918d50aa620c5800b8d408e5f74c16923087ce24cfe1b0fa6f8fa3d086754b2d

Sharing

Copy URL Twitter E-mail

General

Target

918d50aa620c5800b8d408e5f74c16923087ce24cfe1b0fa6f8fa3d086754b2d
Size

4.9MB
MD5

74053ca561343e0c2b73c9d7c6e1a0ed
SHA1

91fa60f75f21fb67bf1cc9e96c3eb9b044e47559
SHA256

918d50aa620c5800b8d408e5f74c16923087ce24cfe1b0fa6f8fa3d086754b2d
SHA512

7e2a9f3d284f4ad3a8fe51e2b60dd9fa9cf3fdda8507e0f31306e9134e968ac02eae05dab1e24bc699469371b4312c97ef28ca59b27dc7a50ac33cd71cc61fe2
SSDEEP

98304:Vw70GHHZ9JNpJI7oWuvq8KyGzq/rQUr/Kxcc94wlr6nuJ1buQl1676YoV:yIGT91lEUuchwlrDb6ToV

Score

N/A

Malware Config

Signatures

Files

918d50aa620c5800b8d408e5f74c16923087ce24cfe1b0fa6f8fa3d086754b2d
.rar
amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.17763.1_none_c06699b6767ea3f0/AtBroker.exe
.exe windows x64

587b1c3fd47818346fb8557408e17403

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
OpenServiceW
QueryServiceConfigW
EventUnregister
RegOpenKeyExW
CheckTokenMembership
UnregisterTraceGuids
RegisterTraceGuidsW
FreeSid
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
AllocateAndInitializeSid
OpenSCManagerW
EventRegister
CloseServiceHandle
EventWriteTransfer
RegCloseKey

kernel32

SizeofResource
ExpandEnvironmentStringsW
SetProcessShutdownParameters
LocalAlloc
GetCurrentThreadId
GetVersionExW
MultiByteToWideChar
Sleep
LockResource
CloseHandle
RaiseException
FindResourceExW
LoadResource
LocalFree
lstrcmpiW
OpenMutexW
UnhandledExceptionFilter
IsProcessInJob
OpenJobObjectW
IsDebuggerPresent
DebugBreak
CreateMutexExW
GetProcAddress
OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
OutputDebugStringW
FormatMessageW
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
InitOnceBeginInitialize
GetModuleFileNameA
RegEnumValueW
RegDeleteTreeW
K32GetModuleBaseNameW
K32EnumProcessModules
ProcessIdToSessionId
K32EnumProcesses
RegLoadMUIStringW
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
ReleaseMutex
GetLastError
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter

user32

GetThreadDesktop
SystemParametersInfoW
SendNotifyMessageW
SetDesktopColorTransform
GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendInput
UnregisterClassA
GetUserObjectInformationW

msvcrt

_ltow_s
_wcslwr_s
wcscspn
?terminate@@YAXXZ
_onexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
memmove_s
__C_specific_handler
malloc
free
wcscpy_s
_wcsicmp
memcpy_s
_callnewh
??1type_info@@UEAA@XZ
memset
__dllonexit
__CxxFrameHandler3
_wtoi
wcsrchr
_vsnwprintf
wcsspn
wcscmp

ntdll

RtlVirtualUnwind
RtlCaptureContext
WinSqmAddToStream
NtQueryWnfStateData
WinSqmIsOptedIn
RtlLookupFunctionEntry

shell32

ShellExecuteW

shlwapi

ord460
PathFileExistsW

uxtheme

ord65

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-atl.resources_31bf3856ad364e35_10.0.17763.1_en-us_8fc0814c5b356a60/atl.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-atl_31bf3856ad364e35_10.0.17763.1_none_9be629abb1dbd8e3/atl.dll
.dll regsvr32 windows x64

75fe4d242cdb81c8fd19f8165a4d313d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
_amsg_exit
_callnewh
wcscat_s
realloc
free
_XcptFilter
wcscpy_s
malloc
__C_specific_handler
memcpy
memcmp
memset

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
Sleep
InterlockedPopEntrySList
GetACP
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
DecodePointer
HeapAlloc
WaitForSingleObject
EncodePointer
FormatMessageW
HeapDestroy
GetModuleFileNameW
GetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
lstrcpyW
RaiseException
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcess
VirtualFree
HeapFree
CreateFileW
GetFileSize
ReadFile
CloseHandle
SetUnhandledExceptionFilter
TerminateProcess
FindResourceExW
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
QueryPerformanceCounter
SetLastError
GetCurrentProcessId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTickCount
RtlVirtualUnwind
ResolveDelayLoadedAPI
DelayLoadFailureHook
FindResourceA
FreeResource
lstrcmpW
GlobalHandle
GlobalFree
LockResource
LoadResource
FindResourceW
LoadLibraryExA
GlobalUnlock
GlobalLock
GlobalAlloc

user32

InvalidateRect
InvalidateRgn
GetDlgItem
SendMessageW
SetCapture
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ReleaseCapture
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
SetWindowPos
SetWindowLongW
GetWindowLongW
DialogBoxIndirectParamW
GetClassNameW
GetParent
IsWindow
RedrawWindow
DialogBoxIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
RegisterWindowMessageW
EndPaint
CallWindowProcW
DestroyWindow
FillRect
CreateWindowExW
GetClientRect
BeginPaint
GetWindow
SetFocus
GetFocus
IsChild
GetSysColor
CharPrevW
UnregisterClassW
ReleaseDC
GetDC
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CharNextW
CreateAcceleratorTableW

gdi32

GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
GetStockObject

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_GetSizeMax
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlSetErrorInfo2
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-attrib.resources_31bf3856ad364e35_10.0.17763.1_en-us_d19daa9f3eafae5d/attrib.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-attrib_31bf3856ad364e35_10.0.17763.1_none_a3540496e45dec0c/attrib.exe
.exe windows x64

2cb38fe7d8f223d9da50b7cba9b95a6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ulib

??0CLASS_DESCRIPTOR@@QEAA@XZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBD@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??1FSN_FILTER@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?WorkOnReparsePoint@FSNODE@@QEAAEE@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Initialize@FSN_FILTER@@QEAAEXZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??1OBJECT@@UEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??0FSN_FILTER@@QEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
??1DSTRING@@UEAA@XZ

api-ms-win-core-heap-l1-1-0

HeapSetInformation

ntdll

RtlAllocateHeap
RtlFreeHeap

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
swprintf_s

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.17763.1_none_119ac57451f1ccfe/imaadp32.acm
.dll windows x64

e9c61f993c775f67ec407a47a8955d31

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:41:e7:15:3e:c4:54:88:36:f4:b1:c4:f6:f1:26:45:b9:8a:73:45:18:96:56:82:1e:33:89:97:98:11:b9:9b
Signer

Actual PE Digest

1a:41:e7:15:3e:c4:54:88:36:f4:b1:c4:f6:f1:26:45:b9:8a:73:45:18:96:56:82:1e:33:89:97:98:11:b9:9b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
_initterm
__C_specific_handler
_vsnwprintf
malloc
free
_amsg_exit
_XcptFilter
memset

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalHandle

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-mm-misc-l1-1-0

DefDriverProc
GetDriverModuleHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DriverProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.17763.1_none_119ac57451f1ccfe/msadp32.acm
.dll windows x64

515dc1b589909875586edd279429ab28

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:d0:82:20:56:d4:2d:50:74:55:d3:ab:66:93:89:81:95:ba:40:b8:93:d2:d5:44:93:19:fe:dd:e4:bc:14:d9
Signer

Actual PE Digest

ac:d0:82:20:56:d4:2d:50:74:55:d3:ab:66:93:89:81:95:ba:40:b8:93:d2:d5:44:93:19:fe:dd:e4:bc:14:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
__C_specific_handler
_XcptFilter
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-mm-misc-l1-1-0

GetDriverModuleHandle
DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.17763.1_none_119ac57451f1ccfe/msg711.acm
.dll windows x64

515dc1b589909875586edd279429ab28

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:1a:6c:9f:3e:dc:f7:1c:22:2d:42:f9:b6:d3:23:5f:29:49:ef:de:10:4e:1d:9d:af:c5:95:e8:e9:63:69:35
Signer

Actual PE Digest

9b:1a:6c:9f:3e:dc:f7:1c:22:2d:42:f9:b6:d3:23:5f:29:49:ef:de:10:4e:1d:9d:af:c5:95:e8:e9:63:69:35

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
__C_specific_handler
_XcptFilter
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-mm-misc-l1-1-0

GetDriverModuleHandle
DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.17763.1_none_119ac57451f1ccfe/msgsm32.acm
.dll windows x64

c29ccab2ec6aa549d49d16874bccb284

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:83:cf:55:63:26:2e:58:8b:95:72:ea:47:73:93:91:31:84:2c:e6:ab:71:3f:23:93:f2:10:8f:b8:94:ec:76
Signer

Actual PE Digest

2d:83:cf:55:63:26:2e:58:8b:95:72:ea:47:73:93:91:31:84:2c:e6:ab:71:3f:23:93:f2:10:8f:b8:94:ec:76

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
_vsnwprintf
malloc
free
_amsg_exit
_XcptFilter
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc
GlobalFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-mm-misc-l1-1-0

DefDriverProc
GetDriverModuleHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DriverProc

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/AUDIOKSE.dll
.dll regsvr32 windows x64

55fc110c615a7b00274e550912b6faea

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:10:8c:35:73:69:6e:4d:1b:f3:5d:57:99:8b:60:f5:4e:f8:11:c3:0c:13:74:cb:80:91:58:13:59:5c:94:c2
Signer

Actual PE Digest

43:10:8c:35:73:69:6e:4d:1b:f3:5d:57:99:8b:60:f5:4e:f8:11:c3:0c:13:74:cb:80:91:58:13:59:5c:94:c2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
memcmp
log10f
pow
strcmp
realloc
_errno
_CxxThrowException
_onexit
__dllonexit
_wfopen
_unlock
feof
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
fread
_wtol
_wcslwr
??1type_info@@UEAA@XZ
wcsstr
__CxxFrameHandler3
wcsrchr
_resetstkoflw
_purecall
wcscat_s
wcscpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
memset
wcsnlen
strnlen
fclose
fseek
tolower
_strnicmp
strncmp
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlGetPersistedStateLocation
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside
RtlVirtualUnwind
RtlLockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
NtQueryInformationProcess
RtlAllocateMemoryBlockLookaside
RtlDeleteFunctionTable
RtlAddFunctionTable
ShipAssert

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
SizeofResource
GetModuleFileNameA
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetWaitableTimer
WaitForMultipleObjectsEx
SetEvent
ResetEvent
CreateEventW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CancelWaitableTimer
CreateEventA
CreateMutexExW
LeaveCriticalSection
CreateWaitableTimerExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThreadId
GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
PropVariantClear

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceInitialize

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-memory-l1-1-0

VirtualAlloc
CreateFileMappingW
VirtualProtect
MapViewOfFile
UnmapViewOfFile
VirtualFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetTickCount
GetTickCount64
GlobalMemoryStatusEx
GetVersionExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetDiskFreeSpaceW
GetFileSize

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW

mmdevapi

ord5

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics

api-ms-win-core-psapi-l1-1-0

K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameW
K32EnumDeviceDrivers

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/AudioEndpointBuilder.dll
.dll windows x64

560c12638d61ecad18584fc476742f62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wmemcpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__cexit
_o__errno
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
LoadStringW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
SizeofResource
GetModuleHandleW
LoadResource
GetModuleFileNameW
LockResource
GetProcAddress
FindResourceExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
OpenSemaphoreW
AcquireSRWLockExclusive
SetEvent
ResetEvent
CreateEventW
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventExW
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysStringLen
SysFreeString

ntdll

RtlHashUnicodeString
RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlPublishWnfStateData
RtlExtendMemoryBlockLookaside
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
RtlDllShutdownInProgress
RtlAllocateMemoryBlockLookaside
NtQueryInformationProcess
EtwTraceMessage
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer
RtlCreateMemoryBlockLookaside
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlFreeMemoryBlockLookaside
RtlInitUnicodeString
EtwRegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimerEx
SetThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpool
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
IsThreadpoolTimerSet

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Sibling
CM_Unregister_Notification
CM_Get_DevNode_PropertyW
CM_Open_DevNode_Key
CM_Register_Notification
CM_MapCrToWin32Err
CM_Get_Child
CM_Locate_DevNodeW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties
DevGetObjects
DevSetObjectProperties
DevCreateObjectQuery
DevFindProperty
DevCloseObjectQuery
DevFreeObjects

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringLen

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-devices-swdevice-l1-1-0

SwDeviceInterfacePropertySet
SwDeviceInterfaceSetState
SwDeviceClose
SwDeviceCreate
SwDeviceInterfaceRegister
SwDevicePropertySet

mmdevapi

ord2
ord9
ord7
ord29
ord15
ord27
ord21

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
GetSecurityDescriptorLength
IsValidSid
MakeAbsoluteSD
GetLengthSid
InitializeAcl
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
InitializeSid
CopySid
GetSecurityDescriptorControl
GetSidLengthRequired
GetAclInformation
AddAce
GetSidSubAuthority
GetSecurityDescriptorGroup
InitializeSecurityDescriptor

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathParseIconLocationW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

sinf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/AudioEng.dll
.dll regsvr32 windows x64

34e7cb1f513e96f7c2540bdc53e88ee5

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:d0:72:bc:1b:fa:0e:67:29:b5:10:b1:19:c8:fd:bb:5a:90:8c:00:09:b4:0b:33:40:9d:bf:0d:04:f8:ae:47
Signer

Actual PE Digest

57:d0:72:bc:1b:fa:0e:67:29:b5:10:b1:19:c8:fd:bb:5a:90:8c:00:09:b4:0b:33:40:9d:bf:0d:04:f8:ae:47

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

PropVariantClear
StringFromCLSID
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
IIDFromString
CoTaskMemAlloc
CoCreateGuid
CoDisconnectObject
StringFromIID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateEventW
AcquireSRWLockExclusive
CreateEventA
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ResetEvent
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
SetWaitableTimer
SetEvent
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
WaitForMultipleObjectsEx
CancelWaitableTimer
CreateWaitableTimerExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
LockResource
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadResource

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetThreadPriority
GetCurrentThread
CreateThread
TlsSetValue
TlsGetValue
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent

ntdll

NtClose
RtlLockCurrentThread
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockModuleSection
RtlUnlockModuleSection
NtSetTimerResolution
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceInitialize
InitOnceComplete
InitOnceExecuteOnce

propsys

PropVariantToBuffer
PropVariantGetElementCount
PropVariantToString

api-ms-win-crt-math-l1-1-0

tanf
sinf
logf
log10f
floorf
expf
cosf
ceilf
atan2f
asinf
_isnan
_finite
sqrtf

api-ms-win-crt-string-l1-1-0

memmove_s
memset
strnlen
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o___stdio_common_vswprintf_s
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_acos
_o_atan2
_o_atoi
_o_calloc
_o_ceil
_o_cos
_o_exp
_o_fclose
_o_fgets
_o_floor
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o___acrt_iob_func
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__cexit
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__aligned_malloc
_o__aligned_free
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vfwprintf
memcmp
memcpy
memmove

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
CreateFileA
WriteFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvThreadOpenTaskIndex
AvTaskIndexYieldCancel
AvTaskIndexYield
AvSetMultimediaMode
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 879KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/AudioSes.dll
.dll regsvr32 windows x64

709229a0aeb79b2590c9ce5a8cbdbd14

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:50:f0:8b:8a:84:96:51:f2:44:a6:88:0a:5e:b7:81:4a:86:c9:52:dc:aa:33:ba:90:bb:cb:93:12:46:13:0b
Signer

Actual PE Digest

0a:50:f0:8b:8a:84:96:51:f2:44:a6:88:0a:5e:b7:81:4a:86:c9:52:dc:aa:33:ba:90:bb:cb:93:12:46:13:0b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset
wcscmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
wcschr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
I_RpcMapWin32Status
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
RpcSmDestroyClientContext
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrDllCanUnloadNow
I_RpcExceptionFilter
CStdStubBuffer_Disconnect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleFree
NdrClientCall3
RpcStringFreeW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient13
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient7
ObjectStublessClient6
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient22
ObjectStublessClient4
ObjectStublessClient19
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient12
ObjectStublessClient21
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
BSTR_UserFree64
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
SystemTimeToVariantTime
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserSize
VariantTimeToSystemTime
VarUI4FromStr
BSTR_UserFree

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
GetModuleFileNameW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LockResource
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadLocale
GetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
CancelWaitableTimer
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
DeleteCriticalSection
OpenEventW
InitializeCriticalSectionEx
SetWaitableTimer
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
CreateEventExW
TryEnterCriticalSection
SetEvent
CreateWaitableTimerExW
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoInitializeEx
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoWaitForMultipleHandles
PropVariantCopy
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoUninitialize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
CreateThread

api-ms-win-core-string-l2-1-0

IsCharAlphaW
CharNextW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError
RoOriginateErrorW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
CreateThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolCleanupGroup

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

ntdll

RtlQueryPackageClaims
RtlCreateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
NtQueryInformationProcess
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
ShipAssert
NtSetInformationThread
NtQueryInformationThread
NtAlpcConnectPort
RtlUnlockMemoryZone

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSizeEx
PrefetchVirtualMemory
VirtualLock
GetProcessWorkingSetSizeEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2597

mmdevapi

ord30
ord5
ord10
ord29
ord11

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

log10f
sinf
sqrtf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/SpatialAudioLicenseSrv.exe
.exe windows x64

21bbd6725a69b2aa15951ea2bf5647e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o___stdio_common_vsnprintf_s
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__cexit
_o__callnewh
_o___p__commode
__std_terminate
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoWaitForMultipleHandles
CoTaskMemAlloc
CoGetCallContext
CoInitializeSecurity
CoGetMalloc
CoReleaseServerProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/audiodg.exe
.exe windows x64

952b47ae2cbef2b729d43731280b0997

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:26:37:b9:d3:c3:ba:88:8c:35:90:a9:07:5b:3a:a7:b3:e4:23:c7:ec:92:49:ae:0d:07:3e:82:cd:65:c4:48
Signer

Actual PE Digest

6f:26:37:b9:d3:c3:ba:88:8c:35:90:a9:07:5b:3a:a7:b3:e4:23:c7:ec:92:49:ae:0d:07:3e:82:cd:65:c4:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcstoui64
_o_exit
_o_free
_o_malloc
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__exit
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
LoadResource
GetModuleFileNameW
SizeofResource
LockResource
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
SetEvent
ReleaseSemaphore
AcquireSRWLockShared
EnterCriticalSection
InitializeSRWLock
CreateEventW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
WaitForMultipleObjectsEx
TryEnterCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
CreateMutexExW
ResetEvent
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
GetProcessId
GetStartupInfoW
GetThreadId
TlsFree
GetCurrentThreadId
TlsSetValue
GetCurrentThread
TlsGetValue
TlsAlloc
SetThreadPriority
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsAlloc
FlsFree

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_MapCrToWin32Err

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlCreateMemoryBlockLookaside
RtlLockMemoryZone
RtlDestroyMemoryZone
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
RtlUnlockMemoryZone
RtlFreeMemoryBlockLookaside
NtAlpcCreatePort
NtQueryInformationProcess
RtlNtStatusToDosError
RtlCreateMemoryZone
EtwEventActivityIdControl
EtwLogTraceEvent
NtSetInformationProcess
NtSetInformationThread
NtSetSystemInformation
RtlPublishWnfStateData
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
NtCreateWnfStateName
NtDeleteWnfStateName
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlRandomEx
NtAlpcConnectPort
NtAlpcOpenSenderProcess
NtClose
ShipAssert
RtlInitUnicodeStringEx
RtlReportException
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtAlpcAcceptConnectPort
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute

mmdevapi

ord8
ord29
ord2
ord7
ord27
ord21
ord9

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
VirtualLock
GetProcessWorkingSetSizeEx
VirtualUnlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
TraceMessage

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/audioresourceregistrar.dll
.dll windows x64

1eec029d3d0ab41c73242806d9907e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
wcscmp

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcstoul
_o_wmemcpy_s
__C_specific_handler
_CxxThrowException
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
OpenMutexW
CreateMutexW
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
SizeofResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

devobj

DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-com-l1-1-0

CLSIDFromString

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

Exports

Exports

GetKeywordDetectorRequiredResources
Register

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/audiosrv.dll
.dll windows x64

97c8648cb3aaffa64031b9aad03996a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

audiosrvpolicymanager

ActivatePolicyManager
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_RegisterAudioProtocolNotification
TS_UnregisterAudioProtocolNotification
TS_AudioProtocolNotifyRundown
PbmReportAppInteractivityChange
PbmReportAppClosing
PbmAllowMediaPlaybackForApp
PbmRegisterPlaybackManagerNotifications
PbmUnregisterPlaybackManagerNotifications
PbmSetSmtcSubscriptionState
PbmGetSoundLevel
PbmIsPlaying
PbmRegisterAppManagerNotification
PbmUnregisterAppManagerNotification
PbmRegisterAppClosureNotification
PbmUnregisterAppClosureNotification
PbmPlayToStreamStateChanged
PbmCastingAppStateChanged
HHOSTEDAPPMANAGERCONTEXTRundown
PbmSetScreenReaderState
PbmReportHostedAppStateChange
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmReportApplicationState
PbmLaunchBackgroundTask

msvcp_win

_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn
wcscspn
wcsnlen
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsicoll
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o__wtoi
_o_calloc
_o_free
_o_log10
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
wcschr
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__crt_atexit
_CxxThrowException
memcmp
memcpy
memmove

ntdll

RtlDllShutdownInProgress
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
ShipAssert
EtwLogTraceEvent
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlGetPersistedStateLocation
RtlNtStatusToDosError
NtCreateWnfStateName
EtwEventActivityIdControl
RtlSubscribeWnfStateChangeNotification
NtDeleteWnfStateName
RtlPublishWnfStateData
EtwTraceMessage
NtOpenProcess
PssNtCaptureSnapshot
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
ZwAlpcCancelMessage
RtlWakeAddressAll
TpAllocAlpcCompletion
ZwAlpcDisconnectPort
ZwAlpcSendWaitReceivePort
TpReleaseAlpcCompletion
ZwAlpcQueryInformation
RtlWaitOnAddress
ZwAlpcConnectPort
RtlUnsubscribeWnfNotificationWaitForCompletion
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
ZwClose
RtlAllocateHeap
NtQuerySystemInformation
RtlFreeHeap
NtPowerInformation
NtOpenEvent
vDbgPrintEx
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
PssNtFreeSnapshot
NtClose
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
EtwEventUnregister
RtlReportException
RtlFreeMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlAllocateMemoryBlockLookaside
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlQueryWnfStateData
NtQueryInformationProcess
RtlQueryResourcePolicy
RtlCreateMemoryBlockLookaside
TpWaitForAlpcCompletion
EtwEventWriteNoRegistration

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
SizeofResource
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadResource
GetModuleHandleExW
LoadLibraryExW
LockResource
FindResourceExW
LoadStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeSRWLock
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
CreateEventExW
SetEvent
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateMutexExW
CreateMutexW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
SetThreadPriority
CreateThread
OpenThreadToken
TerminateProcess
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentThread
GetProcessTimes
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcBindingFromStringBindingW
RpcBindingToStringBindingW
UuidCreate
NdrServerCall2
RpcStringBindingParseW
NdrServerCallAll
RpcStringBindingComposeW
UuidEqual
RpcServerUnregisterIfEx
RpcRevertToSelf
RpcImpersonateClient
NdrClientCall3
RpcServerInqBindings
RpcServerRegisterIf3
I_RpcExceptionFilter
RpcBindingFree
RpcBindingVectorFree
RpcStringFreeW
RpcServerUseProtseqEpW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegSetKeySecurity
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegGetKeySecurity
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
SetEventWhenCallbackReturns
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroup
SetThreadpoolTimerEx
WaitForThreadpoolWorkCallbacks
IsThreadpoolTimerSet
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CloseThreadpool
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

mmdevapi

ord23
ord24
ord27
ord7
ord2
ord25
ord21
ord16
ord15
ord9
ord12
ord29

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
FileTimeToLocalFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
RecordFeatureError
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-crt-math-l1-1-0

sinf
floorf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/f/AudioEndpointBuilder.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/f/AudioEng.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/f/AudioSes.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/f/audiodg.exe
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/f/audiosrv.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/r/AudioEndpointBuilder.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/r/AudioEng.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/r/AudioSes.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/r/audiodg.exe
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/r/audiosrv.dll
amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.17763.134_none_eb721cdf6a427b77/remoteaudioendpoint.dll
.dll regsvr32 windows x64

0e9614022aac15421797dc6802de2513

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:f1:14:33:c8:29:48:6d:20:32:0e:8c:da:66:b0:88:ce:7e:2b:37:3b:c9:0a:dc:04:b6:c1:fa:65:aa:67:3b
Signer

Actual PE Digest

40:f1:14:33:c8:29:48:6d:20:32:0e:8c:da:66:b0:88:ce:7e:2b:37:3b:c9:0a:dc:04:b6:c1:fa:65:aa:67:3b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_purecall
wcscat_s
wcscpy_s
_callnewh
memcpy_s
free
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
_CxxThrowException
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
malloc
wcsncpy_s
memcmp
_errno
__C_specific_handler
memcpy
realloc
_lock
_onexit
__dllonexit
_unlock
memset

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics
AvCreateTaskIndex
AvSetMmThreadPriority

combase

CStdStubBuffer_Disconnect
NdrCStdStubBuffer_Release
ord139
ord11
ord15
CStdStubBuffer_DebugServerRelease
ord3
ord10
CStdStubBuffer_DebugServerQueryInterface
ord2
ord14
ord6
ord12
ord4
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
ord5
CStdStubBuffer_IsIIDSupported
ord13
ord9
CStdStubBuffer_Invoke
ord7
ord8
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

rpcrt4

NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrOleAllocate
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadResource
FindResourceExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FreeLibrary
SizeofResource

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
PropVariantClear
CoCreateInstance

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
LeaveCriticalSection
WaitForMultipleObjectsEx
ResetEvent
WaitForSingleObject
InitializeCriticalSection
CreateEventW
ReleaseSemaphore
CreateSemaphoreExW
OpenEventW
CreateEventExW
OpenSemaphoreW
DeleteCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

SetThreadLocale
GetThreadLocale

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId
TlsFree
TerminateProcess
CreateThread
GetCurrentProcess
TlsGetValue

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsAlloc
FlsFree

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualQueryEx
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW

rtworkq

RtwqInvokeCallback
RtwqCreateAsyncResult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7/msacm32.dll
.dll windows x64

20664f4cdb5a3d3b9cbab3144dc292b5

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:18:ae:1d:01:6e:bc:0e:f3:57:31:e7:b8:76:98:a8:3a:dc:83:d6:66:bc:26:a8:77:9f:b4:72:f2:97:4c:a4
Signer

Actual PE Digest

99:18:ae:1d:01:6e:bc:0e:f3:57:31:e7:b8:76:98:a8:3a:dc:83:d6:66:bc:26:a8:77:9f:b4:72:f2:97:4c:a4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
memcmp
_XcptFilter
_initterm
free
_amsg_exit
iswctype
malloc
_vsnwprintf
__C_specific_handler
memset

ntdll

RtlCaptureContext
RtlOpenCurrentUser
NtClose
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetProfileStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
GetCurrentProcessId
TlsFree
TlsAlloc
TerminateProcess
GetCurrentProcess
TlsSetValue

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW
CharLowerBuffW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FreeResource

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ResetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-mm-misc-l1-1-0

OpenDriver
SendDriverMessage
CloseDriver

api-ms-win-mm-mme-l1-1-0

waveInGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutOpen
waveInGetDevCapsW
waveInOpen

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

acmDriverAddA
acmDriverAddW
acmDriverClose
acmDriverDetailsA
acmDriverDetailsW
acmDriverEnum
acmDriverID
acmDriverMessage
acmDriverOpen
acmDriverPriority
acmDriverRemove
acmFilterChooseA
acmFilterChooseW
acmFilterDetailsA
acmFilterDetailsW
acmFilterEnumA
acmFilterEnumW
acmFilterTagDetailsA
acmFilterTagDetailsW
acmFilterTagEnumA
acmFilterTagEnumW
acmFormatChooseA
acmFormatChooseW
acmFormatDetailsA
acmFormatDetailsW
acmFormatEnumA
acmFormatEnumW
acmFormatSuggest
acmFormatTagDetailsA
acmFormatTagDetailsW
acmFormatTagEnumA
acmFormatTagEnumW
acmGetVersion
acmMetrics
acmStreamClose
acmStreamConvert
acmStreamMessage
acmStreamOpen
acmStreamPrepareHeader
acmStreamReset
acmStreamSize
acmStreamUnprepareHeader

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.17763.1_none_c60d813adcac88ff/BCD
amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.17763.1_none_c60d813adcac88ff/boot.sdi
amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_10.0.17763.1_none_e947f9926517c678/bootstr.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/f/winresume.efi
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/f/winresume.exe
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/r/winresume.efi
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/r/winresume.exe
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/winresume.efi
.exe windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:7c:36:0f:9b:1d:d4:1b:3d:21:9f:8b:92:3a:61:5f:01:3b:6e:34:cb:d0:95:d3:c0:e5:c0:8e:22:5d:bc:00
Signer

Actual PE Digest

7c:7c:36:0f:9b:1d:d4:1b:3d:21:9f:8b:92:3a:61:5f:01:3b:6e:34:cb:d0:95:d3:c0:e5:c0:8e:22:5d:bc:00

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.17763.194_none_ddca105b129e015c/winresume.exe
.exe windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:d5:17:5d:2f:2d:81:b3:b3:b9:a9:c4:a9:5c:b0:78:52:bf:3f:c0:51:01:fe:b9:e9:0e:52:2a:9f:92:aa:cd
Signer

Actual PE Digest

23:d5:17:5d:2f:2d:81:b3:b3:b9:a9:c4:a9:5c:b0:78:52:bf:3f:c0:51:01:fe:b9:e9:0e:52:2a:9f:92:aa:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

.text
Size: 929KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_10df.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:f0:7a:55:b1:78:07:47:5b:b4:43:f4:a7:3e:3f:3d:4d:49:72:14:2a:0d:a1:ad:9d:74:96:61:5c:87:39:fa
Signer

Actual PE Digest

61:f0:7a:55:b1:78:07:47:5b:b4:43:f4:a7:3e:3f:3d:4d:49:72:14:2a:0d:a1:ad:9d:74:96:61:5c:87:39:fa

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_10ec.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:66:4c:52:42:07:4d:78:c0:bd:74:1f:45:fc:fc:4c:16:1e:16:5c:af:77:5a:31:b1:90:f4:c4:69:49:38:21
Signer

Actual PE Digest

ef:66:4c:52:42:07:4d:78:c0:bd:74:1f:45:fc:fc:4c:16:1e:16:5c:af:77:5a:31:b1:90:f4:c4:69:49:38:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_1137.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:c8:f7:87:3a:01:10:a3:66:19:92:7c:40:66:da:88:47:b0:41:d7:5d:fb:e8:c3:79:05:05:39:a9:0a:40:b6
Signer

Actual PE Digest

b3:c8:f7:87:3a:01:10:a3:66:19:92:7c:40:66:da:88:47:b0:41:d7:5d:fb:e8:c3:79:05:05:39:a9:0a:40:b6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_14e4.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:6e:2e:14:61:e3:5f:ee:7a:97:b4:08:c2:9b:0c:ec:12:21:11:18:43:0f:af:27:5e:87:62:c7:ac:e8:69:51
Signer

Actual PE Digest

09:6e:2e:14:61:e3:5f:ee:7a:97:b4:08:c2:9b:0c:ec:12:21:11:18:43:0f:af:27:5e:87:62:c7:ac:e8:69:51

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_15b3.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:63:f6:b4:47:e5:c4:3c:df:a5:b2:c0:fe:68:2e:f3:58:5f:47:24:68:04:51:a1:b3:58:29:be:19:2a:6d:f6
Signer

Actual PE Digest

2c:63:f6:b4:47:e5:c4:3c:df:a5:b2:c0:fe:68:2e:f3:58:5f:47:24:68:04:51:a1:b3:58:29:be:19:2a:6d:f6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_1969.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:69:0f:88:02:2f:e9:e3:b7:b6:54:16:b1:dc:7b:bc:7b:95:38:c0:8c:38:79:9e:3f:4d:7a:5d:98:92:bf:b6
Signer

Actual PE Digest

ca:69:0f:88:02:2f:e9:e3:b7:b6:54:16:b1:dc:7b:bc:7b:95:38:c0:8c:38:79:9e:3f:4d:7a:5d:98:92:bf:b6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_19a2.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:a7:40:c2:18:ff:55:e1:7f:dd:b1:ea:fe:cf:df:f8:97:6d:dc:8b:6e:d3:cf:97:6c:70:21:e3:8b:66:03:c7
Signer

Actual PE Digest

59:a7:40:c2:18:ff:55:e1:7f:dd:b1:ea:fe:cf:df:f8:97:6d:dc:8b:6e:d3:cf:97:6c:70:21:e3:8b:66:03:c7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_1af4.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:5d:88:2d:49:46:7b:93:c5:30:63:5f:74:8c:42:64:fb:7d:74:bf:45:9e:ac:8d:ed:31:56:8f:42:3c:97:a3
Signer

Actual PE Digest

65:5d:88:2d:49:46:7b:93:c5:30:63:5f:74:8c:42:64:fb:7d:74:bf:45:9e:ac:8d:ed:31:56:8f:42:3c:97:a3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_02_8086.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:6e:a4:a6:ce:c9:45:ce:59:ec:f5:12:0d:f3:4b:45:d5:d7:2b:cf:1a:86:d1:23:9c:85:95:e4:04:65:7e:bb
Signer

Actual PE Digest

3a:6e:a4:a6:ce:c9:45:ce:59:ec:f5:12:0d:f3:4b:45:d5:d7:2b:cf:1a:86:d1:23:9c:85:95:e4:04:65:7e:bb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_07_1415.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:21:54:fd:d2:44:6c:53:8b:95:76:c9:f2:54:d5:76:f8:f6:d4:b3:23:63:d0:2f:9f:38:5c:93:ee:38:b0:62
Signer

Actual PE Digest

41:21:54:fd:d2:44:6c:53:8b:95:76:c9:f2:54:d5:76:f8:f6:d4:b3:23:63:d0:2f:9f:38:5c:93:ee:38:b0:62

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kd_0C_8086.dll
.dll windows x64

341f79c66666520f0e5f3abc9639c3a2

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:fa:82:0d:2e:6b:a4:39:d4:19:ac:53:90:23:6e:75:24:27:d9:30:e6:e2:6c:21:ec:bb:7e:0c:94:20:36:e0
Signer

Actual PE Digest

b5:fa:82:0d:2e:6b:a4:39:d4:19:ac:53:90:23:6e:75:24:27:d9:30:e6:e2:6c:21:ec:bb:7e:0c:94:20:36:e0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

atol
strstr

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.17763.1_none_e37d41a8e28140ef/kdnet_uart16550.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:ca:af:00:e2:fd:61:91:5b:05:41:bf:37:db:b5:6e:ec:be:7f:c7:c8:a0:ce:48:87:d2:c7:be:81:37:bc:7f
Signer

Actual PE Digest

49:ca:af:00:e2:fd:61:91:5b:05:41:bf:37:db:b5:6e:ec:be:7f:c7:c8:a0:ce:48:87:d2:c7:be:81:37:bc:7f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

KdInitializeLibrary

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

587b1c3fd47818346fb8557408e17403

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

shlwapi

uxtheme

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 148B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 1KB - Virtual size: 4KB

75fe4d242cdb81c8fd19f8165a4d313d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 376B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 632B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 1KB - Virtual size: 4KB

2cb38fe7d8f223d9da50b7cba9b95a6d

Headers

DLL Characteristics

File Characteristics

Imports

ulib

api-ms-win-core-heap-l1-1-0

ntdll

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 56B

e9c61f993c775f67ec407a47a8955d31

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 148B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 376B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 632B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 56B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1a:41:e7:15:3e:c4:54:88:36:f4:b1:c4:f6:f1:26:45:b9:8a:73:45:18:96:56:82:1e:33:89:97:98:11:b9:9b
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 600B

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 56B

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ac:d0:82:20:56:d4:2d:50:74:55:d3:ab:66:93:89:81:95:ba:40:b8:93:d2:d5:44:93:19:fe:dd:e4:bc:14:d9
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB