ScreenShot
| Created | 2023.12.04 15:39 | Machine | s1_win7_x6403 |
| Filename | 1.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 63 detected (Common, Mimikatz, Tool, HackTool, S13719266, HToolMimikatz, HTool, uwccg, TrojanPSW, ZexaF, cv0@a0UVOlli, Genus, Windows, Malicious, score, jsrits, HacktoolX, Gencirc, zuzcj, CNGG, high, Apteryx, Static AI, Malicious PE, Detected, PSWTroj, ApplicUnwnt@#1rkmtnixm7hy6, Eldorado, R364133, BScope, ai score=100, unsafe, HackingTool, CLASSIC, susgen, confidence, 100%) | ||
| md5 | d3b17ddf0b98fd2441ed46b033043456 | ||
| sha256 | 94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b | ||
| ssdeep | 24576:uiDjF7X3YoGq4tC1YJk+3nWBkDeq26iLutKcEY4:u05YjqakE3Aq2vu7E | ||
| imphash | ff6abb25b3369620afef1dacd4a21f4c | ||
| impfuzzy | 192:lUQG990nAxXfLv2RdjuGIO8xWjslYkXTMr2FUQjFySiBaGZ1TeUmvedi6v:lSmefT2Wr1TjFyS01TeU3diG | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 63 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x49e000 CryptSetHashParam
0x49e004 CryptGetHashParam
0x49e008 CryptExportKey
0x49e00c CryptAcquireContextW
0x49e010 CryptSetKeyParam
0x49e014 CryptGetKeyParam
0x49e018 CryptReleaseContext
0x49e01c CryptDuplicateKey
0x49e020 CryptAcquireContextA
0x49e024 CryptGetProvParam
0x49e028 CryptImportKey
0x49e02c SystemFunction007
0x49e030 CryptEncrypt
0x49e034 CryptCreateHash
0x49e038 CryptGenKey
0x49e03c CryptDestroyKey
0x49e040 CryptDecrypt
0x49e044 CryptDestroyHash
0x49e048 CryptHashData
0x49e04c CopySid
0x49e050 GetLengthSid
0x49e054 LsaQueryInformationPolicy
0x49e058 LsaOpenPolicy
0x49e05c LsaClose
0x49e060 CreateWellKnownSid
0x49e064 CreateProcessWithLogonW
0x49e068 CreateProcessAsUserW
0x49e06c RegQueryValueExW
0x49e070 RegQueryInfoKeyW
0x49e074 RegEnumValueW
0x49e078 RegOpenKeyExW
0x49e07c RegEnumKeyExW
0x49e080 RegCloseKey
0x49e084 RegSetValueExW
0x49e088 SystemFunction033
0x49e08c SystemFunction032
0x49e090 ConvertSidToStringSidW
0x49e094 CreateServiceW
0x49e098 CloseServiceHandle
0x49e09c DeleteService
0x49e0a0 OpenSCManagerW
0x49e0a4 SetServiceObjectSecurity
0x49e0a8 OpenServiceW
0x49e0ac BuildSecurityDescriptorW
0x49e0b0 QueryServiceObjectSecurity
0x49e0b4 StartServiceW
0x49e0b8 AllocateAndInitializeSid
0x49e0bc QueryServiceStatusEx
0x49e0c0 FreeSid
0x49e0c4 ControlService
0x49e0c8 IsTextUnicode
0x49e0cc OpenProcessToken
0x49e0d0 GetTokenInformation
0x49e0d4 LookupAccountNameW
0x49e0d8 LookupAccountSidW
0x49e0dc DuplicateTokenEx
0x49e0e0 CheckTokenMembership
0x49e0e4 CryptSetProvParam
0x49e0e8 CryptEnumProvidersW
0x49e0ec ConvertStringSidToSidW
0x49e0f0 LsaFreeMemory
0x49e0f4 GetSidSubAuthority
0x49e0f8 GetSidSubAuthorityCount
0x49e0fc IsValidSid
0x49e100 SetThreadToken
0x49e104 CryptEnumProviderTypesW
0x49e108 SystemFunction006
0x49e10c CryptGetUserKey
0x49e110 OpenEventLogW
0x49e114 GetNumberOfEventLogRecords
0x49e118 ClearEventLogW
0x49e11c SystemFunction001
0x49e120 CryptDeriveKey
0x49e124 SystemFunction005
0x49e128 LsaQueryTrustedDomainInfoByName
0x49e12c CryptSignHashW
0x49e130 LsaSetSecret
0x49e134 SystemFunction023
0x49e138 LsaOpenSecret
0x49e13c LsaQuerySecret
0x49e140 LsaRetrievePrivateData
0x49e144 LsaEnumerateTrustedDomainsEx
0x49e148 LookupPrivilegeValueW
0x49e14c StartServiceCtrlDispatcherW
0x49e150 SetServiceStatus
0x49e154 RegisterServiceCtrlHandlerW
0x49e158 LookupPrivilegeNameW
0x49e15c OpenThreadToken
0x49e160 EqualSid
0x49e164 CredFree
0x49e168 CredEnumerateW
0x49e16c SystemFunction026
0x49e170 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x49e174 SystemFunction027
0x49e178 SystemFunction041
0x49e17c CredIsMarshaledCredentialW
0x49e180 CredUnmarshalCredentialW
Cabinet.dll
0x49e1f4 None
0x49e1f8 None
0x49e1fc None
0x49e200 None
CRYPT32.dll
0x49e188 CryptSignAndEncodeCertificate
0x49e18c CertEnumSystemStore
0x49e190 CertEnumCertificatesInStore
0x49e194 CertAddCertificateContextToStore
0x49e198 CryptDecodeObjectEx
0x49e19c CryptStringToBinaryA
0x49e1a0 CertAddEncodedCertificateToStore
0x49e1a4 CertOpenStore
0x49e1a8 CertFreeCertificateContext
0x49e1ac CertCloseStore
0x49e1b0 CryptStringToBinaryW
0x49e1b4 CertSetCertificateContextProperty
0x49e1b8 PFXExportCertStoreEx
0x49e1bc CryptUnprotectData
0x49e1c0 CryptBinaryToStringW
0x49e1c4 CryptBinaryToStringA
0x49e1c8 CryptExportPublicKeyInfo
0x49e1cc CryptFindOIDInfo
0x49e1d0 CryptAcquireCertificatePrivateKey
0x49e1d4 CertNameToStrW
0x49e1d8 CertFindCertificateInStore
0x49e1dc CertGetCertificateContextProperty
0x49e1e0 CertGetNameStringW
0x49e1e4 CryptEncodeObject
0x49e1e8 CryptProtectData
0x49e1ec CryptQueryObject
cryptdll.dll
0x49e7b0 MD5Update
0x49e7b4 MD5Final
0x49e7b8 CDLocateCSystem
0x49e7bc MD5Init
0x49e7c0 CDLocateCheckSum
0x49e7c4 CDGenerateRandomBits
DNSAPI.dll
0x49e208 DnsFree
0x49e20c DnsQuery_A
FLTLIB.DLL
0x49e214 FilterFindFirst
0x49e218 FilterFindNext
MPR.dll
0x49e480 WNetCancelConnection2W
0x49e484 WNetAddConnection2W
NETAPI32.dll
0x49e48c NetStatisticsGet
0x49e490 DsGetDcNameW
0x49e494 NetApiBufferFree
0x49e498 NetRemoteTOD
0x49e49c NetSessionEnum
0x49e4a0 NetServerGetInfo
0x49e4a4 DsEnumerateDomainTrustsW
0x49e4a8 NetShareEnum
0x49e4ac NetWkstaUserEnum
ODBC32.dll
0x49e4b4 None
0x49e4b8 None
0x49e4bc None
0x49e4c0 None
0x49e4c4 None
0x49e4c8 None
0x49e4cc None
0x49e4d0 None
ole32.dll
0x49e9c8 CoTaskMemFree
0x49e9cc CoSetProxyBlanket
0x49e9d0 CoInitializeEx
0x49e9d4 CoUninitialize
0x49e9d8 CoCreateInstance
OLEAUT32.dll
0x49e4d8 SysAllocString
0x49e4dc VariantInit
0x49e4e0 SysFreeString
0x49e4e4 VariantClear
RPCRT4.dll
0x49e4ec RpcBindingFree
0x49e4f0 RpcBindingFromStringBindingW
0x49e4f4 RpcStringBindingComposeW
0x49e4f8 MesEncodeIncrementalHandleCreate
0x49e4fc RpcBindingSetAuthInfoExW
0x49e500 RpcBindingInqAuthClientW
0x49e504 RpcBindingSetOption
0x49e508 RpcImpersonateClient
0x49e50c RpcStringFreeW
0x49e510 RpcRevertToSelf
0x49e514 MesDecodeIncrementalHandleCreate
0x49e518 MesHandleFree
0x49e51c MesIncrementalHandleReset
0x49e520 NdrMesTypeDecode2
0x49e524 NdrMesTypeAlignSize2
0x49e528 NdrMesTypeFree2
0x49e52c NdrMesTypeEncode2
0x49e530 RpcServerUnregisterIfEx
0x49e534 I_RpcBindingInqSecurityContext
0x49e538 RpcServerInqBindings
0x49e53c RpcServerListen
0x49e540 RpcMgmtWaitServerListen
0x49e544 RpcEpRegisterW
0x49e548 RpcMgmtStopServerListening
0x49e54c RpcBindingToStringBindingW
0x49e550 RpcServerRegisterIf2
0x49e554 RpcServerRegisterAuthInfoW
0x49e558 RpcBindingVectorFree
0x49e55c UuidToStringW
0x49e560 RpcServerUseProtseqEpW
0x49e564 RpcEpUnregister
0x49e568 NdrServerCall2
0x49e56c NdrClientCall2
0x49e570 UuidCreate
0x49e574 RpcEpResolveBinding
0x49e578 RpcBindingSetObject
0x49e57c RpcBindingSetAuthInfoW
0x49e580 RpcMgmtEpEltInqDone
0x49e584 RpcMgmtEpEltInqNextW
0x49e588 RpcMgmtEpEltInqBegin
0x49e58c I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x49e60c UrlUnescapeW
0x49e610 PathIsDirectoryW
0x49e614 PathFindFileNameW
0x49e618 PathIsRelativeW
0x49e61c PathCombineW
0x49e620 PathCanonicalizeW
SAMLIB.dll
0x49e594 SamEnumerateAliasesInDomain
0x49e598 SamQueryInformationUser
0x49e59c SamCloseHandle
0x49e5a0 SamEnumerateDomainsInSamServer
0x49e5a4 SamFreeMemory
0x49e5a8 SamEnumerateUsersInDomain
0x49e5ac SamOpenUser
0x49e5b0 SamLookupDomainInSamServer
0x49e5b4 SamLookupNamesInDomain
0x49e5b8 SamLookupIdsInDomain
0x49e5bc SamOpenDomain
0x49e5c0 SamConnect
0x49e5c4 SamSetInformationUser
0x49e5c8 SamiChangePasswordUser
0x49e5cc SamEnumerateGroupsInDomain
0x49e5d0 SamGetGroupsForUser
0x49e5d4 SamGetMembersInGroup
0x49e5d8 SamGetMembersInAlias
0x49e5dc SamRidToSid
0x49e5e0 SamGetAliasMembership
0x49e5e4 SamOpenGroup
0x49e5e8 SamOpenAlias
Secur32.dll
0x49e628 FreeContextBuffer
0x49e62c LsaLookupAuthenticationPackage
0x49e630 LsaFreeReturnBuffer
0x49e634 LsaDeregisterLogonProcess
0x49e638 QueryContextAttributesW
0x49e63c InitializeSecurityContextW
0x49e640 AcquireCredentialsHandleW
0x49e644 EnumerateSecurityPackagesW
0x49e648 FreeCredentialsHandle
0x49e64c DeleteSecurityContext
0x49e650 LsaCallAuthenticationPackage
0x49e654 LsaConnectUntrusted
SHELL32.dll
0x49e604 CommandLineToArgvW
USER32.dll
0x49e65c SetClipboardViewer
0x49e660 DefWindowProcW
0x49e664 GetClipboardSequenceNumber
0x49e668 OpenClipboard
0x49e66c CreateWindowExW
0x49e670 ChangeClipboardChain
0x49e674 RegisterClassExW
0x49e678 TranslateMessage
0x49e67c EnumClipboardFormats
0x49e680 PostMessageW
0x49e684 DispatchMessageW
0x49e688 GetKeyboardLayout
0x49e68c IsCharAlphaNumericW
0x49e690 SendMessageW
0x49e694 UnregisterClassW
0x49e698 GetMessageW
0x49e69c DestroyWindow
0x49e6a0 CloseClipboard
0x49e6a4 GetClipboardData
USERENV.dll
0x49e6ac DestroyEnvironmentBlock
0x49e6b0 CreateEnvironmentBlock
VERSION.dll
0x49e6b8 VerQueryValueW
0x49e6bc GetFileVersionInfoSizeW
0x49e6c0 GetFileVersionInfoW
HID.DLL
0x49e220 HidD_GetFeature
0x49e224 HidD_GetPreparsedData
0x49e228 HidD_GetHidGuid
0x49e22c HidP_GetCaps
0x49e230 HidD_SetFeature
0x49e234 HidD_FreePreparsedData
0x49e238 HidD_GetAttributes
SETUPAPI.dll
0x49e5f0 SetupDiGetDeviceInterfaceDetailW
0x49e5f4 SetupDiEnumDeviceInterfaces
0x49e5f8 SetupDiGetClassDevsW
0x49e5fc SetupDiDestroyDeviceInfoList
WinSCard.dll
0x49e770 SCardControl
0x49e774 SCardTransmit
0x49e778 SCardDisconnect
0x49e77c SCardGetAttrib
0x49e780 SCardEstablishContext
0x49e784 SCardFreeMemory
0x49e788 SCardListReadersW
0x49e78c SCardReleaseContext
0x49e790 SCardGetCardTypeProviderNameW
0x49e794 SCardListCardsW
0x49e798 SCardConnectW
WINSTA.dll
0x49e6c8 WinStationCloseServer
0x49e6cc WinStationOpenServerW
0x49e6d0 WinStationFreeMemory
0x49e6d4 WinStationConnectW
0x49e6d8 WinStationQueryInformationW
0x49e6dc WinStationEnumerateW
WLDAP32.dll
0x49e6e4 None
0x49e6e8 None
0x49e6ec None
0x49e6f0 None
0x49e6f4 None
0x49e6f8 None
0x49e6fc None
0x49e700 None
0x49e704 None
0x49e708 None
0x49e70c None
0x49e710 None
0x49e714 None
0x49e718 None
0x49e71c None
0x49e720 None
0x49e724 None
0x49e728 None
0x49e72c None
0x49e730 None
0x49e734 None
0x49e738 None
0x49e73c None
0x49e740 None
0x49e744 None
0x49e748 None
0x49e74c None
0x49e750 None
0x49e754 None
0x49e758 None
0x49e75c None
0x49e760 None
0x49e764 None
0x49e768 None
advapi32.dll
0x49e7a0 A_SHAFinal
0x49e7a4 A_SHAInit
0x49e7a8 A_SHAUpdate
msasn1.dll
0x49e7cc ASN1_CreateEncoder
0x49e7d0 ASN1BERDotVal2Eoid
0x49e7d4 ASN1_CloseEncoder
0x49e7d8 ASN1_CreateDecoder
0x49e7dc ASN1_FreeEncoded
0x49e7e0 ASN1_CloseModule
0x49e7e4 ASN1_CloseDecoder
0x49e7e8 ASN1_CreateModule
ntdll.dll
0x49e93c RtlIpv6AddressToStringW
0x49e940 RtlUnicodeStringToAnsiString
0x49e944 RtlFreeAnsiString
0x49e948 RtlDowncaseUnicodeString
0x49e94c RtlFreeUnicodeString
0x49e950 RtlInitUnicodeString
0x49e954 RtlEqualUnicodeString
0x49e958 NtQueryObject
0x49e95c RtlCompressBuffer
0x49e960 RtlGetCompressionWorkSpaceSize
0x49e964 NtQuerySystemInformation
0x49e968 RtlGetCurrentPeb
0x49e96c NtQueryInformationProcess
0x49e970 RtlCreateUserThread
0x49e974 RtlGUIDFromString
0x49e978 RtlStringFromGUID
0x49e97c NtCompareTokens
0x49e980 RtlGetNtVersionNumbers
0x49e984 RtlEqualString
0x49e988 RtlUpcaseUnicodeString
0x49e98c RtlAppendUnicodeStringToString
0x49e990 RtlAnsiStringToUnicodeString
0x49e994 RtlFreeOemString
0x49e998 RtlUpcaseUnicodeStringToOemString
0x49e99c NtQueryDirectoryObject
0x49e9a0 NtResumeProcess
0x49e9a4 NtOpenDirectoryObject
0x49e9a8 RtlAdjustPrivilege
0x49e9ac NtSuspendProcess
0x49e9b0 NtTerminateProcess
0x49e9b4 NtQuerySystemEnvironmentValueEx
0x49e9b8 NtSetSystemEnvironmentValueEx
0x49e9bc NtEnumerateSystemEnvironmentValuesEx
0x49e9c0 RtlIpv4AddressToStringW
netapi32.dll
0x49e92c I_NetServerAuthenticate2
0x49e930 I_NetServerTrustPasswordsGet
0x49e934 I_NetServerReqChallenge
KERNEL32.dll
0x49e240 SystemTimeToFileTime
0x49e244 lstrlenA
0x49e248 GetDateFormatW
0x49e24c GetSystemTimeAsFileTime
0x49e250 ClearCommError
0x49e254 CreateRemoteThread
0x49e258 WaitForSingleObject
0x49e25c CreateProcessW
0x49e260 SetConsoleOutputCP
0x49e264 GetConsoleOutputCP
0x49e268 CreateFileMappingW
0x49e26c UnmapViewOfFile
0x49e270 MapViewOfFile
0x49e274 WriteProcessMemory
0x49e278 VirtualProtect
0x49e27c InterlockedExchange
0x49e280 SetFilePointerEx
0x49e284 GetProcessId
0x49e288 GetComputerNameW
0x49e28c ProcessIdToSessionId
0x49e290 VirtualAllocEx
0x49e294 VirtualProtectEx
0x49e298 VirtualAlloc
0x49e29c SetLastError
0x49e2a0 ReadProcessMemory
0x49e2a4 VirtualFreeEx
0x49e2a8 VirtualQueryEx
0x49e2ac VirtualFree
0x49e2b0 VirtualQuery
0x49e2b4 GetComputerNameExW
0x49e2b8 DeviceIoControl
0x49e2bc DuplicateHandle
0x49e2c0 OpenProcess
0x49e2c4 GetCurrentProcess
0x49e2c8 ExpandEnvironmentStringsW
0x49e2cc FindNextFileW
0x49e2d0 FindClose
0x49e2d4 GetCurrentDirectoryW
0x49e2d8 GetFileSizeEx
0x49e2dc FlushFileBuffers
0x49e2e0 GetFileAttributesW
0x49e2e4 FindFirstFileW
0x49e2e8 lstrlenW
0x49e2ec GetProcAddress
0x49e2f0 LoadLibraryW
0x49e2f4 GetModuleHandleW
0x49e2f8 FreeLibrary
0x49e2fc DeleteFileA
0x49e300 GetTempPathA
0x49e304 GetFileInformationByHandle
0x49e308 FileTimeToLocalFileTime
0x49e30c GetCurrentDirectoryA
0x49e310 GetTempFileNameA
0x49e314 SetFilePointer
0x49e318 CreateFileA
0x49e31c FileTimeToDosDateTime
0x49e320 CreateThread
0x49e324 LocalFree
0x49e328 CloseHandle
0x49e32c LocalAlloc
0x49e330 GetLastError
0x49e334 CreateFileW
0x49e338 ReadFile
0x49e33c Sleep
0x49e340 TerminateThread
0x49e344 WriteFile
0x49e348 FileTimeToSystemTime
0x49e34c GetTimeFormatW
0x49e350 GetFullPathNameW
0x49e354 GetFullPathNameA
0x49e358 HeapReAlloc
0x49e35c GetFileSize
0x49e360 CreateMutexW
0x49e364 HeapCompact
0x49e368 SetEndOfFile
0x49e36c HeapAlloc
0x49e370 QueryPerformanceCounter
0x49e374 HeapFree
0x49e378 InterlockedCompareExchange
0x49e37c UnlockFile
0x49e380 FlushViewOfFile
0x49e384 LockFile
0x49e388 WaitForSingleObjectEx
0x49e38c OutputDebugStringW
0x49e390 GetTickCount
0x49e394 UnlockFileEx
0x49e398 GetProcessHeap
0x49e39c FormatMessageA
0x49e3a0 FormatMessageW
0x49e3a4 GetVersionExW
0x49e3a8 WideCharToMultiByte
0x49e3ac HeapDestroy
0x49e3b0 GetFileAttributesA
0x49e3b4 HeapCreate
0x49e3b8 HeapValidate
0x49e3bc MultiByteToWideChar
0x49e3c0 GetTempPathW
0x49e3c4 HeapSize
0x49e3c8 LockFileEx
0x49e3cc GetDiskFreeSpaceW
0x49e3d0 LoadLibraryA
0x49e3d4 CreateFileMappingA
0x49e3d8 GetDiskFreeSpaceA
0x49e3dc GetSystemInfo
0x49e3e0 GetFileAttributesExW
0x49e3e4 OutputDebugStringA
0x49e3e8 GetVersionExA
0x49e3ec DeleteFileW
0x49e3f0 GetCurrentProcessId
0x49e3f4 GetSystemTime
0x49e3f8 AreFileApisANSI
0x49e3fc ExitProcess
0x49e400 ExitThread
0x49e404 RaiseException
0x49e408 SetConsoleCtrlHandler
0x49e40c SetConsoleTitleW
0x49e410 SetFileAttributesW
0x49e414 GlobalSize
0x49e418 SetHandleInformation
0x49e41c CreatePipe
0x49e420 InitializeCriticalSection
0x49e424 LeaveCriticalSection
0x49e428 EnterCriticalSection
0x49e42c DeleteCriticalSection
0x49e430 SetEvent
0x49e434 CreateEventW
0x49e438 GetSystemDirectoryW
0x49e43c SetConsoleCursorPosition
0x49e440 GetTimeZoneInformation
0x49e444 GetStdHandle
0x49e448 FillConsoleOutputCharacterW
0x49e44c GetConsoleScreenBufferInfo
0x49e450 IsWow64Process
0x49e454 SetCurrentDirectoryW
0x49e458 GetCurrentThread
0x49e45c RtlUnwind
0x49e460 TerminateProcess
0x49e464 UnhandledExceptionFilter
0x49e468 SetUnhandledExceptionFilter
0x49e46c GetVersion
0x49e470 GetModuleHandleA
0x49e474 GetCurrentThreadId
0x49e478 PurgeComm
msvcrt.dll
0x49e7f0 calloc
0x49e7f4 __set_app_type
0x49e7f8 _lseeki64
0x49e7fc wctomb
0x49e800 __setusermatherr
0x49e804 isspace
0x49e808 mbtowc
0x49e80c __mb_cur_max
0x49e810 _itoa
0x49e814 isleadbyte
0x49e818 isxdigit
0x49e81c localeconv
0x49e820 _snprintf
0x49e824 __p__fmode
0x49e828 ferror
0x49e82c iswctype
0x49e830 wcstombs
0x49e834 ?terminate@@YAXXZ
0x49e838 _write
0x49e83c _isatty
0x49e840 ungetc
0x49e844 _controlfp
0x49e848 __badioinfo
0x49e84c __pioinfo
0x49e850 __p__commode
0x49e854 _read
0x49e858 isdigit
0x49e85c strrchr
0x49e860 _amsg_exit
0x49e864 _initterm
0x49e868 exit
0x49e86c _XcptFilter
0x49e870 _exit
0x49e874 _cexit
0x49e878 _errno
0x49e87c free
0x49e880 _wcsdup
0x49e884 _vsnprintf
0x49e888 _except_handler3
0x49e88c _wcsicmp
0x49e890 vfwprintf
0x49e894 _vscwprintf
0x49e898 fflush
0x49e89c _wfopen
0x49e8a0 wprintf
0x49e8a4 _fileno
0x49e8a8 _iob
0x49e8ac vwprintf
0x49e8b0 _setmode
0x49e8b4 fclose
0x49e8b8 _stricmp
0x49e8bc wcsrchr
0x49e8c0 wcschr
0x49e8c4 wcsstr
0x49e8c8 strtoul
0x49e8cc _wcsnicmp
0x49e8d0 _vscprintf
0x49e8d4 memmove
0x49e8d8 strncmp
0x49e8dc malloc
0x49e8e0 _msize
0x49e8e4 strcspn
0x49e8e8 realloc
0x49e8ec fgetws
0x49e8f0 wcstoul
0x49e8f4 strchr
0x49e8f8 wcstol
0x49e8fc wcsncmp
0x49e900 _wcstoui64
0x49e904 towupper
0x49e908 _wpgmptr
0x49e90c strstr
0x49e910 _strcmpi
0x49e914 strtol
0x49e918 getchar
0x49e91c memset
0x49e920 memcpy
0x49e924 __wgetmainargs
EAT(Export Address Table) is none
ADVAPI32.dll
0x49e000 CryptSetHashParam
0x49e004 CryptGetHashParam
0x49e008 CryptExportKey
0x49e00c CryptAcquireContextW
0x49e010 CryptSetKeyParam
0x49e014 CryptGetKeyParam
0x49e018 CryptReleaseContext
0x49e01c CryptDuplicateKey
0x49e020 CryptAcquireContextA
0x49e024 CryptGetProvParam
0x49e028 CryptImportKey
0x49e02c SystemFunction007
0x49e030 CryptEncrypt
0x49e034 CryptCreateHash
0x49e038 CryptGenKey
0x49e03c CryptDestroyKey
0x49e040 CryptDecrypt
0x49e044 CryptDestroyHash
0x49e048 CryptHashData
0x49e04c CopySid
0x49e050 GetLengthSid
0x49e054 LsaQueryInformationPolicy
0x49e058 LsaOpenPolicy
0x49e05c LsaClose
0x49e060 CreateWellKnownSid
0x49e064 CreateProcessWithLogonW
0x49e068 CreateProcessAsUserW
0x49e06c RegQueryValueExW
0x49e070 RegQueryInfoKeyW
0x49e074 RegEnumValueW
0x49e078 RegOpenKeyExW
0x49e07c RegEnumKeyExW
0x49e080 RegCloseKey
0x49e084 RegSetValueExW
0x49e088 SystemFunction033
0x49e08c SystemFunction032
0x49e090 ConvertSidToStringSidW
0x49e094 CreateServiceW
0x49e098 CloseServiceHandle
0x49e09c DeleteService
0x49e0a0 OpenSCManagerW
0x49e0a4 SetServiceObjectSecurity
0x49e0a8 OpenServiceW
0x49e0ac BuildSecurityDescriptorW
0x49e0b0 QueryServiceObjectSecurity
0x49e0b4 StartServiceW
0x49e0b8 AllocateAndInitializeSid
0x49e0bc QueryServiceStatusEx
0x49e0c0 FreeSid
0x49e0c4 ControlService
0x49e0c8 IsTextUnicode
0x49e0cc OpenProcessToken
0x49e0d0 GetTokenInformation
0x49e0d4 LookupAccountNameW
0x49e0d8 LookupAccountSidW
0x49e0dc DuplicateTokenEx
0x49e0e0 CheckTokenMembership
0x49e0e4 CryptSetProvParam
0x49e0e8 CryptEnumProvidersW
0x49e0ec ConvertStringSidToSidW
0x49e0f0 LsaFreeMemory
0x49e0f4 GetSidSubAuthority
0x49e0f8 GetSidSubAuthorityCount
0x49e0fc IsValidSid
0x49e100 SetThreadToken
0x49e104 CryptEnumProviderTypesW
0x49e108 SystemFunction006
0x49e10c CryptGetUserKey
0x49e110 OpenEventLogW
0x49e114 GetNumberOfEventLogRecords
0x49e118 ClearEventLogW
0x49e11c SystemFunction001
0x49e120 CryptDeriveKey
0x49e124 SystemFunction005
0x49e128 LsaQueryTrustedDomainInfoByName
0x49e12c CryptSignHashW
0x49e130 LsaSetSecret
0x49e134 SystemFunction023
0x49e138 LsaOpenSecret
0x49e13c LsaQuerySecret
0x49e140 LsaRetrievePrivateData
0x49e144 LsaEnumerateTrustedDomainsEx
0x49e148 LookupPrivilegeValueW
0x49e14c StartServiceCtrlDispatcherW
0x49e150 SetServiceStatus
0x49e154 RegisterServiceCtrlHandlerW
0x49e158 LookupPrivilegeNameW
0x49e15c OpenThreadToken
0x49e160 EqualSid
0x49e164 CredFree
0x49e168 CredEnumerateW
0x49e16c SystemFunction026
0x49e170 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x49e174 SystemFunction027
0x49e178 SystemFunction041
0x49e17c CredIsMarshaledCredentialW
0x49e180 CredUnmarshalCredentialW
Cabinet.dll
0x49e1f4 None
0x49e1f8 None
0x49e1fc None
0x49e200 None
CRYPT32.dll
0x49e188 CryptSignAndEncodeCertificate
0x49e18c CertEnumSystemStore
0x49e190 CertEnumCertificatesInStore
0x49e194 CertAddCertificateContextToStore
0x49e198 CryptDecodeObjectEx
0x49e19c CryptStringToBinaryA
0x49e1a0 CertAddEncodedCertificateToStore
0x49e1a4 CertOpenStore
0x49e1a8 CertFreeCertificateContext
0x49e1ac CertCloseStore
0x49e1b0 CryptStringToBinaryW
0x49e1b4 CertSetCertificateContextProperty
0x49e1b8 PFXExportCertStoreEx
0x49e1bc CryptUnprotectData
0x49e1c0 CryptBinaryToStringW
0x49e1c4 CryptBinaryToStringA
0x49e1c8 CryptExportPublicKeyInfo
0x49e1cc CryptFindOIDInfo
0x49e1d0 CryptAcquireCertificatePrivateKey
0x49e1d4 CertNameToStrW
0x49e1d8 CertFindCertificateInStore
0x49e1dc CertGetCertificateContextProperty
0x49e1e0 CertGetNameStringW
0x49e1e4 CryptEncodeObject
0x49e1e8 CryptProtectData
0x49e1ec CryptQueryObject
cryptdll.dll
0x49e7b0 MD5Update
0x49e7b4 MD5Final
0x49e7b8 CDLocateCSystem
0x49e7bc MD5Init
0x49e7c0 CDLocateCheckSum
0x49e7c4 CDGenerateRandomBits
DNSAPI.dll
0x49e208 DnsFree
0x49e20c DnsQuery_A
FLTLIB.DLL
0x49e214 FilterFindFirst
0x49e218 FilterFindNext
MPR.dll
0x49e480 WNetCancelConnection2W
0x49e484 WNetAddConnection2W
NETAPI32.dll
0x49e48c NetStatisticsGet
0x49e490 DsGetDcNameW
0x49e494 NetApiBufferFree
0x49e498 NetRemoteTOD
0x49e49c NetSessionEnum
0x49e4a0 NetServerGetInfo
0x49e4a4 DsEnumerateDomainTrustsW
0x49e4a8 NetShareEnum
0x49e4ac NetWkstaUserEnum
ODBC32.dll
0x49e4b4 None
0x49e4b8 None
0x49e4bc None
0x49e4c0 None
0x49e4c4 None
0x49e4c8 None
0x49e4cc None
0x49e4d0 None
ole32.dll
0x49e9c8 CoTaskMemFree
0x49e9cc CoSetProxyBlanket
0x49e9d0 CoInitializeEx
0x49e9d4 CoUninitialize
0x49e9d8 CoCreateInstance
OLEAUT32.dll
0x49e4d8 SysAllocString
0x49e4dc VariantInit
0x49e4e0 SysFreeString
0x49e4e4 VariantClear
RPCRT4.dll
0x49e4ec RpcBindingFree
0x49e4f0 RpcBindingFromStringBindingW
0x49e4f4 RpcStringBindingComposeW
0x49e4f8 MesEncodeIncrementalHandleCreate
0x49e4fc RpcBindingSetAuthInfoExW
0x49e500 RpcBindingInqAuthClientW
0x49e504 RpcBindingSetOption
0x49e508 RpcImpersonateClient
0x49e50c RpcStringFreeW
0x49e510 RpcRevertToSelf
0x49e514 MesDecodeIncrementalHandleCreate
0x49e518 MesHandleFree
0x49e51c MesIncrementalHandleReset
0x49e520 NdrMesTypeDecode2
0x49e524 NdrMesTypeAlignSize2
0x49e528 NdrMesTypeFree2
0x49e52c NdrMesTypeEncode2
0x49e530 RpcServerUnregisterIfEx
0x49e534 I_RpcBindingInqSecurityContext
0x49e538 RpcServerInqBindings
0x49e53c RpcServerListen
0x49e540 RpcMgmtWaitServerListen
0x49e544 RpcEpRegisterW
0x49e548 RpcMgmtStopServerListening
0x49e54c RpcBindingToStringBindingW
0x49e550 RpcServerRegisterIf2
0x49e554 RpcServerRegisterAuthInfoW
0x49e558 RpcBindingVectorFree
0x49e55c UuidToStringW
0x49e560 RpcServerUseProtseqEpW
0x49e564 RpcEpUnregister
0x49e568 NdrServerCall2
0x49e56c NdrClientCall2
0x49e570 UuidCreate
0x49e574 RpcEpResolveBinding
0x49e578 RpcBindingSetObject
0x49e57c RpcBindingSetAuthInfoW
0x49e580 RpcMgmtEpEltInqDone
0x49e584 RpcMgmtEpEltInqNextW
0x49e588 RpcMgmtEpEltInqBegin
0x49e58c I_RpcGetCurrentCallHandle
SHLWAPI.dll
0x49e60c UrlUnescapeW
0x49e610 PathIsDirectoryW
0x49e614 PathFindFileNameW
0x49e618 PathIsRelativeW
0x49e61c PathCombineW
0x49e620 PathCanonicalizeW
SAMLIB.dll
0x49e594 SamEnumerateAliasesInDomain
0x49e598 SamQueryInformationUser
0x49e59c SamCloseHandle
0x49e5a0 SamEnumerateDomainsInSamServer
0x49e5a4 SamFreeMemory
0x49e5a8 SamEnumerateUsersInDomain
0x49e5ac SamOpenUser
0x49e5b0 SamLookupDomainInSamServer
0x49e5b4 SamLookupNamesInDomain
0x49e5b8 SamLookupIdsInDomain
0x49e5bc SamOpenDomain
0x49e5c0 SamConnect
0x49e5c4 SamSetInformationUser
0x49e5c8 SamiChangePasswordUser
0x49e5cc SamEnumerateGroupsInDomain
0x49e5d0 SamGetGroupsForUser
0x49e5d4 SamGetMembersInGroup
0x49e5d8 SamGetMembersInAlias
0x49e5dc SamRidToSid
0x49e5e0 SamGetAliasMembership
0x49e5e4 SamOpenGroup
0x49e5e8 SamOpenAlias
Secur32.dll
0x49e628 FreeContextBuffer
0x49e62c LsaLookupAuthenticationPackage
0x49e630 LsaFreeReturnBuffer
0x49e634 LsaDeregisterLogonProcess
0x49e638 QueryContextAttributesW
0x49e63c InitializeSecurityContextW
0x49e640 AcquireCredentialsHandleW
0x49e644 EnumerateSecurityPackagesW
0x49e648 FreeCredentialsHandle
0x49e64c DeleteSecurityContext
0x49e650 LsaCallAuthenticationPackage
0x49e654 LsaConnectUntrusted
SHELL32.dll
0x49e604 CommandLineToArgvW
USER32.dll
0x49e65c SetClipboardViewer
0x49e660 DefWindowProcW
0x49e664 GetClipboardSequenceNumber
0x49e668 OpenClipboard
0x49e66c CreateWindowExW
0x49e670 ChangeClipboardChain
0x49e674 RegisterClassExW
0x49e678 TranslateMessage
0x49e67c EnumClipboardFormats
0x49e680 PostMessageW
0x49e684 DispatchMessageW
0x49e688 GetKeyboardLayout
0x49e68c IsCharAlphaNumericW
0x49e690 SendMessageW
0x49e694 UnregisterClassW
0x49e698 GetMessageW
0x49e69c DestroyWindow
0x49e6a0 CloseClipboard
0x49e6a4 GetClipboardData
USERENV.dll
0x49e6ac DestroyEnvironmentBlock
0x49e6b0 CreateEnvironmentBlock
VERSION.dll
0x49e6b8 VerQueryValueW
0x49e6bc GetFileVersionInfoSizeW
0x49e6c0 GetFileVersionInfoW
HID.DLL
0x49e220 HidD_GetFeature
0x49e224 HidD_GetPreparsedData
0x49e228 HidD_GetHidGuid
0x49e22c HidP_GetCaps
0x49e230 HidD_SetFeature
0x49e234 HidD_FreePreparsedData
0x49e238 HidD_GetAttributes
SETUPAPI.dll
0x49e5f0 SetupDiGetDeviceInterfaceDetailW
0x49e5f4 SetupDiEnumDeviceInterfaces
0x49e5f8 SetupDiGetClassDevsW
0x49e5fc SetupDiDestroyDeviceInfoList
WinSCard.dll
0x49e770 SCardControl
0x49e774 SCardTransmit
0x49e778 SCardDisconnect
0x49e77c SCardGetAttrib
0x49e780 SCardEstablishContext
0x49e784 SCardFreeMemory
0x49e788 SCardListReadersW
0x49e78c SCardReleaseContext
0x49e790 SCardGetCardTypeProviderNameW
0x49e794 SCardListCardsW
0x49e798 SCardConnectW
WINSTA.dll
0x49e6c8 WinStationCloseServer
0x49e6cc WinStationOpenServerW
0x49e6d0 WinStationFreeMemory
0x49e6d4 WinStationConnectW
0x49e6d8 WinStationQueryInformationW
0x49e6dc WinStationEnumerateW
WLDAP32.dll
0x49e6e4 None
0x49e6e8 None
0x49e6ec None
0x49e6f0 None
0x49e6f4 None
0x49e6f8 None
0x49e6fc None
0x49e700 None
0x49e704 None
0x49e708 None
0x49e70c None
0x49e710 None
0x49e714 None
0x49e718 None
0x49e71c None
0x49e720 None
0x49e724 None
0x49e728 None
0x49e72c None
0x49e730 None
0x49e734 None
0x49e738 None
0x49e73c None
0x49e740 None
0x49e744 None
0x49e748 None
0x49e74c None
0x49e750 None
0x49e754 None
0x49e758 None
0x49e75c None
0x49e760 None
0x49e764 None
0x49e768 None
advapi32.dll
0x49e7a0 A_SHAFinal
0x49e7a4 A_SHAInit
0x49e7a8 A_SHAUpdate
msasn1.dll
0x49e7cc ASN1_CreateEncoder
0x49e7d0 ASN1BERDotVal2Eoid
0x49e7d4 ASN1_CloseEncoder
0x49e7d8 ASN1_CreateDecoder
0x49e7dc ASN1_FreeEncoded
0x49e7e0 ASN1_CloseModule
0x49e7e4 ASN1_CloseDecoder
0x49e7e8 ASN1_CreateModule
ntdll.dll
0x49e93c RtlIpv6AddressToStringW
0x49e940 RtlUnicodeStringToAnsiString
0x49e944 RtlFreeAnsiString
0x49e948 RtlDowncaseUnicodeString
0x49e94c RtlFreeUnicodeString
0x49e950 RtlInitUnicodeString
0x49e954 RtlEqualUnicodeString
0x49e958 NtQueryObject
0x49e95c RtlCompressBuffer
0x49e960 RtlGetCompressionWorkSpaceSize
0x49e964 NtQuerySystemInformation
0x49e968 RtlGetCurrentPeb
0x49e96c NtQueryInformationProcess
0x49e970 RtlCreateUserThread
0x49e974 RtlGUIDFromString
0x49e978 RtlStringFromGUID
0x49e97c NtCompareTokens
0x49e980 RtlGetNtVersionNumbers
0x49e984 RtlEqualString
0x49e988 RtlUpcaseUnicodeString
0x49e98c RtlAppendUnicodeStringToString
0x49e990 RtlAnsiStringToUnicodeString
0x49e994 RtlFreeOemString
0x49e998 RtlUpcaseUnicodeStringToOemString
0x49e99c NtQueryDirectoryObject
0x49e9a0 NtResumeProcess
0x49e9a4 NtOpenDirectoryObject
0x49e9a8 RtlAdjustPrivilege
0x49e9ac NtSuspendProcess
0x49e9b0 NtTerminateProcess
0x49e9b4 NtQuerySystemEnvironmentValueEx
0x49e9b8 NtSetSystemEnvironmentValueEx
0x49e9bc NtEnumerateSystemEnvironmentValuesEx
0x49e9c0 RtlIpv4AddressToStringW
netapi32.dll
0x49e92c I_NetServerAuthenticate2
0x49e930 I_NetServerTrustPasswordsGet
0x49e934 I_NetServerReqChallenge
KERNEL32.dll
0x49e240 SystemTimeToFileTime
0x49e244 lstrlenA
0x49e248 GetDateFormatW
0x49e24c GetSystemTimeAsFileTime
0x49e250 ClearCommError
0x49e254 CreateRemoteThread
0x49e258 WaitForSingleObject
0x49e25c CreateProcessW
0x49e260 SetConsoleOutputCP
0x49e264 GetConsoleOutputCP
0x49e268 CreateFileMappingW
0x49e26c UnmapViewOfFile
0x49e270 MapViewOfFile
0x49e274 WriteProcessMemory
0x49e278 VirtualProtect
0x49e27c InterlockedExchange
0x49e280 SetFilePointerEx
0x49e284 GetProcessId
0x49e288 GetComputerNameW
0x49e28c ProcessIdToSessionId
0x49e290 VirtualAllocEx
0x49e294 VirtualProtectEx
0x49e298 VirtualAlloc
0x49e29c SetLastError
0x49e2a0 ReadProcessMemory
0x49e2a4 VirtualFreeEx
0x49e2a8 VirtualQueryEx
0x49e2ac VirtualFree
0x49e2b0 VirtualQuery
0x49e2b4 GetComputerNameExW
0x49e2b8 DeviceIoControl
0x49e2bc DuplicateHandle
0x49e2c0 OpenProcess
0x49e2c4 GetCurrentProcess
0x49e2c8 ExpandEnvironmentStringsW
0x49e2cc FindNextFileW
0x49e2d0 FindClose
0x49e2d4 GetCurrentDirectoryW
0x49e2d8 GetFileSizeEx
0x49e2dc FlushFileBuffers
0x49e2e0 GetFileAttributesW
0x49e2e4 FindFirstFileW
0x49e2e8 lstrlenW
0x49e2ec GetProcAddress
0x49e2f0 LoadLibraryW
0x49e2f4 GetModuleHandleW
0x49e2f8 FreeLibrary
0x49e2fc DeleteFileA
0x49e300 GetTempPathA
0x49e304 GetFileInformationByHandle
0x49e308 FileTimeToLocalFileTime
0x49e30c GetCurrentDirectoryA
0x49e310 GetTempFileNameA
0x49e314 SetFilePointer
0x49e318 CreateFileA
0x49e31c FileTimeToDosDateTime
0x49e320 CreateThread
0x49e324 LocalFree
0x49e328 CloseHandle
0x49e32c LocalAlloc
0x49e330 GetLastError
0x49e334 CreateFileW
0x49e338 ReadFile
0x49e33c Sleep
0x49e340 TerminateThread
0x49e344 WriteFile
0x49e348 FileTimeToSystemTime
0x49e34c GetTimeFormatW
0x49e350 GetFullPathNameW
0x49e354 GetFullPathNameA
0x49e358 HeapReAlloc
0x49e35c GetFileSize
0x49e360 CreateMutexW
0x49e364 HeapCompact
0x49e368 SetEndOfFile
0x49e36c HeapAlloc
0x49e370 QueryPerformanceCounter
0x49e374 HeapFree
0x49e378 InterlockedCompareExchange
0x49e37c UnlockFile
0x49e380 FlushViewOfFile
0x49e384 LockFile
0x49e388 WaitForSingleObjectEx
0x49e38c OutputDebugStringW
0x49e390 GetTickCount
0x49e394 UnlockFileEx
0x49e398 GetProcessHeap
0x49e39c FormatMessageA
0x49e3a0 FormatMessageW
0x49e3a4 GetVersionExW
0x49e3a8 WideCharToMultiByte
0x49e3ac HeapDestroy
0x49e3b0 GetFileAttributesA
0x49e3b4 HeapCreate
0x49e3b8 HeapValidate
0x49e3bc MultiByteToWideChar
0x49e3c0 GetTempPathW
0x49e3c4 HeapSize
0x49e3c8 LockFileEx
0x49e3cc GetDiskFreeSpaceW
0x49e3d0 LoadLibraryA
0x49e3d4 CreateFileMappingA
0x49e3d8 GetDiskFreeSpaceA
0x49e3dc GetSystemInfo
0x49e3e0 GetFileAttributesExW
0x49e3e4 OutputDebugStringA
0x49e3e8 GetVersionExA
0x49e3ec DeleteFileW
0x49e3f0 GetCurrentProcessId
0x49e3f4 GetSystemTime
0x49e3f8 AreFileApisANSI
0x49e3fc ExitProcess
0x49e400 ExitThread
0x49e404 RaiseException
0x49e408 SetConsoleCtrlHandler
0x49e40c SetConsoleTitleW
0x49e410 SetFileAttributesW
0x49e414 GlobalSize
0x49e418 SetHandleInformation
0x49e41c CreatePipe
0x49e420 InitializeCriticalSection
0x49e424 LeaveCriticalSection
0x49e428 EnterCriticalSection
0x49e42c DeleteCriticalSection
0x49e430 SetEvent
0x49e434 CreateEventW
0x49e438 GetSystemDirectoryW
0x49e43c SetConsoleCursorPosition
0x49e440 GetTimeZoneInformation
0x49e444 GetStdHandle
0x49e448 FillConsoleOutputCharacterW
0x49e44c GetConsoleScreenBufferInfo
0x49e450 IsWow64Process
0x49e454 SetCurrentDirectoryW
0x49e458 GetCurrentThread
0x49e45c RtlUnwind
0x49e460 TerminateProcess
0x49e464 UnhandledExceptionFilter
0x49e468 SetUnhandledExceptionFilter
0x49e46c GetVersion
0x49e470 GetModuleHandleA
0x49e474 GetCurrentThreadId
0x49e478 PurgeComm
msvcrt.dll
0x49e7f0 calloc
0x49e7f4 __set_app_type
0x49e7f8 _lseeki64
0x49e7fc wctomb
0x49e800 __setusermatherr
0x49e804 isspace
0x49e808 mbtowc
0x49e80c __mb_cur_max
0x49e810 _itoa
0x49e814 isleadbyte
0x49e818 isxdigit
0x49e81c localeconv
0x49e820 _snprintf
0x49e824 __p__fmode
0x49e828 ferror
0x49e82c iswctype
0x49e830 wcstombs
0x49e834 ?terminate@@YAXXZ
0x49e838 _write
0x49e83c _isatty
0x49e840 ungetc
0x49e844 _controlfp
0x49e848 __badioinfo
0x49e84c __pioinfo
0x49e850 __p__commode
0x49e854 _read
0x49e858 isdigit
0x49e85c strrchr
0x49e860 _amsg_exit
0x49e864 _initterm
0x49e868 exit
0x49e86c _XcptFilter
0x49e870 _exit
0x49e874 _cexit
0x49e878 _errno
0x49e87c free
0x49e880 _wcsdup
0x49e884 _vsnprintf
0x49e888 _except_handler3
0x49e88c _wcsicmp
0x49e890 vfwprintf
0x49e894 _vscwprintf
0x49e898 fflush
0x49e89c _wfopen
0x49e8a0 wprintf
0x49e8a4 _fileno
0x49e8a8 _iob
0x49e8ac vwprintf
0x49e8b0 _setmode
0x49e8b4 fclose
0x49e8b8 _stricmp
0x49e8bc wcsrchr
0x49e8c0 wcschr
0x49e8c4 wcsstr
0x49e8c8 strtoul
0x49e8cc _wcsnicmp
0x49e8d0 _vscprintf
0x49e8d4 memmove
0x49e8d8 strncmp
0x49e8dc malloc
0x49e8e0 _msize
0x49e8e4 strcspn
0x49e8e8 realloc
0x49e8ec fgetws
0x49e8f0 wcstoul
0x49e8f4 strchr
0x49e8f8 wcstol
0x49e8fc wcsncmp
0x49e900 _wcstoui64
0x49e904 towupper
0x49e908 _wpgmptr
0x49e90c strstr
0x49e910 _strcmpi
0x49e914 strtol
0x49e918 getchar
0x49e91c memset
0x49e920 memcpy
0x49e924 __wgetmainargs
EAT(Export Address Table) is none