ScreenShot
| Created | 2024.08.06 09:16 | Machine | s1_win7_x6401 |
| Filename | autoupdate.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (AIDetectMalware, malicious, moderate confidence, Sonbokli, confidence) | ||
| md5 | 0c6e9d70bef24a7bfacfb744e4cd3368 | ||
| sha256 | 453e3c1266d62585c853ab63291b365ccdd3c8bb1eed0008e94b58decf6978fd | ||
| ssdeep | 3072:fxIOnaZVEoAh54W91l8nWOMFcCmejUaaacoreXAeDHk+:OOnaZMhF96ujaWreXASHr | ||
| imphash | 0b9d2c15c8494c8b609ce0219f813b37 | ||
| impfuzzy | 96:e7lj8v2LPp89lfkUcBbmcWSE4xyostqH28fWptttfOo7KTTgDnzU45GzI8SkNglo:e7LUSmcWSE0yEXI8SyCayLqV | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | CoinMiner_IN | CoinMiner | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetModuleFileNameA
0x41a004 GetStdHandle
0x41a008 GetModuleFileNameW
0x41a00c SetFileAttributesW
0x41a010 Sleep
0x41a014 GetLastError
0x41a018 MoveFileExA
0x41a01c DeleteFileA
0x41a020 DeleteFileW
0x41a024 FreeConsole
0x41a028 GetCurrentConsoleFontEx
0x41a02c GetConsoleWindow
0x41a030 AllocConsole
0x41a034 SetConsoleTitleW
0x41a038 MoveFileW
0x41a03c EnterCriticalSection
0x41a040 InitializeSListHead
0x41a044 GetSystemTimeAsFileTime
0x41a048 GetCurrentThreadId
0x41a04c GetCurrentProcessId
0x41a050 QueryPerformanceCounter
0x41a054 GetStartupInfoW
0x41a058 IsDebuggerPresent
0x41a05c IsProcessorFeaturePresent
0x41a060 TerminateProcess
0x41a064 GetCurrentProcess
0x41a068 SetUnhandledExceptionFilter
0x41a06c UnhandledExceptionFilter
0x41a070 GetProcAddress
0x41a074 GetModuleHandleW
0x41a078 CreateEventW
0x41a07c WaitForSingleObjectEx
0x41a080 ResetEvent
0x41a084 SetEvent
0x41a088 DeleteCriticalSection
0x41a08c InitializeCriticalSectionAndSpinCount
0x41a090 LeaveCriticalSection
0x41a094 CloseHandle
USER32.dll
0x41a1a8 SetWindowLongA
0x41a1ac MessageBoxA
0x41a1b0 GetWindowRect
0x41a1b4 SetWindowPos
0x41a1b8 MessageBoxW
0x41a1bc GetSystemMetrics
0x41a1c0 ShowWindow
0x41a1c4 ClientToScreen
0x41a1c8 GetClientRect
SHELL32.dll
0x41a1a0 ShellExecuteW
WS2_32.dll
0x41a20c getpeername
0x41a210 WSAStartup
0x41a214 getaddrinfo
0x41a218 WSASocketW
0x41a21c shutdown
0x41a220 select
0x41a224 closesocket
0x41a228 __WSAFDIsSet
0x41a22c WSACleanup
0x41a230 WSAGetLastError
0x41a234 setsockopt
0x41a238 getnameinfo
0x41a23c ioctlsocket
0x41a240 freeaddrinfo
0x41a244 getsockopt
0x41a248 recv
0x41a24c connect
0x41a250 ntohs
0x41a254 socket
0x41a258 send
MSVCP140.dll
0x41a09c ??0_Locinfo@std@@QAE@PBD@Z
0x41a0a0 ??1_Locinfo@std@@QAE@XZ
0x41a0a4 ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
0x41a0a8 ??Bid@locale@std@@QAEIXZ
0x41a0ac ?_Incref@facet@locale@std@@UAEXXZ
0x41a0b0 _Strxfrm
0x41a0b4 ??1_Lockit@std@@QAE@XZ
0x41a0b8 ??0_Lockit@std@@QAE@H@Z
0x41a0bc ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x41a0c0 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x41a0c4 ?_Xbad_alloc@std@@YAXXZ
0x41a0c8 ?_Xinvalid_argument@std@@YAXPBD@Z
0x41a0cc ?_Xout_of_range@std@@YAXPBD@Z
0x41a0d0 ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
0x41a0d4 ?_Xbad_function_call@std@@YAXXZ
0x41a0d8 ?_Throw_C_error@std@@YAXH@Z
0x41a0dc ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x41a0e0 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x41a0e4 ?id@?$ctype@D@std@@2V0locale@2@A
0x41a0e8 ?_Xlength_error@std@@YAXPBD@Z
0x41a0ec ?id@?$collate@D@std@@2V0locale@2@A
0x41a0f0 _Mtx_destroy_in_situ
0x41a0f4 _Mtx_lock
0x41a0f8 _Mtx_init_in_situ
0x41a0fc _Strcoll
0x41a100 _Thrd_id
0x41a104 _Mtx_unlock
0x41a108 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x41a10c ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x41a110 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x41a114 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x41a118 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x41a11c ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x41a120 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x41a124 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x41a128 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x41a12c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x41a130 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a134 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x41a138 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x41a13c ?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
0x41a140 ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
0x41a144 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x41a148 ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a14c ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a150 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x41a154 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x41a158 ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
0x41a15c ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
0x41a160 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
0x41a164 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a168 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
0x41a16c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a170 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x41a174 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a178 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
0x41a17c ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x41a180 ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x41a184 ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
0x41a188 ?tolower@?$ctype@D@std@@QBEDD@Z
0x41a18c ?always_noconv@codecvt_base@std@@QBE_NXZ
0x41a190 ??1facet@locale@std@@MAE@XZ
0x41a194 ??0facet@locale@std@@IAE@I@Z
0x41a198 ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
VCRUNTIME140.dll
0x41a1d0 __CxxFrameHandler3
0x41a1d4 _purecall
0x41a1d8 __std_terminate
0x41a1dc strchr
0x41a1e0 __current_exception
0x41a1e4 __current_exception_context
0x41a1e8 memset
0x41a1ec _CxxThrowException
0x41a1f0 _except_handler4_common
0x41a1f4 __std_exception_destroy
0x41a1f8 memcpy
0x41a1fc memchr
0x41a200 __std_exception_copy
0x41a204 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x41a2f4 __p__commode
0x41a2f8 __acrt_iob_func
0x41a2fc _set_fmode
0x41a300 fputc
0x41a304 __stdio_common_vswprintf
0x41a308 fflush
0x41a30c ungetc
0x41a310 fclose
0x41a314 fread
0x41a318 setvbuf
0x41a31c fgetpos
0x41a320 _fseeki64
0x41a324 __stdio_common_vsprintf
0x41a328 fgetc
0x41a32c fsetpos
0x41a330 fwrite
0x41a334 putchar
0x41a338 _get_stream_buffer_pointers
0x41a33c freopen_s
0x41a340 __stdio_common_vfprintf
0x41a344 puts
api-ms-win-crt-heap-l1-1-0.dll
0x41a27c free
0x41a280 realloc
0x41a284 _set_new_mode
0x41a288 _callnewh
0x41a28c malloc
api-ms-win-crt-string-l1-1-0.dll
0x41a34c isdigit
0x41a350 tolower
0x41a354 _stricmp
api-ms-win-crt-convert-l1-1-0.dll
0x41a260 strtoul
0x41a264 strtol
0x41a268 strtoull
api-ms-win-crt-utility-l1-1-0.dll
0x41a35c rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x41a270 _unlock_file
0x41a274 _lock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x41a2a4 _register_onexit_function
0x41a2a8 _initialize_onexit_table
0x41a2ac _crt_atexit
0x41a2b0 _cexit
0x41a2b4 _configure_narrow_argv
0x41a2b8 _set_app_type
0x41a2bc _initialize_narrow_environment
0x41a2c0 _get_narrow_winmain_command_line
0x41a2c4 _initterm
0x41a2c8 _initterm_e
0x41a2cc exit
0x41a2d0 _exit
0x41a2d4 _seh_filter_exe
0x41a2d8 _c_exit
0x41a2dc _register_thread_local_exe_atexit_callback
0x41a2e0 _errno
0x41a2e4 _invalid_parameter_noinfo_noreturn
0x41a2e8 terminate
0x41a2ec _controlfp_s
api-ms-win-crt-math-l1-1-0.dll
0x41a29c __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x41a294 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetModuleFileNameA
0x41a004 GetStdHandle
0x41a008 GetModuleFileNameW
0x41a00c SetFileAttributesW
0x41a010 Sleep
0x41a014 GetLastError
0x41a018 MoveFileExA
0x41a01c DeleteFileA
0x41a020 DeleteFileW
0x41a024 FreeConsole
0x41a028 GetCurrentConsoleFontEx
0x41a02c GetConsoleWindow
0x41a030 AllocConsole
0x41a034 SetConsoleTitleW
0x41a038 MoveFileW
0x41a03c EnterCriticalSection
0x41a040 InitializeSListHead
0x41a044 GetSystemTimeAsFileTime
0x41a048 GetCurrentThreadId
0x41a04c GetCurrentProcessId
0x41a050 QueryPerformanceCounter
0x41a054 GetStartupInfoW
0x41a058 IsDebuggerPresent
0x41a05c IsProcessorFeaturePresent
0x41a060 TerminateProcess
0x41a064 GetCurrentProcess
0x41a068 SetUnhandledExceptionFilter
0x41a06c UnhandledExceptionFilter
0x41a070 GetProcAddress
0x41a074 GetModuleHandleW
0x41a078 CreateEventW
0x41a07c WaitForSingleObjectEx
0x41a080 ResetEvent
0x41a084 SetEvent
0x41a088 DeleteCriticalSection
0x41a08c InitializeCriticalSectionAndSpinCount
0x41a090 LeaveCriticalSection
0x41a094 CloseHandle
USER32.dll
0x41a1a8 SetWindowLongA
0x41a1ac MessageBoxA
0x41a1b0 GetWindowRect
0x41a1b4 SetWindowPos
0x41a1b8 MessageBoxW
0x41a1bc GetSystemMetrics
0x41a1c0 ShowWindow
0x41a1c4 ClientToScreen
0x41a1c8 GetClientRect
SHELL32.dll
0x41a1a0 ShellExecuteW
WS2_32.dll
0x41a20c getpeername
0x41a210 WSAStartup
0x41a214 getaddrinfo
0x41a218 WSASocketW
0x41a21c shutdown
0x41a220 select
0x41a224 closesocket
0x41a228 __WSAFDIsSet
0x41a22c WSACleanup
0x41a230 WSAGetLastError
0x41a234 setsockopt
0x41a238 getnameinfo
0x41a23c ioctlsocket
0x41a240 freeaddrinfo
0x41a244 getsockopt
0x41a248 recv
0x41a24c connect
0x41a250 ntohs
0x41a254 socket
0x41a258 send
MSVCP140.dll
0x41a09c ??0_Locinfo@std@@QAE@PBD@Z
0x41a0a0 ??1_Locinfo@std@@QAE@XZ
0x41a0a4 ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
0x41a0a8 ??Bid@locale@std@@QAEIXZ
0x41a0ac ?_Incref@facet@locale@std@@UAEXXZ
0x41a0b0 _Strxfrm
0x41a0b4 ??1_Lockit@std@@QAE@XZ
0x41a0b8 ??0_Lockit@std@@QAE@H@Z
0x41a0bc ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x41a0c0 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
0x41a0c4 ?_Xbad_alloc@std@@YAXXZ
0x41a0c8 ?_Xinvalid_argument@std@@YAXPBD@Z
0x41a0cc ?_Xout_of_range@std@@YAXPBD@Z
0x41a0d0 ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
0x41a0d4 ?_Xbad_function_call@std@@YAXXZ
0x41a0d8 ?_Throw_C_error@std@@YAXH@Z
0x41a0dc ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x41a0e0 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
0x41a0e4 ?id@?$ctype@D@std@@2V0locale@2@A
0x41a0e8 ?_Xlength_error@std@@YAXPBD@Z
0x41a0ec ?id@?$collate@D@std@@2V0locale@2@A
0x41a0f0 _Mtx_destroy_in_situ
0x41a0f4 _Mtx_lock
0x41a0f8 _Mtx_init_in_situ
0x41a0fc _Strcoll
0x41a100 _Thrd_id
0x41a104 _Mtx_unlock
0x41a108 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x41a10c ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x41a110 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x41a114 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x41a118 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x41a11c ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x41a120 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x41a124 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x41a128 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x41a12c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x41a130 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a134 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x41a138 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
0x41a13c ?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
0x41a140 ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
0x41a144 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x41a148 ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a14c ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a150 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x41a154 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x41a158 ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
0x41a15c ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
0x41a160 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
0x41a164 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
0x41a168 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
0x41a16c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a170 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x41a174 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x41a178 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
0x41a17c ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x41a180 ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x41a184 ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
0x41a188 ?tolower@?$ctype@D@std@@QBEDD@Z
0x41a18c ?always_noconv@codecvt_base@std@@QBE_NXZ
0x41a190 ??1facet@locale@std@@MAE@XZ
0x41a194 ??0facet@locale@std@@IAE@I@Z
0x41a198 ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
VCRUNTIME140.dll
0x41a1d0 __CxxFrameHandler3
0x41a1d4 _purecall
0x41a1d8 __std_terminate
0x41a1dc strchr
0x41a1e0 __current_exception
0x41a1e4 __current_exception_context
0x41a1e8 memset
0x41a1ec _CxxThrowException
0x41a1f0 _except_handler4_common
0x41a1f4 __std_exception_destroy
0x41a1f8 memcpy
0x41a1fc memchr
0x41a200 __std_exception_copy
0x41a204 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x41a2f4 __p__commode
0x41a2f8 __acrt_iob_func
0x41a2fc _set_fmode
0x41a300 fputc
0x41a304 __stdio_common_vswprintf
0x41a308 fflush
0x41a30c ungetc
0x41a310 fclose
0x41a314 fread
0x41a318 setvbuf
0x41a31c fgetpos
0x41a320 _fseeki64
0x41a324 __stdio_common_vsprintf
0x41a328 fgetc
0x41a32c fsetpos
0x41a330 fwrite
0x41a334 putchar
0x41a338 _get_stream_buffer_pointers
0x41a33c freopen_s
0x41a340 __stdio_common_vfprintf
0x41a344 puts
api-ms-win-crt-heap-l1-1-0.dll
0x41a27c free
0x41a280 realloc
0x41a284 _set_new_mode
0x41a288 _callnewh
0x41a28c malloc
api-ms-win-crt-string-l1-1-0.dll
0x41a34c isdigit
0x41a350 tolower
0x41a354 _stricmp
api-ms-win-crt-convert-l1-1-0.dll
0x41a260 strtoul
0x41a264 strtol
0x41a268 strtoull
api-ms-win-crt-utility-l1-1-0.dll
0x41a35c rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x41a270 _unlock_file
0x41a274 _lock_file
api-ms-win-crt-runtime-l1-1-0.dll
0x41a2a4 _register_onexit_function
0x41a2a8 _initialize_onexit_table
0x41a2ac _crt_atexit
0x41a2b0 _cexit
0x41a2b4 _configure_narrow_argv
0x41a2b8 _set_app_type
0x41a2bc _initialize_narrow_environment
0x41a2c0 _get_narrow_winmain_command_line
0x41a2c4 _initterm
0x41a2c8 _initterm_e
0x41a2cc exit
0x41a2d0 _exit
0x41a2d4 _seh_filter_exe
0x41a2d8 _c_exit
0x41a2dc _register_thread_local_exe_atexit_callback
0x41a2e0 _errno
0x41a2e4 _invalid_parameter_noinfo_noreturn
0x41a2e8 terminate
0x41a2ec _controlfp_s
api-ms-win-crt-math-l1-1-0.dll
0x41a29c __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x41a294 _configthreadlocale
EAT(Export Address Table) is none