Static task
static1
Behavioral task
behavioral1
Sample
NEAS.361a496eb2bcaa1826bd78b453327700.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.361a496eb2bcaa1826bd78b453327700.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
NEAS.361a496eb2bcaa1826bd78b453327700.exe
-
Size
6.7MB
-
MD5
361a496eb2bcaa1826bd78b453327700
-
SHA1
7502fd47c0353eb9b62aff953da461066c8233fe
-
SHA256
367b07bb5c2b122ee334bd2b42c7c36d20bfba3fed6c3996c9bc8c2a65e4b1d4
-
SHA512
7f49524d61955fae8986bc7a686ec6f9b6c9a771aa8a668c25d6dd8ca8c955497c8b31b53abd8a04035966957ea71ce1d7477ff51e638ac67728570edc691c11
-
SSDEEP
98304:GlWHkSZVfySXhLAJC1G5cK8Z5aF6fJlF6fJQj08:GGfCE1rKw0AfJlAfJQj5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.361a496eb2bcaa1826bd78b453327700.exe
Files
-
NEAS.361a496eb2bcaa1826bd78b453327700.exe.exe windows:6 windows x86
f375a951c5fc53601a9526630057cd58
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
AreFileApisANSI
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
GetSystemTimeAsFileTime
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
GetEnvironmentVariableA
GetVersionExW
GetComputerNameA
CopyFileW
GetEnvironmentVariableW
SetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
CreateEventW
InitializeCriticalSectionAndSpinCount
ResetEvent
GetLocaleInfoA
SizeofResource
FreeLibrary
LoadLibraryW
CreateEventA
FreeConsole
SetEvent
FormatMessageA
WideCharToMultiByte
LocalFree
FormatMessageW
MultiByteToWideChar
AllocConsole
AttachConsole
WaitForSingleObject
GlobalMemoryStatusEx
GetSystemFirmwareTable
FlushFileBuffers
CreateMutexA
GetTimeZoneInformation
GetExitCodeThread
DeviceIoControl
WaitForMultipleObjects
SetConsoleCtrlHandler
LocalAlloc
WriteFile
ReleaseSemaphore
LoadLibraryExA
SetThreadPriority
RemoveDirectoryW
OpenSemaphoreA
ReadFile
QueryPerformanceCounter
InitializeCriticalSection
CreateThread
GetVersionExA
OpenEventW
OpenSemaphoreW
TerminateThread
CreateSemaphoreW
PurgeComm
DuplicateHandle
WaitForSingleObjectEx
PostQueuedCompletionStatus
TlsAlloc
QueueUserAPC
TlsFree
GetComputerNameExA
SetWaitableTimer
TlsSetValue
GetQueuedCompletionStatus
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
GetTickCount
GetUserDefaultUILanguage
GetLocaleInfoW
GetUserDefaultLCID
InitializeSListHead
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
GetLocalTime
CloseHandle
LoadLibraryA
CreateFileA
GetCurrentProcess
GetProcessHeap
HeapAlloc
SetLastError
HeapFree
ProcessIdToSessionId
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetDynamicTimeZoneInformation
WriteConsoleA
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
Sleep
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
GetSystemInfo
GetLastError
InitializeCriticalSectionEx
CreateDirectoryA
GetModuleFileNameA
GetFileAttributesExW
DeleteFileW
CreateFileW
FindClose
QueryPerformanceFrequency
WaitForMultipleObjectsEx
OpenEventA
GetModuleHandleA
MoveFileExW
FindFirstFileW
CreateSemaphoreA
FindNextFileW
CreateWaitableTimerA
GetModuleHandleExW
GetFileType
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
GetModuleFileNameW
GetCurrentDirectoryW
user32
ReleaseDC
SetForegroundWindow
UpdateWindow
EnableMenuItem
GetDesktopWindow
PostQuitMessage
SetWindowLongW
ShowWindow
wsprintfW
LoadIconW
TranslateMessage
TranslateAcceleratorW
BringWindowToTop
MoveWindow
SetMenuDefaultItem
GetCursorPos
LoadCursorW
GetSystemMetrics
UnregisterClassW
EnumDisplayMonitors
DestroyWindow
GetClassInfoW
RegisterClassW
UnregisterDeviceNotification
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
FindWindowA
RegisterDeviceNotificationW
FindWindowW
GetKeyboardLayout
GetWindowLongW
GetMessageW
DefWindowProcW
GetKeyState
LoadMenuW
PostMessageW
GetDC
MonitorFromWindow
CreateWindowExW
SendMessageW
RegisterClassExW
LoadAcceleratorsW
TrackPopupMenu
GetSubMenu
DispatchMessageW
GetMonitorInfoW
gdi32
GetDeviceCaps
advapi32
CreateServiceW
OpenSCManagerA
StartServiceA
OpenServiceA
GetUserNameW
SetNamedSecurityInfoA
CryptGenRandom
CryptAcquireContextW
LookupAccountNameW
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
RegOpenKeyExW
ControlService
CloseServiceHandle
ChangeServiceConfigW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
shell32
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
ole32
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoTaskMemFree
ws2_32
WSAPoll
sendto
recvfrom
htonl
getsockopt
WSAGetLastError
recv
inet_addr
send
WSAStartup
WSAStringToAddressW
WSASetLastError
WSACleanup
getpeername
WSAAddressToStringW
ntohs
socket
getsockname
closesocket
accept
bind
connect
shutdown
inet_pton
setsockopt
ioctlsocket
freeaddrinfo
htons
WSARecvFrom
getaddrinfo
WSASocketW
WSASendTo
ntohl
WSASend
WSAIoctl
listen
getservbyname
libp11
PKCS11_CTX_unload
PKCS11_is_logged_in
PKCS11_CTX_new
PKCS11_login
PKCS11_CTX_free
PKCS11_open_session
PKCS11_logout
PKCS11_get_private_key
PKCS11_find_key
PKCS11_enumerate_slots
PKCS11_enumerate_certs
PKCS11_CTX_load
hid
HidP_GetCaps
HidD_GetAttributes
HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetHidGuid
setupapi
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Thrd_detach
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_XGetLastError@std@@YAXXZ
?classic@locale@std@@SAABV12@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
_Thrd_sleep
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Random_device@std@@YAIXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?exceptions@ios_base@std@@QAEXH@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
_Cnd_destroy_in_situ
_Thrd_join
_Xtime_get_ticks
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_timedwait
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Mtx_current_owns
_Cnd_signal
_Query_perf_counter
_Query_perf_frequency
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
shlwapi
StrCmpIW
comctl32
ord17
iphlpapi
GetIfEntry
GetBestInterface
GetAdaptersInfo
vcruntime140
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__std_type_info_name
__RTtypeid
strchr
wcsstr
wcsrchr
_CxxThrowException
memcpy
memmove
memset
memchr
__std_type_info_compare
__RTDynamicCast
strstr
__current_exception
__current_exception_context
_except_handler4_common
strrchr
api-ms-win-crt-stdio-l1-1-0
_setmode
setvbuf
ungetc
__stdio_common_vswprintf_s
fsetpos
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsscanf
ftell
fgetc
fflush
_wfopen
fgetpos
__p__commode
fread
fputc
_filelength
__stdio_common_vswprintf
__stdio_common_vsnprintf_s
__acrt_iob_func
_fileno
_wfopen_s
feof
ferror
fgets
fclose
fseek
__stdio_common_vsprintf_s
_wfreopen_s
fopen
__stdio_common_vsprintf
fwrite
_wfsopen
_set_fmode
fputs
__stdio_common_vfprintf
api-ms-win-crt-heap-l1-1-0
free
_callnewh
malloc
realloc
_set_new_mode
calloc
api-ms-win-crt-string-l1-1-0
strncpy_s
isdigit
toupper
_stricmp
_strnicmp
strcspn
isspace
strspn
wcsncmp
wcsncpy_s
_wcsicmp
strcmp
strncmp
towlower
_wcsdup
wcscat_s
strncat
strcpy_s
wcscpy_s
tolower
strncpy
strcat_s
_strdup
api-ms-win-crt-convert-l1-1-0
strtod
strtoul
strtol
atoll
wcstol
strtoull
atoi
strtoll
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-runtime-l1-1-0
abort
_seh_filter_exe
terminate
_initialize_onexit_table
strerror
_controlfp_s
raise
_set_app_type
_register_onexit_function
_register_thread_local_exe_atexit_callback
strerror_s
_invalid_parameter_noinfo
system
exit
_invalid_parameter_noinfo_noreturn
_beginthreadex
_c_exit
_errno
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_crt_atexit
_exit
_cexit
__p___wargv
__p___argc
signal
api-ms-win-crt-filesystem-l1-1-0
_stat64i32
_waccess_s
_access_s
_unlock_file
_lock_file
_wrename
_wremove
api-ms-win-crt-math-l1-1-0
_ldclass
__setusermatherr
_dsign
floor
_dclass
_ldsign
ceil
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_localtime64
_localtime64_s
strftime
_time64
_mktime64
api-ms-win-crt-conio-l1-1-0
_getch
api-ms-win-crt-utility-l1-1-0
rand
srand
qsort
api-ms-win-crt-environment-l1-1-0
getenv
_wdupenv_s
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
bcrypt
BCryptGenRandom
crypt32
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
d3d9
Direct3DCreate9
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 807KB - Virtual size: 806KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 174KB - Virtual size: 803KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 161KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
E��(�u� Size: 57KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
�$�(�u� Size: 37KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE