jhi_service.exe?ex=670d5ac7&is=670c0947&hm=8040a71b6195be0a4bb8815c2b285cadd27cbb211cf3a1979bff35665ba406ab&

First submission 2024-10-14 16:45:01

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	2692.5 KB (2757120 bytes)
Compile time:	2024-06-16 10:43:27
MD5:	cb48a79950590f0987d41cb73dcddf38
SHA1:	2063880164512a3e8951b2afbdf3cacff28ff4ee
SHA256:	666590998dcbe7e07faf9f0fd979c2ded2f53da266be7572ecca07494c41dab3
Import Hash :	8c0bb638471d37b47999c4805855f817
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	51/78 VT report date: 2024-10-14 12:32:50
Malware Type 3	trojan downloader dropper
Threat Type 3	lazy cryptinject r002c0dg724

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1140299281308340345/1279680705324122152/jhi_service.exe?ex=670d5ac7&is=670c0947&hm=8040a71b6195be0a4bb8815c2b285cadd27cbb211cf3a1979bff35665ba406ab&	cdn.discordapp.com	2024-10-14 16:45:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xb3210	734208	e1fa5ffe8d1fadefdae9edd97c5f4082809a0032	abce5d377cb03ffd35606a13c6efe146
.rdata	0xb5000	0x5b1d8	373248	71d183499f0ca10c3aeaa0fb93c940bfd9183acf	9812aecdf1afff10fa2623cce3e69b28
.data	0x111000	0x18bec0	1615872	7b7a81715b3ae3713352f1d9337d20ad5daa9830	5d641341f9d8c34a4b970867db73d851
.pdata	0x29d000	0x7488	30208	e9402840bed6b2b9edc4031e2f84795e84cb649e	fe71f5c0b1834be8500fdb26bf5b941d
.rsrc	0x2a5000	0x1e8	512	11c5d8987f23e6d53f296a1d55fab4265fcf15e9	743435a9b6f8db207af97cfcd855a20d
.reloc	0x2a6000	0x6f0	2048	1ff12843006b4872907f0bc8bd3d5f0d44935a1b	2a155ef24c50b3b85e159b04ffbf052f

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x2a5060	392	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='requireAdministrator' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x2a5060

392

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 10

FindWindowA
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
%s.%s.tmp
Data
*.dat
Library
ADVAPI32.dll
rpcrt4.dll
SHELL32.dll
VCRUNTIME140_1.dll
USER32.dll
api-ms-win-crt-convert-l1-1-0.dll
xinput1_3.dll
KERNEL32.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
secur32.dll
d3dx9_43.dll
WS2_32.dll
WLDAP32.dll
api-ms-win-crt-locale-l1-1-0.dll
xinput1_1.dll
xinput1_4.dll
IPHLPAPI.DLL
d3d9.dll
security.dll
api-ms-win-crt-string-l1-1-0.dll
PSAPI.DLL
xinput9_1_0.dll
api-ms-win-crt-time-l1-1-0.dll
USERENV.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
COMDLG32.dll
IMM32.dll
xinput1_2.dll
normaliz.dll
Crypt32.dll
api-ms-win-crt-runtime-l1-1-0.dll
msvcp140.dll

Strings analysis - Possible IPs found 26

127.0.0.1
2.5.4.8
2.5.4.9
2.5.4.6
2.5.4.7
2.5.4.4
2.5.4.5
2.5.4.3
2.5.4.72
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
1.3.14.3
2.5.4.45
101.3.4.2
2.5.4.44
2.5.4.65
2.5.29.17
2.5.4.46
2.5.29.18
2.5.29.19
2.5.4.43
2.5.4.42
2.5.4.41

Strings analysis - Possible URLs found 17

http://scripts.sil.org/OFLThis
https://fontawesome.com
https://curl.haxx.se/docs/http-cookies.html
ftp://%s:%s@%s
file://
http://purl.org/dc/elements/1.1/
http://scripts.sil.org/OFLwww.katatrad.comwww.cadsondemak.comThanarat
http://www.w3.org/1999/02/22-rdf-syntax-ns#
file://%s%s%s
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
http://ns.adobe.com/tiff/1.0/
https://shyproduct.xdnz.xyz/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://ns.adobe.com/photoshop/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/exif/1.0/

Import functions

COMDLG32.dll 1 MSVCP140.dll 61 CRYPT32.dll 16 KERNEL32.dll 89 d3dx9_43.dll 1 api-ms-win-crt-locale-l1-1-0.dll 3 api-ms-win-crt-filesystem-l1-1-0.dll 6 api-ms-win-crt-math-l1-1-0.dll 10 api-ms-win-crt-utility-l1-1-0.dll 3 VCRUNTIME140.dll 15 PSAPI.DLL 1 USER32.dll 39 IMM32.dll 3 api-ms-win-crt-string-l1-1-0.dll 10 VCRUNTIME140_1.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 29 api-ms-win-crt-convert-l1-1-0.dll 6 SHELL32.dll 2 RPCRT4.dll 3 api-ms-win-crt-stdio-l1-1-0.dll 32 d3d9.dll 1 USERENV.dll 1 api-ms-win-crt-time-l1-1-0.dll 2 WLDAP32.dll 18 api-ms-win-crt-heap-l1-1-0.dll 6 ADVAPI32.dll 24 WS2_32.dll 29 Normaliz.dll 1

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x1400b50c8

Function	Address	Souspicious	Anti Debug
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x1400b5450
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x1400b5458
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x1400b5460
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z	0x1400b5468
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x1400b5470
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z	0x1400b5478
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z	0x1400b5480
?_Xbad_function_call@std@@YAXXZ	0x1400b5488
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400b5490
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z	0x1400b5498
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z	0x1400b54a0
_Query_perf_frequency	0x1400b54a8
??1_Lockit@std@@QEAA@XZ	0x1400b54b0
??0_Lockit@std@@QEAA@H@Z	0x1400b54b8
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x1400b54c0
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x1400b54c8
?uncaught_exception@std@@YA_NXZ	0x1400b54d0
?_Xout_of_range@std@@YAXPEBD@Z	0x1400b54d8
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x1400b54e0
?_Winerror_map@std@@YAHH@Z	0x1400b54e8
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x1400b54f0
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x1400b54f8
?_Xlength_error@std@@YAXPEBD@Z	0x1400b5500
?_Syserror_map@std@@YAPEBDH@Z	0x1400b5508
_Query_perf_counter	0x1400b5510
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1400b5518
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x1400b5520
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x1400b5528
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x1400b5530
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x1400b5538
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1400b5540
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x1400b5548
??Bid@locale@std@@QEAA_KXZ	0x1400b5550
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x1400b5558
??Bios_base@std@@QEBA_NXZ	0x1400b5560
?good@ios_base@std@@QEBA_NXZ	0x1400b5568
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z	0x1400b5570
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z	0x1400b5578
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z	0x1400b5580
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400b5588
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x1400b5590
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x1400b5598
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x1400b55a0
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1400b55a8
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1400b55b0
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x1400b55b8
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ	0x1400b55c0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x1400b55c8
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1400b55d0
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x1400b55d8
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x1400b55e0
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400b55e8
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x1400b55f0
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x1400b55f8
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x1400b5600
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400b5608
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400b5610
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x1400b5618
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z	0x1400b5620
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z	0x1400b5628
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z	0x1400b5630

Function	Address	Souspicious	Anti Debug
CertCreateCertificateChainEngine	0x1400b50d8
CryptQueryObject	0x1400b50e0
CertGetNameStringA	0x1400b50e8
CertFindExtension	0x1400b50f0
CertAddCertificateContextToStore	0x1400b50f8
CryptDecodeObjectEx	0x1400b5100
CertFreeCertificateChainEngine	0x1400b5108
CryptStringToBinaryA	0x1400b5110
CertGetCertificateChain	0x1400b5118
CertFreeCertificateContext	0x1400b5120
CertFindCertificateInStore	0x1400b5128
CertEnumCertificatesInStore	0x1400b5130
CertCloseStore	0x1400b5138
CertOpenStore	0x1400b5140
PFXImportCertStore	0x1400b5148
CertFreeCertificateChain	0x1400b5150

Function	Address	Souspicious	Anti Debug
GetEnvironmentVariableA	0x1400b5180
GetStdHandle	0x1400b5188
GetFileType	0x1400b5190
ReadFile	0x1400b5198
PeekNamedPipe	0x1400b51a0
WaitForMultipleObjects	0x1400b51a8
CreateFileA	0x1400b51b0
GetFileSizeEx	0x1400b51b8
GetLocaleInfoEx	0x1400b51c0
CreateDirectoryW	0x1400b51c8
FindClose	0x1400b51d0
FindFirstFileW	0x1400b51d8
GetFileAttributesExW	0x1400b51e0
MoveFileExA	0x1400b51e8
GetTickCount	0x1400b51f0
Sleep	0x1400b51f8
GetCurrentProcess	0x1400b5200
CreateThread	0x1400b5208
VirtualProtect	0x1400b5210
CreateFileMappingW	0x1400b5218
MapViewOfFile	0x1400b5220
UnmapViewOfFile	0x1400b5228
GetModuleFileNameA	0x1400b5230
AreFileApisANSI	0x1400b5238
GetFileInformationByHandleEx	0x1400b5240
ReleaseSRWLockExclusive	0x1400b5248
AcquireSRWLockExclusive	0x1400b5250
WakeAllConditionVariable	0x1400b5258
SleepConditionVariableSRW	0x1400b5260
VerifyVersionInfoA	0x1400b5268
RtlLookupFunctionEntry	0x1400b5270
RtlVirtualUnwind	0x1400b5278
UnhandledExceptionFilter	0x1400b5280
SetUnhandledExceptionFilter	0x1400b5288
TerminateProcess	0x1400b5290
IsProcessorFeaturePresent	0x1400b5298
IsDebuggerPresent	0x1400b52a0
GetCurrentProcessId	0x1400b52a8
GetCurrentThreadId	0x1400b52b0
GetSystemTimeAsFileTime	0x1400b52b8
InitializeSListHead	0x1400b52c0
OutputDebugStringW	0x1400b52c8
QueryFullProcessImageNameW	0x1400b52d0
SetLastError	0x1400b52d8
VirtualQueryEx	0x1400b52e0
Module32NextW	0x1400b52e8
GetConsoleWindow	0x1400b52f0
GetModuleHandleW	0x1400b52f8
GetLocalTime	0x1400b5300
Module32FirstW	0x1400b5308
GetSystemInfo	0x1400b5310
Process32FirstW	0x1400b5318
Process32NextW	0x1400b5320
GetLastError	0x1400b5328
CreateToolhelp32Snapshot	0x1400b5330
OpenProcess	0x1400b5338
QueryPerformanceCounter	0x1400b5340
FreeLibrary	0x1400b5348
VerSetConditionMask	0x1400b5350
QueryPerformanceFrequency	0x1400b5358
GetSystemDirectoryA	0x1400b5360
SleepEx	0x1400b5368
LeaveCriticalSection	0x1400b5370
EnterCriticalSection	0x1400b5378
CreateFileW	0x1400b5380
HeapDestroy	0x1400b5388
HeapAlloc	0x1400b5390
HeapReAlloc	0x1400b5398
HeapFree	0x1400b53a0
GetProcAddress	0x1400b53a8
CloseHandle	0x1400b53b0
LoadLibraryA	0x1400b53b8
GetModuleHandleA	0x1400b53c0
GlobalUnlock	0x1400b53c8
WideCharToMultiByte	0x1400b53d0
GlobalLock	0x1400b53d8
GlobalFree	0x1400b53e0
GlobalAlloc	0x1400b53e8
MultiByteToWideChar	0x1400b53f0
LocalFree	0x1400b53f8
ReadProcessMemory	0x1400b5400
WriteProcessMemory	0x1400b5408
FormatMessageA	0x1400b5410
HeapSize	0x1400b5418
GetProcessHeap	0x1400b5420
WaitForSingleObjectEx	0x1400b5428
InitializeCriticalSectionEx	0x1400b5430
RtlCaptureContext	0x1400b5438
DeleteCriticalSection	0x1400b5440

Function	Address	Souspicious	Anti Debug
D3DXCreateTextureFromFileInMemoryEx	0x1400b5db8

Function	Address	Souspicious	Anti Debug
___lc_codepage_func	0x1400b5aa8
_configthreadlocale	0x1400b5ab0
localeconv	0x1400b5ab8

Function	Address	Souspicious	Anti Debug
_unlink	0x1400b5a38
_lock_file	0x1400b5a40
_access	0x1400b5a48
_fstat64	0x1400b5a50
_unlock_file	0x1400b5a58
_stat64	0x1400b5a60

Function	Address	Souspicious	Anti Debug
floorf	0x1400b5ac8
_dclass	0x1400b5ad0
__setusermatherr	0x1400b5ad8
_hypotf	0x1400b5ae0
acosf	0x1400b5ae8
ceilf	0x1400b5af0
cosf	0x1400b5af8
sqrtf	0x1400b5b00
sinf	0x1400b5b08
fmodf	0x1400b5b10

Function	Address	Souspicious	Anti Debug
srand	0x1400b5d88
qsort	0x1400b5d90
rand	0x1400b5d98

Function	Address	Souspicious	Anti Debug
memchr	0x1400b57e8
__std_terminate	0x1400b57f0
__C_specific_handler	0x1400b57f8
__current_exception_context	0x1400b5800
__current_exception	0x1400b5808
strrchr	0x1400b5810
memset	0x1400b5818
memmove	0x1400b5820
memcpy	0x1400b5828
memcmp	0x1400b5830
strchr	0x1400b5838
_CxxThrowException	0x1400b5840
__std_exception_copy	0x1400b5848
__std_exception_destroy	0x1400b5850
strstr	0x1400b5858

Function	Address	Souspicious	Anti Debug
GetModuleInformation	0x1400b5650

Function	Address	Souspicious	Anti Debug
PeekMessageW	0x1400b5698
SetWindowDisplayAffinity	0x1400b56a0
GetWindowThreadProcessId	0x1400b56a8
FindWindowA	0x1400b56b0
DefWindowProcW	0x1400b56b8
GetWindowRect	0x1400b56c0
DestroyWindow	0x1400b56c8
SetWindowPos	0x1400b56d0
MessageBoxW	0x1400b56d8
CreateWindowExW	0x1400b56e0
UnregisterClassW	0x1400b56e8
RegisterClassExW	0x1400b56f0
ShowWindow	0x1400b56f8
GetAsyncKeyState	0x1400b5700
DispatchMessageW	0x1400b5708
SetClipboardData	0x1400b5710
GetClipboardData	0x1400b5718
EmptyClipboard	0x1400b5720
CloseClipboard	0x1400b5728
GetCapture	0x1400b5730
OpenClipboard	0x1400b5738
GetCursorPos	0x1400b5740
SetCursorPos	0x1400b5748
ReleaseCapture	0x1400b5750
GetClientRect	0x1400b5758
SetCursor	0x1400b5760
SetCapture	0x1400b5768
LoadCursorW	0x1400b5770
GetForegroundWindow	0x1400b5778
IsChild	0x1400b5780
ClientToScreen	0x1400b5788
MessageBoxA	0x1400b5790
ScreenToClient	0x1400b5798
GetKeyState	0x1400b57a0
UpdateWindow	0x1400b57a8
GetDesktopWindow	0x1400b57b0
PostQuitMessage	0x1400b57b8
SetWindowLongW	0x1400b57c0
TranslateMessage	0x1400b57c8

Function	Address	Souspicious	Anti Debug
ImmGetContext	0x1400b5160
ImmSetCompositionWindow	0x1400b5168
ImmReleaseContext	0x1400b5170

Function	Address	Souspicious	Anti Debug
_wcsicmp	0x1400b5d18
isupper	0x1400b5d20
strncpy	0x1400b5d28
tolower	0x1400b5d30
strncmp	0x1400b5d38
strpbrk	0x1400b5d40
_strdup	0x1400b5d48
strcmp	0x1400b5d50
strcspn	0x1400b5d58
strspn	0x1400b5d60

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x1400b5868

Function	Address	Souspicious	Anti Debug
_errno	0x1400b5b20
system	0x1400b5b28
strerror	0x1400b5b30
__sys_nerr	0x1400b5b38
_invalid_parameter_noinfo	0x1400b5b40
_resetstkoflw	0x1400b5b48
exit	0x1400b5b50
_wassert	0x1400b5b58
_beginthreadex	0x1400b5b60
_getpid	0x1400b5b68
abort	0x1400b5b70
_register_thread_local_exe_atexit_callback	0x1400b5b78
_c_exit	0x1400b5b80
__p___argv	0x1400b5b88
__p___argc	0x1400b5b90
terminate	0x1400b5b98
_exit	0x1400b5ba0
_initterm_e	0x1400b5ba8
_initterm	0x1400b5bb0
_get_initial_narrow_environment	0x1400b5bb8
_set_app_type	0x1400b5bc0
_seh_filter_exe	0x1400b5bc8
_cexit	0x1400b5bd0
_crt_atexit	0x1400b5bd8
_register_onexit_function	0x1400b5be0
_initialize_onexit_table	0x1400b5be8
_initialize_narrow_environment	0x1400b5bf0
_configure_narrow_argv	0x1400b5bf8
_invalid_parameter_noinfo_noreturn	0x1400b5c00

Function	Address	Souspicious	Anti Debug
atoi	0x1400b5a00
strtoul	0x1400b5a08
strtoull	0x1400b5a10
strtoll	0x1400b5a18
strtod	0x1400b5a20
strtol	0x1400b5a28

Function	Address	Souspicious	Anti Debug
ShellExecuteW	0x1400b5680
ShellExecuteA	0x1400b5688

Function	Address	Souspicious	Anti Debug
UuidCreate	0x1400b5660
UuidToStringA	0x1400b5668
RpcStringFreeA	0x1400b5670

Function	Address	Souspicious	Anti Debug
fwrite	0x1400b5c10
_wfopen	0x1400b5c18
__stdio_common_vsprintf	0x1400b5c20
fseek	0x1400b5c28
_lseeki64	0x1400b5c30
fread	0x1400b5c38
_read	0x1400b5c40
__stdio_common_vsscanf	0x1400b5c48
_write	0x1400b5c50
_close	0x1400b5c58
__p__commode	0x1400b5c60
fputs	0x1400b5c68
fopen	0x1400b5c70
fputc	0x1400b5c78
_open	0x1400b5c80
fclose	0x1400b5c88
fflush	0x1400b5c90
__acrt_iob_func	0x1400b5c98
_popen	0x1400b5ca0
_pclose	0x1400b5ca8
fgets	0x1400b5cb0
feof	0x1400b5cb8
ftell	0x1400b5cc0
_get_stream_buffer_pointers	0x1400b5cc8
_set_fmode	0x1400b5cd0
_fseeki64	0x1400b5cd8
fsetpos	0x1400b5ce0
ungetc	0x1400b5ce8
fgetc	0x1400b5cf0
setvbuf	0x1400b5cf8
fgetpos	0x1400b5d00
__stdio_common_vfprintf	0x1400b5d08

Function	Address	Souspicious	Anti Debug
Direct3DCreate9	0x1400b5da8

Function	Address	Souspicious	Anti Debug
UnloadUserProfile	0x1400b57d8

Function	Address	Souspicious	Anti Debug
_gmtime64	0x1400b5d70
_time64	0x1400b5d78

Function	Address	Souspicious	Anti Debug
None	0x1400b5878
None	0x1400b5880
None	0x1400b5888
None	0x1400b5890
None	0x1400b5898
None	0x1400b58a0
None	0x1400b58a8
None	0x1400b58b0
None	0x1400b58b8
None	0x1400b58c0
None	0x1400b58c8
None	0x1400b58d0
None	0x1400b58d8
None	0x1400b58e0
None	0x1400b58e8
None	0x1400b58f0
None	0x1400b58f8
None	0x1400b5900

Function	Address	Souspicious	Anti Debug
realloc	0x1400b5a70
_set_new_mode	0x1400b5a78
calloc	0x1400b5a80
malloc	0x1400b5a88
free	0x1400b5a90
_callnewh	0x1400b5a98

Function	Address	Souspicious	Anti Debug
RegCreateKeyExW	0x1400b5000
RegQueryValueExW	0x1400b5008
RegOpenKeyExW	0x1400b5010
RegSetValueExW	0x1400b5018
RegCloseKey	0x1400b5020
OpenProcessToken	0x1400b5028
AddAccessAllowedAce	0x1400b5030
GetLengthSid	0x1400b5038
GetTokenInformation	0x1400b5040
InitializeAcl	0x1400b5048
IsValidSid	0x1400b5050
SetSecurityInfo	0x1400b5058
CopySid	0x1400b5060
ConvertSidToStringSidA	0x1400b5068
CryptAcquireContextA	0x1400b5070
CryptEncrypt	0x1400b5078
CryptImportKey	0x1400b5080
CryptDestroyKey	0x1400b5088
CryptDestroyHash	0x1400b5090
CryptHashData	0x1400b5098
CryptCreateHash	0x1400b50a0
CryptGenRandom	0x1400b50a8
CryptGetHashParam	0x1400b50b0
CryptReleaseContext	0x1400b50b8

Function	Address	Souspicious	Anti Debug
gethostname	0x1400b5910
sendto	0x1400b5918
recvfrom	0x1400b5920
ntohl	0x1400b5928
WSAStartup	0x1400b5930
freeaddrinfo	0x1400b5938
getaddrinfo	0x1400b5940
accept	0x1400b5948
select	0x1400b5950
__WSAFDIsSet	0x1400b5958
WSAGetLastError	0x1400b5960
closesocket	0x1400b5968
recv	0x1400b5970
ioctlsocket	0x1400b5978
send	0x1400b5980
WSAIoctl	0x1400b5988
listen	0x1400b5990
WSASetLastError	0x1400b5998
socket	0x1400b59a0
setsockopt	0x1400b59a8
ntohs	0x1400b59b0
WSACleanup	0x1400b59b8
bind	0x1400b59c0
connect	0x1400b59c8
getpeername	0x1400b59d0
getsockname	0x1400b59d8
htonl	0x1400b59e0
htons	0x1400b59e8
getsockopt	0x1400b59f0

Function	Address	Souspicious	Anti Debug
IdnToAscii	0x1400b5640