ScreenShot
| Created | 2025.05.01 09:59 | Machine | s1_win7_x6403 |
| Filename | SoftwareUpdate | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (GenericS, Unsafe, Vgix, Attribute, HighConfidence, malicious, high confidence, Lumma, bzfqa, DwnLd, Detected, LummaStealer, ABTrojan, ANTH, Artemis, Chgt, PossibleThreat) | ||
| md5 | 61a5c86e1bb2a7c290deb921c4a93053 | ||
| sha256 | a7bfbe2035e4d7247796bbd64435c16c3e79b0ac5ce2fd7ea2368ed390f8bbd4 | ||
| ssdeep | 24576:n7LpZrGn9TQvn7LpZrGn9TQvG7LpZrGn9TQvW7LpZrGn9TQvD7LpZrGn9TQv:nmn9TQPmn9TQemn9TQOmn9TQ7mn9TQ | ||
| imphash | 994f18cb9978574a2203372470f204bc | ||
| impfuzzy | 192:au9N69EC9ldhUAAOstFm8/+3CvmD+bGUHHDmuChEh:/D8fVs9+3CvmDyDmuC+h | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcp_win.dll
0x43c4f0 ?_Xlength_error@std@@YAXPBD@Z
0x43c4f4 ?_Xbad_function_call@std@@YAXXZ
0x43c4f8 ?_Xout_of_range@std@@YAXPBD@Z
api-ms-win-crt-runtime-l1-1-0.dll
0x43c418 _initterm_e
0x43c41c _c_exit
0x43c420 _register_thread_local_exe_atexit_callback
0x43c424 _set_error_mode
0x43c428 _initterm
api-ms-win-crt-string-l1-1-0.dll
0x43c430 wcsncmp
0x43c434 memset
api-ms-win-crt-private-l1-1-0.dll
0x43c344 _o__initialize_onexit_table
0x43c348 _o__initialize_wide_environment
0x43c34c _o__invalid_parameter_noinfo
0x43c350 _o__invalid_parameter_noinfo_noreturn
0x43c354 _o__itow
0x43c358 _o__itow_s
0x43c35c _o__purecall
0x43c360 _o__recalloc
0x43c364 _o__register_onexit_function
0x43c368 _o__seh_filter_exe
0x43c36c _o__set_app_type
0x43c370 _o__set_fmode
0x43c374 _o__set_new_mode
0x43c378 memmove
0x43c37c _o__wcsnicmp
0x43c380 _o__wtoi
0x43c384 _o__wtol
0x43c388 _o_exit
0x43c38c _o_free
0x43c390 _o_iswspace
0x43c394 _o_malloc
0x43c398 _o_realloc
0x43c39c _o_strerror
0x43c3a0 _o_terminate
0x43c3a4 _o_wcsncpy_s
0x43c3a8 _except_handler4_common
0x43c3ac __current_exception
0x43c3b0 __current_exception_context
0x43c3b4 _CxxThrowException
0x43c3b8 _o__get_initial_wide_environment
0x43c3bc _o__cexit
0x43c3c0 _o__callnewh
0x43c3c4 _o__errno
0x43c3c8 _o___stdio_common_vswprintf
0x43c3cc _o___stdio_common_vsnwprintf_s
0x43c3d0 _o___stdio_common_vsnprintf_s
0x43c3d4 _o___std_exception_destroy
0x43c3d8 _o___std_exception_copy
0x43c3dc _o__crt_atexit
0x43c3e0 _o___p__commode
0x43c3e4 _o___p___wargv
0x43c3e8 _o___p___argc
0x43c3ec _o__controlfp_s
0x43c3f0 _o__configure_wide_argv
0x43c3f4 _o__configthreadlocale
0x43c3f8 _o__exit
0x43c3fc __std_terminate
0x43c400 wcschr
0x43c404 __CxxFrameHandler3
0x43c408 memcmp
0x43c40c memcpy
0x43c410 _o__wcsicmp
api-ms-win-eventing-provider-l1-1-0.dll
0x43c43c EventActivityIdControl
0x43c440 EventWriteTransfer
0x43c444 EventRegister
0x43c448 EventUnregister
0x43c44c EventSetInformation
0x43c450 EventEnabled
api-ms-win-security-base-l1-1-0.dll
0x43c458 MakeAbsoluteSD
0x43c45c GetSidLengthRequired
0x43c460 InitializeSid
0x43c464 GetSidSubAuthority
0x43c468 SetSecurityDescriptorDacl
0x43c46c AdjustTokenPrivileges
0x43c470 RevertToSelf
0x43c474 GetAclInformation
0x43c478 DeleteAce
0x43c47c EqualPrefixSid
0x43c480 SetSecurityDescriptorOwner
0x43c484 GetAce
0x43c488 CreateWellKnownSid
0x43c48c GetTokenInformation
0x43c490 SetSecurityDescriptorGroup
0x43c494 MakeSelfRelativeSD
0x43c498 AddAccessAllowedAce
0x43c49c CopySid
0x43c4a0 GetSecurityDescriptorLength
0x43c4a4 GetLengthSid
0x43c4a8 InitializeAcl
0x43c4ac ImpersonateLoggedOnUser
0x43c4b0 IsValidSid
0x43c4b4 AddAce
0x43c4b8 SetSecurityDescriptorSacl
0x43c4bc InitializeSecurityDescriptor
OLEAUT32.dll
0x43c000 GetErrorInfo
0x43c004 VarUI4FromStr
0x43c008 CreateErrorInfo
0x43c00c SysFreeString
0x43c010 SysStringLen
0x43c014 SetErrorInfo
0x43c018 SysAllocString
api-ms-win-core-libraryloader-l1-2-0.dll
0x43c124 LoadResource
0x43c128 FindResourceExW
0x43c12c GetModuleHandleW
0x43c130 LoadStringW
0x43c134 GetModuleFileNameA
0x43c138 GetModuleHandleExA
0x43c13c GetModuleFileNameW
0x43c140 SizeofResource
0x43c144 LoadLibraryExW
0x43c148 GetModuleHandleExW
0x43c14c GetModuleHandleA
0x43c150 FreeLibrary
0x43c154 GetProcAddress
api-ms-win-core-windowserrorreporting-l1-1-0.dll
0x43c324 WerSetFlags
api-ms-win-core-errorhandling-l1-1-1.dll
0x43c0b0 AddVectoredExceptionHandler
0x43c0b4 RemoveVectoredExceptionHandler
api-ms-win-security-lsalookup-l2-1-0.dll
0x43c4c4 LookupAccountSidW
0x43c4c8 LookupAccountNameW
0x43c4cc LookupPrivilegeValueW
api-ms-win-core-com-l1-1-0.dll
0x43c030 CoCreateFreeThreadedMarshaler
0x43c034 PropVariantCopy
0x43c038 CoTaskMemAlloc
0x43c03c StringFromCLSID
0x43c040 CoUninitialize
0x43c044 PropVariantClear
0x43c048 CLSIDFromProgID
0x43c04c CoCreateInstance
0x43c050 CLSIDFromString
0x43c054 CoInitializeSecurity
0x43c058 CoTaskMemFree
0x43c05c CoDisconnectObject
0x43c060 CoTaskMemRealloc
0x43c064 CoInitializeEx
api-ms-win-core-synch-l1-2-0.dll
0x43c2d8 Sleep
0x43c2dc InitOnceComplete
0x43c2e0 InitOnceExecuteOnce
0x43c2e4 InitOnceBeginInitialize
api-ms-win-core-registry-l1-1-0.dll
0x43c210 RegEnumKeyExW
0x43c214 RegQueryValueExW
0x43c218 RegCreateKeyExW
0x43c21c RegCloseKey
0x43c220 RegDeleteKeyExW
0x43c224 RegOpenKeyExW
0x43c228 RegEnumValueW
0x43c22c RegDeleteValueW
0x43c230 RegGetValueW
0x43c234 RegQueryInfoKeyW
0x43c238 RegSetValueExW
api-ms-win-core-string-l1-1-0.dll
0x43c248 CompareStringW
0x43c24c WideCharToMultiByte
0x43c250 CompareStringOrdinal
0x43c254 MultiByteToWideChar
api-ms-win-core-localization-l1-2-0.dll
0x43c164 GetLocaleInfoW
0x43c168 ResolveLocaleName
0x43c16c GetSystemDefaultLCID
0x43c170 GetLocaleInfoEx
0x43c174 FormatMessageW
0x43c178 LCMapStringW
0x43c17c LocaleNameToLCID
api-ms-win-core-synch-l1-1-0.dll
0x43c26c ResetEvent
0x43c270 InitializeSRWLock
0x43c274 CreateEventExW
0x43c278 ReleaseSemaphore
0x43c27c CreateEventW
0x43c280 InitializeCriticalSectionAndSpinCount
0x43c284 EnterCriticalSection
0x43c288 CreateSemaphoreExW
0x43c28c ReleaseMutex
0x43c290 CreateWaitableTimerExW
0x43c294 SetWaitableTimerEx
0x43c298 DeleteCriticalSection
0x43c29c AcquireSRWLockShared
0x43c2a0 LeaveCriticalSection
0x43c2a4 CreateMutexExW
0x43c2a8 InitializeCriticalSection
0x43c2ac InitializeCriticalSectionEx
0x43c2b0 ReleaseSRWLockShared
0x43c2b4 WaitForSingleObject
0x43c2b8 OpenSemaphoreW
0x43c2bc WaitForSingleObjectEx
0x43c2c0 ReleaseSRWLockExclusive
0x43c2c4 AcquireSRWLockExclusive
0x43c2c8 SetEvent
0x43c2cc TryAcquireSRWLockExclusive
0x43c2d0 OpenEventW
api-ms-win-core-heap-l1-1-0.dll
0x43c0fc GetProcessHeap
0x43c100 HeapAlloc
0x43c104 HeapSetInformation
0x43c108 HeapFree
api-ms-win-core-errorhandling-l1-1-0.dll
0x43c094 SetUnhandledExceptionFilter
0x43c098 SetErrorMode
0x43c09c SetLastError
0x43c0a0 RaiseException
0x43c0a4 GetLastError
0x43c0a8 UnhandledExceptionFilter
api-ms-win-core-rtlsupport-l1-1-0.dll
0x43c240 RtlCaptureContext
api-ms-win-core-handle-l1-1-0.dll
0x43c0ec DuplicateHandle
0x43c0f0 GetHandleInformation
0x43c0f4 CloseHandle
api-ms-win-core-processthreads-l1-1-0.dll
0x43c1c0 GetCurrentThreadId
0x43c1c4 GetCurrentProcess
0x43c1c8 SetPriorityClass
0x43c1cc CreateThread
0x43c1d0 GetCurrentProcessId
0x43c1d4 TerminateProcess
0x43c1d8 OpenThreadToken
0x43c1dc GetCurrentThread
0x43c1e0 GetProcessTimes
0x43c1e4 OpenProcessToken
api-ms-win-core-processthreads-l1-1-3.dll
0x43c1fc SetThreadDescription
0x43c200 SetProcessInformation
api-ms-win-security-sddl-l1-1-0.dll
0x43c4d4 ConvertStringSidToSidW
0x43c4d8 ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-synch-l1-2-1.dll
0x43c2ec WaitForMultipleObjects
api-ms-win-core-threadpool-l1-2-0.dll
0x43c304 CreateThreadpoolTimer
0x43c308 WaitForThreadpoolTimerCallbacks
0x43c30c SetThreadpoolTimer
0x43c310 CloseThreadpoolTimer
api-ms-win-core-string-l2-1-0.dll
0x43c25c CharNextW
api-ms-win-core-memory-l1-1-0.dll
0x43c198 MapViewOfFile
0x43c19c UnmapViewOfFile
0x43c1a0 CreateFileMappingW
0x43c1a4 OpenFileMappingW
0x43c1a8 ReadProcessMemory
0x43c1ac WriteProcessMemory
api-ms-win-shell-namespace-l1-1-0.dll
0x43c4e0 SHCreateItemFromIDList
0x43c4e4 SHParseDisplayName
0x43c4e8 ILFree
ntdll.dll
0x43c500 RtlGetPersistedStateLocation
0x43c504 RtlNtStatusToDosError
0x43c508 NtCreateSection
0x43c50c RtlAppendUnicodeToString
0x43c510 NtMapViewOfSection
0x43c514 RtlAppendUnicodeStringToString
0x43c518 NtQueryInformationProcess
0x43c51c NtClose
0x43c520 RtlStringFromGUIDEx
0x43c524 NtCreateFile
0x43c528 RtlIsStateSeparationEnabled
0x43c52c NtCreateCrossVmEvent
0x43c530 RtlFreeUnicodeString
0x43c534 RtlQueryPackageClaims
0x43c538 RtlReportException
api-ms-win-core-processthreads-l1-1-1.dll
0x43c1ec SetProcessMitigationPolicy
0x43c1f0 IsProcessorFeaturePresent
0x43c1f4 GetThreadTimes
api-ms-win-core-debug-l1-1-0.dll
0x43c074 OutputDebugStringW
0x43c078 DebugBreak
0x43c07c IsDebuggerPresent
api-ms-win-core-heap-l2-1-0.dll
0x43c110 LocalAlloc
0x43c114 LocalFree
api-ms-win-core-string-obsolete-l1-1-0.dll
0x43c264 lstrcmpiW
api-ms-win-core-sysinfo-l1-1-0.dll
0x43c2f4 GetVersionExW
0x43c2f8 GetTickCount
0x43c2fc GetSystemTimeAsFileTime
api-ms-win-core-processenvironment-l1-1-0.dll
0x43c1b4 ExpandEnvironmentStringsW
0x43c1b8 SearchPathW
api-ms-win-core-localization-obsolete-l1-2-0.dll
0x43c18c GetUserDefaultUILanguage
0x43c190 GetSystemDefaultUILanguage
api-ms-win-core-profile-l1-1-0.dll
0x43c208 QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0.dll
0x43c11c InitializeSListHead
SHCORE.dll
0x43c020 None
api-ms-win-core-apiquery-l1-1-0.dll
0x43c028 ApiSetQueryApiSetPresence
api-ms-win-core-winrt-l1-1-0.dll
0x43c32c RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
0x43c334 WindowsGetStringRawBuffer
0x43c338 WindowsDeleteString
0x43c33c WindowsCreateStringReference
api-ms-win-core-timezone-l1-1-0.dll
0x43c318 SystemTimeToTzSpecificLocalTime
0x43c31c FileTimeToSystemTime
api-ms-win-core-datetime-l1-1-0.dll
0x43c06c GetTimeFormatW
api-ms-win-core-file-l1-1-0.dll
0x43c0bc GetFileSize
0x43c0c0 UnlockFile
0x43c0c4 LockFile
0x43c0c8 DeleteFileW
0x43c0cc FlushFileBuffers
0x43c0d0 GetFileTime
0x43c0d4 SetEndOfFile
0x43c0d8 SetFilePointer
0x43c0dc WriteFile
0x43c0e0 CreateFileW
0x43c0e4 ReadFile
api-ms-win-core-delayload-l1-1-1.dll
0x43c08c ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x43c084 DelayLoadFailureHook
api-ms-win-core-localization-l1-2-2.dll
0x43c184 LCIDToLocaleName
api-ms-win-core-libraryloader-l1-2-1.dll
0x43c15c LoadLibraryW
EAT(Export Address Table) is none
msvcp_win.dll
0x43c4f0 ?_Xlength_error@std@@YAXPBD@Z
0x43c4f4 ?_Xbad_function_call@std@@YAXXZ
0x43c4f8 ?_Xout_of_range@std@@YAXPBD@Z
api-ms-win-crt-runtime-l1-1-0.dll
0x43c418 _initterm_e
0x43c41c _c_exit
0x43c420 _register_thread_local_exe_atexit_callback
0x43c424 _set_error_mode
0x43c428 _initterm
api-ms-win-crt-string-l1-1-0.dll
0x43c430 wcsncmp
0x43c434 memset
api-ms-win-crt-private-l1-1-0.dll
0x43c344 _o__initialize_onexit_table
0x43c348 _o__initialize_wide_environment
0x43c34c _o__invalid_parameter_noinfo
0x43c350 _o__invalid_parameter_noinfo_noreturn
0x43c354 _o__itow
0x43c358 _o__itow_s
0x43c35c _o__purecall
0x43c360 _o__recalloc
0x43c364 _o__register_onexit_function
0x43c368 _o__seh_filter_exe
0x43c36c _o__set_app_type
0x43c370 _o__set_fmode
0x43c374 _o__set_new_mode
0x43c378 memmove
0x43c37c _o__wcsnicmp
0x43c380 _o__wtoi
0x43c384 _o__wtol
0x43c388 _o_exit
0x43c38c _o_free
0x43c390 _o_iswspace
0x43c394 _o_malloc
0x43c398 _o_realloc
0x43c39c _o_strerror
0x43c3a0 _o_terminate
0x43c3a4 _o_wcsncpy_s
0x43c3a8 _except_handler4_common
0x43c3ac __current_exception
0x43c3b0 __current_exception_context
0x43c3b4 _CxxThrowException
0x43c3b8 _o__get_initial_wide_environment
0x43c3bc _o__cexit
0x43c3c0 _o__callnewh
0x43c3c4 _o__errno
0x43c3c8 _o___stdio_common_vswprintf
0x43c3cc _o___stdio_common_vsnwprintf_s
0x43c3d0 _o___stdio_common_vsnprintf_s
0x43c3d4 _o___std_exception_destroy
0x43c3d8 _o___std_exception_copy
0x43c3dc _o__crt_atexit
0x43c3e0 _o___p__commode
0x43c3e4 _o___p___wargv
0x43c3e8 _o___p___argc
0x43c3ec _o__controlfp_s
0x43c3f0 _o__configure_wide_argv
0x43c3f4 _o__configthreadlocale
0x43c3f8 _o__exit
0x43c3fc __std_terminate
0x43c400 wcschr
0x43c404 __CxxFrameHandler3
0x43c408 memcmp
0x43c40c memcpy
0x43c410 _o__wcsicmp
api-ms-win-eventing-provider-l1-1-0.dll
0x43c43c EventActivityIdControl
0x43c440 EventWriteTransfer
0x43c444 EventRegister
0x43c448 EventUnregister
0x43c44c EventSetInformation
0x43c450 EventEnabled
api-ms-win-security-base-l1-1-0.dll
0x43c458 MakeAbsoluteSD
0x43c45c GetSidLengthRequired
0x43c460 InitializeSid
0x43c464 GetSidSubAuthority
0x43c468 SetSecurityDescriptorDacl
0x43c46c AdjustTokenPrivileges
0x43c470 RevertToSelf
0x43c474 GetAclInformation
0x43c478 DeleteAce
0x43c47c EqualPrefixSid
0x43c480 SetSecurityDescriptorOwner
0x43c484 GetAce
0x43c488 CreateWellKnownSid
0x43c48c GetTokenInformation
0x43c490 SetSecurityDescriptorGroup
0x43c494 MakeSelfRelativeSD
0x43c498 AddAccessAllowedAce
0x43c49c CopySid
0x43c4a0 GetSecurityDescriptorLength
0x43c4a4 GetLengthSid
0x43c4a8 InitializeAcl
0x43c4ac ImpersonateLoggedOnUser
0x43c4b0 IsValidSid
0x43c4b4 AddAce
0x43c4b8 SetSecurityDescriptorSacl
0x43c4bc InitializeSecurityDescriptor
OLEAUT32.dll
0x43c000 GetErrorInfo
0x43c004 VarUI4FromStr
0x43c008 CreateErrorInfo
0x43c00c SysFreeString
0x43c010 SysStringLen
0x43c014 SetErrorInfo
0x43c018 SysAllocString
api-ms-win-core-libraryloader-l1-2-0.dll
0x43c124 LoadResource
0x43c128 FindResourceExW
0x43c12c GetModuleHandleW
0x43c130 LoadStringW
0x43c134 GetModuleFileNameA
0x43c138 GetModuleHandleExA
0x43c13c GetModuleFileNameW
0x43c140 SizeofResource
0x43c144 LoadLibraryExW
0x43c148 GetModuleHandleExW
0x43c14c GetModuleHandleA
0x43c150 FreeLibrary
0x43c154 GetProcAddress
api-ms-win-core-windowserrorreporting-l1-1-0.dll
0x43c324 WerSetFlags
api-ms-win-core-errorhandling-l1-1-1.dll
0x43c0b0 AddVectoredExceptionHandler
0x43c0b4 RemoveVectoredExceptionHandler
api-ms-win-security-lsalookup-l2-1-0.dll
0x43c4c4 LookupAccountSidW
0x43c4c8 LookupAccountNameW
0x43c4cc LookupPrivilegeValueW
api-ms-win-core-com-l1-1-0.dll
0x43c030 CoCreateFreeThreadedMarshaler
0x43c034 PropVariantCopy
0x43c038 CoTaskMemAlloc
0x43c03c StringFromCLSID
0x43c040 CoUninitialize
0x43c044 PropVariantClear
0x43c048 CLSIDFromProgID
0x43c04c CoCreateInstance
0x43c050 CLSIDFromString
0x43c054 CoInitializeSecurity
0x43c058 CoTaskMemFree
0x43c05c CoDisconnectObject
0x43c060 CoTaskMemRealloc
0x43c064 CoInitializeEx
api-ms-win-core-synch-l1-2-0.dll
0x43c2d8 Sleep
0x43c2dc InitOnceComplete
0x43c2e0 InitOnceExecuteOnce
0x43c2e4 InitOnceBeginInitialize
api-ms-win-core-registry-l1-1-0.dll
0x43c210 RegEnumKeyExW
0x43c214 RegQueryValueExW
0x43c218 RegCreateKeyExW
0x43c21c RegCloseKey
0x43c220 RegDeleteKeyExW
0x43c224 RegOpenKeyExW
0x43c228 RegEnumValueW
0x43c22c RegDeleteValueW
0x43c230 RegGetValueW
0x43c234 RegQueryInfoKeyW
0x43c238 RegSetValueExW
api-ms-win-core-string-l1-1-0.dll
0x43c248 CompareStringW
0x43c24c WideCharToMultiByte
0x43c250 CompareStringOrdinal
0x43c254 MultiByteToWideChar
api-ms-win-core-localization-l1-2-0.dll
0x43c164 GetLocaleInfoW
0x43c168 ResolveLocaleName
0x43c16c GetSystemDefaultLCID
0x43c170 GetLocaleInfoEx
0x43c174 FormatMessageW
0x43c178 LCMapStringW
0x43c17c LocaleNameToLCID
api-ms-win-core-synch-l1-1-0.dll
0x43c26c ResetEvent
0x43c270 InitializeSRWLock
0x43c274 CreateEventExW
0x43c278 ReleaseSemaphore
0x43c27c CreateEventW
0x43c280 InitializeCriticalSectionAndSpinCount
0x43c284 EnterCriticalSection
0x43c288 CreateSemaphoreExW
0x43c28c ReleaseMutex
0x43c290 CreateWaitableTimerExW
0x43c294 SetWaitableTimerEx
0x43c298 DeleteCriticalSection
0x43c29c AcquireSRWLockShared
0x43c2a0 LeaveCriticalSection
0x43c2a4 CreateMutexExW
0x43c2a8 InitializeCriticalSection
0x43c2ac InitializeCriticalSectionEx
0x43c2b0 ReleaseSRWLockShared
0x43c2b4 WaitForSingleObject
0x43c2b8 OpenSemaphoreW
0x43c2bc WaitForSingleObjectEx
0x43c2c0 ReleaseSRWLockExclusive
0x43c2c4 AcquireSRWLockExclusive
0x43c2c8 SetEvent
0x43c2cc TryAcquireSRWLockExclusive
0x43c2d0 OpenEventW
api-ms-win-core-heap-l1-1-0.dll
0x43c0fc GetProcessHeap
0x43c100 HeapAlloc
0x43c104 HeapSetInformation
0x43c108 HeapFree
api-ms-win-core-errorhandling-l1-1-0.dll
0x43c094 SetUnhandledExceptionFilter
0x43c098 SetErrorMode
0x43c09c SetLastError
0x43c0a0 RaiseException
0x43c0a4 GetLastError
0x43c0a8 UnhandledExceptionFilter
api-ms-win-core-rtlsupport-l1-1-0.dll
0x43c240 RtlCaptureContext
api-ms-win-core-handle-l1-1-0.dll
0x43c0ec DuplicateHandle
0x43c0f0 GetHandleInformation
0x43c0f4 CloseHandle
api-ms-win-core-processthreads-l1-1-0.dll
0x43c1c0 GetCurrentThreadId
0x43c1c4 GetCurrentProcess
0x43c1c8 SetPriorityClass
0x43c1cc CreateThread
0x43c1d0 GetCurrentProcessId
0x43c1d4 TerminateProcess
0x43c1d8 OpenThreadToken
0x43c1dc GetCurrentThread
0x43c1e0 GetProcessTimes
0x43c1e4 OpenProcessToken
api-ms-win-core-processthreads-l1-1-3.dll
0x43c1fc SetThreadDescription
0x43c200 SetProcessInformation
api-ms-win-security-sddl-l1-1-0.dll
0x43c4d4 ConvertStringSidToSidW
0x43c4d8 ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-synch-l1-2-1.dll
0x43c2ec WaitForMultipleObjects
api-ms-win-core-threadpool-l1-2-0.dll
0x43c304 CreateThreadpoolTimer
0x43c308 WaitForThreadpoolTimerCallbacks
0x43c30c SetThreadpoolTimer
0x43c310 CloseThreadpoolTimer
api-ms-win-core-string-l2-1-0.dll
0x43c25c CharNextW
api-ms-win-core-memory-l1-1-0.dll
0x43c198 MapViewOfFile
0x43c19c UnmapViewOfFile
0x43c1a0 CreateFileMappingW
0x43c1a4 OpenFileMappingW
0x43c1a8 ReadProcessMemory
0x43c1ac WriteProcessMemory
api-ms-win-shell-namespace-l1-1-0.dll
0x43c4e0 SHCreateItemFromIDList
0x43c4e4 SHParseDisplayName
0x43c4e8 ILFree
ntdll.dll
0x43c500 RtlGetPersistedStateLocation
0x43c504 RtlNtStatusToDosError
0x43c508 NtCreateSection
0x43c50c RtlAppendUnicodeToString
0x43c510 NtMapViewOfSection
0x43c514 RtlAppendUnicodeStringToString
0x43c518 NtQueryInformationProcess
0x43c51c NtClose
0x43c520 RtlStringFromGUIDEx
0x43c524 NtCreateFile
0x43c528 RtlIsStateSeparationEnabled
0x43c52c NtCreateCrossVmEvent
0x43c530 RtlFreeUnicodeString
0x43c534 RtlQueryPackageClaims
0x43c538 RtlReportException
api-ms-win-core-processthreads-l1-1-1.dll
0x43c1ec SetProcessMitigationPolicy
0x43c1f0 IsProcessorFeaturePresent
0x43c1f4 GetThreadTimes
api-ms-win-core-debug-l1-1-0.dll
0x43c074 OutputDebugStringW
0x43c078 DebugBreak
0x43c07c IsDebuggerPresent
api-ms-win-core-heap-l2-1-0.dll
0x43c110 LocalAlloc
0x43c114 LocalFree
api-ms-win-core-string-obsolete-l1-1-0.dll
0x43c264 lstrcmpiW
api-ms-win-core-sysinfo-l1-1-0.dll
0x43c2f4 GetVersionExW
0x43c2f8 GetTickCount
0x43c2fc GetSystemTimeAsFileTime
api-ms-win-core-processenvironment-l1-1-0.dll
0x43c1b4 ExpandEnvironmentStringsW
0x43c1b8 SearchPathW
api-ms-win-core-localization-obsolete-l1-2-0.dll
0x43c18c GetUserDefaultUILanguage
0x43c190 GetSystemDefaultUILanguage
api-ms-win-core-profile-l1-1-0.dll
0x43c208 QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0.dll
0x43c11c InitializeSListHead
SHCORE.dll
0x43c020 None
api-ms-win-core-apiquery-l1-1-0.dll
0x43c028 ApiSetQueryApiSetPresence
api-ms-win-core-winrt-l1-1-0.dll
0x43c32c RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
0x43c334 WindowsGetStringRawBuffer
0x43c338 WindowsDeleteString
0x43c33c WindowsCreateStringReference
api-ms-win-core-timezone-l1-1-0.dll
0x43c318 SystemTimeToTzSpecificLocalTime
0x43c31c FileTimeToSystemTime
api-ms-win-core-datetime-l1-1-0.dll
0x43c06c GetTimeFormatW
api-ms-win-core-file-l1-1-0.dll
0x43c0bc GetFileSize
0x43c0c0 UnlockFile
0x43c0c4 LockFile
0x43c0c8 DeleteFileW
0x43c0cc FlushFileBuffers
0x43c0d0 GetFileTime
0x43c0d4 SetEndOfFile
0x43c0d8 SetFilePointer
0x43c0dc WriteFile
0x43c0e0 CreateFileW
0x43c0e4 ReadFile
api-ms-win-core-delayload-l1-1-1.dll
0x43c08c ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x43c084 DelayLoadFailureHook
api-ms-win-core-localization-l1-2-2.dll
0x43c184 LCIDToLocaleName
api-ms-win-core-libraryloader-l1-2-1.dll
0x43c15c LoadLibraryW
EAT(Export Address Table) is none