ScreenShot
| Created | 2024.07.11 14:04 | Machine | s1_win7_x6403 |
| Filename | et.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 2 detected (Expiro, Detected) | ||
| md5 | c5099467ee088a00183440db0dc4b09d | ||
| sha256 | 76576ba84783efe05b459d701ec9b29b9313c9210f43155f94b1d40eed5e7626 | ||
| ssdeep | 12288:kbcaZu6KDlAedSjNPkJn9u58Lh+ui6y1hCjBm398QeiyyBCHlftXplvPDM:kbnDKDHWyuqQQm3qbyBCHlfdplXDM | ||
| imphash | 8ac450196a7aac00d6df055f5e3b06d4 | ||
| impfuzzy | 192:uI39usDsGTiZSfNEp35W9ySYsv+84jj0V:uI39F1iZSf/U3sB4P0V | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4a3000 GetCommandLineW
0x4a3004 LocalFree
0x4a3008 CloseHandle
0x4a300c GetLastError
0x4a3010 Sleep
0x4a3014 GetCurrentProcessId
0x4a3018 TerminateProcess
0x4a301c GetCurrentThreadId
0x4a3020 OpenProcess
0x4a3024 GetSystemDirectoryW
0x4a3028 GetSystemWow64DirectoryW
0x4a302c FreeLibrary
0x4a3030 GetModuleFileNameW
0x4a3034 GetModuleHandleA
0x4a3038 GetProcAddress
0x4a303c LoadLibraryW
0x4a3040 CreateToolhelp32Snapshot
0x4a3044 Process32FirstW
0x4a3048 Process32NextW
0x4a304c GetEnvironmentVariableW
0x4a3050 SetEnvironmentVariableW
0x4a3054 GetDriveTypeW
0x4a3058 GetTempPathW
0x4a305c GetStartupInfoW
0x4a3060 GetTickCount
0x4a3064 GetModuleHandleW
0x4a3068 SetDllDirectoryW
0x4a306c GetDllDirectoryW
0x4a3070 CopyFileW
0x4a3074 CreateDirectoryW
0x4a3078 CreateFileW
0x4a307c GetFileAttributesW
0x4a3080 WideCharToMultiByte
0x4a3084 RaiseException
0x4a3088 HeapDestroy
0x4a308c HeapAlloc
0x4a3090 HeapReAlloc
0x4a3094 HeapFree
0x4a3098 HeapSize
0x4a309c GetProcessHeap
0x4a30a0 InitializeCriticalSectionAndSpinCount
0x4a30a4 DeleteCriticalSection
0x4a30a8 FindResourceExW
0x4a30ac LoadResource
0x4a30b0 LockResource
0x4a30b4 SizeofResource
0x4a30b8 FindResourceW
0x4a30bc MultiByteToWideChar
0x4a30c0 SetEvent
0x4a30c4 CreateEventW
0x4a30c8 GetExitCodeProcess
0x4a30cc Process32First
0x4a30d0 Process32Next
0x4a30d4 ReleaseMutex
0x4a30d8 OpenMutexW
0x4a30dc GetSystemTime
0x4a30e0 SystemTimeToFileTime
0x4a30e4 VerSetConditionMask
0x4a30e8 GetFileAttributesExW
0x4a30ec ReadFile
0x4a30f0 WaitForSingleObject
0x4a30f4 CreateMutexW
0x4a30f8 GetLocalTime
0x4a30fc VerifyVersionInfoW
0x4a3100 DeleteFileW
0x4a3104 InitializeCriticalSection
0x4a3108 EnterCriticalSection
0x4a310c LeaveCriticalSection
0x4a3110 WaitForMultipleObjects
0x4a3114 CreateThread
0x4a3118 QueueUserWorkItem
0x4a311c UnregisterWaitEx
0x4a3120 FlushFileBuffers
0x4a3124 WriteFile
0x4a3128 ConnectNamedPipe
0x4a312c DisconnectNamedPipe
0x4a3130 CreateNamedPipeW
0x4a3134 CreateIoCompletionPort
0x4a3138 GetQueuedCompletionStatus
0x4a313c PostQueuedCompletionStatus
0x4a3140 SetNamedPipeHandleState
0x4a3144 WaitNamedPipeW
0x4a3148 GetOverlappedResult
0x4a314c CancelIo
0x4a3150 GetCurrentProcess
0x4a3154 LocalAlloc
0x4a3158 SetUnhandledExceptionFilter
0x4a315c GetProcessId
0x4a3160 LoadLibraryExW
0x4a3164 VirtualQuery
0x4a3168 CreateFileMappingW
0x4a316c OpenFileMappingW
0x4a3170 MapViewOfFile
0x4a3174 UnmapViewOfFile
0x4a3178 VirtualAlloc
0x4a317c VirtualFree
0x4a3180 SetErrorMode
0x4a3184 GetModuleHandleExW
0x4a3188 QueryPerformanceCounter
0x4a318c GetCurrentThread
0x4a3190 VirtualProtect
0x4a3194 LoadLibraryExA
0x4a3198 lstrlenW
0x4a319c GetPrivateProfileIntW
0x4a31a0 GetPrivateProfileStringW
0x4a31a4 GetUserDefaultUILanguage
0x4a31a8 GetSystemInfo
0x4a31ac CreateProcessW
0x4a31b0 ExpandEnvironmentStringsW
0x4a31b4 GetLongPathNameW
0x4a31b8 CompareFileTime
0x4a31bc FindClose
0x4a31c0 FindFirstFileW
0x4a31c4 FindNextFileW
0x4a31c8 GetFileSizeEx
0x4a31cc SetFilePointerEx
0x4a31d0 SystemTimeToTzSpecificLocalTime
0x4a31d4 FileTimeToSystemTime
0x4a31d8 ProcessIdToSessionId
0x4a31dc ResetEvent
0x4a31e0 WaitForSingleObjectEx
0x4a31e4 InitializeSListHead
0x4a31e8 UnhandledExceptionFilter
0x4a31ec IsProcessorFeaturePresent
0x4a31f0 GetSystemTimeAsFileTime
0x4a31f4 IsDebuggerPresent
0x4a31f8 OutputDebugStringW
krpt.dll
0x4a3508 ?_force_link_krpt@@YGXXZ
MSVCP140.dll
0x4a3200 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a3204 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x4a3208 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4a320c ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x4a3210 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a3214 ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
0x4a3218 ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
0x4a321c ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
0x4a3220 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x4a3224 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x4a3228 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x4a322c _Query_perf_counter
0x4a3230 _Query_perf_frequency
0x4a3234 ?_Xinvalid_argument@std@@YAXPBD@Z
0x4a3238 _Xtime_get_ticks
0x4a323c ?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
0x4a3240 ?uncaught_exception@std@@YA_NXZ
0x4a3244 _Mtx_init_in_situ
0x4a3248 _Mtx_destroy_in_situ
0x4a324c _Mtx_lock
0x4a3250 _Mtx_unlock
0x4a3254 ?_Throw_C_error@std@@YAXH@Z
0x4a3258 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x4a325c ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3260 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
0x4a3264 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
0x4a3268 ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
0x4a326c ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3270 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
0x4a3274 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x4a3278 ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x4a327c ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3280 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
0x4a3284 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
0x4a3288 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
0x4a328c ?_Xbad_function_call@std@@YAXXZ
0x4a3290 ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
0x4a3294 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
0x4a3298 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
0x4a329c ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
0x4a32a0 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
0x4a32a4 ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
0x4a32a8 ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
0x4a32ac ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
0x4a32b0 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
0x4a32b4 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x4a32b8 ?toupper@?$ctype@_W@std@@QBE_W_W@Z
0x4a32bc ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4a32c0 ?id@?$ctype@_W@std@@2V0locale@2@A
0x4a32c4 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x4a32c8 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x4a32cc ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x4a32d0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a32d4 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a32d8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x4a32dc ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a32e0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4a32e4 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4a32e8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4a32ec ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4a32f0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4a32f4 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x4a32f8 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x4a32fc ??Bid@locale@std@@QAEIXZ
0x4a3300 ?uncaught_exceptions@std@@YAHXZ
0x4a3304 ??0_Lockit@std@@QAE@H@Z
0x4a3308 ?_Xout_of_range@std@@YAXPBD@Z
0x4a330c ?_Xlength_error@std@@YAXPBD@Z
0x4a3310 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a3314 ?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a3318 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x4a331c ??1_Lockit@std@@QAE@XZ
VCRUNTIME140.dll
0x4a3324 wcschr
0x4a3328 set_unexpected
0x4a332c __current_exception_context
0x4a3330 strchr
0x4a3334 __RTDynamicCast
0x4a3338 memmove
0x4a333c _except_handler4_common
0x4a3340 __std_exception_copy
0x4a3344 _set_purecall_handler
0x4a3348 wcsstr
0x4a334c wcsrchr
0x4a3350 __std_exception_destroy
0x4a3354 _CxxThrowException
0x4a3358 __CxxFrameHandler3
0x4a335c memcpy
0x4a3360 __current_exception
0x4a3364 memset
0x4a3368 _purecall
0x4a336c __std_terminate
0x4a3370 __std_type_info_compare
0x4a3374 __std_type_info_name
0x4a3378 memchr
api-ms-win-crt-runtime-l1-1-0.dll
0x4a33f0 _invalid_parameter_noinfo
0x4a33f4 _invalid_parameter_noinfo_noreturn
0x4a33f8 _errno
0x4a33fc signal
0x4a3400 _set_new_handler
0x4a3404 _seh_filter_exe
0x4a3408 _set_app_type
0x4a340c set_terminate
0x4a3410 _configure_narrow_argv
0x4a3414 _initialize_narrow_environment
0x4a3418 _get_narrow_winmain_command_line
0x4a341c _initterm
0x4a3420 _initterm_e
0x4a3424 exit
0x4a3428 _exit
0x4a342c _set_invalid_parameter_handler
0x4a3430 _cexit
0x4a3434 _c_exit
0x4a3438 _register_thread_local_exe_atexit_callback
0x4a343c _set_abort_behavior
0x4a3440 _beginthreadex
0x4a3444 _controlfp_s
0x4a3448 __p___argv
0x4a344c terminate
0x4a3450 _initialize_onexit_table
0x4a3454 _register_onexit_function
0x4a3458 _crt_atexit
0x4a345c __p___argc
api-ms-win-crt-string-l1-1-0.dll
0x4a34b8 _stricmp
0x4a34bc isspace
0x4a34c0 isdigit
0x4a34c4 _wcsnicmp
0x4a34c8 isalpha
0x4a34cc strncmp
0x4a34d0 _wcsicmp
0x4a34d4 wcscat_s
0x4a34d8 wcscpy_s
0x4a34dc wcsncpy
0x4a34e0 tolower
0x4a34e4 iswspace
0x4a34e8 isalnum
api-ms-win-crt-convert-l1-1-0.dll
0x4a3380 _wtoi
0x4a3384 wcstoull
0x4a3388 wcstol
0x4a338c _wtol
0x4a3390 _itow
0x4a3394 _itow_s
api-ms-win-crt-filesystem-l1-1-0.dll
0x4a33a8 _unlock_file
0x4a33ac _lock_file
0x4a33b0 _wsplitpath_s
api-ms-win-crt-stdio-l1-1-0.dll
0x4a3464 __p__commode
0x4a3468 __stdio_common_vsnprintf_s
0x4a346c _set_fmode
0x4a3470 __stdio_common_vfprintf
0x4a3474 __stdio_common_vswscanf
0x4a3478 __stdio_common_vswprintf
0x4a347c __stdio_common_vsnwprintf_s
0x4a3480 _get_stream_buffer_pointers
0x4a3484 fclose
0x4a3488 fflush
0x4a348c fgetc
0x4a3490 fgetpos
0x4a3494 fputc
0x4a3498 fread
0x4a349c fsetpos
0x4a34a0 _fseeki64
0x4a34a4 __stdio_common_vswprintf_s
0x4a34a8 fwrite
0x4a34ac setvbuf
0x4a34b0 ungetc
api-ms-win-crt-heap-l1-1-0.dll
0x4a33b8 _recalloc
0x4a33bc realloc
0x4a33c0 _set_new_mode
0x4a33c4 malloc
0x4a33c8 _callnewh
0x4a33cc free
0x4a33d0 calloc
0x4a33d4 _aligned_free
0x4a33d8 _aligned_malloc
api-ms-win-crt-utility-l1-1-0.dll
0x4a34fc srand
0x4a3500 rand
api-ms-win-crt-time-l1-1-0.dll
0x4a34f0 _difftime64
0x4a34f4 _time64
api-ms-win-crt-environment-l1-1-0.dll
0x4a339c _wgetenv_s
0x4a33a0 _wputenv_s
api-ms-win-crt-math-l1-1-0.dll
0x4a33e8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x4a33e0 _configthreadlocale
EAT(Export Address Table) Library
0x428bc0 GetHostInterface
0x44d0f0 MdCallBack
0x44d080 MdCallBack12
0x44d360 _appcore_CreateObject
0x44d3c0 _applogic_CreateObject
0x44d420 _cpl_ConstRecognize
0x44d480 _cpl_NFAGetCategory
0x44d4e0 _cpl_NFAGetFormatByFFT
0x44d540 _cpl_NFAResolveFormat
0x44d5a0 _cpl_ValidateSheetNameEx
0x44d600 _et_GetIKRefEditProxy
0x44d650 _etcore_CreateObject
0x44d6b0 _etopl_CreateObject
0x44d710 _ettext_GetxtObject
0x44d770 _ettext_XFIsIndent
0x44d7d0 _ettext_XFamend
0x44d840 _etul_CreateObject
0x44d8a0 _funclib_CreateObject
0x44d900 ksGetHWND
KERNEL32.dll
0x4a3000 GetCommandLineW
0x4a3004 LocalFree
0x4a3008 CloseHandle
0x4a300c GetLastError
0x4a3010 Sleep
0x4a3014 GetCurrentProcessId
0x4a3018 TerminateProcess
0x4a301c GetCurrentThreadId
0x4a3020 OpenProcess
0x4a3024 GetSystemDirectoryW
0x4a3028 GetSystemWow64DirectoryW
0x4a302c FreeLibrary
0x4a3030 GetModuleFileNameW
0x4a3034 GetModuleHandleA
0x4a3038 GetProcAddress
0x4a303c LoadLibraryW
0x4a3040 CreateToolhelp32Snapshot
0x4a3044 Process32FirstW
0x4a3048 Process32NextW
0x4a304c GetEnvironmentVariableW
0x4a3050 SetEnvironmentVariableW
0x4a3054 GetDriveTypeW
0x4a3058 GetTempPathW
0x4a305c GetStartupInfoW
0x4a3060 GetTickCount
0x4a3064 GetModuleHandleW
0x4a3068 SetDllDirectoryW
0x4a306c GetDllDirectoryW
0x4a3070 CopyFileW
0x4a3074 CreateDirectoryW
0x4a3078 CreateFileW
0x4a307c GetFileAttributesW
0x4a3080 WideCharToMultiByte
0x4a3084 RaiseException
0x4a3088 HeapDestroy
0x4a308c HeapAlloc
0x4a3090 HeapReAlloc
0x4a3094 HeapFree
0x4a3098 HeapSize
0x4a309c GetProcessHeap
0x4a30a0 InitializeCriticalSectionAndSpinCount
0x4a30a4 DeleteCriticalSection
0x4a30a8 FindResourceExW
0x4a30ac LoadResource
0x4a30b0 LockResource
0x4a30b4 SizeofResource
0x4a30b8 FindResourceW
0x4a30bc MultiByteToWideChar
0x4a30c0 SetEvent
0x4a30c4 CreateEventW
0x4a30c8 GetExitCodeProcess
0x4a30cc Process32First
0x4a30d0 Process32Next
0x4a30d4 ReleaseMutex
0x4a30d8 OpenMutexW
0x4a30dc GetSystemTime
0x4a30e0 SystemTimeToFileTime
0x4a30e4 VerSetConditionMask
0x4a30e8 GetFileAttributesExW
0x4a30ec ReadFile
0x4a30f0 WaitForSingleObject
0x4a30f4 CreateMutexW
0x4a30f8 GetLocalTime
0x4a30fc VerifyVersionInfoW
0x4a3100 DeleteFileW
0x4a3104 InitializeCriticalSection
0x4a3108 EnterCriticalSection
0x4a310c LeaveCriticalSection
0x4a3110 WaitForMultipleObjects
0x4a3114 CreateThread
0x4a3118 QueueUserWorkItem
0x4a311c UnregisterWaitEx
0x4a3120 FlushFileBuffers
0x4a3124 WriteFile
0x4a3128 ConnectNamedPipe
0x4a312c DisconnectNamedPipe
0x4a3130 CreateNamedPipeW
0x4a3134 CreateIoCompletionPort
0x4a3138 GetQueuedCompletionStatus
0x4a313c PostQueuedCompletionStatus
0x4a3140 SetNamedPipeHandleState
0x4a3144 WaitNamedPipeW
0x4a3148 GetOverlappedResult
0x4a314c CancelIo
0x4a3150 GetCurrentProcess
0x4a3154 LocalAlloc
0x4a3158 SetUnhandledExceptionFilter
0x4a315c GetProcessId
0x4a3160 LoadLibraryExW
0x4a3164 VirtualQuery
0x4a3168 CreateFileMappingW
0x4a316c OpenFileMappingW
0x4a3170 MapViewOfFile
0x4a3174 UnmapViewOfFile
0x4a3178 VirtualAlloc
0x4a317c VirtualFree
0x4a3180 SetErrorMode
0x4a3184 GetModuleHandleExW
0x4a3188 QueryPerformanceCounter
0x4a318c GetCurrentThread
0x4a3190 VirtualProtect
0x4a3194 LoadLibraryExA
0x4a3198 lstrlenW
0x4a319c GetPrivateProfileIntW
0x4a31a0 GetPrivateProfileStringW
0x4a31a4 GetUserDefaultUILanguage
0x4a31a8 GetSystemInfo
0x4a31ac CreateProcessW
0x4a31b0 ExpandEnvironmentStringsW
0x4a31b4 GetLongPathNameW
0x4a31b8 CompareFileTime
0x4a31bc FindClose
0x4a31c0 FindFirstFileW
0x4a31c4 FindNextFileW
0x4a31c8 GetFileSizeEx
0x4a31cc SetFilePointerEx
0x4a31d0 SystemTimeToTzSpecificLocalTime
0x4a31d4 FileTimeToSystemTime
0x4a31d8 ProcessIdToSessionId
0x4a31dc ResetEvent
0x4a31e0 WaitForSingleObjectEx
0x4a31e4 InitializeSListHead
0x4a31e8 UnhandledExceptionFilter
0x4a31ec IsProcessorFeaturePresent
0x4a31f0 GetSystemTimeAsFileTime
0x4a31f4 IsDebuggerPresent
0x4a31f8 OutputDebugStringW
krpt.dll
0x4a3508 ?_force_link_krpt@@YGXXZ
MSVCP140.dll
0x4a3200 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a3204 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x4a3208 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4a320c ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x4a3210 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a3214 ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
0x4a3218 ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
0x4a321c ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
0x4a3220 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x4a3224 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x4a3228 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x4a322c _Query_perf_counter
0x4a3230 _Query_perf_frequency
0x4a3234 ?_Xinvalid_argument@std@@YAXPBD@Z
0x4a3238 _Xtime_get_ticks
0x4a323c ?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
0x4a3240 ?uncaught_exception@std@@YA_NXZ
0x4a3244 _Mtx_init_in_situ
0x4a3248 _Mtx_destroy_in_situ
0x4a324c _Mtx_lock
0x4a3250 _Mtx_unlock
0x4a3254 ?_Throw_C_error@std@@YAXH@Z
0x4a3258 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x4a325c ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3260 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
0x4a3264 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
0x4a3268 ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
0x4a326c ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3270 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
0x4a3274 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
0x4a3278 ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x4a327c ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
0x4a3280 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
0x4a3284 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
0x4a3288 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
0x4a328c ?_Xbad_function_call@std@@YAXXZ
0x4a3290 ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
0x4a3294 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
0x4a3298 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
0x4a329c ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
0x4a32a0 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
0x4a32a4 ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
0x4a32a8 ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
0x4a32ac ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
0x4a32b0 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
0x4a32b4 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x4a32b8 ?toupper@?$ctype@_W@std@@QBE_W_W@Z
0x4a32bc ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4a32c0 ?id@?$ctype@_W@std@@2V0locale@2@A
0x4a32c4 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x4a32c8 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x4a32cc ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x4a32d0 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a32d4 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a32d8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x4a32dc ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x4a32e0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x4a32e4 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x4a32e8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x4a32ec ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4a32f0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x4a32f4 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x4a32f8 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x4a32fc ??Bid@locale@std@@QAEIXZ
0x4a3300 ?uncaught_exceptions@std@@YAHXZ
0x4a3304 ??0_Lockit@std@@QAE@H@Z
0x4a3308 ?_Xout_of_range@std@@YAXPBD@Z
0x4a330c ?_Xlength_error@std@@YAXPBD@Z
0x4a3310 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a3314 ?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
0x4a3318 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x4a331c ??1_Lockit@std@@QAE@XZ
VCRUNTIME140.dll
0x4a3324 wcschr
0x4a3328 set_unexpected
0x4a332c __current_exception_context
0x4a3330 strchr
0x4a3334 __RTDynamicCast
0x4a3338 memmove
0x4a333c _except_handler4_common
0x4a3340 __std_exception_copy
0x4a3344 _set_purecall_handler
0x4a3348 wcsstr
0x4a334c wcsrchr
0x4a3350 __std_exception_destroy
0x4a3354 _CxxThrowException
0x4a3358 __CxxFrameHandler3
0x4a335c memcpy
0x4a3360 __current_exception
0x4a3364 memset
0x4a3368 _purecall
0x4a336c __std_terminate
0x4a3370 __std_type_info_compare
0x4a3374 __std_type_info_name
0x4a3378 memchr
api-ms-win-crt-runtime-l1-1-0.dll
0x4a33f0 _invalid_parameter_noinfo
0x4a33f4 _invalid_parameter_noinfo_noreturn
0x4a33f8 _errno
0x4a33fc signal
0x4a3400 _set_new_handler
0x4a3404 _seh_filter_exe
0x4a3408 _set_app_type
0x4a340c set_terminate
0x4a3410 _configure_narrow_argv
0x4a3414 _initialize_narrow_environment
0x4a3418 _get_narrow_winmain_command_line
0x4a341c _initterm
0x4a3420 _initterm_e
0x4a3424 exit
0x4a3428 _exit
0x4a342c _set_invalid_parameter_handler
0x4a3430 _cexit
0x4a3434 _c_exit
0x4a3438 _register_thread_local_exe_atexit_callback
0x4a343c _set_abort_behavior
0x4a3440 _beginthreadex
0x4a3444 _controlfp_s
0x4a3448 __p___argv
0x4a344c terminate
0x4a3450 _initialize_onexit_table
0x4a3454 _register_onexit_function
0x4a3458 _crt_atexit
0x4a345c __p___argc
api-ms-win-crt-string-l1-1-0.dll
0x4a34b8 _stricmp
0x4a34bc isspace
0x4a34c0 isdigit
0x4a34c4 _wcsnicmp
0x4a34c8 isalpha
0x4a34cc strncmp
0x4a34d0 _wcsicmp
0x4a34d4 wcscat_s
0x4a34d8 wcscpy_s
0x4a34dc wcsncpy
0x4a34e0 tolower
0x4a34e4 iswspace
0x4a34e8 isalnum
api-ms-win-crt-convert-l1-1-0.dll
0x4a3380 _wtoi
0x4a3384 wcstoull
0x4a3388 wcstol
0x4a338c _wtol
0x4a3390 _itow
0x4a3394 _itow_s
api-ms-win-crt-filesystem-l1-1-0.dll
0x4a33a8 _unlock_file
0x4a33ac _lock_file
0x4a33b0 _wsplitpath_s
api-ms-win-crt-stdio-l1-1-0.dll
0x4a3464 __p__commode
0x4a3468 __stdio_common_vsnprintf_s
0x4a346c _set_fmode
0x4a3470 __stdio_common_vfprintf
0x4a3474 __stdio_common_vswscanf
0x4a3478 __stdio_common_vswprintf
0x4a347c __stdio_common_vsnwprintf_s
0x4a3480 _get_stream_buffer_pointers
0x4a3484 fclose
0x4a3488 fflush
0x4a348c fgetc
0x4a3490 fgetpos
0x4a3494 fputc
0x4a3498 fread
0x4a349c fsetpos
0x4a34a0 _fseeki64
0x4a34a4 __stdio_common_vswprintf_s
0x4a34a8 fwrite
0x4a34ac setvbuf
0x4a34b0 ungetc
api-ms-win-crt-heap-l1-1-0.dll
0x4a33b8 _recalloc
0x4a33bc realloc
0x4a33c0 _set_new_mode
0x4a33c4 malloc
0x4a33c8 _callnewh
0x4a33cc free
0x4a33d0 calloc
0x4a33d4 _aligned_free
0x4a33d8 _aligned_malloc
api-ms-win-crt-utility-l1-1-0.dll
0x4a34fc srand
0x4a3500 rand
api-ms-win-crt-time-l1-1-0.dll
0x4a34f0 _difftime64
0x4a34f4 _time64
api-ms-win-crt-environment-l1-1-0.dll
0x4a339c _wgetenv_s
0x4a33a0 _wputenv_s
api-ms-win-crt-math-l1-1-0.dll
0x4a33e8 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x4a33e0 _configthreadlocale
EAT(Export Address Table) Library
0x428bc0 GetHostInterface
0x44d0f0 MdCallBack
0x44d080 MdCallBack12
0x44d360 _appcore_CreateObject
0x44d3c0 _applogic_CreateObject
0x44d420 _cpl_ConstRecognize
0x44d480 _cpl_NFAGetCategory
0x44d4e0 _cpl_NFAGetFormatByFFT
0x44d540 _cpl_NFAResolveFormat
0x44d5a0 _cpl_ValidateSheetNameEx
0x44d600 _et_GetIKRefEditProxy
0x44d650 _etcore_CreateObject
0x44d6b0 _etopl_CreateObject
0x44d710 _ettext_GetxtObject
0x44d770 _ettext_XFIsIndent
0x44d7d0 _ettext_XFamend
0x44d840 _etul_CreateObject
0x44d8a0 _funclib_CreateObject
0x44d900 ksGetHWND