4da3379fd11fa0e2e008fd471d350f149ce0348c114a6f7887d210d11ecf7dbc

Sharing

Copy URL Twitter E-mail

General

Target

4da3379fd11fa0e2e008fd471d350f149ce0348c114a6f7887d210d11ecf7dbc
Size

1.6MB
MD5

24701d94ba6fb7a6cdfff8b5a4c783e7
SHA1

76a10b52e8f91633a6430f1e4d56ff550668c09a
SHA256

4da3379fd11fa0e2e008fd471d350f149ce0348c114a6f7887d210d11ecf7dbc
SHA512

1388e9959173e1e919469a7929794bd8fe87a2ad14a22384278b0a3de744a15b6fa2f6f784214119535175fca226f8980876064dce0beccb1f29122f0bb9f470
SSDEEP

49152:UAPX3UsZhtuGFV8nlak++PLVZqG98+yz98xiNK3/OefR/D:l3UArVF5h+PLVZqG98+yzWiYG0

Score

N/A

Malware Config

Signatures

Files

4da3379fd11fa0e2e008fd471d350f149ce0348c114a6f7887d210d11ecf7dbc
.rar
SMBHelperClass.dll
.dll regsvr32 windows x64

21aa46d83dab21d64610212aa041e81b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

towlower
wcscat_s
wcscpy_s
vswprintf_s
_wcsnicmp
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
_itow_s
??1exception@@UEAA@XZ
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_errno
realloc
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
toupper
_lock
_unlock
__dllonexit
_onexit
memmove
memcpy
_vscwprintf
_vsnwprintf
wcsncmp
memset

ntdll

RtlVirtualUnwind
RtlInitUnicodeString
NtOpenFile
NtFsControlFile
NtClose
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
ReleaseSRWLockExclusive
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
GetModuleFileNameA
ReleaseMutex
CreateMutexW
GetCurrentProcessId
HeapReAlloc
AcquireSRWLockExclusive
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
CloseHandle
GetCurrentThread
CreateThread
WaitForSingleObjectEx
WaitForSingleObject
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize

user32

CharNextW
UnregisterClassA
LoadStringW

advapi32

GetTokenInformation
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
LookupAccountSidW
RegCloseKey
EventWriteTransfer
OpenThreadToken
EventActivityIdControl
ImpersonateLoggedOnUser
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

oleaut32

SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
LoadTypeLi
SysFreeString

mpr

WNetCancelConnection2W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetUserW

wevtapi

EvtNext
EvtClose
EvtRender
EvtQuery
EvtCreateRenderContext

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
StringFromGUID2

srvcli

NetShareEnum

netutils

NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmiEngine.dll
.dll regsvr32 windows x64

c97b3bc309ed3c8609f93ff52fecddb6

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3
Signer

Actual PE Digest

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
iswalpha
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_lock
iswdigit
memset
memmove
_vsnwprintf
memcpy
memcmp
__RTDynamicCast
_CxxThrowException
__C_specific_handler
_itow
_initterm
_amsg_exit
wcschr
_XcptFilter
memcpy_s
_wcsicmp
iswspace
wcsncmp
wcsstr
wcsrchr
_snprintf_s
strncmp
_purecall
towlower
malloc
towupper
_ui64tow
free
_wgetenv
wcstoul
_ultow
strcpy_s
_i64tow
_ltow
_wcsnicmp
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtQueryValueKey
NtQuerySecurityObject
NtCreateKey
NtDeleteValueKey
NtSetSecurityObject
NtEnumerateValueKey
RtlStringFromGUID
RtlNtStatusToDosError
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtYieldExecution
RtlTimeToTimeFields
NtWriteFile
LdrGetDllHandle
RtlQueryEnvironmentVariable_U
NtCreateFile
DbgPrint
RtlVirtualUnwind
NtEnumerateKey
NtDeleteKey
NtQueryKey
NtUnloadKey
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
NtLoadKey2
NtSetValueKey
NtOpenKey
NtClose
RtlRaiseStatus
RtlFreeHeap
RtlCopyUnicodeString
RtlUpcaseUnicodeChar
RtlInitString
RtlAppendUnicodeStringToString
RtlInitializeCriticalSection
RtlReAllocateHeap
RtlAllocateHeap
RtlDeleteCriticalSection
RtlCreateUnicodeStringFromAsciiz

rpcrt4

UuidCreate

oleaut32

SysAllocStringLen
LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
SysFreeString
SafeArrayGetElement
SafeArrayGetDim
SafeArrayRedim
SysAllocStringByteLen
SafeArrayGetUBound
GetErrorInfo
SafeArrayPutElement
VariantClear
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantChangeType
SafeArrayDestroy
VariantInit
SafeArrayGetLBound

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleA
LoadStringW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegEnumValueW
RegCreateKeyExW
RegDeleteKeyExW
RegEnumKeyExW
RegSetValueExW
RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExA

api-ms-win-core-file-l1-1-0

DeleteFileW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
GetTokenInformation
GetSecurityDescriptorControl
GetLengthSid
GetSecurityDescriptorGroup
CopySid
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

Exports

Exports

ConstructHiveLocation
ConstructRegLocation
CreateLalInstance
CreateSettingsEnginePriv
CreateWcmEngineCore
DeleteCompilerObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCompilerObject
GetItemFromCoreObject
SetLalCreator

Sections

.text
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SndVol.exe
.exe windows x64

c9f852c96b7c3a52c280eb97d52da386

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:4c:30:46:9d:91:33:f1:ff:35:d7:53:ee:b1:d3:1a:e1:df:dc:74:2c:50:8c:1a:39:34:0e:22:81:80:9d:0d
Signer

Actual PE Digest

c0:4c:30:46:9d:91:33:f1:ff:35:d7:53:ee:b1:d3:1a:e1:df:dc:74:2c:50:8c:1a:39:34:0e:22:81:80:9d:0d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

CreateFontIndirectW
CreateDIBSection
GetDeviceCaps
Rectangle
DeleteDC
GetObjectW
EndPath
BitBlt
Polygon
GetStockObject
DeleteObject
PathToRegion
SetBkMode
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
CreateSolidBrush
CreateCompatibleDC
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree

user32

TrackPopupMenuEx
GetMenuItemInfoW
DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
GetWindowTextW
GetScrollPos
SetScrollInfo
BeginDeferWindowPos
SetDlgItemTextW
EndDeferWindowPos
IsImmersiveProcess
GetIconInfoExW
SendDlgItemMessageW
InternalGetWindowText
GetWindow
IsWindowVisible
EnumWindows
GetClassLongPtrW
CheckMenuRadioItem
SetClassLongW
GetClassLongW
DrawEdge
SetWindowLongPtrW
InsertMenuItemW
CreatePopupMenu
GetSystemMetrics
InflateRect
GetWindowLongPtrW
SetWindowTextW
LoadStringW
SetFocus
GetWindowRect
SetWindowPos
MapWindowPoints
PrivateExtractIconsW
ValidateRect
FrameRect
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
ClientToScreen
EqualRect
GetClientRect
ShowWindow
GetDlgItem
IsWindow
GetWindowLongW
SetWindowLongW
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
UnregisterClassA
GhostWindowFromHungWindow
GetWindowBand
ord2575
GetMenuItemCount
ReleaseDC
DrawTextW
GetWindowTextLengthW
GetDC
DefWindowProcW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DialogBoxParamW
GetActiveWindow
SetProcessDefaultLayout
SetProcessDPIAware
CallWindowProcW
SendMessageW
FindWindowW
SetForegroundWindow
PostMessageW
BringWindowToTop
DeferWindowPos

msvcrt

__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_isnan
wcsstr
calloc
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
free
malloc
__C_specific_handler
iswspace
swprintf_s
wcstol
_wtoi
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcpy
__CxxFrameHandler3
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
memset

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

comctl32

ord381
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_CoCreateInstance
ImageList_Remove
ord17

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleObjects
PropVariantClear
CoAllowSetForegroundWindow

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shell32

SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdipCreateFromHDC
GdipDeleteBrush
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipCreateSolidFill
GdipFillRectangle
GdipDeleteGraphics
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdiplusStartup

ntdll

EtwEventRegister
EtwEventUnregister
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventActivityIdControl
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwEventWriteTransfer
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW

uxtheme

DrawThemeBackground
OpenThemeData
IsThemeActive
SetWindowTheme
DrawThemeText
DrawThemeParentBackgroundEx
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeTextExtent
CloseThemeData
BufferedPaintUnInit
BufferedPaintInit

dwmapi

DwmIsCompositionEnabled
DwmRegisterThumbnail
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize
DwmSetWindowAttribute

shlwapi

PathParseIconLocationW
PathFindFileNameW
ord487
StrTrimW
PathFindExtensionW
ord348

imm32

ImmDisableIME

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
FreeLibrary
SizeofResource
FreeResource
GetModuleHandleExW
LockResource
LoadResource
GetModuleFileNameA
FindResourceExW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
CreateEventExW
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapSetInformation
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
CreateProcessW
GetCurrentProcess
SetThreadPriority
GetCurrentThreadId
GetExitCodeProcess
CreateThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-processthreads-l1-1-1

OpenProcess
FlushInstructionCache

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SndVolSSO.dll
.dll windows x64

428c289f9c0333338984482d87c72f8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_aligned_free
_aligned_malloc
_CxxThrowException
_set_errno
_get_errno
__CxxFrameHandler3
memcpy
memcmp
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
swprintf_s
_scwprintf
memmove_s
_purecall
_wcsnicmp
_resetstkoflw
rand
srand
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
floorf
sinf

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleExW
LockResource
LoadLibraryExW
LoadStringW
GetModuleHandleW
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
FreeLibraryAndExitThread
GetProcAddress
SizeofResource

api-ms-win-core-synch-l1-1-0

OpenEventW
InitializeCriticalSectionEx
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
EnterCriticalSection
SetEvent
OpenSemaphoreW
InitializeSRWLock
CreateEventExW
InitializeCriticalSection
LeaveCriticalSection
CreateMutexW
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapSize
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
TerminateProcess
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoGetMalloc
StringFromCLSID
CoInitializeEx
CoUninitialize
CoGetApartmentType
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetVersionExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwEventWriteTransfer
NtQueryWnfStateData
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

mmdevapi

ord28
ord29

ole32

CoAllowSetForegroundWindow

user32

GetMenuInfo
SetPropW
SetMenuInfo
RemovePropW
GetCurrentInputMessageSource
SystemParametersInfoW
GetDpiForWindow
GetParent
DrawTextExW
GetWindowDpiAwarenessContext
GetDpiForSystem
GetWindowLongW
GetPropW
SetMessageExtraInfo
GetDC
MonitorFromWindow
AreDpiAwarenessContextsEqual
WindowFromPoint
FindWindowW
GetMessageExtraInfo
ReleaseDC
GetWindowBand
SetForegroundWindow
GetMenuItemInfoW
GetSystemMetricsForDpi
DrawIconEx
DrawTextW
SetWindowLongW
GetClassNameW
PostMessageW
PrivateExtractIconsW
LoadIconW
LoadImageW
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DestroyIcon
IsWindow
BringWindowToTop
SendMessageW
CallWindowProcW
SetWindowLongPtrW
DefWindowProcW
KillTimer
SetTimer
SetMenuItemInfoW
AppendMenuW
TrackPopupMenuEx
SendNotifyMessageW
DeleteMenu
EnableMenuItem
GetSubMenu
LoadMenuW
GetMonitorInfoW
MonitorFromPoint
GetWindowLongPtrW
RegisterWindowMessageW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

shcore

SHTaskPoolQueueTask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

gdi32

SetStretchBltMode
SetTextColor
DeleteDC
StretchBlt
GdiAlphaBlend
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetCurrentObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetBkMode
ExcludeClipRect
GetObjectW

uxtheme

OpenThemeData
GetThemeColor
DrawThemeBackground
GetThemeFont
CloseThemeData
DrawThemeTextEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SnippingTool.exe
.exe windows x64

2ffb3f1a15c731516339c4020f75e1c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

kernel32

SetEvent
CreateEventExW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
LocalFree
OpenSemaphoreW
WaitForSingleObject
SetLastError
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseMutex
lstrlenA
MultiByteToWideChar
lstrlenW
GlobalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetSystemDefaultUILanguage
Sleep
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
GetLastError
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
ExpandEnvironmentStringsW
LoadLibraryW
FreeLibrary
GetTempPathW
DeleteFileW
HeapSetInformation
CompareStringA
RegisterApplicationRestart
MulDiv
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceExW

gdi32

CreatePen
SetLayout
CreateDIBSection
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
PatBlt
EndDoc
EndPage
CreateCompatibleDC
StretchBlt
StartPage
SetStretchBltMode
SetBrushOrgEx
StartDocW
DeleteDC
FillRgn
OffsetRgn
CreatePolygonRgn
GetTextMetricsW
SelectClipRgn
GetClipRgn
GetLayout
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
DeleteObject
SelectObject
Rectangle
GetStockObject
CombineRgn
CreateRectRgn
CreateRectRgnIndirect

user32

GetDesktopWindow
IsZoomed
DestroyWindow
RegisterHotKey
AdjustWindowRectExForDpi
CreateWindowExW
LoadStringW
SetWindowTextW
TranslateAcceleratorW
CheckMenuRadioItem
PeekMessageW
DestroyMenu
GetWindowLongW
DestroyIcon
UnregisterHotKey
GetWindowRgnBox
OffsetRect
DrawIconEx
SetClipboardData
GetIconInfo
SetCursor
GetSystemMetricsForDpi
MonitorFromRect
GetMonitorInfoW
CopyRect
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadMenuW
GetSubMenu
RemoveMenu
SetFocus
SetThreadDpiAwarenessContext
GetKeyState
GetScrollInfo
SetScrollInfo
SetTimer
CheckDlgButton
GetCursorPos
WindowFromPoint
ScreenToClient
SetCursorPos
MapWindowPoints
LoadIconW
GetProcessDefaultLayout
TrackPopupMenuEx
MonitorFromWindow
SystemParametersInfoW
LoadImageW
IsDlgButtonChecked
GetComboBoxInfo
GetClientRect
UnregisterClassA
EmptyClipboard
OpenClipboard
CloseClipboard
DrawFocusRect
DrawTextW
SetRect
LogicalToPhysicalPoint
IsIconic
InflateRect
FillRect
SendMessageW
EndDialog
GetDlgItem
GetWindowRect
GetCursorInfo
GetDC
OpenIcon
MessageBoxW
GetWindow
PtInRect
GetSysColor
DestroyCursor
EnumDisplayMonitors
SetWindowPos
PostMessageW
GetDpiForWindow
GetDpiForSystem
PostQuitMessage
DialogBoxParamW
DispatchMessageW
TranslateMessage
GetMessageW
LoadAcceleratorsW
GetParent
KillTimer
GetClassNameW
IntersectRect
SetPropW
GetPropW
InvalidateRect
UnionRect
ReleaseCapture
SetCapture
EndPaint
BeginPaint
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
RegisterClassW
SetClassLongPtrW
LoadCursorW
ReleaseDC
ShowWindow
IsWindowVisible
FindWindowW
GetSystemMetrics
CallWindowProcW
SetForegroundWindow

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsspn
wcscspn
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
_CxxThrowException
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__exit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
_o___p__commode
strstr
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__crt_atexit
memcpy
memmove

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
EtwTraceMessage
WinSqmIncrementDWORD
WinSqmIsOptedIn
RtlVirtualUnwind

gdiplus

GdipDrawCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFontFamilyFromName
GdipCreateCachedBitmap
GdipCreateBitmapFromResource
GdipSaveImageToStream
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteCachedBitmap
GdipCreateFromHWND
GdipSetStringFormatTrimming
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFromLogfontW
GdipDeleteFontFamily
GdipDeleteFont
GdipDrawString
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDeleteStringFormat
GdipDisposeImage
GdipSaveImageToFile
GdipFillEllipseI
GdipSetSmoothingMode
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipCloneImage

comctl32

ImageList_Destroy
ImageList_Create
ord345
ImageList_Add
ord381
InitCommonControlsEx

comdlg32

PrintDlgExW

shlwapi

PathRemoveExtensionW
UrlCreateFromPathW
PathFindExtensionW
PathIsURLW
StrChrW
PathFindFileNameW
ord487

shell32

SHCreateItemInKnownFolder
ShellAboutW
ShellExecuteW
ord75

ole32

CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoCreateInstance
StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateGuid

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
VarBstrCat
SysAllocStringLen
SysAllocString

uxtheme

GetThemeSysColor
GetThemeSysFont

oleacc

AccessibleObjectFromWindow

dwmapi

DwmGetWindowAttribute

msdrm

DRMIsWindowProtected

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-path-l1-1-0

PathAllocCombine

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-synch-l1-1-0

ResetEvent
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-heap-l2-1-0

LocalAlloc

ext-ms-win-uxtheme-themes-l1-1-0

ord96
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference

api-ms-win-crt-math-l1-1-0

floorf
fmodf
ceilf

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shwebsvc.dll
.dll windows x64

8b468b302a0fe8a20dfdb89935efa866

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
_resetstkoflw
__C_specific_handler
memcpy_s
memcpy
memset

atl

ord30

shell32

ord190
ord17
ord21
ord23
SHGetPathFromIDListW
SHBrowseForFolderW
ord747
SHGetKnownFolderPath
ord165
ord71
ShellExecuteW
SHGetFileInfoW
SHGetIDListFromObject
SHBindToParent
ord155
ord100
ord18
SHBindToObject
SHGetFolderPathAndSubDirW
SHParseDisplayName
SHGetSpecialFolderLocation
ord25
SHBindToFolderIDListParentEx
ord75
SHGetSpecialFolderPathW
SHCreateItemFromIDList
Shell_GetCachedImageIndexW
CommandLineToArgvW
ord258
ShellExecuteExW

shlwapi

ord199
ord16
ord158
ord154
StrToIntExW
ord176
SHStrDupW
ord165
ord388
ord12
ord168
UrlCombineW
AssocQueryStringW
PathMatchSpecW
PathAppendW
PathFileExistsW
ord471
SHDeleteKeyW
SHSetValueW
ord487
PathParseIconLocationW
SHGetValueW
PathRenameExtensionW
StrDupW
PathFindExtensionW
PathRemoveFileSpecW
StrChrW
AssocGetPerceivedType
PathCombineW
PathFindFileNameW
ord476
UrlGetPartW
StrCmpIW
PathGetDriveNumberW
UrlIsW
PathIsURLW
ord174
ord219
ord2
PathSkipRootW
PathIsUNCW
StrRetToBufW
StrCmpNIW
ord630
PathIsUNCServerW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
LoadStringW
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
LoadResource
GetModuleFileNameA
LockResource

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateMutexW
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetGeoInfoW
GetLocaleInfoW
GetUserGeoID
GetSystemDefaultLCID
GetUserDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SetErrorInfo
LoadTypeLi
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
LoadRegTypeLi
VariantClear

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
StringFromCLSID
CoCreateGuid
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

mpr

WNetGetConnectionW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

kernel32

QueryActCtxW
GetUserDefaultUILanguage
lstrlenW
lstrcmpiW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
lstrcmpW

ole32

OleInitialize
OleUninitialize
CreateBindCtx
CoInitialize

propsys

PSCreateMemoryPropertyStore
PSPropertyBag_WriteStr
VariantToString

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW
CreateURLMoniker

uxtheme

SetWindowTheme

wininet

InternetCreateUrlW
InternetGoOnlineW
InternetCrackUrlW

gdi32

DeleteObject
SelectObject

user32

SetTimer
GetSystemMetrics
KillTimer
LoadMenuW
SetWindowLongPtrW
GetSubMenu
GetWindowLongPtrW
SetMenuDefaultItem
SendMessageW
GetParent
RegisterClipboardFormatW
SetWindowTextW
SetDlgItemTextW
EnableMenuItem
PostMessageW
TrackPopupMenu
DestroyMenu
GetDlgCtrlID
LoadImageW
SystemParametersInfoW
GetWindowLongW
EndDialog
CheckDlgButton
IsDlgButtonChecked
SetProcessDPIAware
GetDlgItemTextW
CreateWindowExW
GetWindowTextW
MessageBoxW
GetDC
SendDlgItemMessageW
SetFocus
GetClientRect
GetDlgItem
DrawTextExW
LoadCursorW
SetCursor
DispatchMessageW
TranslateMessage
SetWindowPos
ReleaseDC
GetWindowRect
MapWindowPoints
PeekMessageW
EnableWindow
MsgWaitForMultipleObjects
MapDialogRect
DestroyIcon
LoadIconW
ShowWindow
IsWindowVisible

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddNetPlaceRunDll
DllCanUnloadNow
DllGetClassObject
PublishRunDll

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
signdrv.dll
.dll regsvr32 windows x64

5e1eba32254e7c8ecec174c1797783b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc42u

ord2629
ord1122
ord2781
ord4601
ord4602
ord2846
ord2408
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1463
ord4598
ord659
ord1063
ord1479
ord4214
ord5980
ord1287
ord624
ord1126
ord1284
ord626
ord2842
ord1096
ord1040
ord620
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord2752
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord287
ord1426
ord6886
ord3916
ord6887
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
_wcsupr
wcsncpy_s
wcsncmp
wcschr
wcsstr
_wcslwr
free
wcsrchr
wcscpy_s
_wcsicmp
_purecall
__C_specific_handler
__CxxFrameHandler3
memset

atl

ord23
ord32
ord16
ord21
ord15

oleaut32

SysFreeString
VariantChangeType
VariantClear
SysAllocString
SysAllocStringLen

shlwapi

PathAppendW

wintrust

CryptCATAdminReleaseContext
IsCatalogFile
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle

setupapi

SetupOpenFileQueue
SetupDiOpenDeviceInfoW
SetupDiBuildDriverInfoList
SetupDiSetSelectedDriverW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupScanFileQueueW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Get_Child
CM_Get_Parent
CM_Get_Sibling
CM_Open_DevNode_Key
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoListExW
CM_Locate_DevNodeW
SetupCloseFileQueue

crypt32

CertFreeCertificateContext

user32

CharLowerBuffW

kernel32

ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
SetCurrentDirectoryW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
CreateFileW
LeaveCriticalSection
GetLastError
CloseHandle
GetVersionExW
GetFullPathNameW
HeapAlloc
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
SetLastError
GetPrivateProfileStringW
LocalAlloc
LocalFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetFileAttributesExW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapFree
GetCurrentDirectoryW
RtlLookupFunctionEntry

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simauth.dll
.dll windows x64

bd9e7dd37dc158f5e77121233aff3683

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??1type_info@@UEAA@XZ
_callnewh
_onexit
__dllonexit
malloc
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
?terminate@@YAXXZ
_CxxThrowException
_strnicmp
memcpy_s
_wcsicmp
_purecall
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

ws2_32

htonl
htons
ntohs

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

ntdll

NtPowerInformation
WinSqmSetDWORD
RtlNtStatusToDosError

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
LeaveCriticalSection

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetInfo

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simcfg.dll
.dll windows x64

672582d33f25cdc7cc7b2d275d4ff340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
free
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
memmove
_callnewh
malloc
wcscpy_s
_initterm
_beginthreadex
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
_lock
??1exception@@UEAA@XZ
memcpy
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_endthreadex
memcmp
_purecall
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_snwprintf_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
WinSqmSetDWORD

oleaut32

VariantInit
SysAllocStringByteLen
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SysStringByteLen
SysFreeString
SafeArrayGetLBound

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
StringFromIID
CoUninitialize
IIDFromString
CoInitializeEx

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ResetEvent
CreateEventW
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

EapPeerConfigBlob2Xml
EapPeerConfigXml2Blob
EapPeerCredentialsXml2Blob
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetConfigBlobAndUserBlob
EapPeerGetIdentityPageGuid
EapPeerInvokeConfigUI
EapPeerInvokeIdentityUI
EapPeerInvokeInteractiveUI
InternalFunction01
InternalFunction02

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpdata.tlb
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
slc.dll
.dll windows x64

40361d3c7e0f5584bfb571747db802d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
__dllonexit
_amsg_exit
_unlock
_XcptFilter
wcschr
_onexit
memset
_lock
memmove
memcpy
wcscmp

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

RtlGetProductInfo

sppc

SLRegisterEvent
SLGetProductSkuInformation
SLClose
SLReArm
SLOpen
SLUnregisterEvent
SLGetLicensingStatusInformation

Exports

Exports

SLClose
SLConsumeRight
SLConsumeWindowsRight
SLDepositOfflineConfirmationId
SLDepositOfflineConfirmationIdEx
SLFireEvent
SLGenerateOfflineInstallationId
SLGenerateOfflineInstallationIdEx
SLGetApplicationInformation
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformation
SLGetWindowsInformationDWORD
SLInstallLicense
SLInstallProofOfPurchase
SLIsWindowsGenuineLocal
SLOpen
SLReArmWindows
SLRegisterEvent
SLRegisterWindowsEvent
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUnregisterEvent
SLUnregisterWindowsEvent
SLpCheckProductKey
SLpGetGenuineLocal
SLpUpdateComponentTokens

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sleep.exe
.exe windows x64

58cf8fa884b511855589b3ab07a6714c

Code Sign

64:3d:72:39:23:fd:97:95:42:05:b8:28:c9:0e:27:1c
Certificate

Issuer

CN=Root Agency

Not Before

06/05/2010, 11:53

Not After

31/12/2039, 23:59

Subject

CN=Galapo

b2:f8:31:c4:ce:c7:98:12:5b:6a:09:56:ac:c7:54:be:46:bc:a5:d4
Signer

Actual PE Digest

b2:f8:31:c4:ce:c7:98:12:5b:6a:09:56:ac:c7:54:be:46:bc:a5:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Galapo

09/09/2022, 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalMemoryStatus
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetLastError
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapAlloc
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smbwmiv2.dll
.dll regsvr32 windows x64

571d6bb44a76768b8e9bbbcfff97a02a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcschr
memcpy_s
_vsnwprintf
wcsncpy_s
wcsncat_s
qsort
wcsncmp
_XcptFilter
_amsg_exit
_wcsicmp
malloc
_initterm
__C_specific_handler
free
swprintf_s
wcscat_s
memset

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryAcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

AccessCheck
EqualSid
AllocateAndInitializeSid
DeleteAce
DuplicateTokenEx
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetAce
ImpersonateLoggedOnUser
AddAce
AddAccessAllowedAce
FreeSid
AddAccessDeniedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
MakeSelfRelativeSD
AdjustTokenPrivileges
InitializeAcl
MakeAbsoluteSD

srvcli

LocalShareGetInfoEx
LocalShareDelEx
LocalShareAdd
LocalShareSetInfo
LocalShareEnumEx
LocalFileGetInfoEx
LocalFileEnumEx
LocalSessionEnumEx
LocalSessionGetInfoEx
LocalSessionDel
LocalFileClose

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetVolumePathNameW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumValueW

mpr

WNetCancelConnection2W
WNetOpenEnumW
WNetCloseEnum
WNetAddConnection2W
WNetGetConnectionW
WNetEnumResourceW

wkscli

NetUseGetInfo
NetUseAdd
NetUseDel
NetUseEnum
NetWkstaUserGetInfo

samcli

NetUserGetInfo

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToIndex
ConvertInterfaceAliasToLuid
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

ntdll

RtlInt64ToUnicodeString
RtlGetNtProductType
RtlIpv4AddressToStringExW
RtlInitUnicodeString
NtClose
NtFsControlFile
NtCreateEvent
RtlNtStatusToDosError
RtlVerifyVersionInfo
NtWaitForSingleObject
NtOpenFile
RtlIpv6AddressToStringExW
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthRequiredSid
WinSqmIncrementDWORD
RtlCompareUnicodeString
RtlGUIDFromString
RtlFreeUnicodeString
RtlStringFromGUID
RtlLengthSecurityDescriptor
NtCreateFile

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smphost.dll
.dll windows x64

61b5b04191e2be151288527aaca938b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

malloc
_amsg_exit
_initterm
__C_specific_handler
_XcptFilter
free
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

mi

MI_Application_InitializeV1

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smss.exe
.exe windows x64

bc32b6662261de8469d6eb034c62a6a5

Code Sign

33:00:00:01:af:fa:e1:65:62:04:14:26:77:00:00:00:00:01:af
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/06/2018, 18:57

Not After

29/05/2019, 18:57

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:3e:f4:70:8c:e2:d7:42:73:81:46:67:36:95:c6:f7:b9:98:bd:27:a6:c1:19:57:67:34:1c:54:67:25:21:3e
Signer

Actual PE Digest

bc:3e:f4:70:8c:e2:d7:42:73:81:46:67:36:95:c6:f7:b9:98:bd:27:a6:c1:19:57:67:34:1c:54:67:25:21:3e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlComputeCrc32
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtClose
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlGetNtSystemRoot
NtOpenKey
RtlGetVersion
TpAllocTimer
TpSetTimer
RtlAllocateHeap
RtlFreeHeap
NtSetValueKey
RtlFreeUnicodeString
NtQueryValueKey
RtlPrefixUnicodeString
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlInitUnicodeStringEx
_vsnwprintf_s
NtCreatePagingFile
NtQueryLicenseValue
NtSetSystemInformation
RtlAppendUnicodeToString
RtlSecondsSince1970ToTime
qsort
NtSetInformationFile
NtQueryInformationFile
NtFsControlFile
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlCompareMemory
NtDeleteValueKey
NtFlushKey
NtUpdateWnfStateData
NtInitializeRegistry
RtlUnicodeStringToInteger
RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtSetSecurityObject
RtlExpandEnvironmentStrings_U
RtlDosPathNameToNtPathName_U
NtCreateFile
NtReadFile
NtCreateKey
NtAllocateVirtualMemory
NtWriteFile
EtwEventWriteTransfer
NtFreeVirtualMemory
RtlCreateUnicodeString
EtwEventWrite
EtwEventEnabled
_vsnwprintf
RtlCopyUnicodeString
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
RtlAdjustPrivilege
RtlFreeSid
RtlLengthSid
NtCreateMutant
RtlCreateTagHeap
NtSetInformationProcess
NtAlpcCreatePort
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
NtOpenEvent
RtlCreateEnvironment
RtlSetCurrentEnvironment
RtlQueryRegistryValuesEx
NtCreateDirectoryObject
RtlEqualUnicodeString
NtSerializeBoot
NtSetEvent
RtlQueryPerformanceFrequency
RtlQueryPerformanceCounter
NtResumeThread
NtWaitForSingleObject
NtTerminateProcess
RtlIsStateSeparationEnabled
TpAllocWork
TpPostWork
TpWaitForWork
TpReleaseWork
_wcsupr_s
NtOpenDirectoryObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlWow64IsWowGuestMachineSupported
NtCreateEvent
RtlRandomEx
qsort_s
LdrVerifyImageMatchesChecksumEx
RtlAppxIsFileOwnedByTrustedInstaller
NtQueryAttributesFile
NtQueryDirectoryFile
RtlDeleteRegistryValue
RtlWriteRegistryValue
_wcsicmp
RtlSetEnvironmentVariable
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
NtDuplicateObject
iswctype
RtlQueryEnvironmentVariable_U
RtlDosSearchPath_U
RtlTestBit
RtlInterlockedSetBitRun
RtlFindSetBits
RtlCreateProcessParametersEx
RtlCreateUserProcessEx
RtlDestroyProcessParameters
NtDisplayString
RtlAddProcessTrustLabelAce
RtlGetAce
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlTimeToTimeFields
NtDeleteFile
__C_specific_handler
RtlAcquireSRWLockExclusive
NtAlpcDisconnectPort
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtAlpcImpersonateClientOfPort
NtOpenThreadToken
NtQueryInformationToken
NtSetInformationThread
TpSetPoolMinThreads
RtlSetThreadIsCritical
AlpcInitializeMessageAttribute
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcCancelMessage
NtAlpcOpenSenderProcess
RtlInitializeSRWLock
NtAlpcAcceptConnectPort
NtConnectPort
NtRequestWaitReplyPort
RtlDeleteNoSplay
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
NtQueryInformationJobObject
NtAssignProcessToJobObject
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlGetCurrentServiceSessionId
NtDelayExecution
RtlSetHeapInformation
EtwEventSetInformation
EtwEventRegister
TpAllocPool
TpAllocAlpcCompletion
NtWaitForMultipleObjects
NtRaiseHardError
RtlInitializeConditionVariable
NtClearEvent
RtlUnicodeStringToAnsiString
NtQueryEvent
wcstoul
LdrQueryImageFileExecutionOptions
RtlAcquirePrivilege
RtlReleasePrivilege
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlCompareUnicodeStrings
memcpy
RtlNormalizeProcessParams
iswspace
RtlConnectToSm
RtlSendMsgToSm
NtQueryKey
NtDeleteKey
NtQuerySystemInformationEx
__chkstk
memset

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21aa46d83dab21d64610212aa041e81b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

oleaut32

mpr

wevtapi

api-ms-win-core-com-l1-1-0

srvcli

netutils

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 484B

c97b3bc309ed3c8609f93ff52fecddb6

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3Signer

Signature Validations

Verification

09/09/2022, 12:58 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

rpcrt4

oleaut32

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-stringansi-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

Exports

Exports

Sections

.text Size: 602KB - Virtual size: 601KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 8KB - Virtual size: 10KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 49KB - Virtual size: 48KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 484B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a0:69:89:3d:62:aa:e6:15:d8:c7:69:fa:0a:ae:6f:04:47:d3:9d:74:d4:55:dd:1a:6a:4f:23:7a:57:fe:e4:d3
Signer

09/09/2022, 12:58
Valid: false

.text
Size: 602KB - Virtual size: 601KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 8KB - Virtual size: 10KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 10KB - Virtual size: 10KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c0:4c:30:46:9d:91:33:f1:ff:35:d7:53:ee:b1:d3:1a:e1:df:dc:74:2c:50:8c:1a:39:34:0e:22:81:80:9d:0d
Signer

09/09/2022, 12:58
Valid: false

.text
Size: 129KB - Virtual size: 129KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 184B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 512B - Virtual size: 512B