ScreenShot
| Created | 2024.05.02 07:22 | Machine | s1_win7_x6401 |
| Filename | jSB8SNaV.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetectMalware, Hacktool, DriverLoader, BadFile, Artemis, Ulise, Save, CHQM, Attribute, HighConfidence, malicious, high confidence, GameHack, AGen, HacktoolX, aWh7qJRHMqI, Tool, GameHackAGen, Krypt, Detected, ai score=83, GrayWare, Wacapew, Caypnamer, R641249, GdSda, Gencirc, Static AI, Suspicious PE) | ||
| md5 | af593a9f7ef816da78b444227537c5f2 | ||
| sha256 | d16e147eaf8a76ab283053889fff5074b75af230f52f7197765363b22fc82445 | ||
| ssdeep | 3072:mUIiPA+da3ZuB654rSehlwTsSY/ND07HOHpe/3vmJTQSaMm5/6peH9LHq1lwNBTh:vAQ1JIQkOw/4WlUucxoJE | ||
| imphash | 23d72874da0841595662fc34fa277974 | ||
| impfuzzy | 96:z48yOOoWfyo4tp52Y2uxUc+A4bugh7jQrkY6idw0Cd/mOE9OU5hzetneVEYDpaxJ:ZWqdqpREkWyxt8SKEbBZJpcu0S | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400aa088 VirtualFree
0x1400aa090 GetModuleHandleA
0x1400aa098 GetProcAddress
0x1400aa0a0 SetUnhandledExceptionFilter
0x1400aa0a8 CreateToolhelp32Snapshot
0x1400aa0b0 VirtualAlloc
0x1400aa0b8 Process32NextW
0x1400aa0c0 GetTempPathW
0x1400aa0c8 VirtualQuery
0x1400aa0d0 GetProcessHeap
0x1400aa0d8 HeapFree
0x1400aa0e0 HeapAlloc
0x1400aa0e8 GetCurrentThreadId
0x1400aa0f0 GetCurrentProcessId
0x1400aa0f8 DeviceIoControl
0x1400aa100 CloseHandle
0x1400aa108 Process32FirstW
0x1400aa110 CreateFileW
0x1400aa118 GetStartupInfoW
0x1400aa120 InitializeSListHead
0x1400aa128 GetSystemTimeAsFileTime
0x1400aa130 QueryPerformanceCounter
0x1400aa138 RaiseException
0x1400aa140 IsDebuggerPresent
0x1400aa148 IsProcessorFeaturePresent
0x1400aa150 TerminateProcess
0x1400aa158 GetCurrentProcess
0x1400aa160 UnhandledExceptionFilter
0x1400aa168 RtlVirtualUnwind
0x1400aa170 RtlLookupFunctionEntry
0x1400aa178 RtlCaptureContext
0x1400aa180 SleepConditionVariableSRW
0x1400aa188 WakeAllConditionVariable
0x1400aa190 AcquireSRWLockExclusive
0x1400aa198 ReleaseSRWLockExclusive
0x1400aa1a0 WideCharToMultiByte
0x1400aa1a8 MultiByteToWideChar
0x1400aa1b0 CreateSymbolicLinkW
0x1400aa1b8 GetFileInformationByHandleEx
0x1400aa1c0 CreateHardLinkW
0x1400aa1c8 MoveFileExW
0x1400aa1d0 CopyFileW
0x1400aa1d8 CreateDirectoryExW
0x1400aa1e0 GetModuleHandleW
0x1400aa1e8 GetLastError
0x1400aa1f0 AreFileApisANSI
0x1400aa1f8 SetFileTime
0x1400aa200 SetFileInformationByHandle
0x1400aa208 SetFileAttributesW
0x1400aa210 GetFullPathNameW
0x1400aa218 GetFinalPathNameByHandleW
0x1400aa220 GetFileInformationByHandle
0x1400aa228 GetFileAttributesExW
0x1400aa230 GetFileAttributesW
0x1400aa238 GetDiskFreeSpaceExW
0x1400aa240 FindNextFileW
0x1400aa248 FindFirstFileExW
0x1400aa250 FindFirstFileW
0x1400aa258 FindClose
0x1400aa260 CreateDirectoryW
0x1400aa268 GetCurrentDirectoryW
0x1400aa270 SetCurrentDirectoryW
0x1400aa278 GetLocaleInfoEx
0x1400aa280 FormatMessageA
0x1400aa288 LocalFree
0x1400aa290 FreeLibrary
USER32.dll
0x1400aa730 GetWindowThreadProcessId
0x1400aa738 GetShellWindow
ADVAPI32.dll
0x1400aa000 RegSetKeyValueW
0x1400aa008 RegOpenKeyW
0x1400aa010 RegCreateKeyW
0x1400aa018 RegCloseKey
0x1400aa020 RegDeleteTreeW
MSVCP140D.dll
0x1400aa358 ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
0x1400aa360 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
0x1400aa368 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400aa370 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa378 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400aa380 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x1400aa388 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400aa390 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400aa398 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
0x1400aa3a0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400aa3a8 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
0x1400aa3b0 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x1400aa3b8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1400aa3c0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400aa3c8 ?id@?$ctype@_W@std@@2V0locale@2@A
0x1400aa3d0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400aa3d8 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
0x1400aa3e0 ?_Xbad_alloc@std@@YAXXZ
0x1400aa3e8 ?_Syserror_map@std@@YAPEBDH@Z
0x1400aa3f0 ?_Winerror_map@std@@YAHH@Z
0x1400aa3f8 _Mbrtowc
0x1400aa400 ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
0x1400aa408 ?_Getdays@_Locinfo@std@@QEBAPEBDXZ
0x1400aa410 ?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
0x1400aa418 ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
0x1400aa420 ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
0x1400aa428 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
0x1400aa430 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa438 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400aa440 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400aa448 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400aa450 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
0x1400aa458 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400aa460 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
0x1400aa468 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400aa470 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400aa478 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400aa480 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400aa488 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400aa490 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
0x1400aa498 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400aa4a0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa4a8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa4b0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400aa4b8 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa4c0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400aa4c8 ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
0x1400aa4d0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400aa4d8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa4e0 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
0x1400aa4e8 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
0x1400aa4f0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400aa4f8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400aa500 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x1400aa508 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400aa510 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x1400aa518 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1400aa520 ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
0x1400aa528 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa530 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400aa538 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x1400aa540 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa548 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa550 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa558 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400aa560 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400aa568 ??0_Lockit@std@@QEAA@H@Z
0x1400aa570 ??1_Lockit@std@@QEAA@XZ
0x1400aa578 ?_Xlength_error@std@@YAXPEBD@Z
0x1400aa580 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400aa588 ?uncaught_exception@std@@YA_NXZ
0x1400aa590 ??Bid@locale@std@@QEAA_KXZ
0x1400aa598 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400aa5a0 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400aa5a8 ?widen@?$ctype@_W@std@@QEBA_WD@Z
0x1400aa5b0 ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400aa5b8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400aa5c0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400aa5c8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400aa5d0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400aa5d8 ??7ios_base@std@@QEBA_NXZ
0x1400aa5e0 ?good@ios_base@std@@QEBA_NXZ
0x1400aa5e8 ?flags@ios_base@std@@QEBAHXZ
0x1400aa5f0 ?setf@ios_base@std@@QEAAHHH@Z
0x1400aa5f8 ?width@ios_base@std@@QEBA_JXZ
0x1400aa600 ?width@ios_base@std@@QEAA_J_J@Z
0x1400aa608 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400aa610 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400aa618 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa620 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400aa628 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa630 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa638 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa640 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
ntdll.dll
0x1400aa8e8 NtQuerySystemInformation
0x1400aa8f0 RtlInitUnicodeString
VCRUNTIME140D.dll
0x1400aa798 __current_exception_context
0x1400aa7a0 __current_exception
0x1400aa7a8 __std_type_info_destroy_list
0x1400aa7b0 __C_specific_handler_noexcept
0x1400aa7b8 __C_specific_handler
0x1400aa7c0 __vcrt_GetModuleFileNameW
0x1400aa7c8 __std_exception_destroy
0x1400aa7d0 __std_exception_copy
0x1400aa7d8 wcsstr
0x1400aa7e0 memset
0x1400aa7e8 memmove
0x1400aa7f0 memcpy
0x1400aa7f8 __vcrt_GetModuleHandleW
0x1400aa800 __vcrt_LoadLibraryExW
0x1400aa808 _CxxThrowException
0x1400aa810 memcmp
VCRUNTIME140_1D.dll
0x1400aa888 __CxxFrameHandler4
ucrtbased.dll
0x1400aa950 _configure_narrow_argv
0x1400aa958 _initialize_narrow_environment
0x1400aa960 _initialize_onexit_table
0x1400aa968 _register_onexit_function
0x1400aa970 _execute_onexit_table
0x1400aa978 _crt_atexit
0x1400aa980 _crt_at_quick_exit
0x1400aa988 strcpy_s
0x1400aa990 strcat_s
0x1400aa998 __stdio_common_vsprintf_s
0x1400aa9a0 terminate
0x1400aa9a8 _wmakepath_s
0x1400aa9b0 _wsplitpath_s
0x1400aa9b8 wcscpy_s
0x1400aa9c0 _seh_filter_dll
0x1400aa9c8 _cexit
0x1400aa9d0 __p___wargv
0x1400aa9d8 __p___argc
0x1400aa9e0 _set_fmode
0x1400aa9e8 _exit
0x1400aa9f0 exit
0x1400aa9f8 _initterm_e
0x1400aaa00 _initterm
0x1400aaa08 _get_initial_wide_environment
0x1400aaa10 _initialize_wide_environment
0x1400aaa18 _configure_wide_argv
0x1400aaa20 __setusermatherr
0x1400aaa28 _set_app_type
0x1400aaa30 _seh_filter_exe
0x1400aaa38 __p__commode
0x1400aaa40 malloc
0x1400aaa48 _callnewh
0x1400aaa50 abort
0x1400aaa58 ___lc_codepage_func
0x1400aaa60 _malloc_dbg
0x1400aaa68 _calloc_dbg
0x1400aaa70 _wcsicmp
0x1400aaa78 _time64
0x1400aaa80 _unlock_file
0x1400aaa88 _lock_file
0x1400aaa90 ungetc
0x1400aaa98 setvbuf
0x1400aaaa0 fwrite
0x1400aaaa8 _fseeki64
0x1400aaab0 fsetpos
0x1400aaab8 fread
0x1400aaac0 fputc
0x1400aaac8 fgetpos
0x1400aaad0 fgetc
0x1400aaad8 fflush
0x1400aaae0 fclose
0x1400aaae8 _get_stream_buffer_pointers
0x1400aaaf0 _wremove
0x1400aaaf8 _CrtDbgReport
0x1400aab00 rand
0x1400aab08 srand
0x1400aab10 strlen
0x1400aab18 _stricmp
0x1400aab20 wcslen
0x1400aab28 _invalid_parameter
0x1400aab30 _set_new_mode
0x1400aab38 _configthreadlocale
0x1400aab40 _register_thread_local_exe_atexit_callback
0x1400aab48 _CrtDbgReportW
0x1400aab50 _c_exit
0x1400aab58 _free_dbg
EAT(Export Address Table) is none
KERNEL32.dll
0x1400aa088 VirtualFree
0x1400aa090 GetModuleHandleA
0x1400aa098 GetProcAddress
0x1400aa0a0 SetUnhandledExceptionFilter
0x1400aa0a8 CreateToolhelp32Snapshot
0x1400aa0b0 VirtualAlloc
0x1400aa0b8 Process32NextW
0x1400aa0c0 GetTempPathW
0x1400aa0c8 VirtualQuery
0x1400aa0d0 GetProcessHeap
0x1400aa0d8 HeapFree
0x1400aa0e0 HeapAlloc
0x1400aa0e8 GetCurrentThreadId
0x1400aa0f0 GetCurrentProcessId
0x1400aa0f8 DeviceIoControl
0x1400aa100 CloseHandle
0x1400aa108 Process32FirstW
0x1400aa110 CreateFileW
0x1400aa118 GetStartupInfoW
0x1400aa120 InitializeSListHead
0x1400aa128 GetSystemTimeAsFileTime
0x1400aa130 QueryPerformanceCounter
0x1400aa138 RaiseException
0x1400aa140 IsDebuggerPresent
0x1400aa148 IsProcessorFeaturePresent
0x1400aa150 TerminateProcess
0x1400aa158 GetCurrentProcess
0x1400aa160 UnhandledExceptionFilter
0x1400aa168 RtlVirtualUnwind
0x1400aa170 RtlLookupFunctionEntry
0x1400aa178 RtlCaptureContext
0x1400aa180 SleepConditionVariableSRW
0x1400aa188 WakeAllConditionVariable
0x1400aa190 AcquireSRWLockExclusive
0x1400aa198 ReleaseSRWLockExclusive
0x1400aa1a0 WideCharToMultiByte
0x1400aa1a8 MultiByteToWideChar
0x1400aa1b0 CreateSymbolicLinkW
0x1400aa1b8 GetFileInformationByHandleEx
0x1400aa1c0 CreateHardLinkW
0x1400aa1c8 MoveFileExW
0x1400aa1d0 CopyFileW
0x1400aa1d8 CreateDirectoryExW
0x1400aa1e0 GetModuleHandleW
0x1400aa1e8 GetLastError
0x1400aa1f0 AreFileApisANSI
0x1400aa1f8 SetFileTime
0x1400aa200 SetFileInformationByHandle
0x1400aa208 SetFileAttributesW
0x1400aa210 GetFullPathNameW
0x1400aa218 GetFinalPathNameByHandleW
0x1400aa220 GetFileInformationByHandle
0x1400aa228 GetFileAttributesExW
0x1400aa230 GetFileAttributesW
0x1400aa238 GetDiskFreeSpaceExW
0x1400aa240 FindNextFileW
0x1400aa248 FindFirstFileExW
0x1400aa250 FindFirstFileW
0x1400aa258 FindClose
0x1400aa260 CreateDirectoryW
0x1400aa268 GetCurrentDirectoryW
0x1400aa270 SetCurrentDirectoryW
0x1400aa278 GetLocaleInfoEx
0x1400aa280 FormatMessageA
0x1400aa288 LocalFree
0x1400aa290 FreeLibrary
USER32.dll
0x1400aa730 GetWindowThreadProcessId
0x1400aa738 GetShellWindow
ADVAPI32.dll
0x1400aa000 RegSetKeyValueW
0x1400aa008 RegOpenKeyW
0x1400aa010 RegCreateKeyW
0x1400aa018 RegCloseKey
0x1400aa020 RegDeleteTreeW
MSVCP140D.dll
0x1400aa358 ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
0x1400aa360 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
0x1400aa368 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400aa370 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa378 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x1400aa380 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x1400aa388 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400aa390 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400aa398 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
0x1400aa3a0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400aa3a8 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
0x1400aa3b0 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x1400aa3b8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1400aa3c0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400aa3c8 ?id@?$ctype@_W@std@@2V0locale@2@A
0x1400aa3d0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400aa3d8 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
0x1400aa3e0 ?_Xbad_alloc@std@@YAXXZ
0x1400aa3e8 ?_Syserror_map@std@@YAPEBDH@Z
0x1400aa3f0 ?_Winerror_map@std@@YAHH@Z
0x1400aa3f8 _Mbrtowc
0x1400aa400 ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
0x1400aa408 ?_Getdays@_Locinfo@std@@QEBAPEBDXZ
0x1400aa410 ?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
0x1400aa418 ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
0x1400aa420 ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
0x1400aa428 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
0x1400aa430 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa438 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400aa440 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400aa448 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400aa450 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
0x1400aa458 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x1400aa460 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
0x1400aa468 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400aa470 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400aa478 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400aa480 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400aa488 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400aa490 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
0x1400aa498 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400aa4a0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa4a8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400aa4b0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400aa4b8 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa4c0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400aa4c8 ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
0x1400aa4d0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400aa4d8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa4e0 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
0x1400aa4e8 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
0x1400aa4f0 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400aa4f8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400aa500 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x1400aa508 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400aa510 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x1400aa518 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1400aa520 ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
0x1400aa528 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa530 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400aa538 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x1400aa540 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa548 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x1400aa550 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa558 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x1400aa560 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x1400aa568 ??0_Lockit@std@@QEAA@H@Z
0x1400aa570 ??1_Lockit@std@@QEAA@XZ
0x1400aa578 ?_Xlength_error@std@@YAXPEBD@Z
0x1400aa580 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400aa588 ?uncaught_exception@std@@YA_NXZ
0x1400aa590 ??Bid@locale@std@@QEAA_KXZ
0x1400aa598 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400aa5a0 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400aa5a8 ?widen@?$ctype@_W@std@@QEBA_WD@Z
0x1400aa5b0 ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400aa5b8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400aa5c0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400aa5c8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400aa5d0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400aa5d8 ??7ios_base@std@@QEBA_NXZ
0x1400aa5e0 ?good@ios_base@std@@QEBA_NXZ
0x1400aa5e8 ?flags@ios_base@std@@QEBAHXZ
0x1400aa5f0 ?setf@ios_base@std@@QEAAHHH@Z
0x1400aa5f8 ?width@ios_base@std@@QEBA_JXZ
0x1400aa600 ?width@ios_base@std@@QEAA_J_J@Z
0x1400aa608 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400aa610 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400aa618 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400aa620 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400aa628 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa630 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa638 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x1400aa640 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
ntdll.dll
0x1400aa8e8 NtQuerySystemInformation
0x1400aa8f0 RtlInitUnicodeString
VCRUNTIME140D.dll
0x1400aa798 __current_exception_context
0x1400aa7a0 __current_exception
0x1400aa7a8 __std_type_info_destroy_list
0x1400aa7b0 __C_specific_handler_noexcept
0x1400aa7b8 __C_specific_handler
0x1400aa7c0 __vcrt_GetModuleFileNameW
0x1400aa7c8 __std_exception_destroy
0x1400aa7d0 __std_exception_copy
0x1400aa7d8 wcsstr
0x1400aa7e0 memset
0x1400aa7e8 memmove
0x1400aa7f0 memcpy
0x1400aa7f8 __vcrt_GetModuleHandleW
0x1400aa800 __vcrt_LoadLibraryExW
0x1400aa808 _CxxThrowException
0x1400aa810 memcmp
VCRUNTIME140_1D.dll
0x1400aa888 __CxxFrameHandler4
ucrtbased.dll
0x1400aa950 _configure_narrow_argv
0x1400aa958 _initialize_narrow_environment
0x1400aa960 _initialize_onexit_table
0x1400aa968 _register_onexit_function
0x1400aa970 _execute_onexit_table
0x1400aa978 _crt_atexit
0x1400aa980 _crt_at_quick_exit
0x1400aa988 strcpy_s
0x1400aa990 strcat_s
0x1400aa998 __stdio_common_vsprintf_s
0x1400aa9a0 terminate
0x1400aa9a8 _wmakepath_s
0x1400aa9b0 _wsplitpath_s
0x1400aa9b8 wcscpy_s
0x1400aa9c0 _seh_filter_dll
0x1400aa9c8 _cexit
0x1400aa9d0 __p___wargv
0x1400aa9d8 __p___argc
0x1400aa9e0 _set_fmode
0x1400aa9e8 _exit
0x1400aa9f0 exit
0x1400aa9f8 _initterm_e
0x1400aaa00 _initterm
0x1400aaa08 _get_initial_wide_environment
0x1400aaa10 _initialize_wide_environment
0x1400aaa18 _configure_wide_argv
0x1400aaa20 __setusermatherr
0x1400aaa28 _set_app_type
0x1400aaa30 _seh_filter_exe
0x1400aaa38 __p__commode
0x1400aaa40 malloc
0x1400aaa48 _callnewh
0x1400aaa50 abort
0x1400aaa58 ___lc_codepage_func
0x1400aaa60 _malloc_dbg
0x1400aaa68 _calloc_dbg
0x1400aaa70 _wcsicmp
0x1400aaa78 _time64
0x1400aaa80 _unlock_file
0x1400aaa88 _lock_file
0x1400aaa90 ungetc
0x1400aaa98 setvbuf
0x1400aaaa0 fwrite
0x1400aaaa8 _fseeki64
0x1400aaab0 fsetpos
0x1400aaab8 fread
0x1400aaac0 fputc
0x1400aaac8 fgetpos
0x1400aaad0 fgetc
0x1400aaad8 fflush
0x1400aaae0 fclose
0x1400aaae8 _get_stream_buffer_pointers
0x1400aaaf0 _wremove
0x1400aaaf8 _CrtDbgReport
0x1400aab00 rand
0x1400aab08 srand
0x1400aab10 strlen
0x1400aab18 _stricmp
0x1400aab20 wcslen
0x1400aab28 _invalid_parameter
0x1400aab30 _set_new_mode
0x1400aab38 _configthreadlocale
0x1400aab40 _register_thread_local_exe_atexit_callback
0x1400aab48 _CrtDbgReportW
0x1400aab50 _c_exit
0x1400aab58 _free_dbg
EAT(Export Address Table) is none