ScreenShot
| Created | 2024.12.16 19:16 | Machine | s1_win7_x6403 |
| Filename | 888.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (Luca, Fragtor, Ghanarava, Unsafe, Veds, malicious, confidence, Attribute, HighConfidence, high confidence, PWSX, score, TrojanPSW, CLOUD, AGEN, Siggen3, Detected, Malware@#30la03whnx7kr, Barys, ABTrojan, MZHL, MalwareX, Artemis, Floxif, FileInfector, Lustsol, R06EC0DLE24, Gencirc, susgen) | ||
| md5 | b6e5859c20c608bf7e23a9b4f8b3b699 | ||
| sha256 | bd5532a95156e366332a5ad57c97ca65a57816e702d3bf1216d4e09b899f3075 | ||
| ssdeep | 98304:MUnvs+Q1S4tPjBjz7eO9C8LJ/INWoDBk:pPoljfT/J8 | ||
| imphash | 2cf92bf8d9707fcbea09d995433c19b6 | ||
| impfuzzy | 192:fHNtodbLI5WrFWKsYazafcWVZcIDvIhST:fttoNI5OFzsYEQlvXT | ||
Network IP location
Signature (18cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Creates a suspicious Powershell process |
| watch | Executes one or more WMI queries |
| watch | Harvests credentials from local email clients |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (5cnts) ?
Suricata ids
ET HUNTING Telegram API Domain in DNS Lookup
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
ntdll.dll
0x75a3b8 NtCancelIoFileEx
0x75a3bc NtCreateFile
0x75a3c0 NtWriteFile
0x75a3c4 NtReadFile
0x75a3c8 RtlNtStatusToDosError
0x75a3cc NtDeviceIoControlFile
0x75a3d0 RtlCaptureContext
0x75a3d4 RtlUnwind
kernel32.dll
0x75a16c GetFileInformationByHandle
0x75a170 FlushFileBuffers
0x75a174 WakeConditionVariable
0x75a178 SleepConditionVariableSRW
0x75a17c GetModuleHandleA
0x75a180 GetProcAddress
0x75a184 GetCurrentThread
0x75a188 InitOnceBeginInitialize
0x75a18c TlsAlloc
0x75a190 InitOnceComplete
0x75a194 TlsFree
0x75a198 GetStdHandle
0x75a19c GetConsoleMode
0x75a1a0 MultiByteToWideChar
0x75a1a4 WriteConsoleW
0x75a1a8 CreateWaitableTimerExW
0x75a1ac SetWaitableTimer
0x75a1b0 Sleep
0x75a1b4 QueryPerformanceCounter
0x75a1b8 QueryPerformanceFrequency
0x75a1bc GetModuleHandleW
0x75a1c0 FormatMessageW
0x75a1c4 WaitForSingleObjectEx
0x75a1c8 WakeAllConditionVariable
0x75a1cc GetCurrentProcess
0x75a1d0 GetCurrentProcessId
0x75a1d4 CreateMutexA
0x75a1d8 ReleaseMutex
0x75a1dc GetEnvironmentVariableW
0x75a1e0 GetTempPathW
0x75a1e4 GetFileInformationByHandleEx
0x75a1e8 GetFullPathNameW
0x75a1ec SetFilePointerEx
0x75a1f0 FindNextFileW
0x75a1f4 CreateDirectoryW
0x75a1f8 FindFirstFileW
0x75a1fc FindClose
0x75a200 SetThreadStackGuarantee
0x75a204 SetFileCompletionNotificationModes
0x75a208 CreateIoCompletionPort
0x75a20c TryAcquireSRWLockExclusive
0x75a210 SetHandleInformation
0x75a214 GetEnvironmentStringsW
0x75a218 FreeEnvironmentStringsW
0x75a21c CompareStringOrdinal
0x75a220 GetSystemDirectoryW
0x75a224 GetWindowsDirectoryW
0x75a228 CreateProcessW
0x75a22c GetFileAttributesW
0x75a230 DuplicateHandle
0x75a234 InitializeProcThreadAttributeList
0x75a238 UpdateProcThreadAttribute
0x75a23c DeleteProcThreadAttributeList
0x75a240 CreateNamedPipeW
0x75a244 AddVectoredExceptionHandler
0x75a248 ReadFileEx
0x75a24c SleepEx
0x75a250 RaiseException
0x75a254 WaitForMultipleObjects
0x75a258 GetOverlappedResult
0x75a25c CreateEventW
0x75a260 CancelIo
0x75a264 ReadFile
0x75a268 ExitProcess
0x75a26c GetSystemTimeAsFileTime
0x75a270 GetCurrentDirectoryW
0x75a274 AcquireSRWLockShared
0x75a278 ReleaseSRWLockShared
0x75a27c DeleteFileW
0x75a280 CopyFileExW
0x75a284 PostQueuedCompletionStatus
0x75a288 GetQueuedCompletionStatusEx
0x75a28c UnhandledExceptionFilter
0x75a290 GetLastError
0x75a294 GetFinalPathNameByHandleW
0x75a298 SetLastError
0x75a29c GetSystemInfo
0x75a2a0 SetUnhandledExceptionFilter
0x75a2a4 TerminateProcess
0x75a2a8 IsProcessorFeaturePresent
0x75a2ac ReleaseSRWLockExclusive
0x75a2b0 AcquireSRWLockExclusive
0x75a2b4 GetTickCount
0x75a2b8 MapViewOfFile
0x75a2bc CreateFileMappingW
0x75a2c0 FormatMessageA
0x75a2c4 GetSystemTime
0x75a2c8 WideCharToMultiByte
0x75a2cc FreeLibrary
0x75a2d0 SystemTimeToFileTime
0x75a2d4 GetFileSize
0x75a2d8 LockFileEx
0x75a2dc LocalFree
0x75a2e0 UnlockFile
0x75a2e4 HeapDestroy
0x75a2e8 HeapCompact
0x75a2ec LoadLibraryW
0x75a2f0 DeleteFileA
0x75a2f4 CreateFileA
0x75a2f8 FlushViewOfFile
0x75a2fc OutputDebugStringW
0x75a300 GetFileAttributesExW
0x75a304 GetFileAttributesA
0x75a308 GetDiskFreeSpaceA
0x75a30c GetTempPathA
0x75a310 HeapSize
0x75a314 HeapValidate
0x75a318 UnmapViewOfFile
0x75a31c CreateMutexW
0x75a320 UnlockFileEx
0x75a324 SetEndOfFile
0x75a328 GetFullPathNameA
0x75a32c SetFilePointer
0x75a330 LockFile
0x75a334 OutputDebugStringA
0x75a338 GetDiskFreeSpaceW
0x75a33c WriteFile
0x75a340 HeapCreate
0x75a344 AreFileApisANSI
0x75a348 InitializeCriticalSection
0x75a34c EnterCriticalSection
0x75a350 LeaveCriticalSection
0x75a354 TryEnterCriticalSection
0x75a358 DeleteCriticalSection
0x75a35c GetCurrentThreadId
0x75a360 SwitchToThread
0x75a364 SetFileInformationByHandle
0x75a368 GetModuleFileNameW
0x75a36c GetExitCodeProcess
0x75a370 CreateFileW
0x75a374 WaitForSingleObject
0x75a378 InitializeSListHead
0x75a37c TlsGetValue
0x75a380 TlsSetValue
0x75a384 GetProcessHeap
0x75a388 CreateThread
0x75a38c HeapAlloc
0x75a390 HeapReAlloc
0x75a394 CloseHandle
0x75a398 HeapFree
0x75a39c IsDebuggerPresent
0x75a3a0 EncodePointer
0x75a3a4 InitializeCriticalSectionAndSpinCount
0x75a3a8 LoadLibraryExW
0x75a3ac LoadLibraryA
0x75a3b0 WriteFileEx
user32.dll
0x75a450 EnumDisplayMonitors
0x75a454 EnumDisplaySettingsExW
0x75a458 GetMonitorInfoW
ws2_32.dll
0x75a460 select
0x75a464 setsockopt
0x75a468 getaddrinfo
0x75a46c WSASocketW
0x75a470 freeaddrinfo
0x75a474 getsockopt
0x75a478 WSASend
0x75a47c accept
0x75a480 closesocket
0x75a484 ioctlsocket
0x75a488 WSAStartup
0x75a48c socket
0x75a490 getsockname
0x75a494 WSAGetLastError
0x75a498 getpeername
0x75a49c connect
0x75a4a0 WSACleanup
0x75a4a4 recv
0x75a4a8 shutdown
0x75a4ac send
0x75a4b0 WSAIoctl
0x75a4b4 ind
0x75a4b8 listen
crypt.dll
0x75a100 BCryptGenRandom
advapi32.dll
0x75a000 RegCloseKey
0x75a004 AllocateAndInitializeSid
0x75a008 RegOpenKeyExW
0x75a00c SystemFunction036
0x75a010 FreeSid
0x75a014 CheckTokenMembership
0x75a018 RegQueryValueExW
crypt32.dll
0x75a108 CryptUnprotectData
0x75a10c CertEnumCertificatesInStore
0x75a110 CertVerifyCertificateChainPolicy
0x75a114 CertFreeCertificateChain
0x75a118 CertDuplicateCertificateChain
0x75a11c CertGetCertificateChain
0x75a120 CertFreeCertificateContext
0x75a124 CertCloseStore
0x75a128 CertDuplicateCertificateContext
0x75a12c CertOpenStore
0x75a130 CertDuplicateStore
0x75a134 CertAddCertificateContextToStore
secur32.dll
0x75a424 ApplyControlToken
0x75a428 AcquireCredentialsHandleA
0x75a42c QueryContextAttributesW
0x75a430 FreeCredentialsHandle
0x75a434 AcceptSecurityContext
0x75a438 DeleteSecurityContext
0x75a43c FreeContextBuffer
0x75a440 InitializeSecurityContextW
0x75a444 EncryptMessage
0x75a448 DecryptMessage
oleaut32.dll
0x75a3f0 SysFreeString
0x75a3f4 SafeArrayAccessData
0x75a3f8 SafeArrayGetUBound
0x75a3fc SafeArrayGetLBound
0x75a400 SafeArrayDestroy
0x75a404 SafeArrayUnaccessData
0x75a408 SysAllocStringLen
0x75a40c VariantClear
rstrtmgr.dll
0x75a414 RmStartSession
0x75a418 RmGetList
0x75a41c RmRegisterResources
ole32.dll
0x75a3dc CoInitializeEx
0x75a3e0 CoSetProxyBlanket
0x75a3e4 CoCreateInstance
0x75a3e8 CoInitializeSecurity
gdi32.dll
0x75a13c SetStretchBltMode
0x75a140 StretchBlt
0x75a144 GetDIBits
0x75a148 GetObjectW
0x75a14c DeleteObject
0x75a150 CreateCompatibleDC
0x75a154 DeleteDC
0x75a158 GetDeviceCaps
0x75a15c CreateDCW
0x75a160 SelectObject
0x75a164 CreateCompatibleBitmap
api-ms-win-crt-string-l1-1-0.dll
0x75a0d0 strcpy_s
0x75a0d4 strlen
0x75a0d8 strcmp
0x75a0dc strcspn
0x75a0e0 strncmp
0x75a0e4 wcsncmp
api-ms-win-crt-math-l1-1-0.dll
0x75a044 _dclass
0x75a048 log
0x75a04c ceil
0x75a050 pow
0x75a054 exp2f
0x75a058 __setusermatherr
0x75a05c roundf
0x75a060 truncf
api-ms-win-crt-heap-l1-1-0.dll
0x75a020 malloc
0x75a024 realloc
0x75a028 _msize
0x75a02c _set_new_mode
0x75a030 free
0x75a034 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x75a0f4 qsort
0x75a0f8 _rotl64
api-ms-win-crt-time-l1-1-0.dll
0x75a0ec _localtime64_s
api-ms-win-crt-runtime-l1-1-0.dll
0x75a068 _initterm
0x75a06c _crt_atexit
0x75a070 _initterm_e
0x75a074 exit
0x75a078 _configure_narrow_argv
0x75a07c _controlfp_s
0x75a080 _set_app_type
0x75a084 abort
0x75a088 __p___argc
0x75a08c _seh_filter_exe
0x75a090 _endthreadex
0x75a094 __p___argv
0x75a098 _cexit
0x75a09c _beginthreadex
0x75a0a0 _register_onexit_function
0x75a0a4 _c_exit
0x75a0a8 _register_thread_local_exe_atexit_callback
0x75a0ac terminate
0x75a0b0 _get_initial_narrow_environment
0x75a0b4 _initialize_onexit_table
0x75a0b8 _exit
0x75a0bc _initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x75a0c4 __p__commode
0x75a0c8 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x75a03c _configthreadlocale
EAT(Export Address Table) is none
ntdll.dll
0x75a3b8 NtCancelIoFileEx
0x75a3bc NtCreateFile
0x75a3c0 NtWriteFile
0x75a3c4 NtReadFile
0x75a3c8 RtlNtStatusToDosError
0x75a3cc NtDeviceIoControlFile
0x75a3d0 RtlCaptureContext
0x75a3d4 RtlUnwind
kernel32.dll
0x75a16c GetFileInformationByHandle
0x75a170 FlushFileBuffers
0x75a174 WakeConditionVariable
0x75a178 SleepConditionVariableSRW
0x75a17c GetModuleHandleA
0x75a180 GetProcAddress
0x75a184 GetCurrentThread
0x75a188 InitOnceBeginInitialize
0x75a18c TlsAlloc
0x75a190 InitOnceComplete
0x75a194 TlsFree
0x75a198 GetStdHandle
0x75a19c GetConsoleMode
0x75a1a0 MultiByteToWideChar
0x75a1a4 WriteConsoleW
0x75a1a8 CreateWaitableTimerExW
0x75a1ac SetWaitableTimer
0x75a1b0 Sleep
0x75a1b4 QueryPerformanceCounter
0x75a1b8 QueryPerformanceFrequency
0x75a1bc GetModuleHandleW
0x75a1c0 FormatMessageW
0x75a1c4 WaitForSingleObjectEx
0x75a1c8 WakeAllConditionVariable
0x75a1cc GetCurrentProcess
0x75a1d0 GetCurrentProcessId
0x75a1d4 CreateMutexA
0x75a1d8 ReleaseMutex
0x75a1dc GetEnvironmentVariableW
0x75a1e0 GetTempPathW
0x75a1e4 GetFileInformationByHandleEx
0x75a1e8 GetFullPathNameW
0x75a1ec SetFilePointerEx
0x75a1f0 FindNextFileW
0x75a1f4 CreateDirectoryW
0x75a1f8 FindFirstFileW
0x75a1fc FindClose
0x75a200 SetThreadStackGuarantee
0x75a204 SetFileCompletionNotificationModes
0x75a208 CreateIoCompletionPort
0x75a20c TryAcquireSRWLockExclusive
0x75a210 SetHandleInformation
0x75a214 GetEnvironmentStringsW
0x75a218 FreeEnvironmentStringsW
0x75a21c CompareStringOrdinal
0x75a220 GetSystemDirectoryW
0x75a224 GetWindowsDirectoryW
0x75a228 CreateProcessW
0x75a22c GetFileAttributesW
0x75a230 DuplicateHandle
0x75a234 InitializeProcThreadAttributeList
0x75a238 UpdateProcThreadAttribute
0x75a23c DeleteProcThreadAttributeList
0x75a240 CreateNamedPipeW
0x75a244 AddVectoredExceptionHandler
0x75a248 ReadFileEx
0x75a24c SleepEx
0x75a250 RaiseException
0x75a254 WaitForMultipleObjects
0x75a258 GetOverlappedResult
0x75a25c CreateEventW
0x75a260 CancelIo
0x75a264 ReadFile
0x75a268 ExitProcess
0x75a26c GetSystemTimeAsFileTime
0x75a270 GetCurrentDirectoryW
0x75a274 AcquireSRWLockShared
0x75a278 ReleaseSRWLockShared
0x75a27c DeleteFileW
0x75a280 CopyFileExW
0x75a284 PostQueuedCompletionStatus
0x75a288 GetQueuedCompletionStatusEx
0x75a28c UnhandledExceptionFilter
0x75a290 GetLastError
0x75a294 GetFinalPathNameByHandleW
0x75a298 SetLastError
0x75a29c GetSystemInfo
0x75a2a0 SetUnhandledExceptionFilter
0x75a2a4 TerminateProcess
0x75a2a8 IsProcessorFeaturePresent
0x75a2ac ReleaseSRWLockExclusive
0x75a2b0 AcquireSRWLockExclusive
0x75a2b4 GetTickCount
0x75a2b8 MapViewOfFile
0x75a2bc CreateFileMappingW
0x75a2c0 FormatMessageA
0x75a2c4 GetSystemTime
0x75a2c8 WideCharToMultiByte
0x75a2cc FreeLibrary
0x75a2d0 SystemTimeToFileTime
0x75a2d4 GetFileSize
0x75a2d8 LockFileEx
0x75a2dc LocalFree
0x75a2e0 UnlockFile
0x75a2e4 HeapDestroy
0x75a2e8 HeapCompact
0x75a2ec LoadLibraryW
0x75a2f0 DeleteFileA
0x75a2f4 CreateFileA
0x75a2f8 FlushViewOfFile
0x75a2fc OutputDebugStringW
0x75a300 GetFileAttributesExW
0x75a304 GetFileAttributesA
0x75a308 GetDiskFreeSpaceA
0x75a30c GetTempPathA
0x75a310 HeapSize
0x75a314 HeapValidate
0x75a318 UnmapViewOfFile
0x75a31c CreateMutexW
0x75a320 UnlockFileEx
0x75a324 SetEndOfFile
0x75a328 GetFullPathNameA
0x75a32c SetFilePointer
0x75a330 LockFile
0x75a334 OutputDebugStringA
0x75a338 GetDiskFreeSpaceW
0x75a33c WriteFile
0x75a340 HeapCreate
0x75a344 AreFileApisANSI
0x75a348 InitializeCriticalSection
0x75a34c EnterCriticalSection
0x75a350 LeaveCriticalSection
0x75a354 TryEnterCriticalSection
0x75a358 DeleteCriticalSection
0x75a35c GetCurrentThreadId
0x75a360 SwitchToThread
0x75a364 SetFileInformationByHandle
0x75a368 GetModuleFileNameW
0x75a36c GetExitCodeProcess
0x75a370 CreateFileW
0x75a374 WaitForSingleObject
0x75a378 InitializeSListHead
0x75a37c TlsGetValue
0x75a380 TlsSetValue
0x75a384 GetProcessHeap
0x75a388 CreateThread
0x75a38c HeapAlloc
0x75a390 HeapReAlloc
0x75a394 CloseHandle
0x75a398 HeapFree
0x75a39c IsDebuggerPresent
0x75a3a0 EncodePointer
0x75a3a4 InitializeCriticalSectionAndSpinCount
0x75a3a8 LoadLibraryExW
0x75a3ac LoadLibraryA
0x75a3b0 WriteFileEx
user32.dll
0x75a450 EnumDisplayMonitors
0x75a454 EnumDisplaySettingsExW
0x75a458 GetMonitorInfoW
ws2_32.dll
0x75a460 select
0x75a464 setsockopt
0x75a468 getaddrinfo
0x75a46c WSASocketW
0x75a470 freeaddrinfo
0x75a474 getsockopt
0x75a478 WSASend
0x75a47c accept
0x75a480 closesocket
0x75a484 ioctlsocket
0x75a488 WSAStartup
0x75a48c socket
0x75a490 getsockname
0x75a494 WSAGetLastError
0x75a498 getpeername
0x75a49c connect
0x75a4a0 WSACleanup
0x75a4a4 recv
0x75a4a8 shutdown
0x75a4ac send
0x75a4b0 WSAIoctl
0x75a4b4 ind
0x75a4b8 listen
crypt.dll
0x75a100 BCryptGenRandom
advapi32.dll
0x75a000 RegCloseKey
0x75a004 AllocateAndInitializeSid
0x75a008 RegOpenKeyExW
0x75a00c SystemFunction036
0x75a010 FreeSid
0x75a014 CheckTokenMembership
0x75a018 RegQueryValueExW
crypt32.dll
0x75a108 CryptUnprotectData
0x75a10c CertEnumCertificatesInStore
0x75a110 CertVerifyCertificateChainPolicy
0x75a114 CertFreeCertificateChain
0x75a118 CertDuplicateCertificateChain
0x75a11c CertGetCertificateChain
0x75a120 CertFreeCertificateContext
0x75a124 CertCloseStore
0x75a128 CertDuplicateCertificateContext
0x75a12c CertOpenStore
0x75a130 CertDuplicateStore
0x75a134 CertAddCertificateContextToStore
secur32.dll
0x75a424 ApplyControlToken
0x75a428 AcquireCredentialsHandleA
0x75a42c QueryContextAttributesW
0x75a430 FreeCredentialsHandle
0x75a434 AcceptSecurityContext
0x75a438 DeleteSecurityContext
0x75a43c FreeContextBuffer
0x75a440 InitializeSecurityContextW
0x75a444 EncryptMessage
0x75a448 DecryptMessage
oleaut32.dll
0x75a3f0 SysFreeString
0x75a3f4 SafeArrayAccessData
0x75a3f8 SafeArrayGetUBound
0x75a3fc SafeArrayGetLBound
0x75a400 SafeArrayDestroy
0x75a404 SafeArrayUnaccessData
0x75a408 SysAllocStringLen
0x75a40c VariantClear
rstrtmgr.dll
0x75a414 RmStartSession
0x75a418 RmGetList
0x75a41c RmRegisterResources
ole32.dll
0x75a3dc CoInitializeEx
0x75a3e0 CoSetProxyBlanket
0x75a3e4 CoCreateInstance
0x75a3e8 CoInitializeSecurity
gdi32.dll
0x75a13c SetStretchBltMode
0x75a140 StretchBlt
0x75a144 GetDIBits
0x75a148 GetObjectW
0x75a14c DeleteObject
0x75a150 CreateCompatibleDC
0x75a154 DeleteDC
0x75a158 GetDeviceCaps
0x75a15c CreateDCW
0x75a160 SelectObject
0x75a164 CreateCompatibleBitmap
api-ms-win-crt-string-l1-1-0.dll
0x75a0d0 strcpy_s
0x75a0d4 strlen
0x75a0d8 strcmp
0x75a0dc strcspn
0x75a0e0 strncmp
0x75a0e4 wcsncmp
api-ms-win-crt-math-l1-1-0.dll
0x75a044 _dclass
0x75a048 log
0x75a04c ceil
0x75a050 pow
0x75a054 exp2f
0x75a058 __setusermatherr
0x75a05c roundf
0x75a060 truncf
api-ms-win-crt-heap-l1-1-0.dll
0x75a020 malloc
0x75a024 realloc
0x75a028 _msize
0x75a02c _set_new_mode
0x75a030 free
0x75a034 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x75a0f4 qsort
0x75a0f8 _rotl64
api-ms-win-crt-time-l1-1-0.dll
0x75a0ec _localtime64_s
api-ms-win-crt-runtime-l1-1-0.dll
0x75a068 _initterm
0x75a06c _crt_atexit
0x75a070 _initterm_e
0x75a074 exit
0x75a078 _configure_narrow_argv
0x75a07c _controlfp_s
0x75a080 _set_app_type
0x75a084 abort
0x75a088 __p___argc
0x75a08c _seh_filter_exe
0x75a090 _endthreadex
0x75a094 __p___argv
0x75a098 _cexit
0x75a09c _beginthreadex
0x75a0a0 _register_onexit_function
0x75a0a4 _c_exit
0x75a0a8 _register_thread_local_exe_atexit_callback
0x75a0ac terminate
0x75a0b0 _get_initial_narrow_environment
0x75a0b4 _initialize_onexit_table
0x75a0b8 _exit
0x75a0bc _initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0.dll
0x75a0c4 __p__commode
0x75a0c8 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x75a03c _configthreadlocale
EAT(Export Address Table) is none