f8406bce17b4d4394318e9213c6999a4623954005b8a66a0e5c7bf670553dc21

Sharing

Copy URL Twitter E-mail

General

Target

f8406bce17b4d4394318e9213c6999a4623954005b8a66a0e5c7bf670553dc21
Size

2.7MB
MD5

8baa5961f644971b66da55b59277c023
SHA1

63fe071c6710d9205b22f3f6c7c4500cb25e23d6
SHA256

f8406bce17b4d4394318e9213c6999a4623954005b8a66a0e5c7bf670553dc21
SHA512

322d365ad5da53b80d3e4d0d15aea37aff0a26d62ab3bdaba7f626fe60403e9c7ad9307099140f5347a091367a7b36aa9338c61e451c6d23f58323b700c6a4cf
SSDEEP

49152:ILyz7/mp/yhoyg8eFyVKQMbEQoqiVMdviGNwwBd8vB6bTNOyh4eKEMksx:SILmZyhoz8e2KdkqrhNwcW8bFh4eqx

Score

N/A

Malware Config

Signatures

Files

f8406bce17b4d4394318e9213c6999a4623954005b8a66a0e5c7bf670553dc21
.rar
SSShim.dll
.dll windows x64

1f513b29ef2594a76a9bea27179c7725

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:02:b6:4d:20:24:cb:b7:93:ca:2f:26:f8:c2:7b:9d:d3:fa:c4:6c:00:f7:9d:89:f4:ac:38:10:42:3c:a3:03
Signer

Actual PE Digest

03:02:b6:4d:20:24:cb:b7:93:ca:2f:26:f8:c2:7b:9d:d3:fa:c4:6c:00:f7:9d:89:f4:ac:38:10:42:3c:a3:03

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

__C_specific_handler
LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
DbgPrintEx
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
strncmp
_snprintf_s
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
wcstoul
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove
memcmp
memcpy
memset

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Startup_BeforeShell.cmd
StateRepository.Core.dll
.dll windows x64

4c3fa874e14bce243ec9e5ba9e661936

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:fe:89:b1:77:5a:d9:d8:a4:be:76:6d:9a:68:cb:3f:7c:1f:bf:ea:30:ae:1d:57:ff:1e:13:4f:55:8d:f6:e1
Signer

Actual PE Digest

3e:fe:89:b1:77:5a:d9:d8:a4:be:76:6d:9a:68:cb:3f:7c:1f:bf:ea:30:ae:1d:57:ff:1e:13:4f:55:8d:f6:e1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__endthreadex
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__msize
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_realloc
__C_specific_handler
_o__cexit
_o__beginthreadex
_o___std_type_info_destroy_list
memcmp
memcpy

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

api-ms-win-core-file-l1-1-0

WriteFile
GetDiskFreeSpaceW
GetFullPathNameW
LockFile
SetFilePointer
GetFileAttributesExW
CreateFileA
LockFileEx
GetFullPathNameA
GetFileAttributesA
FlushFileBuffers
SetEndOfFile
UnlockFileEx
ReadFile
CreateFileW
GetFileAttributesW
GetDiskFreeSpaceA
DeleteFileA
DeleteFileW
UnlockFile
GetFileSize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateMutexW
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
TryEnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapValidate
HeapCreate
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapCompact
HeapDestroy
HeapSize

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FlushViewOfFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StorageUsage.dll
.dll regsvr32 windows x64

e297337c6894d234f495980eafac0074

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_amsg_exit
memmove
memcpy
_initterm
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
free
__dllonexit
wcscpy_s
calloc
wcsnlen
time
_onexit
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_XcptFilter
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
rand
memcpy_s
srand
_vsnwprintf
__CxxFrameHandler3
_wcsicmp
__C_specific_handler
_lock
memset

rpcrt4

RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
NdrClientCall3
I_RpcExceptionFilter
NdrOleFree
Ndr64AsyncClientCall
NdrOleAllocate

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCanonicalize

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadLibraryExA
GetProcAddress
GetModuleFileNameA

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexExW
SetEvent
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
TerminateProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
ReadFile
GetFileAttributesW

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtClose
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetDeviceFamilyInfoEnum
NtCreateFile
NtQueryDirectoryFile

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

CloseFindStorage
CloseFindStorageSearch
DismountVolume
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FinalizeVolume
FindNextStorageType
FindNextStorageTypeEx
FindNextStorageTypeExAsync
FormatVolume
GetAppSize
GetStorageDebugInfo
GetStorageDeviceInfo
GetStorageExecutionInfo
GetStorageInstanceCount
GetStorageInstanceCountForMaps
GetStoragePolicySettings
GetStorageSettings
GetStorageStateName
GetStorageUsageInfo
GetTopFolders
MIDL_user_allocate
MIDL_user_free
MountVolume
MoveFileInheritSecurityW
OpenStorageTypeSearch
PredictStorageHealth
ProcessStorageCardChange
ProvisionForAppInstall
RebootToFlashingMode
RebootToUosFlashing
ResetPhoneEx
ResetStoragePolicySettings
ScanVolume
SelectStorageVolume
SelectStorageVolumeEx
SetStoragePolicySettings
SetStorageSettings
TriggerBlinkCleanup
TriggerDownloadsCleanup
TriggerLowStorageNotification
TriggerStorageCleanup
TriggerStoragePolicies
TriggerStorageTypeRefresh
TriggerTempFileCleanup

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Storprop.dll
.dll windows x64

ee3f1a97023c598aa2d0db59c39e70ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
memset
_initterm
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
_wcsnicmp
_wcsicmp
swscanf
mbstowcs
_wtoi
_vsnwprintf
strncmp
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LocalAlloc
CreateFileW
LocalFree
DisableThreadLibraryCalls
GetCurrentProcess
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
SetLastError
DeactivateActCtx
LoadLibraryW
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
HeapFree
GetModuleHandleW
DefineDosDeviceW
DeviceIoControl
CreateThread
CreateMutexW
WaitForSingleObject
EnumSystemGeoID
ReleaseMutex
GetGeoInfoW
GetUserGeoID
TerminateProcess
lstrcmpW
GetSystemDirectoryW
lstrcmpiW
FormatMessageW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary

advapi32

CheckTokenMembership
WmiSetSingleInstanceW
WmiExecuteMethodW
WmiQueryAllDataW
WmiCloseBlock
WmiQuerySingleInstanceW
WmiOpenBlock
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken

setupapi

SetupDiSetDeviceRegistryPropertyW
CM_Reenumerate_DevNode_Ex
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupCloseInfFile
SetupGetIntField
SetupFindFirstLineW
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupVerifyInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiEnumDeviceInterfaces
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW

user32

IsWindowEnabled
EndDialog
DialogBoxParamW
SetWindowTextW
IsDlgButtonChecked
SetFocus
GetSystemMetrics
GetClientRect
DestroyWindow
LoadCursorW
SetCursor
SetWindowLongW
MessageBoxW
GetWindowTextW
PeekMessageW
GetWindowLongPtrW
SetWindowLongPtrW
LoadIconW
SendDlgItemMessageW
EnableWindow
GetDlgItem
CheckDlgButton
LoadStringW
ShowWindow
SetDlgItemTextW
GetParent
MsgWaitForMultipleObjects
CheckRadioButton
SendMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
MapWindowPoints
SetWindowPos

shell32

ord178
ShellExecuteExW

uxtheme

SetWindowTheme

Exports

Exports

AtaPropPageProvider
CdromDisableDigitalPlayback
CdromEnableDigitalPlayback
CdromIsDigitalPlaybackEnabled
CdromKnownGoodDigitalPlayback
CdromSetDefaultDvdRegion
DiskClassInstaller
DiskPropPageProvider
DvdClassInstaller
DvdLauncher
DvdPropPageProvider
HdcCoInstaller

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StructuredQuery.dll
.dll regsvr32 windows x64

40bdaf1e50ae0a656bdb120f5352ab5f

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:b7:78:e5:a1:9a:72:83:d9:41:f4:59:ed:7b:34:3a:4d:5e:7b:0e:13:56:4d:b6:19:ba:18:ac:b0:97:eb:ce
Signer

Actual PE Digest

9f:b7:78:e5:a1:9a:72:83:d9:41:f4:59:ed:7b:34:3a:4d:5e:7b:0e:13:56:4d:b6:19:ba:18:ac:b0:97:eb:ce

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsncmp
?what@exception@@UEBAPEBDXZ
_wcsnicmp
_wtoi
_CxxThrowException
iswspace
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??1type_info@@UEAA@XZ
_vsnprintf_s
??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
bsearch
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
memcmp
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
swscanf_s
memmove
memmove_s
wcschr
??0exception@@QEAA@AEBQEBD@Z
swscanf
_vsnwprintf
_purecall
memcpy
memset

oleaut32

VarNumFromParseNum
VarParseNumFromStr
VarI4FromStr
LPSAFEARRAY_UserUnmarshal64
SysAllocStringLen
SysStringLen
VariantClear
VarUdateFromDate
VarDateFromUdate
SysFreeString
VarBstrFromDate
SysAllocString
VariantCopy
VariantInit
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
BSTR_UserSize
LPSAFEARRAY_UserSize64
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserMarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserUnmarshal64

rpcrt4

IUnknown_AddRef_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrOleFree
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Disconnect
NdrClientCall3
NdrStubCall3
NdrDllGetClassObject
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
NdrOleAllocate
NdrCStdStubBuffer2_Release

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
ObjectStublessClient4
NdrProxyForwardingFunction6
ObjectStublessClient12
ObjectStublessClient7
ObjectStublessClient11
ObjectStublessClient5
CStdStubBuffer2_CountRefs
ObjectStublessClient15
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction5
NdrProxyForwardingFunction7
CStdStubBuffer2_Connect
NdrProxyForwardingFunction4
NdrProxyForwardingFunction3
ObjectStublessClient6
ObjectStublessClient8
NdrProxyForwardingFunction10
ObjectStublessClient9
ObjectStublessClient10
ObjectStublessClient14
NdrProxyForwardingFunction9

api-ms-win-shcore-unicodeansi-l1-1-0

SHUnicodeToAnsi

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FindNLSStringEx
GetLocaleInfoEx
GetCalendarInfoEx
IsValidLocaleName
GetSystemPreferredUILanguages
GetUserDefaultLocaleName
FormatMessageW
GetSystemDefaultLCID
ResolveLocaleName
GetLocaleInfoW
LocaleNameToLCID
LCMapStringW
GetSystemDefaultLangID
GetUserDefaultLangID

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
CompareStringW
CompareStringOrdinal
GetStringTypeExW
WideCharToMultiByte
CompareStringEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrW
StrCmpIW
StrChrW
StrStrIW
StrCmpNW
QISearch
StrToIntExW
StrTrimW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
EnterCriticalSection
CreateMutexExW
DeleteCriticalSection
InitializeSRWLock

api-ms-win-core-file-l1-1-0

WriteFile
CompareFileTime
GetFileTime
CreateDirectoryW
SetFilePointer
CreateFileW
GetFileAttributesExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-calendar-l1-1-0

ConvertSystemTimeToCalDateTime
AdjustCalendarDate
GetCalendarSupportedDateRange
UpdateCalendarDayOfWeek
GetCalendarDateFormatEx
ConvertCalDateTimeToSystemTime
IsCalendarLeapYear

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetLocalTime
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
LoadResource
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FindResourceExW
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsGetValue
GetCurrentProcessId
OpenProcessToken
TlsAlloc
TlsSetValue

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-shcore-path-l1-1-0

ord170

shcore

ord200
ord130
ord123
ord141

api-ms-win-core-localization-l2-1-0

EnumTimeFormatsEx
EnumDateFormatsExEx
EnumCalendarInfoExEx

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

ntdll

RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled
RtlNtStatusToDosError

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SwitchToAdmin.cmd
SwitchToAdmin.ini
SwitchToAdminLogon.ini
SwitchToAdminPrepare.ini
SwitchToAdminSystem.cmd
SwitchToAdminSystem.ini
SwitchToSystem.ini
srvsvc.dll
.dll windows x64

f2c73ddaf7ec1d0d925e50b9450a5470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcsnlen
wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__execute_onexit_table
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_free
_o_rand
_o_srand
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___std_type_info_destroy_list
__C_specific_handler
wcschr
memcmp
memcpy

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
GetAclInformation
ImpersonateSelf
RevertToSelf
CheckTokenMembership
GetSecurityDescriptorDacl
GetFileSecurityW
GetLengthSid
AccessCheck
AddAccessAllowedAceEx
CreateWellKnownSid
EqualSid
SetFileSecurityW
GetAce

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError

rpcrt4

RpcServerInqCallAttributesW
RpcImpersonateClient
RpcRevertToSelf
NdrAsyncServerCall
Ndr64AsyncServerCallAll
NdrServerCallAll
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcStringFreeW
UuidCreate
RpcStringBindingParseW
RpcServerRegisterIfEx
NdrServerCall2
RpcRevertToSelfEx
RpcBindingVectorFree
RpcBindingServerFromClient
RpcBindingFree
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcAsyncAbortCall
RpcAsyncCompleteCall
RpcServerTestCancel

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
CreateProcessW
OpenThreadToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateEventW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
SetEvent
DeleteCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetComputerNameExW
GetSystemTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-file-l1-1-0

CreateFileW
GetDriveTypeW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

FormatMessageW

ws2_32

WSACleanup
GetAddrInfoW
WSAStartup
FreeAddrInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

cfgmgr32

CMP_Register_Notification

ntdll

NtQuerySystemInformation
RtlCheckRegistryKey
RtlCreateRegistryKey
RtlFreeUnicodeString
RtlGetNtProductType
RtlVerifyVersionInfo
RtlQueryEnvironmentVariable_U
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlIntegerToUnicodeString
RtlDestroyEnvironment
RtlCopyUnicodeString
NtCreateEvent
NtSetEvent
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlUnicodeStringToOemString
NtOpenFile
RtlMakeSelfRelativeSD
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQueryValueKey
NtOpenSymbolicLinkObject
RtlUpcaseUnicodeChar
RtlInitializeResource
RtlDosPathNameToNtPathName_U
RtlNewSecurityObjectEx
RtlGetNtSystemRoot
NtQueryInformationFile
RtlDeleteRegistryValue
RtlDeleteResource
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeHeap
RtlInitString
RtlFreeOemString
RtlOemStringToUnicodeString
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlReleaseResource
NtCreateFile
NtFsControlFile
RtlUnicodeStringToInteger
RtlInitUnicodeString
EtwTraceMessage
RtlDeleteSecurityObject
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
NtClose
RtlSetSecurityObject
RtlWriteRegistryValue
RtlQueryRegistryValuesEx
RtlLengthSecurityDescriptor
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtAccessCheckAndAuditAlarm
RtlAdjustPrivilege
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlAddAce
RtlLengthSid
RtlNewSecurityObject
RtlCopySid
RtlCreateAcl
RtlCopySecurityDescriptor
RtlValidRelativeSecurityDescriptor
EtwRegisterTraceGuidsW
RtlSetOwnerSecurityDescriptor
NtQuerySymbolicLinkObject

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sscore.dll
.dll windows x64

7ead50a9c8aa9bf25fee75db2e7ba462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__wcsnicmp
_o___std_type_info_destroy_list
memcpy
__C_specific_handler

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

NtFsControlFile
RtlStringFromGUID
NtCreateEvent
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtOpenFile
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlReleaseResource
NtClose
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlInitString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SsCoreAliasAdd
SsCoreAliasAddEx
SsCoreAliasDel
SsCoreAliasDelEx
SsCoreCloseInstance
SsCoreCompleteCsvVolumeDrain
SsCoreDeregisterNetnameForMultichannel
SsCoreFileDel
SsCoreFileDelForInstance
SsCoreFileEnum
SsCoreFileEnumForInstance
SsCoreFileNotifyClose
SsCoreFileNotifyCloseForInstance
SsCoreFreeBuffer
SsCoreInitialize
SsCoreInitializeEx
SsCoreInvalidationRequest
SsCoreLockVolumes
SsCoreMarkAsClusterSvc
SsCoreNodeResetInfo
SsCoreNodeSetInfo
SsCoreOpenInstance
SsCoreRefreshSrvCredentialHandle
SsCoreRegisterNetnameForMultichannel
SsCoreServerTransportSetInfo
SsCoreSessionDel
SsCoreSessionDelForInstance
SsCoreSessionEnlist
SsCoreSessionEnum
SsCoreSessionEnumForInstance
SsCoreSetMaxClusterDialect
SsCoreShareAdd
SsCoreShareAddEx
SsCoreShareAddForInstance
SsCoreShareCleanup
SsCoreShareDel
SsCoreShareDelForInstance
SsCoreShareGetInfo
SsCoreShareGetInfoForInstance
SsCoreShareSetInfo
SsCoreShareSetInfoForInstance
SsCoreShareShutdownForScope
SsCoreStartCsvVolumeDrain
SsCoreStartInstance
SsCoreStopInstance
SsCoreUninitialize
SsCoreUnlockVolumes

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sscoreext.dll
.dll windows x64

68de4772527ad7e5f7744a5d78b60355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
__C_specific_handler
_initterm
malloc
free
_XcptFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SsCoreExtMiApplicationClose
SsCoreExtMiApplicationInitialize
SsCoreExtMiApplicationNewOperationOptions
SsCoreExtMiApplicationNewParameterSet
SsCoreExtMiApplicationNewSession
SsCoreExtMiInstanceAddElement
SsCoreExtMiInstanceDelete
SsCoreExtMiOperationClose
SsCoreExtMiOperationGetInstance
SsCoreExtMiOperationOptionsDelete
SsCoreExtMiOperationOptionsSetResourceUriPrefix
SsCoreExtMiSessionClose
SsCoreExtMiSessionInvoke

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssdpapi.dll
.dll windows x64

4207d3d1e1a994e014c07a8c6ff5596f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
_XcptFilter
_initterm
memcpy
_lock
_unlock
strncmp
_atoi64
atoi
strchr
isdigit
strrchr
_purecall
_stricmp
strtoul
malloc
free
__C_specific_handler
_onexit
__dllonexit
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwGetTraceEnableFlags

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexA
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
CreateEventA
ResetEvent
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
SetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
ResumeThread
GetCurrentProcessId
GetCurrentProcess
CreateThread

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueEx
CreateTimerQueue

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BeginRegisterPropChangeNotificationEx
CleanupCache
DHSetICSInterfaces
DHSetICSOff
DeregisterNotification
DeregisterService
DisableFirewallRule
EnableFirewallRule
EndRegisterPropChangeNotificationEx
FindServices
FindServicesCallback
FindServicesCallbackEx
FindServicesCancel
FindServicesClose
FindServicesEx
FindServicesOnNetworkCallbackEx
FreeSsdpMessage
FreeSsdpMessageEx
GetFirstService
GetFirstServiceEx
GetNextService
GetNextServiceEx
RegisterAliveNotificationOnNetworkEx
RegisterNotification
RegisterNotificationEx
RegisterService
RegisterServiceEx
SsdpCleanup
SsdpStartup

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sspicli.dll
.dll windows x64

1a813d04520e602a9e31cb5e06f81d1d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:d2:4e:54:6e:27:de:cd:cc:07:98:e7:ef:40:ef:86:4c:1f:86:0b:7e:72:b2:d6:3d:70:f7:7a:ab:4a:0f:19
Signer

Actual PE Digest

11:d2:4e:54:6e:27:de:cd:cc:07:98:e7:ef:40:ef:86:4c:1f:86:0b:7e:72:b2:d6:3d:70:f7:7a:ab:4a:0f:19

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l1-1-0

memcpy
memmove
memset
_wcsicmp
strncpy_s
_vsnprintf_s
strcpy_s
wcsstr
wcsrchr
wcschr
__C_specific_handler
memcmp
wcscmp

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

ntdll

RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
NtQueryEvent
RtlDeleteCriticalSection
RtlLookupElementGenericTableFullAvl
NtOpenThreadToken
RtlLeaveCriticalSection
NtDeviceIoControlFile
NtFreeVirtualMemory
RtlInitUnicodeString
NtOpenEvent
RtlGetElementGenericTableAvl
NtClose
NtOpenThreadTokenEx
NtSetInformationThread
RtlLengthSid
RtlCopySid
RtlCopyUnicodeString
NtQueryInformationThread
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCreateUnicodeStringFromAsciiz
DbgPrintEx
RtlInitializeCriticalSection
NtAllocateLocallyUniqueId
RtlValidSid
RtlCheckTokenMembershipEx
RtlEqualSid
RtlInitString
NtWaitForSingleObject
NtDuplicateObject
RtlCompareUnicodeString
RtlDeleteResource
RtlInitializeResource
RtlGetNtProductType
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
RtlFreeHeap
RtlAllocateHeap
RtlCompareMemory
NtQueryInformationToken
RtlEnterCriticalSection
NtOpenProcessToken
RtlInsertElementGenericTableAvl
NtOpenFile
RtlStringFromGUID
RtlEqualUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlNtStatusToDosError
RtlxAnsiStringToUnicodeSize
RtlxUnicodeStringToAnsiSize
RtlNtStatusToDosErrorNoTeb

rpcrt4

RpcStringFreeW
I_RpcMapWin32Status
RpcBindingUnbind
RpcBindingFree
RpcSsDestroyClientContext
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
NdrServerCall2
NdrServerCallAll
I_RpcExceptionFilter
RpcExceptionFilter

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileTime
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
TlsSetValue
TerminateProcess
TlsFree
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LogonUserExExW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
QueryContextAttributesA
QueryContextAttributesExA
QueryContextAttributesExW
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesExA
QueryCredentialsAttributesExW
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SecCacheSspiPackages
SecDeleteUserModeContext
SecInitUserModeContext
SeciAllocateAndSetCallFlags
SeciAllocateAndSetCallTarget
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SeciIsProtectedUser
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiDecryptAuthIdentityEx
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiEncryptAuthIdentityEx
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetComputerNameForSPN
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiUnmarshalAuthIdentityInternal
SspiValidateAuthIdentity
SspiZeroAuthIdentity
UnsealMessage
VerifySignature

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sspisrv.dll
.dll windows x64

8c979524d7d5e58007aaa4041c740e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l1-1-0

__C_specific_handler
_vsnprintf_s
memcpy
strcpy_s
memset

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

ntdll

NtQueryInformationToken
RtlAllocateAndInitializeSid
RtlValidSid
DbgPrintEx
NtClose
RtlCreateAndSetSD
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenThreadToken
RtlFreeSid
RtlDeriveCapabilitySidsFromName

rpcrt4

RpcImpersonateClient
RpcServerUseProtseqEpW
I_RpcExceptionFilter
RpcServerRegisterIf3
RpcRevertToSelfEx
NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcServerInqCallAttributesW
I_RpcMapWin32Status

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

SspiSrvClientCallback
SspiSrvInitialize
SspirAcquireCredentialsHandle
SspirDeleteSecurityContext
SspirProcessSecurityContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sstpsvc.dll
.dll windows x64

3ad282878aa37da82bbb738573a71130

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcstok_s
wcsstr
memcmp
memmove
wcscmp
memset
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
time
??0exception@@QEAA@AEBV0@@Z
memcpy
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??3@YAXPEAX@Z
rand
wcscpy_s
_wcsicmp
srand
??_V@YAXPEAX@Z
__CxxFrameHandler3
_vsnprintf
_vsnwprintf
_stricmp
_strcmpi

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlLookupFunctionEntry
ReadFile
MultiByteToWideChar
SetThreadpoolTimer
WideCharToMultiByte
GetModuleHandleW
RtlCompareMemory
LocalFree
WaitForThreadpoolIoCallbacks
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CreateThreadpoolIo
CreateThreadpoolCleanupGroup
CreateThreadpool
CreateFileW
SubmitThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolTimer
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
CancelThreadpoolIo
StartThreadpoolIo
DeviceIoControl
CloseThreadpoolWork
CancelIoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
UnregisterWaitEx
Sleep
SetEvent
CloseHandle
GetLastError
lstrcmpiW
SetFilePointerEx
DeleteFileW
GetCurrentThread
CreateEventW
GlobalAlloc
SetEndOfFile
ExpandEnvironmentStringsW
WriteFile
GetFileSizeEx
ReleaseMutex
CreateMutexW
WaitForSingleObject
InitializeSRWLock

advapi32

RegQueryValueExW
EventWriteTransfer
RegisterServiceCtrlHandlerExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
OpenThreadToken
MapGenericMask
InitializeSecurityDescriptor
GetFileSecurityW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
AccessCheck
SetSecurityDescriptorDacl
CryptAcquireContextW
SetServiceStatus
CryptReleaseContext

user32

LoadStringW

rtutils

RouterLogRegisterW
RouterLogDeregisterW
RouterGetErrorStringW
RouterLogEventStringW
RouterLogEventDataW
RouterLogEventW

httpapi

HttpCloseUrlGroup
HttpReceiveHttpRequest
HttpSendResponseEntityBody
HttpSendHttpResponse
HttpWaitForDisconnect
HttpCloseServerSession
HttpInitialize
HttpCreateServerSession
HttpCreateUrlGroup
HttpAddUrlToUrlGroup
HttpCreateRequestQueue
HttpSetUrlGroupProperty
HttpCloseRequestQueue
HttpSetServiceConfiguration
HttpReceiveRequestEntityBody
HttpDeleteServiceConfiguration
HttpQueryServiceConfiguration
HttpTerminate

crypt32

CryptHashCertificate
CertOpenStore
CertCompareCertificate
CertFindCertificateInStore
CertCloseStore
CertDuplicateCertificateContext
CertNameToStrW
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateContextProperty

ws2_32

WSAStartup
WSAStringToAddressW
WSACleanup

rpcrt4

RpcServerUnregisterIf
I_RpcBindingIsClientLocal
RpcServerRegisterAuthInfoA
NdrServerCall2
NdrServerCallAll
RpcServerUseProtseqEpA
RpcRevertToSelf
RpcImpersonateClient
UuidCreate
UuidFromStringA
RpcServerRegisterIfEx

webio

ord1
ord23
ord18
ord21
ord22
ord24
ord26
ord31
ord17
ord5
ord4
ord10
ord27
ord8
ord11
ord25
ord14
ord9
ord29

api-ms-win-core-com-l1-1-0

CoCreateGuid

oleaut32

LHashValOfNameSys

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

iphlpapi

GetIfEntry2
GetAdaptersAddresses
ConvertInterfaceLuidToIndex

winhttp

WinHttpGetDefaultProxyConfiguration

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW

xmllite

CreateXmlReader
CreateXmlWriter

ntdll

EtwTraceMessage

nsi

NsiSetAllParametersEx
NsiGetAllParametersEx
NsiEnumerateObjectsAllParametersEx

api-ms-win-devices-swdevice-l1-1-0

SwDeviceCreate
SwDeviceClose

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Locate_DevNodeW

dnsapi

DnsValidateName_W

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start_vss.cmd
startnet.exe
.exe .vbs windows x64
stclient.dll
.dll regsvr32 windows x64

7ffb0c9f77d1d50514b48616150a5ba4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
_initterm
_wcsicmp
memcpy
__CxxFrameHandler3
_purecall
_XcptFilter
wcscpy_s
realloc
wcscat_s
malloc
free
__C_specific_handler
?terminate@@YAXXZ
memcmp
memset

api-ms-win-core-com-l1-1-0

CoCreateInstanceEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoTaskMemRealloc

oleaut32

VarUI4FromStr
VariantClear
VariantInit
LoadTypeLi
SysAllocString
SysStringLen
SysStringByteLen
SysFreeString
RegisterTypeLi

rpcrt4

NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Connect
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
LoadResource
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetProcAddress

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteTreeW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

GetComputerNameW
lstrcpyW
lstrcpynW
lstrcmpiW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stdole2.tlb
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
stdole32.tlb
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sti.dll
.dll regsvr32 windows x64

e306996a5f8572d03ad9140b3737c960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

strstr
_vsnprintf
_splitpath_s
_vscwprintf
memcmp
memcpy
memset
pow
__CxxFrameHandler3
sin
__C_specific_handler
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memcpy_s
_vsnwprintf
_wcsicmp
_wmakepath_s
_wsplitpath_s
_onexit
cos
floor
sqrt

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW

kernel32

VirtualProtect
RaiseException
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetCurrentProcess
DeleteCriticalSection
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
OutputDebugStringW
InitOnceComplete
GetSystemInfo
OpenSemaphoreW
CloseHandle
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetTempPathW
CreateFileW
DeleteFileW
GetTempFileNameW
GetFileType
LocalAlloc
LocalFree
FreeLibraryAndExitThread
CreateEventW
SetEvent
CreateThread
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
MulDiv
GetLocalTime
GetSystemDirectoryA
GetModuleHandleA
lstrcmpA
CreateMutexW
InitializeCriticalSection
LoadLibraryExA
CreateDirectoryW
SetCommMask
ClearCommError
EscapeCommFunction
PurgeComm
ExpandEnvironmentStringsW
WriteFile
ReadFile
lstrlenA
VirtualQuery
WaitForSingleObjectEx
GetExitCodeProcess
CreateProcessW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiW
GetExitCodeThread
FormatMessageA

user32

GetDesktopWindow
GetMonitorInfoW
MonitorFromRect
SetWindowPos
GetWindowRect
GetWindowLongW
MessageBoxW
EndDialog
GetSystemMetrics
SetWindowTextW
DestroyIcon
SendDlgItemMessageW
LoadIconW
GetDlgItem
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
IsWindow
DialogBoxParamW
ord2521
SendMessageW
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SetWindowLongPtrW
RemovePropW
MsgWaitForMultipleObjects
LoadStringW
ShowWindow
DispatchMessageW
IsDialogMessageW
PeekMessageW
SetDlgItemTextW
SetPropW
TranslateMessage
PostThreadMessageW
PostQuitMessage
LoadCursorW
SetCursor
IsImmersiveProcess
GetDC
CharUpperA

rpcrt4

NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrDllUnregisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
Ndr64AsyncClientCall
NdrClientCall3
CStdStubBuffer_Invoke
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcAsyncInitializeHandle
RpcAsyncGetCallStatus
RpcAsyncCompleteCall
NdrDllRegisterProxy
RpcAsyncCancelCall

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject
GetObjectW
GetStockObject

Exports

Exports

??0BUFFER@@QEAA@I@Z
??0BUFFER_CHAIN@@QEAA@XZ
??0BUFFER_CHAIN_ITEM@@QEAA@I@Z
??1BUFFER@@QEAA@XZ
??1BUFFER_CHAIN@@QEAA@XZ
??1BUFFER_CHAIN_ITEM@@QEAA@XZ
??_FBUFFER@@QEAAXXZ
??_FBUFFER_CHAIN_ITEM@@QEAAXXZ
?QueryPtr@BUFFER@@QEBAPEAXXZ
?QuerySize@BUFFER@@QEBAIXZ
?QueryUsed@BUFFER_CHAIN_ITEM@@QEBAKXZ
?SetUsed@BUFFER_CHAIN_ITEM@@QEAAXK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
MigrateRegisteredSTIAppsForWIAEvents
SelectDeviceDialog2
StiCreateInstance
StiCreateInstanceW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stobject.dll
.dll windows x64

71a0efd3c8ee083e270c8dd4aa3f1020

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memmove
memcpy
memcmp
_vsnwprintf
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_get_errno
_set_errno
_wcsicmp
memmove_s
_wtoi
memcpy_s
wcscmp

shell32

SHBindToObject
SHGetPathFromIDListW
SHGetKnownFolderPath
ord850
SHCreateItemFromIDList
ord102
SHChangeNotifyRegisterThread
Shell_NotifyIconW
ord727
SHBindToFolderIDListParent
SHCreateItemWithParent
ord25
ord19
ord16
SHCreateShellItemArrayFromShellItem
DuplicateIcon
Shell_NotifyIconGetRect
ord645
ord829
ord100
Shell_GetCachedImageIndexW
ord828
ord644
ShellExecuteExW
SHEnableServiceObject
SHCreateItemFromParsingName
SHGetIDListFromObject
ord89
ord2
ord4
ord155

shlwapi

ord615
SHSetThreadRef
ord197
ord260
ord635
ord618
PathFindNextComponentW
StrStrIW
ord219
PathParseIconLocationW
PathFileExistsW
SHCreateStreamOnFileEx
ord16
PathIsURLW
PathSkipRootW
ord437
SHGetThreadRef
PathIsUNCW
ord176
ord278
ord199
StrRetToStrW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
FreeResource
LoadStringW
SizeofResource
GetModuleFileNameW
LockResource
GetModuleFileNameA
LoadResource
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
EnterCriticalSection
AcquireSRWLockExclusive
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventW
DeleteCriticalSection
SetEvent
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSStringEx
GetFileMUIPath
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoGetApartmentType
CoReleaseMarshalData
CoWaitForMultipleHandles
CoInitializeEx
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
PropVariantClear
CoTaskMemFree
StringFromCLSID
CoUninitialize

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-power-setting-l1-1-0

PowerReadACValue
PowerSetActiveScheme
PowerReadDCValue
PowerGetActiveScheme

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegLoadMUIStringW
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wmiclnt

WmiReceiveNotificationsW
WmiCloseBlock
WmiOpenBlock

devobj

DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjCreateDeviceInfoList

api-ms-win-devices-query-l1-1-0

DevGetObjects
DevFindProperty
DevCloseObjectQuery
DevCreateObjectQuery
DevFreeObjects
DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-atoms-l1-1-0

AddAtomW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
GetIdentityProviderInfoByGUID
EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
MulDiv
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-shcore-thread-l1-1-0

GetProcessReference
SetProcessReference

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

ntdll

NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCheckPortableOperatingSystem
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
WinSqmIncrementDWORD
EtwEventActivityIdControl
NtOpenThreadToken
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
EtwEventWriteTransfer
RtlInitUnicodeStringEx
RtlUnicodeStringToInteger
NtPowerInformation
EtwTraceMessage
WinSqmEventEnabled
WinSqmAddToStream
RtlSubscribeWnfStateChangeNotification
NtQuerySystemInformation

cfgmgr32

CM_Is_Dock_Station_Present_Ex

kernel32

GetPackagesByPackageFamily

powrprof

PowerSettingAccessCheck
PowerReadDCDefaultIndex
PowerDeterminePlatformRole
PowerReadFriendlyName
PowerReadDescription

propsys

PropVariantToUInt32
PSPropertyBag_ReadGUID
PSPropertyBag_WriteGUID
VariantToBuffer
PSCreateMemoryPropertyStore

gdi32

GetObjectW
CreateCompatibleDC
CreateBitmap
DeleteDC
SetPixel
GetPixel
SelectObject
BitBlt
GetDeviceCaps
CreateDIBSection
DeleteObject

user32

GetSystemMetricsForDpi
GetWindowLongPtrW
DispatchMessageW
SetCursor
PeekMessageW
MsgWaitForMultipleObjectsEx
CalculatePopupWindowPosition
InflateRect
GetWindowRect
AdjustWindowRectEx
SetWindowLongPtrW
ReleaseDC
GetDesktopWindow
GetDC
SetWindowTextW
CreateWindowInBand
RegisterClassExW
LoadCursorW
DestroyWindow
NotifyWinEvent
SendNotifyMessageW
GetWindowBand
ShowWindow
TrackPopupMenu
SetMenuDefaultItem
PostQuitMessage
IsSETEnabled
GetMenuItemInfoW
DefWindowProcW
PostMessageW
IsWindowVisible
SetWindowPos
GetMenuItemCount
DeleteMenu
SendMessageW
GetSystemMetrics
CreatePopupMenu
RegisterDeviceNotificationW
SetTimer
ord2707
UnregisterPowerSettingNotification
GetDoubleClickTime
DestroyMenu
FindWindowW
InsertMenuW
TrackPopupMenuEx
AppendMenuW
KillTimer
RegisterPowerSettingNotification
UnregisterDeviceNotification
SetForegroundWindow
RegisterShellHookWindow
DeregisterShellHookWindow
GetIconInfo
DestroyIcon
CreateIconIndirect
SystemParametersInfoW
RegisterWindowMessageW
LoadImageW
PostThreadMessageW
GetMessageW
LoadIconW
IsDialogMessageW
SendMessageCallbackW
InsertMenuItemW
TranslateMessage
CreateWindowExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
storagecontexthandler.dll
.dll regsvr32 windows x64

17a953cdf8a49a1037f648cee909858b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
_errno
_initterm
_lock
??1type_info@@UEAA@XZ
_XcptFilter
calloc
realloc
memmove_s
_unlock
_onexit
__dllonexit
__CxxFrameHandler3
_CxxThrowException
_purecall
_wcsupr
_callnewh
malloc
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetProcAddress
LockResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
InitializeCriticalSection
OpenSemaphoreW
LeaveCriticalSection
CreateMutexExW
ResetEvent
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarUI4FromStr
SysAllocString
VariantClear
VariantInit

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoTaskMemFree
CoCreateInstance
PropVariantClear
CoTaskMemRealloc
CLSIDFromString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_IDW
CM_Locate_DevNodeW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-file-l1-1-0

CreateFileW
GetDriveTypeW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
QISearch
StrCmpICW
StrRChrIW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite
IUnknown_Set
IUnknown_QueryService

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

cfgmgr32

CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Parent_Ex

api-ms-win-appmodel-runtime-l1-1-0

GetApplicationUserModelId

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348
IUnknown_GetWindow

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-dx-d3dkmt-l1-1-4

D3DKMTGetProcessDeviceRemovalSupport
D3DKMTGetProcessList

ntdll

NtQueryInformationProcess

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName
SHGetIDListFromObject

api-ms-win-devices-query-l1-1-0

DevFreeObjects
DevGetObjects

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTQueryAdapterInfo
D3DKMTOpenAdapterFromDeviceName

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetDriveNumberW

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDevicePropertyW

shell32

ord100
SHCreateItemInKnownFolder
ShellExecuteExW

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
storagewmi.dll
.dll regsvr32 windows x64

53e4e1a91d81e45140b69dfc3cd6a068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??0exception@@QEAA@AEBQEBD@Z
memchr
abort
??0exception@@QEAA@XZ
memset
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
localeconv
sprintf_s
__mb_cur_max
strcspn
towupper
_itow_s
setlocale
__pctype_func
__uncaught_exception
__crtLCMapStringW
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
memmove_s
_unlock
_errno
__crtGetStringTypeW
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
memcpy_s
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcsstr
_wtoi
swscanf_s
_vsnwprintf
wcstoul
toupper
iswalpha
_wcsnicmp
wcsrchr
wcsncmp
_wcsicmp
_purecall
__CxxFrameHandler3
malloc
__dllonexit
free
swprintf_s
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
LoadStringW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObject
AcquireSRWLockExclusive
SetEvent
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSection
CreateEventW
WaitForMultipleObjectsEx
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsFree
TlsSetValue
TlsAlloc
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenThreadToken
GetCurrentProcess
TlsGetValue

oleaut32

VariantClear
SysFreeString
SysAllocString

api-ms-win-core-file-l1-1-0

CreateFileW
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileInformationByHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchAddBackslash
PathCchSkipRoot
PathCchStripPrefix

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep

devobj

DevObjOpenDevRegKey
DevObjOpenDeviceInfo
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjEnumDeviceInfo

mi

MI_Application_InitializeV1
mi_clientFT_V1

virtdisk

GetVirtualDiskPhysicalPath
OpenVirtualDisk
GetVirtualDiskInformation
AttachVirtualDisk
GetStorageDependencyInformation
DetachVirtualDisk

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

cfgmgr32

CM_Reenumerate_DevNode_Ex

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 877KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
storagewmi_passthru.dll
.dll windows x64

6f7709427b39522d320db43d823215b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcschr
malloc
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
__CxxFrameHandler3
_callnewh
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

oleaut32

SysAllocString
SysFreeString
VariantCopy
VariantClear

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

CreatePassThrough

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
streamci.dll
.dll windows x64

7b0d944fc5abece123a1f9bb8c5643ed

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:01:17:c1:0b:58:be:ca:e0:8e:ce:3a:3c:60:b8:a4:09:5c:28:95:01:36:3a:f5:a9:dc:fc:2b:d3:82:21:69
Signer

Actual PE Digest

6a:01:17:c1:0b:58:be:ca:e0:8e:ce:3a:3c:60:b8:a4:09:5c:28:95:01:36:3a:f5:a9:dc:fc:2b:d3:82:21:69

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcschr
wcsstr
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
wcstok
memset

advapi32

AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
SetThreadToken
DuplicateTokenEx
OpenThreadToken
LookupPrivilegeValueW

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
GetOverlappedResult
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetProcessHeap
HeapFree
GetCurrentProcess
DeviceIoControl
CreateFileW
CreateEventW
GetLastError
GetCurrentThread
CloseHandle
HeapAlloc

setupapi

SetupDiDestroyDeviceInfoList
SetupDiRemoveDeviceInterface
SetupCloseInfFile
SetupDiGetClassInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiInstallDevice
SetupDiGetClassDevsW
SetupDiCreateDeviceInterfaceRegKeyW
SetupOpenInfFileW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInterfaces

user32

CharLowerW

api-ms-win-core-com-l1-1-0

IIDFromString
StringFromGUID2

Exports

Exports

StreamingDeviceClassInstaller
StreamingDeviceRemove
StreamingDeviceRemoveA
StreamingDeviceRemoveW
StreamingDeviceSetup
StreamingDeviceSetupA
StreamingDeviceSetupW
SwEnumCoInstaller

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
subst.exe
.exe windows x64

657724bef967c549a066ecf72a628438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryDosDeviceW
GetLastError
DefineDosDeviceW
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetTickCount

msvcrt

_commode
?terminate@@YAXXZ
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
_XcptFilter
__C_specific_handler

ulib

?IsValueSet@ARGUMENT@@QEAAEXZ
?GetPattern@ARGUMENT@@QEAAPEAVWSTRING@@XZ
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@K@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??1PATH@@UEAA@XZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
?Strstr@WSTRING@@QEBAKPEBV1@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0FSTRING@@QEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
Get_Standard_Error_Stream
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlVirtualUnwind

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sud.dll
.dll regsvr32 windows x64

bc3f41c44860ef6194d2f0680eaa8d1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_get_errno
_amsg_exit
_onexit
malloc
__dllonexit
_unlock
__C_specific_handler
_set_errno
calloc
__CxxFrameHandler3
_vsnprintf_s
_XcptFilter
_lock
_vsnwprintf
_initterm
_wcsupr
memcpy_s
memmove_s
memcmp
memcpy
_wcslwr
memset

shell32

ord102
ShellExecuteExW
ord71
ord848
ord866
ord704
ord4
SHGetFileInfoW
SHCreateItemInKnownFolder
ord727
ord764
SHParseDisplayName
ord18
ord25
SHBindToObject
SHGetStockIconInfo
ord155
Shell_GetCachedImageIndexW
ord2
ShellExecuteW
ord859

shlwapi

AssocCreate
ord538
ord176
ord199
ord388
ord172
SHStrDupW
ord629
StrCmpIW
ord16
ord278
PathParseIconLocationW
ord487
ord256
ord615
ord437
PathFindFileNameW
SHRegGetValueW
SHRegGetUSValueW
ord165
ord197
ord156
ord158
ord618
ord24
ord514
ord174
ord204
ord219

uxtheme

ord121
SetWindowTheme
ord120

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
LoadLibraryExW
FindResourceExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
EnterCriticalSection
CreateMutexExW
WaitForMultipleObjectsEx
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetApartmentType
CoWaitForMultipleHandles
CoTaskMemAlloc
PropVariantClear
CoGetMalloc
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWrite
EventUnregister
EventWriteTransfer
EventEnabled
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

VariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

advapi32

RegEnumKeyW

advpack

RegInstallW

kernel32

ActivateActCtx
ReleaseActCtx
CreateActCtxW
lstrlenW
DeactivateActCtx

ntdll

EtwLogTraceEvent
WinSqmAddToStream

ole32

CoAllowSetForegroundWindow

propsys

PSPropertyBag_WriteUnknown
PSPropertyBag_ReadStr

dui70

?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetAtom@Value@DirectUI@@QEAAGXZ
?Register@Element@DirectUI@@SAJXZ
?GetString@Value@DirectUI@@QEAAPEBGXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?SetConstrainLayout@RichText@DirectUI@@QEAAJH@Z
UnInitThread
StartMessagePump
UnInitProcessPriv
InitThread
InitProcessPriv
?Create@RichText@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHBITMAP__@@EI_N11@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetMultiline@Edit@DirectUI@@QEAA_NXZ
?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ
?SetMultiline@Edit@DirectUI@@QEAAJ_N@Z
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?Register@Edit@DirectUI@@SAJXZ
?CreateAccNameLabel@HWNDHost@DirectUI@@IEAAPEAUHWND__@@PEAU3@@Z
??1Edit@DirectUI@@UEAA@XZ
??0Edit@DirectUI@@QEAA@XZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
??1CCListView@DirectUI@@UEAA@XZ
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@CCListView@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Register@CCListView@DirectUI@@SAJXZ
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
??0CCListView@DirectUI@@QEAA@XZ
?GetClassInfoPtr@CCListView@DirectUI@@SAPEAUIClassInfo@2@XZ
?Release@Value@DirectUI@@QEAAXXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetID@Element@DirectUI@@QEAAGXZ
?GetSelected@Element@DirectUI@@QEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z

gdi32

DeleteObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetObjectW
StretchDIBits
SelectObject
GdiAlphaBlend

user32

GetFocus
GetWindowThreadProcessId
IsWindowVisible
MonitorFromWindow
SendMessageW
GetSystemMetrics
DestroyWindow
DestroyIcon
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
CreateWindowExW
PostMessageW
SetWindowLongW
CopyImage
CopyRect
ReleaseDC
GetDC
PostQuitMessage
SetCursor
LoadCursorW
TranslateMessage
EnumWindows
GetWindowBand
MsgWaitForMultipleObjectsEx
PeekMessageW
GetMonitorInfoW
DispatchMessageW

combase

ord65

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows x64

247b9220e5d9b720a82b2c8b5069ad69

Code Sign

33:00:00:01:a9:0f:2d:80:c9:a9:29:38:7c:00:00:00:00:01:a9
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/06/2018, 18:57

Not After

29/05/2019, 18:57

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:2a:20:da:16:f8:3b:84:67:dc:ed:74:ab:02:8b:58:d5:92:7d:15:d9:d7:4c:5c:7b:0d:5c:9d:ac:04:2c:b2
Signer

Actual PE Digest

a4:2a:20:da:16:f8:3b:84:67:dc:ed:74:ab:02:8b:58:d5:92:7d:15:d9:d7:4c:5c:7b:0d:5c:9d:ac:04:2c:b2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs
exit

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
TerminateProcess
SetProcessAffinityUpdateMode
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memcpy
memset
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDisablePredefinedCacheEx
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIf
I_RpcMapWin32Status
RpcMgmtSetServerStackSize
I_RpcServerDisableExceptionFilter
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
RpcServerRegisterIf

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessAllowedAce
GetTokenInformation
GetLengthSid
InitializeAcl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
TpAllocTimer
_vsnwprintf
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
TpSetTimerEx
TpSetTimer
RtlImageNtHeader
RtlValidSecurityDescriptor
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlFreeHeap
EtwEventWrite
TpReleaseTimer
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
TpWaitForTimer
RtlAllocateHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svsvc.dll
.dll windows x64

4017383f3c7ccc134002d37a3e731cf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
realloc
memset

advapi32

LookupPrivilegeValueW
RegisterServiceCtrlHandlerExW
AdjustTokenPrivileges
RegCloseKey
SetServiceStatus
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
GetCurrentProcess
DeviceIoControl
FreeLibrary
CreateFileW
CreateEventW
GetLastError
SetEvent
CloseHandle
LoadLibraryW
GetProcAddress
TerminateProcess

ntdll

DbgPrint

Exports

Exports

ServiceCtrlHandler
ServiceMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swprv.dll
.dll regsvr32 windows x64

cc3beb5fc58e73e98c323ed573d6227e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcschr
towupper
memcpy_s
_wcsicmp
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
_vsnprintf
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
memcmp
_unlock
memcpy
_vsnwprintf
_wcsnicmp
wcsncmp
__dllonexit
_onexit
memmove
iswdigit
wcscpy_s
wcscat_s
malloc
_purecall
realloc
free
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
_errno
_beginthreadex
memmove_s
??0exception@@QEAA@XZ
_wtoi64
__C_specific_handler
_amsg_exit
memset

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentThread
ResumeThread
SetThreadToken
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateEventW
CreateWaitableTimerExW
SetWaitableTimer
DeleteCriticalSection
ResetEvent
WaitForSingleObject
EnterCriticalSection
CancelWaitableTimer
InitializeCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetDriveTypeW
CreateFileW
FindVolumeClose
GetDiskFreeSpaceExW
ReadFile
GetVolumeInformationW
FindNextVolumeW
FindFirstVolumeW
GetVolumePathNameW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
SizeofResource

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery
VirtualFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetVersionExW
GetWindowsDirectoryW
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapDestroy
HeapFree

ntdll

RtlCompareMemory
NtQueryVolumeInformationFile
RtlInitializeBitMap
NtQuerySystemInformation
RtlNtStatusToDosError
RtlTimeToElapsedTimeFields
WinSqmAddToStream
RtlNtStatusToDosErrorNoTeb

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

devobj

DevObjGetDeviceRegistryProperty
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjGetDeviceInterfaceDetail

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vsstrace

ord9
ord3
ord4
ord11
ord2
ord10
ord8
ord1
ord6
ord7
ord5

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
CopySid
SetSecurityDescriptorOwner
DuplicateTokenEx
GetLengthSid
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorDacl
GetAclInformation
GetTokenInformation
CheckTokenMembership
IsValidSid
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
AddAce
GetAce
CreateWellKnownSid

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

virtdisk

GetStorageDependencyInformation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sxproxy.dll
.dll regsvr32 windows x64

e9f8499c634fe6d1d124a31b47a8ecf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

malloc
_initterm
__C_specific_handler
_amsg_exit
free
_XcptFilter
memcmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdAsyncStubBuffer_Release
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
ObjectStublessClient7
ObjectStublessClient13
CStdAsyncStubBuffer_Connect
ObjectStublessClient5
ObjectStublessClient24
CStdAsyncStubBuffer_AddRef
CStdAsyncStubBuffer_Invoke
ObjectStublessClient19
ObjectStublessClient4
ObjectStublessClient6
ObjectStublessClient25
CStdAsyncStubBuffer_QueryInterface
ObjectStublessClient8
ObjectStublessClient9
CStdAsyncStubBuffer_Disconnect
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient22

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sxs.dll
.dll windows x64

6de0f7a8bbc62d2cc10e30b6f33f0899

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:7c:ab:5d:eb:ef:fc:d2:63:03:68:77:f9:c7:ec:a1:54:75:c2:1e:4d:92:d7:42:54:fb:64:5a:1c:9d:65:37
Signer

Actual PE Digest

08:7c:ab:5d:eb:ef:fc:d2:63:03:68:77:f9:c7:ec:a1:54:75:c2:1e:4d:92:d7:42:54:fb:64:5a:1c:9d:65:37

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

DbgPrintEx
RtlRaiseStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlDowncaseUnicodeChar
EtwEventRegister
EtwEventUnregister
EtwEventWrite
__C_specific_handler
RtlCopyMappedMemory
LdrResSearchResource
RtlGetVersion
_wcsicmp
RtlUnhandledExceptionFilter
_vsnprintf_s
_snprintf_s
RtlGetFrame
wcsrchr
RtlHashUnicodeString
RtlNtStatusToDosError
_vsnwprintf_s
RtlDetermineDosPathNameType_U
wcsstr
RtlIsCloudFilesPlaceholder
wcsspn
wcscspn
RtlGetNtSystemRoot
RtlNtStatusToDosErrorNoTeb
RtlFindCharInUnicodeString
vsprintf_s
vDbgPrintEx
wcscat_s
swprintf_s
NtQueryDebugFilterState
sprintf_s
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
qsort
bsearch
_lfind
RtlPopFrame
_i64tow
RtlVirtualUnwind
wcschr
RtlFreeUnicodeString
RtlLcidToLocaleName
wcscpy_s
RtlPushFrame
memmove
__chkstk
memcmp
memcpy
memset

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
GetFileInformationByHandle
WriteFile
GetFileAttributesExW
GetFullPathNameW
CreateFileW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
SetFilePointerEx
ReadFile
FlushFileBuffers
FindFirstFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegQueryInfoKeyW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
GetSystemWow64DirectoryW
WerUnregisterFile
WerRegisterFile
LocalFree
SystemTimeToTzSpecificLocalTime
DeviceIoControl
FindActCtxSectionGuid
QueryActCtxW
FindActCtxSectionStringW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection

Exports

Exports

CreateAssemblyCache
CreateAssemblyNameObject
SxsBeginAssemblyInstall
SxsEndAssemblyInstall
SxsFindClrClassInformation
SxsFindClrSurrogateInformation
SxsGenerateActivationContext
SxsInstallW
SxsLookupClrGuid
SxsOleAut32MapConfiguredClsidToReferenceClsid
SxsOleAut32MapIIDOrCLSIDToTypeLibrary
SxsOleAut32MapIIDToProxyStubCLSID
SxsOleAut32MapIIDToTLBPath
SxsOleAut32MapReferenceClsidToConfiguredClsid
SxsOleAut32RedirectTypeLibrary
SxsProbeAssemblyInstallation
SxsQueryManifestInformation
SxsRunDllInstallAssembly
SxsRunDllInstallAssemblyW
SxsUninstallW
SxspGenerateManifestPathOnAssemblyIdentity

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sxshared.dll
.dll regsvr32 windows x64

c44d718caaa51e42552782a8021674bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_onexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
__dllonexit

ntdll

RtlGetLastNtStatus
RtlNtStatusToDosError
EtwTraceMessage
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExA

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
GetCurrentProcessId
TlsSetValue
TlsAlloc
TerminateProcess
GetCurrentThreadId
TlsFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLastFailureAsHRESULT
HRESULTFromNTSTATUS
SxTracerDebuggerBreak
SxTracerGetThreadContextDebug
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
Win32FromHRESULT
Win32FromNTSTATUS

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f513b29ef2594a76a9bea27179c7725

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

03:02:b6:4d:20:24:cb:b7:93:ca:2f:26:f8:c2:7b:9d:d3:fa:c4:6c:00:f7:9d:89:f4:ac:38:10:42:3c:a3:03Signer

Signature Validations

Verification

09/09/2022, 12:45 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 336B

4c3fa874e14bce243ec9e5ba9e661936

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3e:fe:89:b1:77:5a:d9:d8:a4:be:76:6d:9a:68:cb:3f:7c:1f:bf:ea:30:ae:1d:57:ff:1e:13:4f:55:8d:f6:e1Signer

Signature Validations

Verification

09/09/2022, 12:45 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 517KB - Virtual size: 517KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 8KB - Virtual size: 10KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

e297337c6894d234f495980eafac0074

Headers

DLL Characteristics

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

03:02:b6:4d:20:24:cb:b7:93:ca:2f:26:f8:c2:7b:9d:d3:fa:c4:6c:00:f7:9d:89:f4:ac:38:10:42:3c:a3:03
Signer

09/09/2022, 12:45
Valid: false

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 336B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3e:fe:89:b1:77:5a:d9:d8:a4:be:76:6d:9a:68:cb:3f:7c:1f:bf:ea:30:ae:1d:57:ff:1e:13:4f:55:8d:f6:e1
Signer

09/09/2022, 12:45
Valid: false

.text
Size: 517KB - Virtual size: 517KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 8KB - Virtual size: 10KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate