Static task
static1
Behavioral task
behavioral1
Sample
1ff74b6aae2944c942efa5886bc20c8ac9ed6d231fb65dd1634d6f80c4c01cc7.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
1ff74b6aae2944c942efa5886bc20c8ac9ed6d231fb65dd1634d6f80c4c01cc7.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
1ff74b6aae2944c942efa5886bc20c8ac9ed6d231fb65dd1634d6f80c4c01cc7
-
Size
82KB
-
MD5
abd9acae588b642b55d64f111239a287
-
SHA1
28eb4eeced462eebd1df392b5979cee0a6dc76a2
-
SHA256
1ff74b6aae2944c942efa5886bc20c8ac9ed6d231fb65dd1634d6f80c4c01cc7
-
SHA512
34f64bdba3792b53a2684699c84214039965e35d6814b39a0b558830f4362930f995ecb7ebd7008d996c6e17c6534d23ed54536b6a3445d2d35d431e39f6abbb
-
SSDEEP
1536:6e4VAe79DzWo2dyep8dx9rRvGWmwXi1O242xIIPEhX6D+7U:6RVAe79DzPXU+9B5HV2I+EhX6DEU
Malware Config
Signatures
Files
-
1ff74b6aae2944c942efa5886bc20c8ac9ed6d231fb65dd1634d6f80c4c01cc7.exe windows x86
8f1147cd3dfde4630f7dc86bc2a7386a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
InitializeFlatSB
ImageList_DragEnter
FlatSB_SetScrollInfo
CreateUpDownControl
CreateToolbarEx
ImageList_DrawEx
MenuHelp
InitMUILanguage
ImageList_Read
ImageList_GetIconSize
ImageList_GetDragImage
PropertySheetW
CreatePropertySheetPageW
CreateStatusWindowW
DrawInsert
ImageList_Merge
ImageList_GetImageRect
ImageList_SetOverlayImage
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
ImageList_SetFlags
ImageList_LoadImageA
CreateStatusWindowA
ImageList_SetFilter
FlatSB_EnableScrollBar
CreatePropertySheetPageA
ImageList_Add
ImageList_Replace
msacm32
acmFilterChooseW
acmStreamSize
wtsapi32
WTSOpenServerW
WTSSetSessionInformationW
WTSQueryUserConfigW
WTSVirtualChannelOpen
WTSEnumerateServersA
WTSQuerySessionInformationW
WTSVirtualChannelQuery
WTSEnumerateProcessesA
WTSSendMessageW
WTSLogoffSession
WTSEnumerateSessionsA
WTSOpenServerA
WTSEnumerateSessionsW
WTSVirtualChannelRead
WTSEnumerateServersW
WTSEnumerateProcessesW
gdi32
RemoveFontResourceA
EnumObjects
GdiGetPageHandle
EnumFontFamiliesW
CreateFontIndirectW
CheckColorsInGamut
RectVisible
StrokePath
CreateDIBPatternBrushPt
PlayEnhMetaFile
LPtoDP
ColorMatchToTarget
SetWorldTransform
CreateCompatibleBitmap
GetClipRgn
PatBlt
SetDIBColorTable
SetBoundsRect
OffsetClipRgn
UpdateColors
GetSystemPaletteEntries
GetMetaFileBitsEx
DeleteDC
GetMetaFileA
PolylineTo
GetViewportExtEx
GetCharWidth32A
PolyDraw
GetDCOrgEx
LineTo
GetPolyFillMode
FrameRgn
Polygon
CreateDiscardableBitmap
SetBkColor
SelectClipRgn
Escape
SetSystemPaletteUse
CloseEnhMetaFile
GetSystemPaletteUse
CreateFontIndirectExA
SetMetaFileBitsEx
CreateDIBitmap
CreatePolygonRgn
CopyMetaFileA
GetCharWidth32W
SetPixelFormat
PolyPolyline
CreateFontA
PolyTextOutA
ScaleViewportExtEx
GdiStartDocEMF
CreateEnhMetaFileW
GetNearestPaletteIndex
SelectFontLocal
SetViewportExtEx
UpdateICMRegKeyW
SetColorAdjustment
GetPath
RoundRect
SelectBrushLocal
CreateHatchBrush
SetTextCharacterExtra
GetObjectA
StartDocW
GetBitmapDimensionEx
SetAbortProc
GetCharWidthFloatW
GetDeviceGammaRamp
GetTextExtentExPointA
Ellipse
GetDeviceCaps
GetFontUnicodeRanges
SetDeviceGammaRamp
FixBrushOrgEx
GdiPlayJournal
DeleteMetaFile
SetMagicColors
CreateScalableFontResourceW
GetTextFaceA
DeleteObject
CreateDCW
GetKerningPairsA
CloseFigure
GetCharABCWidthsFloatA
kernel32
EnumResourceTypesA
EnumTimeFormatsA
GetProcessAffinityMask
SetTapeParameters
GetProcAddress
GetFileSize
GetLogicalDrives
RequestDeviceWakeup
LocalLock
GetThreadPriorityBoost
GetProcessTimes
OpenProcess
lstrcpyA
ResumeThread
PurgeComm
CreateMutexA
lstrcpynA
GetThreadContext
GetStringTypeExW
ReplaceFileW
SleepEx
FormatMessageW
_lopen
GetFileSizeEx
WriteFileEx
InitializeCriticalSection
GlobalUnlock
GetSystemPowerStatus
_llseek
GetStringTypeW
SetThreadExecutionState
WritePrivateProfileSectionA
FindFirstFileA
TlsAlloc
EnumUILanguagesW
QueryPerformanceFrequency
RtlUnwind
CommConfigDialogA
FreeUserPhysicalPages
MulDiv
GetComputerNameA
LoadModule
SetProcessPriorityBoost
GlobalFindAtomW
EndUpdateResourceA
IsValidLocale
_hwrite
GetThreadTimes
IsDBCSLeadByte
BackupWrite
lstrcmpiA
EnumLanguageGroupLocalesW
GetCalendarInfoW
WriteProfileSectionA
GetLogicalDriveStringsW
DeleteTimerQueueEx
RemoveDirectoryW
GetSystemTimeAsFileTime
GetCPInfoExA
WritePrivateProfileStructA
FindFirstFileW
CreateMutexW
GetShortPathNameW
ResetWriteWatch
CreateFileMappingW
FindFirstVolumeMountPointW
CreateDirectoryExA
_lwrite
SetCalendarInfoA
CallNamedPipeW
ChangeTimerQueueTimer
OpenSemaphoreW
SearchPathA
CreateFileA
CreateNamedPipeW
SetEndOfFile
GetPrivateProfileIntW
TlsFree
ExpandEnvironmentStringsW
GetDriveTypeA
GetDateFormatA
GetStringTypeExA
SetLocaleInfoA
SetThreadAffinityMask
CancelDeviceWakeupRequest
InterlockedIncrement
GetCurrentThreadId
GetTimeFormatA
ContinueDebugEvent
_lread
GetPrivateProfileSectionNamesA
IsBadReadPtr
GlobalFlags
FindFirstFileExA
DosDateTimeToFileTime
SetLocalTime
PrepareTape
GetProfileIntW
IsBadStringPtrW
ExitProcess
FindVolumeClose
SetFileAttributesA
SetSystemTime
RequestWakeupLatency
SetProcessShutdownParameters
SetSystemTimeAdjustment
EnumSystemLanguageGroupsW
SetDefaultCommConfigA
CreateHardLinkW
CreateFileW
FlushFileBuffers
FatalAppExitA
GetAtomNameW
Beep
EnumDateFormatsA
FlushViewOfFile
GetVolumePathNameW
SetFilePointer
_lcreat
FileTimeToLocalFileTime
lstrcatA
_lclose
GetHandleInformation
GetPrivateProfileStructA
SetNamedPipeHandleState
GetCPInfoExW
FatalAppExitW
_hread
GetLongPathNameW
GlobalCompact
CreateNamedPipeA
GetDiskFreeSpaceW
CreateEventW
GetProcessPriorityBoost
GetProcessHeaps
GetCommMask
GetProfileIntA
SetEnvironmentVariableW
GetDriveTypeW
GetComputerNameExW
MoveFileExA
EnumResourceTypesW
GetProfileStringA
ReplaceFileA
LockFileEx
InterlockedExchange
DeleteVolumeMountPointA
GetUserDefaultUILanguage
FindResourceA
TlsSetValue
SetCurrentDirectoryW
FindFirstVolumeW
WritePrivateProfileStructW
GetEnvironmentVariableW
DnsHostnameToComputerNameW
FindFirstVolumeMountPointA
GetDiskFreeSpaceA
GetCompressedFileSizeA
OpenEventW
GetCalendarInfoA
FreeLibraryAndExitThread
PostQueuedCompletionStatus
GetThreadPriority
FreeEnvironmentStringsW
DeleteVolumeMountPointW
GetTimeFormatW
OpenFileMappingW
WriteFile
GlobalWire
GetStdHandle
CancelIo
ntdsapi
DsCrackNamesW
DsInheritSecurityIdentityA
DsListDomainsInSiteA
DsClientMakeSpnForTargetServerW
shlwapi
SHRegWriteUSValueA
UrlCompareA
SHOpenRegStream2W
AssocCreate
SHRegDeleteEmptyUSKeyA
PathSkipRootW
PathFindOnPathA
PathIsRelativeA
SHSetValueA
UrlGetPartW
PathUnmakeSystemFolderA
SHGetValueW
PathRenameExtensionW
SHEnumKeyExA
PathGetArgsW
PathIsPrefixA
StrFromTimeIntervalA
SHRegEnumUSValueA
PathFindExtensionW
PathUndecorateW
SHSkipJunction
SHEnumValueW
StrCSpnA
GetMenuPosFromID
PathCommonPrefixA
StrChrW
SHSetThreadRef
ColorHLSToRGB
PathMakeSystemFolderA
PathIsLFNFileSpecW
PathRemoveBackslashW
PathQuoteSpacesW
PathRelativePathToA
UrlCompareW
PathIsRootA
SHDeleteEmptyKeyA
PathFindNextComponentA
UrlIsW
SHRegQueryUSValueA
PathIsUNCServerShareW
SHQueryValueExW
SHDeleteValueW
StrSpnA
wvnsprintfW
PathIsUNCServerW
ChrCmpIW
PathBuildRootA
SHRegGetBoolUSValueA
StrNCatA
ColorAdjustLuma
StrRetToBufW
PathSearchAndQualifyA
StrCmpIW
PathCombineW
SHRegDeleteUSValueW
PathGetArgsA
SHRegWriteUSValueW
PathGetDriveNumberA
SHDeleteEmptyKeyW
PathMatchSpecA
PathCreateFromUrlA
SHRegDeleteEmptyUSKeyW
HashData
PathFileExistsA
PathRemoveArgsW
SHRegCloseUSKey
SHRegDeleteUSValueA
PathIsDirectoryEmptyA
SHRegEnumUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegGetPathA
SHRegSetUSValueA
PathFindNextComponentW
StrCSpnIW
SHOpenRegStream2A
PathIsUNCServerShareA
PathIsContentTypeA
StrCSpnW
StrFormatKBSizeW
PathMatchSpecW
PathStripToRootA
PathUnExpandEnvStringsW
PathAddBackslashA
StrCpyNW
SHRegQueryInfoUSKeyW
StrStrIW
StrTrimW
SHEnumKeyExW
SHDeleteKeyA
StrRetToStrW
UrlApplySchemeW
StrCatBuffA
StrCmpNIW
PathUnmakeSystemFolderW
AssocQueryKeyA
PathCanonicalizeA
SHQueryInfoKeyW
PathCreateFromUrlW
StrToIntExA
UrlIsNoHistoryW
PathUnExpandEnvStringsA
UrlHashW
StrRetToStrA
PathStripToRootW
PathQuoteSpacesA
PathIsDirectoryA
PathIsLFNFileSpecA
ChrCmpIA
PathFindSuffixArrayW
PathGetCharTypeA
StrDupW
StrRStrIW
PathIsUNCServerA
PathSearchAndQualifyW
SHAutoComplete
PathIsURLA
SHCreateStreamOnFileA
UrlGetLocationW
SHRegEnumUSValueW
StrChrIA
PathSetDlgItemPathA
SHCopyKeyA
PathFindFileNameW
PathRemoveFileSpecA
StrToIntW
SHCreateShellPalette
wvnsprintfA
PathSetDlgItemPathW
PathRemoveBackslashA
PathRemoveExtensionW
StrFormatByteSizeW
PathUnquoteSpacesW
PathMakePrettyA
PathParseIconLocationA
SHGetThreadRef
StrToIntExW
PathParseIconLocationW
PathGetCharTypeW
SHRegQueryInfoUSKeyA
UrlGetLocationA
StrToIntA
UrlIsOpaqueA
StrIsIntlEqualW
PathCommonPrefixW
PathUndecorateA
PathRemoveBlanksA
SHRegGetUSValueA
StrFormatKBSizeA
ColorRGBToHLS
PathUnquoteSpacesA
SHSetValueW
SHRegEnumUSKeyA
UrlUnescapeW
UrlIsOpaqueW
SHRegGetPathW
StrCatW
StrCmpW
SHDeleteOrphanKeyA
PathMakePrettyW
StrRChrW
SHIsLowMemoryMachine
StrFormatByteSizeA
SHOpenRegStreamA
PathRenameExtensionA
PathAddExtensionA
SHCreateThread
StrChrIW
SHRegCreateUSKeyW
StrFormatByteSize64A
PathCanonicalizeW
PathRemoveFileSpecW
rasapi32
RasGetEapUserDataW
RasSetCustomAuthDataA
RasEditPhonebookEntryW
RasGetSubEntryPropertiesW
DwEnumEntryDetails
RasConnectionNotificationW
imm32
ImmGetIMCLockCount
ImmCreateSoftKeyboard
ImmGetCandidateListA
ImmEnumRegisterWordA
ImmGenerateMessage
ImmEnumRegisterWordW
ntlanman
NPCloseEnum
NPGetReconnectFlags
advpack
GetVersionFromFile
OpenINFEngine
SetPerUserSecValues
NeedReboot
FileSaveRestore
RegSaveRestore
IsNTAdmin
LaunchINFSection
secur32
ImportSecurityContextA
GetComputerObjectNameW
QueryCredentialsAttributesA
ExportSecurityContext
GetUserNameExA
LsaGetLogonSessionData
LsaFreeReturnBuffer
GetComputerObjectNameA
AddSecurityPackageW
SealMessage
AddSecurityPackageA
LsaCallAuthenticationPackage
SaslIdentifyPackageW
UnsealMessage
CompleteAuthToken
SaslGetProfilePackageW
SaslInitializeSecurityContextW
QueryContextAttributesW
ImpersonateSecurityContext
AcceptSecurityContext
TranslateNameW
LsaRegisterPolicyChangeNotification
SaslGetProfilePackageA
InitSecurityInterfaceA
FreeCredentialsHandle
InitSecurityInterfaceW
user32
GetCursor
SendNotifyMessageW
UnionRect
EnumDisplayMonitors
CascadeWindows
DdeInitializeA
SetCaretPos
GetWindowPlacement
GetKeyboardLayoutList
CheckMenuRadioItem
CharNextExA
GetMouseMovePointsEx
GetMenuItemCount
GetAsyncKeyState
GetTopWindow
PostThreadMessageA
InsertMenuA
GetListBoxInfo
GetMessageTime
ModifyMenuW
OemToCharBuffA
SetDlgItemTextA
GetMenuBarInfo
ImpersonateDdeClientWindow
CharUpperBuffW
SetLayeredWindowAttributes
GetWindowTextLengthA
SetScrollPos
CallNextHookEx
DdeCmpStringHandles
DestroyCursor
GetSubMenu
DdeClientTransaction
DdeFreeDataHandle
GetClassInfoExA
GetKeyboardState
MessageBoxExW
IsCharAlphaW
GetKeyboardLayoutNameW
IsHungAppWindow
MsgWaitForMultipleObjects
OpenInputDesktop
TileChildWindows
EndDialog
IsWindowEnabled
ChangeClipboardChain
DdeQueryConvInfo
SetCapture
OpenWindowStationW
SetSystemCursor
CallWindowProcA
InvalidateRgn
SendMessageTimeoutW
IsCharAlphaNumericW
CharToOemW
IsCharAlphaNumericA
CopyRect
GetDoubleClickTime
SetWindowRgn
GetScrollRange
IsCharLowerW
TileWindows
LoadCursorA
DdeCreateDataHandle
EnableMenuItem
CloseClipboard
CreateDesktopA
DrawIcon
WindowFromPoint
DdeFreeStringHandle
DdeQueryStringW
DialogBoxParamA
SendMessageW
LoadIconW
CloseWindowStation
DrawTextExA
IsCharLowerA
DefWindowProcA
TabbedTextOutW
DrawTextExW
SendMessageCallbackW
GetMessageExtraInfo
RegisterClipboardFormatW
ModifyMenuA
BringWindowToTop
WinHelpW
GetClassInfoExW
GetCaretPos
ActivateKeyboardLayout
CreateIconIndirect
SetMessageExtraInfo
IsDialogMessageW
SystemParametersInfoA
RegisterClipboardFormatA
SetScrollRange
SetWindowsHookA
SwitchDesktop
SetClipboardData
SwapMouseButton
GetWindowTextA
OpenWindowStationA
IMPQueryIMEA
EnableWindow
DialogBoxIndirectParamW
DdeCreateStringHandleW
SetWindowLongA
DdeCreateStringHandleA
ScrollDC
PeekMessageW
OpenDesktopA
CharLowerBuffW
InvalidateRect
MonitorFromPoint
SetSysColors
DrawTextA
SendDlgItemMessageA
UnregisterDeviceNotification
RegisterDeviceNotificationA
clusapi
RemoveClusterResourceNode
ClusterNodeCloseEnum
ClusterGroupControl
ClusterNetworkControl
CloseClusterResource
ClusterNodeEnum
ClusterRegDeleteKey
MoveClusterGroup
GetClusterFromGroup
AddClusterResourceDependency
GetNodeClusterState
SetClusterNetworkName
ClusterOpenEnum
GetClusterGroupState
ClusterResourceOpenEnum
OpenClusterResource
GetClusterNetInterfaceKey
GetClusterNetInterface
ClusterRegQueryInfoKey
GetClusterFromNode
DeleteClusterResource
ClusterNetInterfaceControl
CloseClusterGroup
GetClusterResourceNetworkName
CreateClusterGroup
ClusterRegDeleteValue
shell32
SheGetDirA
SHGetDiskFreeSpaceA
SHAppBarMessage
CheckEscapesW
ExtractIconW
DragQueryFileAorW
ShellExecuteExW
SHGetInstanceExplorer
SHInvokePrinterCommandW
SHGetMalloc
SHGetNewLinkInfoW
SHExtractIconsW
DragQueryPoint
ntdll
NtLoadDriver
RtlGetProcessHeaps
RtlAppendAsciizToString
RtlCharToInteger
ZwOpenKey
NtAdjustGroupsToken
ZwSystemDebugControl
RtlSetGroupSecurityDescriptor
RtlSetAttributesSecurityDescriptor
NtSetSystemInformation
RtlAddAce
RtlAreBitsSet
NtRestoreKey
RtlSetThreadPoolStartFunc
RtlConvertUiListToApiList
RtlCreateEnvironment
NtCreateProcess
NtEnumerateValueKey
ZwDeleteValueKey
NtPrivilegeObjectAuditAlarm
ZwSetInformationJobObject
RtlxOemStringToUnicodeSize
ZwSetVolumeInformationFile
NtUnloadKey
RtlConvertToAutoInheritSecurityObject
NtQueueApcThread
NtSetEvent
RtlPrefixUnicodeString
NtOpenEventPair
NtSetInformationThread
NtPlugPlayControl
RtlFindMessage
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
ZwSaveKey
RtlIsGenericTableEmpty
RtlQueryProcessHeapInformation
NtImpersonateClientOfPort
LdrFindEntryForAddress
ZwQueryEaFile
ZwContinue
ZwWaitLowEventPair
RtlSetCurrentEnvironment
RtlEnlargedIntegerMultiply
ZwCreateFile
RtlSystemTimeToLocalTime
NtReadRequestData
NtRemoveIoCompletion
RtlEqualPrefixSid
NtCreateIoCompletion
ZwOpenThread
RtlImageNtHeader
RtlAppendUnicodeStringToString
NtClose
RtlpNtMakeTemporaryKey
RtlDeleteRegistryValue
RtlCopyString
ZwReadVirtualMemory
RtlDeregisterWaitEx
RtlGetUserInfoHeap
KiRaiseUserExceptionDispatcher
RtlDowncaseUnicodeString
NtInitiatePowerAction
NtTestAlert
ZwShutdownSystem
NtFreeUserPhysicalPages
NtUnlockVirtualMemory
NtAlertThread
ZwOpenSection
ZwStartProfile
RtlRandom
NtRequestPort
NtWriteVirtualMemory
NtSetUuidSeed
RtlCreateUnicodeStringFromAsciiz
NtQueryInformationFile
NtOpenSection
ZwReplyWaitReceivePortEx
RtlAbsoluteToSelfRelativeSD
RtlCreateUserSecurityObject
NtQueryVirtualMemory
ZwOpenSymbolicLinkObject
NtDisplayString
NtDeviceIoControlFile
ZwAddAtom
ZwLockFile
RtlSetBits
ZwReadFileScatter
ZwStopProfile
ZwCreateEventPair
ZwSetDefaultHardErrorPort
NtPowerInformation
ZwOpenTimer
RtlNtStatusToDosError
RtlFreeHandle
CsrFreeCaptureBuffer
RtlSubAuthorityCountSid
ZwSetLowWaitHighEventPair
RtlFindLongestRunClear
NtFindAtom
RtlCreateProcessParameters
RtlDnsHostNameToComputerName
NtSaveKey
ZwClose
ZwAcceptConnectPort
ZwLoadDriver
NtDeleteKey
NtSetContextThread
NtConnectPort
ZwAllocateUuids
RtlUnicodeToCustomCPN
ZwFindAtom
ZwCreatePagingFile
NtLoadKey
RtlQuerySecurityObject
RtlCopyLuid
RtlEqualString
NtTerminateThread
NtQuerySymbolicLinkObject
NtQuerySystemTime
NtCreateTimer
NtQueryAttributesFile
RtlAddAuditAccessObjectAce
PfxFindPrefix
NtOpenMutant
RtlValidateHeap
RtlValidateProcessHeaps
NtFsControlFile
comdlg32
GetSaveFileNameW
GetFileTitleA
PageSetupDlgW
GetFileTitleW
LoadAlterBitmap
ChooseColorA
PageSetupDlgA
winmm
joy32Message
mixerGetLineControlsW
PlaySoundA
PlaySoundW
netapi32
DsEnumerateDomainTrustsA
NetSessionEnum
NetUserGetLocalGroups
NetMessageNameAdd
NetScheduleJobDel
DsGetDcNameW
DsRoleFreeMemory
NetUserChangePassword
NetUserSetInfo
NetServiceEnum
NetServerTransportAdd
NetLocalGroupSetInfo
NetServerSetInfo
NetUseEnum
NetDfsAddStdRoot
RxNetAccessDel
NetWkstaSetInfo
NetUserGetGroups
NetShareAdd
NetReplImportDirAdd
NetDfsGetInfo
NetWkstaGetInfo
NetConfigGetAll
NetErrorLogWrite
NetErrorLogRead
NetAuditClear
NetLocalGroupAddMembers
RxNetAccessGetInfo
NetLocalGroupAddMember
NetScheduleJobAdd
NetAlertRaiseEx
NetUserGetInfo
NetReplGetInfo
NetLocalGroupAdd
NetReplImportDirDel
NetApiBufferFree
NetGetAnyDCName
NetMessageNameEnum
NetUseAdd
NetApiBufferAllocate
DsAddressToSiteNamesExW
I_NetServerPasswordGet
NetReplExportDirDel
NetUseDel
NetWkstaUserGetInfo
NetShareSetInfo
NetGroupEnum
NetServerGetInfo
NetLocalGroupGetMembers
NetRegisterDomainNameChangeNotification
I_NetLogonControl
NetDfsRemoveFtRoot
I_BrowserResetStatistics
NetAlertRaise
NetFileClose
RxNetAccessSetInfo
I_BrowserServerEnum
DsGetSiteNameW
NetFileEnum
NetReplImportDirEnum
NetGroupAdd
NetShareDel
NetDfsSetInfo
NetReplExportDirSetInfo
NetUseGetInfo
NetGroupGetInfo
I_NetServerPasswordSet2
NetUnregisterDomainNameChangeNotification
NetServiceGetInfo
NetStatisticsGet
NetServerComputerNameDel
NetScheduleJobGetInfo
NetLocalGroupGetInfo
NetAuditRead
NetGetDCName
winsta
WinStationNameFromLogonIdW
WinStationNameFromLogonIdA
_WinStationShadowTarget
WinStationSendWindowMessage
WinStationEnumerateA
_WinStationReInitializeSecurity
WinStationEnumerateProcesses
WinStationQueryInformationA
WinStationOpenServerW
WinStationGetAllProcesses
WinStationConnectW
WinStationOpenServerA
_WinStationNotifyNewSession
WinStationTerminateProcess
WinStationRenameA
LogonIdFromWinStationNameA
WinStationDisconnect
_WinStationCallback
_WinStationBreakPoint
_WinStationAnnoyancePopup
WinStationActivateLicense
WinStationCloseServer
WinStationSetInformationW
WinStationWaitSystemEvent
_WinStationReadRegistry
WinStationShutdownSystem
WinStationReset
WinStationSetPoolCount
_NWLogonSetAdmin
WinStationShadow
WinStationRemoveLicense
_WinStationShadowTargetSetup
WinStationEnumerateLicenses
_WinStationWaitForConnect
WinStationSendMessageA
query
InitializeCIPerformanceData
CITextToSelectTreeEx
LocateCatalogsW
samlib
SamSetInformationGroup
SamSetInformationDomain
SamChangePasswordUser
SamRemoveMultipleMembersFromAlias
SamOpenDomain
SamCloseHandle
SamRemoveMemberFromAlias
SamSetSecurityObject
SamSetMemberAttributesOfGroup
SamiEncryptPasswords
SamDeleteUser
SamTestPrivateFunctionsUser
SamCreateUserInDomain
SamGetAliasMembership
SamEnumerateGroupsInDomain
SamQueryInformationGroup
SamLookupIdsInDomain
SamFreeMemory
SamConnect
SamiSetDSRMPassword
SamCreateAliasInDomain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bss Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ