ScreenShot
| Created | 2024.11.08 17:04 | Machine | s1_win7_x6401 |
| Filename | Mapper.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (Hacktool, DriverLoader, malicious, high confidence, score, Zusy, unsafe, Save, Attribute, HighConfidence, GenKryptik, GWGN, Artemis, HacktoolX, GameHack, Rc0CEp43z0D, qkwfv, Tool, GameHackAGen, R002C0XDQ24, Krypt, Detected, ABRisk, TMEJ, R629364, Gencirc, ai score=85, susgen, AGen) | ||
| md5 | 9272b18ff6b2b323452d08c674e4243b | ||
| sha256 | c9343111e2ef9660e26dca00f7bf69e3947af3b54ca45b3a99b246518dffffa4 | ||
| ssdeep | 3072:2E4V9xmQTlzXKPEbCgc1jz/BsmJTQSaMm5/6JbwIu1hUhKU:2XPxPzQDgy1Wl/1ihKU | ||
| imphash | f02bee0fac461a90ea2c05877e833237 | ||
| impfuzzy | 96:ogrYAbWAMRoognAU/Imwz8FcgkE7jLDpqqnbD0xUu8mxUO6ipwu6RJCZ/7uoRd7J:TFWcoz8Fuwu6e/R0gfjJAG | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140012030 CloseHandle
0x140012038 GetProcAddress
0x140012040 GetCurrentProcessId
0x140012048 GetModuleHandleA
0x140012050 SetUnhandledExceptionFilter
0x140012058 GetTempPathW
0x140012060 FormatMessageA
0x140012068 GetCurrentThreadId
0x140012070 CreateFileW
0x140012078 VirtualAlloc
0x140012080 DeviceIoControl
0x140012088 Sleep
0x140012090 VirtualFree
0x140012098 GetLocaleInfoEx
0x1400120a0 FindClose
0x1400120a8 FindFirstFileW
0x1400120b0 GetFileAttributesExW
0x1400120b8 AreFileApisANSI
0x1400120c0 GetLastError
0x1400120c8 GetModuleHandleW
0x1400120d0 GetFileInformationByHandleEx
0x1400120d8 WideCharToMultiByte
0x1400120e0 ReleaseSRWLockExclusive
0x1400120e8 AcquireSRWLockExclusive
0x1400120f0 WakeAllConditionVariable
0x1400120f8 SleepConditionVariableSRW
0x140012100 RtlCaptureContext
0x140012108 RtlLookupFunctionEntry
0x140012110 RtlVirtualUnwind
0x140012118 UnhandledExceptionFilter
0x140012120 GetCurrentProcess
0x140012128 TerminateProcess
0x140012130 IsProcessorFeaturePresent
0x140012138 QueryPerformanceCounter
0x140012140 GetSystemTimeAsFileTime
0x140012148 InitializeSListHead
0x140012150 IsDebuggerPresent
0x140012158 LocalFree
ADVAPI32.dll
0x140012000 RegCloseKey
0x140012008 RegDeleteTreeW
0x140012010 RegCreateKeyW
0x140012018 RegOpenKeyW
0x140012020 RegSetKeyValueW
MSVCP140.dll
0x140012168 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x140012170 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x140012178 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012180 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012188 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x140012190 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x140012198 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400121a0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
0x1400121a8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400121b0 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400121b8 ?good@ios_base@std@@QEBA_NXZ
0x1400121c0 ??7ios_base@std@@QEBA_NXZ
0x1400121c8 ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400121d0 ?widen@?$ctype@_W@std@@QEBA_WD@Z
0x1400121d8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400121e0 ??Bid@locale@std@@QEAA_KXZ
0x1400121e8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400121f0 ?_Winerror_map@std@@YAHH@Z
0x1400121f8 ?_Syserror_map@std@@YAPEBDH@Z
0x140012200 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
0x140012208 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140012210 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140012218 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140012220 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x140012228 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x140012230 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140012238 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140012240 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x140012248 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
0x140012250 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140012258 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140012260 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140012268 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012270 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x140012278 ??1_Lockit@std@@QEAA@XZ
0x140012280 ??0_Lockit@std@@QEAA@H@Z
0x140012288 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140012290 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140012298 ?uncaught_exception@std@@YA_NXZ
0x1400122a0 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
0x1400122a8 ?id@?$ctype@_W@std@@2V0locale@2@A
0x1400122b0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400122b8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1400122c0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400122c8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400122d0 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1400122d8 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400122e0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400122e8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400122f0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400122f8 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x140012300 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x140012308 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140012310 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x140012318 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140012320 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140012328 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
0x140012330 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
0x140012338 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
0x140012340 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
ntdll.dll
0x140012598 NtQuerySystemInformation
0x1400125a0 RtlInitUnicodeString
VCRUNTIME140_1.dll
0x1400123b8 __CxxFrameHandler4
VCRUNTIME140.dll
0x140012350 __current_exception_context
0x140012358 __current_exception
0x140012360 _CxxThrowException
0x140012368 __C_specific_handler
0x140012370 __std_terminate
0x140012378 wcsstr
0x140012380 __std_exception_destroy
0x140012388 memcmp
0x140012390 memcpy
0x140012398 memset
0x1400123a0 __std_exception_copy
0x1400123a8 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x1400124e0 _set_fmode
0x1400124e8 _fseeki64
0x1400124f0 fread
0x1400124f8 fsetpos
0x140012500 _get_stream_buffer_pointers
0x140012508 __p__commode
0x140012510 fputc
0x140012518 setvbuf
0x140012520 fgetpos
0x140012528 fwrite
0x140012530 ungetc
0x140012538 fflush
0x140012540 fgetc
0x140012548 fclose
api-ms-win-crt-utility-l1-1-0.dll
0x140012580 srand
0x140012588 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400123c8 _lock_file
0x1400123d0 _wremove
0x1400123d8 _unlock_file
api-ms-win-crt-string-l1-1-0.dll
0x140012558 _wcsicmp
0x140012560 _stricmp
api-ms-win-crt-time-l1-1-0.dll
0x140012570 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x140012438 _initialize_onexit_table
0x140012440 _register_onexit_function
0x140012448 _c_exit
0x140012450 _cexit
0x140012458 __p___wargv
0x140012460 __p___argc
0x140012468 _invalid_parameter_noinfo_noreturn
0x140012470 exit
0x140012478 _initterm_e
0x140012480 _initterm
0x140012488 _get_initial_wide_environment
0x140012490 _initialize_wide_environment
0x140012498 _configure_wide_argv
0x1400124a0 _crt_atexit
0x1400124a8 _set_app_type
0x1400124b0 _seh_filter_exe
0x1400124b8 abort
0x1400124c0 _exit
0x1400124c8 terminate
0x1400124d0 _register_thread_local_exe_atexit_callback
api-ms-win-crt-heap-l1-1-0.dll
0x1400123e8 malloc
0x1400123f0 _set_new_mode
0x1400123f8 _callnewh
0x140012400 free
api-ms-win-crt-locale-l1-1-0.dll
0x140012410 _configthreadlocale
0x140012418 ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll
0x140012428 __setusermatherr
EAT(Export Address Table) is none
KERNEL32.dll
0x140012030 CloseHandle
0x140012038 GetProcAddress
0x140012040 GetCurrentProcessId
0x140012048 GetModuleHandleA
0x140012050 SetUnhandledExceptionFilter
0x140012058 GetTempPathW
0x140012060 FormatMessageA
0x140012068 GetCurrentThreadId
0x140012070 CreateFileW
0x140012078 VirtualAlloc
0x140012080 DeviceIoControl
0x140012088 Sleep
0x140012090 VirtualFree
0x140012098 GetLocaleInfoEx
0x1400120a0 FindClose
0x1400120a8 FindFirstFileW
0x1400120b0 GetFileAttributesExW
0x1400120b8 AreFileApisANSI
0x1400120c0 GetLastError
0x1400120c8 GetModuleHandleW
0x1400120d0 GetFileInformationByHandleEx
0x1400120d8 WideCharToMultiByte
0x1400120e0 ReleaseSRWLockExclusive
0x1400120e8 AcquireSRWLockExclusive
0x1400120f0 WakeAllConditionVariable
0x1400120f8 SleepConditionVariableSRW
0x140012100 RtlCaptureContext
0x140012108 RtlLookupFunctionEntry
0x140012110 RtlVirtualUnwind
0x140012118 UnhandledExceptionFilter
0x140012120 GetCurrentProcess
0x140012128 TerminateProcess
0x140012130 IsProcessorFeaturePresent
0x140012138 QueryPerformanceCounter
0x140012140 GetSystemTimeAsFileTime
0x140012148 InitializeSListHead
0x140012150 IsDebuggerPresent
0x140012158 LocalFree
ADVAPI32.dll
0x140012000 RegCloseKey
0x140012008 RegDeleteTreeW
0x140012010 RegCreateKeyW
0x140012018 RegOpenKeyW
0x140012020 RegSetKeyValueW
MSVCP140.dll
0x140012168 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x140012170 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x140012178 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012180 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012188 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
0x140012190 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x140012198 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400121a0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
0x1400121a8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
0x1400121b0 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400121b8 ?good@ios_base@std@@QEBA_NXZ
0x1400121c0 ??7ios_base@std@@QEBA_NXZ
0x1400121c8 ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400121d0 ?widen@?$ctype@_W@std@@QEBA_WD@Z
0x1400121d8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400121e0 ??Bid@locale@std@@QEAA_KXZ
0x1400121e8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400121f0 ?_Winerror_map@std@@YAHH@Z
0x1400121f8 ?_Syserror_map@std@@YAPEBDH@Z
0x140012200 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
0x140012208 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x140012210 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x140012218 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x140012220 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x140012228 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x140012230 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140012238 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140012240 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x140012248 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
0x140012250 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140012258 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x140012260 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140012268 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x140012270 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x140012278 ??1_Lockit@std@@QEAA@XZ
0x140012280 ??0_Lockit@std@@QEAA@H@Z
0x140012288 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x140012290 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x140012298 ?uncaught_exception@std@@YA_NXZ
0x1400122a0 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
0x1400122a8 ?id@?$ctype@_W@std@@2V0locale@2@A
0x1400122b0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400122b8 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x1400122c0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400122c8 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400122d0 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1400122d8 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400122e0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400122e8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400122f0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400122f8 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x140012300 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x140012308 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x140012310 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x140012318 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x140012320 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x140012328 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
0x140012330 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
0x140012338 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
0x140012340 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
ntdll.dll
0x140012598 NtQuerySystemInformation
0x1400125a0 RtlInitUnicodeString
VCRUNTIME140_1.dll
0x1400123b8 __CxxFrameHandler4
VCRUNTIME140.dll
0x140012350 __current_exception_context
0x140012358 __current_exception
0x140012360 _CxxThrowException
0x140012368 __C_specific_handler
0x140012370 __std_terminate
0x140012378 wcsstr
0x140012380 __std_exception_destroy
0x140012388 memcmp
0x140012390 memcpy
0x140012398 memset
0x1400123a0 __std_exception_copy
0x1400123a8 memmove
api-ms-win-crt-stdio-l1-1-0.dll
0x1400124e0 _set_fmode
0x1400124e8 _fseeki64
0x1400124f0 fread
0x1400124f8 fsetpos
0x140012500 _get_stream_buffer_pointers
0x140012508 __p__commode
0x140012510 fputc
0x140012518 setvbuf
0x140012520 fgetpos
0x140012528 fwrite
0x140012530 ungetc
0x140012538 fflush
0x140012540 fgetc
0x140012548 fclose
api-ms-win-crt-utility-l1-1-0.dll
0x140012580 srand
0x140012588 rand
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400123c8 _lock_file
0x1400123d0 _wremove
0x1400123d8 _unlock_file
api-ms-win-crt-string-l1-1-0.dll
0x140012558 _wcsicmp
0x140012560 _stricmp
api-ms-win-crt-time-l1-1-0.dll
0x140012570 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x140012438 _initialize_onexit_table
0x140012440 _register_onexit_function
0x140012448 _c_exit
0x140012450 _cexit
0x140012458 __p___wargv
0x140012460 __p___argc
0x140012468 _invalid_parameter_noinfo_noreturn
0x140012470 exit
0x140012478 _initterm_e
0x140012480 _initterm
0x140012488 _get_initial_wide_environment
0x140012490 _initialize_wide_environment
0x140012498 _configure_wide_argv
0x1400124a0 _crt_atexit
0x1400124a8 _set_app_type
0x1400124b0 _seh_filter_exe
0x1400124b8 abort
0x1400124c0 _exit
0x1400124c8 terminate
0x1400124d0 _register_thread_local_exe_atexit_callback
api-ms-win-crt-heap-l1-1-0.dll
0x1400123e8 malloc
0x1400123f0 _set_new_mode
0x1400123f8 _callnewh
0x140012400 free
api-ms-win-crt-locale-l1-1-0.dll
0x140012410 _configthreadlocale
0x140012418 ___lc_codepage_func
api-ms-win-crt-math-l1-1-0.dll
0x140012428 __setusermatherr
EAT(Export Address Table) is none