e5d04853d987aaf6e91c6b9cf448d26ba87320896075929e2fb3c6fa84f07c45

Sharing

Copy URL

Twitter E-mail

General

Target

e5d04853d987aaf6e91c6b9cf448d26ba87320896075929e2fb3c6fa84f07c45
Size

4.2MB
MD5

1c405e27de7783fbb4c7e7e35351cfeb
SHA1

34001c7fcbcf179c6254728606bc3efab2dad55b
SHA256

e5d04853d987aaf6e91c6b9cf448d26ba87320896075929e2fb3c6fa84f07c45
SHA512

a5da27100fd037b31104a9b6f403ae368258345deea6e0209d07d6ed1df7c4c6ca9705f362a7c202f09df610bb533f6efe7e23db70f0d28926ef3464003646ca
SSDEEP

98304:uZh9EZqQh+PLxXIU1XlBfUWthJxlK3hzAyQOsAFHbGHYf0SjAm:uvKbh+PZIU1DfFflK3O6btkm

Score

N/A

Malware Config

Signatures

Files

e5d04853d987aaf6e91c6b9cf448d26ba87320896075929e2fb3c6fa84f07c45
.rar
SMBHelperClass.dll
.dll regsvr32 windows x64

21aa46d83dab21d64610212aa041e81b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

towlower
wcscat_s
wcscpy_s
vswprintf_s
_wcsnicmp
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
_itow_s
??1exception@@UEAA@XZ
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_errno
realloc
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
toupper
_lock
_unlock
__dllonexit
_onexit
memmove
memcpy
_vscwprintf
_vsnwprintf
wcsncmp
memset

ntdll

RtlVirtualUnwind
RtlInitUnicodeString
NtOpenFile
NtFsControlFile
NtClose
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
ReleaseSRWLockExclusive
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
GetModuleFileNameA
ReleaseMutex
CreateMutexW
GetCurrentProcessId
HeapReAlloc
AcquireSRWLockExclusive
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
CloseHandle
GetCurrentThread
CreateThread
WaitForSingleObjectEx
WaitForSingleObject
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize

user32

CharNextW
UnregisterClassA
LoadStringW

advapi32

GetTokenInformation
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
LookupAccountSidW
RegCloseKey
EventWriteTransfer
OpenThreadToken
EventActivityIdControl
ImpersonateLoggedOnUser
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

oleaut32

SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
LoadTypeLi
SysFreeString

mpr

WNetCancelConnection2W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetUserW

wevtapi

EvtNext
EvtClose
EvtRender
EvtQuery
EvtCreateRenderContext

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
StringFromGUID2

srvcli

NetShareEnum

netutils

NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRH.dll
.dll windows x64

2e7e2df887f50f8336dc205fc6e1345b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Random_device@std@@YAIXZ
?_Xruntime_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_init
_Mtx_init
_Cnd_do_broadcast_at_thread_exit
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
_Thrd_start
_Cnd_wait
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscspn
wcsspn
memset
wcspbrk
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_atan2
_o_calloc
_o_ceil
_o_floor
_o_fmod
_o_free
_o_iswalpha
_o_iswspace
_o_iswupper
_o_log
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wmemcpy_s
__std_type_info_compare
wcschr
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
wcsstr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryInformationToken
RtlCompareUnicodeString
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetString
WinSqmSetDWORD
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlCaptureContext
RtlInitUnicodeString

oleaut32

SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
SafeArrayGetLBound
VariantCopyInd
SysAllocString
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayLock
SafeArrayCopy
SafeArrayCreate
VarCmp
SafeArrayRedim
VarBstrCmp
SysStringByteLen
SafeArrayAccessData
SafeArrayUnlock
VarBstrCat
SafeArrayUnaccessData
VariantCopy
VariantClear
SysAllocStringByteLen
SysFreeString

bcp47langs

Bcp47GetLanguageName
Bcp47FromLcid
Bcp47GetNlsForm

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadResource
FreeLibrary
GetModuleFileNameW
GetProcAddress
FindResourceExW
LoadLibraryExW
LoadStringW
GetModuleHandleExW
LockResource
SizeofResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventExW
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
SetEvent
CancelWaitableTimer
ResetEvent
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenMutexW

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcess
CreateThread
GetThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetProcessShutdownParameters

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
GetUserPreferredUILanguages
FormatMessageW
GetThreadLocale
GetSystemDefaultLCID
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoWaitForMultipleHandles
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoAllowUnmarshalerCLSID
CoIncrementMTAUsage
CLSIDFromString
CoUninitialize

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeExW
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-console-l2-1-0

ReadConsoleOutputW
GetConsoleScreenBufferInfo

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

rpcrt4

UuidCreate

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

GetTokenInformation
FreeSid
DestroyPrivateObjectSecurity
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeConditionVariable

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathFileExistsW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
GetCurrentActCtx
ActivateActCtx
ReleaseActCtx
DeactivateActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect
CopyRect
InflateRect
EqualRect
UnionRect
IsRectEmpty

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification

api-ms-win-crt-math-l1-1-0

cosf
floorf
_finite
atan2f
_isnan
acosf
log10f
sqrtf
sinf

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateAndEnqueueNarratorCommandEvent
DllCanUnloadNow
DllGetClassObject
DllMain
ExecuteNarratorFind
GetControlAndState
GetInputLearningHelper
IgnoreLeaksInCurrentlyTrackedMemory
Initialize
IsIgnoringLeaks
PostTestCheckForLeaks
RunNarrator
SetBrailleBlinkingCursor
SetBrailleCursorRepresentation
SetBrailleDeviceChangeFromReg
SetBrailleIsEnabledFromReg
SetBrailleTablesFromReg
SetDictationRunning
SetFastKeyEntryEnabled
SetFollowInsertion
SetReadHints
SetVoicePropertiesFromReg
StartIgnoringLeaks
StopIgnoringLeaks
UpdateErrorLoggingCallback
UpdateNarratorSettingsFromReg

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shutdown.ico
SmiEngine.dll
.dll regsvr32 windows x64

c97b3bc309ed3c8609f93ff52fecddb6

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3
Signer

Actual PE Digest

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
iswalpha
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_lock
iswdigit
memset
memmove
_vsnwprintf
memcpy
memcmp
__RTDynamicCast
_CxxThrowException
__C_specific_handler
_itow
_initterm
_amsg_exit
wcschr
_XcptFilter
memcpy_s
_wcsicmp
iswspace
wcsncmp
wcsstr
wcsrchr
_snprintf_s
strncmp
_purecall
towlower
malloc
towupper
_ui64tow
free
_wgetenv
wcstoul
_ultow
strcpy_s
_i64tow
_ltow
_wcsnicmp
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtQueryValueKey
NtQuerySecurityObject
NtCreateKey
NtDeleteValueKey
NtSetSecurityObject
NtEnumerateValueKey
RtlStringFromGUID
RtlNtStatusToDosError
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtYieldExecution
RtlTimeToTimeFields
NtWriteFile
LdrGetDllHandle
RtlQueryEnvironmentVariable_U
NtCreateFile
DbgPrint
RtlVirtualUnwind
NtEnumerateKey
NtDeleteKey
NtQueryKey
NtUnloadKey
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
NtLoadKey2
NtSetValueKey
NtOpenKey
NtClose
RtlRaiseStatus
RtlFreeHeap
RtlCopyUnicodeString
RtlUpcaseUnicodeChar
RtlInitString
RtlAppendUnicodeStringToString
RtlInitializeCriticalSection
RtlReAllocateHeap
RtlAllocateHeap
RtlDeleteCriticalSection
RtlCreateUnicodeStringFromAsciiz

rpcrt4

UuidCreate

oleaut32

SysAllocStringLen
LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
SysFreeString
SafeArrayGetElement
SafeArrayGetDim
SafeArrayRedim
SysAllocStringByteLen
SafeArrayGetUBound
GetErrorInfo
SafeArrayPutElement
VariantClear
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantChangeType
SafeArrayDestroy
VariantInit
SafeArrayGetLBound

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleA
LoadStringW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegEnumValueW
RegCreateKeyExW
RegDeleteKeyExW
RegEnumKeyExW
RegSetValueExW
RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExA

api-ms-win-core-file-l1-1-0

DeleteFileW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
GetTokenInformation
GetSecurityDescriptorControl
GetLengthSid
GetSecurityDescriptorGroup
CopySid
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

Exports

Exports

ConstructHiveLocation
ConstructRegLocation
CreateLalInstance
CreateSettingsEnginePriv
CreateWcmEngineCore
DeleteCompilerObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCompilerObject
GetItemFromCoreObject
SetLalCreator

Sections

.text
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SndVol.exe
.exe windows x64

c9f852c96b7c3a52c280eb97d52da386

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:4c:30:46:9d:91:33:f1:ff:35:d7:53:ee:b1:d3:1a:e1:df:dc:74:2c:50:8c:1a:39:34:0e:22:81:80:9d:0d
Signer

Actual PE Digest

c0:4c:30:46:9d:91:33:f1:ff:35:d7:53:ee:b1:d3:1a:e1:df:dc:74:2c:50:8c:1a:39:34:0e:22:81:80:9d:0d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

CreateFontIndirectW
CreateDIBSection
GetDeviceCaps
Rectangle
DeleteDC
GetObjectW
EndPath
BitBlt
Polygon
GetStockObject
DeleteObject
PathToRegion
SetBkMode
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
CreateSolidBrush
CreateCompatibleDC
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree

user32

TrackPopupMenuEx
GetMenuItemInfoW
DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
GetWindowTextW
GetScrollPos
SetScrollInfo
BeginDeferWindowPos
SetDlgItemTextW
EndDeferWindowPos
IsImmersiveProcess
GetIconInfoExW
SendDlgItemMessageW
InternalGetWindowText
GetWindow
IsWindowVisible
EnumWindows
GetClassLongPtrW
CheckMenuRadioItem
SetClassLongW
GetClassLongW
DrawEdge
SetWindowLongPtrW
InsertMenuItemW
CreatePopupMenu
GetSystemMetrics
InflateRect
GetWindowLongPtrW
SetWindowTextW
LoadStringW
SetFocus
GetWindowRect
SetWindowPos
MapWindowPoints
PrivateExtractIconsW
ValidateRect
FrameRect
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
ClientToScreen
EqualRect
GetClientRect
ShowWindow
GetDlgItem
IsWindow
GetWindowLongW
SetWindowLongW
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
UnregisterClassA
GhostWindowFromHungWindow
GetWindowBand
ord2575
GetMenuItemCount
ReleaseDC
DrawTextW
GetWindowTextLengthW
GetDC
DefWindowProcW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DialogBoxParamW
GetActiveWindow
SetProcessDefaultLayout
SetProcessDPIAware
CallWindowProcW
SendMessageW
FindWindowW
SetForegroundWindow
PostMessageW
BringWindowToTop
DeferWindowPos

msvcrt

__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_isnan
wcsstr
calloc
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
free
malloc
__C_specific_handler
iswspace
swprintf_s
wcstol
_wtoi
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcpy
__CxxFrameHandler3
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
memset

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

comctl32

ord381
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_CoCreateInstance
ImageList_Remove
ord17

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleObjects
PropVariantClear
CoAllowSetForegroundWindow

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shell32

SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdipCreateFromHDC
GdipDeleteBrush
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipCreateSolidFill
GdipFillRectangle
GdipDeleteGraphics
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdiplusStartup

ntdll

EtwEventRegister
EtwEventUnregister
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventActivityIdControl
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwEventWriteTransfer
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW

uxtheme

DrawThemeBackground
OpenThemeData
IsThemeActive
SetWindowTheme
DrawThemeText
DrawThemeParentBackgroundEx
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeTextExtent
CloseThemeData
BufferedPaintUnInit
BufferedPaintInit

dwmapi

DwmIsCompositionEnabled
DwmRegisterThumbnail
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize
DwmSetWindowAttribute

shlwapi

PathParseIconLocationW
PathFindFileNameW
ord487
StrTrimW
PathFindExtensionW
ord348

imm32

ImmDisableIME

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
FreeLibrary
SizeofResource
FreeResource
GetModuleHandleExW
LockResource
LoadResource
GetModuleFileNameA
FindResourceExW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
CreateEventExW
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapSetInformation
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
CreateProcessW
GetCurrentProcess
SetThreadPriority
GetCurrentThreadId
GetExitCodeProcess
CreateThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-processthreads-l1-1-1

OpenProcess
FlushInstructionCache

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SndVolSSO.dll
.dll windows x64

428c289f9c0333338984482d87c72f8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_aligned_free
_aligned_malloc
_CxxThrowException
_set_errno
_get_errno
__CxxFrameHandler3
memcpy
memcmp
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
swprintf_s
_scwprintf
memmove_s
_purecall
_wcsnicmp
_resetstkoflw
rand
srand
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
floorf
sinf

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleExW
LockResource
LoadLibraryExW
LoadStringW
GetModuleHandleW
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
FreeLibraryAndExitThread
GetProcAddress
SizeofResource

api-ms-win-core-synch-l1-1-0

OpenEventW
InitializeCriticalSectionEx
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
EnterCriticalSection
SetEvent
OpenSemaphoreW
InitializeSRWLock
CreateEventExW
InitializeCriticalSection
LeaveCriticalSection
CreateMutexW
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapSize
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
TerminateProcess
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoGetMalloc
StringFromCLSID
CoInitializeEx
CoUninitialize
CoGetApartmentType
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetVersionExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwEventWriteTransfer
NtQueryWnfStateData
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

mmdevapi

ord28
ord29

ole32

CoAllowSetForegroundWindow

user32

GetMenuInfo
SetPropW
SetMenuInfo
RemovePropW
GetCurrentInputMessageSource
SystemParametersInfoW
GetDpiForWindow
GetParent
DrawTextExW
GetWindowDpiAwarenessContext
GetDpiForSystem
GetWindowLongW
GetPropW
SetMessageExtraInfo
GetDC
MonitorFromWindow
AreDpiAwarenessContextsEqual
WindowFromPoint
FindWindowW
GetMessageExtraInfo
ReleaseDC
GetWindowBand
SetForegroundWindow
GetMenuItemInfoW
GetSystemMetricsForDpi
DrawIconEx
DrawTextW
SetWindowLongW
GetClassNameW
PostMessageW
PrivateExtractIconsW
LoadIconW
LoadImageW
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DestroyIcon
IsWindow
BringWindowToTop
SendMessageW
CallWindowProcW
SetWindowLongPtrW
DefWindowProcW
KillTimer
SetTimer
SetMenuItemInfoW
AppendMenuW
TrackPopupMenuEx
SendNotifyMessageW
DeleteMenu
EnableMenuItem
GetSubMenu
LoadMenuW
GetMonitorInfoW
MonitorFromPoint
GetWindowLongPtrW
RegisterWindowMessageW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

shcore

SHTaskPoolQueueTask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

gdi32

SetStretchBltMode
SetTextColor
DeleteDC
StretchBlt
GdiAlphaBlend
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetCurrentObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetBkMode
ExcludeClipRect
GetObjectW

uxtheme

OpenThemeData
GetThemeColor
DrawThemeBackground
GetThemeFont
CloseThemeData
DrawThemeTextEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SnippingTool.exe
.exe windows x64

2ffb3f1a15c731516339c4020f75e1c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

kernel32

SetEvent
CreateEventExW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
LocalFree
OpenSemaphoreW
WaitForSingleObject
SetLastError
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseMutex
lstrlenA
MultiByteToWideChar
lstrlenW
GlobalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetSystemDefaultUILanguage
Sleep
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
GetLastError
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
ExpandEnvironmentStringsW
LoadLibraryW
FreeLibrary
GetTempPathW
DeleteFileW
HeapSetInformation
CompareStringA
RegisterApplicationRestart
MulDiv
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceExW

gdi32

CreatePen
SetLayout
CreateDIBSection
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
PatBlt
EndDoc
EndPage
CreateCompatibleDC
StretchBlt
StartPage
SetStretchBltMode
SetBrushOrgEx
StartDocW
DeleteDC
FillRgn
OffsetRgn
CreatePolygonRgn
GetTextMetricsW
SelectClipRgn
GetClipRgn
GetLayout
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
DeleteObject
SelectObject
Rectangle
GetStockObject
CombineRgn
CreateRectRgn
CreateRectRgnIndirect

user32

GetDesktopWindow
IsZoomed
DestroyWindow
RegisterHotKey
AdjustWindowRectExForDpi
CreateWindowExW
LoadStringW
SetWindowTextW
TranslateAcceleratorW
CheckMenuRadioItem
PeekMessageW
DestroyMenu
GetWindowLongW
DestroyIcon
UnregisterHotKey
GetWindowRgnBox
OffsetRect
DrawIconEx
SetClipboardData
GetIconInfo
SetCursor
GetSystemMetricsForDpi
MonitorFromRect
GetMonitorInfoW
CopyRect
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadMenuW
GetSubMenu
RemoveMenu
SetFocus
SetThreadDpiAwarenessContext
GetKeyState
GetScrollInfo
SetScrollInfo
SetTimer
CheckDlgButton
GetCursorPos
WindowFromPoint
ScreenToClient
SetCursorPos
MapWindowPoints
LoadIconW
GetProcessDefaultLayout
TrackPopupMenuEx
MonitorFromWindow
SystemParametersInfoW
LoadImageW
IsDlgButtonChecked
GetComboBoxInfo
GetClientRect
UnregisterClassA
EmptyClipboard
OpenClipboard
CloseClipboard
DrawFocusRect
DrawTextW
SetRect
LogicalToPhysicalPoint
IsIconic
InflateRect
FillRect
SendMessageW
EndDialog
GetDlgItem
GetWindowRect
GetCursorInfo
GetDC
OpenIcon
MessageBoxW
GetWindow
PtInRect
GetSysColor
DestroyCursor
EnumDisplayMonitors
SetWindowPos
PostMessageW
GetDpiForWindow
GetDpiForSystem
PostQuitMessage
DialogBoxParamW
DispatchMessageW
TranslateMessage
GetMessageW
LoadAcceleratorsW
GetParent
KillTimer
GetClassNameW
IntersectRect
SetPropW
GetPropW
InvalidateRect
UnionRect
ReleaseCapture
SetCapture
EndPaint
BeginPaint
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
RegisterClassW
SetClassLongPtrW
LoadCursorW
ReleaseDC
ShowWindow
IsWindowVisible
FindWindowW
GetSystemMetrics
CallWindowProcW
SetForegroundWindow

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsspn
wcscspn
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
_CxxThrowException
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__exit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
_o___p__commode
strstr
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__crt_atexit
memcpy
memmove

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
EtwTraceMessage
WinSqmIncrementDWORD
WinSqmIsOptedIn
RtlVirtualUnwind

gdiplus

GdipDrawCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFontFamilyFromName
GdipCreateCachedBitmap
GdipCreateBitmapFromResource
GdipSaveImageToStream
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteCachedBitmap
GdipCreateFromHWND
GdipSetStringFormatTrimming
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFromLogfontW
GdipDeleteFontFamily
GdipDeleteFont
GdipDrawString
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDeleteStringFormat
GdipDisposeImage
GdipSaveImageToFile
GdipFillEllipseI
GdipSetSmoothingMode
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipCloneImage

comctl32

ImageList_Destroy
ImageList_Create
ord345
ImageList_Add
ord381
InitCommonControlsEx

comdlg32

PrintDlgExW

shlwapi

PathRemoveExtensionW
UrlCreateFromPathW
PathFindExtensionW
PathIsURLW
StrChrW
PathFindFileNameW
ord487

shell32

SHCreateItemInKnownFolder
ShellAboutW
ShellExecuteW
ord75

ole32

CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoCreateInstance
StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateGuid

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
VarBstrCat
SysAllocStringLen
SysAllocString

uxtheme

GetThemeSysColor
GetThemeSysFont

oleacc

AccessibleObjectFromWindow

dwmapi

DwmGetWindowAttribute

msdrm

DRMIsWindowProtected

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-path-l1-1-0

PathAllocCombine

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-synch-l1-1-0

ResetEvent
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-heap-l2-1-0

LocalAlloc

ext-ms-win-uxtheme-themes-l1-1-0

ord96
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference

api-ms-win-crt-math-l1-1-0

floorf
fmodf
ceilf

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sort.exe
.exe windows x64

96bc073d8286b37dfa22a171d067da0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
memcpy
__getmainargs
_amsg_exit
_XcptFilter
_wcsncoll
_wcsnicoll
wcscoll
strchr
atoi
strcpy_s
_strnicmp
fprintf
qsort
_stricoll
strcoll
__set_app_type
_strnicoll
__iob_func
toupper
_strncoll
setlocale
_wcsicoll
exit
memset

ntdll

RtlCaptureContext
RtlUnicodeToOemN
RtlMultiByteToUnicodeN
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
CreateEventA
GetTempFileNameA
FormatMessageA
GetCurrentProcess
GetFileType
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetFileSize
GetOverlappedResult
HeapAlloc
ResetEvent
HeapSetInformation
GetSystemInfo
CloseHandle
CreateFileA
GetLastError
GetDiskFreeSpaceA
GetModuleFileNameA
LocalAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTickCount
ReadFile
HeapFree
GetStdHandle
GetCPInfo
WriteFile
VirtualAlloc
SetThreadUILanguage
WaitForSingleObject
GetModuleHandleA
GetTempPathA
GetConsoleMode
MultiByteToWideChar

advapi32

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
IsTextUnicode
EventProviderEnabled

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpatialAudioLicenseSrv.exe
.exe windows x64

21bbd6725a69b2aa15951ea2bf5647e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o___stdio_common_vsnprintf_s
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__cexit
_o__callnewh
_o___p__commode
__std_terminate
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoWaitForMultipleHandles
CoTaskMemAlloc
CoGetCallContext
CoInitializeSecurity
CoGetMalloc
CoReleaseServerProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shutdownux.dll
.dll windows x64

d30c4b93e293e2b7bd389506ef3d7819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__CxxFrameHandler3
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_vsnwprintf
memcpy
realloc
_get_errno
_set_errno
??1type_info@@UEAA@XZ
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
memcpy_s
memmove
memset

shell32

ShellExecuteExW
ord100
ShellExecuteW

shlwapi

ord630
ord618
ord560
ord629
ord219
ord437

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
LockResource
GetModuleHandleW
DisableThreadLibraryCalls
FindResourceExW
GetModuleHandleExW
LoadResource
LoadStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSemaphore
WaitForSingleObject
CreateEventExW
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetProcessId
OpenProcessToken
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError
RoTransformError

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemDirectoryW

cfgmgr32

CM_Is_Dock_Station_Present

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoGetCallContext
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW

ntdll

wcschr
memmove_s
_wcsnicmp
RtlFreeHeap
NtQueryInformationToken
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlInitUnicodeString
NtPowerInformation
RtlGetActiveConsoleId

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-rtcore-ntuser-window-l1-1-0

EnumWindows
GetWindowRect
GetWindow
SetWindowPos
SetWindowLongPtrW
GetParent
ShowWindow
SendMessageW
SetWindowTextW
SetForegroundWindow
GetClientRect
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
GetWindowLongPtrW
FindWindowW

api-ms-win-ntuser-rectangle-l1-1-0

OffsetRect
SetRect

winbrand

BrandingLoadImage

user32

IsSETEnabled
EndPaint
BeginPaint
DialogBoxParamW
EnableMenuItem
CheckDlgButton
GetDlgItem
IsDlgButtonChecked
EndDialog
GetWindowTextLengthW
DestroyReasons
SetThreadDpiAwarenessContext
BuildReasonArray
ReasonCodeNeedsComment
MapWindowPoints

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shwebsvc.dll
.dll windows x64

8b468b302a0fe8a20dfdb89935efa866

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
_resetstkoflw
__C_specific_handler
memcpy_s
memcpy
memset

atl

ord30

shell32

ord190
ord17
ord21
ord23
SHGetPathFromIDListW
SHBrowseForFolderW
ord747
SHGetKnownFolderPath
ord165
ord71
ShellExecuteW
SHGetFileInfoW
SHGetIDListFromObject
SHBindToParent
ord155
ord100
ord18
SHBindToObject
SHGetFolderPathAndSubDirW
SHParseDisplayName
SHGetSpecialFolderLocation
ord25
SHBindToFolderIDListParentEx
ord75
SHGetSpecialFolderPathW
SHCreateItemFromIDList
Shell_GetCachedImageIndexW
CommandLineToArgvW
ord258
ShellExecuteExW

shlwapi

ord199
ord16
ord158
ord154
StrToIntExW
ord176
SHStrDupW
ord165
ord388
ord12
ord168
UrlCombineW
AssocQueryStringW
PathMatchSpecW
PathAppendW
PathFileExistsW
ord471
SHDeleteKeyW
SHSetValueW
ord487
PathParseIconLocationW
SHGetValueW
PathRenameExtensionW
StrDupW
PathFindExtensionW
PathRemoveFileSpecW
StrChrW
AssocGetPerceivedType
PathCombineW
PathFindFileNameW
ord476
UrlGetPartW
StrCmpIW
PathGetDriveNumberW
UrlIsW
PathIsURLW
ord174
ord219
ord2
PathSkipRootW
PathIsUNCW
StrRetToBufW
StrCmpNIW
ord630
PathIsUNCServerW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
LoadStringW
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
LoadResource
GetModuleFileNameA
LockResource

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateMutexW
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetGeoInfoW
GetLocaleInfoW
GetUserGeoID
GetSystemDefaultLCID
GetUserDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SetErrorInfo
LoadTypeLi
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
LoadRegTypeLi
VariantClear

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
StringFromCLSID
CoCreateGuid
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

mpr

WNetGetConnectionW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

kernel32

QueryActCtxW
GetUserDefaultUILanguage
lstrlenW
lstrcmpiW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
lstrcmpW

ole32

OleInitialize
OleUninitialize
CreateBindCtx
CoInitialize

propsys

PSCreateMemoryPropertyStore
PSPropertyBag_WriteStr
VariantToString

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW
CreateURLMoniker

uxtheme

SetWindowTheme

wininet

InternetCreateUrlW
InternetGoOnlineW
InternetCrackUrlW

gdi32

DeleteObject
SelectObject

user32

SetTimer
GetSystemMetrics
KillTimer
LoadMenuW
SetWindowLongPtrW
GetSubMenu
GetWindowLongPtrW
SetMenuDefaultItem
SendMessageW
GetParent
RegisterClipboardFormatW
SetWindowTextW
SetDlgItemTextW
EnableMenuItem
PostMessageW
TrackPopupMenu
DestroyMenu
GetDlgCtrlID
LoadImageW
SystemParametersInfoW
GetWindowLongW
EndDialog
CheckDlgButton
IsDlgButtonChecked
SetProcessDPIAware
GetDlgItemTextW
CreateWindowExW
GetWindowTextW
MessageBoxW
GetDC
SendDlgItemMessageW
SetFocus
GetClientRect
GetDlgItem
DrawTextExW
LoadCursorW
SetCursor
DispatchMessageW
TranslateMessage
SetWindowPos
ReleaseDC
GetWindowRect
MapWindowPoints
PeekMessageW
EnableWindow
MsgWaitForMultipleObjects
MapDialogRect
DestroyIcon
LoadIconW
ShowWindow
IsWindowVisible

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddNetPlaceRunDll
DllCanUnloadNow
DllGetClassObject
PublishRunDll

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
signdrv.dll
.dll regsvr32 windows x64

5e1eba32254e7c8ecec174c1797783b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc42u

ord2629
ord1122
ord2781
ord4601
ord4602
ord2846
ord2408
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1463
ord4598
ord659
ord1063
ord1479
ord4214
ord5980
ord1287
ord624
ord1126
ord1284
ord626
ord2842
ord1096
ord1040
ord620
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord2752
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord287
ord1426
ord6886
ord3916
ord6887
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
_wcsupr
wcsncpy_s
wcsncmp
wcschr
wcsstr
_wcslwr
free
wcsrchr
wcscpy_s
_wcsicmp
_purecall
__C_specific_handler
__CxxFrameHandler3
memset

atl

ord23
ord32
ord16
ord21
ord15

oleaut32

SysFreeString
VariantChangeType
VariantClear
SysAllocString
SysAllocStringLen

shlwapi

PathAppendW

wintrust

CryptCATAdminReleaseContext
IsCatalogFile
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle

setupapi

SetupOpenFileQueue
SetupDiOpenDeviceInfoW
SetupDiBuildDriverInfoList
SetupDiSetSelectedDriverW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupScanFileQueueW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Get_Child
CM_Get_Parent
CM_Get_Sibling
CM_Open_DevNode_Key
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoListExW
CM_Locate_DevNodeW
SetupCloseFileQueue

crypt32

CertFreeCertificateContext

user32

CharLowerBuffW

kernel32

ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
SetCurrentDirectoryW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
CreateFileW
LeaveCriticalSection
GetLastError
CloseHandle
GetVersionExW
GetFullPathNameW
HeapAlloc
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
SetLastError
GetPrivateProfileStringW
LocalAlloc
LocalFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetFileAttributesExW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapFree
GetCurrentDirectoryW
RtlLookupFunctionEntry

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simauth.dll
.dll windows x64

bd9e7dd37dc158f5e77121233aff3683

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??1type_info@@UEAA@XZ
_callnewh
_onexit
__dllonexit
malloc
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
?terminate@@YAXXZ
_CxxThrowException
_strnicmp
memcpy_s
_wcsicmp
_purecall
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

ws2_32

htonl
htons
ntohs

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

ntdll

NtPowerInformation
WinSqmSetDWORD
RtlNtStatusToDosError

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
LeaveCriticalSection

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetInfo

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simcfg.dll
.dll windows x64

672582d33f25cdc7cc7b2d275d4ff340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
free
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
memmove
_callnewh
malloc
wcscpy_s
_initterm
_beginthreadex
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
_lock
??1exception@@UEAA@XZ
memcpy
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_endthreadex
memcmp
_purecall
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_snwprintf_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
WinSqmSetDWORD

oleaut32

VariantInit
SysAllocStringByteLen
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SysStringByteLen
SysFreeString
SafeArrayGetLBound

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
StringFromIID
CoUninitialize
IIDFromString
CoInitializeEx

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ResetEvent
CreateEventW
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

EapPeerConfigBlob2Xml
EapPeerConfigXml2Blob
EapPeerCredentialsXml2Blob
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetConfigBlobAndUserBlob
EapPeerGetIdentityPageGuid
EapPeerInvokeConfigUI
EapPeerInvokeIdentityUI
EapPeerInvokeInteractiveUI
InternalFunction01
InternalFunction02

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpdata.tlb
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
slc.dll
.dll windows x64

40361d3c7e0f5584bfb571747db802d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
__dllonexit
_amsg_exit
_unlock
_XcptFilter
wcschr
_onexit
memset
_lock
memmove
memcpy
wcscmp

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

RtlGetProductInfo

sppc

SLRegisterEvent
SLGetProductSkuInformation
SLClose
SLReArm
SLOpen
SLUnregisterEvent
SLGetLicensingStatusInformation

Exports

Exports

SLClose
SLConsumeRight
SLConsumeWindowsRight
SLDepositOfflineConfirmationId
SLDepositOfflineConfirmationIdEx
SLFireEvent
SLGenerateOfflineInstallationId
SLGenerateOfflineInstallationIdEx
SLGetApplicationInformation
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformation
SLGetWindowsInformationDWORD
SLInstallLicense
SLInstallProofOfPurchase
SLIsWindowsGenuineLocal
SLOpen
SLReArmWindows
SLRegisterEvent
SLRegisterWindowsEvent
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUnregisterEvent
SLUnregisterWindowsEvent
SLpCheckProductKey
SLpGetGenuineLocal
SLpUpdateComponentTokens

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smbwmiv2.dll
.dll regsvr32 windows x64

571d6bb44a76768b8e9bbbcfff97a02a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcschr
memcpy_s
_vsnwprintf
wcsncpy_s
wcsncat_s
qsort
wcsncmp
_XcptFilter
_amsg_exit
_wcsicmp
malloc
_initterm
__C_specific_handler
free
swprintf_s
wcscat_s
memset

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryAcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

AccessCheck
EqualSid
AllocateAndInitializeSid
DeleteAce
DuplicateTokenEx
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetAce
ImpersonateLoggedOnUser
AddAce
AddAccessAllowedAce
FreeSid
AddAccessDeniedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
MakeSelfRelativeSD
AdjustTokenPrivileges
InitializeAcl
MakeAbsoluteSD

srvcli

LocalShareGetInfoEx
LocalShareDelEx
LocalShareAdd
LocalShareSetInfo
LocalShareEnumEx
LocalFileGetInfoEx
LocalFileEnumEx
LocalSessionEnumEx
LocalSessionGetInfoEx
LocalSessionDel
LocalFileClose

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetVolumePathNameW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumValueW

mpr

WNetCancelConnection2W
WNetOpenEnumW
WNetCloseEnum
WNetAddConnection2W
WNetGetConnectionW
WNetEnumResourceW

wkscli

NetUseGetInfo
NetUseAdd
NetUseDel
NetUseEnum
NetWkstaUserGetInfo

samcli

NetUserGetInfo

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToIndex
ConvertInterfaceAliasToLuid
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

ntdll

RtlInt64ToUnicodeString
RtlGetNtProductType
RtlIpv4AddressToStringExW
RtlInitUnicodeString
NtClose
NtFsControlFile
NtCreateEvent
RtlNtStatusToDosError
RtlVerifyVersionInfo
NtWaitForSingleObject
NtOpenFile
RtlIpv6AddressToStringExW
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthRequiredSid
WinSqmIncrementDWORD
RtlCompareUnicodeString
RtlGUIDFromString
RtlFreeUnicodeString
RtlStringFromGUID
RtlLengthSecurityDescriptor
NtCreateFile

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smphost.dll
.dll windows x64

61b5b04191e2be151288527aaca938b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

malloc
_amsg_exit
_initterm
__C_specific_handler
_XcptFilter
free
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

mi

MI_Application_InitializeV1

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smss.exe
.exe windows x64

bc32b6662261de8469d6eb034c62a6a5

Code Sign

33:00:00:01:af:fa:e1:65:62:04:14:26:77:00:00:00:00:01:af
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-06-2018 18:57

Not After

29-05-2019 18:57

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:3e:f4:70:8c:e2:d7:42:73:81:46:67:36:95:c6:f7:b9:98:bd:27:a6:c1:19:57:67:34:1c:54:67:25:21:3e
Signer

Actual PE Digest

bc:3e:f4:70:8c:e2:d7:42:73:81:46:67:36:95:c6:f7:b9:98:bd:27:a6:c1:19:57:67:34:1c:54:67:25:21:3e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlComputeCrc32
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtClose
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlGetNtSystemRoot
NtOpenKey
RtlGetVersion
TpAllocTimer
TpSetTimer
RtlAllocateHeap
RtlFreeHeap
NtSetValueKey
RtlFreeUnicodeString
NtQueryValueKey
RtlPrefixUnicodeString
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlInitUnicodeStringEx
_vsnwprintf_s
NtCreatePagingFile
NtQueryLicenseValue
NtSetSystemInformation
RtlAppendUnicodeToString
RtlSecondsSince1970ToTime
qsort
NtSetInformationFile
NtQueryInformationFile
NtFsControlFile
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlCompareMemory
NtDeleteValueKey
NtFlushKey
NtUpdateWnfStateData
NtInitializeRegistry
RtlUnicodeStringToInteger
RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtSetSecurityObject
RtlExpandEnvironmentStrings_U
RtlDosPathNameToNtPathName_U
NtCreateFile
NtReadFile
NtCreateKey
NtAllocateVirtualMemory
NtWriteFile
EtwEventWriteTransfer
NtFreeVirtualMemory
RtlCreateUnicodeString
EtwEventWrite
EtwEventEnabled
_vsnwprintf
RtlCopyUnicodeString
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
RtlAdjustPrivilege
RtlFreeSid
RtlLengthSid
NtCreateMutant
RtlCreateTagHeap
NtSetInformationProcess
NtAlpcCreatePort
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
NtOpenEvent
RtlCreateEnvironment
RtlSetCurrentEnvironment
RtlQueryRegistryValuesEx
NtCreateDirectoryObject
RtlEqualUnicodeString
NtSerializeBoot
NtSetEvent
RtlQueryPerformanceFrequency
RtlQueryPerformanceCounter
NtResumeThread
NtWaitForSingleObject
NtTerminateProcess
RtlIsStateSeparationEnabled
TpAllocWork
TpPostWork
TpWaitForWork
TpReleaseWork
_wcsupr_s
NtOpenDirectoryObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlWow64IsWowGuestMachineSupported
NtCreateEvent
RtlRandomEx
qsort_s
LdrVerifyImageMatchesChecksumEx
RtlAppxIsFileOwnedByTrustedInstaller
NtQueryAttributesFile
NtQueryDirectoryFile
RtlDeleteRegistryValue
RtlWriteRegistryValue
_wcsicmp
RtlSetEnvironmentVariable
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
NtDuplicateObject
iswctype
RtlQueryEnvironmentVariable_U
RtlDosSearchPath_U
RtlTestBit
RtlInterlockedSetBitRun
RtlFindSetBits
RtlCreateProcessParametersEx
RtlCreateUserProcessEx
RtlDestroyProcessParameters
NtDisplayString
RtlAddProcessTrustLabelAce
RtlGetAce
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlTimeToTimeFields
NtDeleteFile
__C_specific_handler
RtlAcquireSRWLockExclusive
NtAlpcDisconnectPort
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtAlpcImpersonateClientOfPort
NtOpenThreadToken
NtQueryInformationToken
NtSetInformationThread
TpSetPoolMinThreads
RtlSetThreadIsCritical
AlpcInitializeMessageAttribute
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcCancelMessage
NtAlpcOpenSenderProcess
RtlInitializeSRWLock
NtAlpcAcceptConnectPort
NtConnectPort
NtRequestWaitReplyPort
RtlDeleteNoSplay
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
NtQueryInformationJobObject
NtAssignProcessToJobObject
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlGetCurrentServiceSessionId
NtDelayExecution
RtlSetHeapInformation
EtwEventSetInformation
EtwEventRegister
TpAllocPool
TpAllocAlpcCompletion
NtWaitForMultipleObjects
NtRaiseHardError
RtlInitializeConditionVariable
NtClearEvent
RtlUnicodeStringToAnsiString
NtQueryEvent
wcstoul
LdrQueryImageFileExecutionOptions
RtlAcquirePrivilege
RtlReleasePrivilege
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlCompareUnicodeStrings
memcpy
RtlNormalizeProcessParams
iswspace
RtlConnectToSm
RtlSendMsgToSm
NtQueryKey
NtDeleteKey
NtQuerySystemInformationEx
__chkstk
memset

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
snmpapi.dll
.dll windows x64

d422a10e10c125fa0b6ac8a287c0f03c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

fopen
free
_amsg_exit
localtime
_XcptFilter
strncmp
time
isprint
putchar
__C_specific_handler
isxdigit
_initterm
__iob_func
fprintf
strftime
malloc
_vsnprintf
fflush
sprintf_s
strcat_s
memcpy

ntdll

RtlCaptureContext
NtQuerySystemInformation
RtlGetNtProductType
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

ws2_32

getservbyname
freeaddrinfo
htons
getaddrinfo
htonl

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExA
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

Exports

Exports

SnmpSvcAddrIsIpx
SnmpSvcAddrToSocket
SnmpSvcGetEnterpriseOID
SnmpSvcGetUptime
SnmpSvcGetUptimeFromTime
SnmpSvcInitUptime
SnmpSvcSetLogLevel
SnmpSvcSetLogType
SnmpTfxClose
SnmpTfxOpen
SnmpTfxQuery
SnmpUtilAnsiToUnicode
SnmpUtilAsnAnyCpy
SnmpUtilAsnAnyFree
SnmpUtilDbgPrint
SnmpUtilIdsToA
SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilMemReAlloc
SnmpUtilOctetsCmp
SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilOctetsNCmp
SnmpUtilOidAppend
SnmpUtilOidCmp
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilOidNCmp
SnmpUtilOidToA
SnmpUtilPrintAsnAny
SnmpUtilPrintOid
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpUtilUnicodeToUTF8
SnmpUtilVarBindCpy
SnmpUtilVarBindFree
SnmpUtilVarBindListCpy
SnmpUtilVarBindListFree

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
softpub.dll
.dll regsvr32 windows x64

66e2d1b2cdab292d56111a45637c4a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

AddPersonalTrustDBPages
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spfileq.dll
.dll windows x64

79b7655fc9e4e767c3c597a9a127c69b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsrchr
free
_resetstkoflw
_vsnwprintf
__C_specific_handler
memcmp
_XcptFilter
malloc
wcschr
memcpy
_initterm
_amsg_exit
_wcsicmp
_vsnprintf
memmove
_wcsnicmp
memset

ntdll

RtlAnsiCharToUnicodeChar
RtlIntegerToChar
NtSetInformationThread
NtQueryInformationThread
RtlGetVersion
RtlUpcaseUnicodeChar
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlIsDosDeviceName_U
RtlUnicodeToMultiByteSize
NtSetValueKey
NtQueryValueKey
NtCreateKey
NtOpenKey
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlNtStatusToDosError
RtlUnicodeToMultiByteN
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetLastNtStatus

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetLocalTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-file-l1-1-0

DeleteFileW
FlushFileBuffers
WriteFile
GetFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesExW
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindFirstFileW
SetEndOfFile
SetFilePointer
GetFileSize
GetDriveTypeW
CreateFileW
GetTempFileNameW
GetShortPathNameW
LocalFileTimeToFileTime
ReadFile
CreateFileA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetProcAddress

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
SleepEx
SetEvent
WaitForSingleObjectEx
CreateEventW
CreateMutexW
ReleaseMutex

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
SetFileSecurityW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW
CopyFileExW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

Exports

Exports

SpFileQueueClose
SpFileQueueCommit
SpFileQueueCopy
SpFileQueueDelete
SpFileQueueFileInUse
SpFileQueueGetFlags
SpFileQueueGetQueueCount
SpFileQueueNodeGetSecurityDescriptor
SpFileQueueNodeGetSourceFilename
SpFileQueueNodeGetSourcePath
SpFileQueueNodeGetSourceRootPath
SpFileQueueNodeGetStyleFlags
SpFileQueueNodeGetTargetDirectory
SpFileQueueNodeGetTargetFilename
SpFileQueueNodeRemove
SpFileQueueOpen
SpFileQueueRename
SpFileQueueSetFlags

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spinf.dll
.dll windows x64

799ed6f085d241bc393bf158b19a2678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsrchr
__C_specific_handler
_wcsnicmp
_vsnprintf
wcschr
wcstoul
_vsnwprintf
_initterm
_wcsicmp
malloc
free
memcpy
_amsg_exit
memmove
_XcptFilter
_resetstkoflw
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
GetLastError
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexW
WaitForMultipleObjectsEx
SetEvent
WaitForSingleObjectEx
CreateEventW
SleepEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

ntdll

RtlInitUnicodeStringEx
RtlGetVersion
RtlIsTextUnicode
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtSetValueKey
NtQueryValueKey
NtCreateKey
NtOpenKey
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlNtStatusToDosError
RtlVerifyVersionInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeExW
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

SetFilePointer
SetEndOfFile
SetFileAttributesW
GetFileSize
CompareFileTime
FindClose
DeleteFileW
GetFullPathNameW
FlushFileBuffers
WriteFile
CreateFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
LCMapStringW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

Exports

Exports

SpInfDetermineInfStyle
SpInfDoesInfContainString
SpInfEnumInfSections
SpInfFileFullPathFromLineContext
SpInfFindFirstLine
SpInfFindNextMatchLine
SpInfFindValueInSectionList
SpInfFreeInfFile
SpInfGetBestInstallSection
SpInfGetBestModelsSection
SpInfGetDirIdHandler
SpInfGetDriverVer
SpInfGetField
SpInfGetIndirectString
SpInfGetInfInformation
SpInfGetInfLineNumber
SpInfGetInfSections
SpInfGetInfStyle
SpInfGetLanguageId
SpInfGetLineByIndex
SpInfGetLineCount
SpInfGetLineCountFromSection
SpInfGetLineFieldCount
SpInfGetLineTextWithKey
SpInfGetLogToken
SpInfGetNextInf
SpInfGetOriginalInfName
SpInfGetPathFromDirId
SpInfGetPrevInf
SpInfGetStringField
SpInfGetStringsSection
SpInfGetTargetPath
SpInfGetVersionDatum
SpInfGetVersionNode
SpInfIsIndirectString
SpInfLineFromContext
SpInfLineIsSearchable
SpInfLoadInfFile
SpInfLocateLine
SpInfLocateSection
SpInfLockInf
SpInfQueryInfFileInformation
SpInfQueryInfVersionInformation
SpInfSectionNameFromLineContext
SpInfSetDirIdHandler
SpInfSetDirectoryId
SpInfSourcePathFromHandle
SpInfUnlockInf
SpInfVersionNodeFromInfInformation

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spp.dll
.dll regsvr32 windows x64

cc464cfad47ec437dfae54153261bdaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcscat_s
malloc
free
memmove
qsort
memcmp
wcscmp
iswspace
_vscwprintf
wcschr
_wcsnicmp
wcstoul
realloc
_purecall
isalpha
_callnewh
memset
_amsg_exit
_initterm
_lock
_vsnwprintf
_unlock
__dllonexit
memcpy
_onexit
wcspbrk
strchr
_XcptFilter
_wcsicmp
__C_specific_handler

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalAlloc
SetFileAttributesW
CreateDirectoryW
SetLastError
GetCurrentThread
GetSystemDirectoryW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetDriveTypeW
GetFullPathNameW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
LocalFree
CreateFileW
DeviceIoControl
WriteFile
ReadFile
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameW
GetTickCount64
CreateEventW
DeleteFileW
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
CreateProcessW
GetDiskFreeSpaceExW
GetFileSizeEx
HeapDestroy
FindClose
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
FormatMessageW
GetVolumePathNamesForVolumeNameW
GetFileAttributesW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
ExpandEnvironmentStringsW

user32

GetSystemMetrics
CharNextW
CharPrevW

ntdll

NtSetInformationFile
NtQueryInformationFile
RtlGetLastNtStatus
RtlFreeHeap
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
WinSqmSetDWORD
RtlNtStatusToDosError
NtQuerySystemInformation
RtlSetThreadErrorMode
RtlEqualUnicodeString
EtwTraceMessage
RtlComputeCrc32
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlGetCurrentTransaction
RtlSetCurrentTransaction
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl

rpcrt4

UuidToStringW
MesDecodeBufferHandleCreate
MesHandleFree
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
NdrMesTypeDecode3
NdrMesTypeEncode3
RpcStringFreeW

vssapi

VssFreeSnapshotPropertiesInternal
GetProviderMgmtInterfaceInternal
CreateVssBackupComponentsInternal

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromCLSID
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoGetMalloc
CoTaskMemRealloc
CoWaitForMultipleHandles

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
CreateWellKnownSid
EqualSid
CopySid
GetTokenInformation

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
ReportEventW
DeregisterEventSource

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SppFreeBadWritersArray
SppFreeClientPropArray
SppFreeExternalGroupPropArray
SppFreeGroupPropArray
SppFreeMetadataProp
SxTracerDebuggerBreak
SxTracerGetThreadContextDebug
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppc.dll
.dll windows x64

2560f722bc4411b590e8e87b2589e955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
malloc
_amsg_exit
_vsnwprintf
_lock
_XcptFilter
__C_specific_handler
_unlock
_initterm
__dllonexit
_onexit
_purecall
memmove
memcmp
memcpy
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleFileNameW
FreeLibraryAndExitThread

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcMapWin32Status
UuidCreate
NdrClientCall3

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
SetThreadToken
OpenThreadToken

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
WaitForMultipleObjectsEx
CreateMutexW
ReleaseSemaphore
EnterCriticalSection
SetEvent
WaitForSingleObject
OpenMutexW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32GetModuleInformation

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
RevertToSelf

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

GetProcessAffinityMask

Exports

Exports

SLCallServer
SLClose
SLConsumeRight
SLDepositMigrationBlob
SLDepositOfflineConfirmationId
SLDepositOfflineConfirmationIdEx
SLDepositStoreToken
SLFireEvent
SLGatherMigrationBlob
SLGatherMigrationBlobEx
SLGenerateOfflineInstallationId
SLGenerateOfflineInstallationIdEx
SLGetActiveLicenseInfo
SLGetApplicationInformation
SLGetApplicationPolicy
SLGetAuthenticationResult
SLGetEncryptedPIDEx
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLInstallLicense
SLInstallProofOfPurchase
SLInstallProofOfPurchaseEx
SLIsGenuineLocalEx
SLLoadApplicationPolicies
SLOpen
SLPersistApplicationPolicies
SLPersistRTSPayloadOverride
SLReArm
SLRegisterEvent
SLRegisterPlugin
SLSetAuthenticationData
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUnloadApplicationPolicies
SLUnregisterEvent
SLUnregisterPlugin
SLpAuthenticateGenuineTicketResponse
SLpBeginGenuineTicketTransaction
SLpClearActivationInProgress
SLpDepositDownlevelGenuineTicket
SLpDepositTokenActivationResponse
SLpGenerateTokenActivationChallenge
SLpGetGenuineBlob
SLpGetGenuineLocal
SLpGetLicenseAcquisitionInfo
SLpGetMSPidInformation
SLpGetMachineUGUID
SLpGetTokenActivationGrantInfo
SLpIAActivateProduct
SLpProcessVMPipeMessage
SLpSetActivationInProgress
SLpTriggerServiceWorker
SLpVLActivateProduct

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppinst.dll
.dll windows x64

bad65dbeacd0fec7bc112c5f4dea09f2

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:d5:c4:39:06:6e:03:32:e5:fc:64:ef:f6:e9:e6:8d:b2:01:08:b4:1b:1c:40:c7:fc:18:34:36:61:ed:1e:73
Signer

Actual PE Digest

fb:d5:c4:39:06:6e:03:32:e5:fc:64:ef:f6:e9:e6:8d:b2:01:08:b4:1b:1c:40:c7:fc:18:34:36:61:ed:1e:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_lock
_onexit
memcpy
malloc
free
_amsg_exit
__dllonexit
__C_specific_handler
memmove
_vsnwprintf
_XcptFilter
_initterm
_purecall
memcmp
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
SetEvent
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-kernel32-legacy-l1-1-0

CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppnp.dll
.dll windows x64

edf640ff4c6dfe2c26ea24ad08ef6804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

swprintf_s
__CxxFrameHandler3
_vsnwprintf_s
wcscpy_s
_wcsicmp
wcsncpy_s
toupper
_vsnprintf
wcschr
_resetstkoflw
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
__C_specific_handler
_vsnwprintf
wcsrchr
qsort
swscanf_s
_wcsnicmp
?terminate@@YAXXZ
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
DbgPrint
RtlAdjustPrivilege
NtSetValueKey
NtQueryValueKey
NtCreateKey
NtOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlGetVersion
NtQuerySystemInformation
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
NtOpenKeyEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosErrorNoTeb
NtClose
NtDeleteKey

user32

DestroyWindow
FindWindowExW
DefWindowProcW
GetMessageW
GetWindowLongW
FillRect
LoadBitmapW
IsWindowVisible
SetWindowPos
GetPropW
CreateWindowExW
EndPaint
GetDC
GetWindowTextW
LoadStringW
BeginPaint
ReleaseDC
InvalidateRect
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
DrawTextW
GetClientRect
SetCursor
TranslateMessage
SetPropW
SetFocus
MapWindowPoints
SetTimer
DispatchMessageW
ShowWindow
SetThreadDesktop
RegisterClassExW
NotifyWinEvent
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
SendMessageW

cfgmgr32

CM_MapCrToWin32Err
CMP_WaitNoPendingInstallEvents
CMP_GetServerSideDeviceInstallFlags
CM_Get_DevNode_Status
CM_Reenumerate_DevNode

setupapi

SetupGetInfPublishedNameW
SetupGetInfDriverStoreLocationW
SetupDiRemoveDevice
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiGetDriverInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetSelectedDriverW
SetupDiBuildDriverInfoList
SetupUninstallOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupVerifyInfFileW
PnpRepairWindowsProtectedDriver
PnpEnumDrpFile
pSetupInfGetDigitalSignatureInfo
pSetupInfSetDigitalSignatureInfo
pSetupInfIsInbox
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDevicePropertyW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupGetThreadLogToken
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupWriteTextLogError
SetupWriteTextLog
SetupSetThreadLogToken
SetupSetNonInteractiveMode

newdev

DiInstallDevice

oleaut32

SysAllocString
SysFreeString

wevtapi

EvtClearLog

wdscore

WdsInitialize
ConstructPartialMsgVW
CurrentIP
WdsTerminate
WdsSetupLogMessageW

drvstore

DriverStoreFindW
DriverPackageOpenW
DriverPackageGetVersionInfoW
DriverPackageClose
DriverStoreSetLogContext
DriverStoreClose
DriverStoreOpenW
DriverStoreReflectCriticalW
DriverStoreEnumW

api-ms-win-devices-query-l1-1-0

DevFreeObjects
DevSetObjectProperties
DevGetObjects

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteTreeW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
GetExitCodeThread
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AdjustTokenPrivileges
EqualSid
GetSecurityDescriptorSacl

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
SetErrorMode

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ResetEvent
WaitForSingleObjectEx
SetEvent
CreateEventW
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
DeleteCriticalSection
ReleaseSRWLockExclusive
SleepEx
OpenEventW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineA
GetEnvironmentVariableW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
FlushFileBuffers
FileTimeToLocalFileTime
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
SetEndOfFile
SetFilePointer
GetFileSize
SetFileAttributesW
CreateFileW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
WriteFile

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
FindResourceW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
SizeofResource
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
LockResource
LoadResource

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

GetSystemDefaultUILanguage
FileTimeToSystemTime
QueryFullProcessImageNameW
K32EnumProcesses
LocalFree

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

CreateSolidBrush
DeleteObject
SetStretchBltMode
GetTextAlign
TextOutW
SetMapMode
SetTextAlign
SetWorldTransform
SetBrushOrgEx
BitBlt
CreateCompatibleBitmap
RemoveFontMemResourceEx
CreateCompatibleDC
StretchBlt
GetStockObject
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetBkColor
GdiAlphaBlend
AddFontMemResourceEx
SetTextColor
GetObjectW
GetTextMetricsW
CreateFontIndirectW
SetTextCharacterExtra
SetLayout
SelectObject
CreateDIBitmap
SetBkMode
SetGraphicsMode

Exports

Exports

Sysprep_Generalize_Pnp
Sysprep_Generalize_Pnp_Drivers
Sysprep_Respecialize_Pnp
Sysprep_Specialize_Offline_Pnp
Sysprep_Specialize_Pnp

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spwmp.dll
.dll windows x64

9a2d66c07f6559bfdc01bb358ed3b684

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_XcptFilter
_initterm
malloc
free
_amsg_exit

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
QueryPerformanceCounter
Sleep
GetCurrentProcessId

Exports

Exports

Sysprep_Clean_WMP
Sysprep_Generalize_WMP

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlsrv32.dll
.dll windows x64

d86d706d74fd47f6cabdcdad325f8877

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_strrev
_ecvt
_gcvt
wcsrchr
memmove_s
wcsstr
_wsplitpath_s
_wmakepath_s
qsort
_stricmp
ctime
towupper
wcsncpy_s
_XcptFilter
_amsg_exit
_initterm
strcmp
memset
memmove
_wtol
modf
isxdigit
_ltow_s
_ultow_s
_itow_s
wcsncmp
_wcsnicmp
isalpha
_strnicmp
strstr
wcschr
strchr
strerror
_errno
strncmp
_ismbcspace
_ltoa_s
_itoa_s
atol
atoi
_wtoi
malloc
free
_vsnprintf
memcpy
memcmp
localtime
time
iswctype
_ultoa_s
__C_specific_handler
_vsnwprintf
_wcsicmp
wcscmp

ntdll

RtlCaptureContext
WinSqmSetDWORD
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

ResolveDelayLoadedAPI
SetLastError
ExpandEnvironmentStringsA
LoadLibraryExA
GetComputerNameA
GlobalMemoryStatus
GetDiskFreeSpaceA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoEx
LCIDToLocaleName
GetPrivateProfileStringW
HeapReAlloc
HeapAlloc
GetVersionExA
GetSystemInfo
DisableThreadLibraryCalls
OutputDebugStringW
GetDriveTypeW
SearchPathW
GetFullPathNameW
GetSystemDirectoryW
VirtualQuery
SwitchToThread
GetProcessHeap
HeapFree
GetCurrentProcessId
GetTimeZoneInformation
GetUserDefaultLCID
GetLastError
SetThreadErrorMode
GetProcAddress
FreeLibrary
GetTickCount64
Sleep
LeaveCriticalSection
EnterCriticalSection
GetFileSize
ReadFile
GetACP
GetOEMCP
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
IsDBCSLeadByteEx
CreateFileW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
WriteFile
SetFilePointer
HeapSize
GetDateFormatA
GetTimeFormatA
GetCurrencyFormatA
GetNumberFormatA
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetModuleHandleA
GetModuleFileNameW
VerLanguageNameW
GetSystemDefaultLCID
GetTempPathW
GetComputerNameW
LoadLibraryExW
LocalAlloc
LocalFree
OpenFileMappingA
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
FreeResource
MultiByteToWideChar
GetCPInfo
DelayLoadFailureHook

crypt32

CryptProtectMemory
CryptUnprotectMemory

user32

UpdateWindow
SetWindowTextW
GetWindowTextW
PostMessageA
OemToCharBuffA
GetSystemMetrics
IsWindowVisible
GetParent
IsDlgButtonChecked
GetDlgItemTextW
GetWindowTextLengthW
ShowWindow
SetDlgItemTextW
SendDlgItemMessageW
PostMessageW
EnableWindow
MoveWindow
GetWindowRect
SetWindowLongPtrW
SetFocus
SendMessageW
GetDlgItem
IsWindowEnabled
EndDialog
CheckDlgButton
MessageBoxW
GetWindowLongPtrW
ReleaseCapture
LoadStringW
CharToOemBuffA
DialogBoxParamW
GetDesktopWindow
LoadCursorW
SetCapture
SetCursor

advapi32

AddAccessDeniedAce
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
AllocateLocallyUniqueId
RegQueryValueExA
RegSetValueExA
UnregisterTraceGuids
RegisterTraceGuidsW
RegOpenKeyExW
RegGetValueW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
RegDeleteKeyA
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetUserNameW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExA
RegEnumValueW

netapi32

Netbios

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

BCP_batch
BCP_bind
BCP_colfmt
BCP_collen
BCP_colptr
BCP_columns
BCP_control
BCP_done
BCP_exec
BCP_getcolfmt
BCP_init
BCP_moretext
BCP_readfmt
BCP_sendrow
BCP_setcolfmt
BCP_writefmt
ConfigDSNW
ConfigDriverW
ConnectDlgProc
FinishDlgProc
LibMain
SQLAllocHandle
SQLBindCol
SQLBindParameter
SQLBrowseConnectW
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLColAttributeW
SQLColumnPrivilegesW
SQLColumnsW
SQLConnectW
SQLCopyDesc
SQLDebug
SQLDescribeColW
SQLDescribeParam
SQLDisconnect
SQLDriverConnectW
SQLEndTran
SQLExecDirectW
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLForeignKeysW
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttrW
SQLGetConnectOptionW
SQLGetCursorNameW
SQLGetData
SQLGetDescFieldW
SQLGetDescRecW
SQLGetDiagFieldW
SQLGetDiagRecW
SQLGetEnvAttr
SQLGetFunctions
SQLGetInfoW
SQLGetStmtAttrW
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSqlW
SQLNumParams
SQLNumResultCols
SQLParamData
SQLParamOptions
SQLPrepareW
SQLPrimaryKeysW
SQLProcedureColumnsW
SQLProceduresW
SQLPutData
SQLRowCount
SQLSetConnectAttrW
SQLSetConnectOptionW
SQLSetCursorNameW
SQLSetDescFieldW
SQLSetDescRec
SQLSetEnvAttr
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttrW
SQLSpecialColumnsW
SQLStatisticsW
SQLTablePrivilegesW
SQLTablesW
TestDlgProc
WizDSNDlgProc
WizDatabaseDlgProc
WizIntSecurityDlgProc
WizLanguageDlgProc

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlsrv32.rll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqmapi.dll
.dll windows x64

d6cca9daf1f9f60889b9b319d3ded266

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:98:a9:dd:71:a5:33:d6:76:2a:cf:e2:9e:a6:19:91:8f:dc:be:c5:50:af:a2:40:61:24:eb:77:e6:e2:0e:d5
Signer

Actual PE Digest

9d:98:a9:dd:71:a5:33:d6:76:2a:cf:e2:9e:a6:19:91:8f:dc:be:c5:50:af:a2:40:61:24:eb:77:e6:e2:0e:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_lock
__dllonexit
_onexit
_initterm
_amsg_exit
_XcptFilter
memcpy_s
__C_specific_handler
wcsrchr
_vsnwprintf
__CxxFrameHandler3
_callnewh
malloc
free
memset

advapi32

RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
DebugBreak
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
OutputDebugStringW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
SetLastError
GetLastError
GetCurrentProcess
CloseHandle
LocalFree
ExpandEnvironmentStringsW
FindFirstFileW
DeleteFileW
FindNextFileW
GetSystemDirectoryW
Sleep
CreateDirectoryW
GetTickCount
WaitForSingleObjectEx
GetSystemTimeAsFileTime
FormatMessageW
FindClose

ntdll

EtwTraceMessage

Exports

Exports

SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamDWord64
SqmAddToStreamString
SqmAddToStreamV
SqmCheckEscalationAddToStreamDWord
SqmCheckEscalationAddToStreamDWord64
SqmCheckEscalationAddToStreamString
SqmCheckEscalationSetDWord
SqmCheckEscalationSetDWord64
SqmCheckEscalationSetString
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmEndSessionEx
SqmFlushSession
SqmGetEnabled
SqmGetEscalationRuleStatus
SqmGetFlags
SqmGetInstrumentationProperty
SqmGetLastUploadTime
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsNamespaceEnabled
SqmIsWindowsOptedIn
SqmLoadEscalationManifest
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetDWord64
SqmSetEnabled
SqmSetEscalationInfo
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmStartUploadEx
SqmSysprepCleanup
SqmSysprepGeneralize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmUnloadEscalationManifest
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srchadmin.dll
.dll windows x64

e14c52956b8e9f9b519d2991a0d3568f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcmp
_vsnwprintf
memcpy
memset
__CxxFrameHandler3
memmove
_errno
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcstol
free
malloc
wcsncpy_s
__C_specific_handler
memmove_s
wcsstr
wcscspn
_wcsicmp
memcpy_s
realloc
wcscmp

shell32

ord167
ord170
ord704
ord680
ord71
SHGetSpecialFolderLocation
SHGetDesktopFolder
ord747
ord155
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ord168
ShellExecuteExW
ord16
ord171
SHCreateItemFromParsingName
SHGetKnownFolderPath
ord102
ord25
SHParseDisplayName
SHBindToParent
ord68
SHGetFolderPathW
ord72
SHCreateShellItem
SHGetDataFromIDListW

shlwapi

ord158
PathRemoveBlanksW
SHEnumKeyExW
SHStrDupW
ord16
SHRegGetValueW
PathRemoveBackslashW
PathRemoveFileSpecW
UrlIsW
StrStrW
ord615
SHSetValueW
SHGetValueW
PathCombineW
PathStripToRootW
UrlCanonicalizeW
ord487
ord199
ord219
PathCreateFromUrlW
SHDeleteKeyW
PathFindFileNameW
UrlGetPartW
SHCopyKeyW
ord618
StrRetToBufW
PathIsRootW
PathStripPathW
ord2
PathParseIconLocationW
StrRetToStrW
ord278
ord260
ord633
PathAppendW
ord154

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateMutexExW
ResetEvent
OpenSemaphoreW
CreateEventExW
EnterCriticalSection
CreateEventW
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexW
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
OpenProcessToken
TerminateProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_AddRef
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_CountRefs
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserSize
HWND_UserFree
HWND_UserSize64
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree64

ntdll

EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer
WinSqmIncrementDWORD

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
GetLogicalDrives
GetDriveTypeW
DeleteFileW
GetVolumePathNameW
GetFileAttributesExW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-com-l1-1-0

CoEnableCallCancellation
CoUninitialize
CoTaskMemAlloc
CoCancelCall
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoGetMalloc
CoCreateInstance
CLSIDFromString
CoDisableCallCancellation
CoWaitForMultipleHandles
CoInitializeEx
CoSetProxyBlanket

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegDeleteKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
EndDeferWindowPos
DefWindowProcW
CreateWindowExW
DeferWindowPos
PostMessageW
GetWindow
BeginDeferWindowPos
KillTimer
GetMessagePos
GetWindowLongW
SetWindowPos
DestroyWindow
GetClientRect
SetWindowLongPtrW
GetParent
SetForegroundWindow
SendMessageW
EnableWindow
SetWindowLongW
GetWindowTextW
GetWindowLongPtrW
SetWindowTextW
ScreenToClient
SetFocus
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

userenv

ProcessGroupPolicyCompleted

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchCombine
PathCchAppend

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
GetTokenInformation
IsValidSid

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetNumberFormatW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx

user32

LoadCursorW
GetDlgItem
SetProcessDPIAware
MessageBoxIndirectW
DialogBoxParamW
CheckRadioButton
UnregisterClassA
UpdateWindow
GetSysColor
GetDlgItemTextW
SetDlgItemTextW
InvalidateRect
IsDlgButtonChecked
EndDialog
CheckDlgButton
LoadIconW
DestroyMenu
MessageBoxW
SetCursor
MapWindowPoints
GetDlgCtrlID
GetSubMenu
TrackPopupMenuEx
LoadMenuW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
ProcessGroupPolicy

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srclient.dll
.dll windows x64

09dab2a8998f434efd5680ee35dedb86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsrchr
_wcsnicmp
memset
_vscwprintf
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
strchr
_vsnwprintf
malloc
free
_wcsicmp
wcschr

spp

SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SxTracerGetThreadContextRetail
SppFreeGroupPropArray

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateFileW
GetCurrentThread
IsWow64Process
GetTickCount
GetVolumeInformationW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
DeleteFileW
GetSystemDirectoryW
DeviceIoControl
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
CloseHandle
FindClose
GetLastError
FindNextFileW
FindFirstFileW
GetSystemTimeAsFileTime
LocalFree
SetLastError
MultiByteToWideChar
RtlCaptureContext
GetCommandLineW
GetModuleFileNameW
DisableThreadLibraryCalls
GetDriveTypeW

ntdll

NtQueryValueKey
NtCreateFile
NtQueryVolumeInformationFile
RtlGetSuiteMask
RtlGetNtSystemRoot
NtClose
RtlRunOnceExecuteOnce
WinSqmAddToStreamEx
NtSetInformationFile
NtQueryInformationFile
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlGetCurrentTransaction
RtlSetCurrentTransaction
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtOpenKey

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

advapi32

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegDeleteValueW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegisterEventSourceW

powrprof

CallNtPowerInformation

Exports

Exports

DisableSR
DisableSRInternal
EnableSR
EnableSREx
EnableSRInternal
SRNewSystemId
SRRemoveRestorePoint
SRSetRestorePointA
SRSetRestorePointInternal
SRSetRestorePointW
SetSRStateAfterSetup
SysprepCleanup
SysprepGeneralize

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore.dll
.dll regsvr32 windows x64

4b0696026fb387c2fee04b5aa55758e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcmp
memcpy
memmove
wcsnlen
iswspace
wcsrchr
_vscwprintf
_wcslwr
wcsstr
strchr
wcspbrk
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_vsnwprintf
wcstoul
_wcsupr
wcsncmp
wcschr
_wcsicmp
realloc
wcscat_s
malloc
free
__C_specific_handler
_purecall
_wcsnicmp
wcscmp

kernel32

SetThreadExecutionState
DebugBreak
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
SetLastError
DeleteFileW
CreateDirectoryW
SetFileAttributesW
SetFileShortNameW
QueryPerformanceCounter
MoveFileExW
RemoveDirectoryW
GetSystemTimeAsFileTime
BackupRead
QueryPerformanceFrequency
WerRegisterFile
FindFirstFileW
FindNextFileW
FindClose
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnmapViewOfFile
GetCurrentThread
DuplicateHandle
MapViewOfFile
CreateFileMappingW
CreateProcessW
SetThreadErrorMode
SetErrorMode
VirtualFree
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
LocalFree
HeapDestroy
DisableThreadLibraryCalls
InitializeProcThreadAttributeList
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetProcessId
GetSystemDirectoryW
IsWow64Process2
FindVolumeClose
FormatMessageW
HeapFree
DeviceIoControl
LoadLibraryExW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapAlloc
VirtualUnlock
GetProcAddress
GetLastError
FreeLibrary
GetFileAttributesW
GetFileType
BackupWrite
GetVolumePathNameW
CreateDirectoryExW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetFullPathNameW
GetDriveTypeW
FindFirstVolumeW
FindNextVolumeW
TerminateProcess

user32

CharPrevW
CharNextW
GetSystemMetrics
LoadStringW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
WinSqmAddToStream
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlComputeCrc32
RtlDosPathNameToNtPathName_U
DbgPrintEx
NtClose
RtlWerpReportException
NtSetSystemInformation
RtlTryAcquirePebLock
RtlReleasePebLock
NtClearEvent
RtlDecodeSystemPointer
RtlEnumerateGenericTableWithoutSplayingAvl
EtwTraceMessage
NtQuerySecurityObject
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtSetSecurityObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlCreateSystemVolumeInformationFolder
RtlFreeHeap
RtlGetLastNtStatus
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlFreeUnicodeString
RtlSetBits
RtlInitializeBitMap
NtSetInformationProcess
NtQueryInformationProcess
WinSqmAddToStreamEx
RtlUnlockBootStatusData
NtQueryInformationFile
NtOpenFile
NtSetInformationFile

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
MesHandleFree

ole32

CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
StringFromGUID2
CLSIDFromString

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

advapi32

RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegOpenKeyTransactedW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegReplaceKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
TraceMessage
RegQueryValueExW
LookupPrivilegeValueW
EventRegister
EventEnabled
EventWrite
EventUnregister
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenThreadToken
OpenProcessToken
ControlTraceW
StartTraceW
EnableTraceEx2
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges

vssapi

GetProviderMgmtInterfaceInternal

wer

WerReportAddFile
WerReportSetParameter
WerReportSubmit
WerReportCloseHandle
WerReportCreate

spp

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeGroupPropArray

bcd

BcdEnumerateObjects
BcdOpenSystemStore
BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdCloseStore

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShutdownContinuation
SrFreeRestoreStatus
SrFreeRpPropArray

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srhelper.dll
.dll regsvr32 windows x64

a97d0d0c7b6f7c12facc995dc221c386

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

strchr
_vscwprintf
memcmp
__C_specific_handler
free
malloc
wcscat_s
realloc
qsort
_callnewh
_XcptFilter
_amsg_exit
_initterm
memcpy
_wcsicmp
_vsnwprintf
memset

sxshared

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail

spp

SppFreeGroupPropArray

kernel32

GetSystemTimeAsFileTime
CopyFileW
GetFileSizeEx
ReadFile
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
CloseHandle
DisableThreadLibraryCalls
HeapDestroy
GetTickCount64
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalFree
GetFileAttributesW
CreateDirectoryW
DeleteFileW
GetCurrentThread
SetLastError
ExpandEnvironmentStringsW
SetFileAttributesW
GetDateFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetLastError
FindFirstFileW
MoveFileExW
CreateFileW
FindClose
RaiseException
DeleteCriticalSection

user32

CharNextW
CharPrevW

advapi32

AdjustTokenPrivileges
RegUnLoadKeyW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
CreateWellKnownSid
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
CopySid
GetTokenInformation
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegLoadKeyW

ntdll

EtwTraceMessage
RtlComputeCrc32
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlGetLastNtStatus
RtlFreeHeap
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationFile

rpcrt4

MesDecodeBufferHandleCreate
MesHandleFree
NdrMesTypeDecode3
NdrMesTypeEncode3
I_RpcExceptionFilter
MesEncodeDynBufferHandleCreate

ole32

CLSIDFromString
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

setupapi

SetupDiClassNameFromGuidW

drvstore

DriverPackageClose
DriverPackageOpenW
DriverPackageGetVersionInfoW
DriverStoreOpenW
DriverStoreEnumW
DriverStoreClose
DriverStoreDriverPackageResolveCallbackW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srms.dat
.xml
srms62.dat
.xml
srpapi.dll
.dll windows x64

9bf022ebc046661e548682dcce3834d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
_vsnprintf_s
memmove
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_lock
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
memcpy
__CxxFrameHandler3
_unlock
__dllonexit
_wcsicmp
_CxxThrowException
_vsnprintf
_wcstoi64
_errno
__C_specific_handler
iswspace
_XcptFilter
_onexit
memset
wcsstr
wcsnlen
_initterm
_vsnwprintf
memcpy_s
malloc
free
_amsg_exit
strcmp

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexExW

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CreateFileW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName
PackageFamilyNameFromId
PackageNameAndPublisherIdFromFamilyName
GetPackagePath
PackageIdFromFullName

crypt32

CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertGetEnhancedKeyUsage
CertGetNameStringW

ntdll

RtlLengthSid
RtlEqualUnicodeString
RtlGUIDFromString
RtlPrefixUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtReadFile
NtWaitForSingleObject
RtlUpcaseUnicodeString
NtQueryInformationFile
NtQueryLicenseValue
NtOpenFile
NtDelayExecution
NtClose
RtlCreateUnicodeString
NtQueryDirectoryFile
RtlInitializeSRWLock
RtlGetNtSystemRoot
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlCopyUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtQueryObject
NtDeviceIoControlFile
NtOpenKey
NtQueryValueKey
NtSetValueKey
EtwEventEnabled
LdrResSearchResource
RtlCompareUnicodeString
NtAccessCheck
NtDuplicateToken
RtlNtStatusToDosErrorNoTeb
EtwEventWrite
RtlRunOnceExecuteOnce
EtwEventUnregister
EtwEventRegister
RtlSetLastWin32Error
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
NtQuerySecurityAttributesToken
NtQueryEaFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenProcessToken
NtSetInformationThread
NtDuplicateObject
NtOpenThreadToken
NtGetCachedSigningLevel
NtSetCachedSigningLevel
RtlEqualSid
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtCreateSection
NtUnmapViewOfSection
NtMapViewOfSection
LdrResRelease
RtlSetThreadSubProcessTag
RtlFreeUnicodeString
EtwEventWriteTransfer

bcrypt

BCryptDestroyHash
BCryptCreateHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptFinishHash

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

kernelbase

IsDeveloperModeEnabled

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AiEvaluatePlugin
AppIDDecodeAttributeString
AppIDEncodeAttributeString
AppIDFreeAttributeString
SrpCloseThreadNetworkContext
SrpCloseTrackInstall
SrpCreateThreadNetworkContext
SrpDisablePermissiveModeFileEncryption
SrpDoesPolicyAllowAppExecution
SrpEnablePermissiveModeFileEncryption
SrpGetAllowedEnterprises
SrpGetAppxFqbnFromPackageFullName
SrpGetEnterpriseIds
SrpGetEnterprisePolicy
SrpInheritEnterpriseContext
SrpInheritOriginClaim
SrpIsAllowed
SrpIsTokenService
SrpOpenTrackInstall
SrpRestoreEnterpriseContext
SrpSetTokenEnterpriseId

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srvcli.dll
.dll windows x64

e32350b7225b622f35ef63d2d7d7e728

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:4b:ab:08:08:70:b1:f5:2c:1c:44:e3:62:0b:92:8d:cc:86:fc:67:43:d4:98:f8:99:57:f5:e2:c7:f4:c8:7e
Signer

Actual PE Digest

84:4b:ab:08:08:70:b1:f5:2c:1c:44:e3:62:0b:92:8d:cc:86:fc:67:43:d4:98:f8:99:57:f5:e2:c7:f4:c8:7e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-09-2022 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow_s
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_isdigit
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
strchr
_o___std_type_info_destroy_list
__C_specific_handler
__RTDynamicCast

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

NtOpenThreadToken
RtlAcquireResourceExclusive
NtClose
RtlReleaseResource
RtlAcquireResourceShared
RtlInitAnsiString
RtlxUnicodeStringToOemSize
RtlUnicodeToOemN
RtlOemStringToUnicodeString
NtImpersonateAnonymousToken
NtSetInformationThread
RtlInitializeResource
NtCreateFile
RtlNtStatusToDosError
RtlMakeSelfRelativeSD
RtlInitUnicodeString
RtlDeleteResource
RtlValidSecurityDescriptor
RtlUpcaseUnicodeStringToOemString
RtlGetLastNtStatus
NtFsControlFile

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

I_NetDfsGetVersion
I_NetServerSetServiceBits
I_NetServerSetServiceBitsEx
LocalAliasGet
LocalFileClose
LocalFileEnum
LocalFileEnumEx
LocalFileGetInfo
LocalFileGetInfoEx
LocalSessionDel
LocalSessionEnum
LocalSessionEnumEx
LocalSessionGetInfo
LocalSessionGetInfoEx
LocalShareAdd
LocalShareDelEx
LocalShareEnum
LocalShareEnumEx
LocalShareGetInfo
LocalShareGetInfoEx
LocalShareSetInfo
NetConnectionEnum
NetFileClose
NetFileEnum
NetFileGetInfo
NetRemoteTOD
NetServerAliasAdd
NetServerAliasDel
NetServerAliasEnum
NetServerComputerNameAdd
NetServerComputerNameDel
NetServerDiskEnum
NetServerGetInfo
NetServerSetInfo
NetServerStatisticsGet
NetServerTransportAdd
NetServerTransportAddEx
NetServerTransportDel
NetServerTransportEnum
NetSessionDel
NetSessionEnum
NetSessionGetInfo
NetShareAdd
NetShareCheck
NetShareDel
NetShareDelEx
NetShareDelSticky
NetShareEnum
NetShareEnumSticky
NetShareGetInfo
NetShareSetInfo
NetpsNameCanonicalize
NetpsNameCompare
NetpsNameValidate
NetpsPathCanonicalize
NetpsPathCompare
NetpsPathType

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21aa46d83dab21d64610212aa041e81b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

oleaut32

mpr

wevtapi

api-ms-win-core-com-l1-1-0

srvcli

netutils

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 484B

2e7e2df887f50f8336dc205fc6e1345b

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

oleaut32

bcp47langs

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-localization-l1-2-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-heap-l2-1-0

rpcrt4

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-localization-l2-1-0

api-ms-win-security-sddl-l1-1-0

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 484B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 728KB - Virtual size: 728KB

.data
Size: 35KB - Virtual size: 48KB

.pdata
Size: 88KB - Virtual size: 87KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 749KB - Virtual size: 748KB

.reloc
Size: 21KB - Virtual size: 20KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3
Signer

09-09-2022 12:41
Valid: false