ScreenShot
| Created | 2024.07.23 07:42 | Machine | s1_win7_x6401 |
| Filename | file200h.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 5cc9482bfa632c0f5bdc71c9e3d9e123 | ||
| sha256 | a51028636c248144ec21dcc056c1bc19bc0ecaf61bdf2a845410e64f7f26803c | ||
| ssdeep | 49152:Q2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hUNyiBaU:nrpEZI6BaU | ||
| imphash | bdd12e28ad568dc64eacd7cb42d8e2d5 | ||
| impfuzzy | 96:e5adwKrVXbLC9uyAXWSXt7uixAFSCPjXxm9xcXAX1dH8XZQAzyqOLyDQOAo:ecprVLLd9vX0ixArwFdcpNLQOAo | ||
Network IP location
Signature (28cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Drops a binary and executes it |
| watch | Installs itself for autorun at Windows startup |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | The process powershell.exe wrote an executable file to disk |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (11cnts) ?
Suricata ids
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET INFO Executable Served From /tmp/ Directory - Malware Hosting Behaviour
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET INFO Executable Served From /tmp/ Directory - Malware Hosting Behaviour
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140152000 AdjustTokenPrivileges
0x140152008 CreateWellKnownSid
0x140152010 DeregisterEventSource
0x140152018 DuplicateTokenEx
0x140152020 GetSecurityDescriptorLength
0x140152028 GetWindowsAccountDomainSid
0x140152030 LookupPrivilegeValueW
0x140152038 OpenProcessToken
0x140152040 OpenThreadToken
0x140152048 RegCloseKey
0x140152050 RegCreateKeyExW
0x140152058 RegDeleteKeyExW
0x140152060 RegDeleteTreeW
0x140152068 RegDeleteValueW
0x140152070 RegEnumKeyExW
0x140152078 RegEnumValueW
0x140152080 RegFlushKey
0x140152088 RegOpenKeyExW
0x140152090 RegQueryInfoKeyW
0x140152098 RegQueryValueExW
0x1401520a0 RegSetValueExA
0x1401520a8 RegSetValueExW
0x1401520b0 RegisterEventSourceW
0x1401520b8 ReportEventW
0x1401520c0 RevertToSelf
0x1401520c8 SetThreadToken
crypt.dll
0x140152780 BCryptDestroyKey
0x140152788 BCryptEncrypt
0x140152790 BCryptGenRandom
0x140152798 BCryptOpenAlgorithmProvider
0x1401527a0 BCryptSetProperty
0x1401527a8 BCryptDecrypt
0x1401527b0 BCryptCloseAlgorithmProvider
0x1401527b8 BCryptImportKey
KERNEL32.dll
0x1401520d8 TlsFree
0x1401520e0 TlsSetValue
0x1401520e8 TlsGetValue
0x1401520f0 TlsAlloc
0x1401520f8 InitializeCriticalSectionAndSpinCount
0x140152100 EncodePointer
0x140152108 RaiseException
0x140152110 RtlPcToFileHeader
0x140152118 AllocConsole
0x140152120 CancelThreadpoolIo
0x140152128 CloseHandle
0x140152130 CloseThreadpoolIo
0x140152138 CompareStringEx
0x140152140 CompareStringOrdinal
0x140152148 CopyFileExW
0x140152150 CreateDirectoryW
0x140152158 CreateEventExW
0x140152160 CreateFileW
0x140152168 CreateProcessA
0x140152170 CreateSymbolicLinkW
0x140152178 CreateThreadpoolIo
0x140152180 DeleteCriticalSection
0x140152188 DeleteFileW
0x140152190 DeleteVolumeMountPointW
0x140152198 DeviceIoControl
0x1401521a0 DuplicateHandle
0x1401521a8 EnterCriticalSection
0x1401521b0 EnumCalendarInfoExEx
0x1401521b8 EnumTimeFormatsEx
0x1401521c0 ExitProcess
0x1401521c8 ExpandEnvironmentStringsW
0x1401521d0 FileTimeToSystemTime
0x1401521d8 FindClose
0x1401521e0 FindFirstFileExW
0x1401521e8 FindNLSStringEx
0x1401521f0 FindNextFileW
0x1401521f8 FindStringOrdinal
0x140152200 FlushFileBuffers
0x140152208 FormatMessageW
0x140152210 FreeConsole
0x140152218 FreeLibrary
0x140152220 GetCalendarInfoEx
0x140152228 GetConsoleOutputCP
0x140152230 GetConsoleWindow
0x140152238 GetCurrentProcess
0x140152240 GetCurrentProcessorNumberEx
0x140152248 GetCurrentThread
0x140152250 GetDynamicTimeZoneInformation
0x140152258 GetEnvironmentVariableW
0x140152260 GetFileAttributesExW
0x140152268 GetFileInformationByHandle
0x140152270 GetFileInformationByHandleEx
0x140152278 GetFileType
0x140152280 GetFinalPathNameByHandleW
0x140152288 GetFullPathNameW
0x140152290 GetLastError
0x140152298 GetLocaleInfoEx
0x1401522a0 GetLogicalDrives
0x1401522a8 GetLongPathNameW
0x1401522b0 GetModuleFileNameW
0x1401522b8 GetModuleHandleA
0x1401522c0 GetOverlappedResult
0x1401522c8 GetProcAddress
0x1401522d0 GetStdHandle
0x1401522d8 GetSystemDirectoryW
0x1401522e0 GetSystemTime
0x1401522e8 GetThreadPriority
0x1401522f0 GetTickCount64
0x1401522f8 GetTimeZoneInformation
0x140152300 GetUserPreferredUILanguages
0x140152308 GetVolumeInformationW
0x140152310 InitializeConditionVariable
0x140152318 InitializeCriticalSection
0x140152320 IsDebuggerPresent
0x140152328 LCMapStringEx
0x140152330 LeaveCriticalSection
0x140152338 LoadLibraryExW
0x140152340 LocalAlloc
0x140152348 LocalFree
0x140152350 LocaleNameToLCID
0x140152358 MoveFileExW
0x140152360 MultiByteToWideChar
0x140152368 QueryPerformanceCounter
0x140152370 QueryPerformanceFrequency
0x140152378 RaiseFailFastException
0x140152380 ReadFile
0x140152388 RemoveDirectoryW
0x140152390 ReplaceFileW
0x140152398 ResetEvent
0x1401523a0 ResolveLocaleName
0x1401523a8 ResumeThread
0x1401523b0 SetEvent
0x1401523b8 SetFileAttributesW
0x1401523c0 SetFileInformationByHandle
0x1401523c8 SetLastError
0x1401523d0 SetThreadErrorMode
0x1401523d8 SetThreadPriority
0x1401523e0 Sleep
0x1401523e8 SleepConditionVariableCS
0x1401523f0 StartThreadpoolIo
0x1401523f8 SystemTimeToFileTime
0x140152400 TzSpecificLocalTimeToSystemTime
0x140152408 VirtualAlloc
0x140152410 VirtualFree
0x140152418 WaitForMultipleObjectsEx
0x140152420 WakeConditionVariable
0x140152428 WideCharToMultiByte
0x140152430 WriteFile
0x140152438 FlushProcessWriteBuffers
0x140152440 WaitForSingleObjectEx
0x140152448 RtlVirtualUnwind
0x140152450 RtlCaptureContext
0x140152458 RtlRestoreContext
0x140152460 VerSetConditionMask
0x140152468 AddVectoredExceptionHandler
0x140152470 FlsAlloc
0x140152478 FlsGetValue
0x140152480 FlsSetValue
0x140152488 CreateEventW
0x140152490 SwitchToThread
0x140152498 CreateThread
0x1401524a0 GetCurrentThreadId
0x1401524a8 SuspendThread
0x1401524b0 GetThreadContext
0x1401524b8 SetThreadContext
0x1401524c0 QueryInformationJobObject
0x1401524c8 GetModuleHandleW
0x1401524d0 GetModuleHandleExW
0x1401524d8 GetProcessAffinityMask
0x1401524e0 VerifyVersionInfoW
0x1401524e8 InitializeContext
0x1401524f0 GetEnabledXStateFeatures
0x1401524f8 SetXStateFeaturesMask
0x140152500 VirtualQuery
0x140152508 GetSystemTimeAsFileTime
0x140152510 InitializeCriticalSectionEx
0x140152518 DebugBreak
0x140152520 WaitForSingleObject
0x140152528 SleepEx
0x140152530 GetCurrentProcessId
0x140152538 GlobalMemoryStatusEx
0x140152540 GetSystemInfo
0x140152548 GetLogicalProcessorInformation
0x140152550 GetLogicalProcessorInformationEx
0x140152558 GetLargePageMinimum
0x140152560 VirtualUnlock
0x140152568 VirtualAllocExNuma
0x140152570 IsProcessInJob
0x140152578 GetNumaHighestNodeNumber
0x140152580 GetProcessGroupAffinity
0x140152588 K32GetProcessMemoryInfo
0x140152590 RtlUnwindEx
0x140152598 InitializeSListHead
0x1401525a0 IsProcessorFeaturePresent
0x1401525a8 TerminateProcess
0x1401525b0 SetUnhandledExceptionFilter
0x1401525b8 UnhandledExceptionFilter
0x1401525c0 RtlLookupFunctionEntry
ole32.dll
0x1401527c8 CoTaskMemAlloc
0x1401527d0 CoTaskMemFree
0x1401527d8 CoUninitialize
0x1401527e0 CoWaitForMultipleHandles
0x1401527e8 CoInitializeEx
0x1401527f0 CoCreateGuid
0x1401527f8 CoGetApartmentType
USER32.dll
0x1401525d0 LoadStringW
api-ms-win-crt-math-l1-1-0.dll
0x140152630 __setusermatherr
0x140152638 floor
0x140152640 pow
0x140152648 modf
0x140152650 sin
0x140152658 cos
0x140152660 ceil
0x140152668 tan
api-ms-win-crt-heap-l1-1-0.dll
0x1401525f0 free
0x1401525f8 calloc
0x140152600 _set_new_mode
0x140152608 malloc
0x140152610 _callnewh
api-ms-win-crt-string-l1-1-0.dll
0x140152750 strncpy_s
0x140152758 strcpy_s
0x140152760 _stricmp
0x140152768 wcsncmp
0x140152770 strcmp
api-ms-win-crt-convert-l1-1-0.dll
0x1401525e0 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x140152678 _register_thread_local_exe_atexit_callback
0x140152680 _c_exit
0x140152688 _cexit
0x140152690 __p___wargv
0x140152698 __p___argc
0x1401526a0 _exit
0x1401526a8 exit
0x1401526b0 _initterm_e
0x1401526b8 terminate
0x1401526c0 _crt_atexit
0x1401526c8 _initterm
0x1401526d0 _register_onexit_function
0x1401526d8 _get_initial_wide_environment
0x1401526e0 abort
0x1401526e8 _initialize_onexit_table
0x1401526f0 _initialize_wide_environment
0x1401526f8 _configure_wide_argv
0x140152700 _seh_filter_exe
0x140152708 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x140152718 __stdio_common_vsscanf
0x140152720 __p__commode
0x140152728 __acrt_iob_func
0x140152730 __stdio_common_vfprintf
0x140152738 __stdio_common_vsprintf_s
0x140152740 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x140152620 _configthreadlocale
EAT(Export Address Table) Library
ADVAPI32.dll
0x140152000 AdjustTokenPrivileges
0x140152008 CreateWellKnownSid
0x140152010 DeregisterEventSource
0x140152018 DuplicateTokenEx
0x140152020 GetSecurityDescriptorLength
0x140152028 GetWindowsAccountDomainSid
0x140152030 LookupPrivilegeValueW
0x140152038 OpenProcessToken
0x140152040 OpenThreadToken
0x140152048 RegCloseKey
0x140152050 RegCreateKeyExW
0x140152058 RegDeleteKeyExW
0x140152060 RegDeleteTreeW
0x140152068 RegDeleteValueW
0x140152070 RegEnumKeyExW
0x140152078 RegEnumValueW
0x140152080 RegFlushKey
0x140152088 RegOpenKeyExW
0x140152090 RegQueryInfoKeyW
0x140152098 RegQueryValueExW
0x1401520a0 RegSetValueExA
0x1401520a8 RegSetValueExW
0x1401520b0 RegisterEventSourceW
0x1401520b8 ReportEventW
0x1401520c0 RevertToSelf
0x1401520c8 SetThreadToken
crypt.dll
0x140152780 BCryptDestroyKey
0x140152788 BCryptEncrypt
0x140152790 BCryptGenRandom
0x140152798 BCryptOpenAlgorithmProvider
0x1401527a0 BCryptSetProperty
0x1401527a8 BCryptDecrypt
0x1401527b0 BCryptCloseAlgorithmProvider
0x1401527b8 BCryptImportKey
KERNEL32.dll
0x1401520d8 TlsFree
0x1401520e0 TlsSetValue
0x1401520e8 TlsGetValue
0x1401520f0 TlsAlloc
0x1401520f8 InitializeCriticalSectionAndSpinCount
0x140152100 EncodePointer
0x140152108 RaiseException
0x140152110 RtlPcToFileHeader
0x140152118 AllocConsole
0x140152120 CancelThreadpoolIo
0x140152128 CloseHandle
0x140152130 CloseThreadpoolIo
0x140152138 CompareStringEx
0x140152140 CompareStringOrdinal
0x140152148 CopyFileExW
0x140152150 CreateDirectoryW
0x140152158 CreateEventExW
0x140152160 CreateFileW
0x140152168 CreateProcessA
0x140152170 CreateSymbolicLinkW
0x140152178 CreateThreadpoolIo
0x140152180 DeleteCriticalSection
0x140152188 DeleteFileW
0x140152190 DeleteVolumeMountPointW
0x140152198 DeviceIoControl
0x1401521a0 DuplicateHandle
0x1401521a8 EnterCriticalSection
0x1401521b0 EnumCalendarInfoExEx
0x1401521b8 EnumTimeFormatsEx
0x1401521c0 ExitProcess
0x1401521c8 ExpandEnvironmentStringsW
0x1401521d0 FileTimeToSystemTime
0x1401521d8 FindClose
0x1401521e0 FindFirstFileExW
0x1401521e8 FindNLSStringEx
0x1401521f0 FindNextFileW
0x1401521f8 FindStringOrdinal
0x140152200 FlushFileBuffers
0x140152208 FormatMessageW
0x140152210 FreeConsole
0x140152218 FreeLibrary
0x140152220 GetCalendarInfoEx
0x140152228 GetConsoleOutputCP
0x140152230 GetConsoleWindow
0x140152238 GetCurrentProcess
0x140152240 GetCurrentProcessorNumberEx
0x140152248 GetCurrentThread
0x140152250 GetDynamicTimeZoneInformation
0x140152258 GetEnvironmentVariableW
0x140152260 GetFileAttributesExW
0x140152268 GetFileInformationByHandle
0x140152270 GetFileInformationByHandleEx
0x140152278 GetFileType
0x140152280 GetFinalPathNameByHandleW
0x140152288 GetFullPathNameW
0x140152290 GetLastError
0x140152298 GetLocaleInfoEx
0x1401522a0 GetLogicalDrives
0x1401522a8 GetLongPathNameW
0x1401522b0 GetModuleFileNameW
0x1401522b8 GetModuleHandleA
0x1401522c0 GetOverlappedResult
0x1401522c8 GetProcAddress
0x1401522d0 GetStdHandle
0x1401522d8 GetSystemDirectoryW
0x1401522e0 GetSystemTime
0x1401522e8 GetThreadPriority
0x1401522f0 GetTickCount64
0x1401522f8 GetTimeZoneInformation
0x140152300 GetUserPreferredUILanguages
0x140152308 GetVolumeInformationW
0x140152310 InitializeConditionVariable
0x140152318 InitializeCriticalSection
0x140152320 IsDebuggerPresent
0x140152328 LCMapStringEx
0x140152330 LeaveCriticalSection
0x140152338 LoadLibraryExW
0x140152340 LocalAlloc
0x140152348 LocalFree
0x140152350 LocaleNameToLCID
0x140152358 MoveFileExW
0x140152360 MultiByteToWideChar
0x140152368 QueryPerformanceCounter
0x140152370 QueryPerformanceFrequency
0x140152378 RaiseFailFastException
0x140152380 ReadFile
0x140152388 RemoveDirectoryW
0x140152390 ReplaceFileW
0x140152398 ResetEvent
0x1401523a0 ResolveLocaleName
0x1401523a8 ResumeThread
0x1401523b0 SetEvent
0x1401523b8 SetFileAttributesW
0x1401523c0 SetFileInformationByHandle
0x1401523c8 SetLastError
0x1401523d0 SetThreadErrorMode
0x1401523d8 SetThreadPriority
0x1401523e0 Sleep
0x1401523e8 SleepConditionVariableCS
0x1401523f0 StartThreadpoolIo
0x1401523f8 SystemTimeToFileTime
0x140152400 TzSpecificLocalTimeToSystemTime
0x140152408 VirtualAlloc
0x140152410 VirtualFree
0x140152418 WaitForMultipleObjectsEx
0x140152420 WakeConditionVariable
0x140152428 WideCharToMultiByte
0x140152430 WriteFile
0x140152438 FlushProcessWriteBuffers
0x140152440 WaitForSingleObjectEx
0x140152448 RtlVirtualUnwind
0x140152450 RtlCaptureContext
0x140152458 RtlRestoreContext
0x140152460 VerSetConditionMask
0x140152468 AddVectoredExceptionHandler
0x140152470 FlsAlloc
0x140152478 FlsGetValue
0x140152480 FlsSetValue
0x140152488 CreateEventW
0x140152490 SwitchToThread
0x140152498 CreateThread
0x1401524a0 GetCurrentThreadId
0x1401524a8 SuspendThread
0x1401524b0 GetThreadContext
0x1401524b8 SetThreadContext
0x1401524c0 QueryInformationJobObject
0x1401524c8 GetModuleHandleW
0x1401524d0 GetModuleHandleExW
0x1401524d8 GetProcessAffinityMask
0x1401524e0 VerifyVersionInfoW
0x1401524e8 InitializeContext
0x1401524f0 GetEnabledXStateFeatures
0x1401524f8 SetXStateFeaturesMask
0x140152500 VirtualQuery
0x140152508 GetSystemTimeAsFileTime
0x140152510 InitializeCriticalSectionEx
0x140152518 DebugBreak
0x140152520 WaitForSingleObject
0x140152528 SleepEx
0x140152530 GetCurrentProcessId
0x140152538 GlobalMemoryStatusEx
0x140152540 GetSystemInfo
0x140152548 GetLogicalProcessorInformation
0x140152550 GetLogicalProcessorInformationEx
0x140152558 GetLargePageMinimum
0x140152560 VirtualUnlock
0x140152568 VirtualAllocExNuma
0x140152570 IsProcessInJob
0x140152578 GetNumaHighestNodeNumber
0x140152580 GetProcessGroupAffinity
0x140152588 K32GetProcessMemoryInfo
0x140152590 RtlUnwindEx
0x140152598 InitializeSListHead
0x1401525a0 IsProcessorFeaturePresent
0x1401525a8 TerminateProcess
0x1401525b0 SetUnhandledExceptionFilter
0x1401525b8 UnhandledExceptionFilter
0x1401525c0 RtlLookupFunctionEntry
ole32.dll
0x1401527c8 CoTaskMemAlloc
0x1401527d0 CoTaskMemFree
0x1401527d8 CoUninitialize
0x1401527e0 CoWaitForMultipleHandles
0x1401527e8 CoInitializeEx
0x1401527f0 CoCreateGuid
0x1401527f8 CoGetApartmentType
USER32.dll
0x1401525d0 LoadStringW
api-ms-win-crt-math-l1-1-0.dll
0x140152630 __setusermatherr
0x140152638 floor
0x140152640 pow
0x140152648 modf
0x140152650 sin
0x140152658 cos
0x140152660 ceil
0x140152668 tan
api-ms-win-crt-heap-l1-1-0.dll
0x1401525f0 free
0x1401525f8 calloc
0x140152600 _set_new_mode
0x140152608 malloc
0x140152610 _callnewh
api-ms-win-crt-string-l1-1-0.dll
0x140152750 strncpy_s
0x140152758 strcpy_s
0x140152760 _stricmp
0x140152768 wcsncmp
0x140152770 strcmp
api-ms-win-crt-convert-l1-1-0.dll
0x1401525e0 strtoull
api-ms-win-crt-runtime-l1-1-0.dll
0x140152678 _register_thread_local_exe_atexit_callback
0x140152680 _c_exit
0x140152688 _cexit
0x140152690 __p___wargv
0x140152698 __p___argc
0x1401526a0 _exit
0x1401526a8 exit
0x1401526b0 _initterm_e
0x1401526b8 terminate
0x1401526c0 _crt_atexit
0x1401526c8 _initterm
0x1401526d0 _register_onexit_function
0x1401526d8 _get_initial_wide_environment
0x1401526e0 abort
0x1401526e8 _initialize_onexit_table
0x1401526f0 _initialize_wide_environment
0x1401526f8 _configure_wide_argv
0x140152700 _seh_filter_exe
0x140152708 _set_app_type
api-ms-win-crt-stdio-l1-1-0.dll
0x140152718 __stdio_common_vsscanf
0x140152720 __p__commode
0x140152728 __acrt_iob_func
0x140152730 __stdio_common_vfprintf
0x140152738 __stdio_common_vsprintf_s
0x140152740 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x140152620 _configthreadlocale
EAT(Export Address Table) Library