ScreenShot
| Created | 2023.06.17 18:09 | Machine | s1_win7_x6403 |
| Filename | gate.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (Tedy, V4vp, malicious, confidence, 100%, Genus, ABRisk, CQBU, Attribute, HighConfidence, high confidence, VMProtect, J suspicious, score, xyawhv, AdwareX, Zmhl, qvmuq, SMOKELOADER, YXDFOZ, Wacatac, ApplicUnwnt@#we81f4h1prkv, Malgent, Detected, Artemis, ai score=80, CoinMiner, unsafe, Chgt, CLOUD) | ||
| md5 | 4be5a605c895baa84294466875582764 | ||
| sha256 | 4508befe4b8012035c52c7aaccbe89b9f75919bdcc86feb8fe79ae01fdea8179 | ||
| ssdeep | 98304:xZdthJwriyq9ouD/IJlr2TYPL0wTrVjVy1V20PC4MJkv3CZcjCnC68HrAGxLLT+M:jTAiy5uD/IJlrE21PyV28C4WE3CcWgHp | ||
| imphash | 846876fcfaab8d0675698c01a809ad4d | ||
| impfuzzy | 96:/mX3QbcGtpxWtv746AJ11tLCWc/cgs5rWFx1AXJ+Zcp+qjOugt7Pr2a:oGYtv7QJzzjZ+OFa | ||
Network IP location
Signature (18cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| danger | Disables Windows Security features |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Expresses interest in specific running processes |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (11cnts) ?
Suricata ids
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SURICATA Applayer Mismatch protocol both directions
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SURICATA Applayer Mismatch protocol both directions
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140696000 InitializeCriticalSectionEx
0x140696008 lstrlenA
0x140696010 lstrcatA
0x140696018 GetModuleHandleA
0x140696020 SetCurrentDirectoryA
0x140696028 Sleep
0x140696030 GetModuleHandleExA
0x140696038 GetFileAttributesA
0x140696040 GetBinaryTypeA
0x140696048 QueryFullProcessImageNameA
0x140696050 GetSystemDirectoryA
0x140696058 GlobalAlloc
0x140696060 lstrcpyA
0x140696068 SetFileAttributesA
0x140696070 VerSetConditionMask
0x140696078 WideCharToMultiByte
0x140696080 VerifyVersionInfoW
0x140696088 GetSystemTimeAsFileTime
0x140696090 HeapFree
0x140696098 HeapAlloc
0x1406960a0 GetProcAddress
0x1406960a8 lstrcpynA
0x1406960b0 GetProcessHeap
0x1406960b8 AreFileApisANSI
0x1406960c0 TryEnterCriticalSection
0x1406960c8 HeapCreate
0x1406960d0 EnterCriticalSection
0x1406960d8 GetFullPathNameW
0x1406960e0 GetDiskFreeSpaceW
0x1406960e8 OutputDebugStringA
0x1406960f0 LockFile
0x1406960f8 LeaveCriticalSection
0x140696100 InitializeCriticalSection
0x140696108 GetFullPathNameA
0x140696110 SetEndOfFile
0x140696118 FindClose
0x140696120 GetTempPathW
0x140696128 CreateMutexW
0x140696130 WaitForSingleObject
0x140696138 GetFileAttributesW
0x140696140 GetCurrentThreadId
0x140696148 UnmapViewOfFile
0x140696150 HeapValidate
0x140696158 HeapSize
0x140696160 MultiByteToWideChar
0x140696168 GetTempPathA
0x140696170 FormatMessageW
0x140696178 GetDiskFreeSpaceA
0x140696180 GetFileAttributesExW
0x140696188 OutputDebugStringW
0x140696190 FlushViewOfFile
0x140696198 LoadLibraryA
0x1406961a0 WaitForSingleObjectEx
0x1406961a8 DeleteFileA
0x1406961b0 DeleteFileW
0x1406961b8 HeapReAlloc
0x1406961c0 GetSystemInfo
0x1406961c8 LoadLibraryW
0x1406961d0 HeapCompact
0x1406961d8 HeapDestroy
0x1406961e0 UnlockFile
0x1406961e8 LocalFree
0x1406961f0 LockFileEx
0x1406961f8 GetFileSize
0x140696200 DeleteCriticalSection
0x140696208 GetCurrentProcessId
0x140696210 SystemTimeToFileTime
0x140696218 FreeLibrary
0x140696220 GetSystemTime
0x140696228 FormatMessageA
0x140696230 CreateFileMappingW
0x140696238 MapViewOfFile
0x140696240 QueryPerformanceCounter
0x140696248 GetTickCount
0x140696250 FlushFileBuffers
0x140696258 WriteConsoleW
0x140696260 CloseHandle
0x140696268 CreateFileA
0x140696270 GetLastError
0x140696278 CreateFileW
0x140696280 SetFilePointer
0x140696288 WriteFile
0x140696290 UnlockFileEx
0x140696298 ReadFile
0x1406962a0 SetEnvironmentVariableW
0x1406962a8 FreeEnvironmentStringsW
0x1406962b0 GetEnvironmentStringsW
0x1406962b8 GetCommandLineW
0x1406962c0 GetCommandLineA
0x1406962c8 GetOEMCP
0x1406962d0 RtlCaptureContext
0x1406962d8 RtlLookupFunctionEntry
0x1406962e0 RtlVirtualUnwind
0x1406962e8 UnhandledExceptionFilter
0x1406962f0 SetUnhandledExceptionFilter
0x1406962f8 GetCurrentProcess
0x140696300 TerminateProcess
0x140696308 IsProcessorFeaturePresent
0x140696310 InitializeSListHead
0x140696318 InitializeCriticalSectionAndSpinCount
0x140696320 SetEvent
0x140696328 ResetEvent
0x140696330 CreateEventW
0x140696338 GetModuleHandleW
0x140696340 IsDebuggerPresent
0x140696348 GetStartupInfoW
0x140696350 CreateDirectoryW
0x140696358 FindFirstFileExW
0x140696360 FindNextFileW
0x140696368 SetFilePointerEx
0x140696370 GetFileInformationByHandleEx
0x140696378 QueryPerformanceFrequency
0x140696380 LCMapStringEx
0x140696388 EncodePointer
0x140696390 DecodePointer
0x140696398 GetCPInfo
0x1406963a0 GetStringTypeW
0x1406963a8 SetLastError
0x1406963b0 GetCurrentThread
0x1406963b8 GetThreadTimes
0x1406963c0 RtlUnwindEx
0x1406963c8 InterlockedPushEntrySList
0x1406963d0 RtlPcToFileHeader
0x1406963d8 RaiseException
0x1406963e0 TlsAlloc
0x1406963e8 TlsGetValue
0x1406963f0 TlsSetValue
0x1406963f8 TlsFree
0x140696400 LoadLibraryExW
0x140696408 GetFileType
0x140696410 ExitProcess
0x140696418 GetModuleHandleExW
0x140696420 CreateThread
0x140696428 ExitThread
0x140696430 FreeLibraryAndExitThread
0x140696438 GetModuleFileNameW
0x140696440 GetStdHandle
0x140696448 GetConsoleMode
0x140696450 ReadConsoleW
0x140696458 GetConsoleOutputCP
0x140696460 SetStdHandle
0x140696468 CompareStringW
0x140696470 LCMapStringW
0x140696478 GetLocaleInfoW
0x140696480 IsValidLocale
0x140696488 GetUserDefaultLCID
0x140696490 EnumSystemLocalesW
0x140696498 GetFileSizeEx
0x1406964a0 GetTimeZoneInformation
0x1406964a8 IsValidCodePage
0x1406964b0 GetACP
0x1406964b8 RtlUnwind
USER32.dll
0x1406964c8 CharNextA
ADVAPI32.dll
0x1406964d8 RegCloseKey
0x1406964e0 RegCreateKeyExA
0x1406964e8 RegSetValueExA
0x1406964f0 OpenProcessToken
0x1406964f8 RegOpenKeyExA
0x140696500 GetTokenInformation
0x140696508 CryptReleaseContext
SHELL32.dll
0x140696518 ShellExecuteA
ole32.dll
0x140696528 CoCreateInstance
0x140696530 CoInitializeEx
0x140696538 CoUninitialize
KERNEL32.dll
0x140696548 GetSystemTimeAsFileTime
0x140696550 GetModuleHandleA
0x140696558 CreateEventA
0x140696560 GetModuleFileNameW
0x140696568 TerminateProcess
0x140696570 GetCurrentProcess
0x140696578 CreateToolhelp32Snapshot
0x140696580 Thread32First
0x140696588 GetCurrentProcessId
0x140696590 GetCurrentThreadId
0x140696598 OpenThread
0x1406965a0 Thread32Next
0x1406965a8 CloseHandle
0x1406965b0 SuspendThread
0x1406965b8 ResumeThread
0x1406965c0 WriteProcessMemory
0x1406965c8 GetSystemInfo
0x1406965d0 VirtualAlloc
0x1406965d8 VirtualProtect
0x1406965e0 VirtualFree
0x1406965e8 GetProcessAffinityMask
0x1406965f0 SetProcessAffinityMask
0x1406965f8 GetCurrentThread
0x140696600 SetThreadAffinityMask
0x140696608 Sleep
0x140696610 LoadLibraryA
0x140696618 FreeLibrary
0x140696620 GetTickCount
0x140696628 SystemTimeToFileTime
0x140696630 FileTimeToSystemTime
0x140696638 GlobalFree
0x140696640 LocalAlloc
0x140696648 LocalFree
0x140696650 GetProcAddress
0x140696658 ExitProcess
0x140696660 EnterCriticalSection
0x140696668 LeaveCriticalSection
0x140696670 InitializeCriticalSection
0x140696678 DeleteCriticalSection
0x140696680 GetModuleHandleW
0x140696688 LoadResource
0x140696690 MultiByteToWideChar
0x140696698 FindResourceExW
0x1406966a0 FindResourceExA
0x1406966a8 WideCharToMultiByte
0x1406966b0 GetThreadLocale
0x1406966b8 GetUserDefaultLCID
0x1406966c0 GetSystemDefaultLCID
0x1406966c8 EnumResourceNamesA
0x1406966d0 EnumResourceNamesW
0x1406966d8 EnumResourceLanguagesA
0x1406966e0 EnumResourceLanguagesW
0x1406966e8 EnumResourceTypesA
0x1406966f0 EnumResourceTypesW
0x1406966f8 CreateFileW
0x140696700 LoadLibraryW
0x140696708 GetLastError
0x140696710 FlushFileBuffers
0x140696718 WriteConsoleW
0x140696720 SetStdHandle
0x140696728 HeapReAlloc
0x140696730 FlsSetValue
0x140696738 GetCommandLineA
0x140696740 RaiseException
0x140696748 RtlPcToFileHeader
0x140696750 HeapFree
0x140696758 GetCPInfo
0x140696760 GetACP
0x140696768 GetOEMCP
0x140696770 IsValidCodePage
0x140696778 EncodePointer
0x140696780 FlsGetValue
0x140696788 FlsFree
0x140696790 SetLastError
0x140696798 FlsAlloc
0x1406967a0 UnhandledExceptionFilter
0x1406967a8 SetUnhandledExceptionFilter
0x1406967b0 IsDebuggerPresent
0x1406967b8 RtlVirtualUnwind
0x1406967c0 RtlLookupFunctionEntry
0x1406967c8 RtlCaptureContext
0x1406967d0 DecodePointer
0x1406967d8 HeapAlloc
0x1406967e0 RtlUnwindEx
0x1406967e8 LCMapStringW
0x1406967f0 GetStringTypeW
0x1406967f8 SetHandleCount
0x140696800 GetStdHandle
0x140696808 InitializeCriticalSectionAndSpinCount
0x140696810 GetFileType
0x140696818 GetStartupInfoW
0x140696820 GetModuleFileNameA
0x140696828 FreeEnvironmentStringsW
0x140696830 GetEnvironmentStringsW
0x140696838 HeapSetInformation
0x140696840 GetVersion
0x140696848 HeapCreate
0x140696850 HeapDestroy
0x140696858 QueryPerformanceCounter
0x140696860 HeapSize
0x140696868 WriteFile
0x140696870 SetFilePointer
0x140696878 GetConsoleCP
0x140696880 GetConsoleMode
USER32.dll
0x140696890 CharUpperBuffW
KERNEL32.dll
0x1406968a0 LocalAlloc
0x1406968a8 LocalFree
0x1406968b0 GetModuleFileNameW
0x1406968b8 ExitProcess
0x1406968c0 LoadLibraryA
0x1406968c8 GetModuleHandleA
0x1406968d0 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x140696000 InitializeCriticalSectionEx
0x140696008 lstrlenA
0x140696010 lstrcatA
0x140696018 GetModuleHandleA
0x140696020 SetCurrentDirectoryA
0x140696028 Sleep
0x140696030 GetModuleHandleExA
0x140696038 GetFileAttributesA
0x140696040 GetBinaryTypeA
0x140696048 QueryFullProcessImageNameA
0x140696050 GetSystemDirectoryA
0x140696058 GlobalAlloc
0x140696060 lstrcpyA
0x140696068 SetFileAttributesA
0x140696070 VerSetConditionMask
0x140696078 WideCharToMultiByte
0x140696080 VerifyVersionInfoW
0x140696088 GetSystemTimeAsFileTime
0x140696090 HeapFree
0x140696098 HeapAlloc
0x1406960a0 GetProcAddress
0x1406960a8 lstrcpynA
0x1406960b0 GetProcessHeap
0x1406960b8 AreFileApisANSI
0x1406960c0 TryEnterCriticalSection
0x1406960c8 HeapCreate
0x1406960d0 EnterCriticalSection
0x1406960d8 GetFullPathNameW
0x1406960e0 GetDiskFreeSpaceW
0x1406960e8 OutputDebugStringA
0x1406960f0 LockFile
0x1406960f8 LeaveCriticalSection
0x140696100 InitializeCriticalSection
0x140696108 GetFullPathNameA
0x140696110 SetEndOfFile
0x140696118 FindClose
0x140696120 GetTempPathW
0x140696128 CreateMutexW
0x140696130 WaitForSingleObject
0x140696138 GetFileAttributesW
0x140696140 GetCurrentThreadId
0x140696148 UnmapViewOfFile
0x140696150 HeapValidate
0x140696158 HeapSize
0x140696160 MultiByteToWideChar
0x140696168 GetTempPathA
0x140696170 FormatMessageW
0x140696178 GetDiskFreeSpaceA
0x140696180 GetFileAttributesExW
0x140696188 OutputDebugStringW
0x140696190 FlushViewOfFile
0x140696198 LoadLibraryA
0x1406961a0 WaitForSingleObjectEx
0x1406961a8 DeleteFileA
0x1406961b0 DeleteFileW
0x1406961b8 HeapReAlloc
0x1406961c0 GetSystemInfo
0x1406961c8 LoadLibraryW
0x1406961d0 HeapCompact
0x1406961d8 HeapDestroy
0x1406961e0 UnlockFile
0x1406961e8 LocalFree
0x1406961f0 LockFileEx
0x1406961f8 GetFileSize
0x140696200 DeleteCriticalSection
0x140696208 GetCurrentProcessId
0x140696210 SystemTimeToFileTime
0x140696218 FreeLibrary
0x140696220 GetSystemTime
0x140696228 FormatMessageA
0x140696230 CreateFileMappingW
0x140696238 MapViewOfFile
0x140696240 QueryPerformanceCounter
0x140696248 GetTickCount
0x140696250 FlushFileBuffers
0x140696258 WriteConsoleW
0x140696260 CloseHandle
0x140696268 CreateFileA
0x140696270 GetLastError
0x140696278 CreateFileW
0x140696280 SetFilePointer
0x140696288 WriteFile
0x140696290 UnlockFileEx
0x140696298 ReadFile
0x1406962a0 SetEnvironmentVariableW
0x1406962a8 FreeEnvironmentStringsW
0x1406962b0 GetEnvironmentStringsW
0x1406962b8 GetCommandLineW
0x1406962c0 GetCommandLineA
0x1406962c8 GetOEMCP
0x1406962d0 RtlCaptureContext
0x1406962d8 RtlLookupFunctionEntry
0x1406962e0 RtlVirtualUnwind
0x1406962e8 UnhandledExceptionFilter
0x1406962f0 SetUnhandledExceptionFilter
0x1406962f8 GetCurrentProcess
0x140696300 TerminateProcess
0x140696308 IsProcessorFeaturePresent
0x140696310 InitializeSListHead
0x140696318 InitializeCriticalSectionAndSpinCount
0x140696320 SetEvent
0x140696328 ResetEvent
0x140696330 CreateEventW
0x140696338 GetModuleHandleW
0x140696340 IsDebuggerPresent
0x140696348 GetStartupInfoW
0x140696350 CreateDirectoryW
0x140696358 FindFirstFileExW
0x140696360 FindNextFileW
0x140696368 SetFilePointerEx
0x140696370 GetFileInformationByHandleEx
0x140696378 QueryPerformanceFrequency
0x140696380 LCMapStringEx
0x140696388 EncodePointer
0x140696390 DecodePointer
0x140696398 GetCPInfo
0x1406963a0 GetStringTypeW
0x1406963a8 SetLastError
0x1406963b0 GetCurrentThread
0x1406963b8 GetThreadTimes
0x1406963c0 RtlUnwindEx
0x1406963c8 InterlockedPushEntrySList
0x1406963d0 RtlPcToFileHeader
0x1406963d8 RaiseException
0x1406963e0 TlsAlloc
0x1406963e8 TlsGetValue
0x1406963f0 TlsSetValue
0x1406963f8 TlsFree
0x140696400 LoadLibraryExW
0x140696408 GetFileType
0x140696410 ExitProcess
0x140696418 GetModuleHandleExW
0x140696420 CreateThread
0x140696428 ExitThread
0x140696430 FreeLibraryAndExitThread
0x140696438 GetModuleFileNameW
0x140696440 GetStdHandle
0x140696448 GetConsoleMode
0x140696450 ReadConsoleW
0x140696458 GetConsoleOutputCP
0x140696460 SetStdHandle
0x140696468 CompareStringW
0x140696470 LCMapStringW
0x140696478 GetLocaleInfoW
0x140696480 IsValidLocale
0x140696488 GetUserDefaultLCID
0x140696490 EnumSystemLocalesW
0x140696498 GetFileSizeEx
0x1406964a0 GetTimeZoneInformation
0x1406964a8 IsValidCodePage
0x1406964b0 GetACP
0x1406964b8 RtlUnwind
USER32.dll
0x1406964c8 CharNextA
ADVAPI32.dll
0x1406964d8 RegCloseKey
0x1406964e0 RegCreateKeyExA
0x1406964e8 RegSetValueExA
0x1406964f0 OpenProcessToken
0x1406964f8 RegOpenKeyExA
0x140696500 GetTokenInformation
0x140696508 CryptReleaseContext
SHELL32.dll
0x140696518 ShellExecuteA
ole32.dll
0x140696528 CoCreateInstance
0x140696530 CoInitializeEx
0x140696538 CoUninitialize
KERNEL32.dll
0x140696548 GetSystemTimeAsFileTime
0x140696550 GetModuleHandleA
0x140696558 CreateEventA
0x140696560 GetModuleFileNameW
0x140696568 TerminateProcess
0x140696570 GetCurrentProcess
0x140696578 CreateToolhelp32Snapshot
0x140696580 Thread32First
0x140696588 GetCurrentProcessId
0x140696590 GetCurrentThreadId
0x140696598 OpenThread
0x1406965a0 Thread32Next
0x1406965a8 CloseHandle
0x1406965b0 SuspendThread
0x1406965b8 ResumeThread
0x1406965c0 WriteProcessMemory
0x1406965c8 GetSystemInfo
0x1406965d0 VirtualAlloc
0x1406965d8 VirtualProtect
0x1406965e0 VirtualFree
0x1406965e8 GetProcessAffinityMask
0x1406965f0 SetProcessAffinityMask
0x1406965f8 GetCurrentThread
0x140696600 SetThreadAffinityMask
0x140696608 Sleep
0x140696610 LoadLibraryA
0x140696618 FreeLibrary
0x140696620 GetTickCount
0x140696628 SystemTimeToFileTime
0x140696630 FileTimeToSystemTime
0x140696638 GlobalFree
0x140696640 LocalAlloc
0x140696648 LocalFree
0x140696650 GetProcAddress
0x140696658 ExitProcess
0x140696660 EnterCriticalSection
0x140696668 LeaveCriticalSection
0x140696670 InitializeCriticalSection
0x140696678 DeleteCriticalSection
0x140696680 GetModuleHandleW
0x140696688 LoadResource
0x140696690 MultiByteToWideChar
0x140696698 FindResourceExW
0x1406966a0 FindResourceExA
0x1406966a8 WideCharToMultiByte
0x1406966b0 GetThreadLocale
0x1406966b8 GetUserDefaultLCID
0x1406966c0 GetSystemDefaultLCID
0x1406966c8 EnumResourceNamesA
0x1406966d0 EnumResourceNamesW
0x1406966d8 EnumResourceLanguagesA
0x1406966e0 EnumResourceLanguagesW
0x1406966e8 EnumResourceTypesA
0x1406966f0 EnumResourceTypesW
0x1406966f8 CreateFileW
0x140696700 LoadLibraryW
0x140696708 GetLastError
0x140696710 FlushFileBuffers
0x140696718 WriteConsoleW
0x140696720 SetStdHandle
0x140696728 HeapReAlloc
0x140696730 FlsSetValue
0x140696738 GetCommandLineA
0x140696740 RaiseException
0x140696748 RtlPcToFileHeader
0x140696750 HeapFree
0x140696758 GetCPInfo
0x140696760 GetACP
0x140696768 GetOEMCP
0x140696770 IsValidCodePage
0x140696778 EncodePointer
0x140696780 FlsGetValue
0x140696788 FlsFree
0x140696790 SetLastError
0x140696798 FlsAlloc
0x1406967a0 UnhandledExceptionFilter
0x1406967a8 SetUnhandledExceptionFilter
0x1406967b0 IsDebuggerPresent
0x1406967b8 RtlVirtualUnwind
0x1406967c0 RtlLookupFunctionEntry
0x1406967c8 RtlCaptureContext
0x1406967d0 DecodePointer
0x1406967d8 HeapAlloc
0x1406967e0 RtlUnwindEx
0x1406967e8 LCMapStringW
0x1406967f0 GetStringTypeW
0x1406967f8 SetHandleCount
0x140696800 GetStdHandle
0x140696808 InitializeCriticalSectionAndSpinCount
0x140696810 GetFileType
0x140696818 GetStartupInfoW
0x140696820 GetModuleFileNameA
0x140696828 FreeEnvironmentStringsW
0x140696830 GetEnvironmentStringsW
0x140696838 HeapSetInformation
0x140696840 GetVersion
0x140696848 HeapCreate
0x140696850 HeapDestroy
0x140696858 QueryPerformanceCounter
0x140696860 HeapSize
0x140696868 WriteFile
0x140696870 SetFilePointer
0x140696878 GetConsoleCP
0x140696880 GetConsoleMode
USER32.dll
0x140696890 CharUpperBuffW
KERNEL32.dll
0x1406968a0 LocalAlloc
0x1406968a8 LocalFree
0x1406968b0 GetModuleFileNameW
0x1406968b8 ExitProcess
0x1406968c0 LoadLibraryA
0x1406968c8 GetModuleHandleA
0x1406968d0 GetProcAddress
EAT(Export Address Table) is none