcessAffinityMask
0xbfc3c8 SetProcessAffinityMask
0xbfc3cc GetCurrentThread
0xbfc3d0 SetThreadAffinityMask
0xbfc3d4 Sleep
0xbfc3d8 LoadLibraryA
0xbfc3dc FreeLibrary
0xbfc3e0 GetTickCount
0xbfc3e4 SystemTimeToFileTime
0xbfc3e8 FileTimeToSystemTime
0xbfc3ec GlobalFree
0xbfc3f0 HeapAlloc
0xbfc3f4 HeapFree
0xbfc3f8 GetProcAddress
0xbfc3fc ExitProcess
0xbfc400 EnterCriticalSection
0xbfc404 LeaveCriticalSection
0xbfc408 InitializeCriticalSection
0xbfc40c DeleteCriticalSection
0xbfc410 MultiByteToWideChar
0xbfc414 GetModuleHandleW
0xbfc418 LoadResource
0xbfc41c FindResourceExW
0xbfc420 FindResourceExA
0xbfc424 WideCharToMultiByte
0xbfc428 GetThreadLocale
0xbfc42c GetUserDefaultLCID
0xbfc430 GetSystemDefaultLCID
0xbfc434 EnumResourceNamesA
0xbfc438 EnumResourceNamesW
0xbfc43c EnumResourceLanguagesA
0xbfc440 EnumResourceLanguagesW
0xbfc444 EnumResourceTypesA
0xbfc448 EnumResourceTypesW
0xbfc44c CreateFileW
0xbfc450 LoadLibraryW
0xbfc454 GetLastError
0xbfc458 FlushFileBuffers
0xbfc45c VirtualQuery
0xbfc460 GetCommandLineA
0xbfc464 GetCPInfo
0xbfc468 InterlockedIncrement
0xbfc46c InterlockedDecrement
0xbfc470 GetACP
0xbfc474 GetOEMCP
0xbfc478 IsValidCodePage
0xbfc47c TlsGetValue
0xbfc480 TlsAlloc
0xbfc484 TlsSetValue
0xbfc488 TlsFree
0xbfc48c SetLastError
0xbfc490 UnhandledExceptionFilter
0xbfc494 SetUnhandledExceptionFilter
0xbfc498 IsDebuggerPresent
0xbfc49c RaiseException
0xbfc4a0 LCMapStringA
0xbfc4a4 LCMapStringW
0xbfc4a8 SetHandleCount
0xbfc4ac GetStdHandle
0xbfc4b0 GetFileType
0xbfc4b4 GetStartupInfoA
0xbfc4b8 GetModuleFileNameA
0xbfc4bc FreeEnvironmentStringsA
0xbfc4c0 GetEnvironmentStrings
0xbfc4c4 FreeEnvironmentStringsW
0xbfc4c8 GetEnvironmentStringsW
0xbfc4cc HeapCreate
0xbfc4d0 HeapDestroy
0xbfc4d4 QueryPerformanceCounter
0xbfc4d8 HeapReAlloc
0xbfc4dc GetStringTypeA
0xbfc4e0 GetStringTypeW
0xbfc4e4 GetLocaleInfoA
0xbfc4e8 HeapSize
0xbfc4ec WriteFile
0xbfc4f0 RtlUnwind
0xbfc4f4 SetFilePointer
0xbfc4f8 GetConsoleCP
0xbfc4fc GetConsoleMode
0xbfc500 InitializeCriticalSectionAndSpinCount
0xbfc504 SetStdHandle
0xbfc508 WriteConsoleA
0xbfc50c GetConsoleOutputCP
0xbfc510 WriteConsoleW
0xbfc514 CreateFileA
USER32.dll
0xbfc51c CharUpperBuffW
EAT(Export Address Table) is none