Virus total nelle informazioni addizionali ha messo questo:
SHELL32.DLL
ShellExecuteA
KERNEL32.dll
AddAtomA, CloseHandle, CreateSemaphoreA, CreateToolhelp32Snapshot, ExitProcess, FindAtomA, GetAtomNameA, GetLastError, InterlockedDecrement, InterlockedIncrement, OpenProcess, Process32First, Process32Next, ReadProcessMemory, ReleaseSemaphore, SetLastError, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, WaitForSingleObject, WriteProcessMemory
msvcrt.dll
__getmainargs, __mb_cur_max, __p__environ, __p__fmode, __set_app_type, _assert, _cexit, _ctype, _errno, _filelengthi64, _fstati64, _iob, _isctype, _lseeki64, _onexit, _pctype, _setmode, _strnicmp, _vsnprintf, abort, atexit, fclose, fflush, fgetpos, fopen, fprintf, fread, free, fsetpos, fwrite, getc, localeconv, malloc, memchr, memcpy, memmove, memset, printf, putc, setlocale, setvbuf, signal, strcmp, strcoll, strcpy, strftime, strlen, strtod, strxfrm, system, time, ungetc
Già per il fatto che ci sia Read e Write memory non sa niente di buono. Prova a farlo girare su una macchina virtuale.